From a1ac0a986c6bc2bb1bd087e7034370290a416542 Mon Sep 17 00:00:00 2001
From: Steve Boyd <emteknetnz@gmail.com>
Date: Wed, 24 Mar 2021 12:21:16 +1300
Subject: [PATCH] NEW Add onBeforeRemoveLoginSession extension hook

---
 composer.json                                         |  3 ++-
 .../LoginSessionController.php                        | 11 +++--------
 src/Security/LogInAuthenticationHandler.php           |  6 ++++--
 3 files changed, 9 insertions(+), 11 deletions(-)
 rename src/{Middleware => Control}/LoginSessionController.php (89%)

diff --git a/composer.json b/composer.json
index d157d94..f973b9b 100644
--- a/composer.json
+++ b/composer.json
@@ -33,7 +33,8 @@
         "symbiote/silverstripe-queuedjobs": "^4"
     },
     "suggest": {
-        "symbiote/silverstripe-queuedjobs": "^4"
+        "symbiote/silverstripe-queuedjobs": "^4",
+        "silverstripe/auditor": "^2.3"
     },
     "autoload": {
         "psr-4": {
diff --git a/src/Middleware/LoginSessionController.php b/src/Control/LoginSessionController.php
similarity index 89%
rename from src/Middleware/LoginSessionController.php
rename to src/Control/LoginSessionController.php
index 6fcf229..88ad5f9 100644
--- a/src/Middleware/LoginSessionController.php
+++ b/src/Control/LoginSessionController.php
@@ -5,21 +5,14 @@
 use SilverStripe\Admin\LeftAndMain;
 use SilverStripe\Control\HTTPRequest;
 use SilverStripe\Control\HTTPResponse;
-use SilverStripe\Core\Injector\Injector;
-use SilverStripe\ORM\ValidationException;
-use SilverStripe\Security\Member;
-use SilverStripe\Security\Security;
 use SilverStripe\Security\SecurityToken;
 use SilverStripe\SessionManager\Model\LoginSession;
 
-/**
- * Class LoginSessionController
- * @package SilverStripe\SessionManager\Control
- */
 class LoginSessionController extends LeftAndMain
 {
     private static $url_segment = 'loginsession';
 
+    // TODO: this is probably a legacy config that's not used anywhere so should be deleted
     private static $ignore_menuitem = true;
 
     private static $url_handlers = [
@@ -62,6 +55,8 @@ public function removeLoginSession(HTTPRequest $request): HTTPResponse
             );
         }
 
+        $this->extend('onBeforeRemoveLoginSession', $loginSession);
+
         $loginSession->delete();
 
         return $this->jsonResponse([
diff --git a/src/Security/LogInAuthenticationHandler.php b/src/Security/LogInAuthenticationHandler.php
index d41c1e5..7d6121d 100644
--- a/src/Security/LogInAuthenticationHandler.php
+++ b/src/Security/LogInAuthenticationHandler.php
@@ -94,7 +94,7 @@ public function logIn(Member $member, $persistent = false, HTTPRequest $request
         }
 
         $loginSession->LastAccessed = DBDatetime::now()->Rfc2822();
-        $loginSession->IPAddress = $request->getIP();
+        $loginSession->IPAddress = $request ? $request->getIP() : '';
         $loginSession->write();
 
         if ($persistent && $rememberLoginHash = $this->getRememberLoginHash()) {
@@ -102,7 +102,9 @@ public function logIn(Member $member, $persistent = false, HTTPRequest $request
             $rememberLoginHash->write();
         }
 
-        $request->getSession()->set($this->getSessionVariable(), $loginSession->ID);
+        if ($request) {
+            $request->getSession()->set($this->getSessionVariable(), $loginSession->ID);
+        }
     }
 
     /**