Fixes #12568 Since the clearing of the execution context causes another reload. We should not do the redirect_uri handling as this results in redirecting back to the logout page on login. This adds a simple middleware that will just check if the ClearExecutionContext session variable is set. If that is the case it will just redirect back to the login page. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>tags/v16.0.0alpha1
@@ -134,6 +134,9 @@ class LoginController extends Controller { | |||
'core.login.showLoginForm', | |||
['clear' => true] // this param the the code in login.js may be removed when the "Clear-Site-Data" is working in the browsers | |||
)); | |||
$this->session->set('clearingExecutionContexts', '1'); | |||
$this->session->close(); | |||
$response->addHeader('Clear-Site-Data', '"cache", "storage", "executionContexts"'); | |||
return $response; | |||
} | |||
@@ -149,7 +152,6 @@ class LoginController extends Controller { | |||
* @return TemplateResponse|RedirectResponse | |||
*/ | |||
public function showLoginForm(string $user = null, string $redirect_url = null): Http\Response { | |||
if ($this->userSession->isLoggedIn()) { | |||
return new RedirectResponse(OC_Util::getDefaultPageUrl()); | |||
} |
@@ -432,10 +432,12 @@ return array( | |||
'OC\\AppFramework\\Middleware\\Security\\Exceptions\\NotAdminException' => $baseDir . '/lib/private/AppFramework/Middleware/Security/Exceptions/NotAdminException.php', | |||
'OC\\AppFramework\\Middleware\\Security\\Exceptions\\NotConfirmedException' => $baseDir . '/lib/private/AppFramework/Middleware/Security/Exceptions/NotConfirmedException.php', | |||
'OC\\AppFramework\\Middleware\\Security\\Exceptions\\NotLoggedInException' => $baseDir . '/lib/private/AppFramework/Middleware/Security/Exceptions/NotLoggedInException.php', | |||
'OC\\AppFramework\\Middleware\\Security\\Exceptions\\ReloadExecutionException' => $baseDir . '/lib/private/AppFramework/Middleware/Security/Exceptions/ReloadExecutionException.php', | |||
'OC\\AppFramework\\Middleware\\Security\\Exceptions\\SecurityException' => $baseDir . '/lib/private/AppFramework/Middleware/Security/Exceptions/SecurityException.php', | |||
'OC\\AppFramework\\Middleware\\Security\\Exceptions\\StrictCookieMissingException' => $baseDir . '/lib/private/AppFramework/Middleware/Security/Exceptions/StrictCookieMissingException.php', | |||
'OC\\AppFramework\\Middleware\\Security\\PasswordConfirmationMiddleware' => $baseDir . '/lib/private/AppFramework/Middleware/Security/PasswordConfirmationMiddleware.php', | |||
'OC\\AppFramework\\Middleware\\Security\\RateLimitingMiddleware' => $baseDir . '/lib/private/AppFramework/Middleware/Security/RateLimitingMiddleware.php', | |||
'OC\\AppFramework\\Middleware\\Security\\ReloadExecutionMiddleware' => $baseDir . '/lib/private/AppFramework/Middleware/Security/ReloadExecutionMiddleware.php', | |||
'OC\\AppFramework\\Middleware\\Security\\SameSiteCookieMiddleware' => $baseDir . '/lib/private/AppFramework/Middleware/Security/SameSiteCookieMiddleware.php', | |||
'OC\\AppFramework\\Middleware\\Security\\SecurityMiddleware' => $baseDir . '/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php', | |||
'OC\\AppFramework\\Middleware\\SessionMiddleware' => $baseDir . '/lib/private/AppFramework/Middleware/SessionMiddleware.php', |
@@ -462,10 +462,12 @@ class ComposerStaticInit53792487c5a8370acc0b06b1a864ff4c | |||
'OC\\AppFramework\\Middleware\\Security\\Exceptions\\NotAdminException' => __DIR__ . '/../../..' . '/lib/private/AppFramework/Middleware/Security/Exceptions/NotAdminException.php', | |||
'OC\\AppFramework\\Middleware\\Security\\Exceptions\\NotConfirmedException' => __DIR__ . '/../../..' . '/lib/private/AppFramework/Middleware/Security/Exceptions/NotConfirmedException.php', | |||
'OC\\AppFramework\\Middleware\\Security\\Exceptions\\NotLoggedInException' => __DIR__ . '/../../..' . '/lib/private/AppFramework/Middleware/Security/Exceptions/NotLoggedInException.php', | |||
'OC\\AppFramework\\Middleware\\Security\\Exceptions\\ReloadExecutionException' => __DIR__ . '/../../..' . '/lib/private/AppFramework/Middleware/Security/Exceptions/ReloadExecutionException.php', | |||
'OC\\AppFramework\\Middleware\\Security\\Exceptions\\SecurityException' => __DIR__ . '/../../..' . '/lib/private/AppFramework/Middleware/Security/Exceptions/SecurityException.php', | |||
'OC\\AppFramework\\Middleware\\Security\\Exceptions\\StrictCookieMissingException' => __DIR__ . '/../../..' . '/lib/private/AppFramework/Middleware/Security/Exceptions/StrictCookieMissingException.php', | |||
'OC\\AppFramework\\Middleware\\Security\\PasswordConfirmationMiddleware' => __DIR__ . '/../../..' . '/lib/private/AppFramework/Middleware/Security/PasswordConfirmationMiddleware.php', | |||
'OC\\AppFramework\\Middleware\\Security\\RateLimitingMiddleware' => __DIR__ . '/../../..' . '/lib/private/AppFramework/Middleware/Security/RateLimitingMiddleware.php', | |||
'OC\\AppFramework\\Middleware\\Security\\ReloadExecutionMiddleware' => __DIR__ . '/../../..' . '/lib/private/AppFramework/Middleware/Security/ReloadExecutionMiddleware.php', | |||
'OC\\AppFramework\\Middleware\\Security\\SameSiteCookieMiddleware' => __DIR__ . '/../../..' . '/lib/private/AppFramework/Middleware/Security/SameSiteCookieMiddleware.php', | |||
'OC\\AppFramework\\Middleware\\Security\\SecurityMiddleware' => __DIR__ . '/../../..' . '/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php', | |||
'OC\\AppFramework\\Middleware\\SessionMiddleware' => __DIR__ . '/../../..' . '/lib/private/AppFramework/Middleware/SessionMiddleware.php', |
@@ -185,6 +185,10 @@ class DIContainer extends SimpleContainer implements IAppContainer { | |||
$server = $this->getServer(); | |||
$dispatcher = new MiddlewareDispatcher(); | |||
$dispatcher->registerMiddleware( | |||
$c->query(OC\AppFramework\Middleware\Security\ReloadExecutionMiddleware::class) | |||
); | |||
$dispatcher->registerMiddleware( | |||
new OC\AppFramework\Middleware\Security\SameSiteCookieMiddleware( | |||
$c->query(IRequest::class), |
@@ -0,0 +1,29 @@ | |||
<?php | |||
declare(strict_types=1); | |||
/** | |||
* @copyright Copyright (c) 2019, Roeland Jago Douma <roeland@famdouma.nl> | |||
* | |||
* @author Roeland Jago Douma <roeland@famdouma.nl> | |||
* | |||
* @license GNU AGPL version 3 or any later version | |||
* | |||
* This program is free software: you can redistribute it and/or modify | |||
* it under the terms of the GNU Affero General Public License as | |||
* published by the Free Software Foundation, either version 3 of the | |||
* License, or (at your option) any later version. | |||
* | |||
* This program is distributed in the hope that it will be useful, | |||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |||
* GNU Affero General Public License for more details. | |||
* | |||
* You should have received a copy of the GNU Affero General Public License | |||
* along with this program. If not, see <http://www.gnu.org/licenses/>. | |||
* | |||
*/ | |||
namespace OC\AppFramework\Middleware\Security\Exceptions; | |||
class ReloadExecutionException extends SecurityException { | |||
} |
@@ -0,0 +1,68 @@ | |||
<?php | |||
declare(strict_types=1); | |||
/** | |||
* @copyright Copyright (c) 2019, Roeland Jago Douma <roeland@famdouma.nl> | |||
* | |||
* @author Roeland Jago Douma <roeland@famdouma.nl> | |||
* | |||
* @license GNU AGPL version 3 or any later version | |||
* | |||
* This program is free software: you can redistribute it and/or modify | |||
* it under the terms of the GNU Affero General Public License as | |||
* published by the Free Software Foundation, either version 3 of the | |||
* License, or (at your option) any later version. | |||
* | |||
* This program is distributed in the hope that it will be useful, | |||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |||
* GNU Affero General Public License for more details. | |||
* | |||
* You should have received a copy of the GNU Affero General Public License | |||
* along with this program. If not, see <http://www.gnu.org/licenses/>. | |||
* | |||
*/ | |||
namespace OC\AppFramework\Middleware\Security; | |||
use OC\AppFramework\Middleware\Security\Exceptions\ReloadExecutionException; | |||
use OCP\AppFramework\Http\RedirectResponse; | |||
use OCP\AppFramework\Middleware; | |||
use OCP\ISession; | |||
use OCP\IURLGenerator; | |||
/** | |||
* Simple middleware to handle the clearing of the execution context. This will trigger | |||
* a reload but if the session variable is set we properly redirect to the login page. | |||
*/ | |||
class ReloadExecutionMiddleware extends Middleware { | |||
/** @var ISession */ | |||
private $session; | |||
/** @var IURLGenerator */ | |||
private $urlGenerator; | |||
public function __construct(ISession $session, IURLGenerator $urlGenerator) { | |||
$this->session = $session; | |||
$this->urlGenerator = $urlGenerator; | |||
} | |||
public function beforeController($controller, $methodName) { | |||
if ($this->session->exists('clearingExecutionContexts')) { | |||
throw new ReloadExecutionException(); | |||
} | |||
} | |||
public function afterException($controller, $methodName, \Exception $exception) { | |||
if ($exception instanceof ReloadExecutionException) { | |||
$this->session->remove('clearingExecutionContexts'); | |||
return new RedirectResponse($this->urlGenerator->linkToRouteAbsolute( | |||
'core.login.showLoginForm', | |||
['clear' => true] // this param the the code in login.js may be removed when the "Clear-Site-Data" is working in the browsers | |||
)); | |||
} | |||
return parent::afterException($controller, $methodName, $exception); | |||
} | |||
} |