the-djmaze/snappymail
1
1
Fork 0
mirror of https://github.com/the-djmaze/snappymail.git synced 2024-11-10 09:02:45 +08:00
Code Issues Projects Releases Packages Wiki Activity

Improved clear cookie handling

Browse source
This commit is contained in:
the-djmaze 2024-08-30 01:47:28 +02:00
parent 366ca05200
commit d0fb4ee2f6
2 changed files with 20 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
snappymail/v/0.0.0/app/libraries/RainLoop/Actions/UserAuth.php
View file

@ -182,18 +182,6 @@ trait UserAuth
return $oAccount; return $oAccount;
} }
private static function SetAccountCookie(string $sName, ?Account $oAccount)
{
if ($oAccount) {
Cookies::set(
$sName,
\MailSo\Base\Utils::UrlSafeBase64Encode(\SnappyMail\Crypt::EncryptToJSON($oAccount))
);
} else {
Cookies::clear($sName);
}
}
public function switchAccount(string $sEmail) : bool public function switchAccount(string $sEmail) : bool
{ {
$this->Http()->ServerNoCache(); $this->Http()->ServerNoCache();
@ -337,13 +325,13 @@ trait UserAuth
public function SetAuthToken(MainAccount $oAccount): void public function SetAuthToken(MainAccount $oAccount): void
{ {
$this->SetMainAuthAccount($oAccount); $this->SetMainAuthAccount($oAccount);
static::SetAccountCookie(self::AUTH_SPEC_TOKEN_KEY, $oAccount); Cookies::setSecure(self::AUTH_SPEC_TOKEN_KEY, $oAccount);
} }
public function SetAdditionalAuthToken(?AdditionalAccount $oAccount): void public function SetAdditionalAuthToken(?AdditionalAccount $oAccount): void
{ {
$this->oAdditionalAuthAccount = $oAccount ?: false; $this->oAdditionalAuthAccount = $oAccount ?: false;
static::SetAccountCookie(self::AUTH_ADDITIONAL_TOKEN_KEY, $oAccount); Cookies::setSecure(self::AUTH_ADDITIONAL_TOKEN_KEY, $oAccount);
} }
/** /**

18
snappymail/v/0.0.0/app/libraries/snappymail/cookies.php
View file

@ -47,6 +47,18 @@ class Cookies
: null; : null;
} }
public static function setSecure(string $sName, $data): void
{
if (\is_null($data)) {
static::clear($sName);
} else {
static::set(
$sName,
\MailSo\Base\Utils::UrlSafeBase64Encode(Crypt::EncryptToJSON($data))
);
}
}
private static function _set(string $sName, string $sValue, int $iExpire, bool $httponly = true) : bool private static function _set(string $sName, string $sValue, int $iExpire, bool $httponly = true) : bool
{ {
$sPath = static::$DefaultPath; $sPath = static::$DefaultPath;
@ -134,5 +146,11 @@ class Cookies
{ {
static::init(); static::init();
static::_set($sName, '', 0); static::_set($sName, '', 0);
// Delete 4K split cookie parts
foreach (\array_keys($_COOKIE) as $sCookieName) {
if (\strtok($sCookieName, '~') === $sName) {
static::_set($sCookieName, '', 0);
}
}
} }
} }