nextcloud /
server
@@ -24,57 +24,57 @@ |
||
| 24 | 24 | // Happens when the user logs in via the login flow v2. |
| 25 | 25 | class FlowV2EphemeralSessionsMiddleware extends Middleware { |
| 26 | 26 | |
| 27 | - private const EPHEMERAL_SESSION_TTL = 5 * 60; // 5 minutes |
|
| 27 | + private const EPHEMERAL_SESSION_TTL = 5 * 60; // 5 minutes |
|
| 28 | 28 | |
| 29 | - public function __construct( |
|
| 30 | - private ISession $session, |
|
| 31 | - private IUserSession $userSession, |
|
| 32 | - private ControllerMethodReflector $reflector, |
|
| 33 | - private LoggerInterface $logger, |
|
| 34 | - private ITimeFactory $timeFactory, |
|
| 35 | - ) { |
|
| 36 | - } |
|
| 29 | + public function __construct( |
|
| 30 | + private ISession $session, |
|
| 31 | + private IUserSession $userSession, |
|
| 32 | + private ControllerMethodReflector $reflector, |
|
| 33 | + private LoggerInterface $logger, |
|
| 34 | + private ITimeFactory $timeFactory, |
|
| 35 | + ) { |
|
| 36 | + } |
|
| 37 | 37 | |
| 38 | - public function beforeController(Controller $controller, string $methodName) { |
|
| 39 | - $sessionCreationTime = $this->session->get(ClientFlowLoginV2Controller::EPHEMERAL_NAME); |
|
| 38 | + public function beforeController(Controller $controller, string $methodName) { |
|
| 39 | + $sessionCreationTime = $this->session->get(ClientFlowLoginV2Controller::EPHEMERAL_NAME); |
|
| 40 | 40 | |
| 41 | - // Not an ephemeral session. |
|
| 42 | - if ($sessionCreationTime === null) { |
|
| 43 | - return; |
|
| 44 | - } |
|
| 41 | + // Not an ephemeral session. |
|
| 42 | + if ($sessionCreationTime === null) { |
|
| 43 | + return; |
|
| 44 | + } |
|
| 45 | 45 | |
| 46 | - // Lax enforcement until TTL is reached. |
|
| 47 | - if ($this->timeFactory->getTime() < $sessionCreationTime + self::EPHEMERAL_SESSION_TTL) { |
|
| 48 | - return; |
|
| 49 | - } |
|
| 46 | + // Lax enforcement until TTL is reached. |
|
| 47 | + if ($this->timeFactory->getTime() < $sessionCreationTime + self::EPHEMERAL_SESSION_TTL) { |
|
| 48 | + return; |
|
| 49 | + } |
|
| 50 | 50 | |
| 51 | - // Allow certain controllers/methods to proceed without logging out. |
|
| 52 | - if ( |
|
| 53 | - $controller instanceof ClientFlowLoginV2Controller |
|
| 54 | - && ($methodName === 'grantPage' || $methodName === 'generateAppPassword') |
|
| 55 | - ) { |
|
| 56 | - return; |
|
| 57 | - } |
|
| 51 | + // Allow certain controllers/methods to proceed without logging out. |
|
| 52 | + if ( |
|
| 53 | + $controller instanceof ClientFlowLoginV2Controller |
|
| 54 | + && ($methodName === 'grantPage' || $methodName === 'generateAppPassword') |
|
| 55 | + ) { |
|
| 56 | + return; |
|
| 57 | + } |
|
| 58 | 58 | |
| 59 | - if ($controller instanceof TwoFactorChallengeController |
|
| 60 | - || $controller instanceof ALoginSetupController) { |
|
| 61 | - return; |
|
| 62 | - } |
|
| 59 | + if ($controller instanceof TwoFactorChallengeController |
|
| 60 | + || $controller instanceof ALoginSetupController) { |
|
| 61 | + return; |
|
| 62 | + } |
|
| 63 | 63 | |
| 64 | - $reflectionMethod = new ReflectionMethod($controller, $methodName); |
|
| 65 | - if (!empty($reflectionMethod->getAttributes(PublicPage::class))) { |
|
| 66 | - return; |
|
| 67 | - } |
|
| 64 | + $reflectionMethod = new ReflectionMethod($controller, $methodName); |
|
| 65 | + if (!empty($reflectionMethod->getAttributes(PublicPage::class))) { |
|
| 66 | + return; |
|
| 67 | + } |
|
| 68 | 68 | |
| 69 | - if ($this->reflector->hasAnnotation('PublicPage')) { |
|
| 70 | - return; |
|
| 71 | - } |
|
| 69 | + if ($this->reflector->hasAnnotation('PublicPage')) { |
|
| 70 | + return; |
|
| 71 | + } |
|
| 72 | 72 | |
| 73 | - $this->logger->info('Closing user and PHP session for ephemeral session', [ |
|
| 74 | - 'controller' => $controller::class, |
|
| 75 | - 'method' => $methodName, |
|
| 76 | - ]); |
|
| 77 | - $this->userSession->logout(); |
|
| 78 | - $this->session->close(); |
|
| 79 | - } |
|
| 73 | + $this->logger->info('Closing user and PHP session for ephemeral session', [ |
|
| 74 | + 'controller' => $controller::class, |
|
| 75 | + 'method' => $methodName, |
|
| 76 | + ]); |
|
| 77 | + $this->userSession->logout(); |
|
| 78 | + $this->session->close(); |
|
| 79 | + } |
|
| 80 | 80 | } |
@@ -14,19 +14,19 @@ |
||
| 14 | 14 | use OCP\IURLGenerator; |
| 15 | 15 | |
| 16 | 16 | class FlowV2EphemeralSessionsCommand extends ALoginCommand { |
| 17 | - public function __construct( |
|
| 18 | - private ISession $session, |
|
| 19 | - private IURLGenerator $urlGenerator, |
|
| 20 | - private ITimeFactory $timeFactory, |
|
| 21 | - ) { |
|
| 22 | - } |
|
| 17 | + public function __construct( |
|
| 18 | + private ISession $session, |
|
| 19 | + private IURLGenerator $urlGenerator, |
|
| 20 | + private ITimeFactory $timeFactory, |
|
| 21 | + ) { |
|
| 22 | + } |
|
| 23 | 23 | |
| 24 | - public function process(LoginData $loginData): LoginResult { |
|
| 25 | - $loginV2GrantRoute = $this->urlGenerator->linkToRoute('core.ClientFlowLoginV2.grantPage'); |
|
| 26 | - if (str_starts_with($loginData->getRedirectUrl() ?? '', $loginV2GrantRoute)) { |
|
| 27 | - $this->session->set(ClientFlowLoginV2Controller::EPHEMERAL_NAME, $this->timeFactory->getTime()); |
|
| 28 | - } |
|
| 24 | + public function process(LoginData $loginData): LoginResult { |
|
| 25 | + $loginV2GrantRoute = $this->urlGenerator->linkToRoute('core.ClientFlowLoginV2.grantPage'); |
|
| 26 | + if (str_starts_with($loginData->getRedirectUrl() ?? '', $loginV2GrantRoute)) { |
|
| 27 | + $this->session->set(ClientFlowLoginV2Controller::EPHEMERAL_NAME, $this->timeFactory->getTime()); |
|
| 28 | + } |
|
| 29 | 29 | |
| 30 | - return $this->processNextOrFinishSuccessfully($loginData); |
|
| 31 | - } |
|
| 30 | + return $this->processNextOrFinishSuccessfully($loginData); |
|
| 31 | + } |
|
| 32 | 32 | } |
