Merge pull request #900 from maheini/auto_login

Auto login

Author: mevdschee

README.md

@@ -706,6 +706,7 @@ You can tune the middleware behavior using middleware specific configuration par
 - "dbAuth.passwordFormField": The name of the form field that holds the password ("password")
 - "dbAuth.newPasswordFormField": The name of the form field that holds the new password ("newPassword")
 - "dbAuth.registerUser": JSON user data (or "1") in case you want the /register endpoint enabled ("")
+- "dbAuth.loginAfterRegistration": 1 or zero if registered users should be logged in after registration ("")
 - "dbAuth.passwordLength": Minimum length that the password must have ("12")
 - "dbAuth.sessionName": The name of the PHP session that is started ("")
 - "jwtAuth.mode": Set to "optional" if you want to allow anonymous access ("required")

src/Tqdev/PhpCrudApi/Middleware/DbAuthMiddleware.php

@@ -62,6 +62,7 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
             $passwordLength = $this->getProperty('passwordLength', '12');
             $pkName = $table->getPk()->getName();
             $registerUser = $this->getProperty('registerUser', '');
+            $loginAfterRegistration = $this->getProperty('loginAfterRegistration', '');
             $condition = new ColumnCondition($usernameColumn, 'eq', $username);
             $returnedColumns = $this->getProperty('returnedColumns', '');
             if (!$returnedColumns) {
@@ -90,8 +91,17 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
                 $this->db->createSingle($table, $data);
                 $users = $this->db->selectAll($table, $columnNames, $condition, $columnOrdering, 0, 1);
                 foreach ($users as $user) {
-                    unset($user[$passwordColumnName]);
-                    return $this->responder->success($user);
+                    if($loginAfterRegistration){
+                        if (!headers_sent()) {
+                            session_regenerate_id(true);
+                        }
+                        unset($user[$passwordColumnName]);
+                        $_SESSION['user'] = $user;
+                        return $this->responder->success($user);
+                    } else {
+                        unset($user[$passwordColumnName]);
+                        return $this->responder->success($user);
+                    }
                 }
                 return $this->responder->error(ErrorCode::AUTHENTICATION_FAILED, $username);
             }