Merge pull request #1274 from nextcloud/enh/1272/session-deduplication

rework session deduplication
2025-12-20 06:26:57 +00:00 · 2022-10-27 12:33:01 +02:00 · 2022-10-27 12:33:01 +02:00 · 41507c05fa
commit 41507c05fa
parent 53044c8354 3118ecf385
7 changed files with 40 additions and 29 deletions
--- a/php/src/Auth/AuthManager.php
+++ b/php/src/Auth/AuthManager.php
@ -3,6 +3,8 @@
 namespace AIO\Auth;

 use AIO\Data\ConfigurationManager;
+use AIO\Data\DataConst;
+use \DateTime;

 class AuthManager {
    private const SESSION_KEY = 'aio_authenticated';
@ -21,6 +23,14 @@ class AuthManager {
    }

    public function SetAuthState(bool $isLoggedIn) : void {
+
+        if (!$this->IsAuthenticated() && $isLoggedIn === true) {
+            $date = new DateTime();
+            $dateTime = $date->getTimestamp();
+            $_SESSION['date_time'] = $dateTime;
+            file_put_contents(DataConst::GetSessionDateFile(), (string)$dateTime);
+        }
+
        $_SESSION[self::SESSION_KEY] = $isLoggedIn;
    }

--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@ -101,7 +101,7 @@ class DockerController
    public function StartBackupContainerRestore(Request $request, Response $response, $args) : Response {
        $config = $this->configurationManager->GetConfig();
        $config['backup-mode'] = 'restore';
-        $config['selected-restore-time'] = $request->getParsedBody()['selected_restore_time'];
+        $config['selected-restore-time'] = $request->getParsedBody()['selected_restore_time'] ?? '';
        $this->configurationManager->WriteConfig($config);

        $id = self::TOP_CONTAINER;
--- a/php/src/Controller/LoginController.php
+++ b/php/src/Controller/LoginController.php
@ -23,7 +23,7 @@ class LoginController
        if (!$this->dockerActionManager->isLoginAllowed()) {
            return $response->withHeader('Location', '/')->withStatus(302);
        }
-        $password = $request->getParsedBody()['password'];
+        $password = $request->getParsedBody()['password'] ?? '';
        if($this->authManager->CheckCredentials($password)) {
            $this->authManager->SetAuthState(true);
            return $response->withHeader('Location', '/')->withStatus(302);
@ -33,7 +33,7 @@ class LoginController
    }

    public function GetTryLogin(Request $request, Response $response, $args) : Response {
-        $token = $request->getQueryParams()['token'];
+        $token = $request->getQueryParams()['token'] ?? '';
        if($this->authManager->CheckToken($token)) {
            $this->authManager->SetAuthState(true);
            return $response->withHeader('Location', '/')->withStatus(302);
--- a/php/src/Data/DataConst.php
+++ b/php/src/Data/DataConst.php
@ -46,4 +46,8 @@ class DataConst {
    public static function GetBackupArchivesList() : string {
        return self::GetDataDirectory() . '/backup_archives.list';
    }
+
+    public static function GetSessionDateFile() : string {
+        return self::GetDataDirectory() . '/session_date_file';
+    }
 }
--- a/php/src/Middleware/AuthMiddleware.php
+++ b/php/src/Middleware/AuthMiddleware.php
@ -28,10 +28,10 @@ class AuthMiddleware

        if(!in_array($request->getUri()->getPath(), $publicRoutes)) {
            if(!$this->authManager->IsAuthenticated()) {
-                $response = new Response();
-                return $response
-                    ->withHeader('Location', '/')
-                    ->withStatus(302);
+                $status = 302;
+                $headers = ['Location' => '/'];
+                $response = new Response($status, $headers);
+                return $response;
            }
        }