djpbessems/lucidAuth
1
0
Fork 0
Code Issues Pull Requests Releases 2 Wiki Activity

First iteration of using cookies to store session/securetoken

Browse Source
This commit is contained in:
djpbessems
2019-01-24 17:17:53 +01:00
parent 579403c127
commit 118e45db9c
4 changed files with 20 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
include/lucidAuth.functions.php
View File

@ -62,11 +62,11 @@ function retrieveTokenFromDB (string $username, string $foo) {
}
function validateToken (array $cookieData) {
function validateToken (string $secureToken) {
global $settings;
try {
$jwtPayload = JWT::decode($cookieData['token'], base64_decode($settings->JWT['PrivateKey_base64']), $settings->JWT['Algorithm']);
$jwtPayload = JWT::decode($secureToken, base64_decode($settings->JWT['PrivateKey_base64']), $settings->JWT['Algorithm']);
} catch (Exception $e) {
// Invalid token, inform client (client should handle discarding invalid token)
return ['status' => 'Fail', 'reason' => '3'];
@ -80,17 +80,19 @@ function validateToken (array $cookieData) {
WHERE User.Username = :username
');
$pdoQuery->execute([
'username' => ($_COOKIE['Sub'] ?? "Danny")
'username' => $jwtPayload['sub']
]);
foreach($pdoQuery->fetchAll(PDO::FETCH_ASSOC) as $row) {
$tokens[] = $row['Payload'];
$storedTokens[] = $row['Payload'];
}
print_r($tokens);
# if ($pdoResult['Username'])
print_r($storedTokens);
# if (!empty($storedTokens) && <in_array or array_walk to determine if any of the stored tokens match>) {
# }
If ($cookieData['Exp'] < time()) {
// Expired cookie (shouldn't the browser disregard it?)
If ($secureToken['iat'] < (time() - $settings->Session['Duration'])) {
// Expired token (shouldn't the browser disregard it?)
return ['status' => 'Fail', 'reason' => '3'];
}