diff options
| author | Andrew Dolgov <[email protected]> | 2024-02-21 21:32:42 +0300 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2024-02-21 21:32:42 +0300 |
| commit | a58da114d830fb595f1b2651fd3512d0eea5e30d (patch) | |
| tree | 1ec7510a2411168d4df5c516a528a01699038b26 | |
| parent | ea7d0aa0ea826872edaf99e143e63dc4caf8332c (diff) | |
| -rw-r--r-- | include/sessions.php | 22 | ||||
| -rw-r--r-- | login.php | 3 |
2 files changed, 25 insertions, 0 deletions
diff --git a/include/sessions.php b/include/sessions.php index 556edb9..c561190 100644 --- a/include/sessions.php +++ b/include/sessions.php @@ -1,6 +1,8 @@ <?php require_once "common.php"; + use Jumbojett\OpenIDConnectClient; + $session_name = Config::get(Config::SESSION_NAME); $session_expire = Config::get(Config::SESSION_LIFETIME); @@ -29,6 +31,26 @@ function validate_session() : bool { if (!empty($_SESSION["owner"])) { + // verify oidc refresh token once an hour + if (($_SESSION["refresh_token"] ?? false) && $_SESSION["refresh_token_last_check"] < time() - 3600) { + + $oidc = new OpenIDConnectClient(Config::get(Config::OIDC_URL), + Config::get(Config::OIDC_CLIENT_ID), + Config::get(Config::OIDC_CLIENT_SECRET)); + + try { + $data = $oidc->introspectToken($_SESSION["refresh_token"]); + + if (!$data->active) + return false; + + $_SESSION["refresh_token_last_check"] = time(); + + } catch (Exception $e) { + return false; + } + } + $user = ORM::for_table('epube_users') ->where('username', $_SESSION['owner']) ->find_one(); @@ -71,6 +71,9 @@ session_regenerate_id(true); + $_SESSION["refresh_token"] = $oidc->getRefreshToken(); + $_SESSION["refresh_token_last_check"] = time(); + $_SESSION["owner"] = $username; $_SESSION["pass_hash"] = sha1($user->pass); $_SESSION["csrf_token"] = bin2hex(random_bytes(16)); |