birke/rememberme update to 2.0 for #635

app/sprinkles/account/composer.json

@@ -13,7 +13,7 @@
     ],
     "version": "4.0.0",
     "require": {
-        "birke/rememberme" : "1.0.4",
+        "birke/rememberme" : "2.0.1",
         "nikic/php-parser" : "^1",
         "php": ">=5.5.9"
     },

app/sprinkles/account/src/Authenticate/Authenticator.php

@@ -9,7 +9,8 @@
 namespace UserFrosting\Sprinkle\Account\Authenticate;
 
 use Birke\Rememberme\Authenticator as RememberMe;
-use Birke\Rememberme\Storage\PDO as RememberMePDO;
+use Birke\Rememberme\Storage\PDOStorage as RememberMePDO;
+use Birke\Rememberme\Triplet as RememberMeTriplet;
 use Illuminate\Database\Capsule\Manager as Capsule;
 use Interop\Container\ContainerInterface;
 use UserFrosting\Session\Session;
@@ -108,14 +109,14 @@ public function __construct(ClassMapper $classMapper, Session $session, $config)
         $this->rememberMe = new RememberMe($this->rememberMeStorage);
         // Set cookie name
         $cookieName = $this->config['session.name'] . '-' . $this->config['remember_me.cookie.name'];
-        $this->rememberMe->setCookieName($cookieName);
+        $this->rememberMe->getCookie()->setName($cookieName);
 
         // Change cookie path
         $this->rememberMe->getCookie()->setPath($this->config['remember_me.session.path']);
 
         // Set expire time, if specified
         if ($this->config->has('remember_me.expire_time') && ($this->config->has('remember_me.expire_time') != null)) {
-            $this->rememberMe->setExpireTime($this->config['remember_me.expire_time']);
+            $this->rememberMe->getCookie()->setExpireTime($this->config['remember_me.expire_time']);
         }
 
         $this->user = null;
@@ -311,23 +312,23 @@ public function viaRemember()
      */
     protected function loginRememberedUser()
     {
-        // Get the user id. If we can present the correct tokens from the cookie, remake the session and automatically log the user in
-        $userId = $this->rememberMe->login();
+        /** @var Birke\Rememberme\LoginResult $loginResult */
+        $loginResult = $this->rememberMe->login();
 
-        if ($userId) {
+        if ($loginResult->isSuccess()) {
             // Update in session
-            $this->session[$this->config['session.keys.current_user_id']] = $userId;
+            $this->session[$this->config['session.keys.current_user_id']] = $loginResult->getCredential();
             // There is a chance that an attacker has stolen the login token,
             // so we store the fact that the user was logged in via RememberMe (instead of login form)
             $this->viaRemember = true;
         } else {
-            // If $rememberMe->login() returned false, check if the token was invalid as well.  This means the cookie was stolen.
-            if ($this->rememberMe->loginTokenWasInvalid()) {
+            // If $rememberMe->login() was not successfull, check if the token was invalid as well.  This means the cookie was stolen.
+            if ($loginResult->hasPossibleManipulation()) {
                 throw new AuthCompromisedException();
             }
         }
 
-        return $this->validateUserAccount($userId);
+        return $this->validateUserAccount($loginResult->getCredential());
     }
 
     /**
@@ -359,11 +360,15 @@ protected function loginSessionUser()
      */
     protected function validateRememberMeCookie()
     {
-        // Check, if the Rememberme cookie exists and is still valid.
-        // If not, we log out the current session and throw an exception.
-        if (!empty($_COOKIE[$this->rememberMe->getCookieName()]) && !$this->rememberMe->cookieIsValid()) {
+        $cookieValue = $this->rememberMe->getCookie()->getValue();
+        if (!$cookieValue) {
+            return true;
+        }
+        $triplet = RememberMeTriplet::fromString($cookieValue);
+        if (!$triplet->isValid()) {
             return false;
         }
+
         return true;
     }