mirror of
https://github.com/nextcloud/server.git
synced 2024-08-14 14:10:40 +02:00
fix: Log critical session renewal and logout paths
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
This commit is contained in:
Christoph Wurst
parent
4e8ec0bc36
commit
f398d0b5a3
@ -783,6 +783,11 @@ class Session implements IUserSession, Emitter {
|
||||
try {
|
||||
$dbToken = $this->tokenProvider->getToken($token);
|
||||
} catch (InvalidTokenException $ex) {
|
||||
$this->logger->warning('Session token is invalid because it does not exist', [
|
||||
'app' => 'core',
|
||||
'user' => $user,
|
||||
'exception' => $ex,
|
||||
]);
|
||||
return false;
|
||||
}
|
||||
|
||||
@ -802,6 +807,10 @@ class Session implements IUserSession, Emitter {
|
||||
}
|
||||
|
||||
if (!$this->checkTokenCredentials($dbToken, $token)) {
|
||||
$this->logger->warning('Session token credentials are invalid', [
|
||||
'app' => 'core',
|
||||
'user' => $user,
|
||||
]);
|
||||
return false;
|
||||
}
|
||||
|
||||
@ -877,9 +886,9 @@ class Session implements IUserSession, Emitter {
|
||||
$tokens = $this->config->getUserKeys($uid, 'login_token');
|
||||
// test cookies token against stored tokens
|
||||
if (!in_array($currentToken, $tokens, true)) {
|
||||
$this->logger->info('Tried to log in {uid} but could not verify token', [
|
||||
$this->logger->info('Tried to log in but could not verify token', [
|
||||
'app' => 'core',
|
||||
'uid' => $uid,
|
||||
'user' => $uid,
|
||||
]);
|
||||
return false;
|
||||
}
|
||||
@ -887,18 +896,30 @@ class Session implements IUserSession, Emitter {
|
||||
$this->config->deleteUserValue($uid, 'login_token', $currentToken);
|
||||
$newToken = $this->random->generate(32);
|
||||
$this->config->setUserValue($uid, 'login_token', $newToken, (string)$this->timeFactory->getTime());
|
||||
$this->logger->debug('Remember-me token replaced', [
|
||||
'app' => 'core',
|
||||
'user' => $uid,
|
||||
]);
|
||||
|
||||
try {
|
||||
$sessionId = $this->session->getId();
|
||||
$token = $this->tokenProvider->renewSessionToken($oldSessionId, $sessionId);
|
||||
$this->logger->debug('Session token replaced', [
|
||||
'app' => 'core',
|
||||
'user' => $uid,
|
||||
]);
|
||||
} catch (SessionNotAvailableException $ex) {
|
||||
$this->logger->warning('Could not renew session token for {uid} because the session is unavailable', [
|
||||
$this->logger->critical('Could not renew session token for {uid} because the session is unavailable', [
|
||||
'app' => 'core',
|
||||
'uid' => $uid,
|
||||
'user' => $uid,
|
||||
]);
|
||||
return false;
|
||||
} catch (InvalidTokenException $ex) {
|
||||
$this->logger->warning('Renewing session token failed', ['app' => 'core']);
|
||||
$this->logger->error('Renewing session token failed', [
|
||||
'app' => 'core',
|
||||
'user' => $uid,
|
||||
]);
|
||||
return false;
|
||||
}
|
||||
|
||||
@ -937,10 +958,17 @@ class Session implements IUserSession, Emitter {
|
||||
$this->manager->emit('\OC\User', 'logout', [$user]);
|
||||
if ($user !== null) {
|
||||
try {
|
||||
$this->tokenProvider->invalidateToken($this->session->getId());
|
||||
$token = $this->session->getId();
|
||||
$this->tokenProvider->invalidateToken($token);
|
||||
$this->logger->debug('Session token invalidated before logout', [
|
||||
'user' => $user->getUID(),
|
||||
]);
|
||||
} catch (SessionNotAvailableException $ex) {
|
||||
}
|
||||
}
|
||||
$this->logger->debug('Logging out', [
|
||||
'user' => $user === null ? null : $user->getUID(),
|
||||
]);
|
||||
$this->setUser(null);
|
||||
$this->setLoginName(null);
|
||||
$this->setToken(null);
|
||||
|
||||
Loading…
Reference in New Issue
Block a user