Merge branch 'ent-11437-automatic-logout-mechanism-has-been-disabled' into 'develop'

Ent 11437 Automatic Logout mechanism has been disabled See merge request artica/pandorafms!6070
2023-07-07 07:23:59 +00:00 · 2023-07-07 07:23:59 +00:00 · d58be10fc9
parent 4f4079144d 496058e144
commit d58be10fc9
6 changed files with 100 additions and 2 deletions
--- a/pandora_console/extras/mr/65.sql
+++ b/pandora_console/extras/mr/65.sql
@ -10,4 +10,6 @@ ADD COLUMN `grid_size` VARCHAR(45) NOT NULL DEFAULT '10' AFTER `grid_color`;

 DELETE FROM tconfig WHERE token = 'refr';

+ALTER TABLE `tusuario`  ADD COLUMN `session_max_time_expire` INT NOT NULL DEFAULT 0 AFTER `auth_token_secret`;
+
 COMMIT;
--- a/pandora_console/godmode/setup/setup_auth.php
+++ b/pandora_console/godmode/setup/setup_auth.php
@ -418,7 +418,27 @@ if (is_ajax() === true) {
            $table->rowclass['2FA_all_users'] = '';
        }

-            $table->data['2FA_all_users'] = $row;
+        $table->data['2FA_all_users'] = $row;
+
+        // Session timeout behavior.
+        // Set default value.
+        $row = [];
+        $options = [
+            'check_activity'  => __('Check activity'),
+            'ignore_activity' => __('Ignore activity'),
+        ];
+
+        $row['name'] = __('Control of timeout session').ui_print_help_tip(__('Select \'ignore activity\' to ignore user activity when checking the session.'), true);
+        $row['control'] = html_print_select(
+            $options,
+            'control_session_timeout',
+            $config['control_session_timeout'],
+            '',
+            '',
+            0,
+            true
+        );
+        $table->data['session_timeouts'] = $row;


        // Session timeout.
--- a/pandora_console/godmode/users/configure_user.php
+++ b/pandora_console/godmode/users/configure_user.php
@ -664,11 +664,21 @@ if ($update_user) {
    $values['local_user'] = (bool) get_parameter('local_user', false);
    $values['strict_acl'] = (bool) get_parameter('strict_acl', false);
    $values['session_time'] = (int) get_parameter('session_time', 0);
+
+    $force_update_session_expire = false;
+    if ($values['session_time'] !== $user_info['session_time']) {
+        $force_update_session_expire = true;
+    }
+
    // Previously defined.
    $values['autorefresh_white_list'] = $autorefresh_white_list;

    $res1 = update_user($id, $values);

+    if ($force_update_session_expire === true) {
+        config_prepare_expire_time_session(true);
+    }
+
    if ($config['user_can_update_password']) {
        $password_new = (string) get_parameter('password_new', '');
        $password_confirm = (string) get_parameter('password_confirm', '');
--- a/pandora_console/include/functions_config.php
+++ b/pandora_console/include/functions_config.php
@ -819,6 +819,10 @@ function config_update_config()
                        $error_update[] = __('2FA all users');
                    }

+                    if (config_update_value('control_session_timeout', get_parameter('control_session_timeout'), true) === false) {
+                        $error_update[] = __('Control timeout');
+                    }
+
                    if (config_update_value('session_timeout', get_parameter('session_timeout'), true) === false) {
                        $error_update[] = __('Session timeout');
                    } else {
@ -828,6 +832,8 @@ function config_update_config()
                            if (config_update_value('session_timeout', 90, true) === false) {
                                $error_update[] = __('Session timeout');
                            }
+                        } else {
+                            config_prepare_expire_time_session(true);
                        }
                    }

@ -3797,6 +3803,10 @@ function config_process_config()
        config_update_value('notification_autoclose_time', 5);
    }

+    if (isset($config['control_session_timeout']) === false) {
+        config_update_value('control_session_timeout', 'check_activity');
+    }
+
    // Finally, check if any value was overwritten in a form.
    config_update_config();
 }
@ -3928,12 +3938,60 @@ function config_user_set_custom_config()
        }
    }

+    config_prepare_expire_time_session();
+
    if (is_metaconsole() === true) {
        $config['metaconsole_access'] = $userinfo['metaconsole_access'];
    }
 }


+function config_prepare_expire_time_session($force_update=false)
+{
+    global $config;
+    if (empty($config['id_user']) === true) {
+        return;
+    }
+
+    $userinfo = get_user_info($config['id_user']);
+
+    if (isset($userinfo)) {
+        $user_sesion_time = $userinfo['session_time'];
+    } else {
+        $user_sesion_time = null;
+    }
+
+    if ($user_sesion_time == 0) {
+        // Change the session timeout value to session_timeout minutes  // 8*60*60 = 8 hours.
+        $sessionCookieExpireTime = $config['session_timeout'];
+    } else {
+        // Change the session timeout value to session_timeout minutes  // 8*60*60 = 8 hours.
+        $sessionCookieExpireTime = $user_sesion_time;
+    }
+
+    if ($sessionCookieExpireTime <= 0) {
+        $sessionCookieExpireTime = (10 * 365 * 24 * 60 * 60);
+    } else {
+        $sessionCookieExpireTime *= 60;
+    }
+
+    if ($config['control_session_timeout'] === 'ignore_activity') {
+        $sessionMaxTimeout = (time() + $sessionCookieExpireTime);
+        if ((int) $userinfo['session_max_time_expire'] === 0 || $force_update === true) {
+            $userinfo['session_max_time_expire'] = $sessionMaxTimeout;
+            update_user($userinfo['id_user'], ['session_max_time_expire' => $sessionMaxTimeout]);
+        } else if (time() > (int) $userinfo['session_max_time_expire'] && (int) $userinfo['session_max_time_expire'] > 0) {
+            update_user($userinfo['id_user'], ['session_max_time_expire' => 0]);
+        }
+    } else {
+        if ((int) $userinfo['session_max_time_expire'] > 0) {
+            update_user($userinfo['id_user'], ['session_max_time_expire' => 0]);
+        }
+    }
+
+}
+
+
 /**
 * Undocumented function
 *
@ -3975,7 +4033,13 @@ function config_prepare_session()
        }

        if ($update_cookie === true) {
-            setcookie(session_name(), $_COOKIE[session_name()], (time() + $sessionCookieExpireTime), '/');
+            if ((int) $user['session_max_time_expire'] > 0 && time() < $user['session_max_time_expire']) {
+                $sessionMaxTimeout = $user['session_max_time_expire'];
+            } else {
+                $sessionMaxTimeout = (time() + $sessionCookieExpireTime);
+            }
+
+            setcookie(session_name(), $_COOKIE[session_name()], $sessionMaxTimeout, '/');
        }
    }

--- a/pandora_console/index.php
+++ b/pandora_console/index.php
@ -662,6 +662,7 @@ if (isset($config['id_user']) === false) {
            db_logon($nick_in_db, $_SERVER['REMOTE_ADDR']);
            $_SESSION['id_usuario'] = $nick_in_db;
            $config['id_user'] = $nick_in_db;
+            config_prepare_expire_time_session(true);

            // Check if connection goes through F5 balancer. If it does, then
            // don't call config_prepare_session() or user will be back to login
--- a/pandora_console/pandoradb.sql
+++ b/pandora_console/pandoradb.sql
@ -1327,6 +1327,7 @@ CREATE TABLE IF NOT EXISTS `tusuario` (
  `allowed_ip_active` TINYINT UNSIGNED DEFAULT 0,
  `allowed_ip_list` TEXT,
  `auth_token_secret` VARCHAR(45) DEFAULT NULL,
+  `session_max_time_expire` INT NOT NULL DEFAULT 0,
  CONSTRAINT `fk_filter_id` FOREIGN KEY (`id_filter`) REFERENCES tevent_filter (`id_filter`) ON DELETE SET NULL,
  UNIQUE KEY `id_user` (`id_user`)
 ) ENGINE=InnoDB DEFAULT CHARSET=UTF8MB4;