nextcloud /
server
@@ -48,74 +48,74 @@ |
||
| 48 | 48 | * @package OC\Session |
| 49 | 49 | */ |
| 50 | 50 | class CryptoWrapper { |
| 51 | - const COOKIE_NAME = 'oc_sessionPassphrase'; |
|
| 51 | + const COOKIE_NAME = 'oc_sessionPassphrase'; |
|
| 52 | 52 | |
| 53 | - /** @var IConfig */ |
|
| 54 | - protected $config; |
|
| 55 | - /** @var ISession */ |
|
| 56 | - protected $session; |
|
| 57 | - /** @var ICrypto */ |
|
| 58 | - protected $crypto; |
|
| 59 | - /** @var ISecureRandom */ |
|
| 60 | - protected $random; |
|
| 61 | - /** @var string */ |
|
| 62 | - protected $passphrase; |
|
| 53 | + /** @var IConfig */ |
|
| 54 | + protected $config; |
|
| 55 | + /** @var ISession */ |
|
| 56 | + protected $session; |
|
| 57 | + /** @var ICrypto */ |
|
| 58 | + protected $crypto; |
|
| 59 | + /** @var ISecureRandom */ |
|
| 60 | + protected $random; |
|
| 61 | + /** @var string */ |
|
| 62 | + protected $passphrase; |
|
| 63 | 63 | |
| 64 | - /** |
|
| 65 | - * @param IConfig $config |
|
| 66 | - * @param ICrypto $crypto |
|
| 67 | - * @param ISecureRandom $random |
|
| 68 | - * @param IRequest $request |
|
| 69 | - */ |
|
| 70 | - public function __construct(IConfig $config, |
|
| 71 | - ICrypto $crypto, |
|
| 72 | - ISecureRandom $random, |
|
| 73 | - IRequest $request) { |
|
| 74 | - $this->crypto = $crypto; |
|
| 75 | - $this->config = $config; |
|
| 76 | - $this->random = $random; |
|
| 64 | + /** |
|
| 65 | + * @param IConfig $config |
|
| 66 | + * @param ICrypto $crypto |
|
| 67 | + * @param ISecureRandom $random |
|
| 68 | + * @param IRequest $request |
|
| 69 | + */ |
|
| 70 | + public function __construct(IConfig $config, |
|
| 71 | + ICrypto $crypto, |
|
| 72 | + ISecureRandom $random, |
|
| 73 | + IRequest $request) { |
|
| 74 | + $this->crypto = $crypto; |
|
| 75 | + $this->config = $config; |
|
| 76 | + $this->random = $random; |
|
| 77 | 77 | |
| 78 | - if (!is_null($request->getCookie(self::COOKIE_NAME))) { |
|
| 79 | - $this->passphrase = $request->getCookie(self::COOKIE_NAME); |
|
| 80 | - } else { |
|
| 81 | - $this->passphrase = $this->random->generate(128); |
|
| 82 | - $secureCookie = $request->getServerProtocol() === 'https'; |
|
| 83 | - // FIXME: Required for CI |
|
| 84 | - if (!defined('PHPUNIT_RUN')) { |
|
| 85 | - $webRoot = \OC::$WEBROOT; |
|
| 86 | - if($webRoot === '') { |
|
| 87 | - $webRoot = '/'; |
|
| 88 | - } |
|
| 78 | + if (!is_null($request->getCookie(self::COOKIE_NAME))) { |
|
| 79 | + $this->passphrase = $request->getCookie(self::COOKIE_NAME); |
|
| 80 | + } else { |
|
| 81 | + $this->passphrase = $this->random->generate(128); |
|
| 82 | + $secureCookie = $request->getServerProtocol() === 'https'; |
|
| 83 | + // FIXME: Required for CI |
|
| 84 | + if (!defined('PHPUNIT_RUN')) { |
|
| 85 | + $webRoot = \OC::$WEBROOT; |
|
| 86 | + if($webRoot === '') { |
|
| 87 | + $webRoot = '/'; |
|
| 88 | + } |
|
| 89 | 89 | |
| 90 | - if (PHP_VERSION_ID < 70300) { |
|
| 91 | - setcookie(self::COOKIE_NAME, $this->passphrase, 0, $webRoot, '', $secureCookie, true); |
|
| 92 | - } else { |
|
| 93 | - setcookie( |
|
| 94 | - self::COOKIE_NAME, |
|
| 95 | - $this->passphrase, |
|
| 96 | - [ |
|
| 97 | - 'expires' => 0, |
|
| 98 | - 'path' => $webRoot, |
|
| 99 | - 'domain' => '', |
|
| 100 | - 'secure' => $secureCookie, |
|
| 101 | - 'httponly' => true, |
|
| 102 | - 'samesite' => 'Lax', |
|
| 103 | - ] |
|
| 104 | - ); |
|
| 105 | - } |
|
| 106 | - } |
|
| 107 | - } |
|
| 108 | - } |
|
| 90 | + if (PHP_VERSION_ID < 70300) { |
|
| 91 | + setcookie(self::COOKIE_NAME, $this->passphrase, 0, $webRoot, '', $secureCookie, true); |
|
| 92 | + } else { |
|
| 93 | + setcookie( |
|
| 94 | + self::COOKIE_NAME, |
|
| 95 | + $this->passphrase, |
|
| 96 | + [ |
|
| 97 | + 'expires' => 0, |
|
| 98 | + 'path' => $webRoot, |
|
| 99 | + 'domain' => '', |
|
| 100 | + 'secure' => $secureCookie, |
|
| 101 | + 'httponly' => true, |
|
| 102 | + 'samesite' => 'Lax', |
|
| 103 | + ] |
|
| 104 | + ); |
|
| 105 | + } |
|
| 106 | + } |
|
| 107 | + } |
|
| 108 | + } |
|
| 109 | 109 | |
| 110 | - /** |
|
| 111 | - * @param ISession $session |
|
| 112 | - * @return ISession |
|
| 113 | - */ |
|
| 114 | - public function wrapSession(ISession $session) { |
|
| 115 | - if (!($session instanceof CryptoSessionData)) { |
|
| 116 | - return new CryptoSessionData($session, $this->crypto, $this->passphrase); |
|
| 117 | - } |
|
| 110 | + /** |
|
| 111 | + * @param ISession $session |
|
| 112 | + * @return ISession |
|
| 113 | + */ |
|
| 114 | + public function wrapSession(ISession $session) { |
|
| 115 | + if (!($session instanceof CryptoSessionData)) { |
|
| 116 | + return new CryptoSessionData($session, $this->crypto, $this->passphrase); |
|
| 117 | + } |
|
| 118 | 118 | |
| 119 | - return $session; |
|
| 120 | - } |
|
| 119 | + return $session; |
|
| 120 | + } |
|
| 121 | 121 | } |
@@ -83,7 +83,7 @@ |
||
| 83 | 83 | // FIXME: Required for CI |
| 84 | 84 | if (!defined('PHPUNIT_RUN')) { |
| 85 | 85 | $webRoot = \OC::$WEBROOT; |
| 86 | - if($webRoot === '') { |
|
| 86 | + if ($webRoot === '') { |
|
| 87 | 87 | $webRoot = '/'; |
| 88 | 88 | } |
| 89 | 89 | |
@@ -48,178 +48,178 @@ |
||
| 48 | 48 | * @package OC\Session |
| 49 | 49 | */ |
| 50 | 50 | class Internal extends Session { |
| 51 | - /** |
|
| 52 | - * @param string $name |
|
| 53 | - * @throws \Exception |
|
| 54 | - */ |
|
| 55 | - public function __construct(string $name) { |
|
| 56 | - set_error_handler([$this, 'trapError']); |
|
| 57 | - $this->invoke('session_name', [$name]); |
|
| 58 | - try { |
|
| 59 | - $this->startSession(); |
|
| 60 | - } catch (\Exception $e) { |
|
| 61 | - setcookie($this->invoke('session_name'), '', -1, \OC::$WEBROOT ?: '/'); |
|
| 62 | - } |
|
| 63 | - restore_error_handler(); |
|
| 64 | - if (!isset($_SESSION)) { |
|
| 65 | - throw new \Exception('Failed to start session'); |
|
| 66 | - } |
|
| 67 | - } |
|
| 68 | - |
|
| 69 | - /** |
|
| 70 | - * @param string $key |
|
| 71 | - * @param integer $value |
|
| 72 | - */ |
|
| 73 | - public function set(string $key, $value) { |
|
| 74 | - $this->validateSession(); |
|
| 75 | - $_SESSION[$key] = $value; |
|
| 76 | - } |
|
| 77 | - |
|
| 78 | - /** |
|
| 79 | - * @param string $key |
|
| 80 | - * @return mixed |
|
| 81 | - */ |
|
| 82 | - public function get(string $key) { |
|
| 83 | - if (!$this->exists($key)) { |
|
| 84 | - return null; |
|
| 85 | - } |
|
| 86 | - return $_SESSION[$key]; |
|
| 87 | - } |
|
| 88 | - |
|
| 89 | - /** |
|
| 90 | - * @param string $key |
|
| 91 | - * @return bool |
|
| 92 | - */ |
|
| 93 | - public function exists(string $key): bool { |
|
| 94 | - return isset($_SESSION[$key]); |
|
| 95 | - } |
|
| 96 | - |
|
| 97 | - /** |
|
| 98 | - * @param string $key |
|
| 99 | - */ |
|
| 100 | - public function remove(string $key) { |
|
| 101 | - if (isset($_SESSION[$key])) { |
|
| 102 | - unset($_SESSION[$key]); |
|
| 103 | - } |
|
| 104 | - } |
|
| 105 | - |
|
| 106 | - public function clear() { |
|
| 107 | - $this->invoke('session_unset'); |
|
| 108 | - $this->regenerateId(); |
|
| 109 | - $this->startSession(); |
|
| 110 | - $_SESSION = []; |
|
| 111 | - } |
|
| 112 | - |
|
| 113 | - public function close() { |
|
| 114 | - $this->invoke('session_write_close'); |
|
| 115 | - parent::close(); |
|
| 116 | - } |
|
| 117 | - |
|
| 118 | - /** |
|
| 119 | - * Wrapper around session_regenerate_id |
|
| 120 | - * |
|
| 121 | - * @param bool $deleteOldSession Whether to delete the old associated session file or not. |
|
| 122 | - * @param bool $updateToken Wheater to update the associated auth token |
|
| 123 | - * @return void |
|
| 124 | - */ |
|
| 125 | - public function regenerateId(bool $deleteOldSession = true, bool $updateToken = false) { |
|
| 126 | - $oldId = null; |
|
| 127 | - |
|
| 128 | - if ($updateToken) { |
|
| 129 | - // Get the old id to update the token |
|
| 130 | - try { |
|
| 131 | - $oldId = $this->getId(); |
|
| 132 | - } catch (SessionNotAvailableException $e) { |
|
| 133 | - // We can't update a token if there is no previous id |
|
| 134 | - $updateToken = false; |
|
| 135 | - } |
|
| 136 | - } |
|
| 137 | - |
|
| 138 | - try { |
|
| 139 | - @session_regenerate_id($deleteOldSession); |
|
| 140 | - } catch (\Error $e) { |
|
| 141 | - $this->trapError($e->getCode(), $e->getMessage()); |
|
| 142 | - } |
|
| 143 | - |
|
| 144 | - if ($updateToken) { |
|
| 145 | - // Get the new id to update the token |
|
| 146 | - $newId = $this->getId(); |
|
| 147 | - |
|
| 148 | - /** @var IProvider $tokenProvider */ |
|
| 149 | - $tokenProvider = \OC::$server->query(IProvider::class); |
|
| 150 | - |
|
| 151 | - try { |
|
| 152 | - $tokenProvider->renewSessionToken($oldId, $newId); |
|
| 153 | - } catch (InvalidTokenException $e) { |
|
| 154 | - // Just ignore |
|
| 155 | - } |
|
| 156 | - } |
|
| 157 | - } |
|
| 158 | - |
|
| 159 | - /** |
|
| 160 | - * Wrapper around session_id |
|
| 161 | - * |
|
| 162 | - * @return string |
|
| 163 | - * @throws SessionNotAvailableException |
|
| 164 | - * @since 9.1.0 |
|
| 165 | - */ |
|
| 166 | - public function getId(): string { |
|
| 167 | - $id = $this->invoke('session_id', [], true); |
|
| 168 | - if ($id === '') { |
|
| 169 | - throw new SessionNotAvailableException(); |
|
| 170 | - } |
|
| 171 | - return $id; |
|
| 172 | - } |
|
| 173 | - |
|
| 174 | - /** |
|
| 175 | - * @throws \Exception |
|
| 176 | - */ |
|
| 177 | - public function reopen() { |
|
| 178 | - throw new \Exception('The session cannot be reopened - reopen() is ony to be used in unit testing.'); |
|
| 179 | - } |
|
| 180 | - |
|
| 181 | - /** |
|
| 182 | - * @param int $errorNumber |
|
| 183 | - * @param string $errorString |
|
| 184 | - * @throws \ErrorException |
|
| 185 | - */ |
|
| 186 | - public function trapError(int $errorNumber, string $errorString) { |
|
| 187 | - throw new \ErrorException($errorString); |
|
| 188 | - } |
|
| 189 | - |
|
| 190 | - /** |
|
| 191 | - * @throws \Exception |
|
| 192 | - */ |
|
| 193 | - private function validateSession() { |
|
| 194 | - if ($this->sessionClosed) { |
|
| 195 | - throw new SessionNotAvailableException('Session has been closed - no further changes to the session are allowed'); |
|
| 196 | - } |
|
| 197 | - } |
|
| 198 | - |
|
| 199 | - /** |
|
| 200 | - * @param string $functionName the full session_* function name |
|
| 201 | - * @param array $parameters |
|
| 202 | - * @param bool $silence whether to suppress warnings |
|
| 203 | - * @throws \ErrorException via trapError |
|
| 204 | - * @return mixed |
|
| 205 | - */ |
|
| 206 | - private function invoke(string $functionName, array $parameters = [], bool $silence = false) { |
|
| 207 | - try { |
|
| 208 | - if($silence) { |
|
| 209 | - return @call_user_func_array($functionName, $parameters); |
|
| 210 | - } else { |
|
| 211 | - return call_user_func_array($functionName, $parameters); |
|
| 212 | - } |
|
| 213 | - } catch(\Error $e) { |
|
| 214 | - $this->trapError($e->getCode(), $e->getMessage()); |
|
| 215 | - } |
|
| 216 | - } |
|
| 217 | - |
|
| 218 | - private function startSession() { |
|
| 219 | - if (PHP_VERSION_ID < 70300) { |
|
| 220 | - $this->invoke('session_start'); |
|
| 221 | - } else { |
|
| 222 | - $this->invoke('session_start', [['cookie_samesite' => 'Lax']]); |
|
| 223 | - } |
|
| 224 | - } |
|
| 51 | + /** |
|
| 52 | + * @param string $name |
|
| 53 | + * @throws \Exception |
|
| 54 | + */ |
|
| 55 | + public function __construct(string $name) { |
|
| 56 | + set_error_handler([$this, 'trapError']); |
|
| 57 | + $this->invoke('session_name', [$name]); |
|
| 58 | + try { |
|
| 59 | + $this->startSession(); |
|
| 60 | + } catch (\Exception $e) { |
|
| 61 | + setcookie($this->invoke('session_name'), '', -1, \OC::$WEBROOT ?: '/'); |
|
| 62 | + } |
|
| 63 | + restore_error_handler(); |
|
| 64 | + if (!isset($_SESSION)) { |
|
| 65 | + throw new \Exception('Failed to start session'); |
|
| 66 | + } |
|
| 67 | + } |
|
| 68 | + |
|
| 69 | + /** |
|
| 70 | + * @param string $key |
|
| 71 | + * @param integer $value |
|
| 72 | + */ |
|
| 73 | + public function set(string $key, $value) { |
|
| 74 | + $this->validateSession(); |
|
| 75 | + $_SESSION[$key] = $value; |
|
| 76 | + } |
|
| 77 | + |
|
| 78 | + /** |
|
| 79 | + * @param string $key |
|
| 80 | + * @return mixed |
|
| 81 | + */ |
|
| 82 | + public function get(string $key) { |
|
| 83 | + if (!$this->exists($key)) { |
|
| 84 | + return null; |
|
| 85 | + } |
|
| 86 | + return $_SESSION[$key]; |
|
| 87 | + } |
|
| 88 | + |
|
| 89 | + /** |
|
| 90 | + * @param string $key |
|
| 91 | + * @return bool |
|
| 92 | + */ |
|
| 93 | + public function exists(string $key): bool { |
|
| 94 | + return isset($_SESSION[$key]); |
|
| 95 | + } |
|
| 96 | + |
|
| 97 | + /** |
|
| 98 | + * @param string $key |
|
| 99 | + */ |
|
| 100 | + public function remove(string $key) { |
|
| 101 | + if (isset($_SESSION[$key])) { |
|
| 102 | + unset($_SESSION[$key]); |
|
| 103 | + } |
|
| 104 | + } |
|
| 105 | + |
|
| 106 | + public function clear() { |
|
| 107 | + $this->invoke('session_unset'); |
|
| 108 | + $this->regenerateId(); |
|
| 109 | + $this->startSession(); |
|
| 110 | + $_SESSION = []; |
|
| 111 | + } |
|
| 112 | + |
|
| 113 | + public function close() { |
|
| 114 | + $this->invoke('session_write_close'); |
|
| 115 | + parent::close(); |
|
| 116 | + } |
|
| 117 | + |
|
| 118 | + /** |
|
| 119 | + * Wrapper around session_regenerate_id |
|
| 120 | + * |
|
| 121 | + * @param bool $deleteOldSession Whether to delete the old associated session file or not. |
|
| 122 | + * @param bool $updateToken Wheater to update the associated auth token |
|
| 123 | + * @return void |
|
| 124 | + */ |
|
| 125 | + public function regenerateId(bool $deleteOldSession = true, bool $updateToken = false) { |
|
| 126 | + $oldId = null; |
|
| 127 | + |
|
| 128 | + if ($updateToken) { |
|
| 129 | + // Get the old id to update the token |
|
| 130 | + try { |
|
| 131 | + $oldId = $this->getId(); |
|
| 132 | + } catch (SessionNotAvailableException $e) { |
|
| 133 | + // We can't update a token if there is no previous id |
|
| 134 | + $updateToken = false; |
|
| 135 | + } |
|
| 136 | + } |
|
| 137 | + |
|
| 138 | + try { |
|
| 139 | + @session_regenerate_id($deleteOldSession); |
|
| 140 | + } catch (\Error $e) { |
|
| 141 | + $this->trapError($e->getCode(), $e->getMessage()); |
|
| 142 | + } |
|
| 143 | + |
|
| 144 | + if ($updateToken) { |
|
| 145 | + // Get the new id to update the token |
|
| 146 | + $newId = $this->getId(); |
|
| 147 | + |
|
| 148 | + /** @var IProvider $tokenProvider */ |
|
| 149 | + $tokenProvider = \OC::$server->query(IProvider::class); |
|
| 150 | + |
|
| 151 | + try { |
|
| 152 | + $tokenProvider->renewSessionToken($oldId, $newId); |
|
| 153 | + } catch (InvalidTokenException $e) { |
|
| 154 | + // Just ignore |
|
| 155 | + } |
|
| 156 | + } |
|
| 157 | + } |
|
| 158 | + |
|
| 159 | + /** |
|
| 160 | + * Wrapper around session_id |
|
| 161 | + * |
|
| 162 | + * @return string |
|
| 163 | + * @throws SessionNotAvailableException |
|
| 164 | + * @since 9.1.0 |
|
| 165 | + */ |
|
| 166 | + public function getId(): string { |
|
| 167 | + $id = $this->invoke('session_id', [], true); |
|
| 168 | + if ($id === '') { |
|
| 169 | + throw new SessionNotAvailableException(); |
|
| 170 | + } |
|
| 171 | + return $id; |
|
| 172 | + } |
|
| 173 | + |
|
| 174 | + /** |
|
| 175 | + * @throws \Exception |
|
| 176 | + */ |
|
| 177 | + public function reopen() { |
|
| 178 | + throw new \Exception('The session cannot be reopened - reopen() is ony to be used in unit testing.'); |
|
| 179 | + } |
|
| 180 | + |
|
| 181 | + /** |
|
| 182 | + * @param int $errorNumber |
|
| 183 | + * @param string $errorString |
|
| 184 | + * @throws \ErrorException |
|
| 185 | + */ |
|
| 186 | + public function trapError(int $errorNumber, string $errorString) { |
|
| 187 | + throw new \ErrorException($errorString); |
|
| 188 | + } |
|
| 189 | + |
|
| 190 | + /** |
|
| 191 | + * @throws \Exception |
|
| 192 | + */ |
|
| 193 | + private function validateSession() { |
|
| 194 | + if ($this->sessionClosed) { |
|
| 195 | + throw new SessionNotAvailableException('Session has been closed - no further changes to the session are allowed'); |
|
| 196 | + } |
|
| 197 | + } |
|
| 198 | + |
|
| 199 | + /** |
|
| 200 | + * @param string $functionName the full session_* function name |
|
| 201 | + * @param array $parameters |
|
| 202 | + * @param bool $silence whether to suppress warnings |
|
| 203 | + * @throws \ErrorException via trapError |
|
| 204 | + * @return mixed |
|
| 205 | + */ |
|
| 206 | + private function invoke(string $functionName, array $parameters = [], bool $silence = false) { |
|
| 207 | + try { |
|
| 208 | + if($silence) { |
|
| 209 | + return @call_user_func_array($functionName, $parameters); |
|
| 210 | + } else { |
|
| 211 | + return call_user_func_array($functionName, $parameters); |
|
| 212 | + } |
|
| 213 | + } catch(\Error $e) { |
|
| 214 | + $this->trapError($e->getCode(), $e->getMessage()); |
|
| 215 | + } |
|
| 216 | + } |
|
| 217 | + |
|
| 218 | + private function startSession() { |
|
| 219 | + if (PHP_VERSION_ID < 70300) { |
|
| 220 | + $this->invoke('session_start'); |
|
| 221 | + } else { |
|
| 222 | + $this->invoke('session_start', [['cookie_samesite' => 'Lax']]); |
|
| 223 | + } |
|
| 224 | + } |
|
| 225 | 225 | } |
