summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMorris Jobke <hey@morrisjobke.de>2019-02-06 15:38:54 +0100
committerGitHub <noreply@github.com>2019-02-06 15:38:54 +0100
commita1aa6ee70d45d359d7e277873106a668aa642305 (patch)
treee276836e5276c092c29bf39691335ce2d0850e4b
parent0df5110127a794ab25cf677aa98787ec12ee6fa3 (diff)
parent60e5a5eca42f3b10053c423e4aedef9e09f2c48c (diff)
downloadnextcloud-server-a1aa6ee70d45d359d7e277873106a668aa642305.tar.gz
nextcloud-server-a1aa6ee70d45d359d7e277873106a668aa642305.zip
Merge pull request #12573 from nextcloud/fix/12568/special_handling_of_logout
Do not do redirect handling when loggin out
Diffstat
-rw-r--r--core/Controller/LoginController.php4
-rw-r--r--lib/composer/composer/autoload_classmap.php2
-rw-r--r--lib/composer/composer/autoload_static.php2
-rw-r--r--lib/private/AppFramework/DependencyInjection/DIContainer.php4
-rw-r--r--lib/private/AppFramework/Middleware/Security/Exceptions/ReloadExecutionException.php29
-rw-r--r--lib/private/AppFramework/Middleware/Security/ReloadExecutionMiddleware.php68
6 files changed, 108 insertions, 1 deletions
diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php
index 5697430051f..85d3b6b837f 100644
--- a/core/Controller/LoginController.php
+++ b/core/Controller/LoginController.php
@@ -134,6 +134,9 @@ class LoginController extends Controller {
'core.login.showLoginForm',
['clear' => true] // this param the the code in login.js may be removed when the "Clear-Site-Data" is working in the browsers
));
+
+ $this->session->set('clearingExecutionContexts', '1');
+ $this->session->close();
$response->addHeader('Clear-Site-Data', '"cache", "storage", "executionContexts"');
return $response;
}
@@ -149,7 +152,6 @@ class LoginController extends Controller {
* @return TemplateResponse|RedirectResponse
*/
public function showLoginForm(string $user = null, string $redirect_url = null): Http\Response {
-
if ($this->userSession->isLoggedIn()) {
return new RedirectResponse(OC_Util::getDefaultPageUrl());
}
diff --git a/lib/composer/composer/autoload_classmap.php b/lib/composer/composer/autoload_classmap.php
index 5f311d28c56..5997825289e 100644
--- a/lib/composer/composer/autoload_classmap.php
+++ b/lib/composer/composer/autoload_classmap.php
@@ -432,10 +432,12 @@ return array(
'OC\\AppFramework\\Middleware\\Security\\Exceptions\\NotAdminException' => $baseDir . '/lib/private/AppFramework/Middleware/Security/Exceptions/NotAdminException.php',
'OC\\AppFramework\\Middleware\\Security\\Exceptions\\NotConfirmedException' => $baseDir . '/lib/private/AppFramework/Middleware/Security/Exceptions/NotConfirmedException.php',
'OC\\AppFramework\\Middleware\\Security\\Exceptions\\NotLoggedInException' => $baseDir . '/lib/private/AppFramework/Middleware/Security/Exceptions/NotLoggedInException.php',
+ 'OC\\AppFramework\\Middleware\\Security\\Exceptions\\ReloadExecutionException' => $baseDir . '/lib/private/AppFramework/Middleware/Security/Exceptions/ReloadExecutionException.php',
'OC\\AppFramework\\Middleware\\Security\\Exceptions\\SecurityException' => $baseDir . '/lib/private/AppFramework/Middleware/Security/Exceptions/SecurityException.php',
'OC\\AppFramework\\Middleware\\Security\\Exceptions\\StrictCookieMissingException' => $baseDir . '/lib/private/AppFramework/Middleware/Security/Exceptions/StrictCookieMissingException.php',
'OC\\AppFramework\\Middleware\\Security\\PasswordConfirmationMiddleware' => $baseDir . '/lib/private/AppFramework/Middleware/Security/PasswordConfirmationMiddleware.php',
'OC\\AppFramework\\Middleware\\Security\\RateLimitingMiddleware' => $baseDir . '/lib/private/AppFramework/Middleware/Security/RateLimitingMiddleware.php',
+ 'OC\\AppFramework\\Middleware\\Security\\ReloadExecutionMiddleware' => $baseDir . '/lib/private/AppFramework/Middleware/Security/ReloadExecutionMiddleware.php',
'OC\\AppFramework\\Middleware\\Security\\SameSiteCookieMiddleware' => $baseDir . '/lib/private/AppFramework/Middleware/Security/SameSiteCookieMiddleware.php',
'OC\\AppFramework\\Middleware\\Security\\SecurityMiddleware' => $baseDir . '/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php',
'OC\\AppFramework\\Middleware\\SessionMiddleware' => $baseDir . '/lib/private/AppFramework/Middleware/SessionMiddleware.php',
diff --git a/lib/composer/composer/autoload_static.php b/lib/composer/composer/autoload_static.php
index 42631a293e3..ff8bea3bd90 100644
--- a/lib/composer/composer/autoload_static.php
+++ b/lib/composer/composer/autoload_static.php
@@ -462,10 +462,12 @@ class ComposerStaticInit53792487c5a8370acc0b06b1a864ff4c
'OC\\AppFramework\\Middleware\\Security\\Exceptions\\NotAdminException' => __DIR__ . '/../../..' . '/lib/private/AppFramework/Middleware/Security/Exceptions/NotAdminException.php',
'OC\\AppFramework\\Middleware\\Security\\Exceptions\\NotConfirmedException' => __DIR__ . '/../../..' . '/lib/private/AppFramework/Middleware/Security/Exceptions/NotConfirmedException.php',
'OC\\AppFramework\\Middleware\\Security\\Exceptions\\NotLoggedInException' => __DIR__ . '/../../..' . '/lib/private/AppFramework/Middleware/Security/Exceptions/NotLoggedInException.php',
+ 'OC\\AppFramework\\Middleware\\Security\\Exceptions\\ReloadExecutionException' => __DIR__ . '/../../..' . '/lib/private/AppFramework/Middleware/Security/Exceptions/ReloadExecutionException.php',
'OC\\AppFramework\\Middleware\\Security\\Exceptions\\SecurityException' => __DIR__ . '/../../..' . '/lib/private/AppFramework/Middleware/Security/Exceptions/SecurityException.php',
'OC\\AppFramework\\Middleware\\Security\\Exceptions\\StrictCookieMissingException' => __DIR__ . '/../../..' . '/lib/private/AppFramework/Middleware/Security/Exceptions/StrictCookieMissingException.php',
'OC\\AppFramework\\Middleware\\Security\\PasswordConfirmationMiddleware' => __DIR__ . '/../../..' . '/lib/private/AppFramework/Middleware/Security/PasswordConfirmationMiddleware.php',
'OC\\AppFramework\\Middleware\\Security\\RateLimitingMiddleware' => __DIR__ . '/../../..' . '/lib/private/AppFramework/Middleware/Security/RateLimitingMiddleware.php',
+ 'OC\\AppFramework\\Middleware\\Security\\ReloadExecutionMiddleware' => __DIR__ . '/../../..' . '/lib/private/AppFramework/Middleware/Security/ReloadExecutionMiddleware.php',
'OC\\AppFramework\\Middleware\\Security\\SameSiteCookieMiddleware' => __DIR__ . '/../../..' . '/lib/private/AppFramework/Middleware/Security/SameSiteCookieMiddleware.php',
'OC\\AppFramework\\Middleware\\Security\\SecurityMiddleware' => __DIR__ . '/../../..' . '/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php',
'OC\\AppFramework\\Middleware\\SessionMiddleware' => __DIR__ . '/../../..' . '/lib/private/AppFramework/Middleware/SessionMiddleware.php',
diff --git a/lib/private/AppFramework/DependencyInjection/DIContainer.php b/lib/private/AppFramework/DependencyInjection/DIContainer.php
index de25f8fe4d3..bb63adf3983 100644
--- a/lib/private/AppFramework/DependencyInjection/DIContainer.php
+++ b/lib/private/AppFramework/DependencyInjection/DIContainer.php
@@ -186,6 +186,10 @@ class DIContainer extends SimpleContainer implements IAppContainer {
$dispatcher = new MiddlewareDispatcher();
$dispatcher->registerMiddleware(
+ $c->query(OC\AppFramework\Middleware\Security\ReloadExecutionMiddleware::class)
+ );
+
+ $dispatcher->registerMiddleware(
new OC\AppFramework\Middleware\Security\SameSiteCookieMiddleware(
$c->query(IRequest::class),
$c->query(IControllerMethodReflector::class)
diff --git a/lib/private/AppFramework/Middleware/Security/Exceptions/ReloadExecutionException.php b/lib/private/AppFramework/Middleware/Security/Exceptions/ReloadExecutionException.php
new file mode 100644
index 00000000000..e5db7ef6465
--- /dev/null
+++ b/lib/private/AppFramework/Middleware/Security/Exceptions/ReloadExecutionException.php
@@ -0,0 +1,29 @@
+<?php
+declare(strict_types=1);
+/**
+ * @copyright Copyright (c) 2019, Roeland Jago Douma <roeland@famdouma.nl>
+ *
+ * @author Roeland Jago Douma <roeland@famdouma.nl>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OC\AppFramework\Middleware\Security\Exceptions;
+
+class ReloadExecutionException extends SecurityException {
+
+}
diff --git a/lib/private/AppFramework/Middleware/Security/ReloadExecutionMiddleware.php b/lib/private/AppFramework/Middleware/Security/ReloadExecutionMiddleware.php
new file mode 100644
index 00000000000..a3b2f15a46c
--- /dev/null
+++ b/lib/private/AppFramework/Middleware/Security/ReloadExecutionMiddleware.php
@@ -0,0 +1,68 @@
+<?php
+declare(strict_types=1);
+/**
+ * @copyright Copyright (c) 2019, Roeland Jago Douma <roeland@famdouma.nl>
+ *
+ * @author Roeland Jago Douma <roeland@famdouma.nl>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OC\AppFramework\Middleware\Security;
+
+use OC\AppFramework\Middleware\Security\Exceptions\ReloadExecutionException;
+use OCP\AppFramework\Http\RedirectResponse;
+use OCP\AppFramework\Middleware;
+use OCP\ISession;
+use OCP\IURLGenerator;
+
+/**
+ * Simple middleware to handle the clearing of the execution context. This will trigger
+ * a reload but if the session variable is set we properly redirect to the login page.
+ */
+class ReloadExecutionMiddleware extends Middleware {
+ /** @var ISession */
+ private $session;
+ /** @var IURLGenerator */
+ private $urlGenerator;
+
+ public function __construct(ISession $session, IURLGenerator $urlGenerator) {
+ $this->session = $session;
+ $this->urlGenerator = $urlGenerator;
+ }
+
+ public function beforeController($controller, $methodName) {
+ if ($this->session->exists('clearingExecutionContexts')) {
+ throw new ReloadExecutionException();
+ }
+ }
+
+ public function afterException($controller, $methodName, \Exception $exception) {
+ if ($exception instanceof ReloadExecutionException) {
+ $this->session->remove('clearingExecutionContexts');
+
+ return new RedirectResponse($this->urlGenerator->linkToRouteAbsolute(
+ 'core.login.showLoginForm',
+ ['clear' => true] // this param the the code in login.js may be removed when the "Clear-Site-Data" is working in the browsers
+ ));
+ }
+
+ return parent::afterException($controller, $methodName, $exception);
+ }
+
+
+}
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-21 07:50:06 +0000