1
0

Internal.php 5.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228
  1. <?php
  2. declare(strict_types=1);
  3. /**
  4. * @copyright Copyright (c) 2016, ownCloud, Inc.
  5. *
  6. * @author Arthur Schiwon <blizzz@arthur-schiwon.de>
  7. * @author cetra3 <peter@parashift.com.au>
  8. * @author Christoph Wurst <christoph@winzerhof-wurst.at>
  9. * @author Lukas Reschke <lukas@statuscode.ch>
  10. * @author MartB <mart.b@outlook.de>
  11. * @author Morris Jobke <hey@morrisjobke.de>
  12. * @author Robin Appelman <robin@icewind.nl>
  13. * @author Roeland Jago Douma <roeland@famdouma.nl>
  14. * @author Thomas Müller <thomas.mueller@tmit.eu>
  15. * @author Victor Dubiniuk <dubiniuk@owncloud.com>
  16. *
  17. * @license AGPL-3.0
  18. *
  19. * This code is free software: you can redistribute it and/or modify
  20. * it under the terms of the GNU Affero General Public License, version 3,
  21. * as published by the Free Software Foundation.
  22. *
  23. * This program is distributed in the hope that it will be useful,
  24. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  25. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  26. * GNU Affero General Public License for more details.
  27. *
  28. * You should have received a copy of the GNU Affero General Public License, version 3,
  29. * along with this program. If not, see <http://www.gnu.org/licenses/>
  30. *
  31. */
  32. namespace OC\Session;
  33. use OC\Authentication\Token\IProvider;
  34. use OCP\Authentication\Exceptions\InvalidTokenException;
  35. use OCP\Session\Exceptions\SessionNotAvailableException;
  36. /**
  37. * Class Internal
  38. *
  39. * wrap php's internal session handling into the Session interface
  40. *
  41. * @package OC\Session
  42. */
  43. class Internal extends Session {
  44. /**
  45. * @param string $name
  46. * @throws \Exception
  47. */
  48. public function __construct(string $name) {
  49. set_error_handler([$this, 'trapError']);
  50. $this->invoke('session_name', [$name]);
  51. $this->invoke('session_cache_limiter', ['']);
  52. try {
  53. $this->startSession();
  54. } catch (\Exception $e) {
  55. setcookie($this->invoke('session_name'), '', -1, \OC::$WEBROOT ?: '/');
  56. }
  57. restore_error_handler();
  58. if (!isset($_SESSION)) {
  59. throw new \Exception('Failed to start session');
  60. }
  61. }
  62. /**
  63. * @param string $key
  64. * @param integer $value
  65. */
  66. public function set(string $key, $value) {
  67. $reopened = $this->reopen();
  68. $_SESSION[$key] = $value;
  69. if ($reopened) {
  70. $this->close();
  71. }
  72. }
  73. /**
  74. * @param string $key
  75. * @return mixed
  76. */
  77. public function get(string $key) {
  78. if (!$this->exists($key)) {
  79. return null;
  80. }
  81. return $_SESSION[$key];
  82. }
  83. /**
  84. * @param string $key
  85. * @return bool
  86. */
  87. public function exists(string $key): bool {
  88. return isset($_SESSION[$key]);
  89. }
  90. /**
  91. * @param string $key
  92. */
  93. public function remove(string $key) {
  94. if (isset($_SESSION[$key])) {
  95. unset($_SESSION[$key]);
  96. }
  97. }
  98. public function clear() {
  99. $this->reopen();
  100. $this->invoke('session_unset');
  101. $this->regenerateId();
  102. $this->invoke('session_write_close');
  103. $this->startSession(true);
  104. $_SESSION = [];
  105. }
  106. public function close() {
  107. $this->invoke('session_write_close');
  108. parent::close();
  109. }
  110. /**
  111. * Wrapper around session_regenerate_id
  112. *
  113. * @param bool $deleteOldSession Whether to delete the old associated session file or not.
  114. * @param bool $updateToken Wheater to update the associated auth token
  115. * @return void
  116. */
  117. public function regenerateId(bool $deleteOldSession = true, bool $updateToken = false) {
  118. $this->reopen();
  119. $oldId = null;
  120. if ($updateToken) {
  121. // Get the old id to update the token
  122. try {
  123. $oldId = $this->getId();
  124. } catch (SessionNotAvailableException $e) {
  125. // We can't update a token if there is no previous id
  126. $updateToken = false;
  127. }
  128. }
  129. try {
  130. @session_regenerate_id($deleteOldSession);
  131. } catch (\Error $e) {
  132. $this->trapError($e->getCode(), $e->getMessage());
  133. }
  134. if ($updateToken) {
  135. // Get the new id to update the token
  136. $newId = $this->getId();
  137. /** @var IProvider $tokenProvider */
  138. $tokenProvider = \OCP\Server::get(IProvider::class);
  139. try {
  140. $tokenProvider->renewSessionToken($oldId, $newId);
  141. } catch (InvalidTokenException $e) {
  142. // Just ignore
  143. }
  144. }
  145. }
  146. /**
  147. * Wrapper around session_id
  148. *
  149. * @return string
  150. * @throws SessionNotAvailableException
  151. * @since 9.1.0
  152. */
  153. public function getId(): string {
  154. $id = $this->invoke('session_id', [], true);
  155. if ($id === '') {
  156. throw new SessionNotAvailableException();
  157. }
  158. return $id;
  159. }
  160. /**
  161. * @throws \Exception
  162. */
  163. public function reopen(): bool {
  164. if ($this->sessionClosed) {
  165. $this->startSession(false, false);
  166. $this->sessionClosed = false;
  167. return true;
  168. }
  169. return false;
  170. }
  171. /**
  172. * @param int $errorNumber
  173. * @param string $errorString
  174. * @throws \ErrorException
  175. */
  176. public function trapError(int $errorNumber, string $errorString) {
  177. if ($errorNumber & E_ERROR) {
  178. throw new \ErrorException($errorString);
  179. }
  180. }
  181. /**
  182. * @param string $functionName the full session_* function name
  183. * @param array $parameters
  184. * @param bool $silence whether to suppress warnings
  185. * @throws \ErrorException via trapError
  186. * @return mixed
  187. */
  188. private function invoke(string $functionName, array $parameters = [], bool $silence = false) {
  189. try {
  190. if ($silence) {
  191. return @call_user_func_array($functionName, $parameters);
  192. } else {
  193. return call_user_func_array($functionName, $parameters);
  194. }
  195. } catch (\Error $e) {
  196. $this->trapError($e->getCode(), $e->getMessage());
  197. }
  198. }
  199. private function startSession(bool $silence = false, bool $readAndClose = true) {
  200. $sessionParams = ['cookie_samesite' => 'Lax'];
  201. if (\OC::hasSessionRelaxedExpiry()) {
  202. $sessionParams['read_and_close'] = $readAndClose;
  203. }
  204. $this->invoke('session_start', [$sessionParams], $silence);
  205. }
  206. }