feat(auth): add microsoft auto-remember policy with tenant override and configurable remember TTL
This commit is contained in:
@@ -28,6 +28,8 @@ $userInactivityDeactivateDays = (int) ($values['user_inactivity_deactivate_days'
|
||||
$userInactivityDeleteDays = (int) ($values['user_inactivity_delete_days'] ?? 365);
|
||||
$sessionIdleTimeoutMinutes = (int) ($values['session_idle_timeout_minutes'] ?? 30);
|
||||
$sessionAbsoluteTimeoutHours = (int) ($values['session_absolute_timeout_hours'] ?? 8);
|
||||
$microsoftAutoRememberDefault = !empty($values['microsoft_auto_remember_default']);
|
||||
$rememberTokenLifetimeDays = (int) ($values['remember_token_lifetime_days'] ?? 30);
|
||||
$apiCorsAllowedOrigins = (string) ($values['api_cors_allowed_origins'] ?? '');
|
||||
$systemAuditEnabled = !empty($values['system_audit_enabled']);
|
||||
$systemAuditRetentionDays = (int) ($values['system_audit_retention_days'] ?? 365);
|
||||
@@ -74,6 +76,8 @@ $userInactivityDeactivateDaysDesc = $settings['user_inactivity_deactivate_days']
|
||||
$userInactivityDeleteDaysDesc = $settings['user_inactivity_delete_days']['description'] ?? 'setting.user_inactivity_delete_days';
|
||||
$sessionIdleTimeoutMinutesDesc = $settings['session_idle_timeout_minutes']['description'] ?? 'setting.session_idle_timeout_minutes';
|
||||
$sessionAbsoluteTimeoutHoursDesc = $settings['session_absolute_timeout_hours']['description'] ?? 'setting.session_absolute_timeout_hours';
|
||||
$microsoftAutoRememberDefaultDesc = $settings['microsoft_auto_remember_default']['description'] ?? 'setting.microsoft_auto_remember_default';
|
||||
$rememberTokenLifetimeDaysDesc = $settings['remember_token_lifetime_days']['description'] ?? 'setting.remember_token_lifetime_days';
|
||||
$apiCorsAllowedOriginsDesc = $settings['api_cors_allowed_origins']['description'] ?? 'setting.api_cors_allowed_origins';
|
||||
$systemAuditEnabledDesc = $settings['system_audit_enabled']['description'] ?? 'setting.system_audit_enabled';
|
||||
$systemAuditRetentionDaysDesc = $settings['system_audit_retention_days']['description'] ?? 'setting.system_audit_retention_days';
|
||||
@@ -379,6 +383,42 @@ $disabledAttr = $isReadOnly ? 'disabled' : '';
|
||||
</div>
|
||||
</div>
|
||||
</details>
|
||||
|
||||
<details class="app-details-card" name="settings-security-login-persistence" data-details-key="settings-security-login-persistence">
|
||||
<summary>
|
||||
<span class="app-details-card-summary-title"><?php e(t('Login persistence')); ?></span>
|
||||
<span class="app-details-card-summary-meta">
|
||||
<span class="badge" data-variant="neutral"><?php e((string) $rememberTokenLifetimeDays); ?></span>
|
||||
</span>
|
||||
</summary>
|
||||
<div class="app-details-card-container">
|
||||
<blockquote data-variant="info">
|
||||
<small><?php e(t('Controls remember-me token lifetime and Microsoft auto-remember behavior.')); ?></small>
|
||||
</blockquote>
|
||||
<div class="grid">
|
||||
<label class="app-field">
|
||||
<span><?php e(t('Remember token lifetime (days)')); ?></span>
|
||||
<input type="number" name="remember_token_lifetime_days"
|
||||
value="<?php e((string) $rememberTokenLifetimeDays); ?>" min="1" max="365" step="1"
|
||||
<?php e($readonlyAttr); ?>>
|
||||
<small><?php e(t($rememberTokenLifetimeDaysDesc)); ?></small>
|
||||
<small class="muted"><?php e(t('Allowed range: 1-365 days (default: 30)')); ?></small>
|
||||
</label>
|
||||
<fieldset>
|
||||
<legend>
|
||||
<small><?php e(t($microsoftAutoRememberDefaultDesc)); ?></small>
|
||||
</legend>
|
||||
<label class="app-field">
|
||||
<input type="checkbox" name="microsoft_auto_remember_default" value="1"
|
||||
<?php e($microsoftAutoRememberDefault ? 'checked' : ''); ?>
|
||||
<?php e($disabledAttr); ?>>
|
||||
<span><?php e(t('Microsoft Auto-Remember default')); ?></span>
|
||||
</label>
|
||||
<small class="muted"><?php e(t('When enabled, successful Microsoft logins automatically persist a remember-me token (unless overridden per tenant).')); ?></small>
|
||||
</fieldset>
|
||||
</div>
|
||||
</div>
|
||||
</details>
|
||||
<details class="app-details-card" name="settings-security-user-lifecycle" data-details-key="settings-security-user-lifecycle">
|
||||
<summary>
|
||||
<span class="app-details-card-summary-title"><?php e(t('User lifecycle policy')); ?></span>
|
||||
|
||||
@@ -482,6 +482,19 @@ $ssoSyncNeedsGraph = !empty($ssoUiState['sync_needs_graph']);
|
||||
</label>
|
||||
</fieldset>
|
||||
|
||||
<fieldset data-tenant-sso-when-enabled>
|
||||
<legend><small><?php e(t('Login persistence')); ?></small></legend>
|
||||
<label class="app-field">
|
||||
<span><?php e(t('Microsoft Auto-Remember')); ?></span>
|
||||
<select name="microsoft_auto_remember_mode" <?php e($readonlyAttr); ?>>
|
||||
<option value="inherit" <?php if (($form['auto_remember_mode'] ?? null) === null) echo 'selected'; ?>><?php e(t('Inherit global default')); ?></option>
|
||||
<option value="1" <?php if (($form['auto_remember_mode'] ?? null) === 1 || ($form['auto_remember_mode'] ?? null) === '1') echo 'selected'; ?>><?php e(t('Force on')); ?></option>
|
||||
<option value="0" <?php if (($form['auto_remember_mode'] ?? null) === 0 || ($form['auto_remember_mode'] ?? null) === '0') echo 'selected'; ?>><?php e(t('Force off')); ?></option>
|
||||
</select>
|
||||
<small class="muted"><?php e(t('Controls whether Microsoft logins automatically persist a remember-me token.')); ?></small>
|
||||
</label>
|
||||
</fieldset>
|
||||
|
||||
<fieldset data-tenant-sso-when-enabled>
|
||||
<legend><small><?php e(t('Profile sync (optional)')); ?></small></legend>
|
||||
<label class="app-field">
|
||||
|
||||
@@ -92,6 +92,7 @@ if ($request->hasBody('description')) {
|
||||
'allowed_domains' => trim((string) ($post['allowed_domains'] ?? '')),
|
||||
'use_shared_app' => !empty($post['use_shared_app']) ? '1' : '0',
|
||||
'client_id_override' => trim((string) ($post['client_id_override'] ?? '')),
|
||||
'auto_remember_mode' => $post['microsoft_auto_remember_mode'] ?? null,
|
||||
]);
|
||||
$ssoUiState = $tenantSsoService->buildMicrosoftUiState(0, $post);
|
||||
}
|
||||
|
||||
@@ -167,6 +167,7 @@ if ($request->hasBody('description')) {
|
||||
'allowed_domains' => trim((string) ($post['allowed_domains'] ?? '')),
|
||||
'use_shared_app' => !empty($post['use_shared_app']) ? '1' : '0',
|
||||
'client_id_override' => trim((string) ($post['client_id_override'] ?? '')),
|
||||
'auto_remember_mode' => $post['microsoft_auto_remember_mode'] ?? null,
|
||||
]);
|
||||
$ssoUiState = $tenantSsoService->buildMicrosoftUiState($tenantId, $post);
|
||||
}
|
||||
|
||||
@@ -61,4 +61,9 @@ if (!($loginResult['ok'] ?? false)) {
|
||||
$sessionStore = app(SessionStoreInterface::class);
|
||||
$sessionStore->set('session_started_at', time());
|
||||
$sessionStore->set('session_last_activity', time());
|
||||
|
||||
if ($tenantSsoService->shouldAutoRememberOnMicrosoftLogin($tenantId)) {
|
||||
$authServicesFactory->createRememberMeService()->rememberUser($userId);
|
||||
}
|
||||
|
||||
Router::redirect('admin');
|
||||
|
||||
Reference in New Issue
Block a user