summaryrefslogtreecommitdiffstats
path: root/lib/private/User
diff options
context:
space:
mode:
authorChristoph Wurst <christoph@owncloud.com>2016-04-26 11:32:35 +0200
committerThomas Müller <thomas.mueller@tmit.eu>2016-05-11 13:36:46 +0200
commit3ab922601a2e6b9b170007461b9e0718c70bddcd (patch)
tree77f04125c2d7c422f74f4583cf116da7a9ff56c9 /lib/private/User
parent2fa5e0a24e34b109fcd4adb98932e9537884bc9a (diff)
downloadnextcloud-server-3ab922601a2e6b9b170007461b9e0718c70bddcd.tar.gz
nextcloud-server-3ab922601a2e6b9b170007461b9e0718c70bddcd.zip
Check if session token is valid and log user out if the check fails
* Update last_activity timestamp of the session token * Check user backend credentials once in 5 minutes
Diffstat (limited to 'lib/private/User')
-rw-r--r--lib/private/User/Session.php45
1 files changed, 38 insertions, 7 deletions
diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php
index 9db503e6add..7d4594e7205 100644
--- a/lib/private/User/Session.php
+++ b/lib/private/User/Session.php
@@ -96,8 +96,7 @@ class Session implements IUserSession, Emitter {
* @param ISession $session
* @param IProvider[] $tokenProviders
*/
- public function __construct(IUserManager $manager, ISession $session,
- DefaultTokenProvider $tokenProvider, array $tokenProviders = []) {
+ public function __construct(IUserManager $manager, ISession $session, DefaultTokenProvider $tokenProvider, array $tokenProviders = []) {
$this->manager = $manager;
$this->session = $session;
$this->tokenProvider = $tokenProvider;
@@ -118,8 +117,7 @@ class Session implements IUserSession, Emitter {
* @param string $method optional
* @param callable $callback optional
*/
- public function removeListener($scope = null, $method = null,
- callable $callback = null) {
+ public function removeListener($scope = null, $method = null, callable $callback = null) {
$this->manager->removeListener($scope, $method, $callback);
}
@@ -183,8 +181,7 @@ class Session implements IUserSession, Emitter {
return $this->activeUser;
} else {
$uid = $this->session->get('user_id');
- if ($uid !== null) {
- $this->activeUser = $this->manager->get($uid);
+ if ($uid !== null && $this->isValidSession($uid)) {
return $this->activeUser;
} else {
return null;
@@ -192,6 +189,41 @@ class Session implements IUserSession, Emitter {
}
}
+ private function isValidSession($uid) {
+ $this->activeUser = $this->manager->get($uid);
+ if (is_null($this->activeUser)) {
+ // User does not exist
+ return false;
+ }
+ // TODO: use ISession::getId(), https://github.com/owncloud/core/pull/24229
+ $sessionId = session_id();
+ try {
+ $token = $this->tokenProvider->getToken($sessionId);
+ } catch (InvalidTokenException $ex) {
+ // Session was inalidated
+ $this->logout();
+ return false;
+ }
+
+ // Check whether login credentials are still valid
+ // This check is performed each 5 minutes
+ $lastCheck = $this->session->get('last_login_check') ? : 0;
+ if ($lastCheck < (time() - 60 * 5)) {
+ $pwd = $this->tokenProvider->getPassword($token, $sessionId);
+ if ($this->manager->checkPassword($uid, $pwd) === false) {
+ // Password has changed -> log user out
+ $this->logout();
+ return false;
+ }
+ $this->session->set('last_login_check', time());
+ }
+
+ // Session is valid, so the token can be refreshed
+ $this->tokenProvider->updateToken($token);
+
+ return true;
+ }
+
/**
* Checks whether the user is logged in
*
@@ -334,7 +366,6 @@ class Session implements IUserSession, Emitter {
* @return boolean
*/
private function validateToken(IRequest $request, $token) {
- // TODO: hash token
foreach ($this->tokenProviders as $provider) {
try {
$user = $provider->validateToken($token);