1.3.3: Allow prevention of concurrent user sessions via the user sett…

…ings.
wintercms · Nov 17, 2016 · 47aab56 · 47aab56
1 parent 3c23aa6
commit 47aab56
Show file tree

Hide file tree

Showing 5 changed files with 15 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -40,6 +40,8 @@ By default a User will sign in to the site using their email address as a unique
 
 If a user experiences too many failed sign in attempts, their account will be temporarily suspended for a period of time. This feature is enabled by default and will suspend an account for 15 minutes after 5 failed sign in attempts, for a given IP address. You may disable this feature by switching **Throttle attempts** to the OFF setting.
 
+As a security precaution, you may restrict users from having sessions across multiple devices at the same time. Enable the **Prevent concurrent sessions** to use this feature. When a user signs in to their account, it will automatically sign out the user for all other sessions.
+
 #### Notifications
 
 When a user is first activated -- either by registration, email confirmation or administrator approval -- they are sent a welcome email. To disable the welcome email, select "Do not send a notification" from the **Welcome mail template** dropdown. The default message template used is `rainlab.user::mail.welcome` and you can customize this by selecting **Mail > Mail Templates** from the settings menu.

diff --git a/models/Settings.php b/models/Settings.php
@@ -24,6 +24,7 @@ public function initSettingsData()
  $this->require_activation = true;
  $this->activate_mode = self::ACTIVATE_AUTO;
  $this->use_throttle = true;
+ $this->block_persistence = false;
  $this->allow_registration = true;
  $this->welcome_template = 'rainlab.user::mail.welcome';
  $this->login_attribute = self::LOGIN_EMAIL;

diff --git a/models/User.php b/models/User.php
@@ -137,7 +137,9 @@ public static function findByEmail($email)
  */
  public function getPersistCode()
  {
- if (!$this->persist_code) {
+ $block = UserSettings::get('block_persistence', false);
+
+ if ($block || !$this->persist_code) {
  return parent::getPersistCode();
  }
 

diff --git a/models/settings/fields.yaml b/models/settings/fields.yaml
@@ -12,6 +12,14 @@ tabs:
  type: switch
  tab: rainlab.user::lang.settings.signin_tab
 
+ # Prevent concurrent sessions
+ block_persistence:
+ span: right
+ label: Prevent concurrent sessions
+ comment: When enabled users cannot sign in to multiple devices at the same time.
+ type: switch
+ tab: rainlab.user::lang.settings.signin_tab
+
  # Login Attribute
  login_attribute:
  span: left

diff --git a/updates/version.yaml b/updates/version.yaml
@@ -56,3 +56,4 @@
  - users_add_superuser_flag.php
 1.3.1: User notification variables can now be extended.
 1.3.2: Minor fix to the Auth::register method.
+1.3.3: Allow prevention of concurrent user sessions via the user settings.