Enable `secure` for JWT-cookie

2020-06-05 15:09:43 +00:00 · 2020-06-05 15:09:43 +00:00 · c0ffd0a7ba
parent 3b43538f90
commit c0ffd0a7ba
2 changed files with 10 additions and 1 deletions
--- a/include/lucidAuth.functions.php
+++ b/include/lucidAuth.functions.php
@ -106,7 +106,7 @@ function storeToken (string $secureToken, string $qualifiedUsername, string $htt
 		//   This might seem backwards, but relying on $_SERVER directly allows spoofed values with potential security risks
 		return (strlen($value) > strlen($httpHost)) ? false : (0 === substr_compare($httpHost, $value, -strlen($value)));
 	}))[0];
-	if ($cookieDomain && setcookie('JWT', $secureToken, (time() + $settings->Session['Duration']), '/', '.' . $cookieDomain)) {
+	if ($cookieDomain && setcookie('JWT', $secureToken, (time() + $settings->Session['Duration']), '/', '.' . $cookieDomain, TRUE)) {
 		return ['status' => 'Success'];
 	} else {
 		return ['status' => 'Fail', 'reason' => 'Unable to store cookie(s)'];
--- a/public/lucidAuth.manage.php
+++ b/public/lucidAuth.manage.php
@ -10,7 +10,16 @@
 	if ($validateTokenResult['status'] === "Success") {
        switch ($_REQUEST['do']) {
            case 'mutateusers':
+                if (isset($_REQUEST['new']) && isset($_REQUEST['removed'])) {
 // Do magic!
+                }
+                else {
+                    header('Content-Type: application/json');
+                    echo json_encode([
+                        "Result"	=>	"Failure",
+                        "Reason"	=>	"Incomplete request data"
+                    ]);
+                }
                break;
            case 'retrievesessions':
                $storedTokens = [];