diff options
| author | Christoph Wurst <christoph@winzerhof-wurst.at> | 2023-10-05 14:32:06 +0200 |
|---|---|---|
| committer | backportbot-nextcloud[bot] <backportbot-nextcloud[bot]@users.noreply.github.com> | 2023-10-10 09:47:07 +0000 |
| commit | d9326222552a5d81799eaad2dc5fdab2c7fe675f (patch) | |
| tree | 9d3c19e5e184a1e121cc03f5c5e81e4550e093c5 /lib/private | |
| parent | b2c864d6093ff02869e99557abe1e8738230220d (diff) | |
| download | nextcloud-server-d9326222552a5d81799eaad2dc5fdab2c7fe675f.tar.gz nextcloud-server-d9326222552a5d81799eaad2dc5fdab2c7fe675f.zip | |
fix: Log critical session renewal and logout paths
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Diffstat (limited to 'lib/private')
| -rw-r--r-- | lib/private/User/Session.php | 38 |
1 files changed, 33 insertions, 5 deletions
diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php index 012a203fcbf..ccc82085d2c 100644 --- a/lib/private/User/Session.php +++ b/lib/private/User/Session.php @@ -781,6 +781,11 @@ class Session implements IUserSession, Emitter { try { $dbToken = $this->tokenProvider->getToken($token); } catch (InvalidTokenException $ex) { + $this->logger->warning('Session token is invalid because it does not exist', [ + 'app' => 'core', + 'user' => $user, + 'exception' => $ex, + ]); return false; } @@ -800,6 +805,10 @@ class Session implements IUserSession, Emitter { } if (!$this->checkTokenCredentials($dbToken, $token)) { + $this->logger->warning('Session token credentials are invalid', [ + 'app' => 'core', + 'user' => $user, + ]); return false; } @@ -875,9 +884,9 @@ class Session implements IUserSession, Emitter { $tokens = $this->config->getUserKeys($uid, 'login_token'); // test cookies token against stored tokens if (!in_array($currentToken, $tokens, true)) { - $this->logger->info('Tried to log in {uid} but could not verify token', [ + $this->logger->info('Tried to log in but could not verify token', [ 'app' => 'core', - 'uid' => $uid, + 'user' => $uid, ]); return false; } @@ -885,18 +894,30 @@ class Session implements IUserSession, Emitter { $this->config->deleteUserValue($uid, 'login_token', $currentToken); $newToken = $this->random->generate(32); $this->config->setUserValue($uid, 'login_token', $newToken, (string)$this->timeFactory->getTime()); + $this->logger->debug('Remember-me token replaced', [ + 'app' => 'core', + 'user' => $uid, + ]); try { $sessionId = $this->session->getId(); $token = $this->tokenProvider->renewSessionToken($oldSessionId, $sessionId); + $this->logger->debug('Session token replaced', [ + 'app' => 'core', + 'user' => $uid, + ]); } catch (SessionNotAvailableException $ex) { - $this->logger->warning('Could not renew session token for {uid} because the session is unavailable', [ + $this->logger->critical('Could not renew session token for {uid} because the session is unavailable', [ 'app' => 'core', 'uid' => $uid, + 'user' => $uid, ]); return false; } catch (InvalidTokenException $ex) { - $this->logger->warning('Renewing session token failed', ['app' => 'core']); + $this->logger->error('Renewing session token failed', [ + 'app' => 'core', + 'user' => $uid, + ]); return false; } @@ -935,10 +956,17 @@ class Session implements IUserSession, Emitter { $this->manager->emit('\OC\User', 'logout', [$user]); if ($user !== null) { try { - $this->tokenProvider->invalidateToken($this->session->getId()); + $token = $this->session->getId(); + $this->tokenProvider->invalidateToken($token); + $this->logger->debug('Session token invalidated before logout', [ + 'user' => $user->getUID(), + ]); } catch (SessionNotAvailableException $ex) { } } + $this->logger->debug('Logging out', [ + 'user' => $user === null ? null : $user->getUID(), + ]); $this->setUser(null); $this->setLoginName(null); $this->setToken(null); |