inject ISecureRandom into user session and use injected config too

Signed-off-by: Christoph Wurst <[email protected]>
nextcloud · Nov 2, 2016 · 6f86e46 · 6f86e46
1 parent d907666
commit 6f86e46
Show file tree

Hide file tree

Showing 3 changed files with 79 additions and 61 deletions.
diff --git a/lib/private/Server.php b/lib/private/Server.php
@@ -242,7 +242,7 @@ public function __construct($webRoot, \OC\Config $config) {
 				$defaultTokenProvider = null;
 			}
 
-			$userSession = new \OC\User\Session($manager, $session, $timeFactory, $defaultTokenProvider, $c->getConfig());
+			$userSession = new \OC\User\Session($manager, $session, $timeFactory, $defaultTokenProvider, $c->getConfig(), $c->getSecureRandom());
 			$userSession->listen('\OC\User', 'preCreateUser', function ($uid, $password) {
 				\OC_Hook::emit('OC_User', 'pre_createUser', array('run' => true, 'uid' => $uid, 'password' => $password));
 			});

diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php
@@ -48,6 +48,7 @@
 use OCP\IUser;
 use OCP\IUserManager;
 use OCP\IUserSession;
+use OCP\Security\ISecureRandom;
 use OCP\Session\Exceptions\SessionNotAvailableException;
 use OCP\Util;
 
@@ -89,23 +90,29 @@ class Session implements IUserSession, Emitter {
 	/** @var User $activeUser */
 	protected $activeUser;
 
+	/** @var ISecureRandom */
+	private $random;
+
 	/**
 	 * @param IUserManager $manager
 	 * @param ISession $session
 	 * @param ITimeFactory $timeFacory
 	 * @param IProvider $tokenProvider
 	 * @param IConfig $config
+	 * @param ISecureRandom $random
 	 */
 	public function __construct(IUserManager $manager,
 								ISession $session,
 								ITimeFactory $timeFacory,
 								$tokenProvider,
-								IConfig $config) {
+								IConfig $config,
+								ISecureRandom $random) {
 		$this->manager = $manager;
 		$this->session = $session;
 		$this->timeFacory = $timeFacory;
 		$this->tokenProvider = $tokenProvider;
 		$this->config = $config;
+		$this->random = $random;
 	}
 
 	/**
@@ -701,7 +708,7 @@ public function loginWithCookie($uid, $currentToken, $oldSessionId) {
 		}
 		// replace successfully used token with a new one
 		$this->config->deleteUserValue($uid, 'login_token', $currentToken);
-		$newToken = OC::$server->getSecureRandom()->generate(32);
+		$newToken = $this->random->generate(32);
 		$this->config->setUserValue($uid, 'login_token', $newToken, $this->timeFacory->getTime());
 
 		try {
@@ -726,8 +733,8 @@ public function loginWithCookie($uid, $currentToken, $oldSessionId) {
 	 * @param IUser $user
 	 */
 	public function createRememberMeToken(IUser $user) {
-		$token = OC::$server->getSecureRandom()->generate(32);
-		$this->config->setUserValue($user->getUID(), 'login_token', $token, time());
+		$token = $this->random->generate(32);
+		$this->config->setUserValue($user->getUID(), 'login_token', $token, $this->timeFacory->getTime());
 		$this->setMagicInCookie($user->getUID(), $token);
 	}
 
@@ -763,7 +770,7 @@ public function setMagicInCookie($username, $token) {
 			$webRoot = '/';
 		}
 
-		$expires = $this->timeFacory->getTime() + OC::$server->getConfig()->getSystemValue('remember_login_cookie_lifetime', 60 * 60 * 24 * 15);
+		$expires = $this->timeFacory->getTime() + $this->config->getSystemValue('remember_login_cookie_lifetime', 60 * 60 * 24 * 15);
 		setcookie('nc_username', $username, $expires, $webRoot, '', $secureCookie, true);
 		setcookie('nc_token', $token, $expires, $webRoot, '', $secureCookie, true);
 		try {
@@ -783,14 +790,14 @@ public function unsetMagicInCookie() {
 		unset($_COOKIE['nc_username']); //TODO: DI
 		unset($_COOKIE['nc_token']);
 		unset($_COOKIE['nc_session_id']);
-		setcookie('nc_username', '', time() - 3600, OC::$WEBROOT, '', $secureCookie, true);
-		setcookie('nc_token', '', time() - 3600, OC::$WEBROOT, '', $secureCookie, true);
-		setcookie('nc_session_id', '', time() - 3600, OC::$WEBROOT, '', $secureCookie, true);
+		setcookie('nc_username', '', $this->timeFacory->getTime() - 3600, OC::$WEBROOT, '', $secureCookie, true);
+		setcookie('nc_token', '', $this->timeFacory->getTime() - 3600, OC::$WEBROOT, '', $secureCookie, true);
+		setcookie('nc_session_id', '', $this->timeFacory->getTime() - 3600, OC::$WEBROOT, '', $secureCookie, true);
 		// old cookies might be stored under /webroot/ instead of /webroot
 		// and Firefox doesn't like it!
-		setcookie('nc_username', '', time() - 3600, OC::$WEBROOT . '/', '', $secureCookie, true);
-		setcookie('nc_token', '', time() - 3600, OC::$WEBROOT . '/', '', $secureCookie, true);
-		setcookie('nc_session_id', '', time() - 3600, OC::$WEBROOT . '/', '', $secureCookie, true);
+		setcookie('nc_username', '', $this->timeFacory->getTime() - 3600, OC::$WEBROOT . '/', '', $secureCookie, true);
+		setcookie('nc_token', '', $this->timeFacory->getTime() - 3600, OC::$WEBROOT . '/', '', $secureCookie, true);
+		setcookie('nc_session_id', '', $this->timeFacory->getTime() - 3600, OC::$WEBROOT . '/', '', $secureCookie, true);
 	}
 
 	/**