diff options
Diffstat (limited to 'lib/private/Session')
| -rw-r--r-- | lib/private/Session/CryptoWrapper.php | 51 | ||||
| -rw-r--r-- | lib/private/Session/Internal.php | 34 | ||||
| -rw-r--r-- | lib/private/Session/Memory.php | 5 | ||||
| -rw-r--r-- | lib/private/Session/Session.php | 7 |
4 files changed, 47 insertions, 50 deletions
diff --git a/lib/private/Session/CryptoWrapper.php b/lib/private/Session/CryptoWrapper.php index aceb387ea74..40c2ba6adf3 100644 --- a/lib/private/Session/CryptoWrapper.php +++ b/lib/private/Session/CryptoWrapper.php @@ -1,13 +1,15 @@ <?php +declare(strict_types=1); + /** * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors * SPDX-FileCopyrightText: 2016 ownCloud, Inc. * SPDX-License-Identifier: AGPL-3.0-only */ + namespace OC\Session; -use OCP\IConfig; use OCP\IRequest; use OCP\ISession; use OCP\Security\ICrypto; @@ -30,37 +32,19 @@ use OCP\Security\ISecureRandom; * @package OC\Session */ class CryptoWrapper { + /** @var string */ public const COOKIE_NAME = 'oc_sessionPassphrase'; - /** @var IConfig */ - protected $config; - /** @var ISession */ - protected $session; - /** @var ICrypto */ - protected $crypto; - /** @var ISecureRandom */ - protected $random; - /** @var string */ - protected $passphrase; + protected string $passphrase; - /** - * @param IConfig $config - * @param ICrypto $crypto - * @param ISecureRandom $random - * @param IRequest $request - */ - public function __construct(IConfig $config, - ICrypto $crypto, + public function __construct( + protected ICrypto $crypto, ISecureRandom $random, - IRequest $request) { - $this->crypto = $crypto; - $this->config = $config; - $this->random = $random; - - if (!is_null($request->getCookie(self::COOKIE_NAME))) { - $this->passphrase = $request->getCookie(self::COOKIE_NAME); - } else { - $this->passphrase = $this->random->generate(128); + IRequest $request, + ) { + $passphrase = $request->getCookie(self::COOKIE_NAME); + if ($passphrase === null) { + $passphrase = $random->generate(128); $secureCookie = $request->getServerProtocol() === 'https'; // FIXME: Required for CI if (!defined('PHPUNIT_RUN')) { @@ -71,11 +55,11 @@ class CryptoWrapper { setcookie( self::COOKIE_NAME, - $this->passphrase, + $passphrase, [ 'expires' => 0, 'path' => $webRoot, - 'domain' => '', + 'domain' => \OCP\Server::get(\OCP\IConfig::class)->getSystemValueString('cookie_domain'), 'secure' => $secureCookie, 'httponly' => true, 'samesite' => 'Lax', @@ -83,13 +67,10 @@ class CryptoWrapper { ); } } + $this->passphrase = $passphrase; } - /** - * @param ISession $session - * @return ISession - */ - public function wrapSession(ISession $session) { + public function wrapSession(ISession $session): ISession { if (!($session instanceof CryptoSessionData)) { return new CryptoSessionData($session, $this->crypto, $this->passphrase); } diff --git a/lib/private/Session/Internal.php b/lib/private/Session/Internal.php index 4384b0ab5c0..b465bcd3eda 100644 --- a/lib/private/Session/Internal.php +++ b/lib/private/Session/Internal.php @@ -11,7 +11,11 @@ namespace OC\Session; use OC\Authentication\Token\IProvider; use OCP\Authentication\Exceptions\InvalidTokenException; +use OCP\ILogger; use OCP\Session\Exceptions\SessionNotAvailableException; +use Psr\Log\LoggerInterface; +use function call_user_func_array; +use function microtime; /** * Class Internal @@ -25,9 +29,13 @@ class Internal extends Session { * @param string $name * @throws \Exception */ - public function __construct(string $name) { + public function __construct( + string $name, + private ?LoggerInterface $logger, + ) { set_error_handler([$this, 'trapError']); $this->invoke('session_name', [$name]); + $this->invoke('session_cache_limiter', ['']); try { $this->startSession(); } catch (\Exception $e) { @@ -183,11 +191,31 @@ class Internal extends Session { */ private function invoke(string $functionName, array $parameters = [], bool $silence = false) { try { + $timeBefore = microtime(true); if ($silence) { - return @call_user_func_array($functionName, $parameters); + $result = @call_user_func_array($functionName, $parameters); } else { - return call_user_func_array($functionName, $parameters); + $result = call_user_func_array($functionName, $parameters); } + $timeAfter = microtime(true); + $timeSpent = $timeAfter - $timeBefore; + if ($timeSpent > 0.1) { + $logLevel = match (true) { + $timeSpent > 25 => ILogger::ERROR, + $timeSpent > 10 => ILogger::WARN, + $timeSpent > 0.5 => ILogger::INFO, + default => ILogger::DEBUG, + }; + $this->logger?->log( + $logLevel, + "Slow session operation $functionName detected", + [ + 'parameters' => $parameters, + 'timeSpent' => $timeSpent, + ], + ); + } + return $result; } catch (\Error $e) { $this->trapError($e->getCode(), $e->getMessage()); } diff --git a/lib/private/Session/Memory.php b/lib/private/Session/Memory.php index eb10ebe05b4..395711836f5 100644 --- a/lib/private/Session/Memory.php +++ b/lib/private/Session/Memory.php @@ -20,11 +20,6 @@ use OCP\Session\Exceptions\SessionNotAvailableException; class Memory extends Session { protected $data; - public function __construct(string $name) { - //no need to use $name since all data is already scoped to this instance - $this->data = []; - } - /** * @param string $key * @param integer $value diff --git a/lib/private/Session/Session.php b/lib/private/Session/Session.php index 3006eceecba..b7510b63683 100644 --- a/lib/private/Session/Session.php +++ b/lib/private/Session/Session.php @@ -20,13 +20,6 @@ abstract class Session implements \ArrayAccess, ISession { protected $sessionClosed = false; /** - * $name serves as a namespace for the session keys - * - * @param string $name - */ - abstract public function __construct(string $name); - - /** * @param mixed $offset * @return bool */ |