diff options
author | Arthur Schiwon <blizzz@arthur-schiwon.de> | 2023-10-10 19:28:49 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-10-10 19:28:49 +0200 |
commit | 1b1a54403ea041a0acda9bf937482bb6715ff98d (patch) | |
tree | 5ef7206e8068f2b353ccecc3d17ccf1eb7d421b6 /lib/private/User/Session.php | |
parent | 1f4fffc258ba71ec6e18b7f3b94056b15d7874d1 (diff) | |
parent | d9326222552a5d81799eaad2dc5fdab2c7fe675f (diff) | |
download | nextcloud-server-1b1a54403ea041a0acda9bf937482bb6715ff98d.tar.gz nextcloud-server-1b1a54403ea041a0acda9bf937482bb6715ff98d.zip |
Merge pull request #40849 from nextcloud/backport/40785/stable27
[stable27] fix: Log critical session renewal and logout paths
Diffstat (limited to 'lib/private/User/Session.php')
-rw-r--r-- | lib/private/User/Session.php | 38 |
1 files changed, 33 insertions, 5 deletions
diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php index 012a203fcbf..ccc82085d2c 100644 --- a/lib/private/User/Session.php +++ b/lib/private/User/Session.php @@ -781,6 +781,11 @@ class Session implements IUserSession, Emitter { try { $dbToken = $this->tokenProvider->getToken($token); } catch (InvalidTokenException $ex) { + $this->logger->warning('Session token is invalid because it does not exist', [ + 'app' => 'core', + 'user' => $user, + 'exception' => $ex, + ]); return false; } @@ -800,6 +805,10 @@ class Session implements IUserSession, Emitter { } if (!$this->checkTokenCredentials($dbToken, $token)) { + $this->logger->warning('Session token credentials are invalid', [ + 'app' => 'core', + 'user' => $user, + ]); return false; } @@ -875,9 +884,9 @@ class Session implements IUserSession, Emitter { $tokens = $this->config->getUserKeys($uid, 'login_token'); // test cookies token against stored tokens if (!in_array($currentToken, $tokens, true)) { - $this->logger->info('Tried to log in {uid} but could not verify token', [ + $this->logger->info('Tried to log in but could not verify token', [ 'app' => 'core', - 'uid' => $uid, + 'user' => $uid, ]); return false; } @@ -885,18 +894,30 @@ class Session implements IUserSession, Emitter { $this->config->deleteUserValue($uid, 'login_token', $currentToken); $newToken = $this->random->generate(32); $this->config->setUserValue($uid, 'login_token', $newToken, (string)$this->timeFactory->getTime()); + $this->logger->debug('Remember-me token replaced', [ + 'app' => 'core', + 'user' => $uid, + ]); try { $sessionId = $this->session->getId(); $token = $this->tokenProvider->renewSessionToken($oldSessionId, $sessionId); + $this->logger->debug('Session token replaced', [ + 'app' => 'core', + 'user' => $uid, + ]); } catch (SessionNotAvailableException $ex) { - $this->logger->warning('Could not renew session token for {uid} because the session is unavailable', [ + $this->logger->critical('Could not renew session token for {uid} because the session is unavailable', [ 'app' => 'core', 'uid' => $uid, + 'user' => $uid, ]); return false; } catch (InvalidTokenException $ex) { - $this->logger->warning('Renewing session token failed', ['app' => 'core']); + $this->logger->error('Renewing session token failed', [ + 'app' => 'core', + 'user' => $uid, + ]); return false; } @@ -935,10 +956,17 @@ class Session implements IUserSession, Emitter { $this->manager->emit('\OC\User', 'logout', [$user]); if ($user !== null) { try { - $this->tokenProvider->invalidateToken($this->session->getId()); + $token = $this->session->getId(); + $this->tokenProvider->invalidateToken($token); + $this->logger->debug('Session token invalidated before logout', [ + 'user' => $user->getUID(), + ]); } catch (SessionNotAvailableException $ex) { } } + $this->logger->debug('Logging out', [ + 'user' => $user === null ? null : $user->getUID(), + ]); $this->setUser(null); $this->setLoginName(null); $this->setToken(null); |