mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

dont create a session token for clients, validate the app password instead

This commit is contained in:
Christoph Wurst 2016-06-17 15:41:32 +02:00
parent 0c0a216f42
commit 1889df5c7c
No known key found for this signature in database
GPG Key ID: FEECD2543CA6EAF0
1 changed files with 24 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
lib/private/User/Session.php
View File

@ -197,14 +197,27 @@ class Session implements IUserSession, Emitter {
return $this->activeUser;
}
/**
* Validate whether the current session is valid
*
* - For token-authenticated clients, the token validity is checked
* - For browsers, the session token validity is checked
*/
protected function validateSession() {
try {
$sessionId = $this->session->getId();
} catch (SessionNotAvailableException $ex) {
return;
$token = null;
$appPassword = $this->session->get('app_password');
if (is_null($appPassword)) {
try {
$token = $this->session->getId();
} catch (SessionNotAvailableException $ex) {
return;
}
} else {
$token = $appPassword;
}
if (!$this->validateToken($sessionId)) {
if (!$this->validateToken($token)) {
// Session was invalidated
$this->logout();
}
@ -282,7 +295,6 @@ class Session implements IUserSession, Emitter {
$this->loginWithToken($password);
$user = $this->getUser();
$this->tokenProvider->updateTokenActivity($token);
} else {
$this->manager->emit('\OC\User', 'preLogin', array($uid, $password));
$user = $this->manager->checkPassword($uid, $password);
@ -341,7 +353,10 @@ class Session implements IUserSession, Emitter {
return false;
}
if ($this->supportsCookies($request)) {
if ($isTokenPassword) {
$this->session->set('app_password', $password);
} else if($this->supportsCookies($request)) {
// Password login, but cookies supported -> create (browser) session token
$this->createSessionToken($request, $this->getUser()->getUID(), $user, $password);
}
@ -458,7 +473,6 @@ class Session implements IUserSession, Emitter {
//login
$this->setUser($user);
$this->tokenProvider->updateTokenActivity($dbToken);
$this->manager->emit('\OC\User', 'postLogin', array($user, $password));
return true;
@ -582,6 +596,8 @@ class Session implements IUserSession, Emitter {
return false;
}
$this->tokenProvider->updateTokenActivity($dbToken);
return true;
}