Fix revalidate after flow in ACL\Login

After revalidate time was reached, it was never reset because it used the original loginUserId set date. A new column has been added that gets reset every time the user logs in with username and password if a loginUserId is set in the database
2022-06-22 19:38:03 +09:00
parent 0f823bd283
commit 31d0cdb8ad
7 changed files with 58 additions and 35 deletions
--- a/4dev/database/database_create_data.sql
+++ b/4dev/database/database_create_data.sql
@@ -597,6 +597,7 @@ CREATE TABLE edit_user (
 	-- _GET login id for direct login
 	login_user_id	VARCHAR UNIQUE, -- the login uid, at least 32 chars
 	login_user_id_set_date	TIMESTAMP WITHOUT TIME ZONE, -- when above uid was set
+	login_user_id_last_login	TIMESTAMP WITHOUT TIME ZONE, -- when the last login was done with user name and password
 	login_user_id_valid_from	TIMESTAMP WITHOUT TIME ZONE, -- if set, from when the above uid is valid
 	login_user_id_valid_until	TIMESTAMP WITHOUT TIME ZONE, -- if set, until when the above uid is valid
 	login_user_id_revalidate_after	INTERVAL, -- user must login to revalidated login id after set days, 0 for forever
@@ -630,6 +631,7 @@ COMMENT ON COLUMN edit_user.password_reset_time IS 'When the password reset was
 COMMENT ON COLUMN edit_user.password_reset_uid IS 'Password reset page uid, one time, invalid after reset successful or time out';
 COMMENT ON COLUMN edit_user.login_user_id IS 'Min 32 character UID to be used to login without password. Via GET/POST parameter';
 COMMENT ON COLUMN edit_user.login_user_id_set_date IS 'login id was set at what date';
+COMMENT ON COLUMN edit_user.login_user_id_last_login IS 'set when username/password login is done';
 COMMENT ON COLUMN edit_user.login_user_id_valid_from IS 'login id is valid from this date, >=';
 COMMENT ON COLUMN edit_user.login_user_id_valid_until IS 'login id is valid until this date, <=';
 COMMENT ON COLUMN edit_user.login_user_id_revalidate_after IS 'If set to a number greater 0 then user must login after given amount of days to revalidate, set to 0 for valid forver';
--- a/4dev/database/function/edit_user_set_login_user_id_set_date.sql
+++ b/4dev/database/function/edit_user_set_login_user_id_set_date.sql
@@ -15,8 +15,10 @@ BEGIN
 		(OLD.login_user_id IS NULL OR NEW.login_user_id <> OLD.login_user_id)
 	THEN
 		NEW.login_user_id_set_date = NOW();
+		NEW.login_user_id_revalidate_after = NOW();
 	ELSIF NEW.login_user_id IS NULL OR NEW.login_user_id = '' THEN
 		NEW.login_user_id_set_date = NULL;
+		NEW.login_user_id_revalidate_after = NULL;
 	END IF;
 	RETURN NEW;
 END;
--- a/4dev/database/table/edit_user.sql
+++ b/4dev/database/table/edit_user.sql
@@ -57,6 +57,7 @@ CREATE TABLE edit_user (
 	-- _GET login id for direct login
 	login_user_id	VARCHAR UNIQUE, -- the login uid, at least 32 chars
 	login_user_id_set_date	TIMESTAMP WITHOUT TIME ZONE, -- when above uid was set
+	login_user_id_last_login	TIMESTAMP WITHOUT TIME ZONE, -- when the last login was done with user name and password
 	login_user_id_valid_from	TIMESTAMP WITHOUT TIME ZONE, -- if set, from when the above uid is valid
 	login_user_id_valid_until	TIMESTAMP WITHOUT TIME ZONE, -- if set, until when the above uid is valid
 	login_user_id_revalidate_after	INTERVAL, -- user must login to revalidated login id after set days, 0 for forever
@@ -90,6 +91,7 @@ COMMENT ON COLUMN edit_user.password_reset_time IS 'When the password reset was
 COMMENT ON COLUMN edit_user.password_reset_uid IS 'Password reset page uid, one time, invalid after reset successful or time out';
 COMMENT ON COLUMN edit_user.login_user_id IS 'Min 32 character UID to be used to login without password. Via GET/POST parameter';
 COMMENT ON COLUMN edit_user.login_user_id_set_date IS 'login id was set at what date';
+COMMENT ON COLUMN edit_user.login_user_id_last_login IS 'set when username/password login is done';
 COMMENT ON COLUMN edit_user.login_user_id_valid_from IS 'login id is valid from this date, >=';
 COMMENT ON COLUMN edit_user.login_user_id_valid_until IS 'login id is valid until this date, <=';
 COMMENT ON COLUMN edit_user.login_user_id_revalidate_after IS 'If set to a number greater 0 then user must login after given amount of days to revalidate, set to 0 for valid forver';
--- a/4dev/database/update/20220617-edit_user_login_user_id_add.sql
+++ b/4dev/database/update/20220617-edit_user_login_user_id_add.sql
@@ -6,6 +6,7 @@ ALTER TABLE edit_user ADD login_user_id VARCHAR UNIQUE;
 -- ALTER TABLE edit_user ADD CONSTRAINT edit_user_login_user_id_key UNIQUE (login_user_id);
 -- when above uid was set
 ALTER TABLE edit_user ADD login_user_id_set_date TIMESTAMP WITHOUT TIME ZONE;
+ALTER TABLE edit_user ADD login_user_id_last_login TIMESTAMP WITHOUT TIME ZONE;
 -- if set, from/until when the above uid is valid
 ALTER TABLE edit_user ADD login_user_id_valid_from TIMESTAMP WITHOUT TIME ZONE;
 ALTER TABLE edit_user ADD login_user_id_valid_until TIMESTAMP WITHOUT TIME ZONE;
@@ -33,8 +34,10 @@ BEGIN
 		(OLD.login_user_id IS NULL OR NEW.login_user_id <> OLD.login_user_id)
 	THEN
 		NEW.login_user_id_set_date = NOW();
+		NEW.login_user_id_revalidate_after = NOW();
 	ELSIF NEW.login_user_id IS NULL OR NEW.login_user_id = '' THEN
 		NEW.login_user_id_set_date = NULL;
+		NEW.login_user_id_revalidate_after = NULL;
 	END IF;
 	RETURN NEW;
 END;