Merge pull request #2911 from bolt/make-remember-me-configurable

Enable 'Remember me' by default, and make duration configurable

Author: I-Valchev

config/packages/security.yaml

@@ -38,7 +38,7 @@ security:
 
             remember_me:
                 secret: '%kernel.secret%'
-                lifetime: 2592000
+                lifetime: '%bolt.remember_lifetime%'
                 remember_me_parameter: login[remember_me]
 
     access_control:

config/services.yaml

@@ -12,6 +12,7 @@ parameters:
     #        default: bolt_
     #        foo_manager: foo_
     bolt.backend_url: /bolt
+    bolt.remember_lifetime: 2592000 # 30 days in seconds
 
 services:
     # default configuration for services in *this* file
@@ -28,6 +29,8 @@ services:
             $projectDir: '%kernel.project_dir%'
             $publicFolder: '%bolt.public_folder%'
             $tablePrefix: '%bolt.table_prefix%'
+            $rememberLifetime: '%bolt.remember_lifetime%'
+            
     _instanceof:
         Bolt\Menu\ExtensionBackendMenuInterface:
             tags: [ 'bolt.extension_backend_menu' ]

src/Form/LoginType.php

@@ -1,77 +1,96 @@
 <?php
 
-    declare(strict_types=1);
+declare(strict_types=1);
 
 namespace Bolt\Form;
 
-    use Bolt\Form\FieldTypes\PasswordWithPreviewType;
-    use Symfony\Component\Form\AbstractType;
-    use Symfony\Component\Form\Extension\Core\Type\CheckboxType;
-    use Symfony\Component\Form\Extension\Core\Type\TextType;
-    use Symfony\Component\Form\FormBuilderInterface;
-    use Symfony\Component\OptionsResolver\OptionsResolver;
-    use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
-    use Symfony\Component\Validator\Constraints\NotBlank;
-    use Symfony\Contracts\Translation\TranslatorInterface;
+use Bolt\Form\FieldTypes\PasswordWithPreviewType;
+use Symfony\Component\Form\AbstractType;
+use Symfony\Component\Form\Extension\Core\Type\CheckboxType;
+use Symfony\Component\Form\Extension\Core\Type\HiddenType;
+use Symfony\Component\Form\Extension\Core\Type\TextType;
+use Symfony\Component\Form\FormBuilderInterface;
+use Symfony\Component\OptionsResolver\OptionsResolver;
+use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
+use Symfony\Component\Validator\Constraints\NotBlank;
+use Symfony\Contracts\Translation\TranslatorInterface;
 
-    class LoginType extends AbstractType
-    {
-        /** @var AuthenticationUtils */
-        private $authenticationUtils;
+class LoginType extends AbstractType
+{
+    /** @var AuthenticationUtils */
+    private $authenticationUtils;
 
-        /** @var TranslatorInterface */
-        private $translator;
+    /** @var TranslatorInterface */
+    private $translator;
 
-        public function __construct(AuthenticationUtils $authenticationUtils, TranslatorInterface $translator)
-        {
-            $this->authenticationUtils = $authenticationUtils;
-            $this->translator = $translator;
-        }
+    /** @var int */
+    private $rememberLifetime;
 
-        public function buildForm(FormBuilderInterface $builder, array $options): void
-        {
-            $builder
-                ->add('username', TextType::class, [
-                    'label' => 'label.username_or_email',
-                    'constraints' => [
-                        new NotBlank([
-                            'message' => $this->translator->trans('form.empty_username_email'),
-                        ]),
-                    ],
-                    'attr' => [
-                        'placeholder' => 'placeholder.username_or_email',
-                    ],
-                    'data' => $this->authenticationUtils->getLastUsername(),
-                ])
-                ->add('password', PasswordWithPreviewType::class, [
-                    'label' => 'label.password',
-                    'constraints' => [
-                        new NotBlank([
-                            'message' => $this->translator->trans('form.empty_password'),
-                        ]),
-                    ],
-                    // do not show the * red star
-                    'required' => false,
-                    'attr' => [
-                        'placeholder' => 'placeholder.password',
-                    ],
-                ])->add('remember_me', CheckboxType::class, [
-                    'label' => 'label.rememberme',
-                    'required' => false,
-                ]);
-        }
+    public function __construct(AuthenticationUtils $authenticationUtils, TranslatorInterface $translator, int $rememberLifetime = 2592000)
+    {
+        $this->authenticationUtils = $authenticationUtils;
+        $this->translator = $translator;
+
+        // Defaults to 2592000, 30 days in seconds
+        $this->rememberLifetime = $rememberLifetime;
+    }
 
-        // https://symfony.com/doc/current/security/csrf.html#csrf-protection-in-symfony-forms
-        public function configureOptions(OptionsResolver $resolver): void
-        {
-            $resolver->setDefaults([
-                // enable/disable CSRF protection for this form
-                'csrf_protection' => true,
-                // the name of the hidden HTML field that stores the token
-                'csrf_field_name' => '_token',
-                // an arbitrary string used to generate the value of the token
-                // using a different string for each form improves its security
-                'csrf_token_id' => 'login_csrf_token',
+    public function buildForm(FormBuilderInterface $builder, array $options): void
+    {
+        $builder
+            ->add('username', TextType::class, [
+                'label' => 'label.username_or_email',
+                'constraints' => [
+                    new NotBlank([
+                        'message' => $this->translator->trans('form.empty_username_email'),
+                    ]),
+                ],
+                'attr' => [
+                    'placeholder' => 'placeholder.username_or_email',
+                ],
+                'data' => $this->authenticationUtils->getLastUsername(),
+            ])
+            ->add('password', PasswordWithPreviewType::class, [
+                'label' => 'label.password',
+                'constraints' => [
+                    new NotBlank([
+                        'message' => $this->translator->trans('form.empty_password'),
+                    ]),
+                ],
+                // do not show the * red star
+                'required' => false,
+                'attr' => [
+                    'placeholder' => 'placeholder.password',
+                ],
+            ]);
+
+        if ($this->rememberLifetime > 0) {
+            $builder->add('remember_me', CheckboxType::class, [
+                'label' => 'label.remembermeduration',
+                'label_translation_parameters' => [
+                    '%duration%' => 0 + sprintf('%0.1f', $this->rememberLifetime / 3600 / 24),
+                ],
+                'required' => false,
+                'attr' => [
+                    'checked' => 'checked',
+                ],
             ]);
+        } else {
+            $builder->add('remember_me', HiddenType::class);
         }
     }
+
+    // https://symfony.com/doc/current/security/csrf.html#csrf-protection-in-symfony-forms
+    public function configureOptions(OptionsResolver $resolver): void
+    {
+        $resolver->setDefaults([
+            // enable/disable CSRF protection for this form
+            'csrf_protection' => true,
+            // the name of the hidden HTML field that stores the token
+            'csrf_field_name' => '_token',
+            // an arbitrary string used to generate the value of the token
+            // using a different string for each form improves its security
+            'csrf_token_id' => 'login_csrf_token',
+        ]);
+    }
+}

translations/messages.en.xlf

@@ -2673,5 +2673,11 @@
         <target>Select all</target>
       </segment>
     </unit>
+    <unit id="2hoKa1k" name="label.remembermeduration">
+      <segment>
+        <source>label.remembermeduration</source>
+        <target>Remember me? (%duration% days)</target>
+      </segment>
+    </unit>
   </file>
 </xliff>

translations/messages.nl.xlf

@@ -181,13 +181,13 @@
         <target>Copyright</target>
       </segment>
     </unit>
-    <unit id="IaF1MjB" name="label.rememberme">
+    <unit id="IaF1MjB" name="label.remembermeduration">
       <notes>
         <note>templates/security/login.twig:80</note>
       </notes>
       <segment>
-        <source>label.rememberme</source>
-        <target>Onthoud me?</target>
+        <source>label.remembermeduration</source>
+        <target>Onthoud me? (%duration% dagen)</target>
       </segment>
     </unit>
     <unit id="k.JymqB" name="about.visit_bolt">