diff options
author | Christoph Wurst <christoph@winzerhof-wurst.at> | 2016-09-06 21:41:15 +0200 |
---|---|---|
committer | Lukas Reschke <lukas@statuscode.ch> | 2016-11-02 13:39:16 +0100 |
commit | d907666232468503ab6ed2bdac44b6500be2beb6 (patch) | |
tree | 945f83d4ddeda3df811042b138e84a2cdf06d120 /lib/private/User | |
parent | dada3ffb51ce9d941b15f1e3fdc1ce292acebb69 (diff) | |
download | nextcloud-server-d907666232468503ab6ed2bdac44b6500be2beb6.tar.gz nextcloud-server-d907666232468503ab6ed2bdac44b6500be2beb6.zip |
bring back remember-me
* try to reuse the old session token for remember me login
* decrypt/encrypt token password and set the session id accordingly
* create remember-me cookies only if checkbox is checked and 2fa solved
* adjust db token cleanup to store remembered tokens longer
* adjust unit tests
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Diffstat (limited to 'lib/private/User')
-rw-r--r-- | lib/private/User/Session.php | 70 |
1 files changed, 51 insertions, 19 deletions
diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php index a213ee48c2a..68f17747a08 100644 --- a/lib/private/User/Session.php +++ b/lib/private/User/Session.php @@ -526,9 +526,10 @@ class Session implements IUserSession, Emitter { * @param string $uid user UID * @param string $loginName login name * @param string $password + * @param int $remember * @return boolean */ - public function createSessionToken(IRequest $request, $uid, $loginName, $password = null) { + public function createSessionToken(IRequest $request, $uid, $loginName, $password = null, $remember = IToken::DO_NOT_REMEMBER) { if (is_null($this->manager->get($uid))) { // User does not exist return false; @@ -537,7 +538,7 @@ class Session implements IUserSession, Emitter { try { $sessionId = $this->session->getId(); $pwd = $this->getPassword($password); - $this->tokenProvider->generateToken($sessionId, $uid, $loginName, $pwd, $name); + $this->tokenProvider->generateToken($sessionId, $uid, $loginName, $pwd, $name, IToken::TEMPORARY_TOKEN, IToken::REMEMBER); return true; } catch (SessionNotAvailableException $ex) { // This can happen with OCC, where a memory session is used @@ -680,9 +681,10 @@ class Session implements IUserSession, Emitter { * * @param string $uid the username * @param string $currentToken + * @param string $oldSessionId * @return bool */ - public function loginWithCookie($uid, $currentToken) { + public function loginWithCookie($uid, $currentToken, $oldSessionId) { $this->session->regenerateId(); $this->manager->emit('\OC\User', 'preRememberedLogin', array($uid)); $user = $this->manager->get($uid); @@ -692,15 +694,26 @@ class Session implements IUserSession, Emitter { } // get stored tokens - $tokens = OC::$server->getConfig()->getUserKeys($uid, 'login_token'); + $tokens = $this->config->getUserKeys($uid, 'login_token'); // test cookies token against stored tokens if (!in_array($currentToken, $tokens, true)) { return false; } // replace successfully used token with a new one - OC::$server->getConfig()->deleteUserValue($uid, 'login_token', $currentToken); + $this->config->deleteUserValue($uid, 'login_token', $currentToken); $newToken = OC::$server->getSecureRandom()->generate(32); - OC::$server->getConfig()->setUserValue($uid, 'login_token', $newToken, time()); + $this->config->setUserValue($uid, 'login_token', $newToken, $this->timeFacory->getTime()); + + try { + $sessionId = $this->session->getId(); + $this->tokenProvider->renewSessionToken($oldSessionId, $sessionId); + } catch (SessionNotAvailableException $ex) { + return false; + } catch (InvalidTokenException $ex) { + \OC::$server->getLogger()->warning('Renewing session token failed', ['app' => 'core']); + return false; + } + $this->setMagicInCookie($user->getUID(), $newToken); //login @@ -710,6 +723,15 @@ class Session implements IUserSession, Emitter { } /** + * @param IUser $user + */ + public function createRememberMeToken(IUser $user) { + $token = OC::$server->getSecureRandom()->generate(32); + $this->config->setUserValue($user->getUID(), 'login_token', $token, time()); + $this->setMagicInCookie($user->getUID(), $token); + } + + /** * logout the user from the session */ public function logout() { @@ -736,10 +758,19 @@ class Session implements IUserSession, Emitter { */ public function setMagicInCookie($username, $token) { $secureCookie = OC::$server->getRequest()->getServerProtocol() === 'https'; - $expires = time() + OC::$server->getConfig()->getSystemValue('remember_login_cookie_lifetime', 60 * 60 * 24 * 15); - setcookie('oc_username', $username, $expires, OC::$WEBROOT, '', $secureCookie, true); - setcookie('oc_token', $token, $expires, OC::$WEBROOT, '', $secureCookie, true); - setcookie('oc_remember_login', '1', $expires, OC::$WEBROOT, '', $secureCookie, true); + $webRoot = \OC::$WEBROOT; + if ($webRoot === '') { + $webRoot = '/'; + } + + $expires = $this->timeFacory->getTime() + OC::$server->getConfig()->getSystemValue('remember_login_cookie_lifetime', 60 * 60 * 24 * 15); + setcookie('nc_username', $username, $expires, $webRoot, '', $secureCookie, true); + setcookie('nc_token', $token, $expires, $webRoot, '', $secureCookie, true); + try { + setcookie('nc_session_id', $this->session->getId(), $expires, $webRoot, '', $secureCookie, true); + } catch (SessionNotAvailableException $ex) { + // ignore + } } /** @@ -749,17 +780,17 @@ class Session implements IUserSession, Emitter { //TODO: DI for cookies and IRequest $secureCookie = OC::$server->getRequest()->getServerProtocol() === 'https'; - unset($_COOKIE['oc_username']); //TODO: DI - unset($_COOKIE['oc_token']); - unset($_COOKIE['oc_remember_login']); - setcookie('oc_username', '', time() - 3600, OC::$WEBROOT, '', $secureCookie, true); - setcookie('oc_token', '', time() - 3600, OC::$WEBROOT, '', $secureCookie, true); - setcookie('oc_remember_login', '', time() - 3600, OC::$WEBROOT, '', $secureCookie, true); + unset($_COOKIE['nc_username']); //TODO: DI + unset($_COOKIE['nc_token']); + unset($_COOKIE['nc_session_id']); + setcookie('nc_username', '', time() - 3600, OC::$WEBROOT, '', $secureCookie, true); + setcookie('nc_token', '', time() - 3600, OC::$WEBROOT, '', $secureCookie, true); + setcookie('nc_session_id', '', time() - 3600, OC::$WEBROOT, '', $secureCookie, true); // old cookies might be stored under /webroot/ instead of /webroot // and Firefox doesn't like it! - setcookie('oc_username', '', time() - 3600, OC::$WEBROOT . '/', '', $secureCookie, true); - setcookie('oc_token', '', time() - 3600, OC::$WEBROOT . '/', '', $secureCookie, true); - setcookie('oc_remember_login', '', time() - 3600, OC::$WEBROOT . '/', '', $secureCookie, true); + setcookie('nc_username', '', time() - 3600, OC::$WEBROOT . '/', '', $secureCookie, true); + setcookie('nc_token', '', time() - 3600, OC::$WEBROOT . '/', '', $secureCookie, true); + setcookie('nc_session_id', '', time() - 3600, OC::$WEBROOT . '/', '', $secureCookie, true); } /** @@ -779,4 +810,5 @@ class Session implements IUserSession, Emitter { } } + } |