Revert "Fixed issue #19117: [security] Account past their expiration …

…date can be still active (#3524)"

This reverts commit 0e78d7e.

This commit breaks upgrade from LS3 to LS5.

application/controllers/admin/Authentication.php

@@ -270,8 +270,17 @@ public function newPassword()
      */
     public function logout()
     {
+        /* Adding beforeLogout event */
+        $beforeLogout = new PluginEvent('beforeLogout');
+        App()->getPluginManager()->dispatchEvent($beforeLogout);
+        regenerateCSRFToken();
         App()->user->logout();
         App()->user->setFlash('loginmessage', gT('Logout successful.'));
+
+        /* Adding afterLogout event */
+        $event = new PluginEvent('afterLogout');
+        App()->getPluginManager()->dispatchEvent($event);
+
         $this->getController()->redirect(array('/admin/authentication/sa/login'));
     }
 

application/core/LSWebUser.php

@@ -25,49 +25,6 @@ public function checkAccess($operation, $params = array(), $allowCaching = true)
         }
     }
 
-    /**
-     * @inheritDoc
-     * Replace auto getter to check if currentb uiser is valid or not
-     */
-    public function getId()
-    {
-        if (empty(parent::getId())) {
-            return parent::getId();
-        }
-        $id = App()->getCurrentUserId();
-        if (empty($id)) {
-            /* If still connected but invalid : logout */
-            $this->logout();
-        }
-        return $id;
-    }
-
-    /**
-     * @inheritDoc
-     * Set id in session too
-     */
-    public function setId($id)
-    {
-        parent::setId($id);
-        \Yii::app()->session['loginID'] = $id;
-    }
-
-    /**
-     * @inheritDoc
-     * Add the specific plugin event and regerenaret CRSF
-     */
-    public function logout($destroySession = true)
-    {
-        /* Adding beforeLogout event */
-        $beforeLogout = new PluginEvent('beforeLogout');
-        App()->getPluginManager()->dispatchEvent($beforeLogout);
-        regenerateCSRFToken();
-        parent::logout($destroySession);
-        /* Adding afterLogout event */
-        $event = new PluginEvent('afterLogout');
-        App()->getPluginManager()->dispatchEvent($event);
-    }
-
     /**
      * @inheritdoc
      * replace by a fixed string

application/core/Traits/LSApplicationTrait.php

@@ -8,6 +8,7 @@
 
 trait LSApplicationTrait
 {
+
     /* @var integer| null the current userId for all action */
     private $currentUserId;
     /**
@@ -17,7 +18,7 @@ trait LSApplicationTrait
      */
     public function getCurrentUserId()
     {
-        if (empty(App()->session['loginID'])) {
+        if(empty(App()->session['loginID'])) {
             /**
              * NULL for guest,
              * null by default for CConsoleapplication, but Permission always return true for console
@@ -30,7 +31,7 @@ public function getCurrentUserId()
         }
         /* use App()->session and not App()->user fot easiest unit test */
         $this->currentUserId = App()->session['loginID'];
-        if ($this->currentUserId && !User::model()->active()->findByPk($this->currentUserId)) {
+        if ($this->currentUserId && !User::model()->findByPk($this->currentUserId)) {
             $this->currentUserId = 0;
         }
         return $this->currentUserId;

application/models/User.php

@@ -941,19 +941,6 @@ public function search()
         ));
     }
 
-    /** @inheritdoc */
-    public function scopes()
-    {
-        return array(
-            'active' => array(
-                'condition' => "expires > :now OR expires IS NULL",
-                'params' => array(
-                    'now' => dateShift(date("Y-m-d H:i:s"), "Y-m-d H:i:s", Yii::app()->getConfig("timeadjust")),
-                )
-            )
-        );
-    }
-
     /**
      * Creates a validation key and saves it in table user for this user.
      *