aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGit'Fellow <12234510+solracsf@users.noreply.github.com>2024-01-06 09:03:59 +0100
committerChristoph Wurst <christoph@winzerhof-wurst.at>2024-01-17 09:17:23 +0100
commit72e0618f20ff290f28762b24a0b651075a6cd24c (patch)
tree958ca3a2462d457cf454af56333fcf82fdfacb03
parentad12af8d06dfffe3e8d6b4a255aa96fc2c719136 (diff)
downloadnextcloud-server-72e0618f20ff290f28762b24a0b651075a6cd24c.tar.gz
nextcloud-server-72e0618f20ff290f28762b24a0b651075a6cd24c.zip
fix(session): Avoid two useless authtoken DB queries for every anonymous request
Co-Authored-By: Christoph Wurst <christoph@winzerhof-wurst.at> Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com> Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Diffstat
-rw-r--r--lib/private/User/Session.php7
-rw-r--r--tests/lib/User/SessionTest.php50
2 files changed, 55 insertions, 2 deletions
diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php
index 02a7a7e9e16..772a4103490 100644
--- a/lib/private/User/Session.php
+++ b/lib/private/User/Session.php
@@ -842,13 +842,16 @@ class Session implements IUserSession, Emitter {
$authHeader = $request->getHeader('Authorization');
if (str_starts_with($authHeader, 'Bearer ')) {
$token = substr($authHeader, 7);
- } else {
- // No auth header, let's try session id
+ } elseif ($request->getCookie($this->config->getSystemValueString('instanceid')) !== null) {
+ // No auth header, let's try session id, but only if this is an existing
+ // session and the request has a session cookie
try {
$token = $this->session->getId();
} catch (SessionNotAvailableException $ex) {
return false;
}
+ } else {
+ return false;
}
if (!$this->loginWithToken($token)) {
diff --git a/tests/lib/User/SessionTest.php b/tests/lib/User/SessionTest.php
index 3b8d75f694c..50adda64afd 100644
--- a/tests/lib/User/SessionTest.php
+++ b/tests/lib/User/SessionTest.php
@@ -479,6 +479,56 @@ class SessionTest extends \Test\TestCase {
$userSession->logClientIn('john', 'doe', $request, $this->throttler);
}
+ public function testTryTokenLoginNoHeaderNoSessionCookie(): void {
+ $request = $this->createMock(IRequest::class);
+ $this->config->expects(self::once())
+ ->method('getSystemValueString')
+ ->with('instanceid')
+ ->willReturn('abc123');
+ $request->method('getHeader')->with('Authorization')->willReturn('');
+ $request->method('getCookie')->with('abc123')->willReturn(null);
+ $this->tokenProvider->expects(self::never())
+ ->method('getToken');
+
+ $loginResult = $this->userSession->tryTokenLogin($request);
+
+ self::assertFalse($loginResult);
+ }
+
+ public function testTryTokenLoginAuthorizationHeaderTokenNotFound(): void {
+ $request = $this->createMock(IRequest::class);
+ $request->method('getHeader')->with('Authorization')->willReturn('Bearer abcde-12345');
+ $this->tokenProvider->expects(self::once())
+ ->method('getToken')
+ ->with('abcde-12345')
+ ->willThrowException(new InvalidTokenException());
+
+ $loginResult = $this->userSession->tryTokenLogin($request);
+
+ self::assertFalse($loginResult);
+ }
+
+ public function testTryTokenLoginSessionIdTokenNotFound(): void {
+ $request = $this->createMock(IRequest::class);
+ $this->config->expects(self::once())
+ ->method('getSystemValueString')
+ ->with('instanceid')
+ ->willReturn('abc123');
+ $request->method('getHeader')->with('Authorization')->willReturn('');
+ $request->method('getCookie')->with('abc123')->willReturn('abcde12345');
+ $this->session->expects(self::once())
+ ->method('getId')
+ ->willReturn('abcde12345');
+ $this->tokenProvider->expects(self::once())
+ ->method('getToken')
+ ->with('abcde12345')
+ ->willThrowException(new InvalidTokenException());
+
+ $loginResult = $this->userSession->tryTokenLogin($request);
+
+ self::assertFalse($loginResult);
+ }
+
public function testRememberLoginValidToken() {
$session = $this->getMockBuilder(Memory::class)->setConstructorArgs([''])->getMock();
$managerMethods = get_class_methods(Manager::class);
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-18 20:37:33 +0000