Logout on account session errors

This commit is contained in:
djmaze 2021-12-14 15:48:39 +01:00
parent f30d0263ac
commit 67e2a971ea
2 changed files with 23 additions and 32 deletions

View file

@ -237,7 +237,11 @@ trait UserAuth
* Server side control/kickout of logged in sessions * Server side control/kickout of logged in sessions
* https://github.com/the-djmaze/snappymail/issues/151 * https://github.com/the-djmaze/snappymail/issues/151
*/ */
if (isset($_COOKIE[Utils::SESSION_TOKEN])) { if (!isset($_COOKIE[Utils::SESSION_TOKEN])) {
// \MailSo\Base\Http::StatusHeader(401);
$this->Logout(true);
throw new ClientException(Notifications::InvalidToken, null, 'Session undefined', true);
}
$oMainAuthAccount = MainAccount::NewInstanceFromTokenArray( $oMainAuthAccount = MainAccount::NewInstanceFromTokenArray(
$this, $this,
$aData, $aData,
@ -249,12 +253,9 @@ trait UserAuth
} else { } else {
$oMainAuthAccount && $this->StorageProvider()->Clear($oMainAuthAccount, StorageType::SESSION, $sToken); $oMainAuthAccount && $this->StorageProvider()->Clear($oMainAuthAccount, StorageType::SESSION, $sToken);
Utils::ClearCookie(Utils::SESSION_TOKEN); Utils::ClearCookie(Utils::SESSION_TOKEN);
$this->SetSpecLogoutCustomMgsWithDeletion('Session gone'); // \MailSo\Base\Http::StatusHeader(401);
$this->Logout(true);
}
} else {
$this->SetSpecLogoutCustomMgsWithDeletion('Session undefined');
$this->Logout(true); $this->Logout(true);
throw new ClientException(Notifications::AuthError, null, 'Session gone', true);
} }
} else { } else {
$oAccount = $this->GetAccountFromSignMeToken(); $oAccount = $this->GetAccountFromSignMeToken();
@ -263,13 +264,11 @@ trait UserAuth
} }
} }
if ($bThrowExceptionOnFalse && !$this->oMainAuthAccount) {
throw new ClientException(Notifications::AuthError);
}
if ($this->oMainAuthAccount) { if ($this->oMainAuthAccount) {
// Extend session cookie lifetime // Extend session cookie lifetime
$this->StorageProvider()->Put($this->oMainAuthAccount, StorageType::SESSION, Utils::GetSessionToken(), 'true'); $this->StorageProvider()->Put($this->oMainAuthAccount, StorageType::SESSION, Utils::GetSessionToken(), 'true');
} else if ($bThrowExceptionOnFalse) {
throw new ClientException(Notifications::AuthError);
} }
} }

View file

@ -406,10 +406,6 @@ class ServiceActions
{ {
$sRawError = 'False result'; $sRawError = 'False result';
} }
else
{
$sRawError = '';
}
} }
else else
{ {
@ -423,13 +419,9 @@ class ServiceActions
} }
catch (Exceptions\ClientException $oException) catch (Exceptions\ClientException $oException)
{ {
$sRawError = 'Exception as result'; $sRawError = Notifications::AuthError == $oException->getCode()
switch ($oException->getCode()) ? 'Authentication failed'
{ : 'Exception as result';
case Notifications::AuthError:
$sRawError = 'Authentication failed';
break;
}
} }
catch (\Throwable $oException) catch (\Throwable $oException)
{ {