diff options
| author | Moritz Strohm <strohm@data-quest.de> | 2023-12-06 10:51:32 +0000 |
|---|---|---|
| committer | Moritz Strohm <strohm@data-quest.de> | 2023-12-06 10:51:32 +0000 |
| commit | cda5cbe132debf296f48aff619630f93d8ef4d0f (patch) | |
| tree | 0d2c9ccd27407178ad69fc58b6e2c049441393c9 /lib/classes/TwoFactorAuth.php | |
| parent | 0f2811fcf6f738f73dcc4485263c43c273bea908 (diff) | |
include user-ID in cookie for TFA, fixes #3533
Closes #3533
Merge request studip/studip!2422
Diffstat (limited to 'lib/classes/TwoFactorAuth.php')
| -rw-r--r-- | lib/classes/TwoFactorAuth.php | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/lib/classes/TwoFactorAuth.php b/lib/classes/TwoFactorAuth.php index 3582b6f..5373c9a 100644 --- a/lib/classes/TwoFactorAuth.php +++ b/lib/classes/TwoFactorAuth.php @@ -55,7 +55,7 @@ final class TwoFactorAuth { // Remove cookie setcookie( - self::COOKIE_KEY, + self::COOKIE_KEY . '/' . $GLOBALS['user']->id, '', strtotime('-1 year'), $GLOBALS['CANONICAL_RELATIVE_PATH_STUDIP'] @@ -149,8 +149,9 @@ final class TwoFactorAuth } // Trusted computer? - if (isset($_COOKIE[self::COOKIE_KEY])) { - list($code, $timeslice) = explode(':', $_COOKIE[self::COOKIE_KEY]); + $user_cookie_key = self::COOKIE_KEY . '/' . $GLOBALS['user']->id; + if (isset($_COOKIE[$user_cookie_key])) { + list($code, $timeslice) = explode(':', $_COOKIE[$user_cookie_key]); if ($this->secret->validateToken($code, (int) $timeslice, true)) { $this->registerSecretInSession(); return; @@ -255,7 +256,7 @@ final class TwoFactorAuth $timeslice = mt_rand(0, PHP_INT_MAX); setcookie( - self::COOKIE_KEY, + self::COOKIE_KEY . '/' . $GLOBALS['user']->id, implode(':', [$this->secret->getToken($timeslice), $timeslice]), $lifetime, $GLOBALS['CANONICAL_RELATIVE_PATH_STUDIP'] |