From 7d374449d06697608be7859dd51e451c2d75a30c Mon Sep 17 00:00:00 2001
From: Olle Haerstedt <olle.haerstedt@limesurvey.org>
Date: Wed, 8 Nov 2023 13:41:02 +0100
Subject: [PATCH] Revert "Fixed issue #19117: [security] Account past their
 expiration date can be still active (#3524)"

This reverts commit 0e78d7e89cb3791dc3241accbc3b8868e3558d56.

This commit breaks upgrade from LS3 to LS5.
---
 .../controllers/admin/Authentication.php      |  9 ++++
 application/core/LSWebUser.php                | 43 -------------------
 .../core/Traits/LSApplicationTrait.php        |  5 ++-
 application/models/User.php                   | 13 ------
 4 files changed, 12 insertions(+), 58 deletions(-)

diff --git a/application/controllers/admin/Authentication.php b/application/controllers/admin/Authentication.php
index 67d6b806743..d570d872575 100644
--- a/application/controllers/admin/Authentication.php
+++ b/application/controllers/admin/Authentication.php
@@ -270,8 +270,17 @@ public function newPassword()
      */
     public function logout()
     {
+        /* Adding beforeLogout event */
+        $beforeLogout = new PluginEvent('beforeLogout');
+        App()->getPluginManager()->dispatchEvent($beforeLogout);
+        regenerateCSRFToken();
         App()->user->logout();
         App()->user->setFlash('loginmessage', gT('Logout successful.'));
+
+        /* Adding afterLogout event */
+        $event = new PluginEvent('afterLogout');
+        App()->getPluginManager()->dispatchEvent($event);
+
         $this->getController()->redirect(array('/admin/authentication/sa/login'));
     }
 
diff --git a/application/core/LSWebUser.php b/application/core/LSWebUser.php
index d05e3f09284..d91df358fbd 100644
--- a/application/core/LSWebUser.php
+++ b/application/core/LSWebUser.php
@@ -25,49 +25,6 @@ public function checkAccess($operation, $params = array(), $allowCaching = true)
         }
     }
 
-    /**
-     * @inheritDoc
-     * Replace auto getter to check if currentb uiser is valid or not
-     */
-    public function getId()
-    {
-        if (empty(parent::getId())) {
-            return parent::getId();
-        }
-        $id = App()->getCurrentUserId();
-        if (empty($id)) {
-            /* If still connected but invalid : logout */
-            $this->logout();
-        }
-        return $id;
-    }
-
-    /**
-     * @inheritDoc
-     * Set id in session too
-     */
-    public function setId($id)
-    {
-        parent::setId($id);
-        \Yii::app()->session['loginID'] = $id;
-    }
-
-    /**
-     * @inheritDoc
-     * Add the specific plugin event and regerenaret CRSF
-     */
-    public function logout($destroySession = true)
-    {
-        /* Adding beforeLogout event */
-        $beforeLogout = new PluginEvent('beforeLogout');
-        App()->getPluginManager()->dispatchEvent($beforeLogout);
-        regenerateCSRFToken();
-        parent::logout($destroySession);
-        /* Adding afterLogout event */
-        $event = new PluginEvent('afterLogout');
-        App()->getPluginManager()->dispatchEvent($event);
-    }
-
     /**
      * @inheritdoc
      * replace by a fixed string
diff --git a/application/core/Traits/LSApplicationTrait.php b/application/core/Traits/LSApplicationTrait.php
index 1c1f87959a2..bb529598acc 100644
--- a/application/core/Traits/LSApplicationTrait.php
+++ b/application/core/Traits/LSApplicationTrait.php
@@ -8,6 +8,7 @@
 
 trait LSApplicationTrait
 {
+
     /* @var integer| null the current userId for all action */
     private $currentUserId;
     /**
@@ -17,7 +18,7 @@ trait LSApplicationTrait
      */
     public function getCurrentUserId()
     {
-        if (empty(App()->session['loginID'])) {
+        if(empty(App()->session['loginID'])) {
             /**
              * NULL for guest,
              * null by default for CConsoleapplication, but Permission always return true for console
@@ -30,7 +31,7 @@ public function getCurrentUserId()
         }
         /* use App()->session and not App()->user fot easiest unit test */
         $this->currentUserId = App()->session['loginID'];
-        if ($this->currentUserId && !User::model()->active()->findByPk($this->currentUserId)) {
+        if ($this->currentUserId && !User::model()->findByPk($this->currentUserId)) {
             $this->currentUserId = 0;
         }
         return $this->currentUserId;
diff --git a/application/models/User.php b/application/models/User.php
index 390d6ee16cc..24a37b0c126 100644
--- a/application/models/User.php
+++ b/application/models/User.php
@@ -941,19 +941,6 @@ public function search()
         ));
     }
 
-    /** @inheritdoc */
-    public function scopes()
-    {
-        return array(
-            'active' => array(
-                'condition' => "expires > :now OR expires IS NULL",
-                'params' => array(
-                    'now' => dateShift(date("Y-m-d H:i:s"), "Y-m-d H:i:s", Yii::app()->getConfig("timeadjust")),
-                )
-            )
-        );
-    }
-
     /**
      * Creates a validation key and saves it in table user for this user.
      *