|
|
|
@ -27,7 +27,6 @@ declare(strict_types=1);
|
|
|
|
*/
|
|
|
|
*/
|
|
|
|
namespace OC\Authentication\Token;
|
|
|
|
namespace OC\Authentication\Token;
|
|
|
|
|
|
|
|
|
|
|
|
use Doctrine\DBAL\Exception\UniqueConstraintViolationException;
|
|
|
|
|
|
|
|
use OC\Authentication\Exceptions\InvalidTokenException as OcInvalidTokenException;
|
|
|
|
use OC\Authentication\Exceptions\InvalidTokenException as OcInvalidTokenException;
|
|
|
|
use OC\Authentication\Exceptions\PasswordlessTokenException;
|
|
|
|
use OC\Authentication\Exceptions\PasswordlessTokenException;
|
|
|
|
use OCP\Authentication\Exceptions\ExpiredTokenException;
|
|
|
|
use OCP\Authentication\Exceptions\ExpiredTokenException;
|
|
|
|
@ -35,6 +34,7 @@ use OCP\Authentication\Exceptions\InvalidTokenException;
|
|
|
|
use OCP\Authentication\Exceptions\WipeTokenException;
|
|
|
|
use OCP\Authentication\Exceptions\WipeTokenException;
|
|
|
|
use OCP\Authentication\Token\IProvider as OCPIProvider;
|
|
|
|
use OCP\Authentication\Token\IProvider as OCPIProvider;
|
|
|
|
use OCP\Authentication\Token\IToken as OCPIToken;
|
|
|
|
use OCP\Authentication\Token\IToken as OCPIToken;
|
|
|
|
|
|
|
|
use OCP\DB\Exception;
|
|
|
|
|
|
|
|
|
|
|
|
class Manager implements IProvider, OCPIProvider {
|
|
|
|
class Manager implements IProvider, OCPIProvider {
|
|
|
|
/** @var PublicKeyTokenProvider */
|
|
|
|
/** @var PublicKeyTokenProvider */
|
|
|
|
@ -77,18 +77,22 @@ class Manager implements IProvider, OCPIProvider {
|
|
|
|
$type,
|
|
|
|
$type,
|
|
|
|
$remember
|
|
|
|
$remember
|
|
|
|
);
|
|
|
|
);
|
|
|
|
} catch (UniqueConstraintViolationException $e) {
|
|
|
|
} catch (Exception $e) {
|
|
|
|
// It's rare, but if two requests of the same session (e.g. env-based SAML)
|
|
|
|
if ($e->getReason() === Exception::REASON_UNIQUE_CONSTRAINT_VIOLATION) {
|
|
|
|
// try to create the session token they might end up here at the same time
|
|
|
|
// It's rare, but if two requests of the same session (e.g. env-based SAML)
|
|
|
|
// because we use the session ID as token and the db token is created anew
|
|
|
|
// try to create the session token they might end up here at the same time
|
|
|
|
// with every request.
|
|
|
|
// because we use the session ID as token and the db token is created anew
|
|
|
|
//
|
|
|
|
// with every request.
|
|
|
|
// If the UIDs match, then this should be fine.
|
|
|
|
//
|
|
|
|
$existing = $this->getToken($token);
|
|
|
|
// If the UIDs match, then this should be fine.
|
|
|
|
if ($existing->getUID() !== $uid) {
|
|
|
|
$existing = $this->getToken($token);
|
|
|
|
throw new \Exception('Token conflict handled, but UIDs do not match. This should not happen', 0, $e);
|
|
|
|
if ($existing->getUID() !== $uid) {
|
|
|
|
|
|
|
|
throw new \Exception('Token conflict handled, but UIDs do not match. This should not happen', 0, $e);
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
return $existing;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return $existing;
|
|
|
|
|
|
|
|
|
|
|
|
throw $e;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
Grigorii K. Shartsev
1 month ago