mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add config for auto logout after browser inactivity 

Signed-off-by: Julius Härtl <jus@bitgrid.net>
This commit is contained in:
Julius Härtl 2020-04-03 22:43:21 +02:00
parent cbd20867b5
commit 9e7f8b85dd
No known key found for this signature in database
GPG Key ID: 4C614C6ED2CDE6DF
2 changed files with 53 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
config/config.sample.php
View File

@ -251,6 +251,15 @@ $CONFIG = [
*/ */
'session_keepalive' => true, 'session_keepalive' => true,
/**
* Enable or disable the automatic logout after session_lifetime, even if session
* keepalive is enabled. This will make sure that an inactive browser will be logged out
* even if requests to the server might extend the session lifetime.
*
* Defaults to ``false``
*/
'auto_logout' => false,
/** /**
* Enforce token authentication for clients, which blocks requests using the user * Enforce token authentication for clients, which blocks requests using the user
* password for enhanced security. Users need to generate tokens in personal settings * password for enhanced security. Users need to generate tokens in personal settings

50
core/src/session-heartbeat.js
View File

@ -21,18 +21,21 @@
import $ from 'jquery' import $ from 'jquery'
import { emit } from '@nextcloud/event-bus' import { emit } from '@nextcloud/event-bus'
import { loadState } from '@nextcloud/initial-state'
import { getCurrentUser } from '@nextcloud/auth'
import { generateUrl } from './OC/routing' import { generateUrl } from './OC/routing'
import OC from './OC' import { setToken as setRequestToken, getToken as getRequestToken } from './OC/requesttoken'
import { setToken as setRequestToken } from './OC/requesttoken'
const config = loadState('core', 'config')
/** /**
* session heartbeat (defaults to enabled) * session heartbeat (defaults to enabled)
* @returns {boolean} * @returns {boolean}
*/ */
const keepSessionAlive = () => { const keepSessionAlive = () => {
return OC.config.session_keepalive === undefined return config.session_keepalive === undefined
|| !!OC.config.session_keepalive || !!config.session_keepalive
} }
/** /**
@ -41,8 +44,8 @@ const keepSessionAlive = () => {
*/ */
const getInterval = () => { const getInterval = () => {
let interval = NaN let interval = NaN
if (OC.config.session_lifetime) { if (config.session_lifetime) {
interval = Math.floor(OC.config.session_lifetime / 2) interval = Math.floor(config.session_lifetime / 2)
} }
// minimum one minute, max 24 hours, default 15 minutes // minimum one minute, max 24 hours, default 15 minutes
@ -83,11 +86,46 @@ const startPolling = () => {
return interval return interval
} }
const registerAutoLogout = () => {
if (!config.auto_logout || !getCurrentUser()) {
return
}
let lastActive = Date.now()
window.addEventListener('mousemove', e => {
lastActive = Date.now()
localStorage.setItem('lastActive', lastActive)
})
window.addEventListener('touchstart', e => {
lastActive = Date.now()
localStorage.setItem('lastActive', lastActive)
})
window.addEventListener('storage', e => {
if (e.key !== 'lastActive') {
return
}
lastActive = e.newValue
})
setInterval(function() {
const timeout = Date.now() - config.session_lifetime * 1000
if (lastActive < timeout) {
console.info('Inactivity timout reached, logging out')
const logoutUrl = generateUrl('/logout') + '?requesttoken=' + getRequestToken()
window.location = logoutUrl
}
}, 1000)
}
/** /**
* Calls the server periodically to ensure that session and CSRF * Calls the server periodically to ensure that session and CSRF
* token doesn't expire * token doesn't expire
*/ */
export const initSessionHeartBeat = () => { export const initSessionHeartBeat = () => {
registerAutoLogout()
if (!keepSessionAlive()) { if (!keepSessionAlive()) {
console.info('session heartbeat disabled') console.info('session heartbeat disabled')
return return