diff options
| author | Christoph Wurst <christoph@winzerhof-wurst.at> | 2023-10-05 14:32:06 +0200 |
|---|---|---|
| committer | Christoph Wurst <christoph@winzerhof-wurst.at> | 2023-10-09 13:21:10 +0200 |
| commit | f398d0b5a3d83b0d46ab9a9495bf9567567d9945 (patch) | |
| tree | a9f87052d322c8f19014a5ce6a0d0953d8ebe241 | |
| parent | 4e8ec0bc3676ae66126cd531ad7a12e5b6979b63 (diff) | |
| download | nextcloud-server-f398d0b5a3d83b0d46ab9a9495bf9567567d9945.tar.gz nextcloud-server-f398d0b5a3d83b0d46ab9a9495bf9567567d9945.zip | |
fix: Log critical session renewal and logout paths
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
| -rw-r--r-- | lib/private/User/Session.php | 38 |
1 files changed, 33 insertions, 5 deletions
diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php index b654387d17a..d6971d1486b 100644 --- a/lib/private/User/Session.php +++ b/lib/private/User/Session.php @@ -783,6 +783,11 @@ class Session implements IUserSession, Emitter { try { $dbToken = $this->tokenProvider->getToken($token); } catch (InvalidTokenException $ex) { + $this->logger->warning('Session token is invalid because it does not exist', [ + 'app' => 'core', + 'user' => $user, + 'exception' => $ex, + ]); return false; } @@ -802,6 +807,10 @@ class Session implements IUserSession, Emitter { } if (!$this->checkTokenCredentials($dbToken, $token)) { + $this->logger->warning('Session token credentials are invalid', [ + 'app' => 'core', + 'user' => $user, + ]); return false; } @@ -877,9 +886,9 @@ class Session implements IUserSession, Emitter { $tokens = $this->config->getUserKeys($uid, 'login_token'); // test cookies token against stored tokens if (!in_array($currentToken, $tokens, true)) { - $this->logger->info('Tried to log in {uid} but could not verify token', [ + $this->logger->info('Tried to log in but could not verify token', [ 'app' => 'core', - 'uid' => $uid, + 'user' => $uid, ]); return false; } @@ -887,18 +896,30 @@ class Session implements IUserSession, Emitter { $this->config->deleteUserValue($uid, 'login_token', $currentToken); $newToken = $this->random->generate(32); $this->config->setUserValue($uid, 'login_token', $newToken, (string)$this->timeFactory->getTime()); + $this->logger->debug('Remember-me token replaced', [ + 'app' => 'core', + 'user' => $uid, + ]); try { $sessionId = $this->session->getId(); $token = $this->tokenProvider->renewSessionToken($oldSessionId, $sessionId); + $this->logger->debug('Session token replaced', [ + 'app' => 'core', + 'user' => $uid, + ]); } catch (SessionNotAvailableException $ex) { - $this->logger->warning('Could not renew session token for {uid} because the session is unavailable', [ + $this->logger->critical('Could not renew session token for {uid} because the session is unavailable', [ 'app' => 'core', 'uid' => $uid, + 'user' => $uid, ]); return false; } catch (InvalidTokenException $ex) { - $this->logger->warning('Renewing session token failed', ['app' => 'core']); + $this->logger->error('Renewing session token failed', [ + 'app' => 'core', + 'user' => $uid, + ]); return false; } @@ -937,10 +958,17 @@ class Session implements IUserSession, Emitter { $this->manager->emit('\OC\User', 'logout', [$user]); if ($user !== null) { try { - $this->tokenProvider->invalidateToken($this->session->getId()); + $token = $this->session->getId(); + $this->tokenProvider->invalidateToken($token); + $this->logger->debug('Session token invalidated before logout', [ + 'user' => $user->getUID(), + ]); } catch (SessionNotAvailableException $ex) { } } + $this->logger->debug('Logging out', [ + 'user' => $user === null ? null : $user->getUID(), + ]); $this->setUser(null); $this->setLoginName(null); $this->setToken(null); |