nextcloud-server

Commit Graph

Author	SHA1	Message	Date
Maxence Lange	9100b8757e	fix(setup): ignore long session login during installation Signed-off-by: Maxence Lange <maxence@artificial-owl.com>	1 year ago
Christoph Wurst	2b38d6ae7e	fix(session): Log when session_* calls are slow Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	1 year ago
Julius Härtl	38bee2c014	perf: Set session.cache_limiter at runtime to avoid clients caching static assets served by PHP By default there is a Pragma: no-cache header set due to the default value `no-cache` of session.cache-limiter, which will cause Chrome and iOS to not cache even with a different Cache-Control header set on the response. Signed-off-by: Julius Härtl <jus@bitgrid.net>	2 years ago
Andy Scherzinger	dae7c159f7	chore: Add SPDX header Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>	2 years ago
Joas Schilling	7c6934dea9	fix(typo): Fix typo in docs Signed-off-by: Joas Schilling <coding@schilljs.com>	2 years ago
Côme Chilliet	f73f966c98	chore: Add missing ArrayAccess template parameters Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2 years ago
Côme Chilliet	eee9f1eec4	Always catch OCP versions of authentication exceptions And always throw OC versions for BC Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2 years ago
Joas Schilling	aa5f037af7	chore: apply changes from Nextcloud coding standards 1.1.1 Signed-off-by: Joas Schilling <coding@schilljs.com> Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>	2 years ago
Christoph Wurst	63069b6492	fix(session): Do not log fresh/empty session as error Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2 years ago
Christoph Wurst	ca33d6b01c	fix(session): Log when crypto session data is lost Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2 years ago
Christoph Wurst	14719110b9	chore: Replace \OC::$server->query with \OCP\Server::get in /lib Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	3 years ago
Christoph Wurst	872c181c74	chore: Drop dead private methods in /lib Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	3 years ago
Claus-Justus Heine	45ec432492	Don't call session_start() when PHP session is still or already open. Signed-off-by: Claus-Justus Heine <himself@claus-justus-heine.de>	3 years ago
Côme Chilliet	f5c361cf44	composer run cs:fix Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	3 years ago
Julius Härtl	a6761d76ea	fix: Make sure to reopen session before cleaning Otherwise restoring the requesttoken would reopen and read the existing session data and restore it instead of clearing Signed-off-by: Julius Härtl <jus@bitgrid.net>	3 years ago
Julius Härtl	c412821606	Do not remove complete encrypted session key when just a key should be removed Signed-off-by: Julius Härtl <jus@bitgrid.net>	3 years ago
Julius Härtl	2ff840b5c1	Read encrypted session data again on reopen Signed-off-by: Julius Härtl <jus@bitgrid.net>	3 years ago
Julius Härtl	9e1d431255	Add config option to disable strict session timeout to be able to use read_and_close Fixed https://github.com/nextcloud/server/issues/29356 Signed-off-by: Julius Härtl <jus@bitgrid.net>	3 years ago
Julius Härtl	9b4b72826a	Reopen sessions if we need to write to them instead of keeping them open Sessions are a locking operation until we write close them, so close them early and reopen later in case we want to write to them Signed-off-by: Julius Härtl <jus@bitgrid.net>	3 years ago
luz paz	368f83095d	Fix typos in lib/private subdirectory Found via `codespell -q 3 -S l10n -L jus ./lib/private` Signed-off-by: luz paz <luzpaz@github.com>	3 years ago
Côme Chilliet	113756db30	Fix ArrayAccess and JsonSerializable return types First round of modifications for PHP 8.1 Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	4 years ago
Julius Härtl	c1ea6a899c	Only trap E_ERROR in session handling Signed-off-by: Julius Härtl <jus@bitgrid.net>	4 years ago
John Molakvoæ (skjnldsv)	215aef3cbd	Update php licenses Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>	5 years ago
Roeland Jago Douma	858f623081	Generate a new session id if the decrypting the session data fails Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	5 years ago
Christoph Wurst	7e2c3a820e	Remove the cookie paths for php<7.3 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	5 years ago
Roeland Jago Douma	8daaf33e3d	Silence duplicate session warnings Fixes #20490 Basically restroring the old behavior. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	5 years ago
Christoph Wurst	cb057829f7	Update license headers for 19 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Christoph Wurst	28f8eb5dba	Add visibility to all constants Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Christoph Wurst	caff1023ea	Format control structures, classes, methods and function To continue this formatting madness, here's a tiny patch that adds unified formatting for control structures like if and loops as well as classes, their methods and anonymous functions. This basically forces the constructs to start on the same line. This is not exactly what PSR2 wants, but I think we can have a few exceptions with "our" style. The starting of braces on the same line is pracrically standard for our code. This also removes and empty lines from method/function bodies at the beginning and end. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Christoph Wurst	36b3bc8148	Use php keywords in lowercase Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Christoph Wurst	74936c49ea	Remove unused imports Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Roeland Jago Douma	2016e57eab	Only send samesite cookies This makes the last remaining two cookies lax. The session cookie itself. And the session password as well (on php 7.3 that is). Samesite cookies are the best cookies! Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	6 years ago
Christoph Wurst	5bf3d1bb38	Update license headers Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
MartB	fe21b10de5	replace setcookie value with '' instead of null. The php documentation states that an empty string should be used for a cookie when it has no real value. null leads to the following error: expects parameter 2 to be string, null given Signed-off-by: Martin Böh <mart.b@outlook.de>	7 years ago
Roeland Jago Douma	8c47a632e0	Allow updating the token on session regeneration Sometimes when we force a session regeneration we want to update the current token for this session. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	8 years ago
Roeland Jago Douma	8cb6bb3987	Make ISession strict * Make all implementations strict * Add scalar types Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	8 years ago
Morris Jobke	fe0dbe7fb7	Fix type in CryptoSessionData Found while adding strict typing for PHP7+. Signed-off-by: Morris Jobke <hey@morrisjobke.de>	8 years ago
Morris Jobke	0eebff152a	Update license headers Signed-off-by: Morris Jobke <hey@morrisjobke.de>	8 years ago
Lukas Reschke	4166d61ce6	Fix MigrationSchemaChecker and CryptoWrapper Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	9 years ago
Arthur Schiwon	d1a8269de3	Forward port of #5190 to master Treat PHP Errors on User session regenerate Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de> remove unnecessary lines… Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de> change PHP errors to ErrorException in the session (PHP >=7) Otherwise it might be that authentication apps are being disabled on during operation while in fact the session handler has hiccup. Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	9 years ago
Victor Dubiniuk	131df248ef	Catch session already closed exception in destructor	9 years ago
Roeland Jago Douma	bb94b39745	Do not clear CSRF token on logout (fix for #1303 ) This is a hacky way to allow the use case of #1303. What happens is 1. User tries to login 2. PreLoginHook kicks in and figures out that the user need to change their LDAP password or whatever => redirects user 3. While loading the redirect some logic of ours kicks in and logouts the user (thus clearing the session). 4. We render the new page but now the session and the page disagree about the CSRF token This is kind of hacky but I don't think it introduces new attack vectors. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	9 years ago
Joas Schilling	0215b004da	Update with robin	10 years ago
Joas Schilling	ba87db3fcc	Fix others	10 years ago
Lukas Reschke	aba539703c	Update license headers	10 years ago
Christoph Wurst	e93bf80b29	throw SessionNotAvailableException if session_id returns empty string	10 years ago
Christoph Wurst	0d53e86421	add ISession::getId() wrapper for session_id	10 years ago
Roeland Jago Douma	e2c36c2903	Move \OC\Session to PSR-4	10 years ago

48 Commits (2bdc97741cd42843f85750421cba032942d860ed)