1ab09ec753
chore: Apply new coding standard to all files
...
The diff can be checked using: git diff --ignore-all-space --ignore-blank-lines
To see only the changes not related to blank lines.
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com >
2026-06-01 13:46:39 +02:00
e0ba4d71b6
chore: add missing Override attribute to OC
...
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de >
2026-04-28 21:29:27 +02:00
d3faa4247d
fix(initializeSession): only log HMAC problem to critical logs if indeed critical
...
Signed-off-by: Simon L. <szaimen@e.mail.de >
2026-03-17 11:46:41 +01:00
c96ece0bcb
refactor: Add more typing
...
- repairs job
- database
- redis
And remove Helpertest which was unused outside of some tests.
Signed-off-by: Carl Schwan <carl.schwan@nextcloud.com >
2026-02-06 13:55:39 +01:00
7b6078875b
refactor: Run rector on lib/private
...
Signed-off-by: Carl Schwan <carl.schwan@nextcloud.com >
2026-02-06 13:50:18 +01:00
7e188433a1
fix(session): handle null logger
...
Signed-off-by: Christoph Wurst <1374172+ChristophWurst@users.noreply.github.com >
2026-01-09 16:42:39 +01:00
adf7ea5f0b
perf: log slow DNS operations
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at >
2026-01-08 11:22:15 +01:00
cc89a2a2b8
refactor: extract slow operation logging into trait
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at >
2026-01-08 11:22:15 +01:00
a14cade3ac
feat(core): add cookie_domain config option
...
Signed-off-by: Samuel Bizien Filippi <samuel.bizien-filippi@finances.gouv.fr >
2025-06-16 15:33:48 +02:00
e757b649b7
fix: Fix psalm taint false-positives by small refactorings
...
Mostly make it clear that we trust admin input or that we correctly
escape strings.
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com >
2025-02-17 18:08:23 +01:00
9100b8757e
fix(setup): ignore long session login during installation
...
Signed-off-by: Maxence Lange <maxence@artificial-owl.com >
2024-08-27 12:29:42 -01:00
2b38d6ae7e
fix(session): Log when session_* calls are slow
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at >
2024-08-07 09:02:10 +02:00
38bee2c014
perf: Set session.cache_limiter at runtime to avoid clients caching static assets served by PHP
...
By default there is a Pragma: no-cache header set due to the default
value `no-cache` of session.cache-limiter, which will cause Chrome and
iOS to not cache even with a different Cache-Control header set on the
response.
Signed-off-by: Julius Härtl <jus@bitgrid.net >
2024-07-08 22:30:27 +02:00
dae7c159f7
chore: Add SPDX header
...
Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de >
2024-05-24 13:11:22 +02:00
7c6934dea9
fix(typo): Fix typo in docs
...
Signed-off-by: Joas Schilling <coding@schilljs.com >
2024-03-25 14:55:52 +01:00
f73f966c98
chore: Add missing ArrayAccess template parameters
...
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com >
2024-02-06 10:24:41 +01:00
eee9f1eec4
Always catch OCP versions of authentication exceptions
...
And always throw OC versions for BC
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com >
2024-01-11 14:02:15 +01:00
aa5f037af7
chore: apply changes from Nextcloud coding standards 1.1.1
...
Signed-off-by: Joas Schilling <coding@schilljs.com >
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com >
2023-11-23 10:36:13 +01:00
63069b6492
fix(session): Do not log fresh/empty session as error
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at >
2023-11-07 09:13:48 +01:00
ca33d6b01c
fix(session): Log when crypto session data is lost
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at >
2023-10-11 19:59:18 +02:00
14719110b9
chore: Replace \OC::$server->query with \OCP\Server::get in /lib
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at >
2023-07-06 15:21:22 +02:00
872c181c74
chore: Drop dead private methods in /lib
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at >
2023-06-06 11:01:58 +02:00
45ec432492
Don't call session_start() when PHP session is still or already open.
...
Signed-off-by: Claus-Justus Heine <himself@claus-justus-heine.de >
2023-04-17 16:23:02 +02:00
f5c361cf44
composer run cs:fix
...
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com >
2023-01-20 11:45:08 +01:00
a6761d76ea
fix: Make sure to reopen session before cleaning
...
Otherwise restoring the requesttoken would reopen and read the existing
session data and restore it instead of clearing
Signed-off-by: Julius Härtl <jus@bitgrid.net >
2022-12-10 13:37:55 +01:00
c412821606
Do not remove complete encrypted session key when just a key should be removed
...
Signed-off-by: Julius Härtl <jus@bitgrid.net >
2022-11-03 13:20:30 +01:00
2ff840b5c1
Read encrypted session data again on reopen
...
Signed-off-by: Julius Härtl <jus@bitgrid.net >
2022-11-03 13:20:30 +01:00
9e1d431255
Add config option to disable strict session timeout to be able to use read_and_close
...
Fixed https://github.com/nextcloud/server/issues/29356
Signed-off-by: Julius Härtl <jus@bitgrid.net >
2022-08-17 12:10:27 +02:00
9b4b72826a
Reopen sessions if we need to write to them instead of keeping them open
...
Sessions are a locking operation until we write close them, so close
them early and reopen later in case we want to write to them
Signed-off-by: Julius Härtl <jus@bitgrid.net >
2022-08-17 12:10:26 +02:00
368f83095d
Fix typos in lib/private subdirectory
...
Found via `codespell -q 3 -S l10n -L jus ./lib/private`
Signed-off-by: luz paz <luzpaz@github.com >
2022-07-27 08:52:17 -04:00
113756db30
Fix ArrayAccess and JsonSerializable return types
...
First round of modifications for PHP 8.1
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com >
2021-11-23 09:28:56 +01:00
c1ea6a899c
Only trap E_ERROR in session handling
...
Signed-off-by: Julius Härtl <jus@bitgrid.net >
2021-08-17 10:47:25 +02:00
215aef3cbd
Update php licenses
...
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com >
2021-06-04 22:02:41 +02:00
858f623081
Generate a new session id if the decrypting the session data fails
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl >
2020-12-04 11:42:40 +01:00
7e2c3a820e
Remove the cookie paths for php<7.3
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at >
2020-11-06 15:57:17 +01:00
8daaf33e3d
Silence duplicate session warnings
...
Fixes #20490
Basically restroring the old behavior.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl >
2020-08-14 05:23:11 +02:00
cb057829f7
Update license headers for 19
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at >
2020-04-29 11:57:22 +02:00
28f8eb5dba
Add visibility to all constants
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at >
2020-04-10 16:54:27 +02:00
caff1023ea
Format control structures, classes, methods and function
...
To continue this formatting madness, here's a tiny patch that adds
unified formatting for control structures like if and loops as well as
classes, their methods and anonymous functions. This basically forces
the constructs to start on the same line. This is not exactly what PSR2
wants, but I think we can have a few exceptions with "our" style. The
starting of braces on the same line is pracrically standard for our
code.
This also removes and empty lines from method/function bodies at the
beginning and end.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at >
2020-04-10 14:19:56 +02:00
36b3bc8148
Use php keywords in lowercase
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at >
2020-04-09 14:04:56 +02:00
74936c49ea
Remove unused imports
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at >
2020-03-25 22:08:08 +01:00
2016e57eab
Only send samesite cookies
...
This makes the last remaining two cookies lax. The session cookie
itself. And the session password as well (on php 7.3 that is). Samesite
cookies are the best cookies!
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl >
2020-02-06 15:24:35 +01:00
5bf3d1bb38
Update license headers
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at >
2019-12-05 15:38:45 +01:00
fe21b10de5
replace setcookie value with '' instead of null.
...
The php documentation states that an empty string should be used for a cookie when it has no real value.
null leads to the following error: expects parameter 2 to be string, null given
Signed-off-by: Martin Böh <mart.b@outlook.de >
2018-09-06 20:34:16 +02:00
8c47a632e0
Allow updating the token on session regeneration
...
Sometimes when we force a session regeneration we want to update the
current token for this session.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl >
2018-06-14 08:09:36 +02:00
8cb6bb3987
Make ISession strict
...
* Make all implementations strict
* Add scalar types
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl >
2018-02-26 22:20:21 +01:00
fe0dbe7fb7
Fix type in CryptoSessionData
...
Found while adding strict typing for PHP7+.
Signed-off-by: Morris Jobke <hey@morrisjobke.de >
2018-01-12 22:41:03 +01:00
0eebff152a
Update license headers
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de >
2017-11-06 16:56:19 +01:00
4166d61ce6
Fix MigrationSchemaChecker and CryptoWrapper
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch >
2017-08-01 08:20:16 +02:00
d1a8269de3
Forward port of #5190 to master
...
Treat PHP Errors on User session regenerate
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de >
remove unnecessary lines…
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de >
change PHP errors to ErrorException in the session (PHP >=7)
Otherwise it might be that authentication apps are being disabled on
during operation while in fact the session handler has hiccup.
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de >
2017-06-15 11:20:49 +02:00
Côme Chilliet
Ferdinand Thiessen
Simon L.
Carl Schwan
Christoph Wurst
Christoph Wurst
Samuel Bizien Filippi
Maxence Lange
Julius Härtl
Andy Scherzinger
Joas Schilling
Claus-Justus Heine
luz paz
John Molakvoæ (skjnldsv)
Roeland Jago Douma
MartB
Morris Jobke
Lukas Reschke
Arthur Schiwon