nextcloud-server

Commit Graph

Author	SHA1	Message	Date
Andy Scherzinger	dae7c159f7	chore: Add SPDX header Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>	2 years ago
Côme Chilliet	f73f966c98	chore: Add missing ArrayAccess template parameters Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2 years ago
Joas Schilling	aa5f037af7	chore: apply changes from Nextcloud coding standards 1.1.1 Signed-off-by: Joas Schilling <coding@schilljs.com> Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>	2 years ago
Christoph Wurst	63069b6492	fix(session): Do not log fresh/empty session as error Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2 years ago
Christoph Wurst	ca33d6b01c	fix(session): Log when crypto session data is lost Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2 years ago
Julius Härtl	a6761d76ea	fix: Make sure to reopen session before cleaning Otherwise restoring the requesttoken would reopen and read the existing session data and restore it instead of clearing Signed-off-by: Julius Härtl <jus@bitgrid.net>	3 years ago
Julius Härtl	c412821606	Do not remove complete encrypted session key when just a key should be removed Signed-off-by: Julius Härtl <jus@bitgrid.net>	3 years ago
Julius Härtl	2ff840b5c1	Read encrypted session data again on reopen Signed-off-by: Julius Härtl <jus@bitgrid.net>	3 years ago
Julius Härtl	9b4b72826a	Reopen sessions if we need to write to them instead of keeping them open Sessions are a locking operation until we write close them, so close them early and reopen later in case we want to write to them Signed-off-by: Julius Härtl <jus@bitgrid.net>	3 years ago
Côme Chilliet	113756db30	Fix ArrayAccess and JsonSerializable return types First round of modifications for PHP 8.1 Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	4 years ago
John Molakvoæ (skjnldsv)	215aef3cbd	Update php licenses Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>	5 years ago
Roeland Jago Douma	858f623081	Generate a new session id if the decrypting the session data fails Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	5 years ago
Christoph Wurst	28f8eb5dba	Add visibility to all constants Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Christoph Wurst	caff1023ea	Format control structures, classes, methods and function To continue this formatting madness, here's a tiny patch that adds unified formatting for control structures like if and loops as well as classes, their methods and anonymous functions. This basically forces the constructs to start on the same line. This is not exactly what PSR2 wants, but I think we can have a few exceptions with "our" style. The starting of braces on the same line is pracrically standard for our code. This also removes and empty lines from method/function bodies at the beginning and end. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Christoph Wurst	36b3bc8148	Use php keywords in lowercase Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Christoph Wurst	5bf3d1bb38	Update license headers Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Roeland Jago Douma	8c47a632e0	Allow updating the token on session regeneration Sometimes when we force a session regeneration we want to update the current token for this session. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	8 years ago
Roeland Jago Douma	8cb6bb3987	Make ISession strict * Make all implementations strict * Add scalar types Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	8 years ago
Morris Jobke	fe0dbe7fb7	Fix type in CryptoSessionData Found while adding strict typing for PHP7+. Signed-off-by: Morris Jobke <hey@morrisjobke.de>	8 years ago
Morris Jobke	0eebff152a	Update license headers Signed-off-by: Morris Jobke <hey@morrisjobke.de>	8 years ago
Victor Dubiniuk	131df248ef	Catch session already closed exception in destructor	9 years ago
Roeland Jago Douma	bb94b39745	Do not clear CSRF token on logout (fix for #1303 ) This is a hacky way to allow the use case of #1303. What happens is 1. User tries to login 2. PreLoginHook kicks in and figures out that the user need to change their LDAP password or whatever => redirects user 3. While loading the redirect some logic of ours kicks in and logouts the user (thus clearing the session). 4. We render the new page but now the session and the page disagree about the CSRF token This is kind of hacky but I don't think it introduces new attack vectors. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	9 years ago
Joas Schilling	ba87db3fcc	Fix others	10 years ago
Lukas Reschke	aba539703c	Update license headers	10 years ago
Christoph Wurst	e93bf80b29	throw SessionNotAvailableException if session_id returns empty string	10 years ago
Christoph Wurst	0d53e86421	add ISession::getId() wrapper for session_id	10 years ago
Roeland Jago Douma	e2c36c2903	Move \OC\Session to PSR-4	10 years ago
Thomas Müller	682821c71e	Happy new year!	10 years ago
Lukas Reschke	fec41e7539	Move regeneration of session ID into session classes There were code paths that nowadays call ISession::login directly thus bypassing the desired regeneration of the session ID. This moves the session regeneration deeper into the session handling and thus ensures that it is always called. Furthermore, I also added the session regeneration to the remember me cookie plus added some test case expectations for this.	10 years ago
Morris Jobke	b945d71384	update licence headers via script	10 years ago
Lukas Reschke	0b91087489	Write to session in batch at the end of the request	10 years ago
Lukas Reschke	e579dd62fd	Write session data to single key This prevents decrypting values multiple times.	10 years ago
Lukas Reschke	6a3fb0d3b3	Handle failures gracefully, remove switch	11 years ago
Joas Schilling	36eef2ddab	Add a session wrapper to encrypt the data before storing it on disk	11 years ago

27 Commits (addParameterTypingVersionsMapper)