From 3f14e7772585be0a6ec4de5bc5bf915a7da118cb Mon Sep 17 00:00:00 2001
From: Anthony Stirling <77850077+Frooodle@users.noreply.github.com.>
Date: Tue, 5 Nov 2024 14:22:55 +0000
Subject: [PATCH] fix remmeber me

---
 .../SPDF/config/security/SecurityConfiguration.java  | 10 +++++++---
 .../SPDF/repository/JPATokenRepositoryImpl.java      | 12 ++++++++----
 .../SPDF/repository/PersistentLoginRepository.java   |  4 +++-
 src/main/resources/templates/login.html              |  4 ++--
 4 files changed, 20 insertions(+), 10 deletions(-)

diff --git a/src/main/java/stirling/software/SPDF/config/security/SecurityConfiguration.java b/src/main/java/stirling/software/SPDF/config/security/SecurityConfiguration.java
index 8156e8d6a..1b7d37d61 100644
--- a/src/main/java/stirling/software/SPDF/config/security/SecurityConfiguration.java
+++ b/src/main/java/stirling/software/SPDF/config/security/SecurityConfiguration.java
@@ -156,10 +156,14 @@ public class SecurityConfiguration {
             http.rememberMe(
                     rememberMeConfigurer ->
                             rememberMeConfigurer // Use the configurator directly
-                                    .key("uniqueAndSecret")
                                     .tokenRepository(persistentTokenRepository())
-                                    .tokenValiditySeconds(1209600) // 2 weeks
-                    );
+                                    .tokenValiditySeconds(14 * 24 * 60 * 60) // 14 days
+                                    .userDetailsService(
+                                            userDetailsService) // Your existing UserDetailsService
+                                    .useSecureCookie(true) // Enable secure cookie
+                                    .rememberMeParameter("remember-me") // Form parameter name
+                                    .rememberMeCookieName("remember-me") // Cookie name
+                                    .alwaysRemember(false));
             http.authorizeHttpRequests(
                     authz ->
                             authz.requestMatchers(
diff --git a/src/main/java/stirling/software/SPDF/repository/JPATokenRepositoryImpl.java b/src/main/java/stirling/software/SPDF/repository/JPATokenRepositoryImpl.java
index a901d3c38..447627a4a 100644
--- a/src/main/java/stirling/software/SPDF/repository/JPATokenRepositoryImpl.java
+++ b/src/main/java/stirling/software/SPDF/repository/JPATokenRepositoryImpl.java
@@ -5,6 +5,7 @@ import java.util.Date;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.web.authentication.rememberme.PersistentRememberMeToken;
 import org.springframework.security.web.authentication.rememberme.PersistentTokenRepository;
+import org.springframework.transaction.annotation.Transactional;
 
 import stirling.software.SPDF.model.PersistentLogin;
 
@@ -13,6 +14,7 @@ public class JPATokenRepositoryImpl implements PersistentTokenRepository {
     @Autowired private PersistentLoginRepository persistentLoginRepository;
 
     @Override
+    @Transactional
     public void createNewToken(PersistentRememberMeToken token) {
         PersistentLogin newToken = new PersistentLogin();
         newToken.setSeries(token.getSeries());
@@ -23,6 +25,7 @@ public class JPATokenRepositoryImpl implements PersistentTokenRepository {
     }
 
     @Override
+    @Transactional
     public void updateToken(String series, String tokenValue, Date lastUsed) {
         PersistentLogin existingToken = persistentLoginRepository.findById(series).orElse(null);
         if (existingToken != null) {
@@ -43,11 +46,12 @@ public class JPATokenRepositoryImpl implements PersistentTokenRepository {
     }
 
     @Override
+    @Transactional
     public void removeUserTokens(String username) {
-        for (PersistentLogin token : persistentLoginRepository.findAll()) {
-            if (token.getUsername().equals(username)) {
-                persistentLoginRepository.delete(token);
-            }
+        try {
+            // Use either deleteByUsername or deleteAllUserTokens
+            persistentLoginRepository.deleteByUsername(username);
+        } catch (Exception e) {
         }
     }
 }
diff --git a/src/main/java/stirling/software/SPDF/repository/PersistentLoginRepository.java b/src/main/java/stirling/software/SPDF/repository/PersistentLoginRepository.java
index 92d7bb81d..e8ef19ce2 100644
--- a/src/main/java/stirling/software/SPDF/repository/PersistentLoginRepository.java
+++ b/src/main/java/stirling/software/SPDF/repository/PersistentLoginRepository.java
@@ -6,4 +6,6 @@ import org.springframework.stereotype.Repository;
 import stirling.software.SPDF.model.PersistentLogin;
 
 @Repository
-public interface PersistentLoginRepository extends JpaRepository<PersistentLogin, String> {}
+public interface PersistentLoginRepository extends JpaRepository<PersistentLogin, String> {
+    void deleteByUsername(String username);
+}
diff --git a/src/main/resources/templates/login.html b/src/main/resources/templates/login.html
index 68e9ec6ea..b6959d99f 100644
--- a/src/main/resources/templates/login.html
+++ b/src/main/resources/templates/login.html
@@ -146,8 +146,8 @@
           </div>
 
           <div class="form-check m-2 mb-3">
-            <input type="checkbox" id="remember" value="remember-me">
-            <label for="remember" th:text="#{login.rememberme}"></label>
+            <input type="checkbox" name="remember-me" id="remember-me">
+            <label for="remember-me" th:text="#{login.rememberme}"></label>
           </div>
           <button class="w-100 btn btn-lg btn-primary" type="submit" th:text="#{login.signin}">Sign in</button>
         </form>