Compare commits
No commits in common. "f8118315e700099f1def33e46fb8b1daa7b9da8f" and "2ca17149920f87f40f3cce59b5c0543684db1deb" have entirely different histories.
f8118315e7
...
2ca1714992
|
|
@ -12,18 +12,10 @@ function applyCsrfMiddleware() {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Skip CSRF check for initial login, registration, and 2FA verification attempts
|
|
||||||
if ($_SERVER['REQUEST_METHOD'] === 'POST' &&
|
|
||||||
isset($_GET['page']) && isset($_GET['action']) &&
|
|
||||||
$_GET['page'] === 'login' && $_GET['action'] === 'verify' &&
|
|
||||||
isset($_SESSION['2fa_pending_user_id'])) {
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
|
|
||||||
// Skip CSRF check for initial login and registration attempts
|
// Skip CSRF check for initial login and registration attempts
|
||||||
if ($_SERVER['REQUEST_METHOD'] === 'POST' &&
|
if ($_SERVER['REQUEST_METHOD'] === 'POST' &&
|
||||||
isset($_GET['page']) &&
|
isset($_GET['page']) &&
|
||||||
in_array($_GET['page'], ['login', 'register']) &&
|
in_array($_GET['page'], ['login', 'register']) &&
|
||||||
!isset($_SESSION['username'])) {
|
!isset($_SESSION['username'])) {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -60,10 +60,10 @@ function applySessionMiddleware($config, $app_root) {
|
||||||
* Helper function to clean up session data and redirect
|
* Helper function to clean up session data and redirect
|
||||||
*/
|
*/
|
||||||
function cleanupSession($config, $app_root, $isTest) {
|
function cleanupSession($config, $app_root, $isTest) {
|
||||||
// Always clear session data
|
|
||||||
$_SESSION = array();
|
|
||||||
|
|
||||||
if (!$isTest) {
|
if (!$isTest) {
|
||||||
|
// Clear session data
|
||||||
|
$_SESSION = array();
|
||||||
|
|
||||||
if (session_status() === PHP_SESSION_ACTIVE) {
|
if (session_status() === PHP_SESSION_ACTIVE) {
|
||||||
session_unset();
|
session_unset();
|
||||||
session_destroy();
|
session_destroy();
|
||||||
|
|
|
||||||
|
|
@ -8,7 +8,6 @@ class SessionMiddlewareTest extends TestCase
|
||||||
{
|
{
|
||||||
protected $config;
|
protected $config;
|
||||||
protected $app_root;
|
protected $app_root;
|
||||||
protected const SESSION_TIMEOUT = 7200; // 2 hours in seconds
|
|
||||||
|
|
||||||
protected function setUp(): void
|
protected function setUp(): void
|
||||||
{
|
{
|
||||||
|
|
@ -53,7 +52,7 @@ class SessionMiddlewareTest extends TestCase
|
||||||
|
|
||||||
public function testSessionTimeout()
|
public function testSessionTimeout()
|
||||||
{
|
{
|
||||||
$_SESSION['LAST_ACTIVITY'] = time() - (self::SESSION_TIMEOUT + 60); // 2 hours + 1 minute ago
|
$_SESSION['LAST_ACTIVITY'] = time() - 1500; // 25 minutes ago
|
||||||
|
|
||||||
$result = applySessionMiddleware($this->config, $this->app_root);
|
$result = applySessionMiddleware($this->config, $this->app_root);
|
||||||
|
|
||||||
|
|
@ -77,7 +76,7 @@ class SessionMiddlewareTest extends TestCase
|
||||||
public function testRememberMe()
|
public function testRememberMe()
|
||||||
{
|
{
|
||||||
$_SESSION['REMEMBER_ME'] = true;
|
$_SESSION['REMEMBER_ME'] = true;
|
||||||
$_SESSION['LAST_ACTIVITY'] = time() - (self::SESSION_TIMEOUT + 60); // More than 2 hours ago
|
$_SESSION['LAST_ACTIVITY'] = time() - 86500; // More than 24 hours ago
|
||||||
|
|
||||||
$result = applySessionMiddleware($this->config, $this->app_root);
|
$result = applySessionMiddleware($this->config, $this->app_root);
|
||||||
|
|
||||||
|
|
@ -96,7 +95,7 @@ class SessionMiddlewareTest extends TestCase
|
||||||
|
|
||||||
public function testSessionHeaders()
|
public function testSessionHeaders()
|
||||||
{
|
{
|
||||||
$_SESSION['LAST_ACTIVITY'] = time() - (self::SESSION_TIMEOUT + 60); // 2 hours + 1 minute ago
|
$_SESSION['LAST_ACTIVITY'] = time() - 1500; // 25 minutes ago
|
||||||
|
|
||||||
$result = applySessionMiddleware($this->config, $this->app_root);
|
$result = applySessionMiddleware($this->config, $this->app_root);
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue