Merge pull request #9823 from nextcloud/bufgix/noid/update_token_on_session_id_regenerate
Update the token on session regeneration
This commit is contained in:
commit
60adc92eb5
6 changed files with 42 additions and 7 deletions
|
@ -217,7 +217,7 @@ class ShareController extends Controller {
|
|||
private function linkShareAuth(\OCP\Share\IShare $share, $password = null) {
|
||||
if ($password !== null) {
|
||||
if ($this->shareManager->checkPassword($share, $password)) {
|
||||
$this->session->regenerateId();
|
||||
$this->session->regenerateId(true, true);
|
||||
$this->session->set('public_link_authenticated', (string)$share->getId());
|
||||
} else {
|
||||
$this->emitAccessShareHook($share, 403, 'Wrong password');
|
||||
|
|
|
@ -150,10 +150,11 @@ class CryptoSessionData implements \ArrayAccess, ISession {
|
|||
* Wrapper around session_regenerate_id
|
||||
*
|
||||
* @param bool $deleteOldSession Whether to delete the old associated session file or not.
|
||||
* @param bool $updateToken Wheater to update the associated auth token
|
||||
* @return void
|
||||
*/
|
||||
public function regenerateId(bool $deleteOldSession = true) {
|
||||
$this->session->regenerateId($deleteOldSession);
|
||||
public function regenerateId(bool $deleteOldSession = true, bool $updateToken = false) {
|
||||
$this->session->regenerateId($deleteOldSession, $updateToken);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -30,6 +30,10 @@ declare(strict_types=1);
|
|||
|
||||
namespace OC\Session;
|
||||
|
||||
use OC\Authentication\Exceptions\InvalidTokenException;
|
||||
use OC\Authentication\Token\IProvider;
|
||||
use OC\SystemConfig;
|
||||
use OCP\IConfig;
|
||||
use OCP\Session\Exceptions\SessionNotAvailableException;
|
||||
|
||||
/**
|
||||
|
@ -111,14 +115,41 @@ class Internal extends Session {
|
|||
* Wrapper around session_regenerate_id
|
||||
*
|
||||
* @param bool $deleteOldSession Whether to delete the old associated session file or not.
|
||||
* @param bool $updateToken Wheater to update the associated auth token
|
||||
* @return void
|
||||
*/
|
||||
public function regenerateId(bool $deleteOldSession = true) {
|
||||
public function regenerateId(bool $deleteOldSession = true, bool $updateToken = false) {
|
||||
$oldId = null;
|
||||
|
||||
if ($updateToken) {
|
||||
// Get the old id to update the token
|
||||
try {
|
||||
$oldId = $this->getId();
|
||||
} catch (SessionNotAvailableException $e) {
|
||||
// We can't update a token if there is no previous id
|
||||
$updateToken = false;
|
||||
}
|
||||
}
|
||||
|
||||
try {
|
||||
@session_regenerate_id($deleteOldSession);
|
||||
} catch (\Error $e) {
|
||||
$this->trapError($e->getCode(), $e->getMessage());
|
||||
}
|
||||
|
||||
if ($updateToken) {
|
||||
// Get the new id to update the token
|
||||
$newId = $this->getId();
|
||||
|
||||
/** @var IProvider $tokenProvider */
|
||||
$tokenProvider = \OC::$server->query(IProvider::class);
|
||||
|
||||
try {
|
||||
$tokenProvider->renewSessionToken($oldId, $newId);
|
||||
} catch (InvalidTokenException $e) {
|
||||
// Just ignore
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -91,7 +91,7 @@ class Memory extends Session {
|
|||
*
|
||||
* @param bool $deleteOldSession
|
||||
*/
|
||||
public function regenerateId(bool $deleteOldSession = true) {}
|
||||
public function regenerateId(bool $deleteOldSession = true, bool $updateToken = false) {}
|
||||
|
||||
/**
|
||||
* Wrapper around session_id
|
||||
|
|
|
@ -626,6 +626,8 @@ class Session implements IUserSession, Emitter {
|
|||
try {
|
||||
$sessionId = $this->session->getId();
|
||||
$pwd = $this->getPassword($password);
|
||||
// Make sure the current sessionId has no leftover tokens
|
||||
$this->tokenProvider->invalidateToken($sessionId);
|
||||
$this->tokenProvider->generateToken($sessionId, $uid, $loginName, $pwd, $name, IToken::TEMPORARY_TOKEN, $remember);
|
||||
return true;
|
||||
} catch (SessionNotAvailableException $ex) {
|
||||
|
|
|
@ -96,10 +96,11 @@ interface ISession {
|
|||
* Wrapper around session_regenerate_id
|
||||
*
|
||||
* @param bool $deleteOldSession Whether to delete the old associated session file or not.
|
||||
* @param bool $updateToken Wheater to update the associated auth token
|
||||
* @return void
|
||||
* @since 9.0.0
|
||||
* @since 9.0.0, $updateToken added in 14.0.0
|
||||
*/
|
||||
public function regenerateId(bool $deleteOldSession = true);
|
||||
public function regenerateId(bool $deleteOldSession = true, bool $updateToken = false);
|
||||
|
||||
/**
|
||||
* Wrapper around session_id
|
||||
|
|
Loading…
Reference in a new issue