diff options
| author | Christoph Wurst <christoph@owncloud.com> | 2016-04-25 16:40:41 +0200 |
|---|---|---|
| committer | Thomas Müller <thomas.mueller@tmit.eu> | 2016-05-11 13:36:46 +0200 |
| commit | 2fa5e0a24e34b109fcd4adb98932e9537884bc9a (patch) | |
| tree | ac0822860e46ffeb0fee03c5f593dfd49bbc62c5 /lib/private/Authentication/Token/DefaultTokenProvider.php | |
| parent | d8cde414bd13c327ec2edaf1ae38380073c93e3e (diff) | |
| download | nextcloud-server-2fa5e0a24e34b109fcd4adb98932e9537884bc9a.tar.gz nextcloud-server-2fa5e0a24e34b109fcd4adb98932e9537884bc9a.zip | |
invalidate (delete) session token on logout
add 'last_activity' column to session tokens and delete old ones via a background job
Diffstat (limited to 'lib/private/Authentication/Token/DefaultTokenProvider.php')
| -rw-r--r-- | lib/private/Authentication/Token/DefaultTokenProvider.php | 37 |
1 files changed, 35 insertions, 2 deletions
diff --git a/lib/private/Authentication/Token/DefaultTokenProvider.php b/lib/private/Authentication/Token/DefaultTokenProvider.php index c8aa396526b..71f798da370 100644 --- a/lib/private/Authentication/Token/DefaultTokenProvider.php +++ b/lib/private/Authentication/Token/DefaultTokenProvider.php @@ -42,6 +42,12 @@ class DefaultTokenProvider implements IProvider { /** @var ILogger $logger */ private $logger; + /** + * @param DefaultTokenMapper $mapper + * @param ICrypto $crypto + * @param IConfig $config + * @param ILogger $logger + */ public function __construct(DefaultTokenMapper $mapper, ICrypto $crypto, IConfig $config, ILogger $logger) { $this->mapper = $mapper; @@ -64,7 +70,8 @@ class DefaultTokenProvider implements IProvider { $secret = $this->config->getSystemValue('secret'); $dbToken->setPassword($this->crypto->encrypt($password . $secret)); $dbToken->setName($name); - $dbToken->setToken(hash('sha512', $token)); + $dbToken->setToken($this->hashToken($token)); + $dbToken->setLastActivity(time()); $this->mapper->insert($dbToken); @@ -72,6 +79,24 @@ class DefaultTokenProvider implements IProvider { } /** + * Invalidate (delete) the given session token + * + * @param string $token + */ + public function invalidateToken($token) { + $this->mapper->invalidate($this->hashToken($token)); + } + + /** + * Invalidate (delete) old session tokens + */ + public function invalidateOldTokens() { + $olderThan = time() - (int) $this->config->getSystemValue('session_lifetime', 60 * 60 * 24); + $this->logger->info('Invalidating tokens older than ' . date('c', $olderThan)); + $this->mapper->invalidateOld($olderThan); + } + + /** * @param string $token * @throws InvalidTokenException * @return string user UID @@ -79,7 +104,7 @@ class DefaultTokenProvider implements IProvider { public function validateToken($token) { $this->logger->debug('validating default token <' . $token . '>'); try { - $dbToken = $this->mapper->getTokenUser(hash('sha512', $token)); + $dbToken = $this->mapper->getTokenUser($this->hashToken($token)); $this->logger->debug('valid token for ' . $dbToken->getUid()); return $dbToken->getUid(); } catch (DoesNotExistException $ex) { @@ -88,4 +113,12 @@ class DefaultTokenProvider implements IProvider { } } + /** + * @param string $token + * @return string + */ + private function hashToken($token) { + return hash('sha512', $token); + } + } |