diff options
Diffstat (limited to 'include/sessions.php')
| -rw-r--r-- | include/sessions.php | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/include/sessions.php b/include/sessions.php index 556edb9..c561190 100644 --- a/include/sessions.php +++ b/include/sessions.php @@ -1,6 +1,8 @@ <?php require_once "common.php"; + use Jumbojett\OpenIDConnectClient; + $session_name = Config::get(Config::SESSION_NAME); $session_expire = Config::get(Config::SESSION_LIFETIME); @@ -29,6 +31,26 @@ function validate_session() : bool { if (!empty($_SESSION["owner"])) { + // verify oidc refresh token once an hour + if (($_SESSION["refresh_token"] ?? false) && $_SESSION["refresh_token_last_check"] < time() - 3600) { + + $oidc = new OpenIDConnectClient(Config::get(Config::OIDC_URL), + Config::get(Config::OIDC_CLIENT_ID), + Config::get(Config::OIDC_CLIENT_SECRET)); + + try { + $data = $oidc->introspectToken($_SESSION["refresh_token"]); + + if (!$data->active) + return false; + + $_SESSION["refresh_token_last_check"] = time(); + + } catch (Exception $e) { + return false; + } + } + $user = ORM::for_table('epube_users') ->where('username', $_SESSION['owner']) ->find_one(); |