nextcloud/lib/private/Session/CryptoSessionData.php

<?php

declare(strict_types=1);

/**
 * @copyright Copyright (c) 2016, ownCloud, Inc.
 *
 * @author Christoph Wurst <christoph@winzerhof-wurst.at>
 * @author Joas Schilling <coding@schilljs.com>
 * @author Lukas Reschke <lukas@statuscode.ch>
 * @author Morris Jobke <hey@morrisjobke.de>
 * @author Roeland Jago Douma <roeland@famdouma.nl>
 * @author Victor Dubiniuk <dubiniuk@owncloud.com>
 *
 * @license AGPL-3.0
 *
 * This code is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License, version 3,
 * as published by the Free Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License, version 3,
 * along with this program. If not, see <http://www.gnu.org/licenses/>
 *
 */

namespace OC\Session;

use OCP\ISession;
use OCP\Security\ICrypto;
use OCP\Session\Exceptions\SessionNotAvailableException;

/**
 * Class CryptoSessionData
 *
 * @package OC\Session
 */
class CryptoSessionData implements \ArrayAccess, ISession {
	/** @var ISession */
	protected $session;
	/** @var \OCP\Security\ICrypto */
	protected $crypto;
	/** @var string */
	protected $passphrase;
	/** @var array */
	protected $sessionValues;
	/** @var bool */
	protected $isModified = false;
	public const encryptedSessionName = 'encrypted_session_data';

	/**
	 * @param ISession $session
	 * @param ICrypto $crypto
	 * @param string $passphrase
	 */
	public function __construct(ISession $session,
								ICrypto $crypto,
								string $passphrase) {
		$this->crypto = $crypto;
		$this->session = $session;
		$this->passphrase = $passphrase;
		$this->initializeSession();
	}

	/**
	 * Close session if class gets destructed
	 */
	public function __destruct() {
		try {
			$this->close();
		} catch (SessionNotAvailableException $e) {
			// This exception can occur if session is already closed
			// So it is safe to ignore it and let the garbage collector to proceed
		}
	}

	protected function initializeSession() {
		$encryptedSessionData = $this->session->get(self::encryptedSessionName) ?: '';
		try {
			$this->sessionValues = json_decode(
				$this->crypto->decrypt($encryptedSessionData, $this->passphrase),
				true
			);
		} catch (\Exception $e) {
			$this->sessionValues = [];
		}
	}

	/**
	 * Set a value in the session
	 *
	 * @param string $key
	 * @param mixed $value
	 */
	public function set(string $key, $value) {
		$this->sessionValues[$key] = $value;
		$this->isModified = true;
	}

	/**
	 * Get a value from the session
	 *
	 * @param string $key
	 * @return string|null Either the value or null
	 */
	public function get(string $key) {
		if (isset($this->sessionValues[$key])) {
			return $this->sessionValues[$key];
		}

		return null;
	}

	/**
	 * Check if a named key exists in the session
	 *
	 * @param string $key
	 * @return bool
	 */
	public function exists(string $key): bool {
		return isset($this->sessionValues[$key]);
	}

	/**
	 * Remove a $key/$value pair from the session
	 *
	 * @param string $key
	 */
	public function remove(string $key) {
		$this->isModified = true;
		unset($this->sessionValues[$key]);
		$this->session->remove(self::encryptedSessionName);
	}

	/**
	 * Reset and recreate the session
	 */
	public function clear() {
		$requesttoken = $this->get('requesttoken');
		$this->sessionValues = [];
		if ($requesttoken !== null) {
			$this->set('requesttoken', $requesttoken);
		}
		$this->isModified = true;
		$this->session->clear();
	}

	/**
	 * Wrapper around session_regenerate_id
	 *
	 * @param bool $deleteOldSession Whether to delete the old associated session file or not.
	 * @param bool $updateToken Wheater to update the associated auth token
	 * @return void
	 */
	public function regenerateId(bool $deleteOldSession = true, bool $updateToken = false) {
		$this->session->regenerateId($deleteOldSession, $updateToken);
	}

	/**
	 * Wrapper around session_id
	 *
	 * @return string
	 * @throws SessionNotAvailableException
	 * @since 9.1.0
	 */
	public function getId(): string {
		return $this->session->getId();
	}

	/**
	 * Close the session and release the lock, also writes all changed data in batch
	 */
	public function close() {
		if ($this->isModified) {
			$encryptedValue = $this->crypto->encrypt(json_encode($this->sessionValues), $this->passphrase);
			$this->session->set(self::encryptedSessionName, $encryptedValue);
			$this->isModified = false;
		}
		$this->session->close();
	}

	/**
	 * @param mixed $offset
	 * @return bool
	 */
	public function offsetExists($offset): bool {
		return $this->exists($offset);
	}

	/**
	 * @param mixed $offset
	 * @return mixed
	 */
	public function offsetGet($offset) {
		return $this->get($offset);
	}

	/**
	 * @param mixed $offset
	 * @param mixed $value
	 */
	public function offsetSet($offset, $value) {
		$this->set($offset, $value);
	}

	/**
	 * @param mixed $offset
	 */
	public function offsetUnset($offset) {
		$this->remove($offset);
	}
}
Add a session wrapper to encrypt the data before storing it on disk 2015-07-20 13:59:04 +03:00			`<?php`
Update license headers Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2019-12-03 21:57:53 +03:00
Make ISession strict * Make all implementations strict * Add scalar types Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-02-27 00:20:21 +03:00			`declare(strict_types=1);`
Update license headers Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2019-12-03 21:57:53 +03:00
Add a session wrapper to encrypt the data before storing it on disk 2015-07-20 13:59:04 +03:00			`/**`
Fix others 2016-07-21 18:07:57 +03:00			`* @copyright Copyright (c) 2016, ownCloud, Inc.`
			`*`
Update license headers Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2019-12-03 21:57:53 +03:00			`* @author Christoph Wurst <christoph@winzerhof-wurst.at>`
Fix others 2016-07-21 18:07:57 +03:00			`* @author Joas Schilling <coding@schilljs.com>`
Update license headers 2016-05-26 20:56:05 +03:00			`* @author Lukas Reschke <lukas@statuscode.ch>`
Update license headers Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2019-12-03 21:57:53 +03:00			`* @author Morris Jobke <hey@morrisjobke.de>`
Update license headers Signed-off-by: Morris Jobke <hey@morrisjobke.de> 2017-11-06 17:56:42 +03:00			`* @author Roeland Jago Douma <roeland@famdouma.nl>`
			`* @author Victor Dubiniuk <dubiniuk@owncloud.com>`
Add a session wrapper to encrypt the data before storing it on disk 2015-07-20 13:59:04 +03:00			`*`
			`* @license AGPL-3.0`
			`*`
			`* This code is free software: you can redistribute it and/or modify`
			`* it under the terms of the GNU Affero General Public License, version 3,`
			`* as published by the Free Software Foundation.`
			`*`
			`* This program is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU Affero General Public License for more details.`
			`*`
			`* You should have received a copy of the GNU Affero General Public License, version 3,`
Update license headers Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2019-12-03 21:57:53 +03:00			`* along with this program. If not, see <http://www.gnu.org/licenses/>`
Add a session wrapper to encrypt the data before storing it on disk 2015-07-20 13:59:04 +03:00			`*`
			`*/`

			`namespace OC\Session;`

			`use OCP\ISession;`
			`use OCP\Security\ICrypto;`
throw SessionNotAvailableException if session_id returns empty string 2016-04-26 10:29:15 +03:00			`use OCP\Session\Exceptions\SessionNotAvailableException;`
Add a session wrapper to encrypt the data before storing it on disk 2015-07-20 13:59:04 +03:00
Handle failures gracefully, remove switch 2015-08-21 19:27:52 +03:00			`/**`
			`* Class CryptoSessionData`
			`*`
			`* @package OC\Session`
			`*/`
Add a session wrapper to encrypt the data before storing it on disk 2015-07-20 13:59:04 +03:00			`class CryptoSessionData implements \ArrayAccess, ISession {`
			`/** @var ISession */`
			`protected $session;`
			`/** @var \OCP\Security\ICrypto */`
			`protected $crypto;`
			`/** @var string */`
			`protected $passphrase;`
Write session data to single key This prevents decrypting values multiple times. 2015-09-08 22:16:11 +03:00			`/** @var array */`
			`protected $sessionValues;`
Write to session in batch at the end of the request 2015-09-08 23:05:36 +03:00			`/** @var bool */`
			`protected $isModified = false;`
Add visibility to all constants Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2020-04-10 17:54:27 +03:00			`public const encryptedSessionName = 'encrypted_session_data';`
Add a session wrapper to encrypt the data before storing it on disk 2015-07-20 13:59:04 +03:00
			`/**`
			`* @param ISession $session`
			`* @param ICrypto $crypto`
			`* @param string $passphrase`
			`*/`
Write session data to single key This prevents decrypting values multiple times. 2015-09-08 22:16:11 +03:00			`public function __construct(ISession $session,`
			`ICrypto $crypto,`
Make ISession strict * Make all implementations strict * Add scalar types Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-02-27 00:20:21 +03:00			`string $passphrase) {`
Add a session wrapper to encrypt the data before storing it on disk 2015-07-20 13:59:04 +03:00			`$this->crypto = $crypto;`
			`$this->session = $session;`
			`$this->passphrase = $passphrase;`
Write session data to single key This prevents decrypting values multiple times. 2015-09-08 22:16:11 +03:00			`$this->initializeSession();`
			`}`

Write to session in batch at the end of the request 2015-09-08 23:05:36 +03:00			`/**`
			`* Close session if class gets destructed`
			`*/`
			`public function __destruct() {`
Catch session already closed exception in destructor 2017-04-12 21:25:22 +03:00			`try {`
			`$this->close();`
Format control structures, classes, methods and function To continue this formatting madness, here's a tiny patch that adds unified formatting for control structures like if and loops as well as classes, their methods and anonymous functions. This basically forces the constructs to start on the same line. This is not exactly what PSR2 wants, but I think we can have a few exceptions with "our" style. The starting of braces on the same line is pracrically standard for our code. This also removes and empty lines from method/function bodies at the beginning and end. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2020-04-10 15:19:56 +03:00			`} catch (SessionNotAvailableException $e) {`
Catch session already closed exception in destructor 2017-04-12 21:25:22 +03:00			`// This exception can occur if session is already closed`
			`// So it is safe to ignore it and let the garbage collector to proceed`
			`}`
Write to session in batch at the end of the request 2015-09-08 23:05:36 +03:00			`}`

Write session data to single key This prevents decrypting values multiple times. 2015-09-08 22:16:11 +03:00			`protected function initializeSession() {`
Fix type in CryptoSessionData Found while adding strict typing for PHP7+. Signed-off-by: Morris Jobke <hey@morrisjobke.de> 2018-01-12 18:31:48 +03:00			`$encryptedSessionData = $this->session->get(self::encryptedSessionName) ?: '';`
Write session data to single key This prevents decrypting values multiple times. 2015-09-08 22:16:11 +03:00			`try {`
			`$this->sessionValues = json_decode(`
			`$this->crypto->decrypt($encryptedSessionData, $this->passphrase),`
			`true`
			`);`
			`} catch (\Exception $e) {`
			`$this->sessionValues = [];`
			`}`
Add a session wrapper to encrypt the data before storing it on disk 2015-07-20 13:59:04 +03:00			`}`

			`/**`
			`* Set a value in the session`
			`*`
			`* @param string $key`
			`* @param mixed $value`
			`*/`
Make ISession strict * Make all implementations strict * Add scalar types Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-02-27 00:20:21 +03:00			`public function set(string $key, $value) {`
Write session data to single key This prevents decrypting values multiple times. 2015-09-08 22:16:11 +03:00			`$this->sessionValues[$key] = $value;`
Write to session in batch at the end of the request 2015-09-08 23:05:36 +03:00			`$this->isModified = true;`
Add a session wrapper to encrypt the data before storing it on disk 2015-07-20 13:59:04 +03:00			`}`

			`/**`
			`* Get a value from the session`
			`*`
			`* @param string $key`
Handle failures gracefully, remove switch 2015-08-21 19:27:52 +03:00			`* @return string\|null Either the value or null`
Add a session wrapper to encrypt the data before storing it on disk 2015-07-20 13:59:04 +03:00			`*/`
Make ISession strict * Make all implementations strict * Add scalar types Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-02-27 00:20:21 +03:00			`public function get(string $key) {`
Format control structures, classes, methods and function To continue this formatting madness, here's a tiny patch that adds unified formatting for control structures like if and loops as well as classes, their methods and anonymous functions. This basically forces the constructs to start on the same line. This is not exactly what PSR2 wants, but I think we can have a few exceptions with "our" style. The starting of braces on the same line is pracrically standard for our code. This also removes and empty lines from method/function bodies at the beginning and end. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2020-04-10 15:19:56 +03:00			`if (isset($this->sessionValues[$key])) {`
Write session data to single key This prevents decrypting values multiple times. 2015-09-08 22:16:11 +03:00			`return $this->sessionValues[$key];`
Handle failures gracefully, remove switch 2015-08-21 19:27:52 +03:00			`}`
Write session data to single key This prevents decrypting values multiple times. 2015-09-08 22:16:11 +03:00
			`return null;`
Add a session wrapper to encrypt the data before storing it on disk 2015-07-20 13:59:04 +03:00			`}`

			`/**`
			`* Check if a named key exists in the session`
			`*`
			`* @param string $key`
			`* @return bool`
			`*/`
Make ISession strict * Make all implementations strict * Add scalar types Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-02-27 00:20:21 +03:00			`public function exists(string $key): bool {`
Write session data to single key This prevents decrypting values multiple times. 2015-09-08 22:16:11 +03:00			`return isset($this->sessionValues[$key]);`
Add a session wrapper to encrypt the data before storing it on disk 2015-07-20 13:59:04 +03:00			`}`

			`/**`
			`* Remove a $key/$value pair from the session`
			`*`
			`* @param string $key`
			`*/`
Make ISession strict * Make all implementations strict * Add scalar types Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-02-27 00:20:21 +03:00			`public function remove(string $key) {`
Write to session in batch at the end of the request 2015-09-08 23:05:36 +03:00			`$this->isModified = true;`
Write session data to single key This prevents decrypting values multiple times. 2015-09-08 22:16:11 +03:00			`unset($this->sessionValues[$key]);`
			`$this->session->remove(self::encryptedSessionName);`
Add a session wrapper to encrypt the data before storing it on disk 2015-07-20 13:59:04 +03:00			`}`

			`/**`
			`* Reset and recreate the session`
			`*/`
			`public function clear() {`
Do not clear CSRF token on logout (fix for #1303) This is a hacky way to allow the use case of #1303. What happens is 1. User tries to login 2. PreLoginHook kicks in and figures out that the user need to change their LDAP password or whatever => redirects user 3. While loading the redirect some logic of ours kicks in and logouts the user (thus clearing the session). 4. We render the new page but now the session and the page disagree about the CSRF token This is kind of hacky but I don't think it introduces new attack vectors. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2017-03-14 00:14:11 +03:00			`$requesttoken = $this->get('requesttoken');`
Write session data to single key This prevents decrypting values multiple times. 2015-09-08 22:16:11 +03:00			`$this->sessionValues = [];`
Do not clear CSRF token on logout (fix for #1303) This is a hacky way to allow the use case of #1303. What happens is 1. User tries to login 2. PreLoginHook kicks in and figures out that the user need to change their LDAP password or whatever => redirects user 3. While loading the redirect some logic of ours kicks in and logouts the user (thus clearing the session). 4. We render the new page but now the session and the page disagree about the CSRF token This is kind of hacky but I don't think it introduces new attack vectors. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2017-03-14 00:14:11 +03:00			`if ($requesttoken !== null) {`
			`$this->set('requesttoken', $requesttoken);`
			`}`
Write to session in batch at the end of the request 2015-09-08 23:05:36 +03:00			`$this->isModified = true;`
Add a session wrapper to encrypt the data before storing it on disk 2015-07-20 13:59:04 +03:00			`$this->session->clear();`
			`}`

Move regeneration of session ID into session classes There were code paths that nowadays call ISession::login directly thus bypassing the desired regeneration of the session ID. This moves the session regeneration deeper into the session handling and thus ensures that it is always called. Furthermore, I also added the session regeneration to the remember me cookie plus added some test case expectations for this. 2016-01-04 17:00:58 +03:00			`/**`
			`* Wrapper around session_regenerate_id`
			`*`
			`* @param bool $deleteOldSession Whether to delete the old associated session file or not.`
Allow updating the token on session regeneration Sometimes when we force a session regeneration we want to update the current token for this session. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-06-11 11:45:19 +03:00			`* @param bool $updateToken Wheater to update the associated auth token`
Move regeneration of session ID into session classes There were code paths that nowadays call ISession::login directly thus bypassing the desired regeneration of the session ID. This moves the session regeneration deeper into the session handling and thus ensures that it is always called. Furthermore, I also added the session regeneration to the remember me cookie plus added some test case expectations for this. 2016-01-04 17:00:58 +03:00			`* @return void`
			`*/`
Allow updating the token on session regeneration Sometimes when we force a session regeneration we want to update the current token for this session. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-06-11 11:45:19 +03:00			`public function regenerateId(bool $deleteOldSession = true, bool $updateToken = false) {`
			`$this->session->regenerateId($deleteOldSession, $updateToken);`
Move regeneration of session ID into session classes There were code paths that nowadays call ISession::login directly thus bypassing the desired regeneration of the session ID. This moves the session regeneration deeper into the session handling and thus ensures that it is always called. Furthermore, I also added the session regeneration to the remember me cookie plus added some test case expectations for this. 2016-01-04 17:00:58 +03:00			`}`

add ISession::getId() wrapper for session_id 2016-04-25 11:23:06 +03:00			`/**`
			`* Wrapper around session_id`
			`*`
			`* @return string`
throw SessionNotAvailableException if session_id returns empty string 2016-04-26 10:29:15 +03:00			`* @throws SessionNotAvailableException`
add ISession::getId() wrapper for session_id 2016-04-25 11:23:06 +03:00			`* @since 9.1.0`
			`*/`
Make ISession strict * Make all implementations strict * Add scalar types Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-02-27 00:20:21 +03:00			`public function getId(): string {`
add ISession::getId() wrapper for session_id 2016-04-25 11:23:06 +03:00			`return $this->session->getId();`
			`}`

Add a session wrapper to encrypt the data before storing it on disk 2015-07-20 13:59:04 +03:00			`/**`
Write to session in batch at the end of the request 2015-09-08 23:05:36 +03:00			`* Close the session and release the lock, also writes all changed data in batch`
Add a session wrapper to encrypt the data before storing it on disk 2015-07-20 13:59:04 +03:00			`*/`
			`public function close() {`
Format control structures, classes, methods and function To continue this formatting madness, here's a tiny patch that adds unified formatting for control structures like if and loops as well as classes, their methods and anonymous functions. This basically forces the constructs to start on the same line. This is not exactly what PSR2 wants, but I think we can have a few exceptions with "our" style. The starting of braces on the same line is pracrically standard for our code. This also removes and empty lines from method/function bodies at the beginning and end. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2020-04-10 15:19:56 +03:00			`if ($this->isModified) {`
Write to session in batch at the end of the request 2015-09-08 23:05:36 +03:00			`$encryptedValue = $this->crypto->encrypt(json_encode($this->sessionValues), $this->passphrase);`
			`$this->session->set(self::encryptedSessionName, $encryptedValue);`
			`$this->isModified = false;`
			`}`
Add a session wrapper to encrypt the data before storing it on disk 2015-07-20 13:59:04 +03:00			`$this->session->close();`
			`}`

			`/**`
			`* @param mixed $offset`
			`* @return bool`
			`*/`
Make ISession strict * Make all implementations strict * Add scalar types Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-02-27 00:20:21 +03:00			`public function offsetExists($offset): bool {`
Add a session wrapper to encrypt the data before storing it on disk 2015-07-20 13:59:04 +03:00			`return $this->exists($offset);`
			`}`

			`/**`
			`* @param mixed $offset`
			`* @return mixed`
			`*/`
			`public function offsetGet($offset) {`
			`return $this->get($offset);`
			`}`

			`/**`
			`* @param mixed $offset`
			`* @param mixed $value`
			`*/`
			`public function offsetSet($offset, $value) {`
			`$this->set($offset, $value);`
			`}`

			`/**`
			`* @param mixed $offset`
			`*/`
			`public function offsetUnset($offset) {`
			`$this->remove($offset);`
			`}`
			`}`