diff options
author | Christoph Wurst <christoph@owncloud.com> | 2016-04-26 11:32:35 +0200 |
---|---|---|
committer | Thomas Müller <thomas.mueller@tmit.eu> | 2016-05-11 13:36:46 +0200 |
commit | 3ab922601a2e6b9b170007461b9e0718c70bddcd (patch) | |
tree | 77f04125c2d7c422f74f4583cf116da7a9ff56c9 /lib/private/User | |
parent | 2fa5e0a24e34b109fcd4adb98932e9537884bc9a (diff) | |
download | nextcloud-server-3ab922601a2e6b9b170007461b9e0718c70bddcd.tar.gz nextcloud-server-3ab922601a2e6b9b170007461b9e0718c70bddcd.zip |
Check if session token is valid and log user out if the check fails
* Update last_activity timestamp of the session token
* Check user backend credentials once in 5 minutes
Diffstat (limited to 'lib/private/User')
-rw-r--r-- | lib/private/User/Session.php | 45 |
1 files changed, 38 insertions, 7 deletions
diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php index 9db503e6add..7d4594e7205 100644 --- a/lib/private/User/Session.php +++ b/lib/private/User/Session.php @@ -96,8 +96,7 @@ class Session implements IUserSession, Emitter { * @param ISession $session * @param IProvider[] $tokenProviders */ - public function __construct(IUserManager $manager, ISession $session, - DefaultTokenProvider $tokenProvider, array $tokenProviders = []) { + public function __construct(IUserManager $manager, ISession $session, DefaultTokenProvider $tokenProvider, array $tokenProviders = []) { $this->manager = $manager; $this->session = $session; $this->tokenProvider = $tokenProvider; @@ -118,8 +117,7 @@ class Session implements IUserSession, Emitter { * @param string $method optional * @param callable $callback optional */ - public function removeListener($scope = null, $method = null, - callable $callback = null) { + public function removeListener($scope = null, $method = null, callable $callback = null) { $this->manager->removeListener($scope, $method, $callback); } @@ -183,8 +181,7 @@ class Session implements IUserSession, Emitter { return $this->activeUser; } else { $uid = $this->session->get('user_id'); - if ($uid !== null) { - $this->activeUser = $this->manager->get($uid); + if ($uid !== null && $this->isValidSession($uid)) { return $this->activeUser; } else { return null; @@ -192,6 +189,41 @@ class Session implements IUserSession, Emitter { } } + private function isValidSession($uid) { + $this->activeUser = $this->manager->get($uid); + if (is_null($this->activeUser)) { + // User does not exist + return false; + } + // TODO: use ISession::getId(), https://github.com/owncloud/core/pull/24229 + $sessionId = session_id(); + try { + $token = $this->tokenProvider->getToken($sessionId); + } catch (InvalidTokenException $ex) { + // Session was inalidated + $this->logout(); + return false; + } + + // Check whether login credentials are still valid + // This check is performed each 5 minutes + $lastCheck = $this->session->get('last_login_check') ? : 0; + if ($lastCheck < (time() - 60 * 5)) { + $pwd = $this->tokenProvider->getPassword($token, $sessionId); + if ($this->manager->checkPassword($uid, $pwd) === false) { + // Password has changed -> log user out + $this->logout(); + return false; + } + $this->session->set('last_login_check', time()); + } + + // Session is valid, so the token can be refreshed + $this->tokenProvider->updateToken($token); + + return true; + } + /** * Checks whether the user is logged in * @@ -334,7 +366,6 @@ class Session implements IUserSession, Emitter { * @return boolean */ private function validateToken(IRequest $request, $token) { - // TODO: hash token foreach ($this->tokenProviders as $provider) { try { $user = $provider->validateToken($token); |