diff options
| author | Andrew Dolgov <[email protected]> | 2024-02-21 21:32:42 +0300 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2024-02-21 21:32:42 +0300 |
| commit | a58da114d830fb595f1b2651fd3512d0eea5e30d (patch) | |
| tree | 1ec7510a2411168d4df5c516a528a01699038b26 /include/sessions.php | |
| parent | ea7d0aa0ea826872edaf99e143e63dc4caf8332c (diff) | |
Diffstat (limited to 'include/sessions.php')
| -rw-r--r-- | include/sessions.php | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/include/sessions.php b/include/sessions.php index 556edb9..c561190 100644 --- a/include/sessions.php +++ b/include/sessions.php @@ -1,6 +1,8 @@ <?php require_once "common.php"; + use Jumbojett\OpenIDConnectClient; + $session_name = Config::get(Config::SESSION_NAME); $session_expire = Config::get(Config::SESSION_LIFETIME); @@ -29,6 +31,26 @@ function validate_session() : bool { if (!empty($_SESSION["owner"])) { + // verify oidc refresh token once an hour + if (($_SESSION["refresh_token"] ?? false) && $_SESSION["refresh_token_last_check"] < time() - 3600) { + + $oidc = new OpenIDConnectClient(Config::get(Config::OIDC_URL), + Config::get(Config::OIDC_CLIENT_ID), + Config::get(Config::OIDC_CLIENT_SECRET)); + + try { + $data = $oidc->introspectToken($_SESSION["refresh_token"]); + + if (!$data->active) + return false; + + $_SESSION["refresh_token_last_check"] = time(); + + } catch (Exception $e) { + return false; + } + } + $user = ORM::for_table('epube_users') ->where('username', $_SESSION['owner']) ->find_one(); |