Enable secure for JWT-cookie

This commit is contained in:
Danny Bessems 2020-06-05 15:09:43 +00:00
parent 3b43538f90
commit c0ffd0a7ba
2 changed files with 10 additions and 1 deletions

View File

@ -106,7 +106,7 @@ function storeToken (string $secureToken, string $qualifiedUsername, string $htt
// This might seem backwards, but relying on $_SERVER directly allows spoofed values with potential security risks // This might seem backwards, but relying on $_SERVER directly allows spoofed values with potential security risks
return (strlen($value) > strlen($httpHost)) ? false : (0 === substr_compare($httpHost, $value, -strlen($value))); return (strlen($value) > strlen($httpHost)) ? false : (0 === substr_compare($httpHost, $value, -strlen($value)));
}))[0]; }))[0];
if ($cookieDomain && setcookie('JWT', $secureToken, (time() + $settings->Session['Duration']), '/', '.' . $cookieDomain)) { if ($cookieDomain && setcookie('JWT', $secureToken, (time() + $settings->Session['Duration']), '/', '.' . $cookieDomain, TRUE)) {
return ['status' => 'Success']; return ['status' => 'Success'];
} else { } else {
return ['status' => 'Fail', 'reason' => 'Unable to store cookie(s)']; return ['status' => 'Fail', 'reason' => 'Unable to store cookie(s)'];

View File

@ -10,7 +10,16 @@
if ($validateTokenResult['status'] === "Success") { if ($validateTokenResult['status'] === "Success") {
switch ($_REQUEST['do']) { switch ($_REQUEST['do']) {
case 'mutateusers': case 'mutateusers':
if (isset($_REQUEST['new']) && isset($_REQUEST['removed'])) {
// Do magic! // Do magic!
}
else {
header('Content-Type: application/json');
echo json_encode([
"Result" => "Failure",
"Reason" => "Incomplete request data"
]);
}
break; break;
case 'retrievesessions': case 'retrievesessions':
$storedTokens = []; $storedTokens = [];