mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Use the new session wrapper

This commit is contained in:
Robin Appelman 2013-05-28 01:04:09 +02:00
parent 76d13120ea
commit 44f9af5a7f
8 changed files with 57 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/files_encryption/lib/proxy.php
View File

@ -220,7 +220,7 @@ class Proxy extends \OC_FileProxy
} elseif ( } elseif (
Crypt::mode() == 'server' Crypt::mode() == 'server'
&& isset( $_SESSION['legacyenckey'] ) &&\OC::$session->exists('legacyenckey')
&& Crypt::isEncryptedMeta( $path ) && Crypt::isEncryptedMeta( $path )
) { ) {
$plainData = Crypt::legacyBlockDecrypt( $data, $session->getLegacyKey() ); $plainData = Crypt::legacyBlockDecrypt( $data, $session->getLegacyKey() );

20
apps/files_encryption/lib/session.php
View File

@ -106,7 +106,7 @@ class Session
*/ */
public function setPrivateKey( $privateKey ) { public function setPrivateKey( $privateKey ) {
$_SESSION['privateKey'] = $privateKey; \OC::$session->set('privateKey', $privateKey)
return true; return true;
@ -119,12 +119,9 @@ class Session
*/ */
public function getPrivateKey() { public function getPrivateKey() {
if ( if ( !is_null( \OC::$session->get('privateKey') ) ) {
isset( $_SESSION['privateKey'] )
&& !empty( $_SESSION['privateKey'] )
) {
return $_SESSION['privateKey']; return \OC::$session->get('privateKey');
} else { } else {
@ -141,7 +138,7 @@ class Session
*/ */
public function setLegacyKey( $legacyKey ) { public function setLegacyKey( $legacyKey ) {
$_SESSION['legacyKey'] = $legacyKey; \OC::$session->set('legacyKey', $legacyKey);
return true; return true;
} }
@ -153,12 +150,9 @@ class Session
*/ */
public function getLegacyKey() { public function getLegacyKey() {
if ( if ( !is_null( \OC::$session->get('legacyKey') ) ) {
isset( $_SESSION['legacyKey'] )
&& !empty( $_SESSION['legacyKey'] )
) {
return $_SESSION['legacyKey']; return \OC::$session->get('legacyKey');
} else { } else {
@ -168,4 +162,4 @@ class Session
} }
} }

6
apps/files_encryption/tests/util.php
View File

@ -183,7 +183,7 @@ class Test_Encryption_Util extends \PHPUnit_Framework_TestCase {
$this->assertTrue(OCA\Encryption\Hooks::login($params)); $this->assertTrue(OCA\Encryption\Hooks::login($params));
$this->assertEquals($this->legacyKey, $_SESSION['legacyKey']); $this->assertEquals($this->legacyKey, \OC::$session->get('legacyKey'));
} }
function testRecoveryEnabledForUser() { function testRecoveryEnabledForUser() {
@ -273,7 +273,7 @@ class Test_Encryption_Util extends \PHPUnit_Framework_TestCase {
$this->assertTrue(OCA\Encryption\Hooks::login($params)); $this->assertTrue(OCA\Encryption\Hooks::login($params));
$this->assertEquals($this->legacyKey, $_SESSION['legacyKey']); $this->assertEquals($this->legacyKey, \OC::$session->get('legacyKey'));
$files = $util->findEncFiles('/' . \Test_Encryption_Util::TEST_ENCRYPTION_UTIL_LEGACY_USER . '/files/'); $files = $util->findEncFiles('/' . \Test_Encryption_Util::TEST_ENCRYPTION_UTIL_LEGACY_USER . '/files/');
@ -314,4 +314,4 @@ class Test_Encryption_Util extends \PHPUnit_Framework_TestCase {
$params['password'] = $password; $params['password'] = $password;
OCA\Encryption\Hooks::login($params); OCA\Encryption\Hooks::login($params);
} }
} }

6
apps/files_sharing/public.php
View File

@ -84,7 +84,7 @@ if (isset($path)) {
exit(); exit();
} else { } else {
// Save item id in session for future requests // Save item id in session for future requests
$_SESSION['public_link_authenticated'] = $linkItem['id']; \OC::$session->set('public_link_authenticated', $linkItem['id']);
} }
} else { } else {
OCP\Util::writeLog('share', 'Unknown share type '.$linkItem['share_type'] OCP\Util::writeLog('share', 'Unknown share type '.$linkItem['share_type']
@ -97,8 +97,8 @@ if (isset($path)) {
} else { } else {
// Check if item id is set in session // Check if item id is set in session
if (!isset($_SESSION['public_link_authenticated']) if ( ! \OC::$session->exists('public_link_authenticated')
|| $_SESSION['public_link_authenticated'] !== $linkItem['id'] || \OC::$session->get('public_link_authenticated') !== $linkItem['id']
) { ) {
// Prompt for password // Prompt for password
$tmpl = new OCP\Template('files_sharing', 'authenticate', 'guest'); $tmpl = new OCP\Template('files_sharing', 'authenticate', 'guest');

42
lib/base.php
View File

@ -74,6 +74,11 @@ class OC {
*/ */
protected static $router = null; protected static $router = null;
/**
* @var \OC\Session\Session
*/
public static $session = null;
/** /**
* @var \OC\Autoloader $loader * @var \OC\Autoloader $loader
*/ */
@ -283,14 +288,14 @@ class OC {
$cookie_path = OC::$WEBROOT ?: '/'; $cookie_path = OC::$WEBROOT ?: '/';
ini_set('session.cookie_path', $cookie_path); ini_set('session.cookie_path', $cookie_path);
// set the session name to the instance id - which is unique try{
session_name(OC_Util::getInstanceId()); // set the session name to the instance id - which is unique
self::$session=new \OC\Session\Internal(OC_Util::getInstanceId());
// if session cant be started break with http 500 error // if session cant be started break with http 500 error
if (session_start() === false){ }catch (Exception $e){
OC_Log::write('core', 'Session could not be initialized', OC_Log::write('core', 'Session could not be initialized',
OC_Log::ERROR); OC_Log::ERROR);
header('HTTP/1.1 500 Internal Server Error'); header('HTTP/1.1 500 Internal Server Error');
OC_Util::addStyle("styles"); OC_Util::addStyle("styles");
$error = 'Session could not be initialized. Please contact your '; $error = 'Session could not be initialized. Please contact your ';
@ -304,15 +309,15 @@ class OC {
} }
// regenerate session id periodically to avoid session fixation // regenerate session id periodically to avoid session fixation
if (!isset($_SESSION['SID_CREATED'])) { if (!self::$session->exists('SID_CREATED')) {
$_SESSION['SID_CREATED'] = time(); self::$session->set('SID_CREATED', time());
} else if (time() - $_SESSION['SID_CREATED'] > 60*60*12) { } else if (time() - self::$session->get('SID_CREATED') > 60*60*12) {
session_regenerate_id(true); session_regenerate_id(true);
$_SESSION['SID_CREATED'] = time(); self::$session->set('SID_CREATED', time());
} }
// session timeout // session timeout
if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 60*60*24)) { if (self::$session->exists('LAST_ACTIVITY') && (time() - self::$session->get('LAST_ACTIVITY') > 60*60*24)) {
if (isset($_COOKIE[session_name()])) { if (isset($_COOKIE[session_name()])) {
setcookie(session_name(), '', time() - 42000, $cookie_path); setcookie(session_name(), '', time() - 42000, $cookie_path);
} }
@ -320,7 +325,8 @@ class OC {
session_destroy(); session_destroy();
session_start(); session_start();
} }
$_SESSION['LAST_ACTIVITY'] = time();
self::$session->set('LAST_ACTIVITY', time());
} }
public static function getRouter() { public static function getRouter() {
@ -446,14 +452,14 @@ class OC {
// User and Groups // User and Groups
if (!OC_Config::getValue("installed", false)) { if (!OC_Config::getValue("installed", false)) {
$_SESSION['user_id'] = ''; self::$session->set('user_id','');
} }
OC_User::useBackend(new OC_User_Database()); OC_User::useBackend(new OC_User_Database());
OC_Group::useBackend(new OC_Group_Database()); OC_Group::useBackend(new OC_Group_Database());
if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SESSION['user_id']) if (isset($_SERVER['PHP_AUTH_USER']) && self::$session->exists('user_id')
&& $_SERVER['PHP_AUTH_USER'] != $_SESSION['user_id']) { && $_SERVER['PHP_AUTH_USER'] != self::$session->get('user_id')) {
OC_User::logout(); OC_User::logout();
} }
@ -598,7 +604,7 @@ class OC {
// Handle redirect URL for logged in users // Handle redirect URL for logged in users
if (isset($_REQUEST['redirect_url']) && OC_User::isLoggedIn()) { if (isset($_REQUEST['redirect_url']) && OC_User::isLoggedIn()) {
$location = OC_Helper::makeURLAbsolute(urldecode($_REQUEST['redirect_url'])); $location = OC_Helper::makeURLAbsolute(urldecode($_REQUEST['redirect_url']));
// Deny the redirect if the URL contains a @ // Deny the redirect if the URL contains a @
// This prevents unvalidated redirects like ?redirect_url=:user@domain.com // This prevents unvalidated redirects like ?redirect_url=:user@domain.com
if (strpos($location, '@') === false) { if (strpos($location, '@') === false) {
@ -748,7 +754,7 @@ class OC {
if (OC_User::login($_POST["user"], $_POST["password"])) { if (OC_User::login($_POST["user"], $_POST["password"])) {
// setting up the time zone // setting up the time zone
if (isset($_POST['timezone-offset'])) { if (isset($_POST['timezone-offset'])) {
$_SESSION['timezone'] = $_POST['timezone-offset']; self::$session->set('timezone', $_POST['timezone-offset']);
} }
self::cleanupLoginTokens($_POST['user']); self::cleanupLoginTokens($_POST['user']);

8
lib/template.php
View File

@ -246,14 +246,14 @@ class OC_Template{
// if the formfactor is not yet autodetected do the // if the formfactor is not yet autodetected do the
// autodetection now. For possible formfactors check the // autodetection now. For possible formfactors check the
// detectFormfactor documentation // detectFormfactor documentation
if(!isset($_SESSION['formfactor'])) { if (!\OC::$session->exists('formfactor')) {
$_SESSION['formfactor'] = self::detectFormfactor(); \OC::$session->set('formfactor', self::detectFormfactor());
} }
// allow manual override via GET parameter // allow manual override via GET parameter
if(isset($_GET['formfactor'])) { if(isset($_GET['formfactor'])) {
$_SESSION['formfactor']=$_GET['formfactor']; \OC::$session->set('formfactor', $_GET['formfactor']);
} }
$formfactor=$_SESSION['formfactor']; $formfactor = \OC::$session->get('formfactor');
if($formfactor=='default') { if($formfactor=='default') {
$fext=''; $fext='';
}elseif($formfactor=='mobile') { }elseif($formfactor=='mobile') {

16
lib/user.php
View File

@ -264,7 +264,7 @@ class OC_User {
* @brief Sets user id for session and triggers emit * @brief Sets user id for session and triggers emit
*/ */
public static function setUserId($uid) { public static function setUserId($uid) {
$_SESSION['user_id'] = $uid; \OC::$session->set('user_id', $uid);
} }
/** /**
@ -285,7 +285,7 @@ class OC_User {
$result = true; $result = true;
} }
if (OC_User::getUser() === $uid) { if (OC_User::getUser() === $uid) {
$_SESSION['display_name'] = $displayName; \OC::$session->set('display_name', $displayName);
} }
return $result; return $result;
} }
@ -328,10 +328,10 @@ class OC_User {
* Checks if the user is logged in * Checks if the user is logged in
*/ */
public static function isLoggedIn() { public static function isLoggedIn() {
if( isset($_SESSION['user_id']) AND $_SESSION['user_id']) { if( \OC::$session->get('user_id')) {
OC_App::loadApps(array('authentication')); OC_App::loadApps(array('authentication'));
self::setupBackends(); self::setupBackends();
if (self::userExists($_SESSION['user_id']) ) { if (self::userExists(\OC::$session->get('user_id')) ) {
return true; return true;
} }
} }
@ -356,8 +356,8 @@ class OC_User {
* @return string uid or false * @return string uid or false
*/ */
public static function getUser() { public static function getUser() {
if( isset($_SESSION['user_id']) AND $_SESSION['user_id'] ) { if( \OC::$session->get('user_id') ) {
return $_SESSION['user_id']; return \OC::$session->get('user_id');
} }
else{ else{
return false; return false;
@ -371,8 +371,8 @@ class OC_User {
public static function getDisplayName($user=null) { public static function getDisplayName($user=null) {
if ( $user ) { if ( $user ) {
return self::determineDisplayName($user); return self::determineDisplayName($user);
} else if( isset($_SESSION['display_name']) AND $_SESSION['display_name'] ) { } else if( \OC::$session->get('display_name') ) {
return $_SESSION['display_name']; return \OC::$session->get('display_name');
} }
else{ else{
return false; return false;

14
lib/util.php
View File

@ -151,10 +151,10 @@ class OC_Util {
* @param bool dateOnly option to omit time from the result * @param bool dateOnly option to omit time from the result
*/ */
public static function formatDate( $timestamp, $dateOnly=false) { public static function formatDate( $timestamp, $dateOnly=false) {
if(isset($_SESSION['timezone'])) {//adjust to clients timezone if we know it if(\OC::$session->exists('timezone')) {//adjust to clients timezone if we know it
$systemTimeZone = intval(date('O')); $systemTimeZone = intval(date('O'));
$systemTimeZone=(round($systemTimeZone/100, 0)*60)+($systemTimeZone%100); $systemTimeZone=(round($systemTimeZone/100, 0)*60)+($systemTimeZone%100);
$clientTimeZone=$_SESSION['timezone']*60; $clientTimeZone=\OC::$session->get('timezone')*60;
$offset=$clientTimeZone-$systemTimeZone; $offset=$clientTimeZone-$systemTimeZone;
$timestamp=$timestamp+$offset*60; $timestamp=$timestamp+$offset*60;
} }
@ -458,13 +458,13 @@ class OC_Util {
*/ */
public static function callRegister() { public static function callRegister() {
// Check if a token exists // Check if a token exists
if(!isset($_SESSION['requesttoken'])) { if(!\OC::$session->exists('requesttoken')) {
// No valid token found, generate a new one. // No valid token found, generate a new one.
$requestToken = self::generate_random_bytes(20); $requestToken = self::generate_random_bytes(20);
$_SESSION['requesttoken']=$requestToken; \OC::$session->set('requesttoken', $requestToken);
} else { } else {
// Valid token already exists, send it // Valid token already exists, send it
$requestToken = $_SESSION['requesttoken']; $requestToken = \OC::$session->get('requesttoken');
} }
return($requestToken); return($requestToken);
} }
@ -476,7 +476,7 @@ class OC_Util {
* @see OC_Util::callRegister() * @see OC_Util::callRegister()
*/ */
public static function isCallRegistered() { public static function isCallRegistered() {
if(!isset($_SESSION['requesttoken'])) { if(!\OC::$session->exists('requesttoken')) {
return false; return false;
} }
@ -492,7 +492,7 @@ class OC_Util {
} }
// Check if the token is valid // Check if the token is valid
if($token !== $_SESSION['requesttoken']) { if($token !== \OC::$session->get('requesttoken')) {
// Not valid // Not valid
return false; return false;
} else { } else {