Session and ACL Login Class update

Session:
regenerate session id after some time or random.
Default is 'never', can be 'interval' form 0 to 1h and random from always to 1 in 100
Session also checks that strict session settings are enabled

Login class:
Automatic re-read of acl settings after some time (default 5min, can be chnaged via option).
Default set strict headers, can be turned off via option
Moved various parts into their own methods and cleaned up double call logic.
Login is now recorded in the last login entry
no more debug flags are read from the database anymore
All options are set via array and not with a single option (was auto login)

4dev/database/table/edit_user.sql

@@ -37,6 +37,8 @@ CREATE TABLE edit_user (
     protected SMALLINT NOT NULL DEFAULT 0,
     -- is admin user
     admin SMALLINT NOT NULL DEFAULT 0,
+    -- force lgout counter
+    force_logout INT DEFAULT 0,
     -- last login log
     last_login TIMESTAMP WITHOUT TIME ZONE,
     -- login error
@@ -74,6 +76,7 @@ COMMENT ON COLUMN edit_user.strict IS 'If too many failed logins user will be lo
 COMMENT ON COLUMN edit_user.locked IS 'Locked from too many wrong password logins';
 COMMENT ON COLUMN edit_user.protected IS 'User can only be chnaged by admin user';
 COMMENT ON COLUMN edit_user.admin IS 'If set, this user is SUPER admin';
+COMMENT ON COLUMN edit_user.force_logout IS 'Counter for forced log out, if this one is higher than the session set one the session gets terminated';
 COMMENT ON COLUMN edit_user.last_login IS 'Last succesfull login tiemstamp';
 COMMENT ON COLUMN edit_user.login_error_count IS 'Number of failed logins, reset on successful login';
 COMMENT ON COLUMN edit_user.login_error_date_last IS 'Last login error date';

4dev/tests/ACL/CoreLibsACLLoginTest.php

@@ -1185,7 +1185,6 @@ final class CoreLibsACLLoginTest extends TestCase
 		foreach ($session as $session_var => $session_value) {
 			$_SESSION[$session_var] = $session_value;
 		}
-
 		/** @var \CoreLibs\ACL\Login&MockObject */
 		$login_mock = $this->getMockBuilder(\CoreLibs\ACL\Login::class)
 			->setConstructorArgs([
@@ -1204,7 +1203,7 @@ final class CoreLibsACLLoginTest extends TestCase
 						. 'locale' . DIRECTORY_SEPARATOR,
 				]
 			])
-			->onlyMethods(['loginTerminate', 'loginReadPageName', 'loginPrintLogin'])
+			->onlyMethods(['loginTerminate', 'loginReadPageName', 'loginPrintLogin', 'loginEnhanceHttpSecurity'])
 			->getMock();
 		$login_mock->expects($this->any())
 			->method('loginTerminate')
@@ -1222,6 +1221,10 @@ final class CoreLibsACLLoginTest extends TestCase
 			->method('loginPrintLogin')
 			->willReturnCallback(function () {
 			});
+		$login_mock->expects($this->any())
+			->method('loginEnhanceHttpSecurity')
+			->willReturnCallback(function () {
+			});
 
 		// if mock_settings: enabled OFF
 		// run DB update and set off

4dev/tests/ACL/database/CoreLibsACLLogin_database_create_data.sql

@@ -581,6 +581,8 @@ CREATE TABLE edit_user (
     protected SMALLINT NOT NULL DEFAULT 0,
     -- is admin user
     admin SMALLINT NOT NULL DEFAULT 0,
+    -- forced logout counter
+    force_logout INT DEFAULT 0,
     -- last login log
     last_login TIMESTAMP WITHOUT TIME ZONE,
     -- login error
@@ -697,6 +699,7 @@ CREATE TABLE edit_log (
     action_value VARCHAR, -- in action_data
     action_type VARCHAR, -- in action_data
     action_error VARCHAR -- in action_data
+) INHERITS (edit_generic) WITHOUT OIDS;
 -- END: table/edit_log.sql
 -- START: table/edit_log_overflow.sql
 -- AUTHOR: Clemens Schwaighofer

4dev/tests/Create/CoreLibsCreateSessionTest.php

@@ -54,7 +54,9 @@ final class CoreLibsCreateSessionTest extends TestCase
 					'getSessionId' => '1234abcd4567'
 				],
 				'sessionNameGlobals',
-				false,
+				[
+					'auto_write_close' => false,
+				],
 			],
 			'auto write close' => [
 				'sessionNameAutoWriteClose',
@@ -66,7 +68,9 @@ final class CoreLibsCreateSessionTest extends TestCase
 					'getSessionId' => '1234abcd4567'
 				],
 				'sessionNameAutoWriteClose',
-				true,
+				[
+					'auto_write_close' => true,
+				],
 			],
 		];
 	}
@@ -81,13 +85,14 @@ final class CoreLibsCreateSessionTest extends TestCase
 	 * @param string $input
 	 * @param array<mixed> $mock_data
 	 * @param string $expected
+	 * @param array<string,mixed> $options
 	 * @return void
 	 */
 	public function testStartSession(
 		string $input,
 		array $mock_data,
 		string $expected,
-		?bool $auto_write_close,
+		?array $options,
 	): void {
 		/** @var \CoreLibs\Create\Session&MockObject $session_mock */
 		$session_mock = $this->createPartialMock(
@@ -174,9 +179,14 @@ final class CoreLibsCreateSessionTest extends TestCase
 				4,
 				'/^\[SESSION\] Failed to activate session/'
 			],
+			'expired session' => [
+				\RuntimeException::class,
+				5,
+				'/^\[SESSION\] Expired session found/'
+			],
 			'not a valid session id returned' => [
 				\UnexpectedValueException::class,
-				5,
+				6,
 				'/^\[SESSION\] getSessionId did not return a session id/'
 			], */
 		];
@@ -206,7 +216,8 @@ final class CoreLibsCreateSessionTest extends TestCase
 		$this->expectException($exception);
 		$this->expectExceptionCode($exception_code);
 		$this->expectExceptionMessageMatches($expected_error);
-		new \CoreLibs\Create\Session($session_name);
+		// cannot set ini after header sent, plus we are on command line there are no headers
+		new \CoreLibs\Create\Session($session_name, ['session_strict' => false]);
 	}
 
 	/**

4dev/update/20241203_update_edit_tables/edit_tables_cuid_cuuid_update_add.sql

@@ -7,6 +7,10 @@ ALTER TABLE edit_log ADD http_data JSONB;
 ALTER TABLE edit_log ADD ip_address JSONB;
 ALTER TABLE edit_log ADD action_data JSONB;
 ALTER TABLE edit_log ADD request_scheme VARCHAR;
+ALTER TABLE edit_user ADD force_logout INT DEFAULT 0;
+COMMENT ON COLUMN edit_user.force_logout IS 'Counter for forced log out, if this one is higher than the session set one the session gets terminated';
+ALTER TABLE edit_user ADD last_login TIMESTAMP WITHOUT TIME ZONE;
+COMMENT ON COLUMN edit_user.last_login IS 'Last succesfull login tiemstamp';
 
 -- update set_edit_gneric
 -- adds the created or updated date tags