Example #1
0
 /**
  * @param GetResponseForExceptionEvent $event
  */
 public function onAccessDeniedException(GetResponseForExceptionEvent $event)
 {
     if ($event->getException() instanceof AccessDeniedHttpException) {
         $this->session->invalidate();
         $this->session->set(SecurityContextInterface::ACCESS_DENIED_ERROR, ['message' => 'You are not allowed']);
         $this->securityContext->setToken(null);
         $route = $this->router->generate('oro_distribution_security_login');
         $event->setResponse(new RedirectResponse($route));
     }
 }
Example #2
0
 /**
  * @param boolean $destroy
  *
  * @return boolean
  */
 public function logout($destroy = false)
 {
     if ($destroy === true) {
         $this->session->invalidate();
     } else {
         $this->session->remove(self::USER_ID);
         $this->session->remove(self::USER_NAME);
         $this->session->remove(self::USER_GROUPS);
         $this->session->migrate();
     }
     return !$this->isLogin();
 }
Example #3
0
 /**
  * @param \Symfony\Component\HttpFoundation\Session\Session $session
  */
 public function handleSessionValidation(SymfonySession $session)
 {
     $ip_address = new IPAddress($this->request->getClientIp());
     $request_ip = $ip_address->getIp(IPAddress::FORMAT_IP_STRING);
     $invalidate = false;
     $ip = $session->get('CLIENT_REMOTE_ADDR');
     $agent = $session->get('CLIENT_HTTP_USER_AGENT');
     $request_agent = $this->request->server->get('HTTP_USER_AGENT');
     // Validate the request IP
     if ($this->shouldCompareIP() && $ip && $ip != $request_ip) {
         if ($this->logger) {
             $this->logger->debug('Session Invalidated. Session IP "{session}" did not match provided IP "{client}".', array('session' => $ip, 'client' => $request_ip));
         }
         $invalidate = true;
     }
     // Validate the request user agent
     if ($this->shouldCompareAgent() && $agent && $agent != $request_agent) {
         if ($this->logger) {
             $this->logger->debug('Session Invalidated. Session user agent "{session}" did not match provided agent "{client}"', array('session' => $agent, 'client' => $request_agent));
         }
         $invalidate = true;
     }
     if ($invalidate) {
         $session->invalidate();
     } else {
         if (!$ip && $request_ip) {
             $session->set('CLIENT_REMOTE_ADDR', $request_ip);
         }
         if (!$agent && $request_agent) {
             $session->set('CLIENT_HTTP_USER_AGENT', $request_agent);
         }
     }
 }
Example #4
0
 /**
  * Perform the logout, resetting the session
  */
 public function doLogout()
 {
     $this->deleteRememberMeCookie();
     $this->session->clear();
     $this->session->invalidate();
     $this->user_is_logged_in = false;
 }
Example #5
0
 /**
  * Initialize the session.
  *
  * This is something you might want to override in your controller so you can
  * redirect to a page with a message about being logged out after detecting the session has expired.
  *
  * @var int $session_expiration Session Expiration in seconds
  */
 protected function initializeSession($session_expiration = null)
 {
     /**
      * Setup the session with cookie expiration of one week. This will
      * allow the session to persist even if the browser window is closed.
      * The session expiration will still be respected (default 1 hour).
      */
     $this->session = new Session(new \Symfony\Component\HttpFoundation\Session\Storage\NativeSessionStorage(['cookie_lifetime' => 604800]));
     $this->config->load('config');
     // Should session cookie be http only? Default true to reduce XSS attack vector.
     $session_cookie_httponly = (bool) $this->config->get('session_cookie_httponly', true);
     ini_set('session.cookie_httponly', $session_cookie_httponly);
     // We need a unique session name for this app. Let's use last 10 characters the file path's sha1 hash.
     try {
         $this->session->setName('TSAPP' . substr(sha1(__FILE__), -10));
         $this->session->start();
         // Default session expiration 1 hour.
         // Can be overridden in method param or by setting session_expiration in config.php
         $session_expiration = !empty($session_expiration) ? $session_expiration : $this->config->get('session_expiration', 3600);
         // Is this session too old?
         if (time() - $this->session->getMetadataBag()->getLastUsed() > $session_expiration) {
             $this->session->invalidate();
         }
     } catch (\LogicException $e) {
         // Session already active, can't change it now!
     }
 }
Example #6
0
 /**
  * @Route("/wylogowanie")
  */
 public function logoutAction()
 {
     $session = new Session();
     $session->invalidate();
     setcookie('login', '', 0, '/');
     return $this->redirectToRoute('loginpage');
 }
Example #7
0
 public function logoutAction(Session $session)
 {
     $session->invalidate();
     $session->getFlashBag()->add('success', "You logged out successfully");
     // Don't redirect back but prefer going home, to prevent visiting
     // the login page (and logging in again, thus preventing the logout)
     // or other pages where authentication is required
     return $this->goHome();
 }
Example #8
0
 protected static function testSessionFixation(SymfonySession $session)
 {
     $ip = $session->get('CLIENT_REMOTE_ADDR');
     $agent = $session->get('CLIENT_HTTP_USER_AGENT');
     if ($ip && $ip != $_SERVER['REMOTE_ADDR'] || $agent && $agent != $_SERVER['HTTP_USER_AGENT']) {
         $session->invalidate();
     }
     if (!$ip && isset($_SERVER['REMOTE_ADDR'])) {
         $session->set('CLIENT_REMOTE_ADDR', $_SERVER['REMOTE_ADDR']);
     }
     if (!$agent && isset($_SERVER['HTTP_USER_AGENT'])) {
         $session->set('CLIENT_HTTP_USER_AGENT', $_SERVER['HTTP_USER_AGENT']);
     }
 }
Example #9
0
 /**
  * Apply the Session Strategy
  *
  * @return void
  */
 protected function applySessionStrategy()
 {
     if (!$this->session->isStarted()) {
         return $this->session->start();
     }
     switch ($this->strategy) {
         case self::STRATEGY_MIGRATE:
             $this->session->migrate();
             break;
         case self::STRATEGY_INVALIDATES:
             $this->session->invalidate();
             break;
         default:
             throw new \RuntimeException('Session strategy should be "migrate" or "invalidate"');
     }
 }
Example #10
0
 protected static function testSessionFixation(SymfonySession $session)
 {
     $iph = Core::make('helper/validation/ip');
     $currentIp = $iph->getRequestIP();
     $ip = $session->get('CLIENT_REMOTE_ADDR');
     $agent = $session->get('CLIENT_HTTP_USER_AGENT');
     if ($ip && $ip != $currentIp->getIp(IPAddress::FORMAT_IP_STRING) || $agent && $agent != $_SERVER['HTTP_USER_AGENT']) {
         $session->invalidate();
     }
     if (!$ip && $currentIp !== false) {
         $session->set('CLIENT_REMOTE_ADDR', $currentIp->getIp(IPAddress::FORMAT_IP_STRING));
     }
     if (!$agent && isset($_SERVER['HTTP_USER_AGENT'])) {
         $session->set('CLIENT_HTTP_USER_AGENT', $_SERVER['HTTP_USER_AGENT']);
     }
 }
Example #11
0
 /**
  * Função para validar a sessão
  *
  * @param Session $session
  * @return bool
  */
 public function checkSession(Session $session)
 {
     $logger = $this->get('logger');
     $session->getMetadataBag()->getCreated();
     $session->getMetadataBag()->getLastUsed();
     if (time() - $session->getMetadataBag()->getLastUsed() > $this->maxIdleTime) {
         $session->invalidate();
         $logger->error("Sessão inválida:\n" . $session->getId());
         //throw new SessionExpired(); // direciona para a página de sessão expirada
         return false;
     } else {
         return true;
     }
 }
Example #12
0
 /**
  * Destroy the user session
  */
 function logout()
 {
     $this->session->invalidate();
 }
Example #13
0
 /**
  * {@inheritdoc}
  */
 public function invalidate($lifetime = null)
 {
     parent::start();
     return parent::invalidate($lifetime);
 }