diff options
Diffstat (limited to 'app/Models')
| -rw-r--r-- | app/Models/Auth.php | 51 | ||||
| -rw-r--r-- | app/Models/SystemConfiguration.php | 2 |
2 files changed, 53 insertions, 0 deletions
diff --git a/app/Models/Auth.php b/app/Models/Auth.php index 5c861f1db..19cd26aa5 100644 --- a/app/Models/Auth.php +++ b/app/Models/Auth.php @@ -165,6 +165,7 @@ class FreshRSS_Auth { self::$login_ok = false; Minz_Session::_params([ 'loginOk' => false, + 'lastReauth' => false, 'csrf' => false, 'REMOTE_USER' => false, ]); @@ -230,4 +231,54 @@ class FreshRSS_Auth { } return $token != '' && $token === $csrf; } + + public static function needsReauth(): bool { + $auth_type = FreshRSS_Context::systemConf()->auth_type; + $reauth_required = FreshRSS_Context::systemConf()->reauth_required; + $reauth_time = FreshRSS_Context::systemConf()->reauth_time; + + if (!$reauth_required) { + return false; + } + + $last_reauth = Minz_Session::paramInt('lastReauth'); + + if ($auth_type !== 'none' && time() - $last_reauth > $reauth_time) { + if ($auth_type === 'http_auth') { + // TODO: not implemented - just let the user through + return false; + } + return true; + } + return false; + } + + /** + * Return if user needs reauth and got redirected to login page. + * + * @param array{c?: string, a?: string, params?: array<string, mixed>}|null $redirect + */ + public static function requestReauth(?array $redirect = null): bool { + if (self::needsReauth()) { + if (Minz_Request::paramBoolean('ajax')) { + // Send 403 and exit instead of redirect with Minz_Error::error() + header('HTTP/1.1 403 Forbidden'); + exit(); + } + + $redirect = Minz_Url::serialize($redirect ?? Minz_Request::currentRequest()); + + Minz_Request::forward([ + 'c' => 'auth', + 'a' => 'reauth', + 'params' => [ + 'r' => $redirect, + ], + ], true); + + return true; + } + + return false; + } } diff --git a/app/Models/SystemConfiguration.php b/app/Models/SystemConfiguration.php index 403950728..7c7862b8a 100644 --- a/app/Models/SystemConfiguration.php +++ b/app/Models/SystemConfiguration.php @@ -9,6 +9,8 @@ declare(strict_types=1); * @property bool $api_enabled * @property string $archiving * @property 'form'|'http_auth'|'none' $auth_type + * @property-read bool $reauth_required + * @property-read int $reauth_time * @property-read string $auto_update_url * @property-read array<int,mixed> $curl_options * @property string $default_user |