mirror of
https://github.com/nextcloud/server.git
synced 2026-04-21 14:23:17 -04:00
Merge pull request #40849 from nextcloud/backport/40785/stable27
[stable27] fix: Log critical session renewal and logout paths
This commit is contained in:
Arthur Schiwon
GitHub
commit
1b1a54403e
1 changed files with 33 additions and 5 deletions
|
|
@ -781,6 +781,11 @@ class Session implements IUserSession, Emitter {
|
|||
try {
|
||||
$dbToken = $this->tokenProvider->getToken($token);
|
||||
} catch (InvalidTokenException $ex) {
|
||||
$this->logger->warning('Session token is invalid because it does not exist', [
|
||||
'app' => 'core',
|
||||
'user' => $user,
|
||||
'exception' => $ex,
|
||||
]);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -800,6 +805,10 @@ class Session implements IUserSession, Emitter {
|
|||
}
|
||||
|
||||
if (!$this->checkTokenCredentials($dbToken, $token)) {
|
||||
$this->logger->warning('Session token credentials are invalid', [
|
||||
'app' => 'core',
|
||||
'user' => $user,
|
||||
]);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -875,9 +884,9 @@ class Session implements IUserSession, Emitter {
|
|||
$tokens = $this->config->getUserKeys($uid, 'login_token');
|
||||
// test cookies token against stored tokens
|
||||
if (!in_array($currentToken, $tokens, true)) {
|
||||
$this->logger->info('Tried to log in {uid} but could not verify token', [
|
||||
$this->logger->info('Tried to log in but could not verify token', [
|
||||
'app' => 'core',
|
||||
'uid' => $uid,
|
||||
'user' => $uid,
|
||||
]);
|
||||
return false;
|
||||
}
|
||||
|
|
@ -885,18 +894,30 @@ class Session implements IUserSession, Emitter {
|
|||
$this->config->deleteUserValue($uid, 'login_token', $currentToken);
|
||||
$newToken = $this->random->generate(32);
|
||||
$this->config->setUserValue($uid, 'login_token', $newToken, (string)$this->timeFactory->getTime());
|
||||
$this->logger->debug('Remember-me token replaced', [
|
||||
'app' => 'core',
|
||||
'user' => $uid,
|
||||
]);
|
||||
|
||||
try {
|
||||
$sessionId = $this->session->getId();
|
||||
$token = $this->tokenProvider->renewSessionToken($oldSessionId, $sessionId);
|
||||
$this->logger->debug('Session token replaced', [
|
||||
'app' => 'core',
|
||||
'user' => $uid,
|
||||
]);
|
||||
} catch (SessionNotAvailableException $ex) {
|
||||
$this->logger->warning('Could not renew session token for {uid} because the session is unavailable', [
|
||||
$this->logger->critical('Could not renew session token for {uid} because the session is unavailable', [
|
||||
'app' => 'core',
|
||||
'uid' => $uid,
|
||||
'user' => $uid,
|
||||
]);
|
||||
return false;
|
||||
} catch (InvalidTokenException $ex) {
|
||||
$this->logger->warning('Renewing session token failed', ['app' => 'core']);
|
||||
$this->logger->error('Renewing session token failed', [
|
||||
'app' => 'core',
|
||||
'user' => $uid,
|
||||
]);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -935,10 +956,17 @@ class Session implements IUserSession, Emitter {
|
|||
$this->manager->emit('\OC\User', 'logout', [$user]);
|
||||
if ($user !== null) {
|
||||
try {
|
||||
$this->tokenProvider->invalidateToken($this->session->getId());
|
||||
$token = $this->session->getId();
|
||||
$this->tokenProvider->invalidateToken($token);
|
||||
$this->logger->debug('Session token invalidated before logout', [
|
||||
'user' => $user->getUID(),
|
||||
]);
|
||||
} catch (SessionNotAvailableException $ex) {
|
||||
}
|
||||
}
|
||||
$this->logger->debug('Logging out', [
|
||||
'user' => $user === null ? null : $user->getUID(),
|
||||
]);
|
||||
$this->setUser(null);
|
||||
$this->setLoginName(null);
|
||||
$this->setToken(null);
|
||||
|
|
|
|||
Loading…
Reference in a new issue