Commit 620d1cf0 authored by Benjamin Rousselière's avatar Benjamin Rousselière
Browse files

feat/13798 : add 'secure' attribute to cookie

parent 8d312fa3
Pipeline #8118 failed with stage
......@@ -928,7 +928,7 @@ class laabs
*
* @return boolean The result of the token creation
*/
public static function setToken($name, $data, $expiration = 0, $httpOnly = true)
public static function setToken($name, $data, $expiration = 0, $httpOnly = true, $secure = true)
{
$cookieName = 'LAABS-'.static::toName($name);
......@@ -943,7 +943,7 @@ class laabs
$cryptedToken = static::encrypt($jsonToken, static::getCryptKey());
$cookieToken = base64_encode($cryptedToken);
setcookie($cookieName, $cookieToken, $expirationTime, '/', null, false, $httpOnly);
setcookie($cookieName, $cookieToken, $expirationTime, '/', null, $secure, $httpOnly);
$GLOBALS["TOKEN"][$name] = json_decode($jsonToken);
......
......@@ -153,7 +153,8 @@ class userAuthentication
$accountToken = new \StdClass();
$accountToken->accountId = $userAccount->accountId;
\laabs::setToken('AUTH', $accountToken, $tokenDuration);
$secure = (isset($_SERVER['LAABS_SECURE_COOKIE']) && $_SERVER['LAABS_SECURE_COOKIE'] == "On");
\laabs::setToken('AUTH', $accountToken, $tokenDuration, true, $secure);
if ($this->securityPolicy['passwordValidity'] && $this->securityPolicy["passwordValidity"] != 0) {
$diff = ($currentDate->getTimestamp() - $userAccount->passwordLastChange->getTimestamp()) / $tokenDuration;
......@@ -163,7 +164,7 @@ class userAuthentication
}
if ($userAccount->passwordChangeRequired == true) {
\laabs::setToken('TEMP-AUTH', $accountToken, $tokenDuration);
\laabs::setToken('TEMP-AUTH', $accountToken, $tokenDuration, true, $secure);
\laabs::unsetToken('AUTH');
throw \laabs::newException('auth/userPasswordChangeRequestException');
}
......
......@@ -100,7 +100,8 @@ class authentication
$servicePosition = $servicePositionController->getPosition($account->accountId);
if ($servicePosition != null) {
\laabs::setToken("ORGANIZATION", $servicePosition->organization);
$secure = (isset($_SERVER['LAABS_SECURE_COOKIE']) && $_SERVER['LAABS_SECURE_COOKIE'] == "On");
\laabs::setToken("ORGANIZATION", $servicePosition->organization, 0, true, $secure);
}
} else {
$organization = \laabs::getToken("ORGANIZATION");
......
......@@ -61,6 +61,7 @@ abstract class abstractPosition
$organizations = [];
$setToken = false;
$secure = (isset($_SERVER['LAABS_SECURE_COOKIE']) && $_SERVER['LAABS_SECURE_COOKIE'] == "On");
foreach ($positions as $position) {
$organization = $this->sdoFactory->read('organization/organization', $position->orgId);
......@@ -69,7 +70,7 @@ abstract class abstractPosition
$position->organization->orgName = $organization->displayName;
if ($position->default && !$currentOrg) {
\laabs::setToken("ORGANIZATION", $organization, \laabs::configuration("auth")['securityPolicy']['sessionTimeout']);
\laabs::setToken("ORGANIZATION", $organization, \laabs::configuration("auth")['securityPolicy']['sessionTimeout'], true, $secure);
$setToken = true;
}
......@@ -77,7 +78,7 @@ abstract class abstractPosition
}
if (!$setToken && !$currentOrg && $organizations) {
\laabs::setToken("ORGANIZATION", $organizations[0], \laabs::configuration("auth")['securityPolicy']['sessionTimeout']);
\laabs::setToken("ORGANIZATION", $organizations[0], \laabs::configuration("auth")['securityPolicy']['sessionTimeout'], true, $secure);
}
usort($positions, function ($pos1, $pos2) {
......@@ -119,7 +120,8 @@ abstract class abstractPosition
public function setCurrentPosition($orgId)
{
if ($organization = $this->sdoFactory->read('organization/organization', $orgId)) {
\laabs::setToken("ORGANIZATION", $organization, \laabs::configuration("auth")['securityPolicy']['sessionTimeout']);
$secure = (isset($_SERVER['LAABS_SECURE_COOKIE']) && $_SERVER['LAABS_SECURE_COOKIE'] == "On");
\laabs::setToken("ORGANIZATION", $organization, \laabs::configuration("auth")['securityPolicy']['sessionTimeout'], true, $secure);
return true;
}
......
......@@ -44,7 +44,8 @@ class servicePosition extends abstractPosition
$positions = $this->sdoFactory->find('organization/servicePosition', "serviceAccountId = '".$accountToken->accountId."'");
\laabs::setToken("ORGANIZATION", $positions[0], \laabs::configuration("auth")['securityPolicy']['sessionTimeout']);
$secure = (isset($_SERVER['LAABS_SECURE_COOKIE']) && $_SERVER['LAABS_SECURE_COOKIE'] == "On");
\laabs::setToken("ORGANIZATION", $positions[0], \laabs::configuration("auth")['securityPolicy']['sessionTimeout'], true, $secure);
return $positions;
}
......
......@@ -126,7 +126,8 @@ class authentication
$accountToken = new \StdClass();
$accountToken->accountId = $account->accountId;
\laabs::setToken('AUTH', $accountToken, $sessionTimeout);
$secure = (isset($_SERVER['LAABS_SECURE_COOKIE']) && $_SERVER['LAABS_SECURE_COOKIE'] == "On");
\laabs::setToken('AUTH', $accountToken, $sessionTimeout, true, $secure);
$organization = \laabs::getToken("ORGANIZATION");
......@@ -158,7 +159,7 @@ class authentication
if (!$isUserPosition) {
\laabs::newException("auth/authenticationException", "Missing authentication credential", 403);
\laabs::setToken("ORGANIZATION", $default->organization, \laabs::configuration("auth")['securityPolicy']['sessionTimeout']);
\laabs::setToken("ORGANIZATION", $default->organization, \laabs::configuration("auth")['securityPolicy']['sessionTimeout'], true, $secure);
}
}
......
......@@ -128,7 +128,8 @@ class csrf
$responseToken = $this->getLastToken($accountTokens);
\laabs::setToken($this->config["cookieName"], $responseToken, null, false);
$secure = (isset($_SERVER['LAABS_SECURE_COOKIE']) && $_SERVER['LAABS_SECURE_COOKIE'] == "On");
\laabs::setToken($this->config["cookieName"], $responseToken, null, false, $secure);
}
/**
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment