init

joomla_data/plugins/system/remember/remember.xml

@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<extension type="plugin" group="system" method="upgrade">
+	<name>plg_system_remember</name>
+	<author>Joomla! Project</author>
+	<creationDate>2007-04</creationDate>
+	<copyright>(C) 2007 Open Source Matters, Inc.</copyright>
+	<license>GNU General Public License version 2 or later; see LICENSE.txt</license>
+	<authorEmail>admin@joomla.org</authorEmail>
+	<authorUrl>www.joomla.org</authorUrl>
+	<version>3.0.0</version>
+	<description>PLG_REMEMBER_XML_DESCRIPTION</description>
+	<namespace path="src">Joomla\Plugin\System\Remember</namespace>
+	<files>
+		<folder plugin="remember">services</folder>
+		<folder>src</folder>
+	</files>
+	<languages>
+		<language tag="en-GB">language/en-GB/plg_system_remember.ini</language>
+		<language tag="en-GB">language/en-GB/plg_system_remember.sys.ini</language>
+	</languages>
+</extension>

joomla_data/plugins/system/remember/services/provider.php

@@ -0,0 +1,46 @@
+<?php
+
+/**
+ * @package     Joomla.Plugin
+ * @subpackage  System.remember
+ *
+ * @copyright   (C) 2023 Open Source Matters, Inc. <https://www.joomla.org>
+ * @license     GNU General Public License version 2 or later; see LICENSE.txt
+ */
+
+\defined('_JEXEC') or die;
+
+use Joomla\CMS\Extension\PluginInterface;
+use Joomla\CMS\Factory;
+use Joomla\CMS\Plugin\PluginHelper;
+use Joomla\Database\DatabaseInterface;
+use Joomla\DI\Container;
+use Joomla\DI\ServiceProviderInterface;
+use Joomla\Plugin\System\Remember\Extension\Remember;
+
+return new class () implements ServiceProviderInterface {
+    /**
+     * Registers the service provider with a DI container.
+     *
+     * @param   Container  $container  The DI container.
+     *
+     * @return  void
+     *
+     * @since   4.4.0
+     */
+    public function register(Container $container): void
+    {
+        $container->set(
+            PluginInterface::class,
+            $container->lazy(Remember::class, function (Container $container) {
+                $plugin     = new Remember(
+                    (array) PluginHelper::getPlugin('system', 'remember')
+                );
+                $plugin->setApplication(Factory::getApplication());
+                $plugin->setDatabase($container->get(DatabaseInterface::class));
+
+                return $plugin;
+            })
+        );
+    }
+};

joomla_data/plugins/system/remember/src/Extension/Remember.php

@@ -0,0 +1,151 @@
+<?php
+
+/**
+ * @package     Joomla.Plugin
+ * @subpackage  System.remember
+ *
+ * @copyright   (C) 2007 Open Source Matters, Inc. <https://www.joomla.org>
+ * @license     GNU General Public License version 2 or later; see LICENSE.txt
+ */
+
+namespace Joomla\Plugin\System\Remember\Extension;
+
+use Joomla\CMS\Event\Application\AfterInitialiseEvent;
+use Joomla\CMS\Event\User\BeforeSaveEvent;
+use Joomla\CMS\Event\User\LogoutEvent;
+use Joomla\CMS\Log\Log;
+use Joomla\CMS\Plugin\CMSPlugin;
+use Joomla\CMS\Plugin\PluginHelper;
+use Joomla\CMS\User\UserHelper;
+use Joomla\Database\DatabaseAwareTrait;
+use Joomla\Event\SubscriberInterface;
+
+// phpcs:disable PSR1.Files.SideEffects
+\defined('_JEXEC') or die;
+// phpcs:enable PSR1.Files.SideEffects
+
+/**
+ * Joomla! System Remember Me Plugin
+ *
+ * @since  1.5
+ */
+final class Remember extends CMSPlugin implements SubscriberInterface
+{
+    use DatabaseAwareTrait;
+
+    /**
+     * Returns an array of events this subscriber will listen to.
+     *
+     * @return array
+     *
+     * @since   5.3.0
+     */
+    public static function getSubscribedEvents(): array
+    {
+        return [
+            'onAfterInitialise' => 'onAfterInitialise',
+            'onUserLogout'      => 'onUserLogout',
+            'onUserBeforeSave'  => 'onUserBeforeSave',
+        ];
+    }
+
+    /**
+     * Remember me method to run onAfterInitialise
+     * Only purpose is to initialise the login authentication process if a cookie is present
+     *
+     * @param   AfterInitialiseEvent  $event  The event instance.
+     *
+     * @return  void
+     *
+     * @since   1.5
+     *
+     * @throws  \InvalidArgumentException
+     */
+    public function onAfterInitialise(AfterInitialiseEvent $event): void
+    {
+        // No remember me for admin.
+        if (!$this->getApplication()->isClient('site')) {
+            return;
+        }
+
+        $app = $this->getApplication();
+
+        // Check for a cookie if user is not logged in
+        if ($app->getIdentity()->guest) {
+            $cookieName = 'joomla_remember_me_' . UserHelper::getShortHashedUserAgent();
+
+            // Check for the cookie
+            if ($app->getInput()->cookie->get($cookieName)) {
+                $app->login(['username' => ''], ['silent' => true]);
+            }
+        }
+    }
+
+    /**
+     * Imports the authentication plugin on user logout to make sure that the cookie is destroyed.
+     *
+     * @param   LogoutEvent $event  The event instance.
+     *
+     * @return  void
+     */
+    public function onUserLogout(LogoutEvent $event): void
+    {
+        // No remember me for admin
+        if (!$this->getApplication()->isClient('site')) {
+            return;
+        }
+
+        $cookieName = 'joomla_remember_me_' . UserHelper::getShortHashedUserAgent();
+
+        // Check for the cookie
+        if ($this->getApplication()->getInput()->cookie->get($cookieName)) {
+            // Make sure authentication group is loaded to process onUserAfterLogout event
+            PluginHelper::importPlugin('authentication');
+        }
+    }
+
+    /**
+     * Method is called before user data is stored in the database
+     * Invalidate all existing remember-me cookies after a password change
+     *
+     * @param   BeforeSaveEvent $event  The event instance.
+     *
+     * @return  boolean
+     *
+     * @since   3.8.6
+     */
+    public function onUserBeforeSave(BeforeSaveEvent $event): void
+    {
+        $user  = $event->getUser();
+        $isnew = $event->getIsNew();
+        $data  = $event->getData();
+
+        // Irrelevant on new users
+        if ($isnew) {
+            return;
+        }
+
+        // Irrelevant, because password was not changed by user
+        if (empty($data['password_clear'])) {
+            return;
+        }
+
+        // But now, we need to do something - Delete all tokens for this user!
+        $db    = $this->getDatabase();
+        $query = $db->createQuery()
+            ->delete($db->quoteName('#__user_keys'))
+            ->where($db->quoteName('user_id') . ' = :userid')
+            ->bind(':userid', $user['username']);
+
+        try {
+            $db->setQuery($query)->execute();
+        } catch (\RuntimeException $e) {
+            // Log an alert for the site admin
+            Log::add(
+                \sprintf('Failed to delete cookie token for user %s with the following error: %s', $user['username'], $e->getMessage()),
+                Log::WARNING,
+                'security'
+            );
+        }
+    }
+}