search

psecio / gatekeeper

Gatekeeper: An Authentication & Authorization Library
366 stars 23 forks source link

Logging in and remembering work suspiciously #29

Open Ser5 opened 8 years ago

Ser5 commented 8 years ago

I tried to run this code:

use \Psecio\Gatekeeper\Gatekeeper;
Gatekeeper::disableThrottle();
$r = Gatekeeper::authenticate(array('username' => 'blah', 'password' => 'meh'), true);
echo '<pre>';
var_dump($r, Gatekeeper::checkRememberMe());
echo '</pre>';

which gave me true, false. Umm, that means that user is authenticated successfully but not. I tried to investigate and inside Gatekeeper::authenticate() found this line:

if (self::$throttleStatus === true && $result === true) {

Which, if I understood correctly, means that "remember me" works only when throttling is enabled... eh... Looks like if I remove self::$throttleStatus === true remembering does work - but recalling still doesn't.

Digging further inside RememberMe::setup() I found this:

        if ($userToken->id !== null || $this->isExpired($userToken)) {
            return false;
        }

$userToken->id !== null condition triggers and the false is returned. I don't understand this logic and cannot suggest anything more. I don't think it works as intended, though... are these bugs?

enygma commented 8 years ago

Sounds like it, yes....I'd have to spend some time tracking back through them to be sure though.