@@ -36,83 +36,83 @@ discard block |
||
36 | 36 | |
37 | 37 | $application = new Application(); |
38 | 38 | $application->registerRoutes($this, [ |
39 | - 'routes' => [ |
|
40 | - ['name' => 'lost#email', 'url' => '/lostpassword/email', 'verb' => 'POST'], |
|
41 | - ['name' => 'lost#resetform', 'url' => '/lostpassword/reset/form/{token}/{userId}', 'verb' => 'GET'], |
|
42 | - ['name' => 'lost#setPassword', 'url' => '/lostpassword/set/{token}/{userId}', 'verb' => 'POST'], |
|
43 | - ['name' => 'user#getDisplayNames', 'url' => '/displaynames', 'verb' => 'POST'], |
|
44 | - ['name' => 'avatar#getAvatar', 'url' => '/avatar/{userId}/{size}', 'verb' => 'GET'], |
|
45 | - ['name' => 'avatar#deleteAvatar', 'url' => '/avatar/', 'verb' => 'DELETE'], |
|
46 | - ['name' => 'avatar#postCroppedAvatar', 'url' => '/avatar/cropped', 'verb' => 'POST'], |
|
47 | - ['name' => 'avatar#getTmpAvatar', 'url' => '/avatar/tmp', 'verb' => 'GET'], |
|
48 | - ['name' => 'avatar#postAvatar', 'url' => '/avatar/', 'verb' => 'POST'], |
|
49 | - ['name' => 'GuestAvatar#getAvatar', 'url' => '/avatar/guest/{guestName}/{size}', 'verb' => 'GET'], |
|
50 | - ['name' => 'CSRFToken#index', 'url' => '/csrftoken', 'verb' => 'GET'], |
|
51 | - ['name' => 'login#tryLogin', 'url' => '/login', 'verb' => 'POST'], |
|
52 | - ['name' => 'login#confirmPassword', 'url' => '/login/confirm', 'verb' => 'POST'], |
|
53 | - ['name' => 'login#showLoginForm', 'url' => '/login', 'verb' => 'GET'], |
|
54 | - ['name' => 'login#logout', 'url' => '/logout', 'verb' => 'GET'], |
|
55 | - // Original login flow used by all clients |
|
56 | - ['name' => 'ClientFlowLogin#showAuthPickerPage', 'url' => '/login/flow', 'verb' => 'GET'], |
|
57 | - ['name' => 'ClientFlowLogin#generateAppPassword', 'url' => '/login/flow', 'verb' => 'POST'], |
|
58 | - ['name' => 'ClientFlowLogin#grantPage', 'url' => '/login/flow/grant', 'verb' => 'GET'], |
|
59 | - ['name' => 'ClientFlowLogin#apptokenRedirect', 'url' => '/login/flow/apptoken', 'verb' => 'POST'], |
|
60 | - // NG login flow used by desktop client in case of Kerberos/fancy 2fa (smart cards for example) |
|
61 | - ['name' => 'ClientFlowLoginV2#poll', 'url' => '/login/v2/poll', 'verb' => 'POST'], |
|
62 | - ['name' => 'ClientFlowLoginV2#showAuthPickerPage', 'url' => '/login/v2/flow', 'verb' => 'GET'], |
|
63 | - ['name' => 'ClientFlowLoginV2#landing', 'url' => '/login/v2/flow/{token}', 'verb' => 'GET'], |
|
64 | - ['name' => 'ClientFlowLoginV2#grantPage', 'url' => '/login/v2/grant', 'verb' => 'GET'], |
|
65 | - ['name' => 'ClientFlowLoginV2#generateAppPassword', 'url' => '/login/v2/grant', 'verb' => 'POST'], |
|
66 | - ['name' => 'ClientFlowLoginV2#init', 'url' => '/login/v2', 'verb' => 'POST'], |
|
67 | - ['name' => 'TwoFactorChallenge#selectChallenge', 'url' => '/login/selectchallenge', 'verb' => 'GET'], |
|
68 | - ['name' => 'TwoFactorChallenge#showChallenge', 'url' => '/login/challenge/{challengeProviderId}', 'verb' => 'GET'], |
|
69 | - ['name' => 'TwoFactorChallenge#solveChallenge', 'url' => '/login/challenge/{challengeProviderId}', 'verb' => 'POST'], |
|
70 | - ['name' => 'OCJS#getConfig', 'url' => '/core/js/oc.js', 'verb' => 'GET'], |
|
71 | - ['name' => 'Preview#getPreviewByFileId', 'url' => '/core/preview', 'verb' => 'GET'], |
|
72 | - ['name' => 'Preview#getPreview', 'url' => '/core/preview.png', 'verb' => 'GET'], |
|
73 | - ['name' => 'Svg#getSvgFromCore', 'url' => '/svg/core/{folder}/{fileName}', 'verb' => 'GET'], |
|
74 | - ['name' => 'Svg#getSvgFromApp', 'url' => '/svg/{app}/{fileName}', 'verb' => 'GET'], |
|
75 | - ['name' => 'Css#getCss', 'url' => '/css/{appName}/{fileName}', 'verb' => 'GET'], |
|
76 | - ['name' => 'Js#getJs', 'url' => '/js/{appName}/{fileName}', 'verb' => 'GET'], |
|
77 | - ['name' => 'contactsMenu#index', 'url' => '/contactsmenu/contacts', 'verb' => 'POST'], |
|
78 | - ['name' => 'contactsMenu#findOne', 'url' => '/contactsmenu/findOne', 'verb' => 'POST'], |
|
79 | - ['name' => 'WalledGarden#get', 'url' => '/204', 'verb' => 'GET'], |
|
80 | - ['name' => 'Search#search', 'url' => '/core/search', 'verb' => 'GET'], |
|
39 | + 'routes' => [ |
|
40 | + ['name' => 'lost#email', 'url' => '/lostpassword/email', 'verb' => 'POST'], |
|
41 | + ['name' => 'lost#resetform', 'url' => '/lostpassword/reset/form/{token}/{userId}', 'verb' => 'GET'], |
|
42 | + ['name' => 'lost#setPassword', 'url' => '/lostpassword/set/{token}/{userId}', 'verb' => 'POST'], |
|
43 | + ['name' => 'user#getDisplayNames', 'url' => '/displaynames', 'verb' => 'POST'], |
|
44 | + ['name' => 'avatar#getAvatar', 'url' => '/avatar/{userId}/{size}', 'verb' => 'GET'], |
|
45 | + ['name' => 'avatar#deleteAvatar', 'url' => '/avatar/', 'verb' => 'DELETE'], |
|
46 | + ['name' => 'avatar#postCroppedAvatar', 'url' => '/avatar/cropped', 'verb' => 'POST'], |
|
47 | + ['name' => 'avatar#getTmpAvatar', 'url' => '/avatar/tmp', 'verb' => 'GET'], |
|
48 | + ['name' => 'avatar#postAvatar', 'url' => '/avatar/', 'verb' => 'POST'], |
|
49 | + ['name' => 'GuestAvatar#getAvatar', 'url' => '/avatar/guest/{guestName}/{size}', 'verb' => 'GET'], |
|
50 | + ['name' => 'CSRFToken#index', 'url' => '/csrftoken', 'verb' => 'GET'], |
|
51 | + ['name' => 'login#tryLogin', 'url' => '/login', 'verb' => 'POST'], |
|
52 | + ['name' => 'login#confirmPassword', 'url' => '/login/confirm', 'verb' => 'POST'], |
|
53 | + ['name' => 'login#showLoginForm', 'url' => '/login', 'verb' => 'GET'], |
|
54 | + ['name' => 'login#logout', 'url' => '/logout', 'verb' => 'GET'], |
|
55 | + // Original login flow used by all clients |
|
56 | + ['name' => 'ClientFlowLogin#showAuthPickerPage', 'url' => '/login/flow', 'verb' => 'GET'], |
|
57 | + ['name' => 'ClientFlowLogin#generateAppPassword', 'url' => '/login/flow', 'verb' => 'POST'], |
|
58 | + ['name' => 'ClientFlowLogin#grantPage', 'url' => '/login/flow/grant', 'verb' => 'GET'], |
|
59 | + ['name' => 'ClientFlowLogin#apptokenRedirect', 'url' => '/login/flow/apptoken', 'verb' => 'POST'], |
|
60 | + // NG login flow used by desktop client in case of Kerberos/fancy 2fa (smart cards for example) |
|
61 | + ['name' => 'ClientFlowLoginV2#poll', 'url' => '/login/v2/poll', 'verb' => 'POST'], |
|
62 | + ['name' => 'ClientFlowLoginV2#showAuthPickerPage', 'url' => '/login/v2/flow', 'verb' => 'GET'], |
|
63 | + ['name' => 'ClientFlowLoginV2#landing', 'url' => '/login/v2/flow/{token}', 'verb' => 'GET'], |
|
64 | + ['name' => 'ClientFlowLoginV2#grantPage', 'url' => '/login/v2/grant', 'verb' => 'GET'], |
|
65 | + ['name' => 'ClientFlowLoginV2#generateAppPassword', 'url' => '/login/v2/grant', 'verb' => 'POST'], |
|
66 | + ['name' => 'ClientFlowLoginV2#init', 'url' => '/login/v2', 'verb' => 'POST'], |
|
67 | + ['name' => 'TwoFactorChallenge#selectChallenge', 'url' => '/login/selectchallenge', 'verb' => 'GET'], |
|
68 | + ['name' => 'TwoFactorChallenge#showChallenge', 'url' => '/login/challenge/{challengeProviderId}', 'verb' => 'GET'], |
|
69 | + ['name' => 'TwoFactorChallenge#solveChallenge', 'url' => '/login/challenge/{challengeProviderId}', 'verb' => 'POST'], |
|
70 | + ['name' => 'OCJS#getConfig', 'url' => '/core/js/oc.js', 'verb' => 'GET'], |
|
71 | + ['name' => 'Preview#getPreviewByFileId', 'url' => '/core/preview', 'verb' => 'GET'], |
|
72 | + ['name' => 'Preview#getPreview', 'url' => '/core/preview.png', 'verb' => 'GET'], |
|
73 | + ['name' => 'Svg#getSvgFromCore', 'url' => '/svg/core/{folder}/{fileName}', 'verb' => 'GET'], |
|
74 | + ['name' => 'Svg#getSvgFromApp', 'url' => '/svg/{app}/{fileName}', 'verb' => 'GET'], |
|
75 | + ['name' => 'Css#getCss', 'url' => '/css/{appName}/{fileName}', 'verb' => 'GET'], |
|
76 | + ['name' => 'Js#getJs', 'url' => '/js/{appName}/{fileName}', 'verb' => 'GET'], |
|
77 | + ['name' => 'contactsMenu#index', 'url' => '/contactsmenu/contacts', 'verb' => 'POST'], |
|
78 | + ['name' => 'contactsMenu#findOne', 'url' => '/contactsmenu/findOne', 'verb' => 'POST'], |
|
79 | + ['name' => 'WalledGarden#get', 'url' => '/204', 'verb' => 'GET'], |
|
80 | + ['name' => 'Search#search', 'url' => '/core/search', 'verb' => 'GET'], |
|
81 | 81 | |
82 | - // Legacy routes that need to be globally available while they are handled by an app |
|
83 | - ['name' => 'viewcontroller#showFile', 'url' => '/f/{fileid}', 'verb' => 'GET', 'app' => 'files'], |
|
84 | - ['name' => 'sharecontroller#showShare', 'url' => '/s/{token}', 'verb' => 'GET', 'app' => 'files_sharing'], |
|
85 | - ['name' => 'sharecontroller#showAuthenticate', 'url' => '/s/{token}/authenticate/{redirect}', 'verb' => 'GET', 'app' => 'files_sharing'], |
|
86 | - ['name' => 'sharecontroller#authenticate', 'url' => '/s/{token}/authenticate/{redirect}', 'verb' => 'POST', 'app' => 'files_sharing'], |
|
87 | - ['name' => 'sharecontroller#downloadShare', 'url' => '/s/{token}/download', 'verb' => 'GET', 'app' => 'files_sharing'], |
|
88 | - ['name' => 'publicpreview#directLink', 'url' => '/s/{token}/preview', 'verb' => 'GET', 'app' => 'files_sharing'], |
|
89 | - ['name' => 'requesthandlercontroller#addShare', 'url' => '/ocm/shares', 'verb' => 'POST', 'app' => 'cloud_federation_api'], |
|
90 | - ['name' => 'requesthandlercontroller#receiveNotification', 'url' => '/ocm/notifications', 'verb' => 'POST', 'app' => 'cloud_federation_api'], |
|
91 | - ['name' => 'pagecontroller#showCall', 'url' => '/call/{token}', 'verb' => 'GET', 'app' => 'spreed'], |
|
92 | - ['name' => 'pagecontroller#authenticatePassword', 'url' => '/call/{token}', 'verb' => 'POST', 'app' => 'spreed'], |
|
93 | - ], |
|
94 | - 'ocs' => [ |
|
95 | - ['root' => '/cloud', 'name' => 'OCS#getCapabilities', 'url' => '/capabilities', 'verb' => 'GET'], |
|
96 | - ['root' => '', 'name' => 'OCS#getConfig', 'url' => '/config', 'verb' => 'GET'], |
|
97 | - ['root' => '/person', 'name' => 'OCS#personCheck', 'url' => '/check', 'verb' => 'POST'], |
|
98 | - ['root' => '/identityproof', 'name' => 'OCS#getIdentityProof', 'url' => '/key/{cloudId}', 'verb' => 'GET'], |
|
99 | - ['root' => '/core', 'name' => 'Navigation#getAppsNavigation', 'url' => '/navigation/apps', 'verb' => 'GET'], |
|
100 | - ['root' => '/core', 'name' => 'Navigation#getSettingsNavigation', 'url' => '/navigation/settings', 'verb' => 'GET'], |
|
101 | - ['root' => '/core', 'name' => 'AutoComplete#get', 'url' => '/autocomplete/get', 'verb' => 'GET'], |
|
102 | - ['root' => '/core', 'name' => 'WhatsNew#get', 'url' => '/whatsnew', 'verb' => 'GET'], |
|
103 | - ['root' => '/core', 'name' => 'WhatsNew#dismiss', 'url' => '/whatsnew', 'verb' => 'POST'], |
|
104 | - ['root' => '/core', 'name' => 'AppPassword#getAppPassword', 'url' => '/getapppassword', 'verb' => 'GET'], |
|
105 | - ['root' => '/core', 'name' => 'AppPassword#deleteAppPassword', 'url' => '/apppassword', 'verb' => 'DELETE'], |
|
82 | + // Legacy routes that need to be globally available while they are handled by an app |
|
83 | + ['name' => 'viewcontroller#showFile', 'url' => '/f/{fileid}', 'verb' => 'GET', 'app' => 'files'], |
|
84 | + ['name' => 'sharecontroller#showShare', 'url' => '/s/{token}', 'verb' => 'GET', 'app' => 'files_sharing'], |
|
85 | + ['name' => 'sharecontroller#showAuthenticate', 'url' => '/s/{token}/authenticate/{redirect}', 'verb' => 'GET', 'app' => 'files_sharing'], |
|
86 | + ['name' => 'sharecontroller#authenticate', 'url' => '/s/{token}/authenticate/{redirect}', 'verb' => 'POST', 'app' => 'files_sharing'], |
|
87 | + ['name' => 'sharecontroller#downloadShare', 'url' => '/s/{token}/download', 'verb' => 'GET', 'app' => 'files_sharing'], |
|
88 | + ['name' => 'publicpreview#directLink', 'url' => '/s/{token}/preview', 'verb' => 'GET', 'app' => 'files_sharing'], |
|
89 | + ['name' => 'requesthandlercontroller#addShare', 'url' => '/ocm/shares', 'verb' => 'POST', 'app' => 'cloud_federation_api'], |
|
90 | + ['name' => 'requesthandlercontroller#receiveNotification', 'url' => '/ocm/notifications', 'verb' => 'POST', 'app' => 'cloud_federation_api'], |
|
91 | + ['name' => 'pagecontroller#showCall', 'url' => '/call/{token}', 'verb' => 'GET', 'app' => 'spreed'], |
|
92 | + ['name' => 'pagecontroller#authenticatePassword', 'url' => '/call/{token}', 'verb' => 'POST', 'app' => 'spreed'], |
|
93 | + ], |
|
94 | + 'ocs' => [ |
|
95 | + ['root' => '/cloud', 'name' => 'OCS#getCapabilities', 'url' => '/capabilities', 'verb' => 'GET'], |
|
96 | + ['root' => '', 'name' => 'OCS#getConfig', 'url' => '/config', 'verb' => 'GET'], |
|
97 | + ['root' => '/person', 'name' => 'OCS#personCheck', 'url' => '/check', 'verb' => 'POST'], |
|
98 | + ['root' => '/identityproof', 'name' => 'OCS#getIdentityProof', 'url' => '/key/{cloudId}', 'verb' => 'GET'], |
|
99 | + ['root' => '/core', 'name' => 'Navigation#getAppsNavigation', 'url' => '/navigation/apps', 'verb' => 'GET'], |
|
100 | + ['root' => '/core', 'name' => 'Navigation#getSettingsNavigation', 'url' => '/navigation/settings', 'verb' => 'GET'], |
|
101 | + ['root' => '/core', 'name' => 'AutoComplete#get', 'url' => '/autocomplete/get', 'verb' => 'GET'], |
|
102 | + ['root' => '/core', 'name' => 'WhatsNew#get', 'url' => '/whatsnew', 'verb' => 'GET'], |
|
103 | + ['root' => '/core', 'name' => 'WhatsNew#dismiss', 'url' => '/whatsnew', 'verb' => 'POST'], |
|
104 | + ['root' => '/core', 'name' => 'AppPassword#getAppPassword', 'url' => '/getapppassword', 'verb' => 'GET'], |
|
105 | + ['root' => '/core', 'name' => 'AppPassword#deleteAppPassword', 'url' => '/apppassword', 'verb' => 'DELETE'], |
|
106 | 106 | |
107 | - ['root' => '/collaboration', 'name' => 'CollaborationResources#searchCollections', 'url' => '/resources/collections/search/{filter}', 'verb' => 'GET'], |
|
108 | - ['root' => '/collaboration', 'name' => 'CollaborationResources#listCollection', 'url' => '/resources/collections/{collectionId}', 'verb' => 'GET'], |
|
109 | - ['root' => '/collaboration', 'name' => 'CollaborationResources#renameCollection', 'url' => '/resources/collections/{collectionId}', 'verb' => 'PUT'], |
|
110 | - ['root' => '/collaboration', 'name' => 'CollaborationResources#addResource', 'url' => '/resources/collections/{collectionId}', 'verb' => 'POST'], |
|
107 | + ['root' => '/collaboration', 'name' => 'CollaborationResources#searchCollections', 'url' => '/resources/collections/search/{filter}', 'verb' => 'GET'], |
|
108 | + ['root' => '/collaboration', 'name' => 'CollaborationResources#listCollection', 'url' => '/resources/collections/{collectionId}', 'verb' => 'GET'], |
|
109 | + ['root' => '/collaboration', 'name' => 'CollaborationResources#renameCollection', 'url' => '/resources/collections/{collectionId}', 'verb' => 'PUT'], |
|
110 | + ['root' => '/collaboration', 'name' => 'CollaborationResources#addResource', 'url' => '/resources/collections/{collectionId}', 'verb' => 'POST'], |
|
111 | 111 | |
112 | - ['root' => '/collaboration', 'name' => 'CollaborationResources#removeResource', 'url' => '/resources/collections/{collectionId}', 'verb' => 'DELETE'], |
|
113 | - ['root' => '/collaboration', 'name' => 'CollaborationResources#getCollectionsByResource', 'url' => '/resources/{resourceType}/{resourceId}', 'verb' => 'GET'], |
|
114 | - ['root' => '/collaboration', 'name' => 'CollaborationResources#createCollectionOnResource', 'url' => '/resources/{baseResourceType}/{baseResourceId}', 'verb' => 'POST'], |
|
115 | - ], |
|
112 | + ['root' => '/collaboration', 'name' => 'CollaborationResources#removeResource', 'url' => '/resources/collections/{collectionId}', 'verb' => 'DELETE'], |
|
113 | + ['root' => '/collaboration', 'name' => 'CollaborationResources#getCollectionsByResource', 'url' => '/resources/{resourceType}/{resourceId}', 'verb' => 'GET'], |
|
114 | + ['root' => '/collaboration', 'name' => 'CollaborationResources#createCollectionOnResource', 'url' => '/resources/{baseResourceType}/{baseResourceId}', 'verb' => 'POST'], |
|
115 | + ], |
|
116 | 116 | ]); |
117 | 117 | |
118 | 118 | // Post installation check |
@@ -121,4 +121,4 @@ discard block |
||
121 | 121 | // Core ajax actions |
122 | 122 | // Routing |
123 | 123 | $this->create('core_ajax_update', '/core/ajax/update.php') |
124 | - ->actionInclude('core/ajax/update.php'); |
|
124 | + ->actionInclude('core/ajax/update.php'); |
@@ -40,102 +40,102 @@ |
||
40 | 40 | |
41 | 41 | class AppPasswordController extends \OCP\AppFramework\OCSController { |
42 | 42 | |
43 | - /** @var ISession */ |
|
44 | - private $session; |
|
45 | - |
|
46 | - /** @var ISecureRandom */ |
|
47 | - private $random; |
|
48 | - |
|
49 | - /** @var IProvider */ |
|
50 | - private $tokenProvider; |
|
51 | - |
|
52 | - /** @var IStore */ |
|
53 | - private $credentialStore; |
|
54 | - |
|
55 | - /** @var EventDispatcherInterface */ |
|
56 | - private $eventDispatcher; |
|
57 | - |
|
58 | - public function __construct(string $appName, |
|
59 | - IRequest $request, |
|
60 | - ISession $session, |
|
61 | - ISecureRandom $random, |
|
62 | - IProvider $tokenProvider, |
|
63 | - IStore $credentialStore, |
|
64 | - EventDispatcherInterface $eventDispatcher) { |
|
65 | - parent::__construct($appName, $request); |
|
66 | - |
|
67 | - $this->session = $session; |
|
68 | - $this->random = $random; |
|
69 | - $this->tokenProvider = $tokenProvider; |
|
70 | - $this->credentialStore = $credentialStore; |
|
71 | - $this->eventDispatcher = $eventDispatcher; |
|
72 | - } |
|
73 | - |
|
74 | - /** |
|
75 | - * @NoAdminRequired |
|
76 | - * |
|
77 | - * @return DataResponse |
|
78 | - * @throws OCSForbiddenException |
|
79 | - */ |
|
80 | - public function getAppPassword(): DataResponse { |
|
81 | - // We do not allow the creation of new tokens if this is an app password |
|
82 | - if ($this->session->exists('app_password')) { |
|
83 | - throw new OCSForbiddenException('You cannot request an new apppassword with an apppassword'); |
|
84 | - } |
|
85 | - |
|
86 | - try { |
|
87 | - $credentials = $this->credentialStore->getLoginCredentials(); |
|
88 | - } catch (CredentialsUnavailableException $e) { |
|
89 | - throw new OCSForbiddenException(); |
|
90 | - } |
|
91 | - |
|
92 | - try { |
|
93 | - $password = $credentials->getPassword(); |
|
94 | - } catch (PasswordUnavailableException $e) { |
|
95 | - $password = null; |
|
96 | - } |
|
97 | - |
|
98 | - $userAgent = $this->request->getHeader('USER_AGENT'); |
|
99 | - |
|
100 | - $token = $this->random->generate(72, ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_DIGITS); |
|
101 | - |
|
102 | - $generatedToken = $this->tokenProvider->generateToken( |
|
103 | - $token, |
|
104 | - $credentials->getUID(), |
|
105 | - $credentials->getLoginName(), |
|
106 | - $password, |
|
107 | - $userAgent, |
|
108 | - IToken::PERMANENT_TOKEN, |
|
109 | - IToken::DO_NOT_REMEMBER |
|
110 | - ); |
|
111 | - |
|
112 | - $event = new GenericEvent($generatedToken); |
|
113 | - $this->eventDispatcher->dispatch('app_password_created', $event); |
|
114 | - |
|
115 | - return new DataResponse([ |
|
116 | - 'apppassword' => $token |
|
117 | - ]); |
|
118 | - } |
|
119 | - |
|
120 | - /** |
|
121 | - * @NoAdminRequired |
|
122 | - * |
|
123 | - * @return DataResponse |
|
124 | - */ |
|
125 | - public function deleteAppPassword() { |
|
126 | - if (!$this->session->exists('app_password')) { |
|
127 | - throw new OCSForbiddenException('no app password in use'); |
|
128 | - } |
|
129 | - |
|
130 | - $appPassword = $this->session->get('app_password'); |
|
131 | - |
|
132 | - try { |
|
133 | - $token = $this->tokenProvider->getToken($appPassword); |
|
134 | - } catch (InvalidTokenException $e) { |
|
135 | - throw new OCSForbiddenException('could not remove apptoken'); |
|
136 | - } |
|
137 | - |
|
138 | - $this->tokenProvider->invalidateTokenById($token->getUID(), $token->getId()); |
|
139 | - return new DataResponse(); |
|
140 | - } |
|
43 | + /** @var ISession */ |
|
44 | + private $session; |
|
45 | + |
|
46 | + /** @var ISecureRandom */ |
|
47 | + private $random; |
|
48 | + |
|
49 | + /** @var IProvider */ |
|
50 | + private $tokenProvider; |
|
51 | + |
|
52 | + /** @var IStore */ |
|
53 | + private $credentialStore; |
|
54 | + |
|
55 | + /** @var EventDispatcherInterface */ |
|
56 | + private $eventDispatcher; |
|
57 | + |
|
58 | + public function __construct(string $appName, |
|
59 | + IRequest $request, |
|
60 | + ISession $session, |
|
61 | + ISecureRandom $random, |
|
62 | + IProvider $tokenProvider, |
|
63 | + IStore $credentialStore, |
|
64 | + EventDispatcherInterface $eventDispatcher) { |
|
65 | + parent::__construct($appName, $request); |
|
66 | + |
|
67 | + $this->session = $session; |
|
68 | + $this->random = $random; |
|
69 | + $this->tokenProvider = $tokenProvider; |
|
70 | + $this->credentialStore = $credentialStore; |
|
71 | + $this->eventDispatcher = $eventDispatcher; |
|
72 | + } |
|
73 | + |
|
74 | + /** |
|
75 | + * @NoAdminRequired |
|
76 | + * |
|
77 | + * @return DataResponse |
|
78 | + * @throws OCSForbiddenException |
|
79 | + */ |
|
80 | + public function getAppPassword(): DataResponse { |
|
81 | + // We do not allow the creation of new tokens if this is an app password |
|
82 | + if ($this->session->exists('app_password')) { |
|
83 | + throw new OCSForbiddenException('You cannot request an new apppassword with an apppassword'); |
|
84 | + } |
|
85 | + |
|
86 | + try { |
|
87 | + $credentials = $this->credentialStore->getLoginCredentials(); |
|
88 | + } catch (CredentialsUnavailableException $e) { |
|
89 | + throw new OCSForbiddenException(); |
|
90 | + } |
|
91 | + |
|
92 | + try { |
|
93 | + $password = $credentials->getPassword(); |
|
94 | + } catch (PasswordUnavailableException $e) { |
|
95 | + $password = null; |
|
96 | + } |
|
97 | + |
|
98 | + $userAgent = $this->request->getHeader('USER_AGENT'); |
|
99 | + |
|
100 | + $token = $this->random->generate(72, ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_DIGITS); |
|
101 | + |
|
102 | + $generatedToken = $this->tokenProvider->generateToken( |
|
103 | + $token, |
|
104 | + $credentials->getUID(), |
|
105 | + $credentials->getLoginName(), |
|
106 | + $password, |
|
107 | + $userAgent, |
|
108 | + IToken::PERMANENT_TOKEN, |
|
109 | + IToken::DO_NOT_REMEMBER |
|
110 | + ); |
|
111 | + |
|
112 | + $event = new GenericEvent($generatedToken); |
|
113 | + $this->eventDispatcher->dispatch('app_password_created', $event); |
|
114 | + |
|
115 | + return new DataResponse([ |
|
116 | + 'apppassword' => $token |
|
117 | + ]); |
|
118 | + } |
|
119 | + |
|
120 | + /** |
|
121 | + * @NoAdminRequired |
|
122 | + * |
|
123 | + * @return DataResponse |
|
124 | + */ |
|
125 | + public function deleteAppPassword() { |
|
126 | + if (!$this->session->exists('app_password')) { |
|
127 | + throw new OCSForbiddenException('no app password in use'); |
|
128 | + } |
|
129 | + |
|
130 | + $appPassword = $this->session->get('app_password'); |
|
131 | + |
|
132 | + try { |
|
133 | + $token = $this->tokenProvider->getToken($appPassword); |
|
134 | + } catch (InvalidTokenException $e) { |
|
135 | + throw new OCSForbiddenException('could not remove apptoken'); |
|
136 | + } |
|
137 | + |
|
138 | + $this->tokenProvider->invalidateTokenById($token->getUID(), $token->getId()); |
|
139 | + return new DataResponse(); |
|
140 | + } |
|
141 | 141 | } |