Inspection of "Add new auth flow basics" - nextcloud/server - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#4479)

by Jan-Christoph

created 2017-04-25 13:47 UTC

Status

Indentation +67 added lines, -67 removed lines patch added patch discarded remove patch

@@ -35,38 +35,38 @@  discard block
 block discarded – undo
 
 $application = new Application();
 $application->registerRoutes($this, [
-	'routes' => [
-		['name' => 'lost#email', 'url' => '/lostpassword/email', 'verb' => 'POST'],
-		['name' => 'lost#resetform', 'url' => '/lostpassword/reset/form/{token}/{userId}', 'verb' => 'GET'],
-		['name' => 'lost#setPassword', 'url' => '/lostpassword/set/{token}/{userId}', 'verb' => 'POST'],
-		['name' => 'user#getDisplayNames', 'url' => '/displaynames', 'verb' => 'POST'],
-		['name' => 'avatar#getAvatar', 'url' => '/avatar/{userId}/{size}', 'verb' => 'GET'],
-		['name' => 'avatar#deleteAvatar', 'url' => '/avatar/', 'verb' => 'DELETE'],
-		['name' => 'avatar#postCroppedAvatar', 'url' => '/avatar/cropped', 'verb' => 'POST'],
-		['name' => 'avatar#getTmpAvatar', 'url' => '/avatar/tmp', 'verb' => 'GET'],
-		['name' => 'avatar#postAvatar', 'url' => '/avatar/', 'verb' => 'POST'],
-		['name' => 'login#tryLogin', 'url' => '/login', 'verb' => 'POST'],
-		['name' => 'login#confirmPassword', 'url' => '/login/confirm', 'verb' => 'POST'],
-		['name' => 'login#showLoginForm', 'url' => '/login', 'verb' => 'GET'],
-		['name' => 'login#logout', 'url' => '/logout', 'verb' => 'GET'],
-		['name' => 'ClientFlowLogin#showAuthPickerPage', 'url' => '/login/flow', 'verb' => 'GET'],
-		['name' => 'ClientFlowLogin#redirectPage', 'url' => '/login/flow/redirect', 'verb' => 'GET'],
-		['name' => 'ClientFlowLogin#generateAppPassword', 'url' => '/login/flow', 'verb' => 'POST'],
-		['name' => 'TwoFactorChallenge#selectChallenge', 'url' => '/login/selectchallenge', 'verb' => 'GET'],
-		['name' => 'TwoFactorChallenge#showChallenge', 'url' => '/login/challenge/{challengeProviderId}', 'verb' => 'GET'],
-		['name' => 'TwoFactorChallenge#solveChallenge', 'url' => '/login/challenge/{challengeProviderId}', 'verb' => 'POST'],
-		['name' => 'OCJS#getConfig', 'url' => '/core/js/oc.js', 'verb' => 'GET'],
-		['name' => 'Preview#getPreview', 'url' => '/core/preview', 'verb' => 'GET'],
-		['name' => 'Preview#getPreview', 'url' => '/core/preview.png', 'verb' => 'GET'],
-		['name' => 'Css#getCss', 'url' => '/css/{appName}/{fileName}', 'verb' => 'GET'],
-		['name' => 'Js#getJs', 'url' => '/js/{appName}/{fileName}', 'verb' => 'GET'],
-	],
-	'ocs' => [
-		['root' => '/cloud', 'name' => 'OCS#getCapabilities', 'url' => '/capabilities', 'verb' => 'GET'],
-		['root' => '', 'name' => 'OCS#getConfig', 'url' => '/config', 'verb' => 'GET'],
-		['root' => '/person', 'name' => 'OCS#personCheck', 'url' => '/check', 'verb' => 'POST'],
-		['root' => '/identityproof', 'name' => 'OCS#getIdentityProof', 'url' => '/key/{cloudId}', 'verb' => 'GET'],
-	],
+    'routes' => [
+        ['name' => 'lost#email', 'url' => '/lostpassword/email', 'verb' => 'POST'],
+        ['name' => 'lost#resetform', 'url' => '/lostpassword/reset/form/{token}/{userId}', 'verb' => 'GET'],
+        ['name' => 'lost#setPassword', 'url' => '/lostpassword/set/{token}/{userId}', 'verb' => 'POST'],
+        ['name' => 'user#getDisplayNames', 'url' => '/displaynames', 'verb' => 'POST'],
+        ['name' => 'avatar#getAvatar', 'url' => '/avatar/{userId}/{size}', 'verb' => 'GET'],
+        ['name' => 'avatar#deleteAvatar', 'url' => '/avatar/', 'verb' => 'DELETE'],
+        ['name' => 'avatar#postCroppedAvatar', 'url' => '/avatar/cropped', 'verb' => 'POST'],
+        ['name' => 'avatar#getTmpAvatar', 'url' => '/avatar/tmp', 'verb' => 'GET'],
+        ['name' => 'avatar#postAvatar', 'url' => '/avatar/', 'verb' => 'POST'],
+        ['name' => 'login#tryLogin', 'url' => '/login', 'verb' => 'POST'],
+        ['name' => 'login#confirmPassword', 'url' => '/login/confirm', 'verb' => 'POST'],
+        ['name' => 'login#showLoginForm', 'url' => '/login', 'verb' => 'GET'],
+        ['name' => 'login#logout', 'url' => '/logout', 'verb' => 'GET'],
+        ['name' => 'ClientFlowLogin#showAuthPickerPage', 'url' => '/login/flow', 'verb' => 'GET'],
+        ['name' => 'ClientFlowLogin#redirectPage', 'url' => '/login/flow/redirect', 'verb' => 'GET'],
+        ['name' => 'ClientFlowLogin#generateAppPassword', 'url' => '/login/flow', 'verb' => 'POST'],
+        ['name' => 'TwoFactorChallenge#selectChallenge', 'url' => '/login/selectchallenge', 'verb' => 'GET'],
+        ['name' => 'TwoFactorChallenge#showChallenge', 'url' => '/login/challenge/{challengeProviderId}', 'verb' => 'GET'],
+        ['name' => 'TwoFactorChallenge#solveChallenge', 'url' => '/login/challenge/{challengeProviderId}', 'verb' => 'POST'],
+        ['name' => 'OCJS#getConfig', 'url' => '/core/js/oc.js', 'verb' => 'GET'],
+        ['name' => 'Preview#getPreview', 'url' => '/core/preview', 'verb' => 'GET'],
+        ['name' => 'Preview#getPreview', 'url' => '/core/preview.png', 'verb' => 'GET'],
+        ['name' => 'Css#getCss', 'url' => '/css/{appName}/{fileName}', 'verb' => 'GET'],
+        ['name' => 'Js#getJs', 'url' => '/js/{appName}/{fileName}', 'verb' => 'GET'],
+    ],
+    'ocs' => [
+        ['root' => '/cloud', 'name' => 'OCS#getCapabilities', 'url' => '/capabilities', 'verb' => 'GET'],
+        ['root' => '', 'name' => 'OCS#getConfig', 'url' => '/config', 'verb' => 'GET'],
+        ['root' => '/person', 'name' => 'OCS#personCheck', 'url' => '/check', 'verb' => 'POST'],
+        ['root' => '/identityproof', 'name' => 'OCS#getIdentityProof', 'url' => '/key/{cloudId}', 'verb' => 'GET'],
+    ],
 ]);
 
 // Post installation check
@@ -75,62 +75,62 @@  discard block
 block discarded – undo
 // Core ajax actions
 // Search
 $this->create('search_ajax_search', '/core/search')
-	->actionInclude('core/search/ajax/search.php');
+    ->actionInclude('core/search/ajax/search.php');
 // Routing
 $this->create('core_ajax_update', '/core/ajax/update.php')
-	->actionInclude('core/ajax/update.php');
+    ->actionInclude('core/ajax/update.php');
 
 // File routes
 $this->create('files.viewcontroller.showFile', '/f/{fileid}')->action(function($urlParams) {
-	$app = new \OCA\Files\AppInfo\Application($urlParams);
-	$app->dispatch('ViewController', 'index');
+    $app = new \OCA\Files\AppInfo\Application($urlParams);
+    $app->dispatch('ViewController', 'index');
 });
 
 // Call routes
 $this->create('spreed.pagecontroller.showCall', '/call/{token}')->action(function($urlParams) {
-	if (class_exists(\OCA\Spreed\AppInfo\Application::class, false)) {
-		$app = new \OCA\Spreed\AppInfo\Application($urlParams);
-		$app->dispatch('PageController', 'index');
-	} else {
-		throw new \OC\HintException('App spreed is not enabled');
-	}
+    if (class_exists(\OCA\Spreed\AppInfo\Application::class, false)) {
+        $app = new \OCA\Spreed\AppInfo\Application($urlParams);
+        $app->dispatch('PageController', 'index');
+    } else {
+        throw new \OC\HintException('App spreed is not enabled');
+    }
 });
 
 // Sharing routes
 $this->create('files_sharing.sharecontroller.showShare', '/s/{token}')->action(function($urlParams) {
-	if (class_exists(\OCA\Files_Sharing\AppInfo\Application::class, false)) {
-		$app = new \OCA\Files_Sharing\AppInfo\Application($urlParams);
-		$app->dispatch('ShareController', 'showShare');
-	} else {
-		throw new \OC\HintException('App file sharing is not enabled');
-	}
+    if (class_exists(\OCA\Files_Sharing\AppInfo\Application::class, false)) {
+        $app = new \OCA\Files_Sharing\AppInfo\Application($urlParams);
+        $app->dispatch('ShareController', 'showShare');
+    } else {
+        throw new \OC\HintException('App file sharing is not enabled');
+    }
 });
 $this->create('files_sharing.sharecontroller.authenticate', '/s/{token}/authenticate')->post()->action(function($urlParams) {
-	if (class_exists(\OCA\Files_Sharing\AppInfo\Application::class, false)) {
-		$app = new \OCA\Files_Sharing\AppInfo\Application($urlParams);
-		$app->dispatch('ShareController', 'authenticate');
-	} else {
-		throw new \OC\HintException('App file sharing is not enabled');
-	}
+    if (class_exists(\OCA\Files_Sharing\AppInfo\Application::class, false)) {
+        $app = new \OCA\Files_Sharing\AppInfo\Application($urlParams);
+        $app->dispatch('ShareController', 'authenticate');
+    } else {
+        throw new \OC\HintException('App file sharing is not enabled');
+    }
 });
 $this->create('files_sharing.sharecontroller.showAuthenticate', '/s/{token}/authenticate')->get()->action(function($urlParams) {
-	if (class_exists(\OCA\Files_Sharing\AppInfo\Application::class, false)) {
-		$app = new \OCA\Files_Sharing\AppInfo\Application($urlParams);
-		$app->dispatch('ShareController', 'showAuthenticate');
-	} else {
-		throw new \OC\HintException('App file sharing is not enabled');
-	}
+    if (class_exists(\OCA\Files_Sharing\AppInfo\Application::class, false)) {
+        $app = new \OCA\Files_Sharing\AppInfo\Application($urlParams);
+        $app->dispatch('ShareController', 'showAuthenticate');
+    } else {
+        throw new \OC\HintException('App file sharing is not enabled');
+    }
 });
 $this->create('files_sharing.sharecontroller.downloadShare', '/s/{token}/download')->get()->action(function($urlParams) {
-	if (class_exists(\OCA\Files_Sharing\AppInfo\Application::class, false)) {
-		$app = new \OCA\Files_Sharing\AppInfo\Application($urlParams);
-		$app->dispatch('ShareController', 'downloadShare');
-	} else {
-		throw new \OC\HintException('App file sharing is not enabled');
-	}
+    if (class_exists(\OCA\Files_Sharing\AppInfo\Application::class, false)) {
+        $app = new \OCA\Files_Sharing\AppInfo\Application($urlParams);
+        $app->dispatch('ShareController', 'downloadShare');
+    } else {
+        throw new \OC\HintException('App file sharing is not enabled');
+    }
 });
 
 // used for heartbeat
 $this->create('heartbeat', '/heartbeat')->action(function(){
-	// do nothing
+    // do nothing
 });

Please login to merge, or discard this patch.

core/Controller/ClientFlowLoginController.php 2 patches

Indentation +195 added lines, -195 removed lines patch added patch discarded remove patch

@@ -39,200 +39,200 @@
 block discarded – undo
 use OCP\Session\Exceptions\SessionNotAvailableException;
 
 class ClientFlowLoginController extends Controller {
-	/** @var IUserSession */
-	private $userSession;
-	/** @var IL10N */
-	private $l10n;
-	/** @var Defaults */
-	private $defaults;
-	/** @var ISession */
-	private $session;
-	/** @var IProvider */
-	private $tokenProvider;
-	/** @var ISecureRandom */
-	private $random;
-	/** @var IURLGenerator */
-	private $urlGenerator;
-
-	const stateName = 'client.flow.state.token';
-
-	/**
-	 * @param string $appName
-	 * @param IRequest $request
-	 * @param IUserSession $userSession
-	 * @param IL10N $l10n
-	 * @param Defaults $defaults
-	 * @param ISession $session
-	 * @param IProvider $tokenProvider
-	 * @param ISecureRandom $random
-	 * @param IURLGenerator $urlGenerator
-	 */
-	public function __construct($appName,
-								IRequest $request,
-								IUserSession $userSession,
-								IL10N $l10n,
-								Defaults $defaults,
-								ISession $session,
-								IProvider $tokenProvider,
-								ISecureRandom $random,
-								IURLGenerator $urlGenerator) {
-		parent::__construct($appName, $request);
-		$this->userSession = $userSession;
-		$this->l10n = $l10n;
-		$this->defaults = $defaults;
-		$this->session = $session;
-		$this->tokenProvider = $tokenProvider;
-		$this->random = $random;
-		$this->urlGenerator = $urlGenerator;
-	}
-
-	/**
-	 * @return string
-	 */
-	private function getClientName() {
-		return $this->request->getHeader('USER_AGENT') !== null ? $this->request->getHeader('USER_AGENT') : 'unknown';
-	}
-
-	/**
-	 * @param string $stateToken
-	 * @return bool
-	 */
-	private function isValidToken($stateToken) {
-		$currentToken = $this->session->get(self::stateName);
-		if(!is_string($stateToken) || !is_string($currentToken)) {
-			return false;
-		}
-		return hash_equals($currentToken, $stateToken);
-	}
-
-	/**
-	 * @return TemplateResponse
-	 */
-	private function stateTokenForbiddenResponse() {
-		$response = new TemplateResponse(
-			$this->appName,
-			'403',
-			[
-				'file' => $this->l10n->t('State token does not match'),
-			],
-			'guest'
-		);
-		$response->setStatus(Http::STATUS_FORBIDDEN);
-		return $response;
-	}
-
-	/**
-	 * @PublicPage
-	 * @NoCSRFRequired
-	 * @UseSession
-	 *
-	 * @return TemplateResponse
-	 */
-	public function showAuthPickerPage() {
-		if($this->userSession->isLoggedIn()) {
-			return new TemplateResponse(
-				$this->appName,
-				'403',
-				[
-					'file' => $this->l10n->t('Auth flow can only be started unauthenticated.'),
-				],
-				'guest'
-			);
-		}
-
-		$stateToken = $this->random->generate(
-			64,
-			ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_DIGITS
-		);
-		$this->session->set(self::stateName, $stateToken);
-
-		return new TemplateResponse(
-			$this->appName,
-			'loginflow/authpicker',
-			[
-				'client' => $this->getClientName(),
-				'instanceName' => $this->defaults->getName(),
-				'urlGenerator' => $this->urlGenerator,
-				'stateToken' => $stateToken,
-				'serverHost' => $this->request->getServerHost(),
-			],
-			'guest'
-		);
-	}
-
-	/**
-	 * @NoAdminRequired
-	 * @NoCSRFRequired
-	 * @UseSession
-	 *
-	 * @param string $stateToken
-	 * @return TemplateResponse
-	 */
-	public function redirectPage($stateToken = '') {
-		if(!$this->isValidToken($stateToken)) {
-			return $this->stateTokenForbiddenResponse();
-		}
-
-		return new TemplateResponse(
-			$this->appName,
-			'loginflow/redirect',
-			[
-				'urlGenerator' => $this->urlGenerator,
-				'stateToken' => $stateToken,
-			],
-			'empty'
-		);
-	}
-
-	/**
-	 * @NoAdminRequired
-	 * @UseSession
-	 *
-	 * @param string $stateToken
-	 * @return Http\RedirectResponse|Response
-	 */
-	public function generateAppPassword($stateToken) {
-		if(!$this->isValidToken($stateToken)) {
-			$this->session->remove(self::stateName);
-			return $this->stateTokenForbiddenResponse();
-		}
-
-		$this->session->remove(self::stateName);
-
-		try {
-			$sessionId = $this->session->getId();
-		} catch (SessionNotAvailableException $ex) {
-			$response = new Response();
-			$response->setStatus(Http::STATUS_FORBIDDEN);
-			return $response;
-		}
-
-		try {
-			$sessionToken = $this->tokenProvider->getToken($sessionId);
-			$loginName = $sessionToken->getLoginName();
-			try {
-				$password = $this->tokenProvider->getPassword($sessionToken, $sessionId);
-			} catch (PasswordlessTokenException $ex) {
-				$password = null;
-			}
-		} catch (InvalidTokenException $ex) {
-			$response = new Response();
-			$response->setStatus(Http::STATUS_FORBIDDEN);
-			return $response;
-		}
-
-		$token = $this->random->generate(72);
-		$this->tokenProvider->generateToken(
-			$token,
-			$this->userSession->getUser()->getUID(),
-			$loginName,
-			$password,
-			$this->getClientName(),
-			IToken::PERMANENT_TOKEN,
-			IToken::DO_NOT_REMEMBER
-		);
-
-		return new Http\RedirectResponse('nc://' . urlencode($loginName) . ':' . urlencode($token) . '@' . $this->request->getServerHost());
-	}
+    /** @var IUserSession */
+    private $userSession;
+    /** @var IL10N */
+    private $l10n;
+    /** @var Defaults */
+    private $defaults;
+    /** @var ISession */
+    private $session;
+    /** @var IProvider */
+    private $tokenProvider;
+    /** @var ISecureRandom */
+    private $random;
+    /** @var IURLGenerator */
+    private $urlGenerator;
+
+    const stateName = 'client.flow.state.token';
+
+    /**
+     * @param string $appName
+     * @param IRequest $request
+     * @param IUserSession $userSession
+     * @param IL10N $l10n
+     * @param Defaults $defaults
+     * @param ISession $session
+     * @param IProvider $tokenProvider
+     * @param ISecureRandom $random
+     * @param IURLGenerator $urlGenerator
+     */
+    public function __construct($appName,
+                                IRequest $request,
+                                IUserSession $userSession,
+                                IL10N $l10n,
+                                Defaults $defaults,
+                                ISession $session,
+                                IProvider $tokenProvider,
+                                ISecureRandom $random,
+                                IURLGenerator $urlGenerator) {
+        parent::__construct($appName, $request);
+        $this->userSession = $userSession;
+        $this->l10n = $l10n;
+        $this->defaults = $defaults;
+        $this->session = $session;
+        $this->tokenProvider = $tokenProvider;
+        $this->random = $random;
+        $this->urlGenerator = $urlGenerator;
+    }
+
+    /**
+     * @return string
+     */
+    private function getClientName() {
+        return $this->request->getHeader('USER_AGENT') !== null ? $this->request->getHeader('USER_AGENT') : 'unknown';
+    }
+
+    /**
+     * @param string $stateToken
+     * @return bool
+     */
+    private function isValidToken($stateToken) {
+        $currentToken = $this->session->get(self::stateName);
+        if(!is_string($stateToken) || !is_string($currentToken)) {
+            return false;
+        }
+        return hash_equals($currentToken, $stateToken);
+    }
+
+    /**
+     * @return TemplateResponse
+     */
+    private function stateTokenForbiddenResponse() {
+        $response = new TemplateResponse(
+            $this->appName,
+            '403',
+            [
+                'file' => $this->l10n->t('State token does not match'),
+            ],
+            'guest'
+        );
+        $response->setStatus(Http::STATUS_FORBIDDEN);
+        return $response;
+    }
+
+    /**
+     * @PublicPage
+     * @NoCSRFRequired
+     * @UseSession
+     *
+     * @return TemplateResponse
+     */
+    public function showAuthPickerPage() {
+        if($this->userSession->isLoggedIn()) {
+            return new TemplateResponse(
+                $this->appName,
+                '403',
+                [
+                    'file' => $this->l10n->t('Auth flow can only be started unauthenticated.'),
+                ],
+                'guest'
+            );
+        }
+
+        $stateToken = $this->random->generate(
+            64,
+            ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_DIGITS
+        );
+        $this->session->set(self::stateName, $stateToken);
+
+        return new TemplateResponse(
+            $this->appName,
+            'loginflow/authpicker',
+            [
+                'client' => $this->getClientName(),
+                'instanceName' => $this->defaults->getName(),
+                'urlGenerator' => $this->urlGenerator,
+                'stateToken' => $stateToken,
+                'serverHost' => $this->request->getServerHost(),
+            ],
+            'guest'
+        );
+    }
+
+    /**
+     * @NoAdminRequired
+     * @NoCSRFRequired
+     * @UseSession
+     *
+     * @param string $stateToken
+     * @return TemplateResponse
+     */
+    public function redirectPage($stateToken = '') {
+        if(!$this->isValidToken($stateToken)) {
+            return $this->stateTokenForbiddenResponse();
+        }
+
+        return new TemplateResponse(
+            $this->appName,
+            'loginflow/redirect',
+            [
+                'urlGenerator' => $this->urlGenerator,
+                'stateToken' => $stateToken,
+            ],
+            'empty'
+        );
+    }
+
+    /**
+     * @NoAdminRequired
+     * @UseSession
+     *
+     * @param string $stateToken
+     * @return Http\RedirectResponse|Response
+     */
+    public function generateAppPassword($stateToken) {
+        if(!$this->isValidToken($stateToken)) {
+            $this->session->remove(self::stateName);
+            return $this->stateTokenForbiddenResponse();
+        }
+
+        $this->session->remove(self::stateName);
+
+        try {
+            $sessionId = $this->session->getId();
+        } catch (SessionNotAvailableException $ex) {
+            $response = new Response();
+            $response->setStatus(Http::STATUS_FORBIDDEN);
+            return $response;
+        }
+
+        try {
+            $sessionToken = $this->tokenProvider->getToken($sessionId);
+            $loginName = $sessionToken->getLoginName();
+            try {
+                $password = $this->tokenProvider->getPassword($sessionToken, $sessionId);
+            } catch (PasswordlessTokenException $ex) {
+                $password = null;
+            }
+        } catch (InvalidTokenException $ex) {
+            $response = new Response();
+            $response->setStatus(Http::STATUS_FORBIDDEN);
+            return $response;
+        }
+
+        $token = $this->random->generate(72);
+        $this->tokenProvider->generateToken(
+            $token,
+            $this->userSession->getUser()->getUID(),
+            $loginName,
+            $password,
+            $this->getClientName(),
+            IToken::PERMANENT_TOKEN,
+            IToken::DO_NOT_REMEMBER
+        );
+
+        return new Http\RedirectResponse('nc://' . urlencode($loginName) . ':' . urlencode($token) . '@' . $this->request->getServerHost());
+    }
 
 }

Please login to merge, or discard this patch.

Spacing +5 added lines, -5 removed lines patch added patch discarded remove patch

@@ -99,7 +99,7 @@  discard block
 block discarded – undo
 	 */
 	private function isValidToken($stateToken) {
 		$currentToken = $this->session->get(self::stateName);
-		if(!is_string($stateToken) || !is_string($currentToken)) {
+		if (!is_string($stateToken) || !is_string($currentToken)) {
 			return false;
 		}
 		return hash_equals($currentToken, $stateToken);
@@ -129,7 +129,7 @@  discard block
 block discarded – undo
 	 * @return TemplateResponse
 	 */
 	public function showAuthPickerPage() {
-		if($this->userSession->isLoggedIn()) {
+		if ($this->userSession->isLoggedIn()) {
 			return new TemplateResponse(
 				$this->appName,
 				'403',
@@ -169,7 +169,7 @@  discard block
 block discarded – undo
 	 * @return TemplateResponse
 	 */
 	public function redirectPage($stateToken = '') {
-		if(!$this->isValidToken($stateToken)) {
+		if (!$this->isValidToken($stateToken)) {
 			return $this->stateTokenForbiddenResponse();
 		}
 
@@ -192,7 +192,7 @@  discard block
 block discarded – undo
 	 * @return Http\RedirectResponse|Response
 	 */
 	public function generateAppPassword($stateToken) {
-		if(!$this->isValidToken($stateToken)) {
+		if (!$this->isValidToken($stateToken)) {
 			$this->session->remove(self::stateName);
 			return $this->stateTokenForbiddenResponse();
 		}
@@ -232,7 +232,7 @@  discard block
 block discarded – undo
 			IToken::DO_NOT_REMEMBER
 		);
 
-		return new Http\RedirectResponse('nc://' . urlencode($loginName) . ':' . urlencode($token) . '@' . $this->request->getServerHost());
+		return new Http\RedirectResponse('nc://'.urlencode($loginName).':'.urlencode($token).'@'.$this->request->getServerHost());
 	}
 
 }

Please login to merge, or discard this patch.

		@@ -99,7 +99,7 @@ discard block
		block discarded – undo
99	99	*/
100	100	private function isValidToken($stateToken) {
101	101	$currentToken = $this->session->get(self::stateName);
102		- if(!is_string($stateToken) \|\| !is_string($currentToken)) {
	102	+ if (!is_string($stateToken) \|\| !is_string($currentToken)) {
103	103	return false;
104	104	}
105	105	return hash_equals($currentToken, $stateToken);
		@@ -129,7 +129,7 @@ discard block
		block discarded – undo
129	129	* @return TemplateResponse
130	130	*/
131	131	public function showAuthPickerPage() {
132		- if($this->userSession->isLoggedIn()) {
	132	+ if ($this->userSession->isLoggedIn()) {
133	133	return new TemplateResponse(
134	134	$this->appName,
135	135	'403',
		@@ -169,7 +169,7 @@ discard block
		block discarded – undo
169	169	* @return TemplateResponse
170	170	*/
171	171	public function redirectPage($stateToken = '') {
172		- if(!$this->isValidToken($stateToken)) {
	172	+ if (!$this->isValidToken($stateToken)) {
173	173	return $this->stateTokenForbiddenResponse();
174	174	}
175	175
		@@ -192,7 +192,7 @@ discard block
		block discarded – undo
192	192	* @return Http\RedirectResponse\|Response
193	193	*/
194	194	public function generateAppPassword($stateToken) {
195		- if(!$this->isValidToken($stateToken)) {
	195	+ if (!$this->isValidToken($stateToken)) {
196	196	$this->session->remove(self::stateName);
197	197	return $this->stateTokenForbiddenResponse();
198	198	}
		@@ -232,7 +232,7 @@ discard block
		block discarded – undo
232	232	IToken::DO_NOT_REMEMBER
233	233	);
234	234
235		- return new Http\RedirectResponse('nc://' . urlencode($loginName) . ':' . urlencode($token) . '@' . $this->request->getServerHost());
	235	+ return new Http\RedirectResponse('nc://'.urlencode($loginName).':'.urlencode($token).'@'.$this->request->getServerHost());
236	236	}
237	237
238	238	}

		@@ -35,38 +35,38 @@ discard block
		block discarded – undo
35	35
36	36	$application = new Application();
37	37	$application->registerRoutes($this, [
38		- 'routes' => [
39		- ['name' => 'lost#email', 'url' => '/lostpassword/email', 'verb' => 'POST'],
40		- ['name' => 'lost#resetform', 'url' => '/lostpassword/reset/form/{token}/{userId}', 'verb' => 'GET'],
41		- ['name' => 'lost#setPassword', 'url' => '/lostpassword/set/{token}/{userId}', 'verb' => 'POST'],
42		- ['name' => 'user#getDisplayNames', 'url' => '/displaynames', 'verb' => 'POST'],
43		- ['name' => 'avatar#getAvatar', 'url' => '/avatar/{userId}/{size}', 'verb' => 'GET'],
44		- ['name' => 'avatar#deleteAvatar', 'url' => '/avatar/', 'verb' => 'DELETE'],
45		- ['name' => 'avatar#postCroppedAvatar', 'url' => '/avatar/cropped', 'verb' => 'POST'],
46		- ['name' => 'avatar#getTmpAvatar', 'url' => '/avatar/tmp', 'verb' => 'GET'],
47		- ['name' => 'avatar#postAvatar', 'url' => '/avatar/', 'verb' => 'POST'],
48		- ['name' => 'login#tryLogin', 'url' => '/login', 'verb' => 'POST'],
49		- ['name' => 'login#confirmPassword', 'url' => '/login/confirm', 'verb' => 'POST'],
50		- ['name' => 'login#showLoginForm', 'url' => '/login', 'verb' => 'GET'],
51		- ['name' => 'login#logout', 'url' => '/logout', 'verb' => 'GET'],
52		- ['name' => 'ClientFlowLogin#showAuthPickerPage', 'url' => '/login/flow', 'verb' => 'GET'],
53		- ['name' => 'ClientFlowLogin#redirectPage', 'url' => '/login/flow/redirect', 'verb' => 'GET'],
54		- ['name' => 'ClientFlowLogin#generateAppPassword', 'url' => '/login/flow', 'verb' => 'POST'],
55		- ['name' => 'TwoFactorChallenge#selectChallenge', 'url' => '/login/selectchallenge', 'verb' => 'GET'],
56		- ['name' => 'TwoFactorChallenge#showChallenge', 'url' => '/login/challenge/{challengeProviderId}', 'verb' => 'GET'],
57		- ['name' => 'TwoFactorChallenge#solveChallenge', 'url' => '/login/challenge/{challengeProviderId}', 'verb' => 'POST'],
58		- ['name' => 'OCJS#getConfig', 'url' => '/core/js/oc.js', 'verb' => 'GET'],
59		- ['name' => 'Preview#getPreview', 'url' => '/core/preview', 'verb' => 'GET'],
60		- ['name' => 'Preview#getPreview', 'url' => '/core/preview.png', 'verb' => 'GET'],
61		- ['name' => 'Css#getCss', 'url' => '/css/{appName}/{fileName}', 'verb' => 'GET'],
62		- ['name' => 'Js#getJs', 'url' => '/js/{appName}/{fileName}', 'verb' => 'GET'],
63		- ],
64		- 'ocs' => [
65		- ['root' => '/cloud', 'name' => 'OCS#getCapabilities', 'url' => '/capabilities', 'verb' => 'GET'],
66		- ['root' => '', 'name' => 'OCS#getConfig', 'url' => '/config', 'verb' => 'GET'],
67		- ['root' => '/person', 'name' => 'OCS#personCheck', 'url' => '/check', 'verb' => 'POST'],
68		- ['root' => '/identityproof', 'name' => 'OCS#getIdentityProof', 'url' => '/key/{cloudId}', 'verb' => 'GET'],
69		- ],
	38	+ 'routes' => [
	39	+ ['name' => 'lost#email', 'url' => '/lostpassword/email', 'verb' => 'POST'],
	40	+ ['name' => 'lost#resetform', 'url' => '/lostpassword/reset/form/{token}/{userId}', 'verb' => 'GET'],
	41	+ ['name' => 'lost#setPassword', 'url' => '/lostpassword/set/{token}/{userId}', 'verb' => 'POST'],
	42	+ ['name' => 'user#getDisplayNames', 'url' => '/displaynames', 'verb' => 'POST'],
	43	+ ['name' => 'avatar#getAvatar', 'url' => '/avatar/{userId}/{size}', 'verb' => 'GET'],
	44	+ ['name' => 'avatar#deleteAvatar', 'url' => '/avatar/', 'verb' => 'DELETE'],
	45	+ ['name' => 'avatar#postCroppedAvatar', 'url' => '/avatar/cropped', 'verb' => 'POST'],
	46	+ ['name' => 'avatar#getTmpAvatar', 'url' => '/avatar/tmp', 'verb' => 'GET'],
	47	+ ['name' => 'avatar#postAvatar', 'url' => '/avatar/', 'verb' => 'POST'],
	48	+ ['name' => 'login#tryLogin', 'url' => '/login', 'verb' => 'POST'],
	49	+ ['name' => 'login#confirmPassword', 'url' => '/login/confirm', 'verb' => 'POST'],
	50	+ ['name' => 'login#showLoginForm', 'url' => '/login', 'verb' => 'GET'],
	51	+ ['name' => 'login#logout', 'url' => '/logout', 'verb' => 'GET'],
	52	+ ['name' => 'ClientFlowLogin#showAuthPickerPage', 'url' => '/login/flow', 'verb' => 'GET'],
	53	+ ['name' => 'ClientFlowLogin#redirectPage', 'url' => '/login/flow/redirect', 'verb' => 'GET'],
	54	+ ['name' => 'ClientFlowLogin#generateAppPassword', 'url' => '/login/flow', 'verb' => 'POST'],
	55	+ ['name' => 'TwoFactorChallenge#selectChallenge', 'url' => '/login/selectchallenge', 'verb' => 'GET'],
	56	+ ['name' => 'TwoFactorChallenge#showChallenge', 'url' => '/login/challenge/{challengeProviderId}', 'verb' => 'GET'],
	57	+ ['name' => 'TwoFactorChallenge#solveChallenge', 'url' => '/login/challenge/{challengeProviderId}', 'verb' => 'POST'],
	58	+ ['name' => 'OCJS#getConfig', 'url' => '/core/js/oc.js', 'verb' => 'GET'],
	59	+ ['name' => 'Preview#getPreview', 'url' => '/core/preview', 'verb' => 'GET'],
	60	+ ['name' => 'Preview#getPreview', 'url' => '/core/preview.png', 'verb' => 'GET'],
	61	+ ['name' => 'Css#getCss', 'url' => '/css/{appName}/{fileName}', 'verb' => 'GET'],
	62	+ ['name' => 'Js#getJs', 'url' => '/js/{appName}/{fileName}', 'verb' => 'GET'],
	63	+ ],
	64	+ 'ocs' => [
	65	+ ['root' => '/cloud', 'name' => 'OCS#getCapabilities', 'url' => '/capabilities', 'verb' => 'GET'],
	66	+ ['root' => '', 'name' => 'OCS#getConfig', 'url' => '/config', 'verb' => 'GET'],
	67	+ ['root' => '/person', 'name' => 'OCS#personCheck', 'url' => '/check', 'verb' => 'POST'],
	68	+ ['root' => '/identityproof', 'name' => 'OCS#getIdentityProof', 'url' => '/key/{cloudId}', 'verb' => 'GET'],
	69	+ ],
70	70	]);
71	71
72	72	// Post installation check
		@@ -75,62 +75,62 @@ discard block
		block discarded – undo
75	75	// Core ajax actions
76	76	// Search
77	77	$this->create('search_ajax_search', '/core/search')
78		- ->actionInclude('core/search/ajax/search.php');
	78	+ ->actionInclude('core/search/ajax/search.php');
79	79	// Routing
80	80	$this->create('core_ajax_update', '/core/ajax/update.php')
81		- ->actionInclude('core/ajax/update.php');
	81	+ ->actionInclude('core/ajax/update.php');
82	82
83	83	// File routes
84	84	$this->create('files.viewcontroller.showFile', '/f/{fileid}')->action(function($urlParams) {
85		- $app = new \OCA\Files\AppInfo\Application($urlParams);
86		- $app->dispatch('ViewController', 'index');
	85	+ $app = new \OCA\Files\AppInfo\Application($urlParams);
	86	+ $app->dispatch('ViewController', 'index');
87	87	});
88	88
89	89	// Call routes
90	90	$this->create('spreed.pagecontroller.showCall', '/call/{token}')->action(function($urlParams) {
91		- if (class_exists(\OCA\Spreed\AppInfo\Application::class, false)) {
92		- $app = new \OCA\Spreed\AppInfo\Application($urlParams);
93		- $app->dispatch('PageController', 'index');
94		- } else {
95		- throw new \OC\HintException('App spreed is not enabled');
96		- }
	91	+ if (class_exists(\OCA\Spreed\AppInfo\Application::class, false)) {
	92	+ $app = new \OCA\Spreed\AppInfo\Application($urlParams);
	93	+ $app->dispatch('PageController', 'index');
	94	+ } else {
	95	+ throw new \OC\HintException('App spreed is not enabled');
	96	+ }
97	97	});
98	98
99	99	// Sharing routes
100	100	$this->create('files_sharing.sharecontroller.showShare', '/s/{token}')->action(function($urlParams) {
101		- if (class_exists(\OCA\Files_Sharing\AppInfo\Application::class, false)) {
102		- $app = new \OCA\Files_Sharing\AppInfo\Application($urlParams);
103		- $app->dispatch('ShareController', 'showShare');
104		- } else {
105		- throw new \OC\HintException('App file sharing is not enabled');
106		- }
	101	+ if (class_exists(\OCA\Files_Sharing\AppInfo\Application::class, false)) {
	102	+ $app = new \OCA\Files_Sharing\AppInfo\Application($urlParams);
	103	+ $app->dispatch('ShareController', 'showShare');
	104	+ } else {
	105	+ throw new \OC\HintException('App file sharing is not enabled');
	106	+ }
107	107	});
108	108	$this->create('files_sharing.sharecontroller.authenticate', '/s/{token}/authenticate')->post()->action(function($urlParams) {
109		- if (class_exists(\OCA\Files_Sharing\AppInfo\Application::class, false)) {
110		- $app = new \OCA\Files_Sharing\AppInfo\Application($urlParams);
111		- $app->dispatch('ShareController', 'authenticate');
112		- } else {
113		- throw new \OC\HintException('App file sharing is not enabled');
114		- }
	109	+ if (class_exists(\OCA\Files_Sharing\AppInfo\Application::class, false)) {
	110	+ $app = new \OCA\Files_Sharing\AppInfo\Application($urlParams);
	111	+ $app->dispatch('ShareController', 'authenticate');
	112	+ } else {
	113	+ throw new \OC\HintException('App file sharing is not enabled');
	114	+ }
115	115	});
116	116	$this->create('files_sharing.sharecontroller.showAuthenticate', '/s/{token}/authenticate')->get()->action(function($urlParams) {
117		- if (class_exists(\OCA\Files_Sharing\AppInfo\Application::class, false)) {
118		- $app = new \OCA\Files_Sharing\AppInfo\Application($urlParams);
119		- $app->dispatch('ShareController', 'showAuthenticate');
120		- } else {
121		- throw new \OC\HintException('App file sharing is not enabled');
122		- }
	117	+ if (class_exists(\OCA\Files_Sharing\AppInfo\Application::class, false)) {
	118	+ $app = new \OCA\Files_Sharing\AppInfo\Application($urlParams);
	119	+ $app->dispatch('ShareController', 'showAuthenticate');
	120	+ } else {
	121	+ throw new \OC\HintException('App file sharing is not enabled');
	122	+ }
123	123	});
124	124	$this->create('files_sharing.sharecontroller.downloadShare', '/s/{token}/download')->get()->action(function($urlParams) {
125		- if (class_exists(\OCA\Files_Sharing\AppInfo\Application::class, false)) {
126		- $app = new \OCA\Files_Sharing\AppInfo\Application($urlParams);
127		- $app->dispatch('ShareController', 'downloadShare');
128		- } else {
129		- throw new \OC\HintException('App file sharing is not enabled');
130		- }
	125	+ if (class_exists(\OCA\Files_Sharing\AppInfo\Application::class, false)) {
	126	+ $app = new \OCA\Files_Sharing\AppInfo\Application($urlParams);
	127	+ $app->dispatch('ShareController', 'downloadShare');
	128	+ } else {
	129	+ throw new \OC\HintException('App file sharing is not enabled');
	130	+ }
131	131	});
132	132
133	133	// used for heartbeat
134	134	$this->create('heartbeat', '/heartbeat')->action(function(){
135		- // do nothing
	135	+ // do nothing
136	136	});

		@@ -39,200 +39,200 @@
		block discarded – undo
39	39	use OCP\Session\Exceptions\SessionNotAvailableException;
40	40
41	41	class ClientFlowLoginController extends Controller {
42		- /** @var IUserSession */
43		- private $userSession;
44		- /** @var IL10N */
45		- private $l10n;
46		- /** @var Defaults */
47		- private $defaults;
48		- /** @var ISession */
49		- private $session;
50		- /** @var IProvider */
51		- private $tokenProvider;
52		- /** @var ISecureRandom */
53		- private $random;
54		- /** @var IURLGenerator */
55		- private $urlGenerator;
56		-
57		- const stateName = 'client.flow.state.token';
58		-
59		- /**
60		- * @param string $appName
61		- * @param IRequest $request
62		- * @param IUserSession $userSession
63		- * @param IL10N $l10n
64		- * @param Defaults $defaults
65		- * @param ISession $session
66		- * @param IProvider $tokenProvider
67		- * @param ISecureRandom $random
68		- * @param IURLGenerator $urlGenerator
69		- */
70		- public function __construct($appName,
71		- IRequest $request,
72		- IUserSession $userSession,
73		- IL10N $l10n,
74		- Defaults $defaults,
75		- ISession $session,
76		- IProvider $tokenProvider,
77		- ISecureRandom $random,
78		- IURLGenerator $urlGenerator) {
79		- parent::__construct($appName, $request);
80		- $this->userSession = $userSession;
81		- $this->l10n = $l10n;
82		- $this->defaults = $defaults;
83		- $this->session = $session;
84		- $this->tokenProvider = $tokenProvider;
85		- $this->random = $random;
86		- $this->urlGenerator = $urlGenerator;
87		- }
88		-
89		- /**
90		- * @return string
91		- */
92		- private function getClientName() {
93		- return $this->request->getHeader('USER_AGENT') !== null ? $this->request->getHeader('USER_AGENT') : 'unknown';
94		- }
95		-
96		- /**
97		- * @param string $stateToken
98		- * @return bool
99		- */
100		- private function isValidToken($stateToken) {
101		- $currentToken = $this->session->get(self::stateName);
102		- if(!is_string($stateToken) \|\| !is_string($currentToken)) {
103		- return false;
104		- }
105		- return hash_equals($currentToken, $stateToken);
106		- }
107		-
108		- /**
109		- * @return TemplateResponse
110		- */
111		- private function stateTokenForbiddenResponse() {
112		- $response = new TemplateResponse(
113		- $this->appName,
114		- '403',
115		- [
116		- 'file' => $this->l10n->t('State token does not match'),
117		- ],
118		- 'guest'
119		- );
120		- $response->setStatus(Http::STATUS_FORBIDDEN);
121		- return $response;
122		- }
123		-
124		- /**
125		- * @PublicPage
126		- * @NoCSRFRequired
127		- * @UseSession
128		- *
129		- * @return TemplateResponse
130		- */
131		- public function showAuthPickerPage() {
132		- if($this->userSession->isLoggedIn()) {
133		- return new TemplateResponse(
134		- $this->appName,
135		- '403',
136		- [
137		- 'file' => $this->l10n->t('Auth flow can only be started unauthenticated.'),
138		- ],
139		- 'guest'
140		- );
141		- }
142		-
143		- $stateToken = $this->random->generate(
144		- 64,
145		- ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_DIGITS
146		- );
147		- $this->session->set(self::stateName, $stateToken);
148		-
149		- return new TemplateResponse(
150		- $this->appName,
151		- 'loginflow/authpicker',
152		- [
153		- 'client' => $this->getClientName(),
154		- 'instanceName' => $this->defaults->getName(),
155		- 'urlGenerator' => $this->urlGenerator,
156		- 'stateToken' => $stateToken,
157		- 'serverHost' => $this->request->getServerHost(),
158		- ],
159		- 'guest'
160		- );
161		- }
162		-
163		- /**
164		- * @NoAdminRequired
165		- * @NoCSRFRequired
166		- * @UseSession
167		- *
168		- * @param string $stateToken
169		- * @return TemplateResponse
170		- */
171		- public function redirectPage($stateToken = '') {
172		- if(!$this->isValidToken($stateToken)) {
173		- return $this->stateTokenForbiddenResponse();
174		- }
175		-
176		- return new TemplateResponse(
177		- $this->appName,
178		- 'loginflow/redirect',
179		- [
180		- 'urlGenerator' => $this->urlGenerator,
181		- 'stateToken' => $stateToken,
182		- ],
183		- 'empty'
184		- );
185		- }
186		-
187		- /**
188		- * @NoAdminRequired
189		- * @UseSession
190		- *
191		- * @param string $stateToken
192		- * @return Http\RedirectResponse\|Response
193		- */
194		- public function generateAppPassword($stateToken) {
195		- if(!$this->isValidToken($stateToken)) {
196		- $this->session->remove(self::stateName);
197		- return $this->stateTokenForbiddenResponse();
198		- }
199		-
200		- $this->session->remove(self::stateName);
201		-
202		- try {
203		- $sessionId = $this->session->getId();
204		- } catch (SessionNotAvailableException $ex) {
205		- $response = new Response();
206		- $response->setStatus(Http::STATUS_FORBIDDEN);
207		- return $response;
208		- }
209		-
210		- try {
211		- $sessionToken = $this->tokenProvider->getToken($sessionId);
212		- $loginName = $sessionToken->getLoginName();
213		- try {
214		- $password = $this->tokenProvider->getPassword($sessionToken, $sessionId);
215		- } catch (PasswordlessTokenException $ex) {
216		- $password = null;
217		- }
218		- } catch (InvalidTokenException $ex) {
219		- $response = new Response();
220		- $response->setStatus(Http::STATUS_FORBIDDEN);
221		- return $response;
222		- }
223		-
224		- $token = $this->random->generate(72);
225		- $this->tokenProvider->generateToken(
226		- $token,
227		- $this->userSession->getUser()->getUID(),
228		- $loginName,
229		- $password,
230		- $this->getClientName(),
231		- IToken::PERMANENT_TOKEN,
232		- IToken::DO_NOT_REMEMBER
233		- );
234		-
235		- return new Http\RedirectResponse('nc://' . urlencode($loginName) . ':' . urlencode($token) . '@' . $this->request->getServerHost());
236		- }
	42	+ /** @var IUserSession */
	43	+ private $userSession;
	44	+ /** @var IL10N */
	45	+ private $l10n;
	46	+ /** @var Defaults */
	47	+ private $defaults;
	48	+ /** @var ISession */
	49	+ private $session;
	50	+ /** @var IProvider */
	51	+ private $tokenProvider;
	52	+ /** @var ISecureRandom */
	53	+ private $random;
	54	+ /** @var IURLGenerator */
	55	+ private $urlGenerator;
	56	+
	57	+ const stateName = 'client.flow.state.token';
	58	+
	59	+ /**
	60	+ * @param string $appName
	61	+ * @param IRequest $request
	62	+ * @param IUserSession $userSession
	63	+ * @param IL10N $l10n
	64	+ * @param Defaults $defaults
	65	+ * @param ISession $session
	66	+ * @param IProvider $tokenProvider
	67	+ * @param ISecureRandom $random
	68	+ * @param IURLGenerator $urlGenerator
	69	+ */
	70	+ public function __construct($appName,
	71	+ IRequest $request,
	72	+ IUserSession $userSession,
	73	+ IL10N $l10n,
	74	+ Defaults $defaults,
	75	+ ISession $session,
	76	+ IProvider $tokenProvider,
	77	+ ISecureRandom $random,
	78	+ IURLGenerator $urlGenerator) {
	79	+ parent::__construct($appName, $request);
	80	+ $this->userSession = $userSession;
	81	+ $this->l10n = $l10n;
	82	+ $this->defaults = $defaults;
	83	+ $this->session = $session;
	84	+ $this->tokenProvider = $tokenProvider;
	85	+ $this->random = $random;
	86	+ $this->urlGenerator = $urlGenerator;
	87	+ }
	88	+
	89	+ /**
	90	+ * @return string
	91	+ */
	92	+ private function getClientName() {
	93	+ return $this->request->getHeader('USER_AGENT') !== null ? $this->request->getHeader('USER_AGENT') : 'unknown';
	94	+ }
	95	+
	96	+ /**
	97	+ * @param string $stateToken
	98	+ * @return bool
	99	+ */
	100	+ private function isValidToken($stateToken) {
	101	+ $currentToken = $this->session->get(self::stateName);
	102	+ if(!is_string($stateToken) \|\| !is_string($currentToken)) {
	103	+ return false;
	104	+ }
	105	+ return hash_equals($currentToken, $stateToken);
	106	+ }
	107	+
	108	+ /**
	109	+ * @return TemplateResponse
	110	+ */
	111	+ private function stateTokenForbiddenResponse() {
	112	+ $response = new TemplateResponse(
	113	+ $this->appName,
	114	+ '403',
	115	+ [
	116	+ 'file' => $this->l10n->t('State token does not match'),
	117	+ ],
	118	+ 'guest'
	119	+ );
	120	+ $response->setStatus(Http::STATUS_FORBIDDEN);
	121	+ return $response;
	122	+ }
	123	+
	124	+ /**
	125	+ * @PublicPage
	126	+ * @NoCSRFRequired
	127	+ * @UseSession
	128	+ *
	129	+ * @return TemplateResponse
	130	+ */
	131	+ public function showAuthPickerPage() {
	132	+ if($this->userSession->isLoggedIn()) {
	133	+ return new TemplateResponse(
	134	+ $this->appName,
	135	+ '403',
	136	+ [
	137	+ 'file' => $this->l10n->t('Auth flow can only be started unauthenticated.'),
	138	+ ],
	139	+ 'guest'
	140	+ );
	141	+ }
	142	+
	143	+ $stateToken = $this->random->generate(
	144	+ 64,
	145	+ ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_DIGITS
	146	+ );
	147	+ $this->session->set(self::stateName, $stateToken);
	148	+
	149	+ return new TemplateResponse(
	150	+ $this->appName,
	151	+ 'loginflow/authpicker',
	152	+ [
	153	+ 'client' => $this->getClientName(),
	154	+ 'instanceName' => $this->defaults->getName(),
	155	+ 'urlGenerator' => $this->urlGenerator,
	156	+ 'stateToken' => $stateToken,
	157	+ 'serverHost' => $this->request->getServerHost(),
	158	+ ],
	159	+ 'guest'
	160	+ );
	161	+ }
	162	+
	163	+ /**
	164	+ * @NoAdminRequired
	165	+ * @NoCSRFRequired
	166	+ * @UseSession
	167	+ *
	168	+ * @param string $stateToken
	169	+ * @return TemplateResponse
	170	+ */
	171	+ public function redirectPage($stateToken = '') {
	172	+ if(!$this->isValidToken($stateToken)) {
	173	+ return $this->stateTokenForbiddenResponse();
	174	+ }
	175	+
	176	+ return new TemplateResponse(
	177	+ $this->appName,
	178	+ 'loginflow/redirect',
	179	+ [
	180	+ 'urlGenerator' => $this->urlGenerator,
	181	+ 'stateToken' => $stateToken,
	182	+ ],
	183	+ 'empty'
	184	+ );
	185	+ }
	186	+
	187	+ /**
	188	+ * @NoAdminRequired
	189	+ * @UseSession
	190	+ *
	191	+ * @param string $stateToken
	192	+ * @return Http\RedirectResponse\|Response
	193	+ */
	194	+ public function generateAppPassword($stateToken) {
	195	+ if(!$this->isValidToken($stateToken)) {
	196	+ $this->session->remove(self::stateName);
	197	+ return $this->stateTokenForbiddenResponse();
	198	+ }
	199	+
	200	+ $this->session->remove(self::stateName);
	201	+
	202	+ try {
	203	+ $sessionId = $this->session->getId();
	204	+ } catch (SessionNotAvailableException $ex) {
	205	+ $response = new Response();
	206	+ $response->setStatus(Http::STATUS_FORBIDDEN);
	207	+ return $response;
	208	+ }
	209	+
	210	+ try {
	211	+ $sessionToken = $this->tokenProvider->getToken($sessionId);
	212	+ $loginName = $sessionToken->getLoginName();
	213	+ try {
	214	+ $password = $this->tokenProvider->getPassword($sessionToken, $sessionId);
	215	+ } catch (PasswordlessTokenException $ex) {
	216	+ $password = null;
	217	+ }
	218	+ } catch (InvalidTokenException $ex) {
	219	+ $response = new Response();
	220	+ $response->setStatus(Http::STATUS_FORBIDDEN);
	221	+ return $response;
	222	+ }
	223	+
	224	+ $token = $this->random->generate(72);
	225	+ $this->tokenProvider->generateToken(
	226	+ $token,
	227	+ $this->userSession->getUser()->getUID(),
	228	+ $loginName,
	229	+ $password,
	230	+ $this->getClientName(),
	231	+ IToken::PERMANENT_TOKEN,
	232	+ IToken::DO_NOT_REMEMBER
	233	+ );
	234	+
	235	+ return new Http\RedirectResponse('nc://' . urlencode($loginName) . ':' . urlencode($token) . '@' . $this->request->getServerHost());
	236	+ }
237	237
238	238	}

nextcloud / server

Pull Request — master (#4479)

Status

Category

Indentation +67 added lines, -67 removed lines patch added patch discarded remove patch

Indentation +195 added lines, -195 removed lines patch added patch discarded remove patch

Spacing +5 added lines, -5 removed lines patch added patch discarded remove patch