nextcloud /
server
@@ -26,195 +26,195 @@ |
||
| 26 | 26 | */ |
| 27 | 27 | class Internal extends Session { |
| 28 | 28 | |
| 29 | - use TLogSlowOperation; |
|
| 30 | - |
|
| 31 | - /** |
|
| 32 | - * @param string $name |
|
| 33 | - * @throws \Exception |
|
| 34 | - */ |
|
| 35 | - public function __construct( |
|
| 36 | - string $name, |
|
| 37 | - private ?LoggerInterface $logger, |
|
| 38 | - ) { |
|
| 39 | - set_error_handler([$this, 'trapError']); |
|
| 40 | - $this->invoke('session_name', [$name]); |
|
| 41 | - $this->invoke('session_cache_limiter', ['']); |
|
| 42 | - try { |
|
| 43 | - $this->startSession(); |
|
| 44 | - } catch (\Exception $e) { |
|
| 45 | - setcookie($this->invoke('session_name'), '', -1, \OC::$WEBROOT ?: '/'); |
|
| 46 | - } |
|
| 47 | - restore_error_handler(); |
|
| 48 | - if (!isset($_SESSION)) { |
|
| 49 | - throw new \Exception('Failed to start session'); |
|
| 50 | - } |
|
| 51 | - } |
|
| 52 | - |
|
| 53 | - /** |
|
| 54 | - * @param string $key |
|
| 55 | - * @param integer $value |
|
| 56 | - */ |
|
| 57 | - public function set(string $key, $value) { |
|
| 58 | - $reopened = $this->reopen(); |
|
| 59 | - $_SESSION[$key] = $value; |
|
| 60 | - if ($reopened) { |
|
| 61 | - $this->close(); |
|
| 62 | - } |
|
| 63 | - } |
|
| 64 | - |
|
| 65 | - /** |
|
| 66 | - * @param string $key |
|
| 67 | - * @return mixed |
|
| 68 | - */ |
|
| 69 | - public function get(string $key) { |
|
| 70 | - if (!$this->exists($key)) { |
|
| 71 | - return null; |
|
| 72 | - } |
|
| 73 | - return $_SESSION[$key]; |
|
| 74 | - } |
|
| 75 | - |
|
| 76 | - /** |
|
| 77 | - * @param string $key |
|
| 78 | - * @return bool |
|
| 79 | - */ |
|
| 80 | - public function exists(string $key): bool { |
|
| 81 | - return isset($_SESSION[$key]); |
|
| 82 | - } |
|
| 83 | - |
|
| 84 | - /** |
|
| 85 | - * @param string $key |
|
| 86 | - */ |
|
| 87 | - public function remove(string $key) { |
|
| 88 | - if (isset($_SESSION[$key])) { |
|
| 89 | - unset($_SESSION[$key]); |
|
| 90 | - } |
|
| 91 | - } |
|
| 92 | - |
|
| 93 | - public function clear() { |
|
| 94 | - $this->reopen(); |
|
| 95 | - $this->invoke('session_unset'); |
|
| 96 | - $this->regenerateId(); |
|
| 97 | - $this->invoke('session_write_close'); |
|
| 98 | - $this->startSession(true); |
|
| 99 | - $_SESSION = []; |
|
| 100 | - } |
|
| 101 | - |
|
| 102 | - public function close() { |
|
| 103 | - $this->invoke('session_write_close'); |
|
| 104 | - parent::close(); |
|
| 105 | - } |
|
| 106 | - |
|
| 107 | - /** |
|
| 108 | - * Wrapper around session_regenerate_id |
|
| 109 | - * |
|
| 110 | - * @param bool $deleteOldSession Whether to delete the old associated session file or not. |
|
| 111 | - * @param bool $updateToken Whether to update the associated auth token |
|
| 112 | - * @return void |
|
| 113 | - */ |
|
| 114 | - public function regenerateId(bool $deleteOldSession = true, bool $updateToken = false) { |
|
| 115 | - $this->reopen(); |
|
| 116 | - $oldId = null; |
|
| 117 | - |
|
| 118 | - if ($updateToken) { |
|
| 119 | - // Get the old id to update the token |
|
| 120 | - try { |
|
| 121 | - $oldId = $this->getId(); |
|
| 122 | - } catch (SessionNotAvailableException $e) { |
|
| 123 | - // We can't update a token if there is no previous id |
|
| 124 | - $updateToken = false; |
|
| 125 | - } |
|
| 126 | - } |
|
| 127 | - |
|
| 128 | - try { |
|
| 129 | - @session_regenerate_id($deleteOldSession); |
|
| 130 | - } catch (\Error $e) { |
|
| 131 | - $this->trapError($e->getCode(), $e->getMessage()); |
|
| 132 | - } |
|
| 133 | - |
|
| 134 | - if ($updateToken) { |
|
| 135 | - // Get the new id to update the token |
|
| 136 | - $newId = $this->getId(); |
|
| 137 | - |
|
| 138 | - /** @var IProvider $tokenProvider */ |
|
| 139 | - $tokenProvider = \OCP\Server::get(IProvider::class); |
|
| 140 | - |
|
| 141 | - try { |
|
| 142 | - $tokenProvider->renewSessionToken($oldId, $newId); |
|
| 143 | - } catch (InvalidTokenException $e) { |
|
| 144 | - // Just ignore |
|
| 145 | - } |
|
| 146 | - } |
|
| 147 | - } |
|
| 148 | - |
|
| 149 | - /** |
|
| 150 | - * Wrapper around session_id |
|
| 151 | - * |
|
| 152 | - * @return string |
|
| 153 | - * @throws SessionNotAvailableException |
|
| 154 | - * @since 9.1.0 |
|
| 155 | - */ |
|
| 156 | - public function getId(): string { |
|
| 157 | - $id = $this->invoke('session_id', [], true); |
|
| 158 | - if ($id === '') { |
|
| 159 | - throw new SessionNotAvailableException(); |
|
| 160 | - } |
|
| 161 | - return $id; |
|
| 162 | - } |
|
| 163 | - |
|
| 164 | - /** |
|
| 165 | - * @throws \Exception |
|
| 166 | - */ |
|
| 167 | - public function reopen(): bool { |
|
| 168 | - if ($this->sessionClosed) { |
|
| 169 | - $this->startSession(false, false); |
|
| 170 | - $this->sessionClosed = false; |
|
| 171 | - return true; |
|
| 172 | - } |
|
| 173 | - |
|
| 174 | - return false; |
|
| 175 | - } |
|
| 176 | - |
|
| 177 | - /** |
|
| 178 | - * @param int $errorNumber |
|
| 179 | - * @param string $errorString |
|
| 180 | - * @throws \ErrorException |
|
| 181 | - */ |
|
| 182 | - public function trapError(int $errorNumber, string $errorString) { |
|
| 183 | - if ($errorNumber & E_ERROR) { |
|
| 184 | - throw new \ErrorException($errorString); |
|
| 185 | - } |
|
| 186 | - } |
|
| 187 | - |
|
| 188 | - /** |
|
| 189 | - * @param string $functionName the full session_* function name |
|
| 190 | - * @param array $parameters |
|
| 191 | - * @param bool $silence whether to suppress warnings |
|
| 192 | - * @throws \ErrorException via trapError |
|
| 193 | - * @return mixed |
|
| 194 | - */ |
|
| 195 | - private function invoke(string $functionName, array $parameters = [], bool $silence = false) { |
|
| 196 | - try { |
|
| 197 | - return $this->monitorAndLog( |
|
| 198 | - $this->logger ?? logger('core'), |
|
| 199 | - $functionName, |
|
| 200 | - function () use ($silence, $functionName, $parameters) { |
|
| 201 | - if ($silence) { |
|
| 202 | - return @call_user_func_array($functionName, $parameters); |
|
| 203 | - } else { |
|
| 204 | - return call_user_func_array($functionName, $parameters); |
|
| 205 | - } |
|
| 206 | - } |
|
| 207 | - ); |
|
| 208 | - } catch (\Error $e) { |
|
| 209 | - $this->trapError($e->getCode(), $e->getMessage()); |
|
| 210 | - } |
|
| 211 | - } |
|
| 212 | - |
|
| 213 | - private function startSession(bool $silence = false, bool $readAndClose = true) { |
|
| 214 | - $sessionParams = ['cookie_samesite' => 'Lax']; |
|
| 215 | - if (\OC::hasSessionRelaxedExpiry()) { |
|
| 216 | - $sessionParams['read_and_close'] = $readAndClose; |
|
| 217 | - } |
|
| 218 | - $this->invoke('session_start', [$sessionParams], $silence); |
|
| 219 | - } |
|
| 29 | + use TLogSlowOperation; |
|
| 30 | + |
|
| 31 | + /** |
|
| 32 | + * @param string $name |
|
| 33 | + * @throws \Exception |
|
| 34 | + */ |
|
| 35 | + public function __construct( |
|
| 36 | + string $name, |
|
| 37 | + private ?LoggerInterface $logger, |
|
| 38 | + ) { |
|
| 39 | + set_error_handler([$this, 'trapError']); |
|
| 40 | + $this->invoke('session_name', [$name]); |
|
| 41 | + $this->invoke('session_cache_limiter', ['']); |
|
| 42 | + try { |
|
| 43 | + $this->startSession(); |
|
| 44 | + } catch (\Exception $e) { |
|
| 45 | + setcookie($this->invoke('session_name'), '', -1, \OC::$WEBROOT ?: '/'); |
|
| 46 | + } |
|
| 47 | + restore_error_handler(); |
|
| 48 | + if (!isset($_SESSION)) { |
|
| 49 | + throw new \Exception('Failed to start session'); |
|
| 50 | + } |
|
| 51 | + } |
|
| 52 | + |
|
| 53 | + /** |
|
| 54 | + * @param string $key |
|
| 55 | + * @param integer $value |
|
| 56 | + */ |
|
| 57 | + public function set(string $key, $value) { |
|
| 58 | + $reopened = $this->reopen(); |
|
| 59 | + $_SESSION[$key] = $value; |
|
| 60 | + if ($reopened) { |
|
| 61 | + $this->close(); |
|
| 62 | + } |
|
| 63 | + } |
|
| 64 | + |
|
| 65 | + /** |
|
| 66 | + * @param string $key |
|
| 67 | + * @return mixed |
|
| 68 | + */ |
|
| 69 | + public function get(string $key) { |
|
| 70 | + if (!$this->exists($key)) { |
|
| 71 | + return null; |
|
| 72 | + } |
|
| 73 | + return $_SESSION[$key]; |
|
| 74 | + } |
|
| 75 | + |
|
| 76 | + /** |
|
| 77 | + * @param string $key |
|
| 78 | + * @return bool |
|
| 79 | + */ |
|
| 80 | + public function exists(string $key): bool { |
|
| 81 | + return isset($_SESSION[$key]); |
|
| 82 | + } |
|
| 83 | + |
|
| 84 | + /** |
|
| 85 | + * @param string $key |
|
| 86 | + */ |
|
| 87 | + public function remove(string $key) { |
|
| 88 | + if (isset($_SESSION[$key])) { |
|
| 89 | + unset($_SESSION[$key]); |
|
| 90 | + } |
|
| 91 | + } |
|
| 92 | + |
|
| 93 | + public function clear() { |
|
| 94 | + $this->reopen(); |
|
| 95 | + $this->invoke('session_unset'); |
|
| 96 | + $this->regenerateId(); |
|
| 97 | + $this->invoke('session_write_close'); |
|
| 98 | + $this->startSession(true); |
|
| 99 | + $_SESSION = []; |
|
| 100 | + } |
|
| 101 | + |
|
| 102 | + public function close() { |
|
| 103 | + $this->invoke('session_write_close'); |
|
| 104 | + parent::close(); |
|
| 105 | + } |
|
| 106 | + |
|
| 107 | + /** |
|
| 108 | + * Wrapper around session_regenerate_id |
|
| 109 | + * |
|
| 110 | + * @param bool $deleteOldSession Whether to delete the old associated session file or not. |
|
| 111 | + * @param bool $updateToken Whether to update the associated auth token |
|
| 112 | + * @return void |
|
| 113 | + */ |
|
| 114 | + public function regenerateId(bool $deleteOldSession = true, bool $updateToken = false) { |
|
| 115 | + $this->reopen(); |
|
| 116 | + $oldId = null; |
|
| 117 | + |
|
| 118 | + if ($updateToken) { |
|
| 119 | + // Get the old id to update the token |
|
| 120 | + try { |
|
| 121 | + $oldId = $this->getId(); |
|
| 122 | + } catch (SessionNotAvailableException $e) { |
|
| 123 | + // We can't update a token if there is no previous id |
|
| 124 | + $updateToken = false; |
|
| 125 | + } |
|
| 126 | + } |
|
| 127 | + |
|
| 128 | + try { |
|
| 129 | + @session_regenerate_id($deleteOldSession); |
|
| 130 | + } catch (\Error $e) { |
|
| 131 | + $this->trapError($e->getCode(), $e->getMessage()); |
|
| 132 | + } |
|
| 133 | + |
|
| 134 | + if ($updateToken) { |
|
| 135 | + // Get the new id to update the token |
|
| 136 | + $newId = $this->getId(); |
|
| 137 | + |
|
| 138 | + /** @var IProvider $tokenProvider */ |
|
| 139 | + $tokenProvider = \OCP\Server::get(IProvider::class); |
|
| 140 | + |
|
| 141 | + try { |
|
| 142 | + $tokenProvider->renewSessionToken($oldId, $newId); |
|
| 143 | + } catch (InvalidTokenException $e) { |
|
| 144 | + // Just ignore |
|
| 145 | + } |
|
| 146 | + } |
|
| 147 | + } |
|
| 148 | + |
|
| 149 | + /** |
|
| 150 | + * Wrapper around session_id |
|
| 151 | + * |
|
| 152 | + * @return string |
|
| 153 | + * @throws SessionNotAvailableException |
|
| 154 | + * @since 9.1.0 |
|
| 155 | + */ |
|
| 156 | + public function getId(): string { |
|
| 157 | + $id = $this->invoke('session_id', [], true); |
|
| 158 | + if ($id === '') { |
|
| 159 | + throw new SessionNotAvailableException(); |
|
| 160 | + } |
|
| 161 | + return $id; |
|
| 162 | + } |
|
| 163 | + |
|
| 164 | + /** |
|
| 165 | + * @throws \Exception |
|
| 166 | + */ |
|
| 167 | + public function reopen(): bool { |
|
| 168 | + if ($this->sessionClosed) { |
|
| 169 | + $this->startSession(false, false); |
|
| 170 | + $this->sessionClosed = false; |
|
| 171 | + return true; |
|
| 172 | + } |
|
| 173 | + |
|
| 174 | + return false; |
|
| 175 | + } |
|
| 176 | + |
|
| 177 | + /** |
|
| 178 | + * @param int $errorNumber |
|
| 179 | + * @param string $errorString |
|
| 180 | + * @throws \ErrorException |
|
| 181 | + */ |
|
| 182 | + public function trapError(int $errorNumber, string $errorString) { |
|
| 183 | + if ($errorNumber & E_ERROR) { |
|
| 184 | + throw new \ErrorException($errorString); |
|
| 185 | + } |
|
| 186 | + } |
|
| 187 | + |
|
| 188 | + /** |
|
| 189 | + * @param string $functionName the full session_* function name |
|
| 190 | + * @param array $parameters |
|
| 191 | + * @param bool $silence whether to suppress warnings |
|
| 192 | + * @throws \ErrorException via trapError |
|
| 193 | + * @return mixed |
|
| 194 | + */ |
|
| 195 | + private function invoke(string $functionName, array $parameters = [], bool $silence = false) { |
|
| 196 | + try { |
|
| 197 | + return $this->monitorAndLog( |
|
| 198 | + $this->logger ?? logger('core'), |
|
| 199 | + $functionName, |
|
| 200 | + function () use ($silence, $functionName, $parameters) { |
|
| 201 | + if ($silence) { |
|
| 202 | + return @call_user_func_array($functionName, $parameters); |
|
| 203 | + } else { |
|
| 204 | + return call_user_func_array($functionName, $parameters); |
|
| 205 | + } |
|
| 206 | + } |
|
| 207 | + ); |
|
| 208 | + } catch (\Error $e) { |
|
| 209 | + $this->trapError($e->getCode(), $e->getMessage()); |
|
| 210 | + } |
|
| 211 | + } |
|
| 212 | + |
|
| 213 | + private function startSession(bool $silence = false, bool $readAndClose = true) { |
|
| 214 | + $sessionParams = ['cookie_samesite' => 'Lax']; |
|
| 215 | + if (\OC::hasSessionRelaxedExpiry()) { |
|
| 216 | + $sessionParams['read_and_close'] = $readAndClose; |
|
| 217 | + } |
|
| 218 | + $this->invoke('session_start', [$sessionParams], $silence); |
|
| 219 | + } |
|
| 220 | 220 | } |
@@ -197,7 +197,7 @@ |
||
| 197 | 197 | return $this->monitorAndLog( |
| 198 | 198 | $this->logger ?? logger('core'), |
| 199 | 199 | $functionName, |
| 200 | - function () use ($silence, $functionName, $parameters) { |
|
| 200 | + function() use ($silence, $functionName, $parameters) { |
|
| 201 | 201 | if ($silence) { |
| 202 | 202 | return @call_user_func_array($functionName, $parameters); |
| 203 | 203 | } else { |
