mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #6440 from nextcloud/stable12-session-timeout-refresh-csrf-token 

[stable12] Fix failing csp/nonce check due to timed out session
This commit is contained in:
Morris Jobke 2017-09-11 22:34:37 +02:00 committed by GitHub
parent b7768ac11d 55c7aa674c
commit 9d7b21efb8
1 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
lib/private/User/Session.php
View File

@ -358,7 +358,7 @@ class Session implements IUserSession, Emitter {
} }
$this->manager->emit('\OC\User', 'postLogin', [$user, $loginDetails['password']]); $this->manager->emit('\OC\User', 'postLogin', [$user, $loginDetails['password']]);
if($this->isLoggedIn()) { if($this->isLoggedIn()) {
$this->prepareUserLogin($firstTimeLogin); $this->prepareUserLogin($firstTimeLogin, $regenerateSessionId);
return true; return true;
} else { } else {
$message = \OC::$server->getL10N('lib')->t('Login canceled by app'); $message = \OC::$server->getL10N('lib')->t('Login canceled by app');
@ -468,10 +468,13 @@ class Session implements IUserSession, Emitter {
} }
} }
protected function prepareUserLogin($firstTimeLogin) { protected function prepareUserLogin($firstTimeLogin, $refreshCsrfToken = true) {
// TODO: mock/inject/use non-static if ($refreshCsrfToken) {
// Refresh the token // TODO: mock/inject/use non-static
\OC::$server->getCsrfTokenManager()->refreshToken(); // Refresh the token
\OC::$server->getCsrfTokenManager()->refreshToken();
}
//we need to pass the user name, which may differ from login name //we need to pass the user name, which may differ from login name
$user = $this->getUser()->getUID(); $user = $this->getUser()->getUID();
OC_Util::setupFS($user); OC_Util::setupFS($user);