API Make token regeneration optional during autologin session renewal…

… [FIXUP] Co-authored-by: Guy Sartorelli <[email protected]>
Cheddam · Jul 15, 2024 · 30de8ec · 30de8ec
1 parent d88fe81
commit 30de8ec
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 9 deletions.
diff --git a/src/Security/MemberAuthenticator/CookieAuthenticationHandler.php b/src/Security/MemberAuthenticator/CookieAuthenticationHandler.php
@@ -175,7 +175,7 @@ public function authenticateRequest(HTTPRequest $request)
         }
 
         // Renew the token
-        $rememberLoginHash->renew();
+        Deprecation::withNoReplacement(fn() => $rememberLoginHash->renew());
 
         // Send the new token to the client if it was changed
         if ($rememberLoginHash->getToken()) {

diff --git a/src/Security/RememberLoginHash.php b/src/Security/RememberLoginHash.php
@@ -84,12 +84,9 @@ class RememberLoginHash extends DataObject
      * logouts if the new token does not reach the client (e.g. due to a network error).
      *
      * This can be disabled as of CMS 5.3, and renewal will be removed entirely in CMS 6.
-     *
-     * @config
-     *
-     * @var bool
+     * @deprecated 5.3.0 Will be removed without equivalent functionality
      */
-    private static $replace_token_during_session_renewal = true;
+    private static bool $replace_token_during_session_renewal = true;
 
     /**
      * The token used for the hash. Only present during the lifetime of the request
@@ -204,19 +201,20 @@ public static function generate(Member $member)
     /**
      * Generates a new hash for this member but keeps the device ID intact
      *
-     * @deprecated 5.3.0 Token renewal will be removed in 6.0.0
+     * @deprecated 5.3.0 Will be removed without equivalent functionality
      * @return RememberLoginHash
      */
     public function renew()
     {
         // Only regenerate token if configured to do so
+        Deprecation::notice('5.3.0', 'Will be removed without equivalent functionality');
         $replaceToken = RememberLoginHash::config()->get('replace_token_during_session_renewal');
         if ($replaceToken) {
-            $hash       = $this->getNewHash($this->Member());
+            $hash = $this->getNewHash($this->Member());
             $this->Hash = $hash;
         }
 
-        $this->extend('onAfterRenewToken');
+        $this->extend('onAfterRenewToken', $replaceToken);
         $this->write();
 
         return $this;