improved login/session handling

Signed-off-by: Andy Miller <rhuk@mac.com>
2025-11-04 20:36:03 +01:00 · 2025-09-15 12:02:55 -06:00
parent 0c593f514f
commit 325764a304
23 changed files with 64282 additions and 68489 deletions
--- a/classes/plugin/Controllers/Login/LoginController.php
+++ b/classes/plugin/Controllers/Login/LoginController.php
@@ -231,6 +231,34 @@ class LoginController extends AdminController
        return $this->createRedirectResponse('/');
    }

+    /**
+     * Return a fresh login nonce and keep anonymous session alive while on the login screen.
+     *
+     * Route: GET /login.json/task:nonce
+     *
+     * @return ResponseInterface
+     */
+    public function taskNonce(): ResponseInterface
+    {
+        // Touch the anonymous session to prevent immediate expiry on the login page.
+        $session = $this->getSession();
+        if (!$session->isStarted()) {
+            $session->start();
+        }
+        $session->__set('admin_login_keepalive', time());
+
+        // Generate a fresh nonce for the login form.
+        $nonce = Admin::getNonce($this->nonce_action);
+
+        return $this->createJsonResponse([
+            'status' => 'success',
+            'message' => null,
+            'nonce_name' => $this->nonce_name,
+            'nonce_action' => $this->nonce_action,
+            'nonce' => $nonce
+        ]);
+    }
+
    /**
     * Handle 2FA verification.
     *