Skip to content

Commit

Permalink
Merge pull request #33786 from nextcloud/backport/33772/stable23
Browse files Browse the repository at this point in the history
[stable23] Log if cookie login failed with token mismatch or session unavailability
  • Loading branch information
blizzz authored Sep 27, 2022
2 parents 187aeb6 + 2fbcc91 commit 67181d6
Showing 1 changed file with 8 additions and 0 deletions.
8 changes: 8 additions & 0 deletions lib/private/User/Session.php
Original file line number Diff line number Diff line change
Expand Up @@ -880,6 +880,10 @@ public function loginWithCookie($uid, $currentToken, $oldSessionId) {
$tokens = $this->config->getUserKeys($uid, 'login_token');
// test cookies token against stored tokens
if (!in_array($currentToken, $tokens, true)) {
$this->logger->error('Tried to log in {uid} but could not verify token', [
'app' => 'core',
'uid' => $uid,
]);
return false;
}
// replace successfully used token with a new one
Expand All @@ -891,6 +895,10 @@ public function loginWithCookie($uid, $currentToken, $oldSessionId) {
$sessionId = $this->session->getId();
$token = $this->tokenProvider->renewSessionToken($oldSessionId, $sessionId);
} catch (SessionNotAvailableException $ex) {
$this->logger->warning('Could not renew session token for {uid} because the session is unavailable', [
'app' => 'core',
'uid' => $uid,
]);
return false;
} catch (InvalidTokenException $ex) {
\OC::$server->getLogger()->warning('Renewing session token failed', ['app' => 'core']);
Expand Down

0 comments on commit 67181d6

Please sign in to comment.