From 494648dddd36b57c12b31d102b238b413c7d77c1 Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Mon, 29 Apr 2024 12:45:44 +0200 Subject: fix(session): Avoid race condition for cache::get() vs. cache::hasKey() Signed-off-by: Joas Schilling --- lib/private/Authentication/Token/PublicKeyTokenProvider.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/lib/private/Authentication/Token/PublicKeyTokenProvider.php b/lib/private/Authentication/Token/PublicKeyTokenProvider.php index 7a5e7f6fd5d..bab025973b9 100644 --- a/lib/private/Authentication/Token/PublicKeyTokenProvider.php +++ b/lib/private/Authentication/Token/PublicKeyTokenProvider.php @@ -189,11 +189,11 @@ class PublicKeyTokenProvider implements IProvider { */ private function getTokenFromCache(string $tokenHash): ?PublicKeyToken { $serializedToken = $this->cache->get($tokenHash); - if (null === $serializedToken) { - if ($this->cache->hasKey($tokenHash)) { - throw new InvalidTokenException('Token does not exist: ' . $tokenHash); - } + if ($serializedToken === false) { + throw new InvalidTokenException('Token does not exist: ' . $tokenHash); + } + if ($serializedToken === null) { return null; } @@ -208,9 +208,9 @@ class PublicKeyTokenProvider implements IProvider { $this->cache->set($token->getToken(), serialize($token), self::TOKEN_CACHE_TTL); } - private function cacheInvalidHash(string $tokenHash) { + private function cacheInvalidHash(string $tokenHash): void { // Invalid entries can be kept longer in cache since it’s unlikely to reuse them - $this->cache->set($tokenHash, null, self::TOKEN_CACHE_TTL * 2); + $this->cache->set($tokenHash, false, self::TOKEN_CACHE_TTL * 2); } public function getTokenById(int $tokenId): IToken { -- cgit v1.2.3