diff options
author | Jörn Friedrich Dreyer <jfd@butonic.de> | 2014-07-16 19:40:22 +0200 |
---|---|---|
committer | Robin Appelman <icewind@owncloud.com> | 2014-08-29 10:22:21 +0200 |
commit | f551917a3ca2cedf748337646ed4b1d398ac8437 (patch) | |
tree | eccf53eb77c44019ef59e90c41af43297993ddf9 /lib | |
parent | ed2424c3822a3470065788ff113a3807d24d80dc (diff) | |
download | nextcloud-server-f551917a3ca2cedf748337646ed4b1d398ac8437.tar.gz nextcloud-server-f551917a3ca2cedf748337646ed4b1d398ac8437.zip |
kill OC::$session
maintain deprecated \OC::$session when getting or setting the session via the server container or UserSession
restore order os OC::$session and OC::$CLI
remove unneded initialization of dummy session
write back session when $useCustomSession is true
log warning when deprecated app is used
Diffstat (limited to 'lib')
-rw-r--r-- | lib/base.php | 39 | ||||
-rw-r--r-- | lib/private/appframework/dependencyinjection/dicontainer.php | 2 | ||||
-rw-r--r-- | lib/private/connector/sabre/auth.php | 2 | ||||
-rw-r--r-- | lib/private/server.php | 30 | ||||
-rw-r--r-- | lib/private/share/share.php | 4 | ||||
-rw-r--r-- | lib/private/template.php | 12 | ||||
-rw-r--r-- | lib/private/user.php | 8 | ||||
-rw-r--r-- | lib/private/user/session.php | 44 | ||||
-rwxr-xr-x | lib/private/util.php | 16 |
9 files changed, 102 insertions, 55 deletions
diff --git a/lib/base.php b/lib/base.php index 1c69d6f5671..2dd107411f0 100644 --- a/lib/base.php +++ b/lib/base.php @@ -71,6 +71,7 @@ class OC { public static $CLI = false; /** + * @deprecated use \OC::$session->getSession() instead * @var \OC\Session\Session */ public static $session = null; @@ -375,19 +376,20 @@ class OC { $cookie_path = OC::$WEBROOT ? : '/'; ini_set('session.cookie_path', $cookie_path); - //set the session object to a dummy session so code relying on the session existing still works - self::$session = new \OC\Session\Memory(''); - // Let the session name be changed in the initSession Hook $sessionName = OC_Util::getInstanceId(); try { // Allow session apps to create a custom session object $useCustomSession = false; - OC_Hook::emit('OC', 'initSession', array('session' => &self::$session, 'sessionName' => &$sessionName, 'useCustomSession' => &$useCustomSession)); - if(!$useCustomSession) { + $session = self::$server->getSession(); + OC_Hook::emit('OC', 'initSession', array('session' => &$session, 'sessionName' => &$sessionName, 'useCustomSession' => &$useCustomSession)); + if($useCustomSession) { + // use the session reference as the new Session + self::$server->setSession($session); + } else { // set the session name to the instance id - which is unique - self::$session = new \OC\Session\Internal($sessionName); + self::$server->setSession(new \OC\Session\Internal($sessionName)); } // if session cant be started break with http 500 error } catch (Exception $e) { @@ -398,15 +400,19 @@ class OC { $sessionLifeTime = self::getSessionLifeTime(); // regenerate session id periodically to avoid session fixation - if (!self::$session->exists('SID_CREATED')) { - self::$session->set('SID_CREATED', time()); - } else if (time() - self::$session->get('SID_CREATED') > $sessionLifeTime / 2) { + /** + * @var \OCP\ISession $session + */ + $session = self::$server->getSession(); + if (!$session->exists('SID_CREATED')) { + $session->set('SID_CREATED', time()); + } else if (time() - $session->get('SID_CREATED') > $sessionLifeTime / 2) { session_regenerate_id(true); - self::$session->set('SID_CREATED', time()); + $session->set('SID_CREATED', time()); } // session timeout - if (self::$session->exists('LAST_ACTIVITY') && (time() - self::$session->get('LAST_ACTIVITY') > $sessionLifeTime)) { + if ($session->exists('LAST_ACTIVITY') && (time() - $session->get('LAST_ACTIVITY') > $sessionLifeTime)) { if (isset($_COOKIE[session_name()])) { setcookie(session_name(), '', time() - 42000, $cookie_path); } @@ -415,7 +421,7 @@ class OC { session_start(); } - self::$session->set('LAST_ACTIVITY', time()); + $session->set('LAST_ACTIVITY', time()); } /** @@ -447,9 +453,6 @@ class OC { self::$loader->registerPrefix('Pimple', '3rdparty/Pimple'); spl_autoload_register(array(self::$loader, 'load')); - // make a dummy session available as early as possible since error pages need it - self::$session = new \OC\Session\Memory(''); - // set some stuff //ob_start(); error_reporting(E_ALL | E_STRICT); @@ -544,7 +547,7 @@ class OC { // User and Groups if (!OC_Config::getValue("installed", false)) { - self::$session->set('user_id', ''); + self::$server->getSession()->set('user_id', ''); } OC_User::useBackend(new OC_User_Database()); @@ -783,7 +786,7 @@ class OC { if (isset($_COOKIE['oc_ignore_php_auth_user'])) { // Ignore HTTP Authentication for 5 more mintues. setcookie('oc_ignore_php_auth_user', $_SERVER['PHP_AUTH_USER'], time() + 300, OC::$WEBROOT.(empty(OC::$WEBROOT) ? '/' : '')); - } elseif ($_SERVER['PHP_AUTH_USER'] === self::$session->get('loginname')) { + } elseif ($_SERVER['PHP_AUTH_USER'] === self::$server->getSession()->get('loginname')) { // Ignore HTTP Authentication to allow a different user to log in. setcookie('oc_ignore_php_auth_user', $_SERVER['PHP_AUTH_USER'], 0, OC::$WEBROOT.(empty(OC::$WEBROOT) ? '/' : '')); } @@ -930,7 +933,7 @@ class OC { if (OC_User::login($_POST["user"], $_POST["password"])) { // setting up the time zone if (isset($_POST['timezone-offset'])) { - self::$session->set('timezone', $_POST['timezone-offset']); + self::$server->getSession()->set('timezone', $_POST['timezone-offset']); } $userid = OC_User::getUser(); diff --git a/lib/private/appframework/dependencyinjection/dicontainer.php b/lib/private/appframework/dependencyinjection/dicontainer.php index 61a2333ecee..e7efa3fa219 100644 --- a/lib/private/appframework/dependencyinjection/dicontainer.php +++ b/lib/private/appframework/dependencyinjection/dicontainer.php @@ -191,7 +191,7 @@ class DIContainer extends SimpleContainer implements IAppContainer{ } private function getUserId() { - return \OC::$session->get('user_id'); + return \OC::$server->getSession()->get('user_id'); } /** diff --git a/lib/private/connector/sabre/auth.php b/lib/private/connector/sabre/auth.php index b1ef698583d..6e1baca9332 100644 --- a/lib/private/connector/sabre/auth.php +++ b/lib/private/connector/sabre/auth.php @@ -78,7 +78,7 @@ class OC_Connector_Sabre_Auth extends \Sabre\DAV\Auth\Backend\AbstractBasic { $result = $this->auth($server, $realm); // close the session - right after authentication there is not need to write to the session any more - \OC::$session->close(); + \OC::$server->getSession()->close(); return $result; } diff --git a/lib/private/server.php b/lib/private/server.php index aab3c82bfeb..53aab7a586a 100644 --- a/lib/private/server.php +++ b/lib/private/server.php @@ -10,6 +10,7 @@ use OC\DB\ConnectionWrapper; use OC\Files\Node\Root; use OC\Files\View; use OCP\IServerContainer; +use OCP\ISession; /** * Class Server @@ -31,8 +32,8 @@ class Server extends SimpleContainer implements IServerContainer { $urlParams = array(); } - if (\OC::$session->exists('requesttoken')) { - $requestToken = \OC::$session->get('requesttoken'); + if (\OC::$server->getSession()->exists('requesttoken')) { + $requestToken = \OC::$server->getSession()->get('requesttoken'); } else { $requestToken = false; } @@ -100,7 +101,7 @@ class Server extends SimpleContainer implements IServerContainer { * @var \OC\User\Manager $manager */ $manager = $c->query('UserManager'); - $userSession = new \OC\User\Session($manager, \OC::$session); + $userSession = new \OC\User\Session($manager, new \OC\Session\Memory('')); $userSession->listen('\OC\User', 'preCreateUser', function ($uid, $password) { \OC_Hook::emit('OC_User', 'pre_createUser', array('run' => true, 'uid' => $uid, 'password' => $password)); }); @@ -328,6 +329,20 @@ class Server extends SimpleContainer implements IServerContainer { } /** + * @return \OCP\ISession + */ + function getSession() { + return $this->query('UserSession')->getSession(); + } + + /** + * @param \OCP\ISession $session + */ + function setSession(\OCP\ISession $session) { + return $this->query('UserSession')->setSession($session); + } + + /** * @return \OC\NavigationManager */ function getNavigationManager() { @@ -395,15 +410,6 @@ class Server extends SimpleContainer implements IServerContainer { /** * Returns the current session * - * @return \OCP\ISession - */ - function getSession() { - return \OC::$session; - } - - /** - * Returns the current session - * * @return \OCP\IDBConnection */ function getDatabaseConnection() { diff --git a/lib/private/share/share.php b/lib/private/share/share.php index faa6453d640..c3593beac45 100644 --- a/lib/private/share/share.php +++ b/lib/private/share/share.php @@ -1855,8 +1855,8 @@ class Share extends \OC\Share\Constants { return true; } - if ( \OC::$session->exists('public_link_authenticated') - && \OC::$session->get('public_link_authenticated') === $linkItem['id'] ) { + if ( \OC::$server->getSession()->exists('public_link_authenticated') + && \OC::$server->getSession()->get('public_link_authenticated') === $linkItem['id'] ) { return true; } diff --git a/lib/private/template.php b/lib/private/template.php index 173345cc001..d6afe1a3e40 100644 --- a/lib/private/template.php +++ b/lib/private/template.php @@ -52,7 +52,7 @@ class OC_Template extends \OC\Template\Base { // Read the detected formfactor and use the right file name. $fext = self::getFormFactorExtension(); - $requesttoken = OC::$session ? OC_Util::callRegister() : ''; + $requesttoken = OC::$server->getSession() ? OC_Util::callRegister() : ''; $parts = explode('/', $app); // fix translation when app is something like core/lostpassword $l10n = OC_L10N::get($parts[0]); @@ -101,20 +101,20 @@ class OC_Template extends \OC\Template\Base { */ static public function getFormFactorExtension() { - if (!\OC::$session) { + if (!\OC::$server->getSession()) { return ''; } // if the formfactor is not yet autodetected do the // autodetection now. For possible formfactors check the // detectFormfactor documentation - if (!\OC::$session->exists('formfactor')) { - \OC::$session->set('formfactor', self::detectFormfactor()); + if (!\OC::$server->getSession()->exists('formfactor')) { + \OC::$server->getSession()->set('formfactor', self::detectFormfactor()); } // allow manual override via GET parameter if(isset($_GET['formfactor'])) { - \OC::$session->set('formfactor', $_GET['formfactor']); + \OC::$server->getSession()->set('formfactor', $_GET['formfactor']); } - $formfactor = \OC::$session->get('formfactor'); + $formfactor = \OC::$server->getSession()->get('formfactor'); if($formfactor==='default') { $fext=''; }elseif($formfactor==='mobile') { diff --git a/lib/private/user.php b/lib/private/user.php index cdef4d8fe65..c9b1522f85a 100644 --- a/lib/private/user.php +++ b/lib/private/user.php @@ -300,7 +300,7 @@ class OC_User { * Sets user id for session and triggers emit */ public static function setUserId($uid) { - OC::$session->set('user_id', $uid); + \OC::$server->getSession()->set('user_id', $uid); } /** @@ -337,8 +337,8 @@ class OC_User { * Checks if the user is logged in */ public static function isLoggedIn() { - if (\OC::$session->get('user_id') !== null && self::$incognitoMode === false) { - return self::userExists(\OC::$session->get('user_id')); + if (\OC::$server->getSession()->get('user_id') !== null && self::$incognitoMode === false) { + return self::userExists(\OC::$server->getSession()->get('user_id')); } return false; } @@ -386,7 +386,7 @@ class OC_User { * @return string uid or false */ public static function getUser() { - $uid = OC::$session ? OC::$session->get('user_id') : null; + $uid = \OC::$server->getSession() ? \OC::$server->getSession()->get('user_id') : null; if (!is_null($uid) && self::$incognitoMode === false) { return $uid; } else { diff --git a/lib/private/user/session.php b/lib/private/user/session.php index 6abf8fb80d2..11938db5076 100644 --- a/lib/private/user/session.php +++ b/lib/private/user/session.php @@ -47,10 +47,10 @@ class Session implements IUserSession, Emitter { protected $activeUser; /** - * @param \OC\User\Manager $manager - * @param \OC\Session\Session $session + * @param \OCP\IUserManager $manager + * @param \OCP\ISession $session */ - public function __construct($manager, $session) { + public function __construct(\OCP\IUserManager $manager, \OCP\ISession $session) { $this->manager = $manager; $this->session = $session; } @@ -83,6 +83,44 @@ class Session implements IUserSession, Emitter { } /** + * get the session object + * + * @return \OCP\ISession + */ + public function getSession() { + // fetch the deprecated \OC::$session if it changed for backwards compatibility + if (isset(\OC::$session) && \OC::$session !== $this->session) { + \OC::$server->getLogger()->warning( + 'One of your installed apps still seems to use the deprecated '. + '\OC::$session and has replaced it with a new instance. Please file a bug against it.'. + 'Closing and replacing session in UserSession instance.' + ); + $this->setSession(\OC::$session); + } + return $this->session; + } + + /** + * set the session object + * + * @param \OCP\ISession $session + */ + public function setSession(\OCP\ISession $session) { + if ($this->session instanceof \OCP\ISession) { + $this->session->close(); + } + $this->session = $session; + + // maintain deprecated \OC::$session + if (\OC::$session !== $this->session) { + if (\OC::$session instanceof \OCP\ISession) { + \OC::$session->close(); + } + \OC::$session = $session; + } + } + + /** * set the currently active user * * @param \OC\User\User|null $user diff --git a/lib/private/util.php b/lib/private/util.php index 4307560a928..c79f374771c 100755 --- a/lib/private/util.php +++ b/lib/private/util.php @@ -384,11 +384,11 @@ class OC_Util { * @return string timestamp * @description adjust to clients timezone if we know it */ - public static function formatDate($timestamp, $dateOnly = false) { - if (\OC::$session->exists('timezone')) { + public static function formatDate( $timestamp, $dateOnly = false) { + if(\OC::$server->getSession()->exists('timezone')) { $systemTimeZone = intval(date('O')); $systemTimeZone = (round($systemTimeZone / 100, 0) * 60) + ($systemTimeZone % 100); - $clientTimeZone = \OC::$session->get('timezone') * 60; + $clientTimeZone = \OC::$server->getSession()->get('timezone') * 60; $offset = $clientTimeZone - $systemTimeZone; $timestamp = $timestamp + $offset * 60; } @@ -412,7 +412,7 @@ class OC_Util { } // Assume that if checkServer() succeeded before in this session, then all is fine. - if (\OC::$session->exists('checkServer_succeeded') && \OC::$session->get('checkServer_succeeded')) { + if (\OC::$server->getSession()->exists('checkServer_succeeded') && \OC::$server->getSession()->get('checkServer_succeeded')) { return $errors; } @@ -615,7 +615,7 @@ class OC_Util { $errors = array_merge($errors, self::checkDatabaseVersion()); // Cache the result of this function - \OC::$session->set('checkServer_succeeded', count($errors) == 0); + \OC::$server->getSession()->set('checkServer_succeeded', count($errors) == 0); return $errors; } @@ -938,13 +938,13 @@ class OC_Util { */ public static function callRegister() { // Check if a token exists - if (!\OC::$session->exists('requesttoken')) { + if (!\OC::$server->getSession()->exists('requesttoken')) { // No valid token found, generate a new one. $requestToken = self::generateRandomBytes(20); - \OC::$session->set('requesttoken', $requestToken); + \OC::$server->getSession()->set('requesttoken', $requestToken); } else { // Valid token already exists, send it - $requestToken = \OC::$session->get('requesttoken'); + $requestToken = \OC::$server->getSession()->get('requesttoken'); } return ($requestToken); } |