1
0

Internal.php 5.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213
  1. <?php
  2. declare(strict_types=1);
  3. /**
  4. * @copyright Copyright (c) 2016, ownCloud, Inc.
  5. *
  6. * @author Arthur Schiwon <blizzz@arthur-schiwon.de>
  7. * @author cetra3 <peter@parashift.com.au>
  8. * @author Christoph Wurst <christoph@owncloud.com>
  9. * @author Lukas Reschke <lukas@statuscode.ch>
  10. * @author Morris Jobke <hey@morrisjobke.de>
  11. * @author Robin Appelman <robin@icewind.nl>
  12. * @author Thomas Müller <thomas.mueller@tmit.eu>
  13. * @author Victor Dubiniuk <dubiniuk@owncloud.com>
  14. *
  15. * @license AGPL-3.0
  16. *
  17. * This code is free software: you can redistribute it and/or modify
  18. * it under the terms of the GNU Affero General Public License, version 3,
  19. * as published by the Free Software Foundation.
  20. *
  21. * This program is distributed in the hope that it will be useful,
  22. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  23. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  24. * GNU Affero General Public License for more details.
  25. *
  26. * You should have received a copy of the GNU Affero General Public License, version 3,
  27. * along with this program. If not, see <http://www.gnu.org/licenses/>
  28. *
  29. */
  30. namespace OC\Session;
  31. use OC\Authentication\Exceptions\InvalidTokenException;
  32. use OC\Authentication\Token\IProvider;
  33. use OC\SystemConfig;
  34. use OCP\IConfig;
  35. use OCP\Session\Exceptions\SessionNotAvailableException;
  36. /**
  37. * Class Internal
  38. *
  39. * wrap php's internal session handling into the Session interface
  40. *
  41. * @package OC\Session
  42. */
  43. class Internal extends Session {
  44. /**
  45. * @param string $name
  46. * @throws \Exception
  47. */
  48. public function __construct(string $name) {
  49. set_error_handler([$this, 'trapError']);
  50. $this->invoke('session_name', [$name]);
  51. try {
  52. $this->invoke('session_start');
  53. } catch (\Exception $e) {
  54. setcookie($this->invoke('session_name'), '', -1, \OC::$WEBROOT ?: '/');
  55. }
  56. restore_error_handler();
  57. if (!isset($_SESSION)) {
  58. throw new \Exception('Failed to start session');
  59. }
  60. }
  61. /**
  62. * @param string $key
  63. * @param integer $value
  64. */
  65. public function set(string $key, $value) {
  66. $this->validateSession();
  67. $_SESSION[$key] = $value;
  68. }
  69. /**
  70. * @param string $key
  71. * @return mixed
  72. */
  73. public function get(string $key) {
  74. if (!$this->exists($key)) {
  75. return null;
  76. }
  77. return $_SESSION[$key];
  78. }
  79. /**
  80. * @param string $key
  81. * @return bool
  82. */
  83. public function exists(string $key): bool {
  84. return isset($_SESSION[$key]);
  85. }
  86. /**
  87. * @param string $key
  88. */
  89. public function remove(string $key) {
  90. if (isset($_SESSION[$key])) {
  91. unset($_SESSION[$key]);
  92. }
  93. }
  94. public function clear() {
  95. $this->invoke('session_unset');
  96. $this->regenerateId();
  97. $this->invoke('session_start', [], true);
  98. $_SESSION = [];
  99. }
  100. public function close() {
  101. $this->invoke('session_write_close');
  102. parent::close();
  103. }
  104. /**
  105. * Wrapper around session_regenerate_id
  106. *
  107. * @param bool $deleteOldSession Whether to delete the old associated session file or not.
  108. * @param bool $updateToken Wheater to update the associated auth token
  109. * @return void
  110. */
  111. public function regenerateId(bool $deleteOldSession = true, bool $updateToken = false) {
  112. $oldId = null;
  113. if ($updateToken) {
  114. // Get the old id to update the token
  115. try {
  116. $oldId = $this->getId();
  117. } catch (SessionNotAvailableException $e) {
  118. // We can't update a token if there is no previous id
  119. $updateToken = false;
  120. }
  121. }
  122. try {
  123. @session_regenerate_id($deleteOldSession);
  124. } catch (\Error $e) {
  125. $this->trapError($e->getCode(), $e->getMessage());
  126. }
  127. if ($updateToken) {
  128. // Get the new id to update the token
  129. $newId = $this->getId();
  130. /** @var IProvider $tokenProvider */
  131. $tokenProvider = \OC::$server->query(IProvider::class);
  132. try {
  133. $tokenProvider->renewSessionToken($oldId, $newId);
  134. } catch (InvalidTokenException $e) {
  135. // Just ignore
  136. }
  137. }
  138. }
  139. /**
  140. * Wrapper around session_id
  141. *
  142. * @return string
  143. * @throws SessionNotAvailableException
  144. * @since 9.1.0
  145. */
  146. public function getId(): string {
  147. $id = $this->invoke('session_id', [], true);
  148. if ($id === '') {
  149. throw new SessionNotAvailableException();
  150. }
  151. return $id;
  152. }
  153. /**
  154. * @throws \Exception
  155. */
  156. public function reopen() {
  157. throw new \Exception('The session cannot be reopened - reopen() is ony to be used in unit testing.');
  158. }
  159. /**
  160. * @param int $errorNumber
  161. * @param string $errorString
  162. * @throws \ErrorException
  163. */
  164. public function trapError(int $errorNumber, string $errorString) {
  165. throw new \ErrorException($errorString);
  166. }
  167. /**
  168. * @throws \Exception
  169. */
  170. private function validateSession() {
  171. if ($this->sessionClosed) {
  172. throw new SessionNotAvailableException('Session has been closed - no further changes to the session are allowed');
  173. }
  174. }
  175. /**
  176. * @param string $functionName the full session_* function name
  177. * @param array $parameters
  178. * @param bool $silence whether to suppress warnings
  179. * @throws \ErrorException via trapError
  180. * @return mixed
  181. */
  182. private function invoke(string $functionName, array $parameters = [], bool $silence = false) {
  183. try {
  184. if($silence) {
  185. return @call_user_func_array($functionName, $parameters);
  186. } else {
  187. return call_user_func_array($functionName, $parameters);
  188. }
  189. } catch(\Error $e) {
  190. $this->trapError($e->getCode(), $e->getMessage());
  191. }
  192. }
  193. }