diff --git a/app/console b/app/console index 9174d8f8cb..b981302dee 160000 --- a/app/console +++ b/app/console @@ -1 +1 @@ -Subproject commit 9174d8f8cb584744dd7a53f69d324f490ee82ee3 +Subproject commit b981302dee30eab33e155af79f0088822b29a2b6 diff --git a/app/controllers/api/account.php b/app/controllers/api/account.php index f0749bcf18..33e2531dc7 100644 --- a/app/controllers/api/account.php +++ b/app/controllers/api/account.php @@ -231,24 +231,22 @@ App::post('/v1/account/sessions/email') Permission::delete(Role::user($profile->getId())), ])); - $encodedSecret = Auth::encodeSession($profile->getId(), $secret); if (!Config::getParam('domainVerification')) { $response - ->addHeader('X-Fallback-Cookies', \json_encode([Auth::$cookieName => $encodedSecret])) + ->addHeader('X-Fallback-Cookies', \json_encode([Auth::$cookieName => Auth::encodeSession($profile->getId(), $secret)])) ; } $response - ->addCookie(Auth::$cookieName . '_legacy', $encodedSecret, (new \DateTime($expire))->getTimestamp(), '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, null) - ->addCookie(Auth::$cookieName, $encodedSecret, (new \DateTime($expire))->getTimestamp(), '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, Config::getParam('cookieSamesite')) + ->addCookie(Auth::$cookieName . '_legacy', Auth::encodeSession($profile->getId(), $secret), (new \DateTime($expire))->getTimestamp(), '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, null) + ->addCookie(Auth::$cookieName, Auth::encodeSession($profile->getId(), $secret), (new \DateTime($expire))->getTimestamp(), '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, Config::getParam('cookieSamesite')) ->setStatusCode(Response::STATUS_CODE_CREATED) ; $countryName = $locale->getText('countries.' . strtolower($session->getAttribute('countryCode')), $locale->getText('locale.country.unknown')); $session - ->setAttribute('encodedSecret', $encodedSecret) ->setAttribute('current', true) ->setAttribute('countryName', $countryName) ->setAttribute('expire', $expire); @@ -882,24 +880,21 @@ App::put('/v1/account/sessions/magic-url') ->setParam('sessionId', $session->getId()) ; - $encodedSecret = Auth::encodeSession($user->getId(), $secret); - if (!Config::getParam('domainVerification')) { - $response->addHeader('X-Fallback-Cookies', \json_encode([Auth::$cookieName => $encodedSecret])); + $response->addHeader('X-Fallback-Cookies', \json_encode([Auth::$cookieName => Auth::encodeSession($user->getId(), $secret)])); } $protocol = $request->getProtocol(); $response - ->addCookie(Auth::$cookieName . '_legacy', $encodedSecret, (new \DateTime($expire))->getTimestamp(), '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, null) - ->addCookie(Auth::$cookieName, $encodedSecret, (new \DateTime($expire))->getTimestamp(), '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, Config::getParam('cookieSamesite')) + ->addCookie(Auth::$cookieName . '_legacy', Auth::encodeSession($user->getId(), $secret), (new \DateTime($expire))->getTimestamp(), '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, null) + ->addCookie(Auth::$cookieName, Auth::encodeSession($user->getId(), $secret), (new \DateTime($expire))->getTimestamp(), '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, Config::getParam('cookieSamesite')) ->setStatusCode(Response::STATUS_CODE_CREATED) ; $countryName = $locale->getText('countries.' . strtolower($session->getAttribute('countryCode')), $locale->getText('locale.country.unknown')); $session - ->setAttribute('encodedSecret', $encodedSecret) ->setAttribute('current', true) ->setAttribute('countryName', $countryName) ->setAttribute('expire', $expire) @@ -1120,24 +1115,21 @@ App::put('/v1/account/sessions/phone') ->setParam('sessionId', $session->getId()) ; - $encodedSecret = Auth::encodeSession($user->getId(), $secret); - if (!Config::getParam('domainVerification')) { - $response->addHeader('X-Fallback-Cookies', \json_encode([Auth::$cookieName => $encodedSecret])); + $response->addHeader('X-Fallback-Cookies', \json_encode([Auth::$cookieName => Auth::encodeSession($user->getId(), $secret)])); } $protocol = $request->getProtocol(); $response - ->addCookie(Auth::$cookieName . '_legacy', $encodedSecret, (new \DateTime($expire))->getTimestamp(), '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, null) - ->addCookie(Auth::$cookieName, $encodedSecret, (new \DateTime($expire))->getTimestamp(), '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, Config::getParam('cookieSamesite')) + ->addCookie(Auth::$cookieName . '_legacy', Auth::encodeSession($user->getId(), $secret), (new \DateTime($expire))->getTimestamp(), '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, null) + ->addCookie(Auth::$cookieName, Auth::encodeSession($user->getId(), $secret), (new \DateTime($expire))->getTimestamp(), '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, Config::getParam('cookieSamesite')) ->setStatusCode(Response::STATUS_CODE_CREATED) ; $countryName = $locale->getText('countries.' . strtolower($session->getAttribute('countryCode')), $locale->getText('locale.country.unknown')); $session - ->setAttribute('encodedSecret', $encodedSecret) ->setAttribute('current', true) ->setAttribute('countryName', $countryName) ->setAttribute('expire', $expire) @@ -1259,22 +1251,19 @@ App::post('/v1/account/sessions/anonymous') ->setParam('sessionId', $session->getId()) ; - $encodedSecret = Auth::encodeSession($user->getId(), $secret); - if (!Config::getParam('domainVerification')) { - $response->addHeader('X-Fallback-Cookies', \json_encode([Auth::$cookieName => $encodedSecret])); + $response->addHeader('X-Fallback-Cookies', \json_encode([Auth::$cookieName => Auth::encodeSession($user->getId(), $secret)])); } $response - ->addCookie(Auth::$cookieName . '_legacy', $encodedSecret, (new \DateTime($expire))->getTimestamp(), '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, null) - ->addCookie(Auth::$cookieName, $encodedSecret, (new \DateTime($expire))->getTimestamp(), '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, Config::getParam('cookieSamesite')) + ->addCookie(Auth::$cookieName . '_legacy', Auth::encodeSession($user->getId(), $secret), (new \DateTime($expire))->getTimestamp(), '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, null) + ->addCookie(Auth::$cookieName, Auth::encodeSession($user->getId(), $secret), (new \DateTime($expire))->getTimestamp(), '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, Config::getParam('cookieSamesite')) ->setStatusCode(Response::STATUS_CODE_CREATED) ; $countryName = $locale->getText('countries.' . strtolower($session->getAttribute('countryCode')), $locale->getText('locale.country.unknown')); $session - ->setAttribute('encodedSecret', $encodedSecret) ->setAttribute('current', true) ->setAttribute('countryName', $countryName) ->setAttribute('expire', $expire) diff --git a/src/Appwrite/Utopia/Response/Model/Session.php b/src/Appwrite/Utopia/Response/Model/Session.php index 75afde5559..f65e9cf2ac 100644 --- a/src/Appwrite/Utopia/Response/Model/Session.php +++ b/src/Appwrite/Utopia/Response/Model/Session.php @@ -160,9 +160,9 @@ class Session extends Model 'default' => false, 'example' => true, ]) - ->addRule('encodedSecret', [ + ->addRule('secret', [ 'type' => self::TYPE_STRING, - 'description' => 'Encoded secret used to sign the user in via cookie.', + 'description' => 'Secret used to authenticate the user.', 'default' => '', 'example' => '5e5bb8c16897e', ])