1
0

CryptoSessionData.php 5.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213
  1. <?php
  2. declare(strict_types=1);
  3. /**
  4. * @copyright Copyright (c) 2016, ownCloud, Inc.
  5. *
  6. * @author Christoph Wurst <christoph@owncloud.com>
  7. * @author Joas Schilling <coding@schilljs.com>
  8. * @author Lukas Reschke <lukas@statuscode.ch>
  9. * @author Roeland Jago Douma <roeland@famdouma.nl>
  10. * @author Victor Dubiniuk <dubiniuk@owncloud.com>
  11. *
  12. * @license AGPL-3.0
  13. *
  14. * This code is free software: you can redistribute it and/or modify
  15. * it under the terms of the GNU Affero General Public License, version 3,
  16. * as published by the Free Software Foundation.
  17. *
  18. * This program is distributed in the hope that it will be useful,
  19. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  20. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  21. * GNU Affero General Public License for more details.
  22. *
  23. * You should have received a copy of the GNU Affero General Public License, version 3,
  24. * along with this program. If not, see <http://www.gnu.org/licenses/>
  25. *
  26. */
  27. namespace OC\Session;
  28. use OCP\ISession;
  29. use OCP\Security\ICrypto;
  30. use OCP\Session\Exceptions\SessionNotAvailableException;
  31. /**
  32. * Class CryptoSessionData
  33. *
  34. * @package OC\Session
  35. */
  36. class CryptoSessionData implements \ArrayAccess, ISession {
  37. /** @var ISession */
  38. protected $session;
  39. /** @var \OCP\Security\ICrypto */
  40. protected $crypto;
  41. /** @var string */
  42. protected $passphrase;
  43. /** @var array */
  44. protected $sessionValues;
  45. /** @var bool */
  46. protected $isModified = false;
  47. CONST encryptedSessionName = 'encrypted_session_data';
  48. /**
  49. * @param ISession $session
  50. * @param ICrypto $crypto
  51. * @param string $passphrase
  52. */
  53. public function __construct(ISession $session,
  54. ICrypto $crypto,
  55. string $passphrase) {
  56. $this->crypto = $crypto;
  57. $this->session = $session;
  58. $this->passphrase = $passphrase;
  59. $this->initializeSession();
  60. }
  61. /**
  62. * Close session if class gets destructed
  63. */
  64. public function __destruct() {
  65. try {
  66. $this->close();
  67. } catch (SessionNotAvailableException $e){
  68. // This exception can occur if session is already closed
  69. // So it is safe to ignore it and let the garbage collector to proceed
  70. }
  71. }
  72. protected function initializeSession() {
  73. $encryptedSessionData = $this->session->get(self::encryptedSessionName) ?: '';
  74. try {
  75. $this->sessionValues = json_decode(
  76. $this->crypto->decrypt($encryptedSessionData, $this->passphrase),
  77. true
  78. );
  79. } catch (\Exception $e) {
  80. $this->sessionValues = [];
  81. }
  82. }
  83. /**
  84. * Set a value in the session
  85. *
  86. * @param string $key
  87. * @param mixed $value
  88. */
  89. public function set(string $key, $value) {
  90. $this->sessionValues[$key] = $value;
  91. $this->isModified = true;
  92. }
  93. /**
  94. * Get a value from the session
  95. *
  96. * @param string $key
  97. * @return string|null Either the value or null
  98. */
  99. public function get(string $key) {
  100. if(isset($this->sessionValues[$key])) {
  101. return $this->sessionValues[$key];
  102. }
  103. return null;
  104. }
  105. /**
  106. * Check if a named key exists in the session
  107. *
  108. * @param string $key
  109. * @return bool
  110. */
  111. public function exists(string $key): bool {
  112. return isset($this->sessionValues[$key]);
  113. }
  114. /**
  115. * Remove a $key/$value pair from the session
  116. *
  117. * @param string $key
  118. */
  119. public function remove(string $key) {
  120. $this->isModified = true;
  121. unset($this->sessionValues[$key]);
  122. $this->session->remove(self::encryptedSessionName);
  123. }
  124. /**
  125. * Reset and recreate the session
  126. */
  127. public function clear() {
  128. $requesttoken = $this->get('requesttoken');
  129. $this->sessionValues = [];
  130. if ($requesttoken !== null) {
  131. $this->set('requesttoken', $requesttoken);
  132. }
  133. $this->isModified = true;
  134. $this->session->clear();
  135. }
  136. /**
  137. * Wrapper around session_regenerate_id
  138. *
  139. * @param bool $deleteOldSession Whether to delete the old associated session file or not.
  140. * @param bool $updateToken Wheater to update the associated auth token
  141. * @return void
  142. */
  143. public function regenerateId(bool $deleteOldSession = true, bool $updateToken = false) {
  144. $this->session->regenerateId($deleteOldSession, $updateToken);
  145. }
  146. /**
  147. * Wrapper around session_id
  148. *
  149. * @return string
  150. * @throws SessionNotAvailableException
  151. * @since 9.1.0
  152. */
  153. public function getId(): string {
  154. return $this->session->getId();
  155. }
  156. /**
  157. * Close the session and release the lock, also writes all changed data in batch
  158. */
  159. public function close() {
  160. if($this->isModified) {
  161. $encryptedValue = $this->crypto->encrypt(json_encode($this->sessionValues), $this->passphrase);
  162. $this->session->set(self::encryptedSessionName, $encryptedValue);
  163. $this->isModified = false;
  164. }
  165. $this->session->close();
  166. }
  167. /**
  168. * @param mixed $offset
  169. * @return bool
  170. */
  171. public function offsetExists($offset): bool {
  172. return $this->exists($offset);
  173. }
  174. /**
  175. * @param mixed $offset
  176. * @return mixed
  177. */
  178. public function offsetGet($offset) {
  179. return $this->get($offset);
  180. }
  181. /**
  182. * @param mixed $offset
  183. * @param mixed $value
  184. */
  185. public function offsetSet($offset, $value) {
  186. $this->set($offset, $value);
  187. }
  188. /**
  189. * @param mixed $offset
  190. */
  191. public function offsetUnset($offset) {
  192. $this->remove($offset);
  193. }
  194. }