add remember_me_preference cookie

silinternational · Dec 13, 2024 · 358599b · 358599b
1 parent 8dab752
commit 358599b
Show file tree

Hide file tree

Showing 6 changed files with 36 additions and 4 deletions.
diff --git a/modules/material/themes/material/mfa/prompt-for-mfa-backupcode.twig b/modules/material/themes/material/mfa/prompt-for-mfa-backupcode.twig
@@ -78,7 +78,7 @@
           <span class="mdl-checkbox__label">
               {{ '{mfa:remember_this}'|trans }}
           </span>
-          <input type="checkbox" name="rememberMe" checked class="mdl-checkbox__input">
+          <input type="checkbox" name="rememberMe" {% if rememberMePreference == 'checked' %}checked{% endif %} class="mdl-checkbox__input">
         </label>
       </div>
     </form>

diff --git a/modules/material/themes/material/mfa/prompt-for-mfa-manager.twig b/modules/material/themes/material/mfa/prompt-for-mfa-manager.twig
@@ -78,7 +78,7 @@
           <span class="mdl-checkbox__label">
             {{ '{mfa:remember_this}'|trans }}
           </span>
-          <input type="checkbox" name="rememberMe" checked class="mdl-checkbox__input">
+          <input type="checkbox" name="rememberMe" {% if rememberMePreference == 'checked' %}checked{% endif %} class="mdl-checkbox__input">
         </label>
       </div>
     </form>

diff --git a/modules/material/themes/material/mfa/prompt-for-mfa-totp.twig b/modules/material/themes/material/mfa/prompt-for-mfa-totp.twig
@@ -76,7 +76,7 @@
           <span class="mdl-checkbox__label">
               {{ '{mfa:remember_this}'|trans }}
           </span>
-          <input type="checkbox" name="rememberMe" checked class="mdl-checkbox__input">
+          <input type="checkbox" name="rememberMe" {% if rememberMePreference == 'checked' %}checked{% endif %} class="mdl-checkbox__input">
         </label>
       </div>
     </form>

diff --git a/modules/material/themes/material/mfa/prompt-for-mfa-webauthn.twig b/modules/material/themes/material/mfa/prompt-for-mfa-webauthn.twig
@@ -139,7 +139,7 @@
           <span class="mdl-checkbox__label">
             {{ '{mfa:remember_this}'|trans }}
           </span>
-          <input type="checkbox" name="rememberMe" checked class="mdl-checkbox__input">
+          <input type="checkbox" name="rememberMe" {% if rememberMePreference == 'checked' %}checked{% endif %} class="mdl-checkbox__input">
         </label>
       </div>
     </form>

diff --git a/modules/mfa/public/prompt-for-mfa.php b/modules/mfa/public/prompt-for-mfa.php
@@ -74,6 +74,8 @@
 
     $rememberMe = filter_input(INPUT_POST, 'rememberMe') ?? false;
 
+    Mfa::setRememberMePreferenceCookie($rememberMe);
+
     // NOTE: This will only return if validation fails.
     $errorMessage = Mfa::validateMfaSubmission(
         $mfaId,
@@ -126,6 +128,7 @@
 $t->data['manager_email'] = $state['managerEmail'];
 $t->data['other_options'] = $otherOptions;
 $t->data['idp_name'] = $t->getEntityDisplayName($state['IdPMetadata']);
+$t->data['rememberMePreference'] = filter_input(INPUT_COOKIE, 'remember_me_preference') ?? '';
 $t->send();
 
 $logger->info(json_encode([

diff --git a/modules/mfa/src/Auth/Process/Mfa.php b/modules/mfa/src/Auth/Process/Mfa.php
@@ -495,6 +495,8 @@ public static function validateMfaSubmission(
         // Set remember me cookies if requested
         if ($rememberMe) {
             self::setRememberMeCookies($state['employeeId'], $state['mfaOptions']);
+        } else {
+            self::clearRememberMeCookies();
         }
 
         $logger->warning(json_encode([
@@ -808,6 +810,33 @@ public static function setRememberMeCookies(
         setcookie('c2', $expireDate, $expireDate, '/', null, $secureCookie, true);
     }
 
+    /**
+     * Clear remember_me cookies (c1 and c2)
+     */
+    public static function clearRememberMeCookies(): void
+    {
+        $secureCookie = Env::get('SECURE_COOKIE', true);
+        setcookie('c1', '', time() - 3600, '/', null, $secureCookie, true);
+        setcookie('c2', '', time() - 3600, '/', null, $secureCookie, true);
+    }
+
+    public static function setRememberMePreferenceCookie(bool $rememberMe): void
+    {
+        $secureCookie = Env::get('SECURE_COOKIE', true);
+        setcookie(
+            'remember_me_preference',
+            $rememberMe ? 'checked' : '',
+            [
+                'expires' => $rememberMe ? time() + (86400 * 30) : time() - 3600,
+                'path' => '/',
+                'domain' => null,
+                'secure' => $secureCookie,
+                'httponly' => true,
+                'samesite' => 'Lax'
+            ]
+        );
+    }
+
     protected static function shouldPromptForMfa(array $mfa): bool
     {
         return (strtolower($mfa['prompt']) !== 'no');