upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-02-10 22:34:26 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 35
nextcloud/lib/private/AppFramework/Middleware/FlowV2EphemeralSessionsMiddleware.php
Louis Chmn 4ce1bcc18d
feat(EphemeralSessions): Introduce lax period 
Signed-off-by: Louis Chmn <louis@chmn.me>
2025-11-07 08:30:21 +01:00

74 lines
2 KiB
PHP
Raw Permalink Blame History

<?php
declare(strict_types=1);
/**
* SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors
* SPDX-License-Identifier: AGPL-3.0-only
*/
namespace OC\AppFramework\Middleware;
use OC\AppFramework\Utility\ControllerMethodReflector;
use OC\Core\Controller\ClientFlowLoginV2Controller;
use OC\Core\Controller\TwoFactorChallengeController;
use OCP\AppFramework\Middleware;
use OCP\AppFramework\Utility\ITimeFactory;
use OCP\Authentication\TwoFactorAuth\ALoginSetupController;
use OCP\ISession;
use OCP\IUserSession;
// Will close the session if the user session is ephemeral.
// Happens when the user logs in via the login flow v2.
class FlowV2EphemeralSessionsMiddleware extends Middleware {
private const EPHEMERAL_SESSION_TTL = 5 * 60; // 5 minutes
private ISession $session;
private IUserSession $userSession;
private ControllerMethodReflector $reflector;
private ITimeFactory $timeFactory;
public function __construct(
ISession $session,
IUserSession $userSession,
ControllerMethodReflector $reflector,
ITimeFactory $timeFactory
) {
$this->session = $session;
$this->userSession = $userSession;
$this->reflector = $reflector;
$this->timeFactory = $timeFactory;
}
public function beforeController($controller, $methodName) {
$sessionCreationTime = $this->session->get(ClientFlowLoginV2Controller::EPHEMERAL_NAME);
// Not an ephemeral session.
if ($sessionCreationTime === null) {
return;
}
// Lax enforcement until TTL is reached.
if ($this->timeFactory->getTime() < $sessionCreationTime + self::EPHEMERAL_SESSION_TTL) {
return;
}
// Allow certain controllers/methods to proceed without logging out.
if (
$controller instanceof ClientFlowLoginV2Controller &&
($methodName === 'grantPage' || $methodName === 'generateAppPassword')
) {
return;
}
if ($controller instanceof TwoFactorChallengeController
|| $controller instanceof ALoginSetupController) {
return;
}
if ($this->reflector->hasAnnotation('PublicPage')) {
return;
}
$this->userSession->logout();
$this->session->close();
}
}
Reference in a new issue View git blame Copy permalink