summaryrefslogtreecommitdiffstats
path: root/lib/private/User/Session.php
diff options
context:
space:
mode:
Diffstat (limited to 'lib/private/User/Session.php')
-rw-r--r--lib/private/User/Session.php81
1 files changed, 60 insertions, 21 deletions
diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php
index a213ee48c2a..7215cbe4188 100644
--- a/lib/private/User/Session.php
+++ b/lib/private/User/Session.php
@@ -48,6 +48,7 @@ use OCP\ISession;
use OCP\IUser;
use OCP\IUserManager;
use OCP\IUserSession;
+use OCP\Security\ISecureRandom;
use OCP\Session\Exceptions\SessionNotAvailableException;
use OCP\Util;
@@ -89,23 +90,29 @@ class Session implements IUserSession, Emitter {
/** @var User $activeUser */
protected $activeUser;
+ /** @var ISecureRandom */
+ private $random;
+
/**
* @param IUserManager $manager
* @param ISession $session
* @param ITimeFactory $timeFacory
* @param IProvider $tokenProvider
* @param IConfig $config
+ * @param ISecureRandom $random
*/
public function __construct(IUserManager $manager,
ISession $session,
ITimeFactory $timeFacory,
$tokenProvider,
- IConfig $config) {
+ IConfig $config,
+ ISecureRandom $random) {
$this->manager = $manager;
$this->session = $session;
$this->timeFacory = $timeFacory;
$this->tokenProvider = $tokenProvider;
$this->config = $config;
+ $this->random = $random;
}
/**
@@ -526,9 +533,10 @@ class Session implements IUserSession, Emitter {
* @param string $uid user UID
* @param string $loginName login name
* @param string $password
+ * @param int $remember
* @return boolean
*/
- public function createSessionToken(IRequest $request, $uid, $loginName, $password = null) {
+ public function createSessionToken(IRequest $request, $uid, $loginName, $password = null, $remember = IToken::DO_NOT_REMEMBER) {
if (is_null($this->manager->get($uid))) {
// User does not exist
return false;
@@ -537,7 +545,7 @@ class Session implements IUserSession, Emitter {
try {
$sessionId = $this->session->getId();
$pwd = $this->getPassword($password);
- $this->tokenProvider->generateToken($sessionId, $uid, $loginName, $pwd, $name);
+ $this->tokenProvider->generateToken($sessionId, $uid, $loginName, $pwd, $name, IToken::TEMPORARY_TOKEN, IToken::REMEMBER);
return true;
} catch (SessionNotAvailableException $ex) {
// This can happen with OCC, where a memory session is used
@@ -680,9 +688,10 @@ class Session implements IUserSession, Emitter {
*
* @param string $uid the username
* @param string $currentToken
+ * @param string $oldSessionId
* @return bool
*/
- public function loginWithCookie($uid, $currentToken) {
+ public function loginWithCookie($uid, $currentToken, $oldSessionId) {
$this->session->regenerateId();
$this->manager->emit('\OC\User', 'preRememberedLogin', array($uid));
$user = $this->manager->get($uid);
@@ -692,15 +701,26 @@ class Session implements IUserSession, Emitter {
}
// get stored tokens
- $tokens = OC::$server->getConfig()->getUserKeys($uid, 'login_token');
+ $tokens = $this->config->getUserKeys($uid, 'login_token');
// test cookies token against stored tokens
if (!in_array($currentToken, $tokens, true)) {
return false;
}
// replace successfully used token with a new one
- OC::$server->getConfig()->deleteUserValue($uid, 'login_token', $currentToken);
- $newToken = OC::$server->getSecureRandom()->generate(32);
- OC::$server->getConfig()->setUserValue($uid, 'login_token', $newToken, time());
+ $this->config->deleteUserValue($uid, 'login_token', $currentToken);
+ $newToken = $this->random->generate(32);
+ $this->config->setUserValue($uid, 'login_token', $newToken, $this->timeFacory->getTime());
+
+ try {
+ $sessionId = $this->session->getId();
+ $this->tokenProvider->renewSessionToken($oldSessionId, $sessionId);
+ } catch (SessionNotAvailableException $ex) {
+ return false;
+ } catch (InvalidTokenException $ex) {
+ \OC::$server->getLogger()->warning('Renewing session token failed', ['app' => 'core']);
+ return false;
+ }
+
$this->setMagicInCookie($user->getUID(), $newToken);
//login
@@ -710,6 +730,15 @@ class Session implements IUserSession, Emitter {
}
/**
+ * @param IUser $user
+ */
+ public function createRememberMeToken(IUser $user) {
+ $token = $this->random->generate(32);
+ $this->config->setUserValue($user->getUID(), 'login_token', $token, $this->timeFacory->getTime());
+ $this->setMagicInCookie($user->getUID(), $token);
+ }
+
+ /**
* logout the user from the session
*/
public function logout() {
@@ -736,10 +765,19 @@ class Session implements IUserSession, Emitter {
*/
public function setMagicInCookie($username, $token) {
$secureCookie = OC::$server->getRequest()->getServerProtocol() === 'https';
- $expires = time() + OC::$server->getConfig()->getSystemValue('remember_login_cookie_lifetime', 60 * 60 * 24 * 15);
- setcookie('oc_username', $username, $expires, OC::$WEBROOT, '', $secureCookie, true);
- setcookie('oc_token', $token, $expires, OC::$WEBROOT, '', $secureCookie, true);
- setcookie('oc_remember_login', '1', $expires, OC::$WEBROOT, '', $secureCookie, true);
+ $webRoot = \OC::$WEBROOT;
+ if ($webRoot === '') {
+ $webRoot = '/';
+ }
+
+ $expires = $this->timeFacory->getTime() + $this->config->getSystemValue('remember_login_cookie_lifetime', 60 * 60 * 24 * 15);
+ setcookie('nc_username', $username, $expires, $webRoot, '', $secureCookie, true);
+ setcookie('nc_token', $token, $expires, $webRoot, '', $secureCookie, true);
+ try {
+ setcookie('nc_session_id', $this->session->getId(), $expires, $webRoot, '', $secureCookie, true);
+ } catch (SessionNotAvailableException $ex) {
+ // ignore
+ }
}
/**
@@ -749,17 +787,17 @@ class Session implements IUserSession, Emitter {
//TODO: DI for cookies and IRequest
$secureCookie = OC::$server->getRequest()->getServerProtocol() === 'https';
- unset($_COOKIE['oc_username']); //TODO: DI
- unset($_COOKIE['oc_token']);
- unset($_COOKIE['oc_remember_login']);
- setcookie('oc_username', '', time() - 3600, OC::$WEBROOT, '', $secureCookie, true);
- setcookie('oc_token', '', time() - 3600, OC::$WEBROOT, '', $secureCookie, true);
- setcookie('oc_remember_login', '', time() - 3600, OC::$WEBROOT, '', $secureCookie, true);
+ unset($_COOKIE['nc_username']); //TODO: DI
+ unset($_COOKIE['nc_token']);
+ unset($_COOKIE['nc_session_id']);
+ setcookie('nc_username', '', $this->timeFacory->getTime() - 3600, OC::$WEBROOT, '', $secureCookie, true);
+ setcookie('nc_token', '', $this->timeFacory->getTime() - 3600, OC::$WEBROOT, '', $secureCookie, true);
+ setcookie('nc_session_id', '', $this->timeFacory->getTime() - 3600, OC::$WEBROOT, '', $secureCookie, true);
// old cookies might be stored under /webroot/ instead of /webroot
// and Firefox doesn't like it!
- setcookie('oc_username', '', time() - 3600, OC::$WEBROOT . '/', '', $secureCookie, true);
- setcookie('oc_token', '', time() - 3600, OC::$WEBROOT . '/', '', $secureCookie, true);
- setcookie('oc_remember_login', '', time() - 3600, OC::$WEBROOT . '/', '', $secureCookie, true);
+ setcookie('nc_username', '', $this->timeFacory->getTime() - 3600, OC::$WEBROOT . '/', '', $secureCookie, true);
+ setcookie('nc_token', '', $this->timeFacory->getTime() - 3600, OC::$WEBROOT . '/', '', $secureCookie, true);
+ setcookie('nc_session_id', '', $this->timeFacory->getTime() - 3600, OC::$WEBROOT . '/', '', $secureCookie, true);
}
/**
@@ -779,4 +817,5 @@ class Session implements IUserSession, Emitter {
}
}
+
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-09 07:52:44 +0000