-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adds command to list user sessions #24675
Conversation
By analyzing the blame information on this pull request, we identified @ChristophWurst, @nickvergessen and @schiesbn to be potential reviewers |
* @param string $uid | ||
* @return DefaultToken[] | ||
*/ | ||
public function getTokenByUser($uid) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm open for naming suggestions :)
Note that currently multiple |
* @return IToken[] | ||
* @since 9.1 | ||
*/ | ||
public function getTokenByUser($uid); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How about passing an IUser
object for greater flexibility?
Since on master we're querying multiple providers, while this PR assumes there is only one, #24677 is required for this PR to work correctly. |
How about also showing the token type (browser/client)? |
@@ -127,6 +127,7 @@ | |||
$application->add(new OC\Core\Command\User\LastSeen(\OC::$server->getUserManager())); | |||
$application->add(new OC\Core\Command\User\Report(\OC::$server->getUserManager())); | |||
$application->add(new OC\Core\Command\User\ResetPassword(\OC::$server->getUserManager())); | |||
$application->add(new OC\Core\Command\User\Sessions(\OC::$server->query('OC\Authentication\Token\DefaultTokenProvider'))); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd prefer to query the interface here, so we can easily swap the implementation.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Add a get method to the server container, querying an interface is a good base idea, but not the final solution.
Basically query() should be used internally only.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Add a get method to the server container, querying an interface is a good base idea, but not the final solution.
Basically query() should be used internally only.
It is the interim solution until the auto injection also works in core ;)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I added the server method in my PR: https://github.com/owncloud/core/pull/24703/files#diff-0a830b0354b26e84f08f705b5356a05bR842
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well the problem is, with the class name being used it can not be replaced. It should use the interface and the interface should be a service using a factory, to allow "swapping" with a different provider.
Basically something like https://github.com/owncloud/core/blob/master/lib/private/Server.php#L160-L172 but with the public interface as service name for the auto-injection
Why if I start a session from a iOS oC app, the command shows two active sessions of a user? |
@davitol that might be a bug. We had to add a little hack that creates session tokens for DAV clients, which can cause multiple session tokens being created if the client does not use cookies. |
1c1e1f6
to
3dfc75d
Compare
@@ -223,6 +223,7 @@ public function __construct($webRoot, \OC\Config $config) { | |||
$timeFactory = new TimeFactory(); | |||
return new \OC\Authentication\Token\DefaultTokenProvider($mapper, $crypto, $config, $logger, $timeFactory); | |||
}); | |||
$this->registerAlias('OC\Authentication\Token\IProvider', 'OC\Authentication\Token\DefaultTokenProvider'); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@nickvergessen This is the interface thingy you requested - cc @ChristophWurst
3dfc75d
to
904d50c
Compare
I rebased this on top of #24686 - this now uses the proposed methods from @ChristophWurst PR :) @nickvergessen @ChristophWurst Please re-review |
This is the stuff, that is added here: 904d50c |
👍 very nice |
$user = $this->userManager->get($uid); | ||
if(is_null($user)) { | ||
$output->writeln('<error>User "' . $uid . '" does not exist</error>'); | ||
return; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Error means return != 0
? 😉
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
please rebase |
@ChristophWurst Feel free to take over |
We're past feature freeze, moving to 9.2. CC @cmonteroluque @MTRichards |
nod |
Is this hack still necessary respectively can that be fixed that a DAV client produces only one session entry? Reason: querying table authtoken for statistical or access purposes via occ user command (see also referenced issue #25708) |
AFAIK that is more or less impossible. Clients can be stateless, hence there's nothing that identifies/groups a set of related requests. |
* extends public interface IToken to expose name and lastActivity * extends public interface Provider to expose tokens by user * add command to list sessions per user
5a0f1a7
to
5d5d017
Compare
@PhilippSchaffrath FYI |
@pmaier1 not sure if you have a concept in regards to session / token management completeness. I think the purpose was for an admin to be able to list all user sessions (or search by a user) and then be able to terminate such sessions with another OCC command. Moving to backlog until we can find time to finalize this |
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
extends public interface Provider to expose tokens by usersee add method to query all user auth tokens #24686cc @LukasReschke @PVince81 @DeepDiver1975 @ChristophWurst @nickvergessen