upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-04-15 22:11:17 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 25

Log if cookie login failed with token mismatch or session unavailability

Browse source 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
This commit is contained in:
Christoph Wurst 2022-08-31 10:37:48 +02:00
parent 9318483540
commit 0184fbe86b
No known key found for this signature in database
GPG key ID: CC42AC2A7F0E56D8
1 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
lib/private/User/Session.php
View file

@ -865,6 +865,10 @@ class Session implements IUserSession, Emitter {
$tokens = $this->config->getUserKeys($uid, 'login_token');
// test cookies token against stored tokens
if (!in_array($currentToken, $tokens, true)) {
$this->logger->error('Tried to log in {uid} but could not verify token', [
'app' => 'core',
'uid' => $uid,
]);
return false;
}
// replace successfully used token with a new one
@ -876,6 +880,10 @@ class Session implements IUserSession, Emitter {
$sessionId = $this->session->getId();
$token = $this->tokenProvider->renewSessionToken($oldSessionId, $sessionId);
} catch (SessionNotAvailableException $ex) {
$this->logger->warning('Could not renew session token for {uid} because the session is unavailable', [
'app' => 'core',
'uid' => $uid,
]);
return false;
} catch (InvalidTokenException $ex) {
$this->logger->warning('Renewing session token failed', ['app' => 'core']);