mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

kill OC::$session 

maintain deprecated \OC::$session when getting or setting the session via the server container or UserSession

restore order os OC::$session and OC::$CLI

remove unneded initialization of dummy session

write back session when $useCustomSession is true

log warning when deprecated app is used
This commit is contained in:
Jörn Friedrich Dreyer 2014-07-16 19:40:22 +02:00 committed by Robin Appelman
parent ed2424c382
commit f551917a3c
28 changed files with 142 additions and 95 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/files/ajax/delete.php
View File

@ -2,7 +2,7 @@
OCP\JSON::checkLoggedIn();
OCP\JSON::callCheck();
\OC::$session->close();
\OC::$server->getSession()->close();
// Get data

2
apps/files/ajax/download.php
View File

@ -23,7 +23,7 @@
// Check if we are a user
OCP\User::checkLoggedIn();
\OC::$session->close();
\OC::$server->getSession()->close();
$files = $_GET["files"];
$dir = $_GET["dir"];

2
apps/files/ajax/getstoragestats.php
View File

@ -7,7 +7,7 @@ if (isset($_GET['dir'])) {
}
OCP\JSON::checkLoggedIn();
\OC::$session->close();
\OC::$server->getSession()->close();
// send back json
OCP\JSON::success(array('data' => \OCA\Files\Helper::buildFileStorageStatistics($dir)));

2
apps/files/ajax/list.php
View File

@ -1,7 +1,7 @@
<?php
OCP\JSON::checkLoggedIn();
\OC::$session->close();
\OC::$server->getSession()->close();
$l = OC_L10N::get('files');
// Load the files

2
apps/files/ajax/mimeicon.php
View File

@ -1,4 +1,4 @@
<?php
\OC::$session->close();
\OC::$server->getSession()->close();
print OC_Helper::mimetypeIcon($_GET['mime']);

2
apps/files/ajax/move.php
View File

@ -2,7 +2,7 @@
OCP\JSON::checkLoggedIn();
OCP\JSON::callCheck();
\OC::$session->close();
\OC::$server->getSession()->close();
// Get data
$dir = stripslashes($_POST["dir"]);

2
apps/files/ajax/newfile.php
View File

@ -7,7 +7,7 @@ if(!OC_User::isLoggedIn()) {
exit;
}
\OC::$session->close();
\OC::$server->getSession()->close();
// Get the params
$dir = isset( $_REQUEST['dir'] ) ? '/'.trim($_REQUEST['dir'], '/\\') : '';

2
apps/files/ajax/newfolder.php
View File

@ -5,7 +5,7 @@
OCP\JSON::checkLoggedIn();
OCP\JSON::callCheck();
\OC::$session->close();
\OC::$server->getSession()->close();
// Get the params
$dir = isset( $_POST['dir'] ) ? stripslashes($_POST['dir']) : '';

2
apps/files/ajax/rename.php
View File

@ -23,7 +23,7 @@
OCP\JSON::checkLoggedIn();
OCP\JSON::callCheck();
\OC::$session->close();
\OC::$server->getSession()->close();
$files = new \OCA\Files\App(
\OC\Files\Filesystem::getView(),

2
apps/files/ajax/scan.php
View File

@ -1,6 +1,6 @@
<?php
set_time_limit(0); //scanning can take ages
\OC::$session->close();
\OC::$server->getSession()->close();
$force = (isset($_GET['force']) and ($_GET['force'] === 'true'));
$dir = isset($_GET['dir']) ? $_GET['dir'] : '';

2
apps/files/ajax/upload.php
View File

@ -68,7 +68,7 @@ if (empty($_POST['dirToken'])) {
OCP\JSON::callCheck();
if (!\OCP\App::isEnabled('files_encryption')) {
// encryption app need to create keys later, so can't close too early
\OC::$session->close();
\OC::$server->getSession()->close();
}

22
apps/files_encryption/lib/session.php
View File

@ -117,7 +117,7 @@ class Session {
*/
public function setPrivateKey($privateKey) {
\OC::$session->set('privateKey', $privateKey);
\OC::$server->getSession()->set('privateKey', $privateKey);
return true;
@ -140,7 +140,7 @@ class Session {
*/
public function setInitialized($init) {
\OC::$session->set('encryptionInitialized', $init);
\OC::$server->getSession()->set('encryptionInitialized', $init);
return true;
@ -150,8 +150,8 @@ class Session {
* remove encryption keys and init status from session
*/
public function closeSession() {
\OC::$session->remove('encryptionInitialized');
\OC::$session->remove('privateKey');
\OC::$server->getSession()->remove('encryptionInitialized');
\OC::$server->getSession()->remove('privateKey');
}
@ -162,8 +162,8 @@ class Session {
* @note this doesn not indicate of the init was successful, we just remeber the try!
*/
public function getInitialized() {
if (!is_null(\OC::$session->get('encryptionInitialized'))) {
return \OC::$session->get('encryptionInitialized');
if (!is_null(\OC::$server->getSession()->get('encryptionInitialized'))) {
return \OC::$server->getSession()->get('encryptionInitialized');
} else {
return self::NOT_INITIALIZED;
}
@ -179,8 +179,8 @@ class Session {
if (\OCA\Encryption\Helper::isPublicAccess()) {
return $this->getPublicSharePrivateKey();
} else {
if (!is_null(\OC::$session->get('privateKey'))) {
return \OC::$session->get('privateKey');
if (!is_null(\OC::$server->getSession()->get('privateKey'))) {
return \OC::$server->getSession()->get('privateKey');
} else {
return false;
}
@ -194,7 +194,7 @@ class Session {
*/
public function setPublicSharePrivateKey($privateKey) {
\OC::$session->set('publicSharePrivateKey', $privateKey);
\OC::$server->getSession()->set('publicSharePrivateKey', $privateKey);
return true;
@ -207,8 +207,8 @@ class Session {
*/
public function getPublicSharePrivateKey() {
if (!is_null(\OC::$session->get('publicSharePrivateKey'))) {
return \OC::$session->get('publicSharePrivateKey');
if (!is_null(\OC::$server->getSession()->get('publicSharePrivateKey'))) {
return \OC::$server->getSession()->get('publicSharePrivateKey');
} else {
return false;
}

8
apps/files_external/lib/smb_oc.php
View File

@ -14,12 +14,12 @@ class SMB_OC extends \OC\Files\Storage\SMB {
private $username_as_share;
public function __construct($params) {
if (isset($params['host']) && \OC::$session->exists('smb-credentials')) {
if (isset($params['host']) && \OC::$server->getSession()->exists('smb-credentials')) {
$host=$params['host'];
$this->username_as_share = ($params['username_as_share'] === 'true');
$params_auth = \OC::$session->get('smb-credentials');
$user = \OC::$session->get('loginname');
$params_auth = \OC::$server->getSession()->get('smb-credentials');
$user = \OC::$server->getSession()->get('loginname');
$password = $params_auth['password'];
$root=isset($params['root'])?$params['root']:'/';
@ -45,7 +45,7 @@ class SMB_OC extends \OC\Files\Storage\SMB {
}
public static function login( $params ) {
\OC::$session->set('smb-credentials', $params);
\OC::$server->getSession()->set('smb-credentials', $params);
}
public function isSharable($path) {

6
apps/files_sharing/lib/helper.php
View File

@ -106,7 +106,7 @@ class Helper {
return false;
} else {
// Save item id in session for future requests
\OC::$session->set('public_link_authenticated', $linkItem['id']);
\OC::$server->getSession()->set('public_link_authenticated', $linkItem['id']);
}
} else {
\OCP\Util::writeLog('share', 'Unknown share type '.$linkItem['share_type']
@ -117,8 +117,8 @@ class Helper {
}
else {
// not authenticated ?
if ( ! \OC::$session->exists('public_link_authenticated')
|| \OC::$session->get('public_link_authenticated') !== $linkItem['id']) {
if ( ! \OC::$server->getSession()->exists('public_link_authenticated')
|| \OC::$server->getSession()->get('public_link_authenticated') !== $linkItem['id']) {
return false;
}
}

6
apps/files_sharing/public.php
View File

@ -63,7 +63,7 @@ if (isset($path)) {
exit();
} else {
// Save item id in session for future requests
\OC::$session->set('public_link_authenticated', $linkItem['id']);
\OC::$server->getSession()->set('public_link_authenticated', $linkItem['id']);
}
} else {
OCP\Util::writeLog('share', 'Unknown share type '.$linkItem['share_type']
@ -76,8 +76,8 @@ if (isset($path)) {
} else {
// Check if item id is set in session
if ( ! \OC::$session->exists('public_link_authenticated')
|| \OC::$session->get('public_link_authenticated') !== $linkItem['id']
if ( ! \OC::$server->getSession()->exists('public_link_authenticated')
|| \OC::$server->getSession()->get('public_link_authenticated') !== $linkItem['id']
) {
// Prompt for password
OCP\Util::addStyle('files_sharing', 'authenticate');

4
cron.php
View File

@ -56,10 +56,10 @@ try {
// load all apps to get all api routes properly setup
OC_App::loadApps();
\OC::$session->close();
\OC::$server->getSession()->close();
// initialize a dummy memory session
\OC::$session = new \OC\Session\Memory('');
\OC::$server->setSession(new \OC\Session\Memory(''));
$logger = \OC_Log::$object;

39
lib/base.php
View File

@ -71,6 +71,7 @@ class OC {
public static $CLI = false;
/**
* @deprecated use \OC::$session->getSession() instead
* @var \OC\Session\Session
*/
public static $session = null;
@ -375,19 +376,20 @@ class OC {
$cookie_path = OC::$WEBROOT ? : '/';
ini_set('session.cookie_path', $cookie_path);
//set the session object to a dummy session so code relying on the session existing still works
self::$session = new \OC\Session\Memory('');
// Let the session name be changed in the initSession Hook
$sessionName = OC_Util::getInstanceId();
try {
// Allow session apps to create a custom session object
$useCustomSession = false;
OC_Hook::emit('OC', 'initSession', array('session' => &self::$session, 'sessionName' => &$sessionName, 'useCustomSession' => &$useCustomSession));
if(!$useCustomSession) {
$session = self::$server->getSession();
OC_Hook::emit('OC', 'initSession', array('session' => &$session, 'sessionName' => &$sessionName, 'useCustomSession' => &$useCustomSession));
if($useCustomSession) {
// use the session reference as the new Session
self::$server->setSession($session);
} else {
// set the session name to the instance id - which is unique
self::$session = new \OC\Session\Internal($sessionName);
self::$server->setSession(new \OC\Session\Internal($sessionName));
}
// if session cant be started break with http 500 error
} catch (Exception $e) {
@ -398,15 +400,19 @@ class OC {
$sessionLifeTime = self::getSessionLifeTime();
// regenerate session id periodically to avoid session fixation
if (!self::$session->exists('SID_CREATED')) {
self::$session->set('SID_CREATED', time());
} else if (time() - self::$session->get('SID_CREATED') > $sessionLifeTime / 2) {
/**
* @var \OCP\ISession $session
*/
$session = self::$server->getSession();
if (!$session->exists('SID_CREATED')) {
$session->set('SID_CREATED', time());
} else if (time() - $session->get('SID_CREATED') > $sessionLifeTime / 2) {
session_regenerate_id(true);
self::$session->set('SID_CREATED', time());
$session->set('SID_CREATED', time());
}
// session timeout
if (self::$session->exists('LAST_ACTIVITY') && (time() - self::$session->get('LAST_ACTIVITY') > $sessionLifeTime)) {
if ($session->exists('LAST_ACTIVITY') && (time() - $session->get('LAST_ACTIVITY') > $sessionLifeTime)) {
if (isset($_COOKIE[session_name()])) {
setcookie(session_name(), '', time() - 42000, $cookie_path);
}
@ -415,7 +421,7 @@ class OC {
session_start();
}
self::$session->set('LAST_ACTIVITY', time());
$session->set('LAST_ACTIVITY', time());
}
/**
@ -447,9 +453,6 @@ class OC {
self::$loader->registerPrefix('Pimple', '3rdparty/Pimple');
spl_autoload_register(array(self::$loader, 'load'));
// make a dummy session available as early as possible since error pages need it
self::$session = new \OC\Session\Memory('');
// set some stuff
//ob_start();
error_reporting(E_ALL | E_STRICT);
@ -544,7 +547,7 @@ class OC {
// User and Groups
if (!OC_Config::getValue("installed", false)) {
self::$session->set('user_id', '');
self::$server->getSession()->set('user_id', '');
}
OC_User::useBackend(new OC_User_Database());
@ -783,7 +786,7 @@ class OC {
if (isset($_COOKIE['oc_ignore_php_auth_user'])) {
// Ignore HTTP Authentication for 5 more mintues.
setcookie('oc_ignore_php_auth_user', $_SERVER['PHP_AUTH_USER'], time() + 300, OC::$WEBROOT.(empty(OC::$WEBROOT) ? '/' : ''));
} elseif ($_SERVER['PHP_AUTH_USER'] === self::$session->get('loginname')) {
} elseif ($_SERVER['PHP_AUTH_USER'] === self::$server->getSession()->get('loginname')) {
// Ignore HTTP Authentication to allow a different user to log in.
setcookie('oc_ignore_php_auth_user', $_SERVER['PHP_AUTH_USER'], 0, OC::$WEBROOT.(empty(OC::$WEBROOT) ? '/' : ''));
}
@ -930,7 +933,7 @@ class OC {
if (OC_User::login($_POST["user"], $_POST["password"])) {
// setting up the time zone
if (isset($_POST['timezone-offset'])) {
self::$session->set('timezone', $_POST['timezone-offset']);
self::$server->getSession()->set('timezone', $_POST['timezone-offset']);
}
$userid = OC_User::getUser();

2
lib/private/appframework/dependencyinjection/dicontainer.php
View File

@ -191,7 +191,7 @@ class DIContainer extends SimpleContainer implements IAppContainer{
}
private function getUserId() {
return \OC::$session->get('user_id');
return \OC::$server->getSession()->get('user_id');
}
/**

2
lib/private/connector/sabre/auth.php
View File

@ -78,7 +78,7 @@ class OC_Connector_Sabre_Auth extends \Sabre\DAV\Auth\Backend\AbstractBasic {
$result = $this->auth($server, $realm);
// close the session - right after authentication there is not need to write to the session any more
\OC::$session->close();
\OC::$server->getSession()->close();
return $result;
}

30
lib/private/server.php
View File

@ -10,6 +10,7 @@ use OC\DB\ConnectionWrapper;
use OC\Files\Node\Root;
use OC\Files\View;
use OCP\IServerContainer;
use OCP\ISession;
/**
* Class Server
@ -31,8 +32,8 @@ class Server extends SimpleContainer implements IServerContainer {
$urlParams = array();
}
if (\OC::$session->exists('requesttoken')) {
$requestToken = \OC::$session->get('requesttoken');
if (\OC::$server->getSession()->exists('requesttoken')) {
$requestToken = \OC::$server->getSession()->get('requesttoken');
} else {
$requestToken = false;
}
@ -100,7 +101,7 @@ class Server extends SimpleContainer implements IServerContainer {
* @var \OC\User\Manager $manager
*/
$manager = $c->query('UserManager');
$userSession = new \OC\User\Session($manager, \OC::$session);
$userSession = new \OC\User\Session($manager, new \OC\Session\Memory(''));
$userSession->listen('\OC\User', 'preCreateUser', function ($uid, $password) {
\OC_Hook::emit('OC_User', 'pre_createUser', array('run' => true, 'uid' => $uid, 'password' => $password));
});
@ -327,6 +328,20 @@ class Server extends SimpleContainer implements IServerContainer {
return $this->query('UserSession');
}
/**
* @return \OCP\ISession
*/
function getSession() {
return $this->query('UserSession')->getSession();
}
/**
* @param \OCP\ISession $session
*/
function setSession(\OCP\ISession $session) {
return $this->query('UserSession')->setSession($session);
}
/**
* @return \OC\NavigationManager
*/
@ -392,15 +407,6 @@ class Server extends SimpleContainer implements IServerContainer {
return $this->query('MemCacheFactory');
}
/**
* Returns the current session
*
* @return \OCP\ISession
*/
function getSession() {
return \OC::$session;
}
/**
* Returns the current session
*

4
lib/private/share/share.php
View File

@ -1855,8 +1855,8 @@ class Share extends \OC\Share\Constants {
return true;
}
if ( \OC::$session->exists('public_link_authenticated')
&& \OC::$session->get('public_link_authenticated') === $linkItem['id'] ) {
if ( \OC::$server->getSession()->exists('public_link_authenticated')
&& \OC::$server->getSession()->get('public_link_authenticated') === $linkItem['id'] ) {
return true;
}

12
lib/private/template.php
View File

@ -52,7 +52,7 @@ class OC_Template extends \OC\Template\Base {
// Read the detected formfactor and use the right file name.
$fext = self::getFormFactorExtension();
$requesttoken = OC::$session ? OC_Util::callRegister() : '';
$requesttoken = OC::$server->getSession() ? OC_Util::callRegister() : '';
$parts = explode('/', $app); // fix translation when app is something like core/lostpassword
$l10n = OC_L10N::get($parts[0]);
@ -101,20 +101,20 @@ class OC_Template extends \OC\Template\Base {
*/
static public function getFormFactorExtension()
{
if (!\OC::$session) {
if (!\OC::$server->getSession()) {
return '';
}
// if the formfactor is not yet autodetected do the
// autodetection now. For possible formfactors check the
// detectFormfactor documentation
if (!\OC::$session->exists('formfactor')) {
\OC::$session->set('formfactor', self::detectFormfactor());
if (!\OC::$server->getSession()->exists('formfactor')) {
\OC::$server->getSession()->set('formfactor', self::detectFormfactor());
}
// allow manual override via GET parameter
if(isset($_GET['formfactor'])) {
\OC::$session->set('formfactor', $_GET['formfactor']);
\OC::$server->getSession()->set('formfactor', $_GET['formfactor']);
}
$formfactor = \OC::$session->get('formfactor');
$formfactor = \OC::$server->getSession()->get('formfactor');
if($formfactor==='default') {
$fext='';
}elseif($formfactor==='mobile') {

8
lib/private/user.php
View File

@ -300,7 +300,7 @@ class OC_User {
* Sets user id for session and triggers emit
*/
public static function setUserId($uid) {
OC::$session->set('user_id', $uid);
\OC::$server->getSession()->set('user_id', $uid);
}
/**
@ -337,8 +337,8 @@ class OC_User {
* Checks if the user is logged in
*/
public static function isLoggedIn() {
if (\OC::$session->get('user_id') !== null && self::$incognitoMode === false) {
return self::userExists(\OC::$session->get('user_id'));
if (\OC::$server->getSession()->get('user_id') !== null && self::$incognitoMode === false) {
return self::userExists(\OC::$server->getSession()->get('user_id'));
}
return false;
}
@ -386,7 +386,7 @@ class OC_User {
* @return string uid or false
*/
public static function getUser() {
$uid = OC::$session ? OC::$session->get('user_id') : null;
$uid = \OC::$server->getSession() ? \OC::$server->getSession()->get('user_id') : null;
if (!is_null($uid) && self::$incognitoMode === false) {
return $uid;
} else {

44
lib/private/user/session.php
View File

@ -47,10 +47,10 @@ class Session implements IUserSession, Emitter {
protected $activeUser;
/**
* @param \OC\User\Manager $manager
* @param \OC\Session\Session $session
* @param \OCP\IUserManager $manager
* @param \OCP\ISession $session
*/
public function __construct($manager, $session) {
public function __construct(\OCP\IUserManager $manager, \OCP\ISession $session) {
$this->manager = $manager;
$this->session = $session;
}
@ -82,6 +82,44 @@ class Session implements IUserSession, Emitter {
return $this->manager;
}
/**
* get the session object
*
* @return \OCP\ISession
*/
public function getSession() {
// fetch the deprecated \OC::$session if it changed for backwards compatibility
if (isset(\OC::$session) && \OC::$session !== $this->session) {
\OC::$server->getLogger()->warning(
'One of your installed apps still seems to use the deprecated '.
'\OC::$session and has replaced it with a new instance. Please file a bug against it.'.
'Closing and replacing session in UserSession instance.'
);
$this->setSession(\OC::$session);
}
return $this->session;
}
/**
* set the session object
*
* @param \OCP\ISession $session
*/
public function setSession(\OCP\ISession $session) {
if ($this->session instanceof \OCP\ISession) {
$this->session->close();
}
$this->session = $session;
// maintain deprecated \OC::$session
if (\OC::$session !== $this->session) {
if (\OC::$session instanceof \OCP\ISession) {
\OC::$session->close();
}
\OC::$session = $session;
}
}
/**
* set the currently active user
*

16
lib/private/util.php
View File

@ -384,11 +384,11 @@ class OC_Util {
* @return string timestamp
* @description adjust to clients timezone if we know it
*/
public static function formatDate($timestamp, $dateOnly = false) {
if (\OC::$session->exists('timezone')) {
public static function formatDate( $timestamp, $dateOnly = false) {
if(\OC::$server->getSession()->exists('timezone')) {
$systemTimeZone = intval(date('O'));
$systemTimeZone = (round($systemTimeZone / 100, 0) * 60) + ($systemTimeZone % 100);
$clientTimeZone = \OC::$session->get('timezone') * 60;
$clientTimeZone = \OC::$server->getSession()->get('timezone') * 60;
$offset = $clientTimeZone - $systemTimeZone;
$timestamp = $timestamp + $offset * 60;
}
@ -412,7 +412,7 @@ class OC_Util {
}
// Assume that if checkServer() succeeded before in this session, then all is fine.
if (\OC::$session->exists('checkServer_succeeded') && \OC::$session->get('checkServer_succeeded')) {
if (\OC::$server->getSession()->exists('checkServer_succeeded') && \OC::$server->getSession()->get('checkServer_succeeded')) {
return $errors;
}
@ -615,7 +615,7 @@ class OC_Util {
$errors = array_merge($errors, self::checkDatabaseVersion());
// Cache the result of this function
\OC::$session->set('checkServer_succeeded', count($errors) == 0);
\OC::$server->getSession()->set('checkServer_succeeded', count($errors) == 0);
return $errors;
}
@ -938,13 +938,13 @@ class OC_Util {
*/
public static function callRegister() {
// Check if a token exists
if (!\OC::$session->exists('requesttoken')) {
if (!\OC::$server->getSession()->exists('requesttoken')) {
// No valid token found, generate a new one.
$requestToken = self::generateRandomBytes(20);
\OC::$session->set('requesttoken', $requestToken);
\OC::$server->getSession()->set('requesttoken', $requestToken);
} else {
// Valid token already exists, send it
$requestToken = \OC::$session->get('requesttoken');
$requestToken = \OC::$server->getSession()->get('requesttoken');
}
return ($requestToken);
}

2
tests/lib/ocs/privatedata.php
View File

@ -26,7 +26,7 @@ class Test_OC_OCS_Privatedata extends PHPUnit_Framework_TestCase
private $appKey;
public function setUp() {
\OC::$session->set('user_id', 'user1');
\OC::$server->getSession()->set('user_id', 'user1');
$this->appKey = uniqid('app');
}

6
tests/lib/share/share.php
View File

@ -740,7 +740,7 @@ class Test_Share extends PHPUnit_Framework_TestCase {
* @param $item
*/
public function testCheckPasswordProtectedShare($expected, $item) {
\OC::$session->set('public_link_authenticated', 100);
\OC::$server->getSession()->set('public_link_authenticated', 100);
$result = \OCP\Share::checkPasswordProtectedShare($item);
$this->assertEquals($expected, $result);
}
@ -767,8 +767,8 @@ class Test_Share extends PHPUnit_Framework_TestCase {
return true;
}
if ( \OC::$session->exists('public_link_authenticated')
&& \OC::$session->get('public_link_authenticated') === $linkItem['id'] ) {
if ( \OC::$server->getSession()->exists('public_link_authenticated')
&& \OC::$server->getSession()->get('public_link_authenticated') === $linkItem['id'] ) {
return true;
}
* */

4
tests/startsessionlistener.php
View File

@ -31,9 +31,9 @@ class StartSessionListener implements PHPUnit_Framework_TestListener {
public function endTest(PHPUnit_Framework_Test $test, $time) {
// reopen the session - only allowed for memory session
if (\OC::$session instanceof \OC\Session\Memory) {
if (\OC::$server->getSession() instanceof \OC\Session\Memory) {
/** @var $session \OC\Session\Memory */
$session = \OC::$session;
$session = \OC::$server->getSession();
$session->reopen();
}
}