SessionTimeoutPlugin

- some session handling related improvements - adds a session timeout plugin for tracking users idle time Fixes #481: Loading webui failed
bareos · Aug 19, 2015 · 64c7f5a · 64c7f5a
1 parent 9e1f1ba
commit 64c7f5a
Show file tree

Hide file tree

Showing 24 changed files with 245 additions and 90 deletions.
diff --git a/config/autoload/global.php b/config/autoload/global.php
@@ -246,11 +246,17 @@ function read_dir_config($config, $file)
 		),
 	),
 	'session' => array(
-        'config' => array(
-            'class' => 'Zend\Session\Config\SessionConfig',
-            'options' => array(
-                'name' => 'Bareos-WebUI',
-            ),
+		'config' => array(
+			'class' => 'Zend\Session\Config\SessionConfig',
+			'options' => array(
+				'name' => 'bareos',
+				'use_cookies' => true,
+				'cookie_lifetime' => '3600',
+				'gc_maxlifetime' => '3600',
+				'cache_expire' => 3600,
+				'remember_me_seconds' => 3600,
+				'use_cookies' => true
+			),
         ),
         'storage' => 'Zend\Session\Storage\SessionArrayStorage',
         'validators' => array(

diff --git a/module/Application/Module.php b/module/Application/Module.php
@@ -17,33 +17,34 @@
 
 class Module
 {
-    public function onBootstrap(MvcEvent $e)
-    {
-        $eventManager        = $e->getApplication()->getEventManager();
-        $moduleRouteListener = new ModuleRouteListener();
-        $moduleRouteListener->attach($eventManager);
-	$this->initSession($e);
-    }
-
-    public function getConfig()
-    {
-        return include __DIR__ . '/config/module.config.php';
-    }
-
-    public function getAutoloaderConfig()
-    {
-        return array(
-	    'Zend\Loader\ClassMapAutoloader' => array(
-                'application' => __DIR__ . '/autoload_classmap.php',
-            ),
-            'Zend\Loader\StandardAutoloader' => array(
-                'namespaces' => array(
-                    __NAMESPACE__ => __DIR__ . '/src/' . __NAMESPACE__,
-				'Bareos' => __DIR__ .'/../../vendor/Bareos/library/Bareos',
-                ),
-            ),
-        );
-    }
+
+	public function onBootstrap(MvcEvent $e)
+	{
+		$eventManager        = $e->getApplication()->getEventManager();
+		$moduleRouteListener = new ModuleRouteListener();
+		$moduleRouteListener->attach($eventManager);
+		$this->initSession($e);
+	}
+
+	public function getConfig()
+	{
+		return include __DIR__ . '/config/module.config.php';
+	}
+
+	public function getAutoloaderConfig()
+	{
+		return array(
+				'Zend\Loader\ClassMapAutoloader' => array(
+				'application' => __DIR__ . '/autoload_classmap.php',
+			),
+			'Zend\Loader\StandardAutoloader' => array(
+				'namespaces' => array(
+					 __NAMESPACE__ => __DIR__ . '/src/' . __NAMESPACE__,
+					'Bareos' => __DIR__ .'/../../vendor/Bareos/library/Bareos',
+				),
+			),
+		);
+	}
 
 	public function initSession($e)
 	{
@@ -98,6 +99,7 @@ public function getServiceConfig()
 		return array(
 			'factories' => array(
 				'Zend\Session\SessionManager' => function ($sm) {
+
 					$config = $sm->get('config');
 
 					if (isset($config['session'])) {
@@ -134,10 +136,15 @@ public function getServiceConfig()
 						}
 
 						Container::setDefaultManager($sessionManager);
+
 						return $sessionManager;
-					}
+
+				},
+
 			),
+
 		);
+
 	}
 
 }
diff --git a/module/Application/src/Application/Controller/Plugin/SessionTimeoutPlugin.php b/module/Application/src/Application/Controller/Plugin/SessionTimeoutPlugin.php
@@ -0,0 +1,26 @@
+<?php
+
+namespace Application\Controller\Plugin;
+
+use Zend\Mvc\Controller\Plugin\AbstractPlugin;
+
+class SessionTimeoutPlugin extends AbstractPlugin
+{
+
+	public function timeout()
+	{
+		// preparation for setting timeout via config file:
+		$this->getController()->getServiceLocator()->get('config');
+		$timeout = 300;
+
+		if($_SESSION['bareos']['idletime'] + $timeout > time()) {
+			$_SESSION['bareos']['idletime'] = time();
+			return true;
+		}
+		else {
+			session_destroy();
+			return false;
+		}
+	}
+
+}
diff --git a/module/Auth/src/Auth/Controller/AuthController.php b/module/Auth/src/Auth/Controller/AuthController.php
@@ -75,20 +75,27 @@ public function loginAction()
 				$this->director->set_user_credentials($username, $password);
 
 				if($this->director->auth($username, $password)) {
+
 					$_SESSION['bareos']['director'] = $director;
 					$_SESSION['bareos']['username'] = $username;
 					$_SESSION['bareos']['password'] = $password;
 					$_SESSION['bareos']['authenticated'] = true;
+					$_SESSION['bareos']['idletime'] = time();
+
 					return $this->redirect()->toRoute('dashboard', array('action' => 'index'));
+
 				} else {
+
 					session_destroy();
 					$err_msg = "Sorry, can not authenticate. Wrong username and/or password.";
+
 					return new ViewModel(
 						array(
 							'form' => $form,
 							'err_msg' => $err_msg,
 						)
 					);
+
 				}
 
 			} else {
@@ -120,6 +127,7 @@ public function loginAction()
 	public function logoutAction()
 	{
 		// todo - ask user if he's really wants to log out!
+
 		unset($_SESSION['bareos']);
 		session_destroy();
 		return $this->redirect()->toRoute('auth', array('action' => 'login'));

diff --git a/module/Client/config/module.config.php b/module/Client/config/module.config.php
@@ -1,13 +1,40 @@
 <?php
 
+/**
+ *
+ * bareos-webui - Bareos Web-Frontend
+ *
+ * @link      https://github.com/bareos/bareos-webui for the canonical source repository
+ * @copyright Copyright (c) 2013-2015 Bareos GmbH & Co. KG (http://www.bareos.org/)
+ * @license   GNU Affero General Public License (http://www.gnu.org/licenses/)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
 return array(
 
 	'controllers' => array(
 		'invokables' => array(
 			'Client\Controller\Client' => 'Client\Controller\ClientController',
 		),
 	),
-
+	'controller_plugins' => array(
+                'invokables' => array(
+                        'SessionTimeoutPlugin' => 'Application\Controller\Plugin\SessionTimeoutPlugin',
+                ),
+        ),
 	'router' => array(
 		'routes' => array(
 			'client' => array(
@@ -26,7 +53,6 @@
 						'action' => 'index',
 					),
 				),
-
 			),
 		),
 	),

diff --git a/module/Client/src/Client/Controller/ClientController.php b/module/Client/src/Client/Controller/ClientController.php
@@ -1,5 +1,28 @@
 <?php
 
+/**
+ *
+ * bareos-webui - Bareos Web-Frontend
+ *
+ * @link      https://github.com/bareos/bareos-webui for the canonical source repository
+ * @copyright Copyright (c) 2013-2015 Bareos GmbH & Co. KG (http://www.bareos.org/)
+ * @license   GNU Affero General Public License (http://www.gnu.org/licenses/)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
 namespace Client\Controller;
 
 use Zend\Mvc\Controller\AbstractActionController;
@@ -14,7 +37,7 @@ class ClientController extends AbstractActionController
 
 	public function indexAction()
 	{
-		if($_SESSION['bareos']['authenticated'] == true) {
+		if($_SESSION['bareos']['authenticated'] == true && $this->SessionTimeoutPlugin()->timeout()) {
 				$order_by = $this->params()->fromRoute('order_by') ? $this->params()->fromRoute('order_by') : 'ClientId';
 				$order = $this->params()->fromRoute('order') ? $this->params()->fromRoute('order') : 'DESC';
 				$limit = $this->params()->fromRoute('limit') ? $this->params()->fromRoute('limit') : '25';
@@ -38,7 +61,7 @@ public function indexAction()
 
 	public function detailsAction()
 	{
-		if($_SESSION['bareos']['authenticated'] == true) {
+		if($_SESSION['bareos']['authenticated'] == true && $this->SessionTimeoutPlugin()->timeout()) {
 				$id = (int) $this->params()->fromRoute('id', 0);
 				if(!$id) {
 					return $this->redirect()->toRoute('client');

diff --git a/module/Dashboard/config/module.config.php b/module/Dashboard/config/module.config.php
@@ -3,9 +3,9 @@
 /**
  *
  * bareos-webui - Bareos Web-Frontend
- * 
+ *
  * @link      https://github.com/bareos/bareos-webui for the canonical source repository
- * @copyright Copyright (c) 2013-2014 Bareos GmbH & Co. KG (http://www.bareos.org/)
+ * @copyright Copyright (c) 2013-2015 Bareos GmbH & Co. KG (http://www.bareos.org/)
  * @license   GNU Affero General Public License (http://www.gnu.org/licenses/)
  *
  * This program is free software: you can redistribute it and/or modify
@@ -30,7 +30,11 @@
 			'Dashboard\Controller\Dashboard' => 'Dashboard\Controller\DashboardController',
 		),
 	),
-
+	'controller_plugins' => array(
+		'invokables' => array(
+			'SessionTimeoutPlugin' => 'Application\Controller\Plugin\SessionTimeoutPlugin',
+		),
+	),
 	'router' => array(
 		'routes' => array(
 			'dashboard' => array(
@@ -46,7 +50,6 @@
 						'action' => 'index',
 					),
 				),
-
 			),
 		),
 	),

diff --git a/module/Dashboard/src/Dashboard/Controller/DashboardController.php b/module/Dashboard/src/Dashboard/Controller/DashboardController.php
@@ -35,7 +35,8 @@ class DashboardController extends AbstractActionController
 
 	public function indexAction()
 	{
-		if($_SESSION['bareos']['authenticated'] == true) {
+		if($_SESSION['bareos']['authenticated'] && $this->SessionTimeoutPlugin()->timeout()) {
+
 			return new ViewModel(
 				array(
 					'runningJobs' => $this->getJobTable()->getJobCountLast24HoursByStatus("running"),
@@ -50,7 +51,7 @@ public function indexAction()
 		}
 	}
 
-	public function getJobTable()
+	private function getJobTable()
 	{
 		if(!$this->jobTable)
 		{

diff --git a/module/Director/config/module.config.php b/module/Director/config/module.config.php
@@ -30,7 +30,11 @@
 			'Director\Controller\Director' => 'Director\Controller\DirectorController',
 		),
 	),
-
+	'controller_plugins' => array(
+                'invokables' => array(
+                        'SessionTimeoutPlugin' => 'Application\Controller\Plugin\SessionTimeoutPlugin',
+                ),
+        ),
 	'router' => array(
 		'routes' => array(
 			'director' => array(

diff --git a/module/Director/src/Director/Controller/DirectorController.php b/module/Director/src/Director/Controller/DirectorController.php
@@ -37,7 +37,7 @@ class DirectorController extends AbstractActionController
 
 	public function indexAction()
 	{
-		if($_SESSION['bareos']['authenticated'] == true) {
+		if($_SESSION['bareos']['authenticated'] == true && $this->SessionTimeoutPlugin()->timeout()) {
 				$cmd = "status director";
 				$this->director = $this->getServiceLocator()->get('director');
 				return new ViewModel(array(
@@ -51,7 +51,7 @@ public function indexAction()
 
 	public function messagesAction()
 	{
-		if($_SESSION['bareos']['authenticated'] == true) {
+		if($_SESSION['bareos']['authenticated'] == true && $this->SessionTimeoutPlugin()->timeout()) {
 				$cmd = "messages";
 				$this->director = $this->getServiceLocator()->get('director');
 				return new ViewModel(array(
@@ -65,7 +65,7 @@ public function messagesAction()
 
 	public function scheduleAction()
 	{
-		if($_SESSION['bareos']['authenticated'] == true) {
+		if($_SESSION['bareos']['authenticated'] == true && $this->SessionTimeoutPlugin()->timeout()) {
 				$cmd = "show schedule";
 				$this->director = $this->getServiceLocator()->get('director');
 				return new ViewModel(array(
@@ -79,7 +79,7 @@ public function scheduleAction()
 
 	public function schedulerstatusAction()
 	{
-		if($_SESSION['bareos']['authenticated'] == true) {
+		if($_SESSION['bareos']['authenticated'] == true && $this->SessionTimeoutPlugin()->timeout()) {
 				$cmd = "status scheduler";
 				$this->director = $this->getServiceLocator()->get('director');
 				return new ViewModel(array(
@@ -93,7 +93,7 @@ public function schedulerstatusAction()
 
 	public function versionAction()
 	{
-		if($_SESSION['bareos']['authenticated'] == true) {
+		if($_SESSION['bareos']['authenticated'] == true && $this->SessionTimeoutPlugin()->timeout()) {
 				$cmd = "version";
 				$this->director = $this->getServiceLocator()->get('director');
 				return new ViewModel(array(

diff --git a/module/Fileset/config/module.config.php b/module/Fileset/config/module.config.php
@@ -30,7 +30,11 @@
 			'Fileset\Controller\Fileset' => 'Fileset\Controller\FilesetController',
 		),
 	),
-
+	'controller_plugins' => array(
+                'invokables' => array(
+                        'SessionTimeoutPlugin' => 'Application\Controller\Plugin\SessionTimeoutPlugin',
+                ),
+        ),
 	'router' => array(
 		'routes' => array(
 			'fileset' => array(