nextcloud/lib/private/AppFramework/Middleware/Security/ReloadExecutionMiddleware.php

<?php

declare(strict_types=1);

/**
 * SPDX-FileCopyrightText: 2019 Nextcloud GmbH and Nextcloud contributors
 * SPDX-License-Identifier: AGPL-3.0-or-later
 */
namespace OC\AppFramework\Middleware\Security;

use OC\AppFramework\Middleware\Security\Exceptions\ReloadExecutionException;
use OCP\AppFramework\Http\RedirectResponse;
use OCP\AppFramework\Middleware;
use OCP\ISession;
use OCP\IURLGenerator;

/**
 * Simple middleware to handle the clearing of the execution context. This will trigger
 * a reload but if the session variable is set we properly redirect to the login page.
 */
class ReloadExecutionMiddleware extends Middleware {
	public function __construct(
		private ISession $session,
		private IURLGenerator $urlGenerator,
	) {
	}

	public function beforeController($controller, $methodName) {
		if ($this->session->exists('clearingExecutionContexts')) {
			throw new ReloadExecutionException();
		}
	}

	public function afterException($controller, $methodName, \Exception $exception) {
		if ($exception instanceof ReloadExecutionException) {
			$this->session->remove('clearingExecutionContexts');

			return new RedirectResponse($this->urlGenerator->linkToRouteAbsolute(
				'core.login.showLoginForm',
				['clear' => true] // this param the code in login.js may be removed when the "Clear-Site-Data" is working in the browsers
			));
		}

		return parent::afterException($controller, $methodName, $exception);
	}
}
Do not do redirect handling when loggin out Fixes #12568 Since the clearing of the execution context causes another reload. We should not do the redirect_uri handling as this results in redirecting back to the logout page on login. This adds a simple middleware that will just check if the ClearExecutionContext session variable is set. If that is the case it will just redirect back to the login page. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-11-21 17:21:28 -05:00			`<?php`
Update license headers Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2019-12-03 13:57:53 -05:00
Do not do redirect handling when loggin out Fixes #12568 Since the clearing of the execution context causes another reload. We should not do the redirect_uri handling as this results in redirecting back to the logout page on login. This adds a simple middleware that will just check if the ClearExecutionContext session variable is set. If that is the case it will just redirect back to the login page. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-11-21 17:21:28 -05:00			`declare(strict_types=1);`
Update license headers Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2019-12-03 13:57:53 -05:00
Do not do redirect handling when loggin out Fixes #12568 Since the clearing of the execution context causes another reload. We should not do the redirect_uri handling as this results in redirecting back to the logout page on login. This adds a simple middleware that will just check if the ClearExecutionContext session variable is set. If that is the case it will just redirect back to the login page. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-11-21 17:21:28 -05:00			`/**`
chore: Add SPDX header Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de> 2024-05-23 03:26:56 -04:00			`* SPDX-FileCopyrightText: 2019 Nextcloud GmbH and Nextcloud contributors`
			`* SPDX-License-Identifier: AGPL-3.0-or-later`
Do not do redirect handling when loggin out Fixes #12568 Since the clearing of the execution context causes another reload. We should not do the redirect_uri handling as this results in redirecting back to the logout page on login. This adds a simple middleware that will just check if the ClearExecutionContext session variable is set. If that is the case it will just redirect back to the login page. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-11-21 17:21:28 -05:00			`*/`
			`namespace OC\AppFramework\Middleware\Security;`

			`use OC\AppFramework\Middleware\Security\Exceptions\ReloadExecutionException;`
			`use OCP\AppFramework\Http\RedirectResponse;`
			`use OCP\AppFramework\Middleware;`
			`use OCP\ISession;`
			`use OCP\IURLGenerator;`

			`/**`
			`* Simple middleware to handle the clearing of the execution context. This will trigger`
			`* a reload but if the session variable is set we properly redirect to the login page.`
			`*/`
			`class ReloadExecutionMiddleware extends Middleware {`
refactor: Run rector on lib/private Signed-off-by: Carl Schwan <carl.schwan@nextcloud.com> 2025-11-17 09:32:54 -05:00			`public function __construct(`
			`private ISession $session,`
			`private IURLGenerator $urlGenerator,`
			`) {`
Do not do redirect handling when loggin out Fixes #12568 Since the clearing of the execution context causes another reload. We should not do the redirect_uri handling as this results in redirecting back to the logout page on login. This adds a simple middleware that will just check if the ClearExecutionContext session variable is set. If that is the case it will just redirect back to the login page. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-11-21 17:21:28 -05:00			`}`

			`public function beforeController($controller, $methodName) {`
			`if ($this->session->exists('clearingExecutionContexts')) {`
			`throw new ReloadExecutionException();`
			`}`
			`}`

			`public function afterException($controller, $methodName, \Exception $exception) {`
			`if ($exception instanceof ReloadExecutionException) {`
			`$this->session->remove('clearingExecutionContexts');`

			`return new RedirectResponse($this->urlGenerator->linkToRouteAbsolute(`
			`'core.login.showLoginForm',`
feat(security): Add PHP \Attribute for remaining security annotations Signed-off-by: Joas Schilling <coding@schilljs.com> 2023-04-24 11:13:18 -04:00			`['clear' => true] // this param the code in login.js may be removed when the "Clear-Site-Data" is working in the browsers`
Do not do redirect handling when loggin out Fixes #12568 Since the clearing of the execution context causes another reload. We should not do the redirect_uri handling as this results in redirecting back to the logout page on login. This adds a simple middleware that will just check if the ClearExecutionContext session variable is set. If that is the case it will just redirect back to the login page. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-11-21 17:21:28 -05:00			`));`
			`}`

			`return parent::afterException($controller, $methodName, $exception);`
			`}`
			`}`