Skip to content

Commit

Permalink
Merge pull request #40785 from nextcloud/fix/user/log-logout-conditions
Browse files Browse the repository at this point in the history
fix: Log critical session renewal and logout paths
  • Loading branch information
ChristophWurst authored Oct 10, 2023
2 parents e6d0105 + f398d0b commit 8c2b9b3
Showing 1 changed file with 33 additions and 5 deletions.
38 changes: 33 additions & 5 deletions lib/private/User/Session.php
Original file line number Diff line number Diff line change
Expand Up @@ -783,6 +783,11 @@ private function validateToken($token, $user = null) {
try {
$dbToken = $this->tokenProvider->getToken($token);
} catch (InvalidTokenException $ex) {
$this->logger->warning('Session token is invalid because it does not exist', [
'app' => 'core',
'user' => $user,
'exception' => $ex,
]);
return false;
}

Expand All @@ -802,6 +807,10 @@ private function validateToken($token, $user = null) {
}

if (!$this->checkTokenCredentials($dbToken, $token)) {
$this->logger->warning('Session token credentials are invalid', [
'app' => 'core',
'user' => $user,
]);
return false;
}

Expand Down Expand Up @@ -877,28 +886,40 @@ public function loginWithCookie($uid, $currentToken, $oldSessionId) {
$tokens = $this->config->getUserKeys($uid, 'login_token');
// test cookies token against stored tokens
if (!in_array($currentToken, $tokens, true)) {
$this->logger->info('Tried to log in {uid} but could not verify token', [
$this->logger->info('Tried to log in but could not verify token', [
'app' => 'core',
'uid' => $uid,
'user' => $uid,
]);
return false;
}
// replace successfully used token with a new one
$this->config->deleteUserValue($uid, 'login_token', $currentToken);
$newToken = $this->random->generate(32);
$this->config->setUserValue($uid, 'login_token', $newToken, (string)$this->timeFactory->getTime());
$this->logger->debug('Remember-me token replaced', [
'app' => 'core',
'user' => $uid,
]);

try {
$sessionId = $this->session->getId();
$token = $this->tokenProvider->renewSessionToken($oldSessionId, $sessionId);
$this->logger->debug('Session token replaced', [
'app' => 'core',
'user' => $uid,
]);
} catch (SessionNotAvailableException $ex) {
$this->logger->warning('Could not renew session token for {uid} because the session is unavailable', [
$this->logger->critical('Could not renew session token for {uid} because the session is unavailable', [
'app' => 'core',
'uid' => $uid,
'user' => $uid,
]);
return false;
} catch (InvalidTokenException $ex) {
$this->logger->warning('Renewing session token failed', ['app' => 'core']);
$this->logger->error('Renewing session token failed', [
'app' => 'core',
'user' => $uid,
]);
return false;
}

Expand Down Expand Up @@ -937,10 +958,17 @@ public function logout() {
$this->manager->emit('\OC\User', 'logout', [$user]);
if ($user !== null) {
try {
$this->tokenProvider->invalidateToken($this->session->getId());
$token = $this->session->getId();
$this->tokenProvider->invalidateToken($token);
$this->logger->debug('Session token invalidated before logout', [
'user' => $user->getUID(),
]);
} catch (SessionNotAvailableException $ex) {
}
}
$this->logger->debug('Logging out', [
'user' => $user === null ? null : $user->getUID(),
]);
$this->setUser(null);
$this->setLoginName(null);
$this->setToken(null);
Expand Down

0 comments on commit 8c2b9b3

Please sign in to comment.