Skip to content

Commit

Permalink
- #138 clear character authentication data on sold characters
Browse files Browse the repository at this point in the history
  • Loading branch information
@exodus4d
exodus4d committed May 7, 2016
1 parent e2ccb04 commit 96aae44
Show file tree
Hide file tree
Showing 3 changed files with 49 additions and 31 deletions.
34 changes: 21 additions & 13 deletions app/main/controller/ccp/sso.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,7 @@ class Sso extends Api\User{

/**
* redirect user to CCP SSO page and request authorization
* -> cf. Controller->getCookieCharacters() ( equivalent cookie based login)
* @param \Base $f3
*/
public function requestAuthorization($f3){
Expand All @@ -89,27 +90,34 @@ public function requestAuthorization($f3){
$character = Model\BasicModel::getNew('CharacterModel');
$character->getById($characterId, 0);

// check if character is valid and exists
if(
!$character->dry() &&
$character->hasUserCharacter() &&
($activeCharacter->getUser()->id === $character->getUser()->id)
($activeCharacter->getUser()->_id === $character->getUser()->_id)
){
// requested character belongs to current user
// -> update character vom CREST (e.g. corp changed,..)
$updateStatus = $character->updateFromCrest();

if(
empty($updateStatus) &&
$character->hasUserCharacter() &&
$character->isAuthorized()
){
$loginCheck = $this->loginByCharacter($character);

if($loginCheck){
// set "login" cookie
$this->setLoginCookie($character);
// route to "map"
$f3->reroute('@map');
if( empty($updateStatus) ){

// make sure character data is up2date!
// -> this is not the case if e.g. userCharacters was removed "ownerHash" changed...
$character->getById($character->_id);

if(
$character->hasUserCharacter() &&
$character->isAuthorized()
){
$loginCheck = $this->loginByCharacter($character);

if($loginCheck){
// set "login" cookie
$this->setLoginCookie($character);
// route to "map"
$f3->reroute('@map');
}
}
}
}
Expand Down
32 changes: 19 additions & 13 deletions app/main/controller/controller.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -113,7 +113,7 @@ protected function getDB($database = 'PF'){
* init new Session handler
*/
protected function initSession(){
// init DB Session (not file based)
// init DB based Session (not file based)
if( $this->getDB('PF') instanceof DB\SQL){
new DB\SQL\Session($this->getDB('PF'));
}
Expand Down Expand Up @@ -213,6 +213,7 @@ protected function setLoginCookie(Model\CharacterModel $character){
* get characters from given cookie data
* -> validate cookie data
* -> validate characters
* -> cf. Sso->requestAuthorization() ( equivalent DB based login)
* @param array $cookieData
* @return array
* @throws \Exception
Expand Down Expand Up @@ -254,18 +255,23 @@ protected function getCookieCharacters($cookieData = []){
/**
* @var $character Model\CharacterModel
*/
$character = $characterAuth->characterId;
$updateStatus = $character->updateFromCrest();

// check if character still has user (is not the case of "ownerHash" changed
// check if character is still authorized to log in (e.g. corp/ally or config has changed
// -> do NOT remove cookie on failure. This can be a temporary problem (e.g. CREST is down,..)
if(
empty($updateStatus) &&
$character->hasUserCharacter() &&
$character->isAuthorized()
){
$characters[$name] = $character;
$updateStatus = $characterAuth->characterId->updateFromCrest();

if( empty($updateStatus) ){
// make sure character data is up2date!
// -> this is not the case if e.g. userCharacters was removed "ownerHash" changed...
$character = $characterAuth->rel('characterId');
$character->getById($characterAuth->characterId->_id);

// check if character still has user (is not the case of "ownerHash" changed
// check if character is still authorized to log in (e.g. corp/ally or config has changed
// -> do NOT remove cookie on failure. This can be a temporary problem (e.g. CREST is down,..)
if(
$character->hasUserCharacter() &&
$character->isAuthorized()
){
$characters[$name] = $character;
}
}
}else{
// clear existing authentication data from DB
Expand Down
14 changes: 9 additions & 5 deletions app/main/model/charactermodel.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -156,12 +156,16 @@ public function getData($addCharacterLogData = false){
* @return string
*/
public function set_ownerHash($ownerHash){
if (
$this->hasUserCharacter() &&
$this->ownerHash !== $ownerHash
){
$this->userCharacter->erase();

if( $this->ownerHash !== $ownerHash ){
if( $this->hasUserCharacter() ){
$this->userCharacter->erase();
}

// delete all existing login-cookie data
$this->logout();
}

return $ownerHash;
}

Expand Down

0 comments on commit 96aae44

Please sign in to comment.