mirror of
https://github.com/nextcloud/server.git
synced 2026-05-22 10:06:37 -04:00
242164f0fd
Sessions created during the login flow v2 should be short lived to not leave an unexpected opened session in the browser. This commit add a property to the session object to track its origin, and will close it as soon as possible, i.e., on the first non public page request. Signed-off-by: Louis Chemineau <louis@chmn.me>
27 lines
685 B
PHP
27 lines
685 B
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
/**
|
|
* SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors
|
|
* SPDX-License-Identifier: AGPL-3.0-or-later
|
|
*/
|
|
namespace OC\Authentication\Login;
|
|
|
|
use OC\Core\Controller\ClientFlowLoginV2Controller;
|
|
use OCP\ISession;
|
|
|
|
class FlowV2EphemeralSessionsCommand extends ALoginCommand {
|
|
public function __construct(
|
|
private ISession $session,
|
|
) {
|
|
}
|
|
|
|
public function process(LoginData $loginData): LoginResult {
|
|
if (str_starts_with($loginData->getRedirectUrl() ?? '', '/login/v2/grant')) {
|
|
$this->session->set(ClientFlowLoginV2Controller::EPHEMERAL_NAME, true);
|
|
}
|
|
|
|
return $this->processNextOrFinishSuccessfully($loginData);
|
|
}
|
|
}
|