diff options
| author | Christoph Wurst <christoph@owncloud.com> | 2016-06-17 15:41:32 +0200 |
|---|---|---|
| committer | Christoph Wurst <christoph@owncloud.com> | 2016-06-17 15:42:28 +0200 |
| commit | 1889df5c7cac71e9faf42d19686b98bf61b23bf8 (patch) | |
| tree | e80135a8f412ebb6e3697d6bc4959e7ed26e521a /lib | |
| parent | 0c0a216f42bb004380efca1fd665711f938579d9 (diff) | |
| download | nextcloud-server-1889df5c7cac71e9faf42d19686b98bf61b23bf8.tar.gz nextcloud-server-1889df5c7cac71e9faf42d19686b98bf61b23bf8.zip | |
dont create a session token for clients, validate the app password instead
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/private/User/Session.php | 32 |
1 files changed, 24 insertions, 8 deletions
diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php index ccae72ed35a..cd9e973e306 100644 --- a/lib/private/User/Session.php +++ b/lib/private/User/Session.php @@ -197,14 +197,27 @@ class Session implements IUserSession, Emitter { return $this->activeUser; } + /** + * Validate whether the current session is valid + * + * - For token-authenticated clients, the token validity is checked + * - For browsers, the session token validity is checked + */ protected function validateSession() { - try { - $sessionId = $this->session->getId(); - } catch (SessionNotAvailableException $ex) { - return; + $token = null; + $appPassword = $this->session->get('app_password'); + + if (is_null($appPassword)) { + try { + $token = $this->session->getId(); + } catch (SessionNotAvailableException $ex) { + return; + } + } else { + $token = $appPassword; } - if (!$this->validateToken($sessionId)) { + if (!$this->validateToken($token)) { // Session was invalidated $this->logout(); } @@ -282,7 +295,6 @@ class Session implements IUserSession, Emitter { $this->loginWithToken($password); $user = $this->getUser(); - $this->tokenProvider->updateTokenActivity($token); } else { $this->manager->emit('\OC\User', 'preLogin', array($uid, $password)); $user = $this->manager->checkPassword($uid, $password); @@ -341,7 +353,10 @@ class Session implements IUserSession, Emitter { return false; } - if ($this->supportsCookies($request)) { + if ($isTokenPassword) { + $this->session->set('app_password', $password); + } else if($this->supportsCookies($request)) { + // Password login, but cookies supported -> create (browser) session token $this->createSessionToken($request, $this->getUser()->getUID(), $user, $password); } @@ -458,7 +473,6 @@ class Session implements IUserSession, Emitter { //login $this->setUser($user); - $this->tokenProvider->updateTokenActivity($dbToken); $this->manager->emit('\OC\User', 'postLogin', array($user, $password)); return true; @@ -582,6 +596,8 @@ class Session implements IUserSession, Emitter { return false; } + $this->tokenProvider->updateTokenActivity($dbToken); + return true; } |