diff options
| author | Christoph Wurst <ChristophWurst@users.noreply.github.com> | 2023-10-10 11:26:25 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-10-10 11:26:25 +0200 |
| commit | 8c2b9b3036b7104f32e0014d61f3cc5c65f57506 (patch) | |
| tree | 2302ca3094809a0f93ae8e9a96f25dbba67f00ed /lib | |
| parent | e6d0105217e9a89bb6fddcfda4830ac9a556ed86 (diff) | |
| parent | f398d0b5a3d83b0d46ab9a9495bf9567567d9945 (diff) | |
| download | nextcloud-server-8c2b9b3036b7104f32e0014d61f3cc5c65f57506.tar.gz nextcloud-server-8c2b9b3036b7104f32e0014d61f3cc5c65f57506.zip | |
Merge pull request #40785 from nextcloud/fix/user/log-logout-conditions
fix: Log critical session renewal and logout paths
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/private/User/Session.php | 38 |
1 files changed, 33 insertions, 5 deletions
diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php index b654387d17a..d6971d1486b 100644 --- a/lib/private/User/Session.php +++ b/lib/private/User/Session.php @@ -783,6 +783,11 @@ class Session implements IUserSession, Emitter { try { $dbToken = $this->tokenProvider->getToken($token); } catch (InvalidTokenException $ex) { + $this->logger->warning('Session token is invalid because it does not exist', [ + 'app' => 'core', + 'user' => $user, + 'exception' => $ex, + ]); return false; } @@ -802,6 +807,10 @@ class Session implements IUserSession, Emitter { } if (!$this->checkTokenCredentials($dbToken, $token)) { + $this->logger->warning('Session token credentials are invalid', [ + 'app' => 'core', + 'user' => $user, + ]); return false; } @@ -877,9 +886,9 @@ class Session implements IUserSession, Emitter { $tokens = $this->config->getUserKeys($uid, 'login_token'); // test cookies token against stored tokens if (!in_array($currentToken, $tokens, true)) { - $this->logger->info('Tried to log in {uid} but could not verify token', [ + $this->logger->info('Tried to log in but could not verify token', [ 'app' => 'core', - 'uid' => $uid, + 'user' => $uid, ]); return false; } @@ -887,18 +896,30 @@ class Session implements IUserSession, Emitter { $this->config->deleteUserValue($uid, 'login_token', $currentToken); $newToken = $this->random->generate(32); $this->config->setUserValue($uid, 'login_token', $newToken, (string)$this->timeFactory->getTime()); + $this->logger->debug('Remember-me token replaced', [ + 'app' => 'core', + 'user' => $uid, + ]); try { $sessionId = $this->session->getId(); $token = $this->tokenProvider->renewSessionToken($oldSessionId, $sessionId); + $this->logger->debug('Session token replaced', [ + 'app' => 'core', + 'user' => $uid, + ]); } catch (SessionNotAvailableException $ex) { - $this->logger->warning('Could not renew session token for {uid} because the session is unavailable', [ + $this->logger->critical('Could not renew session token for {uid} because the session is unavailable', [ 'app' => 'core', 'uid' => $uid, + 'user' => $uid, ]); return false; } catch (InvalidTokenException $ex) { - $this->logger->warning('Renewing session token failed', ['app' => 'core']); + $this->logger->error('Renewing session token failed', [ + 'app' => 'core', + 'user' => $uid, + ]); return false; } @@ -937,10 +958,17 @@ class Session implements IUserSession, Emitter { $this->manager->emit('\OC\User', 'logout', [$user]); if ($user !== null) { try { - $this->tokenProvider->invalidateToken($this->session->getId()); + $token = $this->session->getId(); + $this->tokenProvider->invalidateToken($token); + $this->logger->debug('Session token invalidated before logout', [ + 'user' => $user->getUID(), + ]); } catch (SessionNotAvailableException $ex) { } } + $this->logger->debug('Logging out', [ + 'user' => $user === null ? null : $user->getUID(), + ]); $this->setUser(null); $this->setLoginName(null); $this->setToken(null); |