zydronium/getnamingo-registry
1
0
Fork 0
mirror of https://github.com/getnamingo/registry.git synced 2025-08-04 08:41:50 +02:00
Code Issues Projects Releases Packages Wiki Activity

Fix towards the new password expiration policy

Browse source
This commit is contained in:
Pinga 2025-02-11 23:37:17 +02:00
parent ddfb8fed75
commit 6968bfafa2
7 changed files with 191 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

7
cp/app/Controllers/Auth/AuthController.php
View file

@ -93,14 +93,15 @@ class AuthController extends Controller
unset($_SESSION['2fa_email'], $_SESSION['2fa_password'], $_SESSION['is2FAEnabled']);
if ($login===true) {
$db = $container->get('db');
// Check if password renewal is needed
$passwordLastChanged = $_SESSION['password_last_changed'][$_SESSION['auth_user_id']] ?? 0;
if (checkPasswordRenewal($passwordLastChanged)) {
$passwordLastUpdated = $db->selectValue('SELECT password_last_updated FROM users WHERE id = ?', [$_SESSION['auth_user_id']]);
if (checkPasswordRenewal($passwordLastUpdated)) {
Auth::logout();
redirect()->route('forgot.password')->with('error','Your password is expired. Please change it');
}
$db = $container->get('db');
$currentDateTime = new \DateTime();
$currentDate = $currentDateTime->format('Y-m-d H:i:s.v'); // Current timestamp
$db->insert(

4
cp/app/Controllers/Auth/PasswordController.php
View file

@ -90,7 +90,7 @@ class PasswordController extends Controller
if (!checkPasswordComplexity($data['password2'])) {
redirect()->route('update.password',[],['selector'=>urlencode($data['selector']),'token'=>urlencode($data['token'])])->with('error','Password too weak. Use a stronger password.');
}
$_SESSION['password_last_changed'][$userId] = time();
$db->exec('UPDATE users SET password_last_updated = NOW() WHERE id = ?', [$userId]);
Auth::resetPasswordUpdate($data['selector'], $data['token'], $data['password']);
}
@ -113,7 +113,7 @@ class PasswordController extends Controller
redirect()->route('profile')->with('error','Password too weak. Use a stronger password.');
}
$userId = $container->get('auth')->user()['id'];
$_SESSION['password_last_changed'][$userId] = time();
$db->exec('UPDATE users SET password_last_updated = NOW() WHERE id = ?', [$userId]);
Auth::changeCurrentPassword($data['old_password'], $data['new_password']);
}
}