Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Regenerate session for anonymous user after succesfully auth #38693

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
May 10, 2021
Merged

Regenerate session for anonymous user after succesfully auth #38693

merged 2 commits into from
May 10, 2021

Conversation

@AlexAndBear
Copy link

@AlexAndBear AlexAndBear commented May 5, 2021
edited
Loading

Description

Regenerate session after entering the password of a password protected public share for anonymous users

Related Issue

Screenshots (if appropriate):

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Database schema changes (next release will require increase of minor version instead of patch)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Technical debt
  • Tests only (no source changes)

Checklist:

  • Code changes
  • Unit tests added
  • Acceptance tests added
  • Documentation ticket raised:
  • Changelog item, see TEMPLATE

@AlexAndBear AlexAndBear requested a review from C0rby May 5, 2021 08:25
@AlexAndBear AlexAndBear force-pushed the issues/enterprise/4535 branch from 63c68a9 to 7bf7d99 Compare May 5, 2021 08:33
@owncloud owncloud deleted a comment from update-docs bot May 5, 2021
@AlexAndBear AlexAndBear marked this pull request as ready for review May 5, 2021 08:35
@sonarqubecloud
Copy link

sonarqubecloud bot commented May 5, 2021

Kudos, SonarCloud Quality Gate passed!

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

@AlexAndBear AlexAndBear requested a review from mrow4a May 5, 2021 14:10
mrow4a
mrow4a reviewed May 5, 2021
View reviewed changes
Copy link
Contributor

@mrow4a mrow4a left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what if I was in normal folder, and then accessed public link? would I need to authenticate again?

@AlexAndBear
Copy link
Author

AlexAndBear commented May 6, 2021

what if I was in normal folder, and then accessed public link? would I need to authenticate again?

No, we only reset the cookie/session for a non-authenticated user, if the cookie was injected before to the authenticated user via XSS, the potential attacker would already have access.

@AlexAndBear AlexAndBear requested review from jvillafanez and mrow4a May 6, 2021 12:58
C0rby
C0rby approved these changes May 10, 2021
View reviewed changes
Copy link
Contributor

@C0rby C0rby left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me! 👍

@AlexAndBear AlexAndBear merged commit eba8070 into master May 10, 2021
@delete-merged-branch delete-merged-branch bot deleted the issues/enterprise/4535 branch May 10, 2021 11:44
@jesmrec jesmrec mentioned this pull request Jul 19, 2021
Open
@micbar micbar mentioned this pull request Sep 16, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mrow4a mrow4a Awaiting requested review from mrow4a

@jvillafanez jvillafanez Awaiting requested review from jvillafanez

1 more reviewer

@C0rby C0rby C0rby approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@AlexAndBear AlexAndBear

@JammingBen JammingBen

Labels

3 - To Review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@AlexAndBear @C0rby @mrow4a @JammingBen