Congegni
/
sintonia
7
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch '2.5.x' into saas 

Conflicts:
	airtime_mvc/application/Bootstrap.php
	airtime_mvc/application/models/Auth.php
This commit is contained in:
Albert Santoni 2014-06-25 11:18:56 -04:00
parent 8a5a796858 15013afa40
commit bb21f08d87
3 changed files with 8 additions and 5 deletions
airtime_mvc/application
Bootstrap.php
controllers
LoginController.php
models
Auth.php

3
airtime_mvc/application/Bootstrap.php
View File

@ -14,6 +14,7 @@ require_once "DateHelper.php";
require_once "OsPath.php";
require_once "Database.php";
require_once "Timezone.php";
require_once "models/Auth.php";
require_once __DIR__.'/forms/helpers/ValidationTypes.php';
require_once __DIR__.'/controllers/plugins/RabbitMqPlugin.php';
require_once __DIR__.'/controllers/plugins/Maintenance.php';
@ -26,6 +27,8 @@ require_once __DIR__."/configs/navigation.php";
Zend_Validate::setDefaultNamespaces("Zend");
Application_Model_Auth::pinSessionToClient(Zend_Auth::getInstance());
$front = Zend_Controller_Front::getInstance();
$front->registerPlugin(new RabbitMqPlugin());

3
airtime_mvc/application/controllers/LoginController.php
View File

@ -15,7 +15,6 @@ class LoginController extends Zend_Controller_Action
Application_Model_Locale::configureLocalization($request->getcookie('airtime_locale', 'en_CA'));
$auth = Zend_Auth::getInstance();
Application_Model_Auth::pinSessionToClient($auth);
if ($auth->hasIdentity())
{
@ -96,7 +95,6 @@ class LoginController extends Zend_Controller_Action
public function logoutAction()
{
$auth = Zend_Auth::getInstance();
Application_Model_Auth::pinSessionToClient($auth);
$auth->clearIdentity();
$this->_redirect('showbuilder/index');
}
@ -189,7 +187,6 @@ class LoginController extends Zend_Controller_Action
$auth->invalidateTokens($user, 'password.restore');
$zend_auth = Zend_Auth::getInstance();
Application_Model_Auth::pinSessionToClient($zend_auth);
$zend_auth->clearIdentity();
$authAdapter = Application_Model_Auth::getAuthAdapter();

7
airtime_mvc/application/models/Auth.php
View File

@ -112,11 +112,14 @@ class Application_Model_Auth
}
/** It is essential to do this before interacting with Zend_Auth otherwise sessions could be shared between
* different copies of Airtime on the same webserver. This essentially pins this session to this hostname and client ID.
* different copies of Airtime on the same webserver. This essentially pins this session to:
* - The server hostname - including subdomain so we segment multiple Airtime installs on different subdomains
* - The remote IP of the browser - to help prevent session hijacking
* - The client ID - same reason as server hostname
* @param Zend_Auth $auth Get this with Zend_Auth::getInstance().
*/
public static function pinSessionToClient($auth)
{
//$auth->setStorage(new Zend_Auth_Storage_Session('Airtime' . $_SERVER['SERVER_NAME'] . Application_Model_Preference::GetClientId()));
$auth->setStorage(new Zend_Auth_Storage_Session('Airtime' . $_SERVER['SERVER_NAME'] . $_SERVER['REMOTE_ADDR'] . Application_Model_Preference::GetClientId()));
}
}