Fix missing update of session, when it was already used.

Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-10-28 11:29:02 +02:00 · 2016-10-28 11:29:02 +02:00 · 2cd92d0abb
commit 2cd92d0abb
parent f7d681d038
2 changed files with 12 additions and 2 deletions
--- a/lib/private/Security/CSRF/TokenStorage/SessionStorage.php
+++ b/lib/private/Security/CSRF/TokenStorage/SessionStorage.php
@ -40,6 +40,13 @@ class SessionStorage {
 		$this->session = $session;
 	}

+	/**
+	 * @param ISession $session
+	 */
+	public function setSession(ISession $session) {
+		$this->session = $session;
+	}
+
 	/**
 	 * Returns the current token or throws an exception if none is found.
 	 *
--- a/lib/private/Server.php
+++ b/lib/private/Server.php
@ -710,13 +710,15 @@ class Server extends ServerContainer implements IServerContainer {
 		});
 		$this->registerService('CsrfTokenManager', function (Server $c) {
 			$tokenGenerator = new CsrfTokenGenerator($c->getSecureRandom());
-			$sessionStorage = new SessionStorage($c->getSession());

 			return new CsrfTokenManager(
 				$tokenGenerator,
-				$sessionStorage
+				$c->query(SessionStorage::class)
 			);
 		});
+		$this->registerService(SessionStorage::class, function (Server $c) {
+			return new SessionStorage($c->getSession());
+		});
 		$this->registerService('ContentSecurityPolicyManager', function (Server $c) {
 			return new ContentSecurityPolicyManager();
 		});
@ -945,6 +947,7 @@ class Server extends ServerContainer implements IServerContainer {
 	 * @param \OCP\ISession $session
 	 */
 	public function setSession(\OCP\ISession $session) {
+		$this->query(SessionStorage::class)->setSession($session);
 		return $this->query('UserSession')->setSession($session);
 	}