nextcloud / server

core/Controller/ClientFlowLoginController.php

Indentation +320 added lines, -320 removed lines

@@ -50,324 +50,324 @@
 use Symfony\Component\EventDispatcher\GenericEvent;
 
 class ClientFlowLoginController extends Controller {
-	/** @var IUserSession */
-	private $userSession;
-	/** @var IL10N */
-	private $l10n;
-	/** @var Defaults */
-	private $defaults;
-	/** @var ISession */
-	private $session;
-	/** @var IProvider */
-	private $tokenProvider;
-	/** @var ISecureRandom */
-	private $random;
-	/** @var IURLGenerator */
-	private $urlGenerator;
-	/** @var ClientMapper */
-	private $clientMapper;
-	/** @var AccessTokenMapper */
-	private $accessTokenMapper;
-	/** @var ICrypto */
-	private $crypto;
-	/** @var EventDispatcherInterface */
-	private $eventDispatcher;
-
-	const stateName = 'client.flow.state.token';
-
-	/**
-	 * @param string $appName
-	 * @param IRequest $request
-	 * @param IUserSession $userSession
-	 * @param IL10N $l10n
-	 * @param Defaults $defaults
-	 * @param ISession $session
-	 * @param IProvider $tokenProvider
-	 * @param ISecureRandom $random
-	 * @param IURLGenerator $urlGenerator
-	 * @param ClientMapper $clientMapper
-	 * @param AccessTokenMapper $accessTokenMapper
-	 * @param ICrypto $crypto
-	 * @param EventDispatcherInterface $eventDispatcher
-	 */
-	public function __construct($appName,
-								IRequest $request,
-								IUserSession $userSession,
-								IL10N $l10n,
-								Defaults $defaults,
-								ISession $session,
-								IProvider $tokenProvider,
-								ISecureRandom $random,
-								IURLGenerator $urlGenerator,
-								ClientMapper $clientMapper,
-								AccessTokenMapper $accessTokenMapper,
-								ICrypto $crypto,
-								EventDispatcherInterface $eventDispatcher) {
-		parent::__construct($appName, $request);
-		$this->userSession = $userSession;
-		$this->l10n = $l10n;
-		$this->defaults = $defaults;
-		$this->session = $session;
-		$this->tokenProvider = $tokenProvider;
-		$this->random = $random;
-		$this->urlGenerator = $urlGenerator;
-		$this->clientMapper = $clientMapper;
-		$this->accessTokenMapper = $accessTokenMapper;
-		$this->crypto = $crypto;
-		$this->eventDispatcher = $eventDispatcher;
-	}
-
-	/**
-	 * @return string
-	 */
-	private function getClientName() {
-		$userAgent = $this->request->getHeader('USER_AGENT');
-		return $userAgent !== '' ? $userAgent : 'unknown';
-	}
-
-	/**
-	 * @param string $stateToken
-	 * @return bool
-	 */
-	private function isValidToken($stateToken) {
-		$currentToken = $this->session->get(self::stateName);
-		if(!is_string($stateToken) || !is_string($currentToken)) {
-			return false;
-		}
-		return hash_equals($currentToken, $stateToken);
-	}
-
-	/**
-	 * @return StandaloneTemplateResponse
-	 */
-	private function stateTokenForbiddenResponse() {
-		$response = new StandaloneTemplateResponse(
-			$this->appName,
-			'403',
-			[
-				'message' => $this->l10n->t('State token does not match'),
-			],
-			'guest'
-		);
-		$response->setStatus(Http::STATUS_FORBIDDEN);
-		return $response;
-	}
-
-	/**
-	 * @PublicPage
-	 * @NoCSRFRequired
-	 * @UseSession
-	 *
-	 * @param string $clientIdentifier
-	 *
-	 * @return StandaloneTemplateResponse
-	 */
-	public function showAuthPickerPage($clientIdentifier = '') {
-		$clientName = $this->getClientName();
-		$client = null;
-		if($clientIdentifier !== '') {
-			$client = $this->clientMapper->getByIdentifier($clientIdentifier);
-			$clientName = $client->getName();
-		}
-
-		// No valid clientIdentifier given and no valid API Request (APIRequest header not set)
-		$clientRequest = $this->request->getHeader('OCS-APIREQUEST');
-		if ($clientRequest !== 'true' && $client === null) {
-			return new StandaloneTemplateResponse(
-				$this->appName,
-				'error',
-				[
-					'errors' =>
-					[
-						[
-							'error' => 'Access Forbidden',
-							'hint' => 'Invalid request',
-						],
-					],
-				],
-				'guest'
-			);
-		}
-
-		$stateToken = $this->random->generate(
-			64,
-			ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_DIGITS
-		);
-		$this->session->set(self::stateName, $stateToken);
-
-		return new StandaloneTemplateResponse(
-			$this->appName,
-			'loginflow/authpicker',
-			[
-				'client' => $clientName,
-				'clientIdentifier' => $clientIdentifier,
-				'instanceName' => $this->defaults->getName(),
-				'urlGenerator' => $this->urlGenerator,
-				'stateToken' => $stateToken,
-				'serverHost' => $this->getServerPath(),
-				'oauthState' => $this->session->get('oauth.state'),
-			],
-			'guest'
-		);
-	}
-
-	/**
-	 * @NoAdminRequired
-	 * @NoCSRFRequired
-	 * @NoSameSiteCookieRequired
-	 * @UseSession
-	 *
-	 * @param string $stateToken
-	 * @param string $clientIdentifier
-	 * @return StandaloneTemplateResponse
-	 */
-	public function grantPage($stateToken = '',
-								 $clientIdentifier = '') {
-		if(!$this->isValidToken($stateToken)) {
-			return $this->stateTokenForbiddenResponse();
-		}
-
-		$clientName = $this->getClientName();
-		$client = null;
-		if($clientIdentifier !== '') {
-			$client = $this->clientMapper->getByIdentifier($clientIdentifier);
-			$clientName = $client->getName();
-		}
-
-		return new StandaloneTemplateResponse(
-			$this->appName,
-			'loginflow/grant',
-			[
-				'client' => $clientName,
-				'clientIdentifier' => $clientIdentifier,
-				'instanceName' => $this->defaults->getName(),
-				'urlGenerator' => $this->urlGenerator,
-				'stateToken' => $stateToken,
-				'serverHost' => $this->getServerPath(),
-				'oauthState' => $this->session->get('oauth.state'),
-			],
-			'guest'
-		);
-	}
-
-	/**
-	 * @NoAdminRequired
-	 * @UseSession
-	 *
-	 * @param string $stateToken
-	 * @param string $clientIdentifier
-	 * @return Http\RedirectResponse|Response
-	 */
-	public function generateAppPassword($stateToken,
-										$clientIdentifier = '') {
-		if(!$this->isValidToken($stateToken)) {
-			$this->session->remove(self::stateName);
-			return $this->stateTokenForbiddenResponse();
-		}
-
-		$this->session->remove(self::stateName);
-
-		try {
-			$sessionId = $this->session->getId();
-		} catch (SessionNotAvailableException $ex) {
-			$response = new Response();
-			$response->setStatus(Http::STATUS_FORBIDDEN);
-			return $response;
-		}
-
-		try {
-			$sessionToken = $this->tokenProvider->getToken($sessionId);
-			$loginName = $sessionToken->getLoginName();
-			try {
-				$password = $this->tokenProvider->getPassword($sessionToken, $sessionId);
-			} catch (PasswordlessTokenException $ex) {
-				$password = null;
-			}
-		} catch (InvalidTokenException $ex) {
-			$response = new Response();
-			$response->setStatus(Http::STATUS_FORBIDDEN);
-			return $response;
-		}
-
-		$clientName = $this->getClientName();
-		$client = false;
-		if($clientIdentifier !== '') {
-			$client = $this->clientMapper->getByIdentifier($clientIdentifier);
-			$clientName = $client->getName();
-		}
-
-		$token = $this->random->generate(72, ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_DIGITS);
-		$uid = $this->userSession->getUser()->getUID();
-		$generatedToken = $this->tokenProvider->generateToken(
-			$token,
-			$uid,
-			$loginName,
-			$password,
-			$clientName,
-			IToken::PERMANENT_TOKEN,
-			IToken::DO_NOT_REMEMBER
-		);
-
-		if($client) {
-			$code = $this->random->generate(128, ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_DIGITS);
-			$accessToken = new AccessToken();
-			$accessToken->setClientId($client->getId());
-			$accessToken->setEncryptedToken($this->crypto->encrypt($token, $code));
-			$accessToken->setHashedCode(hash('sha512', $code));
-			$accessToken->setTokenId($generatedToken->getId());
-			$this->accessTokenMapper->insert($accessToken);
-
-			$redirectUri = sprintf(
-				'%s?state=%s&code=%s',
-				$client->getRedirectUri(),
-				urlencode($this->session->get('oauth.state')),
-				urlencode($code)
-			);
-			$this->session->remove('oauth.state');
-		} else {
-			$redirectUri = 'nc://login/server:' . $this->getServerPath() . '&user:' . urlencode($loginName) . '&password:' . urlencode($token);
-
-			// Clear the token from the login here
-			$this->tokenProvider->invalidateToken($sessionId);
-		}
-
-		$event = new GenericEvent($generatedToken);
-		$this->eventDispatcher->dispatch('app_password_created', $event);
-
-		return new Http\RedirectResponse($redirectUri);
-	}
-
-	/**
-	 * @PublicPage
-	 */
-	public function apptokenRedirect(string $stateToken, string $user, string $password) {
-		if (!$this->isValidToken($stateToken)) {
-			return $this->stateTokenForbiddenResponse();
-		}
-
-		$redirectUri = 'nc://login/server:' . $this->getServerPath() . '&user:' . urlencode($user) . '&password:' . urlencode($password);
-		return new Http\RedirectResponse($redirectUri);
-	}
-
-	private function getServerPath(): string {
-		$serverPostfix = '';
-
-		if (strpos($this->request->getRequestUri(), '/index.php') !== false) {
-			$serverPostfix = substr($this->request->getRequestUri(), 0, strpos($this->request->getRequestUri(), '/index.php'));
-		} else if (strpos($this->request->getRequestUri(), '/login/flow') !== false) {
-			$serverPostfix = substr($this->request->getRequestUri(), 0, strpos($this->request->getRequestUri(), '/login/flow'));
-		}
-
-		$protocol = $this->request->getServerProtocol();
-
-		if ($protocol !== "https") {
-			$xForwardedProto = $this->request->getHeader('X-Forwarded-Proto');
-			$xForwardedSSL = $this->request->getHeader('X-Forwarded-Ssl');
-			if ($xForwardedProto === 'https' || $xForwardedSSL === 'on') {
-				$protocol = 'https';
-			}
-		}
-
-		return $protocol . "://" . $this->request->getServerHost() . $serverPostfix;
-	}
+    /** @var IUserSession */
+    private $userSession;
+    /** @var IL10N */
+    private $l10n;
+    /** @var Defaults */
+    private $defaults;
+    /** @var ISession */
+    private $session;
+    /** @var IProvider */
+    private $tokenProvider;
+    /** @var ISecureRandom */
+    private $random;
+    /** @var IURLGenerator */
+    private $urlGenerator;
+    /** @var ClientMapper */
+    private $clientMapper;
+    /** @var AccessTokenMapper */
+    private $accessTokenMapper;
+    /** @var ICrypto */
+    private $crypto;
+    /** @var EventDispatcherInterface */
+    private $eventDispatcher;
+
+    const stateName = 'client.flow.state.token';
+
+    /**
+     * @param string $appName
+     * @param IRequest $request
+     * @param IUserSession $userSession
+     * @param IL10N $l10n
+     * @param Defaults $defaults
+     * @param ISession $session
+     * @param IProvider $tokenProvider
+     * @param ISecureRandom $random
+     * @param IURLGenerator $urlGenerator
+     * @param ClientMapper $clientMapper
+     * @param AccessTokenMapper $accessTokenMapper
+     * @param ICrypto $crypto
+     * @param EventDispatcherInterface $eventDispatcher
+     */
+    public function __construct($appName,
+                                IRequest $request,
+                                IUserSession $userSession,
+                                IL10N $l10n,
+                                Defaults $defaults,
+                                ISession $session,
+                                IProvider $tokenProvider,
+                                ISecureRandom $random,
+                                IURLGenerator $urlGenerator,
+                                ClientMapper $clientMapper,
+                                AccessTokenMapper $accessTokenMapper,
+                                ICrypto $crypto,
+                                EventDispatcherInterface $eventDispatcher) {
+        parent::__construct($appName, $request);
+        $this->userSession = $userSession;
+        $this->l10n = $l10n;
+        $this->defaults = $defaults;
+        $this->session = $session;
+        $this->tokenProvider = $tokenProvider;
+        $this->random = $random;
+        $this->urlGenerator = $urlGenerator;
+        $this->clientMapper = $clientMapper;
+        $this->accessTokenMapper = $accessTokenMapper;
+        $this->crypto = $crypto;
+        $this->eventDispatcher = $eventDispatcher;
+    }
+
+    /**
+     * @return string
+     */
+    private function getClientName() {
+        $userAgent = $this->request->getHeader('USER_AGENT');
+        return $userAgent !== '' ? $userAgent : 'unknown';
+    }
+
+    /**
+     * @param string $stateToken
+     * @return bool
+     */
+    private function isValidToken($stateToken) {
+        $currentToken = $this->session->get(self::stateName);
+        if(!is_string($stateToken) || !is_string($currentToken)) {
+            return false;
+        }
+        return hash_equals($currentToken, $stateToken);
+    }
+
+    /**
+     * @return StandaloneTemplateResponse
+     */
+    private function stateTokenForbiddenResponse() {
+        $response = new StandaloneTemplateResponse(
+            $this->appName,
+            '403',
+            [
+                'message' => $this->l10n->t('State token does not match'),
+            ],
+            'guest'
+        );
+        $response->setStatus(Http::STATUS_FORBIDDEN);
+        return $response;
+    }
+
+    /**
+     * @PublicPage
+     * @NoCSRFRequired
+     * @UseSession
+     *
+     * @param string $clientIdentifier
+     *
+     * @return StandaloneTemplateResponse
+     */
+    public function showAuthPickerPage($clientIdentifier = '') {
+        $clientName = $this->getClientName();
+        $client = null;
+        if($clientIdentifier !== '') {
+            $client = $this->clientMapper->getByIdentifier($clientIdentifier);
+            $clientName = $client->getName();
+        }
+
+        // No valid clientIdentifier given and no valid API Request (APIRequest header not set)
+        $clientRequest = $this->request->getHeader('OCS-APIREQUEST');
+        if ($clientRequest !== 'true' && $client === null) {
+            return new StandaloneTemplateResponse(
+                $this->appName,
+                'error',
+                [
+                    'errors' =>
+                    [
+                        [
+                            'error' => 'Access Forbidden',
+                            'hint' => 'Invalid request',
+                        ],
+                    ],
+                ],
+                'guest'
+            );
+        }
+
+        $stateToken = $this->random->generate(
+            64,
+            ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_DIGITS
+        );
+        $this->session->set(self::stateName, $stateToken);
+
+        return new StandaloneTemplateResponse(
+            $this->appName,
+            'loginflow/authpicker',
+            [
+                'client' => $clientName,
+                'clientIdentifier' => $clientIdentifier,
+                'instanceName' => $this->defaults->getName(),
+                'urlGenerator' => $this->urlGenerator,
+                'stateToken' => $stateToken,
+                'serverHost' => $this->getServerPath(),
+                'oauthState' => $this->session->get('oauth.state'),
+            ],
+            'guest'
+        );
+    }
+
+    /**
+     * @NoAdminRequired
+     * @NoCSRFRequired
+     * @NoSameSiteCookieRequired
+     * @UseSession
+     *
+     * @param string $stateToken
+     * @param string $clientIdentifier
+     * @return StandaloneTemplateResponse
+     */
+    public function grantPage($stateToken = '',
+                                    $clientIdentifier = '') {
+        if(!$this->isValidToken($stateToken)) {
+            return $this->stateTokenForbiddenResponse();
+        }
+
+        $clientName = $this->getClientName();
+        $client = null;
+        if($clientIdentifier !== '') {
+            $client = $this->clientMapper->getByIdentifier($clientIdentifier);
+            $clientName = $client->getName();
+        }
+
+        return new StandaloneTemplateResponse(
+            $this->appName,
+            'loginflow/grant',
+            [
+                'client' => $clientName,
+                'clientIdentifier' => $clientIdentifier,
+                'instanceName' => $this->defaults->getName(),
+                'urlGenerator' => $this->urlGenerator,
+                'stateToken' => $stateToken,
+                'serverHost' => $this->getServerPath(),
+                'oauthState' => $this->session->get('oauth.state'),
+            ],
+            'guest'
+        );
+    }
+
+    /**
+     * @NoAdminRequired
+     * @UseSession
+     *
+     * @param string $stateToken
+     * @param string $clientIdentifier
+     * @return Http\RedirectResponse|Response
+     */
+    public function generateAppPassword($stateToken,
+                                        $clientIdentifier = '') {
+        if(!$this->isValidToken($stateToken)) {
+            $this->session->remove(self::stateName);
+            return $this->stateTokenForbiddenResponse();
+        }
+
+        $this->session->remove(self::stateName);
+
+        try {
+            $sessionId = $this->session->getId();
+        } catch (SessionNotAvailableException $ex) {
+            $response = new Response();
+            $response->setStatus(Http::STATUS_FORBIDDEN);
+            return $response;
+        }
+
+        try {
+            $sessionToken = $this->tokenProvider->getToken($sessionId);
+            $loginName = $sessionToken->getLoginName();
+            try {
+                $password = $this->tokenProvider->getPassword($sessionToken, $sessionId);
+            } catch (PasswordlessTokenException $ex) {
+                $password = null;
+            }
+        } catch (InvalidTokenException $ex) {
+            $response = new Response();
+            $response->setStatus(Http::STATUS_FORBIDDEN);
+            return $response;
+        }
+
+        $clientName = $this->getClientName();
+        $client = false;
+        if($clientIdentifier !== '') {
+            $client = $this->clientMapper->getByIdentifier($clientIdentifier);
+            $clientName = $client->getName();
+        }
+
+        $token = $this->random->generate(72, ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_DIGITS);
+        $uid = $this->userSession->getUser()->getUID();
+        $generatedToken = $this->tokenProvider->generateToken(
+            $token,
+            $uid,
+            $loginName,
+            $password,
+            $clientName,
+            IToken::PERMANENT_TOKEN,
+            IToken::DO_NOT_REMEMBER
+        );
+
+        if($client) {
+            $code = $this->random->generate(128, ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_DIGITS);
+            $accessToken = new AccessToken();
+            $accessToken->setClientId($client->getId());
+            $accessToken->setEncryptedToken($this->crypto->encrypt($token, $code));
+            $accessToken->setHashedCode(hash('sha512', $code));
+            $accessToken->setTokenId($generatedToken->getId());
+            $this->accessTokenMapper->insert($accessToken);
+
+            $redirectUri = sprintf(
+                '%s?state=%s&code=%s',
+                $client->getRedirectUri(),
+                urlencode($this->session->get('oauth.state')),
+                urlencode($code)
+            );
+            $this->session->remove('oauth.state');
+        } else {
+            $redirectUri = 'nc://login/server:' . $this->getServerPath() . '&user:' . urlencode($loginName) . '&password:' . urlencode($token);
+
+            // Clear the token from the login here
+            $this->tokenProvider->invalidateToken($sessionId);
+        }
+
+        $event = new GenericEvent($generatedToken);
+        $this->eventDispatcher->dispatch('app_password_created', $event);
+
+        return new Http\RedirectResponse($redirectUri);
+    }
+
+    /**
+     * @PublicPage
+     */
+    public function apptokenRedirect(string $stateToken, string $user, string $password) {
+        if (!$this->isValidToken($stateToken)) {
+            return $this->stateTokenForbiddenResponse();
+        }
+
+        $redirectUri = 'nc://login/server:' . $this->getServerPath() . '&user:' . urlencode($user) . '&password:' . urlencode($password);
+        return new Http\RedirectResponse($redirectUri);
+    }
+
+    private function getServerPath(): string {
+        $serverPostfix = '';
+
+        if (strpos($this->request->getRequestUri(), '/index.php') !== false) {
+            $serverPostfix = substr($this->request->getRequestUri(), 0, strpos($this->request->getRequestUri(), '/index.php'));
+        } else if (strpos($this->request->getRequestUri(), '/login/flow') !== false) {
+            $serverPostfix = substr($this->request->getRequestUri(), 0, strpos($this->request->getRequestUri(), '/login/flow'));
+        }
+
+        $protocol = $this->request->getServerProtocol();
+
+        if ($protocol !== "https") {
+            $xForwardedProto = $this->request->getHeader('X-Forwarded-Proto');
+            $xForwardedSSL = $this->request->getHeader('X-Forwarded-Ssl');
+            if ($xForwardedProto === 'https' || $xForwardedSSL === 'on') {
+                $protocol = 'https';
+            }
+        }
+
+        return $protocol . "://" . $this->request->getServerHost() . $serverPostfix;
+    }
 }

core/Controller/AppPasswordController.php

Indentation +76 added lines, -76 removed lines

@@ -39,80 +39,80 @@
 
 class AppPasswordController extends \OCP\AppFramework\OCSController {
 
-	/** @var ISession */
-	private $session;
-
-	/** @var ISecureRandom */
-	private $random;
-
-	/** @var IProvider */
-	private $tokenProvider;
-
-	/** @var IStore */
-	private $credentialStore;
-
-	/** @var EventDispatcherInterface */
-	private $eventDispatcher;
-
-	public function __construct(string $appName,
-								IRequest $request,
-								ISession $session,
-								ISecureRandom $random,
-								IProvider $tokenProvider,
-								IStore $credentialStore,
-								EventDispatcherInterface $eventDispatcher) {
-		parent::__construct($appName, $request);
-
-		$this->session = $session;
-		$this->random = $random;
-		$this->tokenProvider = $tokenProvider;
-		$this->credentialStore = $credentialStore;
-		$this->eventDispatcher = $eventDispatcher;
-	}
-
-	/**
-	 * @NoAdminRequired
-	 *
-	 * @return DataResponse
-	 * @throws OCSForbiddenException
-	 */
-	public function getAppPassword(): DataResponse {
-		// We do not allow the creation of new tokens if this is an app password
-		if ($this->session->exists('app_password')) {
-			throw new OCSForbiddenException('You cannot request an new apppassword with an apppassword');
-		}
-
-		try {
-			$credentials = $this->credentialStore->getLoginCredentials();
-		} catch (CredentialsUnavailableException $e) {
-			throw new OCSForbiddenException();
-		}
-
-		try {
-			$password = $credentials->getPassword();
-		} catch (PasswordUnavailableException $e) {
-			$password = null;
-		}
-
-		$userAgent = $this->request->getHeader('USER_AGENT');
-
-		$token = $this->random->generate(72, ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_DIGITS);
-
-		$generatedToken = $this->tokenProvider->generateToken(
-			$token,
-			$credentials->getUID(),
-			$credentials->getLoginName(),
-			$password,
-			$userAgent,
-			IToken::PERMANENT_TOKEN,
-			IToken::DO_NOT_REMEMBER
-		);
-
-		$event = new GenericEvent($generatedToken);
-		$this->eventDispatcher->dispatch('app_password_created', $event);
-
-		return new DataResponse([
-			'apppassword' => $token
-		]);
-	}
+    /** @var ISession */
+    private $session;
+
+    /** @var ISecureRandom */
+    private $random;
+
+    /** @var IProvider */
+    private $tokenProvider;
+
+    /** @var IStore */
+    private $credentialStore;
+
+    /** @var EventDispatcherInterface */
+    private $eventDispatcher;
+
+    public function __construct(string $appName,
+                                IRequest $request,
+                                ISession $session,
+                                ISecureRandom $random,
+                                IProvider $tokenProvider,
+                                IStore $credentialStore,
+                                EventDispatcherInterface $eventDispatcher) {
+        parent::__construct($appName, $request);
+
+        $this->session = $session;
+        $this->random = $random;
+        $this->tokenProvider = $tokenProvider;
+        $this->credentialStore = $credentialStore;
+        $this->eventDispatcher = $eventDispatcher;
+    }
+
+    /**
+     * @NoAdminRequired
+     *
+     * @return DataResponse
+     * @throws OCSForbiddenException
+     */
+    public function getAppPassword(): DataResponse {
+        // We do not allow the creation of new tokens if this is an app password
+        if ($this->session->exists('app_password')) {
+            throw new OCSForbiddenException('You cannot request an new apppassword with an apppassword');
+        }
+
+        try {
+            $credentials = $this->credentialStore->getLoginCredentials();
+        } catch (CredentialsUnavailableException $e) {
+            throw new OCSForbiddenException();
+        }
+
+        try {
+            $password = $credentials->getPassword();
+        } catch (PasswordUnavailableException $e) {
+            $password = null;
+        }
+
+        $userAgent = $this->request->getHeader('USER_AGENT');
+
+        $token = $this->random->generate(72, ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_DIGITS);
+
+        $generatedToken = $this->tokenProvider->generateToken(
+            $token,
+            $credentials->getUID(),
+            $credentials->getLoginName(),
+            $password,
+            $userAgent,
+            IToken::PERMANENT_TOKEN,
+            IToken::DO_NOT_REMEMBER
+        );
+
+        $event = new GenericEvent($generatedToken);
+        $this->eventDispatcher->dispatch('app_password_created', $event);
+
+        return new DataResponse([
+            'apppassword' => $token
+        ]);
+    }
 }

settings/Application.php

Indentation +143 added lines, -143 removed lines

@@ -56,147 +56,147 @@
 class Application extends App {
 
 
-	/**
-	 * @param array $urlParams
-	 */
-	public function __construct(array $urlParams=[]){
-		parent::__construct('settings', $urlParams);
-
-		$container = $this->getContainer();
-
-		// Register Middleware
-		$container->registerAlias('SubadminMiddleware', SubadminMiddleware::class);
-		$container->registerMiddleWare('SubadminMiddleware');
-
-		/**
-		 * Core class wrappers
-		 */
-		/** FIXME: Remove once OC_User is non-static and mockable */
-		$container->registerService('isAdmin', function() {
-			return \OC_User::isAdminUser(\OC_User::getUser());
-		});
-		/** FIXME: Remove once OC_SubAdmin is non-static and mockable */
-		$container->registerService('isSubAdmin', function(IContainer $c) {
-			$userObject = \OC::$server->getUserSession()->getUser();
-			$isSubAdmin = false;
-			if($userObject !== null) {
-				$isSubAdmin = \OC::$server->getGroupManager()->getSubAdmin()->isSubAdmin($userObject);
-			}
-			return $isSubAdmin;
-		});
-		$container->registerService('userCertificateManager', function(IContainer $c) {
-			return $c->query('ServerContainer')->getCertificateManager();
-		}, false);
-		$container->registerService('systemCertificateManager', function (IContainer $c) {
-			return $c->query('ServerContainer')->getCertificateManager(null);
-		}, false);
-		$container->registerService(IProvider::class, function (IContainer $c) {
-			return $c->query('ServerContainer')->query(IProvider::class);
-		});
-		$container->registerService(IManager::class, function (IContainer $c) {
-			return $c->query('ServerContainer')->getSettingsManager();
-		});
-
-		$container->registerService(NewUserMailHelper::class, function (IContainer $c) {
-			/** @var Server $server */
-			$server = $c->query('ServerContainer');
-			/** @var Defaults $defaults */
-			$defaults = $server->query(Defaults::class);
-
-			return new NewUserMailHelper(
-				$defaults,
-				$server->getURLGenerator(),
-				$server->getL10NFactory(),
-				$server->getMailer(),
-				$server->getSecureRandom(),
-				new TimeFactory(),
-				$server->getConfig(),
-				$server->getCrypto(),
-				Util::getDefaultEmailAddress('no-reply')
-			);
-		});
-
-		/** @var EventDispatcherInterface $eventDispatcher */
-		$eventDispatcher = $container->getServer()->getEventDispatcher();
-		$eventDispatcher->addListener('app_password_created', function (GenericEvent $event) use ($container) {
-			if (($token = $event->getSubject()) instanceof IToken) {
-				/** @var IActivityManager $activityManager */
-				$activityManager = $container->query(IActivityManager::class);
-				/** @var ILogger $logger */
-				$logger = $container->query(ILogger::class);
-
-				$activity = $activityManager->generateEvent();
-				$activity->setApp('settings')
-					->setType('security')
-					->setAffectedUser($token->getUID())
-					->setAuthor($token->getUID())
-					->setSubject(Provider::APP_TOKEN_CREATED, ['name' => $token->getName()])
-					->setObject('app_token', $token->getId());
-
-				try {
-					$activityManager->publish($activity);
-				} catch (BadMethodCallException $e) {
-					$logger->logException($e, ['message' => 'could not publish activity', 'level' => ILogger::WARN]);
-				}
-			}
-		});
-	}
-
-	public function register() {
-		$activityManager = $this->getContainer()->getServer()->getActivityManager();
-		$activityManager->registerSetting(Setting::class); // FIXME move to info.xml
-		$activityManager->registerProvider(Provider::class); // FIXME move to info.xml
-		$activityManager->registerFilter(SecurityFilter::class); // FIXME move to info.xml
-		$activityManager->registerSetting(SecuritySetting::class); // FIXME move to info.xml
-		$activityManager->registerProvider(SecurityProvider::class); // FIXME move to info.xml
-
-		Util::connectHook('OC_User', 'post_setPassword', $this, 'onChangePassword');
-		Util::connectHook('OC_User', 'changeUser', $this, 'onChangeInfo');
-
-		Util::connectHook('\OCP\Config', 'js', $this, 'extendJsConfig');
-	}
-
-	/**
-	 * @param array $parameters
-	 * @throws \InvalidArgumentException
-	 * @throws \BadMethodCallException
-	 * @throws \Exception
-	 * @throws \OCP\AppFramework\QueryException
-	 */
-	public function onChangePassword(array $parameters) {
-		/** @var Hooks $hooks */
-		$hooks = $this->getContainer()->query(Hooks::class);
-		$hooks->onChangePassword($parameters['uid']);
-	}
-
-	/**
-	 * @param array $parameters
-	 * @throws \InvalidArgumentException
-	 * @throws \BadMethodCallException
-	 * @throws \Exception
-	 * @throws \OCP\AppFramework\QueryException
-	 */
-	public function onChangeInfo(array $parameters) {
-		if ($parameters['feature'] !== 'eMailAddress') {
-			return;
-		}
-
-		/** @var Hooks $hooks */
-		$hooks = $this->getContainer()->query(Hooks::class);
-		$hooks->onChangeEmail($parameters['user'], $parameters['old_value']);
-	}
-
-	/**
-	 * @param array $settings
-	 */
-	public function extendJsConfig(array $settings) {
-		$appConfig = json_decode($settings['array']['oc_appconfig'], true);
-
-		$publicWebFinger = \OC::$server->getConfig()->getAppValue('core', 'public_webfinger', '');
-		if (!empty($publicWebFinger)) {
-			$appConfig['core']['public_webfinger'] = $publicWebFinger;
-		}
-
-		$settings['array']['oc_appconfig'] = json_encode($appConfig);
-	}
+    /**
+     * @param array $urlParams
+     */
+    public function __construct(array $urlParams=[]){
+        parent::__construct('settings', $urlParams);
+
+        $container = $this->getContainer();
+
+        // Register Middleware
+        $container->registerAlias('SubadminMiddleware', SubadminMiddleware::class);
+        $container->registerMiddleWare('SubadminMiddleware');
+
+        /**
+         * Core class wrappers
+         */
+        /** FIXME: Remove once OC_User is non-static and mockable */
+        $container->registerService('isAdmin', function() {
+            return \OC_User::isAdminUser(\OC_User::getUser());
+        });
+        /** FIXME: Remove once OC_SubAdmin is non-static and mockable */
+        $container->registerService('isSubAdmin', function(IContainer $c) {
+            $userObject = \OC::$server->getUserSession()->getUser();
+            $isSubAdmin = false;
+            if($userObject !== null) {
+                $isSubAdmin = \OC::$server->getGroupManager()->getSubAdmin()->isSubAdmin($userObject);
+            }
+            return $isSubAdmin;
+        });
+        $container->registerService('userCertificateManager', function(IContainer $c) {
+            return $c->query('ServerContainer')->getCertificateManager();
+        }, false);
+        $container->registerService('systemCertificateManager', function (IContainer $c) {
+            return $c->query('ServerContainer')->getCertificateManager(null);
+        }, false);
+        $container->registerService(IProvider::class, function (IContainer $c) {
+            return $c->query('ServerContainer')->query(IProvider::class);
+        });
+        $container->registerService(IManager::class, function (IContainer $c) {
+            return $c->query('ServerContainer')->getSettingsManager();
+        });
+
+        $container->registerService(NewUserMailHelper::class, function (IContainer $c) {
+            /** @var Server $server */
+            $server = $c->query('ServerContainer');
+            /** @var Defaults $defaults */
+            $defaults = $server->query(Defaults::class);
+
+            return new NewUserMailHelper(
+                $defaults,
+                $server->getURLGenerator(),
+                $server->getL10NFactory(),
+                $server->getMailer(),
+                $server->getSecureRandom(),
+                new TimeFactory(),
+                $server->getConfig(),
+                $server->getCrypto(),
+                Util::getDefaultEmailAddress('no-reply')
+            );
+        });
+
+        /** @var EventDispatcherInterface $eventDispatcher */
+        $eventDispatcher = $container->getServer()->getEventDispatcher();
+        $eventDispatcher->addListener('app_password_created', function (GenericEvent $event) use ($container) {
+            if (($token = $event->getSubject()) instanceof IToken) {
+                /** @var IActivityManager $activityManager */
+                $activityManager = $container->query(IActivityManager::class);
+                /** @var ILogger $logger */
+                $logger = $container->query(ILogger::class);
+
+                $activity = $activityManager->generateEvent();
+                $activity->setApp('settings')
+                    ->setType('security')
+                    ->setAffectedUser($token->getUID())
+                    ->setAuthor($token->getUID())
+                    ->setSubject(Provider::APP_TOKEN_CREATED, ['name' => $token->getName()])
+                    ->setObject('app_token', $token->getId());
+
+                try {
+                    $activityManager->publish($activity);
+                } catch (BadMethodCallException $e) {
+                    $logger->logException($e, ['message' => 'could not publish activity', 'level' => ILogger::WARN]);
+                }
+            }
+        });
+    }
+
+    public function register() {
+        $activityManager = $this->getContainer()->getServer()->getActivityManager();
+        $activityManager->registerSetting(Setting::class); // FIXME move to info.xml
+        $activityManager->registerProvider(Provider::class); // FIXME move to info.xml
+        $activityManager->registerFilter(SecurityFilter::class); // FIXME move to info.xml
+        $activityManager->registerSetting(SecuritySetting::class); // FIXME move to info.xml
+        $activityManager->registerProvider(SecurityProvider::class); // FIXME move to info.xml
+
+        Util::connectHook('OC_User', 'post_setPassword', $this, 'onChangePassword');
+        Util::connectHook('OC_User', 'changeUser', $this, 'onChangeInfo');
+
+        Util::connectHook('\OCP\Config', 'js', $this, 'extendJsConfig');
+    }
+
+    /**
+     * @param array $parameters
+     * @throws \InvalidArgumentException
+     * @throws \BadMethodCallException
+     * @throws \Exception
+     * @throws \OCP\AppFramework\QueryException
+     */
+    public function onChangePassword(array $parameters) {
+        /** @var Hooks $hooks */
+        $hooks = $this->getContainer()->query(Hooks::class);
+        $hooks->onChangePassword($parameters['uid']);
+    }
+
+    /**
+     * @param array $parameters
+     * @throws \InvalidArgumentException
+     * @throws \BadMethodCallException
+     * @throws \Exception
+     * @throws \OCP\AppFramework\QueryException
+     */
+    public function onChangeInfo(array $parameters) {
+        if ($parameters['feature'] !== 'eMailAddress') {
+            return;
+        }
+
+        /** @var Hooks $hooks */
+        $hooks = $this->getContainer()->query(Hooks::class);
+        $hooks->onChangeEmail($parameters['user'], $parameters['old_value']);
+    }
+
+    /**
+     * @param array $settings
+     */
+    public function extendJsConfig(array $settings) {
+        $appConfig = json_decode($settings['array']['oc_appconfig'], true);
+
+        $publicWebFinger = \OC::$server->getConfig()->getAppValue('core', 'public_webfinger', '');
+        if (!empty($publicWebFinger)) {
+            $appConfig['core']['public_webfinger'] = $publicWebFinger;
+        }
+
+        $settings['array']['oc_appconfig'] = json_encode($appConfig);
+    }
 }

Spacing +7 added lines, -7 removed lines

@@ -59,7 +59,7 @@ 
 	/**
 	 * @param array $urlParams
 	 */
-	public function __construct(array $urlParams=[]){
+	public function __construct(array $urlParams = []) {
 		parent::__construct('settings', $urlParams);
 
 		$container = $this->getContainer();
@@ -79,7 +79,7 @@ 
 		$container->registerService('isSubAdmin', function(IContainer $c) {
 			$userObject = \OC::$server->getUserSession()->getUser();
 			$isSubAdmin = false;
-			if($userObject !== null) {
+			if ($userObject !== null) {
 				$isSubAdmin = \OC::$server->getGroupManager()->getSubAdmin()->isSubAdmin($userObject);
 			}
 			return $isSubAdmin;
@@ -87,17 +87,17 @@ 
 		$container->registerService('userCertificateManager', function(IContainer $c) {
 			return $c->query('ServerContainer')->getCertificateManager();
 		}, false);
-		$container->registerService('systemCertificateManager', function (IContainer $c) {
+		$container->registerService('systemCertificateManager', function(IContainer $c) {
 			return $c->query('ServerContainer')->getCertificateManager(null);
 		}, false);
-		$container->registerService(IProvider::class, function (IContainer $c) {
+		$container->registerService(IProvider::class, function(IContainer $c) {
 			return $c->query('ServerContainer')->query(IProvider::class);
 		});
-		$container->registerService(IManager::class, function (IContainer $c) {
+		$container->registerService(IManager::class, function(IContainer $c) {
 			return $c->query('ServerContainer')->getSettingsManager();
 		});
 
-		$container->registerService(NewUserMailHelper::class, function (IContainer $c) {
+		$container->registerService(NewUserMailHelper::class, function(IContainer $c) {
 			/** @var Server $server */
 			$server = $c->query('ServerContainer');
 			/** @var Defaults $defaults */
@@ -118,7 +118,7 @@ 
 
 		/** @var EventDispatcherInterface $eventDispatcher */
 		$eventDispatcher = $container->getServer()->getEventDispatcher();
-		$eventDispatcher->addListener('app_password_created', function (GenericEvent $event) use ($container) {
+		$eventDispatcher->addListener('app_password_created', function(GenericEvent $event) use ($container) {
 			if (($token = $event->getSubject()) instanceof IToken) {
 				/** @var IActivityManager $activityManager */
 				$activityManager = $container->query(IActivityManager::class);