open-dsi
/
nextcloud-server
mirror of https://github.com/nextcloud/server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fix(session): Avoid two useless authtoken DB queries for every anonymous request

Browse Source 
Co-Authored-By: Christoph Wurst <christoph@winzerhof-wurst.at>
Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
pull/42607/head
Git'Fellow 11 months ago committed by Christoph Wurst
parent ad12af8d06
commit 72e0618f20
No known key found for this signature in database
GPG Key ID: CC42AC2A7F0E56D8
2 changed files with 55 additions and 2 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 7
      lib/private/User/Session.php
  2. 50
      tests/lib/User/SessionTest.php

7
lib/private/User/Session.php
Unescape View File

@ -842,13 +842,16 @@ class Session implements IUserSession, Emitter {
$authHeader = $request->getHeader('Authorization');
if (str_starts_with($authHeader, 'Bearer ')) {
$token = substr($authHeader, 7);
} else {
// No auth header, let's try session id
} elseif ($request->getCookie($this->config->getSystemValueString('instanceid')) !== null) {
// No auth header, let's try session id, but only if this is an existing
// session and the request has a session cookie
try {
$token = $this->session->getId();
} catch (SessionNotAvailableException $ex) {
return false;
}
} else {
return false;
}
if (!$this->loginWithToken($token)) {

50
tests/lib/User/SessionTest.php
Unescape View File

@ -479,6 +479,56 @@ class SessionTest extends \Test\TestCase {
$userSession->logClientIn('john', 'doe', $request, $this->throttler);
}
public function testTryTokenLoginNoHeaderNoSessionCookie(): void {
$request = $this->createMock(IRequest::class);
$this->config->expects(self::once())
->method('getSystemValueString')
->with('instanceid')
->willReturn('abc123');
$request->method('getHeader')->with('Authorization')->willReturn('');
$request->method('getCookie')->with('abc123')->willReturn(null);
$this->tokenProvider->expects(self::never())
->method('getToken');
$loginResult = $this->userSession->tryTokenLogin($request);
self::assertFalse($loginResult);
}
public function testTryTokenLoginAuthorizationHeaderTokenNotFound(): void {
$request = $this->createMock(IRequest::class);
$request->method('getHeader')->with('Authorization')->willReturn('Bearer abcde-12345');
$this->tokenProvider->expects(self::once())
->method('getToken')
->with('abcde-12345')
->willThrowException(new InvalidTokenException());
$loginResult = $this->userSession->tryTokenLogin($request);
self::assertFalse($loginResult);
}
public function testTryTokenLoginSessionIdTokenNotFound(): void {
$request = $this->createMock(IRequest::class);
$this->config->expects(self::once())
->method('getSystemValueString')
->with('instanceid')
->willReturn('abc123');
$request->method('getHeader')->with('Authorization')->willReturn('');
$request->method('getCookie')->with('abc123')->willReturn('abcde12345');
$this->session->expects(self::once())
->method('getId')
->willReturn('abcde12345');
$this->tokenProvider->expects(self::once())
->method('getToken')
->with('abcde12345')
->willThrowException(new InvalidTokenException());
$loginResult = $this->userSession->tryTokenLogin($request);
self::assertFalse($loginResult);
}
public function testRememberLoginValidToken() {
$session = $this->getMockBuilder(Memory::class)->setConstructorArgs([''])->getMock();
$managerMethods = get_class_methods(Manager::class);

Write Preview
Loading…
Cancel
Save