summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--config/config.sample.php9
-rw-r--r--core/src/session-heartbeat.js50
2 files changed, 53 insertions, 6 deletions
diff --git a/config/config.sample.php b/config/config.sample.php
index 00e3a6779fd..268838a1768 100644
--- a/config/config.sample.php
+++ b/config/config.sample.php
@@ -252,6 +252,15 @@ $CONFIG = [
'session_keepalive' => true,
/**
+ * Enable or disable the automatic logout after session_lifetime, even if session
+ * keepalive is enabled. This will make sure that an inactive browser will be logged out
+ * even if requests to the server might extend the session lifetime.
+ *
+ * Defaults to ``false``
+ */
+'auto_logout' => false,
+
+/**
* Enforce token authentication for clients, which blocks requests using the user
* password for enhanced security. Users need to generate tokens in personal settings
* which can be used as passwords on their clients.
diff --git a/core/src/session-heartbeat.js b/core/src/session-heartbeat.js
index a941720d853..4678982d599 100644
--- a/core/src/session-heartbeat.js
+++ b/core/src/session-heartbeat.js
@@ -21,18 +21,21 @@
import $ from 'jquery'
import { emit } from '@nextcloud/event-bus'
+import { loadState } from '@nextcloud/initial-state'
+import { getCurrentUser } from '@nextcloud/auth'
import { generateUrl } from './OC/routing'
-import OC from './OC'
-import { setToken as setRequestToken } from './OC/requesttoken'
+import { setToken as setRequestToken, getToken as getRequestToken } from './OC/requesttoken'
+
+const config = loadState('core', 'config')
/**
* session heartbeat (defaults to enabled)
* @returns {boolean}
*/
const keepSessionAlive = () => {
- return OC.config.session_keepalive === undefined
- || !!OC.config.session_keepalive
+ return config.session_keepalive === undefined
+ || !!config.session_keepalive
}
/**
@@ -41,8 +44,8 @@ const keepSessionAlive = () => {
*/
const getInterval = () => {
let interval = NaN
- if (OC.config.session_lifetime) {
- interval = Math.floor(OC.config.session_lifetime / 2)
+ if (config.session_lifetime) {
+ interval = Math.floor(config.session_lifetime / 2)
}
// minimum one minute, max 24 hours, default 15 minutes
@@ -83,11 +86,46 @@ const startPolling = () => {
return interval
}
+const registerAutoLogout = () => {
+ if (!config.auto_logout || !getCurrentUser()) {
+ return
+ }
+
+ let lastActive = Date.now()
+ window.addEventListener('mousemove', e => {
+ lastActive = Date.now()
+ localStorage.setItem('lastActive', lastActive)
+ })
+
+ window.addEventListener('touchstart', e => {
+ lastActive = Date.now()
+ localStorage.setItem('lastActive', lastActive)
+ })
+
+ window.addEventListener('storage', e => {
+ if (e.key !== 'lastActive') {
+ return
+ }
+ lastActive = e.newValue
+ })
+
+ setInterval(function() {
+ const timeout = Date.now() - config.session_lifetime * 1000
+ if (lastActive < timeout) {
+ console.info('Inactivity timout reached, logging out')
+ const logoutUrl = generateUrl('/logout') + '?requesttoken=' + getRequestToken()
+ window.location = logoutUrl
+ }
+ }, 1000)
+}
+
/**
* Calls the server periodically to ensure that session and CSRF
* token doesn't expire
*/
export const initSessionHeartBeat = () => {
+ registerAutoLogout()
+
if (!keepSessionAlive()) {
console.info('session heartbeat disabled')
return