aboutsummaryrefslogtreecommitdiffstats
path: root/lib/private/User/Session.php
diff options
context:
space:
mode:
authorArthur Schiwon <blizzz@arthur-schiwon.de>2023-10-10 19:28:49 +0200
committerGitHub <noreply@github.com>2023-10-10 19:28:49 +0200
commit1b1a54403ea041a0acda9bf937482bb6715ff98d (patch)
tree5ef7206e8068f2b353ccecc3d17ccf1eb7d421b6 /lib/private/User/Session.php
parent1f4fffc258ba71ec6e18b7f3b94056b15d7874d1 (diff)
parentd9326222552a5d81799eaad2dc5fdab2c7fe675f (diff)
downloadnextcloud-server-1b1a54403ea041a0acda9bf937482bb6715ff98d.tar.gz
nextcloud-server-1b1a54403ea041a0acda9bf937482bb6715ff98d.zip
Merge pull request #40849 from nextcloud/backport/40785/stable27
[stable27] fix: Log critical session renewal and logout paths
Diffstat (limited to 'lib/private/User/Session.php')
-rw-r--r--lib/private/User/Session.php38
1 files changed, 33 insertions, 5 deletions
diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php
index 012a203fcbf..ccc82085d2c 100644
--- a/lib/private/User/Session.php
+++ b/lib/private/User/Session.php
@@ -781,6 +781,11 @@ class Session implements IUserSession, Emitter {
try {
$dbToken = $this->tokenProvider->getToken($token);
} catch (InvalidTokenException $ex) {
+ $this->logger->warning('Session token is invalid because it does not exist', [
+ 'app' => 'core',
+ 'user' => $user,
+ 'exception' => $ex,
+ ]);
return false;
}
@@ -800,6 +805,10 @@ class Session implements IUserSession, Emitter {
}
if (!$this->checkTokenCredentials($dbToken, $token)) {
+ $this->logger->warning('Session token credentials are invalid', [
+ 'app' => 'core',
+ 'user' => $user,
+ ]);
return false;
}
@@ -875,9 +884,9 @@ class Session implements IUserSession, Emitter {
$tokens = $this->config->getUserKeys($uid, 'login_token');
// test cookies token against stored tokens
if (!in_array($currentToken, $tokens, true)) {
- $this->logger->info('Tried to log in {uid} but could not verify token', [
+ $this->logger->info('Tried to log in but could not verify token', [
'app' => 'core',
- 'uid' => $uid,
+ 'user' => $uid,
]);
return false;
}
@@ -885,18 +894,30 @@ class Session implements IUserSession, Emitter {
$this->config->deleteUserValue($uid, 'login_token', $currentToken);
$newToken = $this->random->generate(32);
$this->config->setUserValue($uid, 'login_token', $newToken, (string)$this->timeFactory->getTime());
+ $this->logger->debug('Remember-me token replaced', [
+ 'app' => 'core',
+ 'user' => $uid,
+ ]);
try {
$sessionId = $this->session->getId();
$token = $this->tokenProvider->renewSessionToken($oldSessionId, $sessionId);
+ $this->logger->debug('Session token replaced', [
+ 'app' => 'core',
+ 'user' => $uid,
+ ]);
} catch (SessionNotAvailableException $ex) {
- $this->logger->warning('Could not renew session token for {uid} because the session is unavailable', [
+ $this->logger->critical('Could not renew session token for {uid} because the session is unavailable', [
'app' => 'core',
'uid' => $uid,
+ 'user' => $uid,
]);
return false;
} catch (InvalidTokenException $ex) {
- $this->logger->warning('Renewing session token failed', ['app' => 'core']);
+ $this->logger->error('Renewing session token failed', [
+ 'app' => 'core',
+ 'user' => $uid,
+ ]);
return false;
}
@@ -935,10 +956,17 @@ class Session implements IUserSession, Emitter {
$this->manager->emit('\OC\User', 'logout', [$user]);
if ($user !== null) {
try {
- $this->tokenProvider->invalidateToken($this->session->getId());
+ $token = $this->session->getId();
+ $this->tokenProvider->invalidateToken($token);
+ $this->logger->debug('Session token invalidated before logout', [
+ 'user' => $user->getUID(),
+ ]);
} catch (SessionNotAvailableException $ex) {
}
}
+ $this->logger->debug('Logging out', [
+ 'user' => $user === null ? null : $user->getUID(),
+ ]);
$this->setUser(null);
$this->setLoginName(null);
$this->setToken(null);