Merge pull request #508 from scireum/jmu/allow-manual-logins

Makes updateLoginCookie public and fixes bugs
scireum · Oct 11, 2018 · 05f6931 · 05f6931
2 parents 32c04fc + 5d70dce
commit 05f6931
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 9 deletions.
diff --git a/src/main/java/sirius/web/http/WebContext.java b/src/main/java/sirius/web/http/WebContext.java
@@ -669,7 +669,7 @@ private Map<String, String> decodeSession(String encodedSession) {
             }
         }
         if (checkSessionDataIntegrity(decodedSession, sessionInfo)) {
-            if (decodedSessionTTL > 0) {
+            if (decodedSessionTTL >= 0) {
                 sessionCookieTTL = decodedSessionTTL;
             }
             return decodedSession;

diff --git a/src/main/java/sirius/web/security/GenericUserManager.java b/src/main/java/sirius/web/security/GenericUserManager.java
@@ -166,22 +166,35 @@ protected void recordUserLogin(WebContext ctx, UserInfo user) {
     }
 
     /**
-     * Updates the lifetime of the login cooke if required.
+     * Updates the login cookie.
+     * <p>
+     * Limits the lifetime to the browser session if the login should not be kept. Furthermore the time to life and
+     * login information is stored in the session.
      *
-     * @param ctx  the current request
-     * @param user the user that logged in
+     * @param ctx       the current request
+     * @param user      the user that logged in
+     * @param keepLogin <tt>false</tt> if the session should be cleared when the browser session ends, <tt>true</tt>
+     *                  otherwise
      */
-    protected void updateLoginCookie(WebContext ctx, UserInfo user) {
-        ctx.setCustomSessionCookieTTL(isKeepLogin(ctx) ? null : Duration.ZERO);
+    public void updateLoginCookie(WebContext ctx, UserInfo user, boolean keepLogin) {
+        ctx.setCustomSessionCookieTTL(keepLoginEnabled && keepLogin ? null : Duration.ZERO);
         ctx.setSessionValue(scope.getScopeId() + SUFFIX_USER_ID, user.getUserId());
         ctx.setSessionValue(scope.getScopeId() + SUFFIX_TENANT_ID, user.getTenantId());
         ctx.setSessionValue(scope.getScopeId() + SUFFIX_TTL,
                             TimeUnit.SECONDS.convert(System.currentTimeMillis(), TimeUnit.MILLISECONDS)
                             + loginTTL.getSeconds());
     }
 
-    private boolean isKeepLogin(WebContext ctx) {
-        return keepLoginEnabled && ctx.get("keepLogin").asBoolean(false);
+    /**
+     * Updates the login cookie.
+     * <p>
+     * Same as {@link #updateLoginCookie(WebContext, UserInfo)} but the 'keep login' flag is read from the context
+     *
+     * @param ctx  the current request
+     * @param user the user that logged in
+     */
+    protected void updateLoginCookie(WebContext ctx, UserInfo user) {
+        updateLoginCookie(ctx, user, ctx.get("keepLogin").asBoolean(false));
     }
 
     /*
@@ -356,7 +369,7 @@ protected UserInfo findUserInSession(WebContext ctx) {
         String tenantId = ctx.getSessionValue(scope.getScopeId() + SUFFIX_TENANT_ID).asString();
         Long ttl = ctx.getSessionValue(scope.getScopeId() + SUFFIX_TTL).getLong();
 
-        if (ttl != null && ttl < System.currentTimeMillis()) {
+        if (ttl != null && ttl < TimeUnit.SECONDS.convert(System.currentTimeMillis(), TimeUnit.MILLISECONDS)) {
             return null;
         }