From f8be47dfbf567ab75657e02a4e75661a12381a8f Mon Sep 17 00:00:00 2001 From: snipe Date: Thu, 9 Jul 2015 00:41:46 -0700 Subject: [PATCH] Fixes #903 - adds config variable for multi_login, overrides Sentry method --- .gitignore | 1 + app/config/local/session.example.php | 140 ++++++++++++++++++++ app/config/production/session.example.php | 154 ++++++++++++++++++++++ app/config/staging/session.example.php | 154 ++++++++++++++++++++++ app/models/User.php | 43 ++++-- 5 files changed, 480 insertions(+), 12 deletions(-) create mode 100644 app/config/local/session.example.php create mode 100644 app/config/production/session.example.php create mode 100644 app/config/staging/session.example.php diff --git a/.gitignore b/.gitignore index be61c57aa8..46ab184f9b 100755 --- a/.gitignore +++ b/.gitignore @@ -22,3 +22,4 @@ public/uploads/logo.gif public/uploads/logo.png .siteflow public/assets/.siteflow +app/config/local/session.php diff --git a/app/config/local/session.example.php b/app/config/local/session.example.php new file mode 100644 index 0000000000..586da3600e --- /dev/null +++ b/app/config/local/session.example.php @@ -0,0 +1,140 @@ + 'file', + + /* + |-------------------------------------------------------------------------- + | Session Lifetime + |-------------------------------------------------------------------------- + | + | Here you may specify the number of minutes that you wish the session + | to be allowed to remain idle before it expires. If you want them + | to immediately expire on the browser closing, set that option. + | + */ + + 'lifetime' => 12000, + + 'expire_on_close' => false, + + /* + |-------------------------------------------------------------------------- + | Session File Location + |-------------------------------------------------------------------------- + | + | When using the native session driver, we need a location where session + | files may be stored. A default has been set for you but a different + | location may be specified. This is only needed for file sessions. + | + */ + + 'files' => storage_path().'/sessions', + + /* + |-------------------------------------------------------------------------- + | Session Database Connection + |-------------------------------------------------------------------------- + | + | When using the "database" or "redis" session drivers, you may specify a + | connection that should be used to manage these sessions. This should + | correspond to a connection in your database configuration options. + | + */ + + 'connection' => null, + + /* + |-------------------------------------------------------------------------- + | Session Database Table + |-------------------------------------------------------------------------- + | + | When using the "database" session driver, you may specify the table we + | should use to manage the sessions. Of course, a sensible default is + | provided for you; however, you are free to change this as needed. + | + */ + + 'table' => 'sessions', + + /* + |-------------------------------------------------------------------------- + | Session Sweeping Lottery + |-------------------------------------------------------------------------- + | + | Some session drivers must manually sweep their storage location to get + | rid of old sessions from storage. Here are the chances that it will + | happen on a given request. By default, the odds are 2 out of 100. + | + */ + + 'lottery' => array(2, 100), + + /* + |-------------------------------------------------------------------------- + | Session Cookie Name + |-------------------------------------------------------------------------- + | + | Here you may change the name of the cookie used to identify a session + | instance by ID. The name specified here will get used every time a + | new session cookie is created by the framework for every driver. + | + */ + + 'cookie' => 'snipeit_session', + + /* + |-------------------------------------------------------------------------- + | Session Cookie Path + |-------------------------------------------------------------------------- + | + | The session cookie path determines the path for which the cookie will + | be regarded as available. Typically, this will be the root path of + | your application but you are free to change this when necessary. + | + */ + + 'path' => '/', + + /* + |-------------------------------------------------------------------------- + | Session Cookie Domain + |-------------------------------------------------------------------------- + | + | Here you may change the domain of the cookie used to identify a session + | in your application. This will determine which domains the cookie is + | available to in your application. A sensible default has been set. + | + */ + + 'domain' => null, + + /* + |-------------------------------------------------------------------------- + | HTTPS Only Cookies + |-------------------------------------------------------------------------- + | + | By setting this option to true, session cookies will only be sent back + | to the server if the browser has a HTTPS connection. This will keep + | the cookie from being sent to you if it can not be done securely. + | + */ + + 'secure' => false, + +); diff --git a/app/config/production/session.example.php b/app/config/production/session.example.php new file mode 100644 index 0000000000..5d28296192 --- /dev/null +++ b/app/config/production/session.example.php @@ -0,0 +1,154 @@ + 'file', + + /* + |-------------------------------------------------------------------------- + | Session Lifetime + |-------------------------------------------------------------------------- + | + | Here you may specify the number of minutes that you wish the session + | to be allowed to remain idle before it expires. If you want them + | to immediately expire on the browser closing, set that option. + | + */ + + 'lifetime' => 12000, + + 'expire_on_close' => false, + + /* + |-------------------------------------------------------------------------- + | Session File Location + |-------------------------------------------------------------------------- + | + | When using the native session driver, we need a location where session + | files may be stored. A default has been set for you but a different + | location may be specified. This is only needed for file sessions. + | + */ + + 'files' => storage_path().'/sessions', + + /* + |-------------------------------------------------------------------------- + | Session Database Connection + |-------------------------------------------------------------------------- + | + | When using the "database" or "redis" session drivers, you may specify a + | connection that should be used to manage these sessions. This should + | correspond to a connection in your database configuration options. + | + */ + + 'connection' => null, + + /* + |-------------------------------------------------------------------------- + | Session Database Table + |-------------------------------------------------------------------------- + | + | When using the "database" session driver, you may specify the table we + | should use to manage the sessions. Of course, a sensible default is + | provided for you; however, you are free to change this as needed. + | + */ + + 'table' => 'sessions', + + /* + |-------------------------------------------------------------------------- + | Session Sweeping Lottery + |-------------------------------------------------------------------------- + | + | Some session drivers must manually sweep their storage location to get + | rid of old sessions from storage. Here are the chances that it will + | happen on a given request. By default, the odds are 2 out of 100. + | + */ + + 'lottery' => array(2, 100), + + /* + |-------------------------------------------------------------------------- + | Session Cookie Name + |-------------------------------------------------------------------------- + | + | Here you may change the name of the cookie used to identify a session + | instance by ID. The name specified here will get used every time a + | new session cookie is created by the framework for every driver. + | + */ + + 'cookie' => 'snipeit_session', + + /* + |-------------------------------------------------------------------------- + | Session Cookie Path + |-------------------------------------------------------------------------- + | + | The session cookie path determines the path for which the cookie will + | be regarded as available. Typically, this will be the root path of + | your application but you are free to change this when necessary. + | + */ + + 'path' => '/', + + /* + |-------------------------------------------------------------------------- + | Session Cookie Domain + |-------------------------------------------------------------------------- + | + | Here you may change the domain of the cookie used to identify a session + | in your application. This will determine which domains the cookie is + | available to in your application. A sensible default has been set. + | + */ + + 'domain' => null, + + /* + |-------------------------------------------------------------------------- + | HTTPS Only Cookies + |-------------------------------------------------------------------------- + | + | By setting this option to true, session cookies will only be sent back + | to the server if the browser has a HTTPS connection. This will keep + | the cookie from being sent to you if it can not be done securely. + | + */ + + 'secure' => false, + + + /* + |-------------------------------------------------------------------------- + | Allow multiple logins from different devices at the same time + |-------------------------------------------------------------------------- + | + | By default, if a user logs into an account where someone is already + | logged in, the previous user will be logged out. We recommend leaving + | this set to false for security reasons. + | + */ + + 'multi_login' => true, + +); diff --git a/app/config/staging/session.example.php b/app/config/staging/session.example.php new file mode 100644 index 0000000000..99e208551d --- /dev/null +++ b/app/config/staging/session.example.php @@ -0,0 +1,154 @@ + 'file', + + /* + |-------------------------------------------------------------------------- + | Session Lifetime + |-------------------------------------------------------------------------- + | + | Here you may specify the number of minutes that you wish the session + | to be allowed to remain idle before it expires. If you want them + | to immediately expire on the browser closing, set that option. + | + */ + + 'lifetime' => 12000, + + 'expire_on_close' => false, + + /* + |-------------------------------------------------------------------------- + | Session File Location + |-------------------------------------------------------------------------- + | + | When using the native session driver, we need a location where session + | files may be stored. A default has been set for you but a different + | location may be specified. This is only needed for file sessions. + | + */ + + 'files' => storage_path().'/sessions', + + /* + |-------------------------------------------------------------------------- + | Session Database Connection + |-------------------------------------------------------------------------- + | + | When using the "database" or "redis" session drivers, you may specify a + | connection that should be used to manage these sessions. This should + | correspond to a connection in your database configuration options. + | + */ + + 'connection' => null, + + /* + |-------------------------------------------------------------------------- + | Session Database Table + |-------------------------------------------------------------------------- + | + | When using the "database" session driver, you may specify the table we + | should use to manage the sessions. Of course, a sensible default is + | provided for you; however, you are free to change this as needed. + | + */ + + 'table' => 'sessions', + + /* + |-------------------------------------------------------------------------- + | Session Sweeping Lottery + |-------------------------------------------------------------------------- + | + | Some session drivers must manually sweep their storage location to get + | rid of old sessions from storage. Here are the chances that it will + | happen on a given request. By default, the odds are 2 out of 100. + | + */ + + 'lottery' => array(2, 100), + + /* + |-------------------------------------------------------------------------- + | Session Cookie Name + |-------------------------------------------------------------------------- + | + | Here you may change the name of the cookie used to identify a session + | instance by ID. The name specified here will get used every time a + | new session cookie is created by the framework for every driver. + | + */ + + 'cookie' => 'snipeit_session', + + /* + |-------------------------------------------------------------------------- + | Session Cookie Path + |-------------------------------------------------------------------------- + | + | The session cookie path determines the path for which the cookie will + | be regarded as available. Typically, this will be the root path of + | your application but you are free to change this when necessary. + | + */ + + 'path' => '/', + + /* + |-------------------------------------------------------------------------- + | Session Cookie Domain + |-------------------------------------------------------------------------- + | + | Here you may change the domain of the cookie used to identify a session + | in your application. This will determine which domains the cookie is + | available to in your application. A sensible default has been set. + | + */ + + 'domain' => null, + + /* + |-------------------------------------------------------------------------- + | HTTPS Only Cookies + |-------------------------------------------------------------------------- + | + | By setting this option to true, session cookies will only be sent back + | to the server if the browser has a HTTPS connection. This will keep + | the cookie from being sent to you if it can not be done securely. + | + */ + + 'secure' => true, + + + /* + |-------------------------------------------------------------------------- + | Allow multiple logins from different devices at the same time + |-------------------------------------------------------------------------- + | + | By default, if a user logs into an account where someone is already + | logged in, the previous user will be logged out. We recommend leaving + | this set to false for security reasons. + | + */ + + 'multi_login' => false, + +); diff --git a/app/models/User.php b/app/models/User.php index 31a30ae08c..b813e639fc 100755 --- a/app/models/User.php +++ b/app/models/User.php @@ -23,7 +23,7 @@ class User extends SentryUserModel { return "{$this->first_name} {$this->last_name}"; } - + /** * Returns the user Gravatar image url. @@ -43,7 +43,7 @@ class User extends SentryUserModel { return $this->hasMany('Asset', 'assigned_to')->withTrashed(); } - + public function accessories() { return $this->belongsToMany('Accessory', 'accessories_users', 'assigned_to','accessory_id')->withPivot('id')->withTrashed(); @@ -77,36 +77,55 @@ class User extends SentryUserModel { return $this->belongsTo('User','manager_id')->withTrashed(); } - - + + public function accountStatus() { if ($this->sentryThrottle) { if ($this->sentryThrottle->suspended==1) { - return 'suspended'; + return 'suspended'; } elseif ($this->sentryThrottle->banned==1) { - return 'banned'; - } else { + return 'banned'; + } else { return false; } } else { return false; } } - - public function sentryThrottle() { - return $this->hasOne('Throttle'); + + public function sentryThrottle() { + return $this->hasOne('Throttle'); } - + public function scopeGetDeleted($query) { return $query->withTrashed()->whereNotNull('deleted_at'); } - + public function scopeGetNotDeleted($query) { return $query->whereNull('deleted_at'); } + /** + * Override the SentryUser getPersistCode method for + * multiple logins at one time + **/ + public function getPersistCode() + { + + if (!Config::get('multi_login') || (!$this->persist_code)) + { + $this->persist_code = $this->getRandomString(); + + // Our code got hashed + $persistCode = $this->persist_code; + $this->save(); + return $persistCode; + } + return $this->persist_code; + } + }