From 96aae44f94007958f14e71ebe427702c4412c846 Mon Sep 17 00:00:00 2001 From: Exodus4D Date: Sat, 7 May 2016 19:05:09 +0200 Subject: [PATCH] - #138 clear character authentication data on sold characters --- app/main/controller/ccp/sso.php | 34 ++++++++++++++++++------------ app/main/controller/controller.php | 32 ++++++++++++++++------------ app/main/model/charactermodel.php | 14 +++++++----- 3 files changed, 49 insertions(+), 31 deletions(-) diff --git a/app/main/controller/ccp/sso.php b/app/main/controller/ccp/sso.php index 25ea20aa9..4e83e1537 100644 --- a/app/main/controller/ccp/sso.php +++ b/app/main/controller/ccp/sso.php @@ -68,6 +68,7 @@ class Sso extends Api\User{ /** * redirect user to CCP SSO page and request authorization + * -> cf. Controller->getCookieCharacters() ( equivalent cookie based login) * @param \Base $f3 */ public function requestAuthorization($f3){ @@ -89,27 +90,34 @@ public function requestAuthorization($f3){ $character = Model\BasicModel::getNew('CharacterModel'); $character->getById($characterId, 0); + // check if character is valid and exists if( !$character->dry() && $character->hasUserCharacter() && - ($activeCharacter->getUser()->id === $character->getUser()->id) + ($activeCharacter->getUser()->_id === $character->getUser()->_id) ){ // requested character belongs to current user // -> update character vom CREST (e.g. corp changed,..) $updateStatus = $character->updateFromCrest(); - if( - empty($updateStatus) && - $character->hasUserCharacter() && - $character->isAuthorized() - ){ - $loginCheck = $this->loginByCharacter($character); - - if($loginCheck){ - // set "login" cookie - $this->setLoginCookie($character); - // route to "map" - $f3->reroute('@map'); + if( empty($updateStatus) ){ + + // make sure character data is up2date! + // -> this is not the case if e.g. userCharacters was removed "ownerHash" changed... + $character->getById($character->_id); + + if( + $character->hasUserCharacter() && + $character->isAuthorized() + ){ + $loginCheck = $this->loginByCharacter($character); + + if($loginCheck){ + // set "login" cookie + $this->setLoginCookie($character); + // route to "map" + $f3->reroute('@map'); + } } } } diff --git a/app/main/controller/controller.php b/app/main/controller/controller.php index 3b2c3dfe8..3c7e0e0d3 100644 --- a/app/main/controller/controller.php +++ b/app/main/controller/controller.php @@ -113,7 +113,7 @@ protected function getDB($database = 'PF'){ * init new Session handler */ protected function initSession(){ - // init DB Session (not file based) + // init DB based Session (not file based) if( $this->getDB('PF') instanceof DB\SQL){ new DB\SQL\Session($this->getDB('PF')); } @@ -213,6 +213,7 @@ protected function setLoginCookie(Model\CharacterModel $character){ * get characters from given cookie data * -> validate cookie data * -> validate characters + * -> cf. Sso->requestAuthorization() ( equivalent DB based login) * @param array $cookieData * @return array * @throws \Exception @@ -254,18 +255,23 @@ protected function getCookieCharacters($cookieData = []){ /** * @var $character Model\CharacterModel */ - $character = $characterAuth->characterId; - $updateStatus = $character->updateFromCrest(); - - // check if character still has user (is not the case of "ownerHash" changed - // check if character is still authorized to log in (e.g. corp/ally or config has changed - // -> do NOT remove cookie on failure. This can be a temporary problem (e.g. CREST is down,..) - if( - empty($updateStatus) && - $character->hasUserCharacter() && - $character->isAuthorized() - ){ - $characters[$name] = $character; + $updateStatus = $characterAuth->characterId->updateFromCrest(); + + if( empty($updateStatus) ){ + // make sure character data is up2date! + // -> this is not the case if e.g. userCharacters was removed "ownerHash" changed... + $character = $characterAuth->rel('characterId'); + $character->getById($characterAuth->characterId->_id); + + // check if character still has user (is not the case of "ownerHash" changed + // check if character is still authorized to log in (e.g. corp/ally or config has changed + // -> do NOT remove cookie on failure. This can be a temporary problem (e.g. CREST is down,..) + if( + $character->hasUserCharacter() && + $character->isAuthorized() + ){ + $characters[$name] = $character; + } } }else{ // clear existing authentication data from DB diff --git a/app/main/model/charactermodel.php b/app/main/model/charactermodel.php index 15ce505b6..1ea325580 100644 --- a/app/main/model/charactermodel.php +++ b/app/main/model/charactermodel.php @@ -156,12 +156,16 @@ public function getData($addCharacterLogData = false){ * @return string */ public function set_ownerHash($ownerHash){ - if ( - $this->hasUserCharacter() && - $this->ownerHash !== $ownerHash - ){ - $this->userCharacter->erase(); + + if( $this->ownerHash !== $ownerHash ){ + if( $this->hasUserCharacter() ){ + $this->userCharacter->erase(); + } + + // delete all existing login-cookie data + $this->logout(); } + return $ownerHash; }