From 722f663fbb8166f124fd8ea0730a416e236c5542 Mon Sep 17 00:00:00 2001
From: Damien <damien.burel@maarch.org>
Date: Wed, 10 Jan 2018 15:56:03 +0100
Subject: [PATCH] FEAT #6942 Healthy Cookie for our app (miam miam)

---
 apps/maarch_entreprise/index.php      |  7 +++++
 apps/maarch_entreprise/logout.php     |  1 +
 core/Models/SecurityModelAbstract.php | 38 +++++++++++++++++++++------
 3 files changed, 38 insertions(+), 8 deletions(-)

diff --git a/apps/maarch_entreprise/index.php b/apps/maarch_entreprise/index.php
index 075409905d4..718f7890471 100755
--- a/apps/maarch_entreprise/index.php
+++ b/apps/maarch_entreprise/index.php
@@ -223,6 +223,13 @@ if(empty($_SESSION['current_basket'])){
     $_SESSION['save_list']['template'] = "";
 }
 
+$cookie = \Core\Models\SecurityModel::getCookieAuth(); // New Authentication System
+if (!empty($cookie) && \Core\Models\SecurityModel::cookieAuthentication($cookie)) {
+    \Core\Models\SecurityModel::setCookieAuth(['userId' => $cookie['userId']]);
+} else {
+    header('location: index.php?display=true&page=logout&logout=true');
+}
+
 if (isset($_GET['body_loaded'])){
 ?>
 <body style="background:#f2f2f2;" onload="session_expirate(<?php echo $time;?>, '<?php 
diff --git a/apps/maarch_entreprise/logout.php b/apps/maarch_entreprise/logout.php
index b55d3375c73..45e5e795b69 100755
--- a/apps/maarch_entreprise/logout.php
+++ b/apps/maarch_entreprise/logout.php
@@ -86,6 +86,7 @@ if (isset($_GET['logout']) && $_GET['logout']) {
 } else {
     $logoutExtension = "";
 }
+\Core\Models\SecurityModel::deleteCookieAuth();
 
 if (isset($webSSOurl) && $webSSOurl <> '') {
     header("location: " . $webSSOurl);
diff --git a/core/Models/SecurityModelAbstract.php b/core/Models/SecurityModelAbstract.php
index 41472ceaf51..e9dfc843c60 100755
--- a/core/Models/SecurityModelAbstract.php
+++ b/core/Models/SecurityModelAbstract.php
@@ -42,6 +42,19 @@ class SecurityModelAbstract
         return password_verify($args['password'], $aReturn[0]['password']);
     }
 
+    public static function getCookieAuth()
+    {
+        $rawCookie = $_COOKIE['maarchCourrierAuth'];
+        if (empty($rawCookie)) {
+            return [];
+        }
+
+        $cookieDecoded = base64_decode($rawCookie);
+        $cookie = json_decode($cookieDecoded);
+
+        return (array)$cookie;
+    }
+
     public static function cookieAuthentication(array $args)
     {
         ValidatorModel::notEmpty($args, ['userId', 'cookieKey']);
@@ -107,16 +120,25 @@ class SecurityModelAbstract
         return true;
     }
 
-    public static function getCookieAuth()
+    public static function deleteCookieAuth()
     {
-        $rawCookie = $_COOKIE['maarchCourrierAuth'];
-        if (empty($rawCookie)) {
-            return [];
-        }
+        $previousCookie = SecurityModel::getCookieAuth();
 
-        $cookieDecoded = base64_decode($rawCookie);
-        $cookie = json_decode($cookieDecoded);
+        if (!empty($previousCookie)) {
+            DatabaseModel::update([
+                'table' => 'users',
+                'set'   => [
+                    'cookie_key'    => '',
+                    'cookie_date'   => date('Y-m-d H:i:s', time() - 1),
+                ],
+                'where' => ['user_id = ?'],
+                'data'  => [$previousCookie['userId']]
+            ]);
+
+            $cookiePath = str_replace(['apps/maarch_entreprise/index.php', 'rest/index.php'], '', $_SERVER['SCRIPT_NAME']);
+            setcookie('maarchCourrierAuth', '', time() - 1, $cookiePath, '', false, true);
+        }
 
-        return (array)$cookie;
+        return true;
     }
 }
-- 
GitLab