Inspection of "Merge pull request #7859 from nextcloud/master-780..." - nextcloud/server - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 0023cb...dbd162 )

by Joas

created 2018-01-15 09:59 UTC

Status

Spacing +8 added lines, -8 removed lines patch added patch discarded remove patch

@@ -124,7 +124,7 @@  discard block
 block discarded – undo
 	 */
 	private function isValidToken($stateToken) {
 		$currentToken = $this->session->get(self::stateName);
-		if(!is_string($stateToken) || !is_string($currentToken)) {
+		if (!is_string($stateToken) || !is_string($currentToken)) {
 			return false;
 		}
 		return hash_equals($currentToken, $stateToken);
@@ -158,7 +158,7 @@  discard block
 block discarded – undo
 	public function showAuthPickerPage($clientIdentifier = '') {
 		$clientName = $this->getClientName();
 		$client = null;
-		if($clientIdentifier !== '') {
+		if ($clientIdentifier !== '') {
 			$client = $this->clientMapper->getByIdentifier($clientIdentifier);
 			$clientName = $client->getName();
 		}
@@ -215,7 +215,7 @@  discard block
 block discarded – undo
 	 */
 	public function redirectPage($stateToken = '',
 								 $clientIdentifier = '') {
-		if(!$this->isValidToken($stateToken)) {
+		if (!$this->isValidToken($stateToken)) {
 			return $this->stateTokenForbiddenResponse();
 		}
 
@@ -242,7 +242,7 @@  discard block
 block discarded – undo
 	 */
 	public function generateAppPassword($stateToken,
 										$clientIdentifier = '') {
-		if(!$this->isValidToken($stateToken)) {
+		if (!$this->isValidToken($stateToken)) {
 			$this->session->remove(self::stateName);
 			return $this->stateTokenForbiddenResponse();
 		}
@@ -273,7 +273,7 @@  discard block
 block discarded – undo
 
 		$clientName = $this->getClientName();
 		$client = false;
-		if($clientIdentifier !== '') {
+		if ($clientIdentifier !== '') {
 			$client = $this->clientMapper->getByIdentifier($clientIdentifier);
 			$clientName = $client->getName();
 		}
@@ -290,7 +290,7 @@  discard block
 block discarded – undo
 			IToken::DO_NOT_REMEMBER
 		);
 
-		if($client) {
+		if ($client) {
 			$code = $this->random->generate(128);
 			$accessToken = new AccessToken();
 			$accessToken->setClientId($client->getId());
@@ -327,8 +327,8 @@  discard block
 block discarded – undo
 			}
 
 
-			$serverPath = $protocol . "://" . $this->request->getServerHost() . $serverPostfix;
-			$redirectUri = 'nc://login/server:' . $serverPath . '&user:' . urlencode($loginName) . '&password:' . urlencode($token);
+			$serverPath = $protocol."://".$this->request->getServerHost().$serverPostfix;
+			$redirectUri = 'nc://login/server:'.$serverPath.'&user:'.urlencode($loginName).'&password:'.urlencode($token);
 		}
 
 		// Clear the token from the login here

Please login to merge, or discard this patch.

Indentation +261 added lines, -261 removed lines patch added patch discarded remove patch

@@ -48,291 +48,291 @@
 block discarded – undo
 use OCP\Session\Exceptions\SessionNotAvailableException;
 
 class ClientFlowLoginController extends Controller {
-	/** @var IUserSession */
-	private $userSession;
-	/** @var IL10N */
-	private $l10n;
-	/** @var Defaults */
-	private $defaults;
-	/** @var ISession */
-	private $session;
-	/** @var IProvider */
-	private $tokenProvider;
-	/** @var ISecureRandom */
-	private $random;
-	/** @var IURLGenerator */
-	private $urlGenerator;
-	/** @var ClientMapper */
-	private $clientMapper;
-	/** @var AccessTokenMapper */
-	private $accessTokenMapper;
-	/** @var ICrypto */
-	private $crypto;
+    /** @var IUserSession */
+    private $userSession;
+    /** @var IL10N */
+    private $l10n;
+    /** @var Defaults */
+    private $defaults;
+    /** @var ISession */
+    private $session;
+    /** @var IProvider */
+    private $tokenProvider;
+    /** @var ISecureRandom */
+    private $random;
+    /** @var IURLGenerator */
+    private $urlGenerator;
+    /** @var ClientMapper */
+    private $clientMapper;
+    /** @var AccessTokenMapper */
+    private $accessTokenMapper;
+    /** @var ICrypto */
+    private $crypto;
 
-	const stateName = 'client.flow.state.token';
+    const stateName = 'client.flow.state.token';
 
-	/**
-	 * @param string $appName
-	 * @param IRequest $request
-	 * @param IUserSession $userSession
-	 * @param IL10N $l10n
-	 * @param Defaults $defaults
-	 * @param ISession $session
-	 * @param IProvider $tokenProvider
-	 * @param ISecureRandom $random
-	 * @param IURLGenerator $urlGenerator
-	 * @param ClientMapper $clientMapper
-	 * @param AccessTokenMapper $accessTokenMapper
-	 * @param ICrypto $crypto
-	 */
-	public function __construct($appName,
-								IRequest $request,
-								IUserSession $userSession,
-								IL10N $l10n,
-								Defaults $defaults,
-								ISession $session,
-								IProvider $tokenProvider,
-								ISecureRandom $random,
-								IURLGenerator $urlGenerator,
-								ClientMapper $clientMapper,
-								AccessTokenMapper $accessTokenMapper,
-								ICrypto $crypto) {
-		parent::__construct($appName, $request);
-		$this->userSession = $userSession;
-		$this->l10n = $l10n;
-		$this->defaults = $defaults;
-		$this->session = $session;
-		$this->tokenProvider = $tokenProvider;
-		$this->random = $random;
-		$this->urlGenerator = $urlGenerator;
-		$this->clientMapper = $clientMapper;
-		$this->accessTokenMapper = $accessTokenMapper;
-		$this->crypto = $crypto;
-	}
+    /**
+     * @param string $appName
+     * @param IRequest $request
+     * @param IUserSession $userSession
+     * @param IL10N $l10n
+     * @param Defaults $defaults
+     * @param ISession $session
+     * @param IProvider $tokenProvider
+     * @param ISecureRandom $random
+     * @param IURLGenerator $urlGenerator
+     * @param ClientMapper $clientMapper
+     * @param AccessTokenMapper $accessTokenMapper
+     * @param ICrypto $crypto
+     */
+    public function __construct($appName,
+                                IRequest $request,
+                                IUserSession $userSession,
+                                IL10N $l10n,
+                                Defaults $defaults,
+                                ISession $session,
+                                IProvider $tokenProvider,
+                                ISecureRandom $random,
+                                IURLGenerator $urlGenerator,
+                                ClientMapper $clientMapper,
+                                AccessTokenMapper $accessTokenMapper,
+                                ICrypto $crypto) {
+        parent::__construct($appName, $request);
+        $this->userSession = $userSession;
+        $this->l10n = $l10n;
+        $this->defaults = $defaults;
+        $this->session = $session;
+        $this->tokenProvider = $tokenProvider;
+        $this->random = $random;
+        $this->urlGenerator = $urlGenerator;
+        $this->clientMapper = $clientMapper;
+        $this->accessTokenMapper = $accessTokenMapper;
+        $this->crypto = $crypto;
+    }
 
-	/**
-	 * @return string
-	 */
-	private function getClientName() {
-		$userAgent = $this->request->getHeader('USER_AGENT');
-		return $userAgent !== null ? $userAgent : 'unknown';
-	}
+    /**
+     * @return string
+     */
+    private function getClientName() {
+        $userAgent = $this->request->getHeader('USER_AGENT');
+        return $userAgent !== null ? $userAgent : 'unknown';
+    }
 
-	/**
-	 * @param string $stateToken
-	 * @return bool
-	 */
-	private function isValidToken($stateToken) {
-		$currentToken = $this->session->get(self::stateName);
-		if(!is_string($stateToken) || !is_string($currentToken)) {
-			return false;
-		}
-		return hash_equals($currentToken, $stateToken);
-	}
+    /**
+     * @param string $stateToken
+     * @return bool
+     */
+    private function isValidToken($stateToken) {
+        $currentToken = $this->session->get(self::stateName);
+        if(!is_string($stateToken) || !is_string($currentToken)) {
+            return false;
+        }
+        return hash_equals($currentToken, $stateToken);
+    }
 
-	/**
-	 * @return TemplateResponse
-	 */
-	private function stateTokenForbiddenResponse() {
-		$response = new TemplateResponse(
-			$this->appName,
-			'403',
-			[
-				'file' => $this->l10n->t('State token does not match'),
-			],
-			'guest'
-		);
-		$response->setStatus(Http::STATUS_FORBIDDEN);
-		return $response;
-	}
+    /**
+     * @return TemplateResponse
+     */
+    private function stateTokenForbiddenResponse() {
+        $response = new TemplateResponse(
+            $this->appName,
+            '403',
+            [
+                'file' => $this->l10n->t('State token does not match'),
+            ],
+            'guest'
+        );
+        $response->setStatus(Http::STATUS_FORBIDDEN);
+        return $response;
+    }
 
-	/**
-	 * @PublicPage
-	 * @NoCSRFRequired
-	 * @UseSession
-	 *
-	 * @param string $clientIdentifier
-	 *
-	 * @return TemplateResponse
-	 */
-	public function showAuthPickerPage($clientIdentifier = '') {
-		$clientName = $this->getClientName();
-		$client = null;
-		if($clientIdentifier !== '') {
-			$client = $this->clientMapper->getByIdentifier($clientIdentifier);
-			$clientName = $client->getName();
-		}
+    /**
+     * @PublicPage
+     * @NoCSRFRequired
+     * @UseSession
+     *
+     * @param string $clientIdentifier
+     *
+     * @return TemplateResponse
+     */
+    public function showAuthPickerPage($clientIdentifier = '') {
+        $clientName = $this->getClientName();
+        $client = null;
+        if($clientIdentifier !== '') {
+            $client = $this->clientMapper->getByIdentifier($clientIdentifier);
+            $clientName = $client->getName();
+        }
 
-		// No valid clientIdentifier given and no valid API Request (APIRequest header not set)
-		$clientRequest = $this->request->getHeader('OCS-APIREQUEST');
-		if ($clientRequest !== 'true' && $client === null) {
-			return new TemplateResponse(
-				$this->appName,
-				'error',
-				[
-					'errors' =>
-					[
-						[
-							'error' => 'Access Forbidden',
-							'hint' => 'Invalid request',
-						],
-					],
-				],
-				'guest'
-			);
-		}
+        // No valid clientIdentifier given and no valid API Request (APIRequest header not set)
+        $clientRequest = $this->request->getHeader('OCS-APIREQUEST');
+        if ($clientRequest !== 'true' && $client === null) {
+            return new TemplateResponse(
+                $this->appName,
+                'error',
+                [
+                    'errors' =>
+                    [
+                        [
+                            'error' => 'Access Forbidden',
+                            'hint' => 'Invalid request',
+                        ],
+                    ],
+                ],
+                'guest'
+            );
+        }
 
-		$stateToken = $this->random->generate(
-			64,
-			ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_DIGITS
-		);
-		$this->session->set(self::stateName, $stateToken);
+        $stateToken = $this->random->generate(
+            64,
+            ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_DIGITS
+        );
+        $this->session->set(self::stateName, $stateToken);
 
-		return new TemplateResponse(
-			$this->appName,
-			'loginflow/authpicker',
-			[
-				'client' => $clientName,
-				'clientIdentifier' => $clientIdentifier,
-				'instanceName' => $this->defaults->getName(),
-				'urlGenerator' => $this->urlGenerator,
-				'stateToken' => $stateToken,
-				'serverHost' => $this->request->getServerHost(),
-				'oauthState' => $this->session->get('oauth.state'),
-			],
-			'guest'
-		);
-	}
+        return new TemplateResponse(
+            $this->appName,
+            'loginflow/authpicker',
+            [
+                'client' => $clientName,
+                'clientIdentifier' => $clientIdentifier,
+                'instanceName' => $this->defaults->getName(),
+                'urlGenerator' => $this->urlGenerator,
+                'stateToken' => $stateToken,
+                'serverHost' => $this->request->getServerHost(),
+                'oauthState' => $this->session->get('oauth.state'),
+            ],
+            'guest'
+        );
+    }
 
-	/**
-	 * @NoAdminRequired
-	 * @NoCSRFRequired
-	 * @UseSession
-	 *
-	 * @param string $stateToken
-	 * @param string $clientIdentifier
-	 * @return TemplateResponse
-	 */
-	public function redirectPage($stateToken = '',
-								 $clientIdentifier = '') {
-		if(!$this->isValidToken($stateToken)) {
-			return $this->stateTokenForbiddenResponse();
-		}
+    /**
+     * @NoAdminRequired
+     * @NoCSRFRequired
+     * @UseSession
+     *
+     * @param string $stateToken
+     * @param string $clientIdentifier
+     * @return TemplateResponse
+     */
+    public function redirectPage($stateToken = '',
+                                    $clientIdentifier = '') {
+        if(!$this->isValidToken($stateToken)) {
+            return $this->stateTokenForbiddenResponse();
+        }
 
-		return new TemplateResponse(
-			$this->appName,
-			'loginflow/redirect',
-			[
-				'urlGenerator' => $this->urlGenerator,
-				'stateToken' => $stateToken,
-				'clientIdentifier' => $clientIdentifier,
-				'oauthState' => $this->session->get('oauth.state'),
-			],
-			'guest'
-		);
-	}
+        return new TemplateResponse(
+            $this->appName,
+            'loginflow/redirect',
+            [
+                'urlGenerator' => $this->urlGenerator,
+                'stateToken' => $stateToken,
+                'clientIdentifier' => $clientIdentifier,
+                'oauthState' => $this->session->get('oauth.state'),
+            ],
+            'guest'
+        );
+    }
 
-	/**
-	 * @NoAdminRequired
-	 * @UseSession
-	 *
-	 * @param string $stateToken
-	 * @param string $clientIdentifier
-	 * @return Http\RedirectResponse|Response
-	 */
-	public function generateAppPassword($stateToken,
-										$clientIdentifier = '') {
-		if(!$this->isValidToken($stateToken)) {
-			$this->session->remove(self::stateName);
-			return $this->stateTokenForbiddenResponse();
-		}
+    /**
+     * @NoAdminRequired
+     * @UseSession
+     *
+     * @param string $stateToken
+     * @param string $clientIdentifier
+     * @return Http\RedirectResponse|Response
+     */
+    public function generateAppPassword($stateToken,
+                                        $clientIdentifier = '') {
+        if(!$this->isValidToken($stateToken)) {
+            $this->session->remove(self::stateName);
+            return $this->stateTokenForbiddenResponse();
+        }
 
-		$this->session->remove(self::stateName);
+        $this->session->remove(self::stateName);
 
-		try {
-			$sessionId = $this->session->getId();
-		} catch (SessionNotAvailableException $ex) {
-			$response = new Response();
-			$response->setStatus(Http::STATUS_FORBIDDEN);
-			return $response;
-		}
+        try {
+            $sessionId = $this->session->getId();
+        } catch (SessionNotAvailableException $ex) {
+            $response = new Response();
+            $response->setStatus(Http::STATUS_FORBIDDEN);
+            return $response;
+        }
 
-		try {
-			$sessionToken = $this->tokenProvider->getToken($sessionId);
-			$loginName = $sessionToken->getLoginName();
-			try {
-				$password = $this->tokenProvider->getPassword($sessionToken, $sessionId);
-			} catch (PasswordlessTokenException $ex) {
-				$password = null;
-			}
-		} catch (InvalidTokenException $ex) {
-			$response = new Response();
-			$response->setStatus(Http::STATUS_FORBIDDEN);
-			return $response;
-		}
+        try {
+            $sessionToken = $this->tokenProvider->getToken($sessionId);
+            $loginName = $sessionToken->getLoginName();
+            try {
+                $password = $this->tokenProvider->getPassword($sessionToken, $sessionId);
+            } catch (PasswordlessTokenException $ex) {
+                $password = null;
+            }
+        } catch (InvalidTokenException $ex) {
+            $response = new Response();
+            $response->setStatus(Http::STATUS_FORBIDDEN);
+            return $response;
+        }
 
-		$clientName = $this->getClientName();
-		$client = false;
-		if($clientIdentifier !== '') {
-			$client = $this->clientMapper->getByIdentifier($clientIdentifier);
-			$clientName = $client->getName();
-		}
+        $clientName = $this->getClientName();
+        $client = false;
+        if($clientIdentifier !== '') {
+            $client = $this->clientMapper->getByIdentifier($clientIdentifier);
+            $clientName = $client->getName();
+        }
 
-		$token = $this->random->generate(72, ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_DIGITS);
-		$uid = $this->userSession->getUser()->getUID();
-		$generatedToken = $this->tokenProvider->generateToken(
-			$token,
-			$uid,
-			$loginName,
-			$password,
-			$clientName,
-			IToken::PERMANENT_TOKEN,
-			IToken::DO_NOT_REMEMBER
-		);
+        $token = $this->random->generate(72, ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_DIGITS);
+        $uid = $this->userSession->getUser()->getUID();
+        $generatedToken = $this->tokenProvider->generateToken(
+            $token,
+            $uid,
+            $loginName,
+            $password,
+            $clientName,
+            IToken::PERMANENT_TOKEN,
+            IToken::DO_NOT_REMEMBER
+        );
 
-		if($client) {
-			$code = $this->random->generate(128);
-			$accessToken = new AccessToken();
-			$accessToken->setClientId($client->getId());
-			$accessToken->setEncryptedToken($this->crypto->encrypt($token, $code));
-			$accessToken->setHashedCode(hash('sha512', $code));
-			$accessToken->setTokenId($generatedToken->getId());
-			$this->accessTokenMapper->insert($accessToken);
+        if($client) {
+            $code = $this->random->generate(128);
+            $accessToken = new AccessToken();
+            $accessToken->setClientId($client->getId());
+            $accessToken->setEncryptedToken($this->crypto->encrypt($token, $code));
+            $accessToken->setHashedCode(hash('sha512', $code));
+            $accessToken->setTokenId($generatedToken->getId());
+            $this->accessTokenMapper->insert($accessToken);
 
-			$redirectUri = sprintf(
-				'%s?state=%s&code=%s',
-				$client->getRedirectUri(),
-				urlencode($this->session->get('oauth.state')),
-				urlencode($code)
-			);
-			$this->session->remove('oauth.state');
-		} else {
-			$serverPostfix = '';
+            $redirectUri = sprintf(
+                '%s?state=%s&code=%s',
+                $client->getRedirectUri(),
+                urlencode($this->session->get('oauth.state')),
+                urlencode($code)
+            );
+            $this->session->remove('oauth.state');
+        } else {
+            $serverPostfix = '';
 
-			if (strpos($this->request->getRequestUri(), '/index.php') !== false) {
-				$serverPostfix = substr($this->request->getRequestUri(), 0, strpos($this->request->getRequestUri(), '/index.php'));
-			} else if (strpos($this->request->getRequestUri(), '/login/flow') !== false) {
-				$serverPostfix = substr($this->request->getRequestUri(), 0, strpos($this->request->getRequestUri(), '/login/flow'));
-			}
+            if (strpos($this->request->getRequestUri(), '/index.php') !== false) {
+                $serverPostfix = substr($this->request->getRequestUri(), 0, strpos($this->request->getRequestUri(), '/index.php'));
+            } else if (strpos($this->request->getRequestUri(), '/login/flow') !== false) {
+                $serverPostfix = substr($this->request->getRequestUri(), 0, strpos($this->request->getRequestUri(), '/login/flow'));
+            }
 
-			$protocol = $this->request->getServerProtocol();
+            $protocol = $this->request->getServerProtocol();
 
-			if ($protocol !== "https") {
-				$xForwardedProto = $this->request->getHeader('X-Forwarded-Proto');
-				$xForwardedSSL = $this->request->getHeader('X-Forwarded-Ssl');
-				if ($xForwardedProto === 'https' || $xForwardedSSL === 'on') {
-					$protocol = 'https';
-				}
-			}
+            if ($protocol !== "https") {
+                $xForwardedProto = $this->request->getHeader('X-Forwarded-Proto');
+                $xForwardedSSL = $this->request->getHeader('X-Forwarded-Ssl');
+                if ($xForwardedProto === 'https' || $xForwardedSSL === 'on') {
+                    $protocol = 'https';
+                }
+            }
 
 
-			$serverPath = $protocol . "://" . $this->request->getServerHost() . $serverPostfix;
-			$redirectUri = 'nc://login/server:' . $serverPath . '&user:' . urlencode($loginName) . '&password:' . urlencode($token);
-		}
+            $serverPath = $protocol . "://" . $this->request->getServerHost() . $serverPostfix;
+            $redirectUri = 'nc://login/server:' . $serverPath . '&user:' . urlencode($loginName) . '&password:' . urlencode($token);
+        }
 
-		// Clear the token from the login here
-		$this->tokenProvider->invalidateToken($sessionId);
+        // Clear the token from the login here
+        $this->tokenProvider->invalidateToken($sessionId);
 
-		return new Http\RedirectResponse($redirectUri);
-	}
+        return new Http\RedirectResponse($redirectUri);
+    }
 }

Please login to merge, or discard this patch.

		@@ -124,7 +124,7 @@ discard block
		block discarded – undo
124	124	*/
125	125	private function isValidToken($stateToken) {
126	126	$currentToken = $this->session->get(self::stateName);
127		- if(!is_string($stateToken) \|\| !is_string($currentToken)) {
	127	+ if (!is_string($stateToken) \|\| !is_string($currentToken)) {
128	128	return false;
129	129	}
130	130	return hash_equals($currentToken, $stateToken);
		@@ -158,7 +158,7 @@ discard block
		block discarded – undo
158	158	public function showAuthPickerPage($clientIdentifier = '') {
159	159	$clientName = $this->getClientName();
160	160	$client = null;
161		- if($clientIdentifier !== '') {
	161	+ if ($clientIdentifier !== '') {
162	162	$client = $this->clientMapper->getByIdentifier($clientIdentifier);
163	163	$clientName = $client->getName();
164	164	}
		@@ -215,7 +215,7 @@ discard block
		block discarded – undo
215	215	*/
216	216	public function redirectPage($stateToken = '',
217	217	$clientIdentifier = '') {
218		- if(!$this->isValidToken($stateToken)) {
	218	+ if (!$this->isValidToken($stateToken)) {
219	219	return $this->stateTokenForbiddenResponse();
220	220	}
221	221
		@@ -242,7 +242,7 @@ discard block
		block discarded – undo
242	242	*/
243	243	public function generateAppPassword($stateToken,
244	244	$clientIdentifier = '') {
245		- if(!$this->isValidToken($stateToken)) {
	245	+ if (!$this->isValidToken($stateToken)) {
246	246	$this->session->remove(self::stateName);
247	247	return $this->stateTokenForbiddenResponse();
248	248	}
		@@ -273,7 +273,7 @@ discard block
		block discarded – undo
273	273
274	274	$clientName = $this->getClientName();
275	275	$client = false;
276		- if($clientIdentifier !== '') {
	276	+ if ($clientIdentifier !== '') {
277	277	$client = $this->clientMapper->getByIdentifier($clientIdentifier);
278	278	$clientName = $client->getName();
279	279	}
		@@ -290,7 +290,7 @@ discard block
		block discarded – undo
290	290	IToken::DO_NOT_REMEMBER
291	291	);
292	292
293		- if($client) {
	293	+ if ($client) {
294	294	$code = $this->random->generate(128);
295	295	$accessToken = new AccessToken();
296	296	$accessToken->setClientId($client->getId());
		@@ -327,8 +327,8 @@ discard block
		block discarded – undo
327	327	}
328	328
329	329
330		- $serverPath = $protocol . "://" . $this->request->getServerHost() . $serverPostfix;
331		- $redirectUri = 'nc://login/server:' . $serverPath . '&user:' . urlencode($loginName) . '&password:' . urlencode($token);
	330	+ $serverPath = $protocol."://".$this->request->getServerHost().$serverPostfix;
	331	+ $redirectUri = 'nc://login/server:'.$serverPath.'&user:'.urlencode($loginName).'&password:'.urlencode($token);
332	332	}
333	333
334	334	// Clear the token from the login here

		@@ -48,291 +48,291 @@
		block discarded – undo
48	48	use OCP\Session\Exceptions\SessionNotAvailableException;
49	49
50	50	class ClientFlowLoginController extends Controller {
51		- /** @var IUserSession */
52		- private $userSession;
53		- /** @var IL10N */
54		- private $l10n;
55		- /** @var Defaults */
56		- private $defaults;
57		- /** @var ISession */
58		- private $session;
59		- /** @var IProvider */
60		- private $tokenProvider;
61		- /** @var ISecureRandom */
62		- private $random;
63		- /** @var IURLGenerator */
64		- private $urlGenerator;
65		- /** @var ClientMapper */
66		- private $clientMapper;
67		- /** @var AccessTokenMapper */
68		- private $accessTokenMapper;
69		- /** @var ICrypto */
70		- private $crypto;
	51	+ /** @var IUserSession */
	52	+ private $userSession;
	53	+ /** @var IL10N */
	54	+ private $l10n;
	55	+ /** @var Defaults */
	56	+ private $defaults;
	57	+ /** @var ISession */
	58	+ private $session;
	59	+ /** @var IProvider */
	60	+ private $tokenProvider;
	61	+ /** @var ISecureRandom */
	62	+ private $random;
	63	+ /** @var IURLGenerator */
	64	+ private $urlGenerator;
	65	+ /** @var ClientMapper */
	66	+ private $clientMapper;
	67	+ /** @var AccessTokenMapper */
	68	+ private $accessTokenMapper;
	69	+ /** @var ICrypto */
	70	+ private $crypto;
71	71
72		- const stateName = 'client.flow.state.token';
	72	+ const stateName = 'client.flow.state.token';
73	73
74		- /**
75		- * @param string $appName
76		- * @param IRequest $request
77		- * @param IUserSession $userSession
78		- * @param IL10N $l10n
79		- * @param Defaults $defaults
80		- * @param ISession $session
81		- * @param IProvider $tokenProvider
82		- * @param ISecureRandom $random
83		- * @param IURLGenerator $urlGenerator
84		- * @param ClientMapper $clientMapper
85		- * @param AccessTokenMapper $accessTokenMapper
86		- * @param ICrypto $crypto
87		- */
88		- public function __construct($appName,
89		- IRequest $request,
90		- IUserSession $userSession,
91		- IL10N $l10n,
92		- Defaults $defaults,
93		- ISession $session,
94		- IProvider $tokenProvider,
95		- ISecureRandom $random,
96		- IURLGenerator $urlGenerator,
97		- ClientMapper $clientMapper,
98		- AccessTokenMapper $accessTokenMapper,
99		- ICrypto $crypto) {
100		- parent::__construct($appName, $request);
101		- $this->userSession = $userSession;
102		- $this->l10n = $l10n;
103		- $this->defaults = $defaults;
104		- $this->session = $session;
105		- $this->tokenProvider = $tokenProvider;
106		- $this->random = $random;
107		- $this->urlGenerator = $urlGenerator;
108		- $this->clientMapper = $clientMapper;
109		- $this->accessTokenMapper = $accessTokenMapper;
110		- $this->crypto = $crypto;
111		- }
	74	+ /**
	75	+ * @param string $appName
	76	+ * @param IRequest $request
	77	+ * @param IUserSession $userSession
	78	+ * @param IL10N $l10n
	79	+ * @param Defaults $defaults
	80	+ * @param ISession $session
	81	+ * @param IProvider $tokenProvider
	82	+ * @param ISecureRandom $random
	83	+ * @param IURLGenerator $urlGenerator
	84	+ * @param ClientMapper $clientMapper
	85	+ * @param AccessTokenMapper $accessTokenMapper
	86	+ * @param ICrypto $crypto
	87	+ */
	88	+ public function __construct($appName,
	89	+ IRequest $request,
	90	+ IUserSession $userSession,
	91	+ IL10N $l10n,
	92	+ Defaults $defaults,
	93	+ ISession $session,
	94	+ IProvider $tokenProvider,
	95	+ ISecureRandom $random,
	96	+ IURLGenerator $urlGenerator,
	97	+ ClientMapper $clientMapper,
	98	+ AccessTokenMapper $accessTokenMapper,
	99	+ ICrypto $crypto) {
	100	+ parent::__construct($appName, $request);
	101	+ $this->userSession = $userSession;
	102	+ $this->l10n = $l10n;
	103	+ $this->defaults = $defaults;
	104	+ $this->session = $session;
	105	+ $this->tokenProvider = $tokenProvider;
	106	+ $this->random = $random;
	107	+ $this->urlGenerator = $urlGenerator;
	108	+ $this->clientMapper = $clientMapper;
	109	+ $this->accessTokenMapper = $accessTokenMapper;
	110	+ $this->crypto = $crypto;
	111	+ }
112	112
113		- /**
114		- * @return string
115		- */
116		- private function getClientName() {
117		- $userAgent = $this->request->getHeader('USER_AGENT');
118		- return $userAgent !== null ? $userAgent : 'unknown';
119		- }
	113	+ /**
	114	+ * @return string
	115	+ */
	116	+ private function getClientName() {
	117	+ $userAgent = $this->request->getHeader('USER_AGENT');
	118	+ return $userAgent !== null ? $userAgent : 'unknown';
	119	+ }
120	120
121		- /**
122		- * @param string $stateToken
123		- * @return bool
124		- */
125		- private function isValidToken($stateToken) {
126		- $currentToken = $this->session->get(self::stateName);
127		- if(!is_string($stateToken) \|\| !is_string($currentToken)) {
128		- return false;
129		- }
130		- return hash_equals($currentToken, $stateToken);
131		- }
	121	+ /**
	122	+ * @param string $stateToken
	123	+ * @return bool
	124	+ */
	125	+ private function isValidToken($stateToken) {
	126	+ $currentToken = $this->session->get(self::stateName);
	127	+ if(!is_string($stateToken) \|\| !is_string($currentToken)) {
	128	+ return false;
	129	+ }
	130	+ return hash_equals($currentToken, $stateToken);
	131	+ }
132	132
133		- /**
134		- * @return TemplateResponse
135		- */
136		- private function stateTokenForbiddenResponse() {
137		- $response = new TemplateResponse(
138		- $this->appName,
139		- '403',
140		- [
141		- 'file' => $this->l10n->t('State token does not match'),
142		- ],
143		- 'guest'
144		- );
145		- $response->setStatus(Http::STATUS_FORBIDDEN);
146		- return $response;
147		- }
	133	+ /**
	134	+ * @return TemplateResponse
	135	+ */
	136	+ private function stateTokenForbiddenResponse() {
	137	+ $response = new TemplateResponse(
	138	+ $this->appName,
	139	+ '403',
	140	+ [
	141	+ 'file' => $this->l10n->t('State token does not match'),
	142	+ ],
	143	+ 'guest'
	144	+ );
	145	+ $response->setStatus(Http::STATUS_FORBIDDEN);
	146	+ return $response;
	147	+ }
148	148
149		- /**
150		- * @PublicPage
151		- * @NoCSRFRequired
152		- * @UseSession
153		- *
154		- * @param string $clientIdentifier
155		- *
156		- * @return TemplateResponse
157		- */
158		- public function showAuthPickerPage($clientIdentifier = '') {
159		- $clientName = $this->getClientName();
160		- $client = null;
161		- if($clientIdentifier !== '') {
162		- $client = $this->clientMapper->getByIdentifier($clientIdentifier);
163		- $clientName = $client->getName();
164		- }
	149	+ /**
	150	+ * @PublicPage
	151	+ * @NoCSRFRequired
	152	+ * @UseSession
	153	+ *
	154	+ * @param string $clientIdentifier
	155	+ *
	156	+ * @return TemplateResponse
	157	+ */
	158	+ public function showAuthPickerPage($clientIdentifier = '') {
	159	+ $clientName = $this->getClientName();
	160	+ $client = null;
	161	+ if($clientIdentifier !== '') {
	162	+ $client = $this->clientMapper->getByIdentifier($clientIdentifier);
	163	+ $clientName = $client->getName();
	164	+ }
165	165
166		- // No valid clientIdentifier given and no valid API Request (APIRequest header not set)
167		- $clientRequest = $this->request->getHeader('OCS-APIREQUEST');
168		- if ($clientRequest !== 'true' && $client === null) {
169		- return new TemplateResponse(
170		- $this->appName,
171		- 'error',
172		- [
173		- 'errors' =>
174		- [
175		- [
176		- 'error' => 'Access Forbidden',
177		- 'hint' => 'Invalid request',
178		- ],
179		- ],
180		- ],
181		- 'guest'
182		- );
183		- }
	166	+ // No valid clientIdentifier given and no valid API Request (APIRequest header not set)
	167	+ $clientRequest = $this->request->getHeader('OCS-APIREQUEST');
	168	+ if ($clientRequest !== 'true' && $client === null) {
	169	+ return new TemplateResponse(
	170	+ $this->appName,
	171	+ 'error',
	172	+ [
	173	+ 'errors' =>
	174	+ [
	175	+ [
	176	+ 'error' => 'Access Forbidden',
	177	+ 'hint' => 'Invalid request',
	178	+ ],
	179	+ ],
	180	+ ],
	181	+ 'guest'
	182	+ );
	183	+ }
184	184
185		- $stateToken = $this->random->generate(
186		- 64,
187		- ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_DIGITS
188		- );
189		- $this->session->set(self::stateName, $stateToken);
	185	+ $stateToken = $this->random->generate(
	186	+ 64,
	187	+ ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_DIGITS
	188	+ );
	189	+ $this->session->set(self::stateName, $stateToken);
190	190
191		- return new TemplateResponse(
192		- $this->appName,
193		- 'loginflow/authpicker',
194		- [
195		- 'client' => $clientName,
196		- 'clientIdentifier' => $clientIdentifier,
197		- 'instanceName' => $this->defaults->getName(),
198		- 'urlGenerator' => $this->urlGenerator,
199		- 'stateToken' => $stateToken,
200		- 'serverHost' => $this->request->getServerHost(),
201		- 'oauthState' => $this->session->get('oauth.state'),
202		- ],
203		- 'guest'
204		- );
205		- }
	191	+ return new TemplateResponse(
	192	+ $this->appName,
	193	+ 'loginflow/authpicker',
	194	+ [
	195	+ 'client' => $clientName,
	196	+ 'clientIdentifier' => $clientIdentifier,
	197	+ 'instanceName' => $this->defaults->getName(),
	198	+ 'urlGenerator' => $this->urlGenerator,
	199	+ 'stateToken' => $stateToken,
	200	+ 'serverHost' => $this->request->getServerHost(),
	201	+ 'oauthState' => $this->session->get('oauth.state'),
	202	+ ],
	203	+ 'guest'
	204	+ );
	205	+ }
206	206
207		- /**
208		- * @NoAdminRequired
209		- * @NoCSRFRequired
210		- * @UseSession
211		- *
212		- * @param string $stateToken
213		- * @param string $clientIdentifier
214		- * @return TemplateResponse
215		- */
216		- public function redirectPage($stateToken = '',
217		- $clientIdentifier = '') {
218		- if(!$this->isValidToken($stateToken)) {
219		- return $this->stateTokenForbiddenResponse();
220		- }
	207	+ /**
	208	+ * @NoAdminRequired
	209	+ * @NoCSRFRequired
	210	+ * @UseSession
	211	+ *
	212	+ * @param string $stateToken
	213	+ * @param string $clientIdentifier
	214	+ * @return TemplateResponse
	215	+ */
	216	+ public function redirectPage($stateToken = '',
	217	+ $clientIdentifier = '') {
	218	+ if(!$this->isValidToken($stateToken)) {
	219	+ return $this->stateTokenForbiddenResponse();
	220	+ }
221	221
222		- return new TemplateResponse(
223		- $this->appName,
224		- 'loginflow/redirect',
225		- [
226		- 'urlGenerator' => $this->urlGenerator,
227		- 'stateToken' => $stateToken,
228		- 'clientIdentifier' => $clientIdentifier,
229		- 'oauthState' => $this->session->get('oauth.state'),
230		- ],
231		- 'guest'
232		- );
233		- }
	222	+ return new TemplateResponse(
	223	+ $this->appName,
	224	+ 'loginflow/redirect',
	225	+ [
	226	+ 'urlGenerator' => $this->urlGenerator,
	227	+ 'stateToken' => $stateToken,
	228	+ 'clientIdentifier' => $clientIdentifier,
	229	+ 'oauthState' => $this->session->get('oauth.state'),
	230	+ ],
	231	+ 'guest'
	232	+ );
	233	+ }
234	234
235		- /**
236		- * @NoAdminRequired
237		- * @UseSession
238		- *
239		- * @param string $stateToken
240		- * @param string $clientIdentifier
241		- * @return Http\RedirectResponse\|Response
242		- */
243		- public function generateAppPassword($stateToken,
244		- $clientIdentifier = '') {
245		- if(!$this->isValidToken($stateToken)) {
246		- $this->session->remove(self::stateName);
247		- return $this->stateTokenForbiddenResponse();
248		- }
	235	+ /**
	236	+ * @NoAdminRequired
	237	+ * @UseSession
	238	+ *
	239	+ * @param string $stateToken
	240	+ * @param string $clientIdentifier
	241	+ * @return Http\RedirectResponse\|Response
	242	+ */
	243	+ public function generateAppPassword($stateToken,
	244	+ $clientIdentifier = '') {
	245	+ if(!$this->isValidToken($stateToken)) {
	246	+ $this->session->remove(self::stateName);
	247	+ return $this->stateTokenForbiddenResponse();
	248	+ }
249	249
250		- $this->session->remove(self::stateName);
	250	+ $this->session->remove(self::stateName);
251	251
252		- try {
253		- $sessionId = $this->session->getId();
254		- } catch (SessionNotAvailableException $ex) {
255		- $response = new Response();
256		- $response->setStatus(Http::STATUS_FORBIDDEN);
257		- return $response;
258		- }
	252	+ try {
	253	+ $sessionId = $this->session->getId();
	254	+ } catch (SessionNotAvailableException $ex) {
	255	+ $response = new Response();
	256	+ $response->setStatus(Http::STATUS_FORBIDDEN);
	257	+ return $response;
	258	+ }
259	259
260		- try {
261		- $sessionToken = $this->tokenProvider->getToken($sessionId);
262		- $loginName = $sessionToken->getLoginName();
263		- try {
264		- $password = $this->tokenProvider->getPassword($sessionToken, $sessionId);
265		- } catch (PasswordlessTokenException $ex) {
266		- $password = null;
267		- }
268		- } catch (InvalidTokenException $ex) {
269		- $response = new Response();
270		- $response->setStatus(Http::STATUS_FORBIDDEN);
271		- return $response;
272		- }
	260	+ try {
	261	+ $sessionToken = $this->tokenProvider->getToken($sessionId);
	262	+ $loginName = $sessionToken->getLoginName();
	263	+ try {
	264	+ $password = $this->tokenProvider->getPassword($sessionToken, $sessionId);
	265	+ } catch (PasswordlessTokenException $ex) {
	266	+ $password = null;
	267	+ }
	268	+ } catch (InvalidTokenException $ex) {
	269	+ $response = new Response();
	270	+ $response->setStatus(Http::STATUS_FORBIDDEN);
	271	+ return $response;
	272	+ }
273	273
274		- $clientName = $this->getClientName();
275		- $client = false;
276		- if($clientIdentifier !== '') {
277		- $client = $this->clientMapper->getByIdentifier($clientIdentifier);
278		- $clientName = $client->getName();
279		- }
	274	+ $clientName = $this->getClientName();
	275	+ $client = false;
	276	+ if($clientIdentifier !== '') {
	277	+ $client = $this->clientMapper->getByIdentifier($clientIdentifier);
	278	+ $clientName = $client->getName();
	279	+ }
280	280
281		- $token = $this->random->generate(72, ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_DIGITS);
282		- $uid = $this->userSession->getUser()->getUID();
283		- $generatedToken = $this->tokenProvider->generateToken(
284		- $token,
285		- $uid,
286		- $loginName,
287		- $password,
288		- $clientName,
289		- IToken::PERMANENT_TOKEN,
290		- IToken::DO_NOT_REMEMBER
291		- );
	281	+ $token = $this->random->generate(72, ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_DIGITS);
	282	+ $uid = $this->userSession->getUser()->getUID();
	283	+ $generatedToken = $this->tokenProvider->generateToken(
	284	+ $token,
	285	+ $uid,
	286	+ $loginName,
	287	+ $password,
	288	+ $clientName,
	289	+ IToken::PERMANENT_TOKEN,
	290	+ IToken::DO_NOT_REMEMBER
	291	+ );
292	292
293		- if($client) {
294		- $code = $this->random->generate(128);
295		- $accessToken = new AccessToken();
296		- $accessToken->setClientId($client->getId());
297		- $accessToken->setEncryptedToken($this->crypto->encrypt($token, $code));
298		- $accessToken->setHashedCode(hash('sha512', $code));
299		- $accessToken->setTokenId($generatedToken->getId());
300		- $this->accessTokenMapper->insert($accessToken);
	293	+ if($client) {
	294	+ $code = $this->random->generate(128);
	295	+ $accessToken = new AccessToken();
	296	+ $accessToken->setClientId($client->getId());
	297	+ $accessToken->setEncryptedToken($this->crypto->encrypt($token, $code));
	298	+ $accessToken->setHashedCode(hash('sha512', $code));
	299	+ $accessToken->setTokenId($generatedToken->getId());
	300	+ $this->accessTokenMapper->insert($accessToken);
301	301
302		- $redirectUri = sprintf(
303		- '%s?state=%s&code=%s',
304		- $client->getRedirectUri(),
305		- urlencode($this->session->get('oauth.state')),
306		- urlencode($code)
307		- );
308		- $this->session->remove('oauth.state');
309		- } else {
310		- $serverPostfix = '';
	302	+ $redirectUri = sprintf(
	303	+ '%s?state=%s&code=%s',
	304	+ $client->getRedirectUri(),
	305	+ urlencode($this->session->get('oauth.state')),
	306	+ urlencode($code)
	307	+ );
	308	+ $this->session->remove('oauth.state');
	309	+ } else {
	310	+ $serverPostfix = '';
311	311
312		- if (strpos($this->request->getRequestUri(), '/index.php') !== false) {
313		- $serverPostfix = substr($this->request->getRequestUri(), 0, strpos($this->request->getRequestUri(), '/index.php'));
314		- } else if (strpos($this->request->getRequestUri(), '/login/flow') !== false) {
315		- $serverPostfix = substr($this->request->getRequestUri(), 0, strpos($this->request->getRequestUri(), '/login/flow'));
316		- }
	312	+ if (strpos($this->request->getRequestUri(), '/index.php') !== false) {
	313	+ $serverPostfix = substr($this->request->getRequestUri(), 0, strpos($this->request->getRequestUri(), '/index.php'));
	314	+ } else if (strpos($this->request->getRequestUri(), '/login/flow') !== false) {
	315	+ $serverPostfix = substr($this->request->getRequestUri(), 0, strpos($this->request->getRequestUri(), '/login/flow'));
	316	+ }
317	317
318		- $protocol = $this->request->getServerProtocol();
	318	+ $protocol = $this->request->getServerProtocol();
319	319
320		- if ($protocol !== "https") {
321		- $xForwardedProto = $this->request->getHeader('X-Forwarded-Proto');
322		- $xForwardedSSL = $this->request->getHeader('X-Forwarded-Ssl');
323		- if ($xForwardedProto === 'https' \|\| $xForwardedSSL === 'on') {
324		- $protocol = 'https';
325		- }
326		- }
	320	+ if ($protocol !== "https") {
	321	+ $xForwardedProto = $this->request->getHeader('X-Forwarded-Proto');
	322	+ $xForwardedSSL = $this->request->getHeader('X-Forwarded-Ssl');
	323	+ if ($xForwardedProto === 'https' \|\| $xForwardedSSL === 'on') {
	324	+ $protocol = 'https';
	325	+ }
	326	+ }
327	327
328	328
329		- $serverPath = $protocol . "://" . $this->request->getServerHost() . $serverPostfix;
330		- $redirectUri = 'nc://login/server:' . $serverPath . '&user:' . urlencode($loginName) . '&password:' . urlencode($token);
331		- }
	329	+ $serverPath = $protocol . "://" . $this->request->getServerHost() . $serverPostfix;
	330	+ $redirectUri = 'nc://login/server:' . $serverPath . '&user:' . urlencode($loginName) . '&password:' . urlencode($token);
	331	+ }
332	332
333		- // Clear the token from the login here
334		- $this->tokenProvider->invalidateToken($sessionId);
	333	+ // Clear the token from the login here
	334	+ $this->tokenProvider->invalidateToken($sessionId);
335	335
336		- return new Http\RedirectResponse($redirectUri);
337		- }
	336	+ return new Http\RedirectResponse($redirectUri);
	337	+ }
338	338	}

nextcloud / server

Push — master ( 0023cb...dbd162 )

Status

Category

Spacing +8 added lines, -8 removed lines patch added patch discarded remove patch

Indentation +261 added lines, -261 removed lines patch added patch discarded remove patch