Inspection of "[WIP] Add oauth code flow support" - nextcloud/server - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#4704)

by Lukas

created 2017-05-18 14:37 UTC

Status

Indentation +44 added lines, -44 removed lines patch added patch discarded remove patch

@@ -29,51 +29,51 @@
 block discarded – undo
 use OCP\IURLGenerator;
 
 class LoginRedirectorController extends Controller {
-	/** @var IURLGenerator */
-	private $urlGenerator;
-	/** @var ClientMapper */
-	private $clientMapper;
-	/** @var ISession */
-	private $session;
+    /** @var IURLGenerator */
+    private $urlGenerator;
+    /** @var ClientMapper */
+    private $clientMapper;
+    /** @var ISession */
+    private $session;
 
-	/**
-	 * @param string $appName
-	 * @param IRequest $request
-	 * @param IURLGenerator $urlGenerator
-	 * @param ClientMapper $clientMapper
-	 * @param ISession $session
-	 */
-	public function __construct($appName,
-								IRequest $request,
-								IURLGenerator $urlGenerator,
-								ClientMapper $clientMapper,
-								ISession $session) {
-		parent::__construct($appName, $request);
-		$this->urlGenerator = $urlGenerator;
-		$this->clientMapper = $clientMapper;
-		$this->session = $session;
-	}
+    /**
+     * @param string $appName
+     * @param IRequest $request
+     * @param IURLGenerator $urlGenerator
+     * @param ClientMapper $clientMapper
+     * @param ISession $session
+     */
+    public function __construct($appName,
+                                IRequest $request,
+                                IURLGenerator $urlGenerator,
+                                ClientMapper $clientMapper,
+                                ISession $session) {
+        parent::__construct($appName, $request);
+        $this->urlGenerator = $urlGenerator;
+        $this->clientMapper = $clientMapper;
+        $this->session = $session;
+    }
 
-	/**
-	 * @PublicPage
-	 * @NoCSRFRequired
-	 * @UseSession
-	 *
-	 * @param string $client_id
-	 * @param string $state
-	 * @return RedirectResponse
-	 */
-	public function authorize($client_id,
-							  $state) {
-		$client = $this->clientMapper->getByIdentifier($client_id);
-		$this->session->set('oauth.state', $state);
+    /**
+     * @PublicPage
+     * @NoCSRFRequired
+     * @UseSession
+     *
+     * @param string $client_id
+     * @param string $state
+     * @return RedirectResponse
+     */
+    public function authorize($client_id,
+                                $state) {
+        $client = $this->clientMapper->getByIdentifier($client_id);
+        $this->session->set('oauth.state', $state);
 
-		$targetUrl = $this->urlGenerator->linkToRouteAbsolute(
-			'core.ClientFlowLogin.showAuthPickerPage',
-			[
-				'clientIdentifier' => $client->getClientIdentifier(),
-			]
-		);
-		return new RedirectResponse($targetUrl);
-	}
+        $targetUrl = $this->urlGenerator->linkToRouteAbsolute(
+            'core.ClientFlowLogin.showAuthPickerPage',
+            [
+                'clientIdentifier' => $client->getClientIdentifier(),
+            ]
+        );
+        return new RedirectResponse($targetUrl);
+    }
 }

Please login to merge, or discard this patch.

apps/oauth2/lib/Controller/OauthApiController.php 1 patch

Indentation +52 added lines, -52 removed lines patch added patch discarded remove patch

@@ -30,59 +30,59 @@
 block discarded – undo
 use OCP\Security\ISecureRandom;
 
 class OauthApiController extends Controller {
-	/** @var AccessTokenMapper */
-	private $accessTokenMapper;
-	/** @var ICrypto */
-	private $crypto;
-	/** @var DefaultTokenMapper */
-	private $defaultTokenMapper;
-	/** @var ISecureRandom */
-	private $secureRandom;
+    /** @var AccessTokenMapper */
+    private $accessTokenMapper;
+    /** @var ICrypto */
+    private $crypto;
+    /** @var DefaultTokenMapper */
+    private $defaultTokenMapper;
+    /** @var ISecureRandom */
+    private $secureRandom;
 
-	/**
-	 * @param string $appName
-	 * @param IRequest $request
-	 * @param ICrypto $crypto
-	 * @param AccessTokenMapper $accessTokenMapper
-	 * @param DefaultTokenMapper $defaultTokenMapper
-	 * @param ISecureRandom $secureRandom
-	 */
-	public function __construct($appName,
-								IRequest $request,
-								ICrypto $crypto,
-								AccessTokenMapper $accessTokenMapper,
-								DefaultTokenMapper $defaultTokenMapper,
-								ISecureRandom $secureRandom) {
-		parent::__construct($appName, $request);
-		$this->crypto = $crypto;
-		$this->accessTokenMapper = $accessTokenMapper;
-		$this->defaultTokenMapper = $defaultTokenMapper;
-		$this->secureRandom = $secureRandom;
-	}
+    /**
+     * @param string $appName
+     * @param IRequest $request
+     * @param ICrypto $crypto
+     * @param AccessTokenMapper $accessTokenMapper
+     * @param DefaultTokenMapper $defaultTokenMapper
+     * @param ISecureRandom $secureRandom
+     */
+    public function __construct($appName,
+                                IRequest $request,
+                                ICrypto $crypto,
+                                AccessTokenMapper $accessTokenMapper,
+                                DefaultTokenMapper $defaultTokenMapper,
+                                ISecureRandom $secureRandom) {
+        parent::__construct($appName, $request);
+        $this->crypto = $crypto;
+        $this->accessTokenMapper = $accessTokenMapper;
+        $this->defaultTokenMapper = $defaultTokenMapper;
+        $this->secureRandom = $secureRandom;
+    }
 
-	/**
-	 * @PublicPage
-	 * @NoCSRFRequired
-	 *
-	 * @param string $code
-	 * @return JSONResponse
-	 */
-	public function getToken($code) {
-		$accessToken = $this->accessTokenMapper->getByCode($code);
-		$decryptedToken = $this->crypto->decrypt($accessToken->getEncryptedToken(), $code);
-		$newCode = $this->secureRandom->generate(128);
-		$accessToken->setHashedCode(hash('sha512', $newCode));
-		$accessToken->setEncryptedToken($this->crypto->encrypt($decryptedToken, $newCode));
-		$this->accessTokenMapper->update($accessToken);
+    /**
+     * @PublicPage
+     * @NoCSRFRequired
+     *
+     * @param string $code
+     * @return JSONResponse
+     */
+    public function getToken($code) {
+        $accessToken = $this->accessTokenMapper->getByCode($code);
+        $decryptedToken = $this->crypto->decrypt($accessToken->getEncryptedToken(), $code);
+        $newCode = $this->secureRandom->generate(128);
+        $accessToken->setHashedCode(hash('sha512', $newCode));
+        $accessToken->setEncryptedToken($this->crypto->encrypt($decryptedToken, $newCode));
+        $this->accessTokenMapper->update($accessToken);
 
-		return new JSONResponse(
-			[
-				'access_token' => $decryptedToken,
-				'token_type' => 'Bearer',
-				'expires_in' => 3600,
-				'refresh_token' => $newCode,
-				'user_id' => $this->defaultTokenMapper->getTokenById($accessToken->getTokenId())->getUID(),
-			]
-		);
-	}
+        return new JSONResponse(
+            [
+                'access_token' => $decryptedToken,
+                'token_type' => 'Bearer',
+                'expires_in' => 3600,
+                'refresh_token' => $newCode,
+                'user_id' => $this->defaultTokenMapper->getTokenById($accessToken->getTokenId())->getUID(),
+            ]
+        );
+    }
 }

Please login to merge, or discard this patch.

core/Controller/ClientFlowLoginController.php 1 patch

Indentation +243 added lines, -243 removed lines patch added patch discarded remove patch

@@ -43,267 +43,267 @@
 block discarded – undo
 use OCP\Session\Exceptions\SessionNotAvailableException;
 
 class ClientFlowLoginController extends Controller {
-	/** @var IUserSession */
-	private $userSession;
-	/** @var IL10N */
-	private $l10n;
-	/** @var Defaults */
-	private $defaults;
-	/** @var ISession */
-	private $session;
-	/** @var IProvider */
-	private $tokenProvider;
-	/** @var ISecureRandom */
-	private $random;
-	/** @var IURLGenerator */
-	private $urlGenerator;
-	/** @var ClientMapper */
-	private $clientMapper;
-	/** @var AccessTokenMapper */
-	private $accessTokenMapper;
-	/** @var ICrypto */
-	private $crypto;
+    /** @var IUserSession */
+    private $userSession;
+    /** @var IL10N */
+    private $l10n;
+    /** @var Defaults */
+    private $defaults;
+    /** @var ISession */
+    private $session;
+    /** @var IProvider */
+    private $tokenProvider;
+    /** @var ISecureRandom */
+    private $random;
+    /** @var IURLGenerator */
+    private $urlGenerator;
+    /** @var ClientMapper */
+    private $clientMapper;
+    /** @var AccessTokenMapper */
+    private $accessTokenMapper;
+    /** @var ICrypto */
+    private $crypto;
 
-	const stateName = 'client.flow.state.token';
+    const stateName = 'client.flow.state.token';
 
-	/**
-	 * @param string $appName
-	 * @param IRequest $request
-	 * @param IUserSession $userSession
-	 * @param IL10N $l10n
-	 * @param Defaults $defaults
-	 * @param ISession $session
-	 * @param IProvider $tokenProvider
-	 * @param ISecureRandom $random
-	 * @param IURLGenerator $urlGenerator
-	 * @param ClientMapper $clientMapper
-	 * @param AccessTokenMapper $accessTokenMapper
-	 * @param ICrypto $crypto
-	 */
-	public function __construct($appName,
-								IRequest $request,
-								IUserSession $userSession,
-								IL10N $l10n,
-								Defaults $defaults,
-								ISession $session,
-								IProvider $tokenProvider,
-								ISecureRandom $random,
-								IURLGenerator $urlGenerator,
-								ClientMapper $clientMapper,
-								AccessTokenMapper $accessTokenMapper,
-								ICrypto $crypto) {
-		parent::__construct($appName, $request);
-		$this->userSession = $userSession;
-		$this->l10n = $l10n;
-		$this->defaults = $defaults;
-		$this->session = $session;
-		$this->tokenProvider = $tokenProvider;
-		$this->random = $random;
-		$this->urlGenerator = $urlGenerator;
-		$this->clientMapper = $clientMapper;
-		$this->accessTokenMapper = $accessTokenMapper;
-		$this->crypto = $crypto;
-	}
+    /**
+     * @param string $appName
+     * @param IRequest $request
+     * @param IUserSession $userSession
+     * @param IL10N $l10n
+     * @param Defaults $defaults
+     * @param ISession $session
+     * @param IProvider $tokenProvider
+     * @param ISecureRandom $random
+     * @param IURLGenerator $urlGenerator
+     * @param ClientMapper $clientMapper
+     * @param AccessTokenMapper $accessTokenMapper
+     * @param ICrypto $crypto
+     */
+    public function __construct($appName,
+                                IRequest $request,
+                                IUserSession $userSession,
+                                IL10N $l10n,
+                                Defaults $defaults,
+                                ISession $session,
+                                IProvider $tokenProvider,
+                                ISecureRandom $random,
+                                IURLGenerator $urlGenerator,
+                                ClientMapper $clientMapper,
+                                AccessTokenMapper $accessTokenMapper,
+                                ICrypto $crypto) {
+        parent::__construct($appName, $request);
+        $this->userSession = $userSession;
+        $this->l10n = $l10n;
+        $this->defaults = $defaults;
+        $this->session = $session;
+        $this->tokenProvider = $tokenProvider;
+        $this->random = $random;
+        $this->urlGenerator = $urlGenerator;
+        $this->clientMapper = $clientMapper;
+        $this->accessTokenMapper = $accessTokenMapper;
+        $this->crypto = $crypto;
+    }
 
-	/**
-	 * @return string
-	 */
-	private function getClientName() {
-		$userAgent = $this->request->getHeader('USER_AGENT');
-		return $userAgent !== null ? $userAgent : 'unknown';
-	}
+    /**
+     * @return string
+     */
+    private function getClientName() {
+        $userAgent = $this->request->getHeader('USER_AGENT');
+        return $userAgent !== null ? $userAgent : 'unknown';
+    }
 
-	/**
-	 * @param string $stateToken
-	 * @return bool
-	 */
-	private function isValidToken($stateToken) {
-		$currentToken = $this->session->get(self::stateName);
-		if(!is_string($stateToken) || !is_string($currentToken)) {
-			return false;
-		}
-		return hash_equals($currentToken, $stateToken);
-	}
+    /**
+     * @param string $stateToken
+     * @return bool
+     */
+    private function isValidToken($stateToken) {
+        $currentToken = $this->session->get(self::stateName);
+        if(!is_string($stateToken) || !is_string($currentToken)) {
+            return false;
+        }
+        return hash_equals($currentToken, $stateToken);
+    }
 
-	/**
-	 * @return TemplateResponse
-	 */
-	private function stateTokenForbiddenResponse() {
-		$response = new TemplateResponse(
-			$this->appName,
-			'403',
-			[
-				'file' => $this->l10n->t('State token does not match'),
-			],
-			'guest'
-		);
-		$response->setStatus(Http::STATUS_FORBIDDEN);
-		return $response;
-	}
+    /**
+     * @return TemplateResponse
+     */
+    private function stateTokenForbiddenResponse() {
+        $response = new TemplateResponse(
+            $this->appName,
+            '403',
+            [
+                'file' => $this->l10n->t('State token does not match'),
+            ],
+            'guest'
+        );
+        $response->setStatus(Http::STATUS_FORBIDDEN);
+        return $response;
+    }
 
-	/**
-	 * @PublicPage
-	 * @NoCSRFRequired
-	 * @UseSession
-	 *
-	 * @param string $clientIdentifier
-	 *
-	 * @return TemplateResponse
-	 */
-	public function showAuthPickerPage($clientIdentifier = '') {
-		$clientName = $this->getClientName();
-		$client = null;
-		if($clientIdentifier !== '') {
-			$client = $this->clientMapper->getByIdentifier($clientIdentifier);
-			$clientName = $client->getName();
-		}
+    /**
+     * @PublicPage
+     * @NoCSRFRequired
+     * @UseSession
+     *
+     * @param string $clientIdentifier
+     *
+     * @return TemplateResponse
+     */
+    public function showAuthPickerPage($clientIdentifier = '') {
+        $clientName = $this->getClientName();
+        $client = null;
+        if($clientIdentifier !== '') {
+            $client = $this->clientMapper->getByIdentifier($clientIdentifier);
+            $clientName = $client->getName();
+        }
 
-		// No valid clientIdentifier given and no valid API Request (APIRequest header not set)
-		$clientRequest = $this->request->getHeader('OCS-APIREQUEST');
-		if ($clientRequest !== 'true' && $client === null) {
-			return new TemplateResponse(
-				$this->appName,
-				'error',
-				[
-					'errors' =>
-					[
-						[
-							'error' => 'Access Forbidden',
-							'hint' => 'Invalid request',
-						],
-					],
-				],
-				'guest'
-			);
-		}
+        // No valid clientIdentifier given and no valid API Request (APIRequest header not set)
+        $clientRequest = $this->request->getHeader('OCS-APIREQUEST');
+        if ($clientRequest !== 'true' && $client === null) {
+            return new TemplateResponse(
+                $this->appName,
+                'error',
+                [
+                    'errors' =>
+                    [
+                        [
+                            'error' => 'Access Forbidden',
+                            'hint' => 'Invalid request',
+                        ],
+                    ],
+                ],
+                'guest'
+            );
+        }
 
-		$stateToken = $this->random->generate(
-			64,
-			ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_DIGITS
-		);
-		$this->session->set(self::stateName, $stateToken);
+        $stateToken = $this->random->generate(
+            64,
+            ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_DIGITS
+        );
+        $this->session->set(self::stateName, $stateToken);
 
-		return new TemplateResponse(
-			$this->appName,
-			'loginflow/authpicker',
-			[
-				'client' => $clientName,
-				'clientIdentifier' => $clientIdentifier,
-				'instanceName' => $this->defaults->getName(),
-				'urlGenerator' => $this->urlGenerator,
-				'stateToken' => $stateToken,
-				'serverHost' => $this->request->getServerHost(),
-			],
-			'guest'
-		);
-	}
+        return new TemplateResponse(
+            $this->appName,
+            'loginflow/authpicker',
+            [
+                'client' => $clientName,
+                'clientIdentifier' => $clientIdentifier,
+                'instanceName' => $this->defaults->getName(),
+                'urlGenerator' => $this->urlGenerator,
+                'stateToken' => $stateToken,
+                'serverHost' => $this->request->getServerHost(),
+            ],
+            'guest'
+        );
+    }
 
-	/**
-	 * @NoAdminRequired
-	 * @NoCSRFRequired
-	 * @UseSession
-	 *
-	 * @param string $stateToken
-	 * @param string $clientIdentifier
-	 * @return TemplateResponse
-	 */
-	public function redirectPage($stateToken = '',
-								 $clientIdentifier = '') {
-		if(!$this->isValidToken($stateToken)) {
-			return $this->stateTokenForbiddenResponse();
-		}
+    /**
+     * @NoAdminRequired
+     * @NoCSRFRequired
+     * @UseSession
+     *
+     * @param string $stateToken
+     * @param string $clientIdentifier
+     * @return TemplateResponse
+     */
+    public function redirectPage($stateToken = '',
+                                    $clientIdentifier = '') {
+        if(!$this->isValidToken($stateToken)) {
+            return $this->stateTokenForbiddenResponse();
+        }
 
-		return new TemplateResponse(
-			$this->appName,
-			'loginflow/redirect',
-			[
-				'urlGenerator' => $this->urlGenerator,
-				'stateToken' => $stateToken,
-				'clientIdentifier' => $clientIdentifier,
-				'oauthState' => $this->session->get('oauth.state'),
-			],
-			'empty'
-		);
-	}
+        return new TemplateResponse(
+            $this->appName,
+            'loginflow/redirect',
+            [
+                'urlGenerator' => $this->urlGenerator,
+                'stateToken' => $stateToken,
+                'clientIdentifier' => $clientIdentifier,
+                'oauthState' => $this->session->get('oauth.state'),
+            ],
+            'empty'
+        );
+    }
 
-	/**
-	 * @NoAdminRequired
-	 * @UseSession
-	 *
-	 * @param string $stateToken
-	 * @param string $clientIdentifier
-	 * @return Http\RedirectResponse|Response
-	 */
-	public function generateAppPassword($stateToken,
-										$clientIdentifier = '') {
-		if(!$this->isValidToken($stateToken)) {
-			$this->session->remove(self::stateName);
-			return $this->stateTokenForbiddenResponse();
-		}
+    /**
+     * @NoAdminRequired
+     * @UseSession
+     *
+     * @param string $stateToken
+     * @param string $clientIdentifier
+     * @return Http\RedirectResponse|Response
+     */
+    public function generateAppPassword($stateToken,
+                                        $clientIdentifier = '') {
+        if(!$this->isValidToken($stateToken)) {
+            $this->session->remove(self::stateName);
+            return $this->stateTokenForbiddenResponse();
+        }
 
-		$this->session->remove(self::stateName);
+        $this->session->remove(self::stateName);
 
-		try {
-			$sessionId = $this->session->getId();
-		} catch (SessionNotAvailableException $ex) {
-			$response = new Response();
-			$response->setStatus(Http::STATUS_FORBIDDEN);
-			return $response;
-		}
+        try {
+            $sessionId = $this->session->getId();
+        } catch (SessionNotAvailableException $ex) {
+            $response = new Response();
+            $response->setStatus(Http::STATUS_FORBIDDEN);
+            return $response;
+        }
 
-		try {
-			$sessionToken = $this->tokenProvider->getToken($sessionId);
-			$loginName = $sessionToken->getLoginName();
-			try {
-				$password = $this->tokenProvider->getPassword($sessionToken, $sessionId);
-			} catch (PasswordlessTokenException $ex) {
-				$password = null;
-			}
-		} catch (InvalidTokenException $ex) {
-			$response = new Response();
-			$response->setStatus(Http::STATUS_FORBIDDEN);
-			return $response;
-		}
+        try {
+            $sessionToken = $this->tokenProvider->getToken($sessionId);
+            $loginName = $sessionToken->getLoginName();
+            try {
+                $password = $this->tokenProvider->getPassword($sessionToken, $sessionId);
+            } catch (PasswordlessTokenException $ex) {
+                $password = null;
+            }
+        } catch (InvalidTokenException $ex) {
+            $response = new Response();
+            $response->setStatus(Http::STATUS_FORBIDDEN);
+            return $response;
+        }
 
-		$clientName = $this->getClientName();
-		$client = false;
-		if($clientIdentifier !== '') {
-			$client = $this->clientMapper->getByIdentifier($clientIdentifier);
-			$clientName = $client->getName();
-		}
+        $clientName = $this->getClientName();
+        $client = false;
+        if($clientIdentifier !== '') {
+            $client = $this->clientMapper->getByIdentifier($clientIdentifier);
+            $clientName = $client->getName();
+        }
 
-		$token = $this->random->generate(72, ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_DIGITS);
-		$uid = $this->userSession->getUser()->getUID();
-		$generatedToken = $this->tokenProvider->generateToken(
-			$token,
-			$uid,
-			$loginName,
-			$password,
-			$clientName,
-			IToken::PERMANENT_TOKEN,
-			IToken::DO_NOT_REMEMBER
-		);
+        $token = $this->random->generate(72, ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_DIGITS);
+        $uid = $this->userSession->getUser()->getUID();
+        $generatedToken = $this->tokenProvider->generateToken(
+            $token,
+            $uid,
+            $loginName,
+            $password,
+            $clientName,
+            IToken::PERMANENT_TOKEN,
+            IToken::DO_NOT_REMEMBER
+        );
 
-		if($client) {
-			$code = $this->random->generate(128);
-			$accessToken = new AccessToken();
-			$accessToken->setClientId($client->getId());
-			$accessToken->setEncryptedToken($this->crypto->encrypt($token, $code));
-			$accessToken->setHashedCode(hash('sha512', $code));
-			$accessToken->setTokenId($generatedToken->getId());
-			$this->accessTokenMapper->insert($accessToken);
+        if($client) {
+            $code = $this->random->generate(128);
+            $accessToken = new AccessToken();
+            $accessToken->setClientId($client->getId());
+            $accessToken->setEncryptedToken($this->crypto->encrypt($token, $code));
+            $accessToken->setHashedCode(hash('sha512', $code));
+            $accessToken->setTokenId($generatedToken->getId());
+            $this->accessTokenMapper->insert($accessToken);
 
-			$redirectUri = sprintf(
-				'%s?state=%s&code=%s',
-				$client->getRedirectUri(),
-				urlencode($this->session->get('oauth.state')),
-				urlencode($code)
-			);
-			$this->session->remove('oauth.state');
-		} else {
-			$redirectUri = 'nc://login/server:' . $this->request->getServerHost() . '&user:' . urlencode($loginName) . '&password:' . urlencode($token);
-		}
+            $redirectUri = sprintf(
+                '%s?state=%s&code=%s',
+                $client->getRedirectUri(),
+                urlencode($this->session->get('oauth.state')),
+                urlencode($code)
+            );
+            $this->session->remove('oauth.state');
+        } else {
+            $redirectUri = 'nc://login/server:' . $this->request->getServerHost() . '&user:' . urlencode($loginName) . '&password:' . urlencode($token);
+        }
 
-		return new Http\RedirectResponse($redirectUri);
-	}
+        return new Http\RedirectResponse($redirectUri);
+    }
 }

Please login to merge, or discard this patch.

lib/private/Authentication/Token/DefaultTokenMapper.php 1 patch

Indentation +129 added lines, -129 removed lines patch added patch discarded remove patch

@@ -30,135 +30,135 @@
 block discarded – undo
 
 class DefaultTokenMapper extends Mapper {
 
-	public function __construct(IDBConnection $db) {
-		parent::__construct($db, 'authtoken');
-	}
-
-	/**
-	 * Invalidate (delete) a given token
-	 *
-	 * @param string $token
-	 */
-	public function invalidate($token) {
-		/* @var $qb IQueryBuilder */
-		$qb = $this->db->getQueryBuilder();
-		$qb->delete('authtoken')
-			->where($qb->expr()->eq('token', $qb->createParameter('token')))
-			->setParameter('token', $token)
-			->execute();
-	}
-
-	/**
-	 * @param int $olderThan
-	 * @param int $remember
-	 */
-	public function invalidateOld($olderThan, $remember = IToken::DO_NOT_REMEMBER) {
-		/* @var $qb IQueryBuilder */
-		$qb = $this->db->getQueryBuilder();
-		$qb->delete('authtoken')
-			->where($qb->expr()->lt('last_activity', $qb->createNamedParameter($olderThan, IQueryBuilder::PARAM_INT)))
-			->andWhere($qb->expr()->eq('type', $qb->createNamedParameter(IToken::TEMPORARY_TOKEN, IQueryBuilder::PARAM_INT)))
-			->andWhere($qb->expr()->eq('remember', $qb->createNamedParameter($remember, IQueryBuilder::PARAM_INT)))
-			->execute();
-	}
-
-	/**
-	 * Get the user UID for the given token
-	 *
-	 * @param string $token
-	 * @throws DoesNotExistException
-	 * @return DefaultToken
-	 */
-	public function getToken($token) {
-		/* @var $qb IQueryBuilder */
-		$qb = $this->db->getQueryBuilder();
-		$result = $qb->select('id', 'uid', 'login_name', 'password', 'name', 'type', 'remember', 'token', 'last_activity', 'last_check', 'scope')
-			->from('authtoken')
-			->where($qb->expr()->eq('token', $qb->createNamedParameter($token)))
-			->execute();
-
-		$data = $result->fetch();
-		$result->closeCursor();
-		if ($data === false) {
-			throw new DoesNotExistException('token does not exist');
-		}
+    public function __construct(IDBConnection $db) {
+        parent::__construct($db, 'authtoken');
+    }
+
+    /**
+     * Invalidate (delete) a given token
+     *
+     * @param string $token
+     */
+    public function invalidate($token) {
+        /* @var $qb IQueryBuilder */
+        $qb = $this->db->getQueryBuilder();
+        $qb->delete('authtoken')
+            ->where($qb->expr()->eq('token', $qb->createParameter('token')))
+            ->setParameter('token', $token)
+            ->execute();
+    }
+
+    /**
+     * @param int $olderThan
+     * @param int $remember
+     */
+    public function invalidateOld($olderThan, $remember = IToken::DO_NOT_REMEMBER) {
+        /* @var $qb IQueryBuilder */
+        $qb = $this->db->getQueryBuilder();
+        $qb->delete('authtoken')
+            ->where($qb->expr()->lt('last_activity', $qb->createNamedParameter($olderThan, IQueryBuilder::PARAM_INT)))
+            ->andWhere($qb->expr()->eq('type', $qb->createNamedParameter(IToken::TEMPORARY_TOKEN, IQueryBuilder::PARAM_INT)))
+            ->andWhere($qb->expr()->eq('remember', $qb->createNamedParameter($remember, IQueryBuilder::PARAM_INT)))
+            ->execute();
+    }
+
+    /**
+     * Get the user UID for the given token
+     *
+     * @param string $token
+     * @throws DoesNotExistException
+     * @return DefaultToken
+     */
+    public function getToken($token) {
+        /* @var $qb IQueryBuilder */
+        $qb = $this->db->getQueryBuilder();
+        $result = $qb->select('id', 'uid', 'login_name', 'password', 'name', 'type', 'remember', 'token', 'last_activity', 'last_check', 'scope')
+            ->from('authtoken')
+            ->where($qb->expr()->eq('token', $qb->createNamedParameter($token)))
+            ->execute();
+
+        $data = $result->fetch();
+        $result->closeCursor();
+        if ($data === false) {
+            throw new DoesNotExistException('token does not exist');
+        }
 ;
-		return DefaultToken::fromRow($data);
-	}
-
-	/**
-	 * Get the token for $id
-	 *
-	 * @param string $id
-	 * @throws DoesNotExistException
-	 * @return DefaultToken
-	 */
-	public function getTokenById($id) {
-		/* @var $qb IQueryBuilder */
-		$qb = $this->db->getQueryBuilder();
-		$result = $qb->select('id', 'uid', 'login_name', 'password', 'name', 'type', 'token', 'last_activity', 'last_check', 'scope')
-			->from('authtoken')
-			->where($qb->expr()->eq('id', $qb->createNamedParameter($id)))
-			->execute();
-
-		$data = $result->fetch();
-		$result->closeCursor();
-		if ($data === false) {
-			throw new DoesNotExistException('token does not exist');
-		};
-		return DefaultToken::fromRow($data);
-	}
-
-	/**
-	 * Get all token of a user
-	 *
-	 * The provider may limit the number of result rows in case of an abuse
-	 * where a high number of (session) tokens is generated
-	 *
-	 * @param IUser $user
-	 * @return DefaultToken[]
-	 */
-	public function getTokenByUser(IUser $user) {
-		/* @var $qb IQueryBuilder */
-		$qb = $this->db->getQueryBuilder();
-		$qb->select('id', 'uid', 'login_name', 'password', 'name', 'type', 'remember', 'token', 'last_activity', 'last_check', 'scope')
-			->from('authtoken')
-			->where($qb->expr()->eq('uid', $qb->createNamedParameter($user->getUID())))
-			->setMaxResults(1000);
-		$result = $qb->execute();
-		$data = $result->fetchAll();
-		$result->closeCursor();
-
-		$entities = array_map(function ($row) {
-			return DefaultToken::fromRow($row);
-		}, $data);
-
-		return $entities;
-	}
-
-	/**
-	 * @param IUser $user
-	 * @param int $id
-	 */
-	public function deleteById(IUser $user, $id) {
-		/* @var $qb IQueryBuilder */
-		$qb = $this->db->getQueryBuilder();
-		$qb->delete('authtoken')
-			->where($qb->expr()->eq('id', $qb->createNamedParameter($id)))
-			->andWhere($qb->expr()->eq('uid', $qb->createNamedParameter($user->getUID())));
-		$qb->execute();
-	}
-
-	/**
-	 * delete all auth token which belong to a specific client if the client was deleted
-	 *
-	 * @param string $name
-	 */
-	public function deleteByName($name) {
-		$qb = $this->db->getQueryBuilder();
-		$qb->delete('authtoken')
-			->where($qb->expr()->eq('name', $qb->createNamedParameter($name)));
-		$qb->execute();
-	}
+        return DefaultToken::fromRow($data);
+    }
+
+    /**
+     * Get the token for $id
+     *
+     * @param string $id
+     * @throws DoesNotExistException
+     * @return DefaultToken
+     */
+    public function getTokenById($id) {
+        /* @var $qb IQueryBuilder */
+        $qb = $this->db->getQueryBuilder();
+        $result = $qb->select('id', 'uid', 'login_name', 'password', 'name', 'type', 'token', 'last_activity', 'last_check', 'scope')
+            ->from('authtoken')
+            ->where($qb->expr()->eq('id', $qb->createNamedParameter($id)))
+            ->execute();
+
+        $data = $result->fetch();
+        $result->closeCursor();
+        if ($data === false) {
+            throw new DoesNotExistException('token does not exist');
+        };
+        return DefaultToken::fromRow($data);
+    }
+
+    /**
+     * Get all token of a user
+     *
+     * The provider may limit the number of result rows in case of an abuse
+     * where a high number of (session) tokens is generated
+     *
+     * @param IUser $user
+     * @return DefaultToken[]
+     */
+    public function getTokenByUser(IUser $user) {
+        /* @var $qb IQueryBuilder */
+        $qb = $this->db->getQueryBuilder();
+        $qb->select('id', 'uid', 'login_name', 'password', 'name', 'type', 'remember', 'token', 'last_activity', 'last_check', 'scope')
+            ->from('authtoken')
+            ->where($qb->expr()->eq('uid', $qb->createNamedParameter($user->getUID())))
+            ->setMaxResults(1000);
+        $result = $qb->execute();
+        $data = $result->fetchAll();
+        $result->closeCursor();
+
+        $entities = array_map(function ($row) {
+            return DefaultToken::fromRow($row);
+        }, $data);
+
+        return $entities;
+    }
+
+    /**
+     * @param IUser $user
+     * @param int $id
+     */
+    public function deleteById(IUser $user, $id) {
+        /* @var $qb IQueryBuilder */
+        $qb = $this->db->getQueryBuilder();
+        $qb->delete('authtoken')
+            ->where($qb->expr()->eq('id', $qb->createNamedParameter($id)))
+            ->andWhere($qb->expr()->eq('uid', $qb->createNamedParameter($user->getUID())));
+        $qb->execute();
+    }
+
+    /**
+     * delete all auth token which belong to a specific client if the client was deleted
+     *
+     * @param string $name
+     */
+    public function deleteByName($name) {
+        $qb = $this->db->getQueryBuilder();
+        $qb->delete('authtoken')
+            ->where($qb->expr()->eq('name', $qb->createNamedParameter($name)));
+        $qb->execute();
+    }
 
 }

Please login to merge, or discard this patch.

		@@ -29,51 +29,51 @@
		block discarded – undo
29	29	use OCP\IURLGenerator;
30	30
31	31	class LoginRedirectorController extends Controller {
32		- /** @var IURLGenerator */
33		- private $urlGenerator;
34		- /** @var ClientMapper */
35		- private $clientMapper;
36		- /** @var ISession */
37		- private $session;
	32	+ /** @var IURLGenerator */
	33	+ private $urlGenerator;
	34	+ /** @var ClientMapper */
	35	+ private $clientMapper;
	36	+ /** @var ISession */
	37	+ private $session;
38	38
39		- /**
40		- * @param string $appName
41		- * @param IRequest $request
42		- * @param IURLGenerator $urlGenerator
43		- * @param ClientMapper $clientMapper
44		- * @param ISession $session
45		- */
46		- public function __construct($appName,
47		- IRequest $request,
48		- IURLGenerator $urlGenerator,
49		- ClientMapper $clientMapper,
50		- ISession $session) {
51		- parent::__construct($appName, $request);
52		- $this->urlGenerator = $urlGenerator;
53		- $this->clientMapper = $clientMapper;
54		- $this->session = $session;
55		- }
	39	+ /**
	40	+ * @param string $appName
	41	+ * @param IRequest $request
	42	+ * @param IURLGenerator $urlGenerator
	43	+ * @param ClientMapper $clientMapper
	44	+ * @param ISession $session
	45	+ */
	46	+ public function __construct($appName,
	47	+ IRequest $request,
	48	+ IURLGenerator $urlGenerator,
	49	+ ClientMapper $clientMapper,
	50	+ ISession $session) {
	51	+ parent::__construct($appName, $request);
	52	+ $this->urlGenerator = $urlGenerator;
	53	+ $this->clientMapper = $clientMapper;
	54	+ $this->session = $session;
	55	+ }
56	56
57		- /**
58		- * @PublicPage
59		- * @NoCSRFRequired
60		- * @UseSession
61		- *
62		- * @param string $client_id
63		- * @param string $state
64		- * @return RedirectResponse
65		- */
66		- public function authorize($client_id,
67		- $state) {
68		- $client = $this->clientMapper->getByIdentifier($client_id);
69		- $this->session->set('oauth.state', $state);
	57	+ /**
	58	+ * @PublicPage
	59	+ * @NoCSRFRequired
	60	+ * @UseSession
	61	+ *
	62	+ * @param string $client_id
	63	+ * @param string $state
	64	+ * @return RedirectResponse
	65	+ */
	66	+ public function authorize($client_id,
	67	+ $state) {
	68	+ $client = $this->clientMapper->getByIdentifier($client_id);
	69	+ $this->session->set('oauth.state', $state);
70	70
71		- $targetUrl = $this->urlGenerator->linkToRouteAbsolute(
72		- 'core.ClientFlowLogin.showAuthPickerPage',
73		- [
74		- 'clientIdentifier' => $client->getClientIdentifier(),
75		- ]
76		- );
77		- return new RedirectResponse($targetUrl);
78		- }
	71	+ $targetUrl = $this->urlGenerator->linkToRouteAbsolute(
	72	+ 'core.ClientFlowLogin.showAuthPickerPage',
	73	+ [
	74	+ 'clientIdentifier' => $client->getClientIdentifier(),
	75	+ ]
	76	+ );
	77	+ return new RedirectResponse($targetUrl);
	78	+ }
79	79	}

		@@ -30,59 +30,59 @@
		block discarded – undo
30	30	use OCP\Security\ISecureRandom;
31	31
32	32	class OauthApiController extends Controller {
33		- /** @var AccessTokenMapper */
34		- private $accessTokenMapper;
35		- /** @var ICrypto */
36		- private $crypto;
37		- /** @var DefaultTokenMapper */
38		- private $defaultTokenMapper;
39		- /** @var ISecureRandom */
40		- private $secureRandom;
	33	+ /** @var AccessTokenMapper */
	34	+ private $accessTokenMapper;
	35	+ /** @var ICrypto */
	36	+ private $crypto;
	37	+ /** @var DefaultTokenMapper */
	38	+ private $defaultTokenMapper;
	39	+ /** @var ISecureRandom */
	40	+ private $secureRandom;
41	41
42		- /**
43		- * @param string $appName
44		- * @param IRequest $request
45		- * @param ICrypto $crypto
46		- * @param AccessTokenMapper $accessTokenMapper
47		- * @param DefaultTokenMapper $defaultTokenMapper
48		- * @param ISecureRandom $secureRandom
49		- */
50		- public function __construct($appName,
51		- IRequest $request,
52		- ICrypto $crypto,
53		- AccessTokenMapper $accessTokenMapper,
54		- DefaultTokenMapper $defaultTokenMapper,
55		- ISecureRandom $secureRandom) {
56		- parent::__construct($appName, $request);
57		- $this->crypto = $crypto;
58		- $this->accessTokenMapper = $accessTokenMapper;
59		- $this->defaultTokenMapper = $defaultTokenMapper;
60		- $this->secureRandom = $secureRandom;
61		- }
	42	+ /**
	43	+ * @param string $appName
	44	+ * @param IRequest $request
	45	+ * @param ICrypto $crypto
	46	+ * @param AccessTokenMapper $accessTokenMapper
	47	+ * @param DefaultTokenMapper $defaultTokenMapper
	48	+ * @param ISecureRandom $secureRandom
	49	+ */
	50	+ public function __construct($appName,
	51	+ IRequest $request,
	52	+ ICrypto $crypto,
	53	+ AccessTokenMapper $accessTokenMapper,
	54	+ DefaultTokenMapper $defaultTokenMapper,
	55	+ ISecureRandom $secureRandom) {
	56	+ parent::__construct($appName, $request);
	57	+ $this->crypto = $crypto;
	58	+ $this->accessTokenMapper = $accessTokenMapper;
	59	+ $this->defaultTokenMapper = $defaultTokenMapper;
	60	+ $this->secureRandom = $secureRandom;
	61	+ }
62	62
63		- /**
64		- * @PublicPage
65		- * @NoCSRFRequired
66		- *
67		- * @param string $code
68		- * @return JSONResponse
69		- */
70		- public function getToken($code) {
71		- $accessToken = $this->accessTokenMapper->getByCode($code);
72		- $decryptedToken = $this->crypto->decrypt($accessToken->getEncryptedToken(), $code);
73		- $newCode = $this->secureRandom->generate(128);
74		- $accessToken->setHashedCode(hash('sha512', $newCode));
75		- $accessToken->setEncryptedToken($this->crypto->encrypt($decryptedToken, $newCode));
76		- $this->accessTokenMapper->update($accessToken);
	63	+ /**
	64	+ * @PublicPage
	65	+ * @NoCSRFRequired
	66	+ *
	67	+ * @param string $code
	68	+ * @return JSONResponse
	69	+ */
	70	+ public function getToken($code) {
	71	+ $accessToken = $this->accessTokenMapper->getByCode($code);
	72	+ $decryptedToken = $this->crypto->decrypt($accessToken->getEncryptedToken(), $code);
	73	+ $newCode = $this->secureRandom->generate(128);
	74	+ $accessToken->setHashedCode(hash('sha512', $newCode));
	75	+ $accessToken->setEncryptedToken($this->crypto->encrypt($decryptedToken, $newCode));
	76	+ $this->accessTokenMapper->update($accessToken);
77	77
78		- return new JSONResponse(
79		- [
80		- 'access_token' => $decryptedToken,
81		- 'token_type' => 'Bearer',
82		- 'expires_in' => 3600,
83		- 'refresh_token' => $newCode,
84		- 'user_id' => $this->defaultTokenMapper->getTokenById($accessToken->getTokenId())->getUID(),
85		- ]
86		- );
87		- }
	78	+ return new JSONResponse(
	79	+ [
	80	+ 'access_token' => $decryptedToken,
	81	+ 'token_type' => 'Bearer',
	82	+ 'expires_in' => 3600,
	83	+ 'refresh_token' => $newCode,
	84	+ 'user_id' => $this->defaultTokenMapper->getTokenById($accessToken->getTokenId())->getUID(),
	85	+ ]
	86	+ );
	87	+ }
88	88	}

		@@ -43,267 +43,267 @@
		block discarded – undo
43	43	use OCP\Session\Exceptions\SessionNotAvailableException;
44	44
45	45	class ClientFlowLoginController extends Controller {
46		- /** @var IUserSession */
47		- private $userSession;
48		- /** @var IL10N */
49		- private $l10n;
50		- /** @var Defaults */
51		- private $defaults;
52		- /** @var ISession */
53		- private $session;
54		- /** @var IProvider */
55		- private $tokenProvider;
56		- /** @var ISecureRandom */
57		- private $random;
58		- /** @var IURLGenerator */
59		- private $urlGenerator;
60		- /** @var ClientMapper */
61		- private $clientMapper;
62		- /** @var AccessTokenMapper */
63		- private $accessTokenMapper;
64		- /** @var ICrypto */
65		- private $crypto;
	46	+ /** @var IUserSession */
	47	+ private $userSession;
	48	+ /** @var IL10N */
	49	+ private $l10n;
	50	+ /** @var Defaults */
	51	+ private $defaults;
	52	+ /** @var ISession */
	53	+ private $session;
	54	+ /** @var IProvider */
	55	+ private $tokenProvider;
	56	+ /** @var ISecureRandom */
	57	+ private $random;
	58	+ /** @var IURLGenerator */
	59	+ private $urlGenerator;
	60	+ /** @var ClientMapper */
	61	+ private $clientMapper;
	62	+ /** @var AccessTokenMapper */
	63	+ private $accessTokenMapper;
	64	+ /** @var ICrypto */
	65	+ private $crypto;
66	66
67		- const stateName = 'client.flow.state.token';
	67	+ const stateName = 'client.flow.state.token';
68	68
69		- /**
70		- * @param string $appName
71		- * @param IRequest $request
72		- * @param IUserSession $userSession
73		- * @param IL10N $l10n
74		- * @param Defaults $defaults
75		- * @param ISession $session
76		- * @param IProvider $tokenProvider
77		- * @param ISecureRandom $random
78		- * @param IURLGenerator $urlGenerator
79		- * @param ClientMapper $clientMapper
80		- * @param AccessTokenMapper $accessTokenMapper
81		- * @param ICrypto $crypto
82		- */
83		- public function __construct($appName,
84		- IRequest $request,
85		- IUserSession $userSession,
86		- IL10N $l10n,
87		- Defaults $defaults,
88		- ISession $session,
89		- IProvider $tokenProvider,
90		- ISecureRandom $random,
91		- IURLGenerator $urlGenerator,
92		- ClientMapper $clientMapper,
93		- AccessTokenMapper $accessTokenMapper,
94		- ICrypto $crypto) {
95		- parent::__construct($appName, $request);
96		- $this->userSession = $userSession;
97		- $this->l10n = $l10n;
98		- $this->defaults = $defaults;
99		- $this->session = $session;
100		- $this->tokenProvider = $tokenProvider;
101		- $this->random = $random;
102		- $this->urlGenerator = $urlGenerator;
103		- $this->clientMapper = $clientMapper;
104		- $this->accessTokenMapper = $accessTokenMapper;
105		- $this->crypto = $crypto;
106		- }
	69	+ /**
	70	+ * @param string $appName
	71	+ * @param IRequest $request
	72	+ * @param IUserSession $userSession
	73	+ * @param IL10N $l10n
	74	+ * @param Defaults $defaults
	75	+ * @param ISession $session
	76	+ * @param IProvider $tokenProvider
	77	+ * @param ISecureRandom $random
	78	+ * @param IURLGenerator $urlGenerator
	79	+ * @param ClientMapper $clientMapper
	80	+ * @param AccessTokenMapper $accessTokenMapper
	81	+ * @param ICrypto $crypto
	82	+ */
	83	+ public function __construct($appName,
	84	+ IRequest $request,
	85	+ IUserSession $userSession,
	86	+ IL10N $l10n,
	87	+ Defaults $defaults,
	88	+ ISession $session,
	89	+ IProvider $tokenProvider,
	90	+ ISecureRandom $random,
	91	+ IURLGenerator $urlGenerator,
	92	+ ClientMapper $clientMapper,
	93	+ AccessTokenMapper $accessTokenMapper,
	94	+ ICrypto $crypto) {
	95	+ parent::__construct($appName, $request);
	96	+ $this->userSession = $userSession;
	97	+ $this->l10n = $l10n;
	98	+ $this->defaults = $defaults;
	99	+ $this->session = $session;
	100	+ $this->tokenProvider = $tokenProvider;
	101	+ $this->random = $random;
	102	+ $this->urlGenerator = $urlGenerator;
	103	+ $this->clientMapper = $clientMapper;
	104	+ $this->accessTokenMapper = $accessTokenMapper;
	105	+ $this->crypto = $crypto;
	106	+ }
107	107
108		- /**
109		- * @return string
110		- */
111		- private function getClientName() {
112		- $userAgent = $this->request->getHeader('USER_AGENT');
113		- return $userAgent !== null ? $userAgent : 'unknown';
114		- }
	108	+ /**
	109	+ * @return string
	110	+ */
	111	+ private function getClientName() {
	112	+ $userAgent = $this->request->getHeader('USER_AGENT');
	113	+ return $userAgent !== null ? $userAgent : 'unknown';
	114	+ }
115	115
116		- /**
117		- * @param string $stateToken
118		- * @return bool
119		- */
120		- private function isValidToken($stateToken) {
121		- $currentToken = $this->session->get(self::stateName);
122		- if(!is_string($stateToken) \|\| !is_string($currentToken)) {
123		- return false;
124		- }
125		- return hash_equals($currentToken, $stateToken);
126		- }
	116	+ /**
	117	+ * @param string $stateToken
	118	+ * @return bool
	119	+ */
	120	+ private function isValidToken($stateToken) {
	121	+ $currentToken = $this->session->get(self::stateName);
	122	+ if(!is_string($stateToken) \|\| !is_string($currentToken)) {
	123	+ return false;
	124	+ }
	125	+ return hash_equals($currentToken, $stateToken);
	126	+ }
127	127
128		- /**
129		- * @return TemplateResponse
130		- */
131		- private function stateTokenForbiddenResponse() {
132		- $response = new TemplateResponse(
133		- $this->appName,
134		- '403',
135		- [
136		- 'file' => $this->l10n->t('State token does not match'),
137		- ],
138		- 'guest'
139		- );
140		- $response->setStatus(Http::STATUS_FORBIDDEN);
141		- return $response;
142		- }
	128	+ /**
	129	+ * @return TemplateResponse
	130	+ */
	131	+ private function stateTokenForbiddenResponse() {
	132	+ $response = new TemplateResponse(
	133	+ $this->appName,
	134	+ '403',
	135	+ [
	136	+ 'file' => $this->l10n->t('State token does not match'),
	137	+ ],
	138	+ 'guest'
	139	+ );
	140	+ $response->setStatus(Http::STATUS_FORBIDDEN);
	141	+ return $response;
	142	+ }
143	143
144		- /**
145		- * @PublicPage
146		- * @NoCSRFRequired
147		- * @UseSession
148		- *
149		- * @param string $clientIdentifier
150		- *
151		- * @return TemplateResponse
152		- */
153		- public function showAuthPickerPage($clientIdentifier = '') {
154		- $clientName = $this->getClientName();
155		- $client = null;
156		- if($clientIdentifier !== '') {
157		- $client = $this->clientMapper->getByIdentifier($clientIdentifier);
158		- $clientName = $client->getName();
159		- }
	144	+ /**
	145	+ * @PublicPage
	146	+ * @NoCSRFRequired
	147	+ * @UseSession
	148	+ *
	149	+ * @param string $clientIdentifier
	150	+ *
	151	+ * @return TemplateResponse
	152	+ */
	153	+ public function showAuthPickerPage($clientIdentifier = '') {
	154	+ $clientName = $this->getClientName();
	155	+ $client = null;
	156	+ if($clientIdentifier !== '') {
	157	+ $client = $this->clientMapper->getByIdentifier($clientIdentifier);
	158	+ $clientName = $client->getName();
	159	+ }
160	160
161		- // No valid clientIdentifier given and no valid API Request (APIRequest header not set)
162		- $clientRequest = $this->request->getHeader('OCS-APIREQUEST');
163		- if ($clientRequest !== 'true' && $client === null) {
164		- return new TemplateResponse(
165		- $this->appName,
166		- 'error',
167		- [
168		- 'errors' =>
169		- [
170		- [
171		- 'error' => 'Access Forbidden',
172		- 'hint' => 'Invalid request',
173		- ],
174		- ],
175		- ],
176		- 'guest'
177		- );
178		- }
	161	+ // No valid clientIdentifier given and no valid API Request (APIRequest header not set)
	162	+ $clientRequest = $this->request->getHeader('OCS-APIREQUEST');
	163	+ if ($clientRequest !== 'true' && $client === null) {
	164	+ return new TemplateResponse(
	165	+ $this->appName,
	166	+ 'error',
	167	+ [
	168	+ 'errors' =>
	169	+ [
	170	+ [
	171	+ 'error' => 'Access Forbidden',
	172	+ 'hint' => 'Invalid request',
	173	+ ],
	174	+ ],
	175	+ ],
	176	+ 'guest'
	177	+ );
	178	+ }
179	179
180		- $stateToken = $this->random->generate(
181		- 64,
182		- ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_DIGITS
183		- );
184		- $this->session->set(self::stateName, $stateToken);
	180	+ $stateToken = $this->random->generate(
	181	+ 64,
	182	+ ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_DIGITS
	183	+ );
	184	+ $this->session->set(self::stateName, $stateToken);
185	185
186		- return new TemplateResponse(
187		- $this->appName,
188		- 'loginflow/authpicker',
189		- [
190		- 'client' => $clientName,
191		- 'clientIdentifier' => $clientIdentifier,
192		- 'instanceName' => $this->defaults->getName(),
193		- 'urlGenerator' => $this->urlGenerator,
194		- 'stateToken' => $stateToken,
195		- 'serverHost' => $this->request->getServerHost(),
196		- ],
197		- 'guest'
198		- );
199		- }
	186	+ return new TemplateResponse(
	187	+ $this->appName,
	188	+ 'loginflow/authpicker',
	189	+ [
	190	+ 'client' => $clientName,
	191	+ 'clientIdentifier' => $clientIdentifier,
	192	+ 'instanceName' => $this->defaults->getName(),
	193	+ 'urlGenerator' => $this->urlGenerator,
	194	+ 'stateToken' => $stateToken,
	195	+ 'serverHost' => $this->request->getServerHost(),
	196	+ ],
	197	+ 'guest'
	198	+ );
	199	+ }
200	200
201		- /**
202		- * @NoAdminRequired
203		- * @NoCSRFRequired
204		- * @UseSession
205		- *
206		- * @param string $stateToken
207		- * @param string $clientIdentifier
208		- * @return TemplateResponse
209		- */
210		- public function redirectPage($stateToken = '',
211		- $clientIdentifier = '') {
212		- if(!$this->isValidToken($stateToken)) {
213		- return $this->stateTokenForbiddenResponse();
214		- }
	201	+ /**
	202	+ * @NoAdminRequired
	203	+ * @NoCSRFRequired
	204	+ * @UseSession
	205	+ *
	206	+ * @param string $stateToken
	207	+ * @param string $clientIdentifier
	208	+ * @return TemplateResponse
	209	+ */
	210	+ public function redirectPage($stateToken = '',
	211	+ $clientIdentifier = '') {
	212	+ if(!$this->isValidToken($stateToken)) {
	213	+ return $this->stateTokenForbiddenResponse();
	214	+ }
215	215
216		- return new TemplateResponse(
217		- $this->appName,
218		- 'loginflow/redirect',
219		- [
220		- 'urlGenerator' => $this->urlGenerator,
221		- 'stateToken' => $stateToken,
222		- 'clientIdentifier' => $clientIdentifier,
223		- 'oauthState' => $this->session->get('oauth.state'),
224		- ],
225		- 'empty'
226		- );
227		- }
	216	+ return new TemplateResponse(
	217	+ $this->appName,
	218	+ 'loginflow/redirect',
	219	+ [
	220	+ 'urlGenerator' => $this->urlGenerator,
	221	+ 'stateToken' => $stateToken,
	222	+ 'clientIdentifier' => $clientIdentifier,
	223	+ 'oauthState' => $this->session->get('oauth.state'),
	224	+ ],
	225	+ 'empty'
	226	+ );
	227	+ }
228	228
229		- /**
230		- * @NoAdminRequired
231		- * @UseSession
232		- *
233		- * @param string $stateToken
234		- * @param string $clientIdentifier
235		- * @return Http\RedirectResponse\|Response
236		- */
237		- public function generateAppPassword($stateToken,
238		- $clientIdentifier = '') {
239		- if(!$this->isValidToken($stateToken)) {
240		- $this->session->remove(self::stateName);
241		- return $this->stateTokenForbiddenResponse();
242		- }
	229	+ /**
	230	+ * @NoAdminRequired
	231	+ * @UseSession
	232	+ *
	233	+ * @param string $stateToken
	234	+ * @param string $clientIdentifier
	235	+ * @return Http\RedirectResponse\|Response
	236	+ */
	237	+ public function generateAppPassword($stateToken,
	238	+ $clientIdentifier = '') {
	239	+ if(!$this->isValidToken($stateToken)) {
	240	+ $this->session->remove(self::stateName);
	241	+ return $this->stateTokenForbiddenResponse();
	242	+ }
243	243
244		- $this->session->remove(self::stateName);
	244	+ $this->session->remove(self::stateName);
245	245
246		- try {
247		- $sessionId = $this->session->getId();
248		- } catch (SessionNotAvailableException $ex) {
249		- $response = new Response();
250		- $response->setStatus(Http::STATUS_FORBIDDEN);
251		- return $response;
252		- }
	246	+ try {
	247	+ $sessionId = $this->session->getId();
	248	+ } catch (SessionNotAvailableException $ex) {
	249	+ $response = new Response();
	250	+ $response->setStatus(Http::STATUS_FORBIDDEN);
	251	+ return $response;
	252	+ }
253	253
254		- try {
255		- $sessionToken = $this->tokenProvider->getToken($sessionId);
256		- $loginName = $sessionToken->getLoginName();
257		- try {
258		- $password = $this->tokenProvider->getPassword($sessionToken, $sessionId);
259		- } catch (PasswordlessTokenException $ex) {
260		- $password = null;
261		- }
262		- } catch (InvalidTokenException $ex) {
263		- $response = new Response();
264		- $response->setStatus(Http::STATUS_FORBIDDEN);
265		- return $response;
266		- }
	254	+ try {
	255	+ $sessionToken = $this->tokenProvider->getToken($sessionId);
	256	+ $loginName = $sessionToken->getLoginName();
	257	+ try {
	258	+ $password = $this->tokenProvider->getPassword($sessionToken, $sessionId);
	259	+ } catch (PasswordlessTokenException $ex) {
	260	+ $password = null;
	261	+ }
	262	+ } catch (InvalidTokenException $ex) {
	263	+ $response = new Response();
	264	+ $response->setStatus(Http::STATUS_FORBIDDEN);
	265	+ return $response;
	266	+ }
267	267
268		- $clientName = $this->getClientName();
269		- $client = false;
270		- if($clientIdentifier !== '') {
271		- $client = $this->clientMapper->getByIdentifier($clientIdentifier);
272		- $clientName = $client->getName();
273		- }
	268	+ $clientName = $this->getClientName();
	269	+ $client = false;
	270	+ if($clientIdentifier !== '') {
	271	+ $client = $this->clientMapper->getByIdentifier($clientIdentifier);
	272	+ $clientName = $client->getName();
	273	+ }
274	274
275		- $token = $this->random->generate(72, ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_DIGITS);
276		- $uid = $this->userSession->getUser()->getUID();
277		- $generatedToken = $this->tokenProvider->generateToken(
278		- $token,
279		- $uid,
280		- $loginName,
281		- $password,
282		- $clientName,
283		- IToken::PERMANENT_TOKEN,
284		- IToken::DO_NOT_REMEMBER
285		- );
	275	+ $token = $this->random->generate(72, ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_DIGITS);
	276	+ $uid = $this->userSession->getUser()->getUID();
	277	+ $generatedToken = $this->tokenProvider->generateToken(
	278	+ $token,
	279	+ $uid,
	280	+ $loginName,
	281	+ $password,
	282	+ $clientName,
	283	+ IToken::PERMANENT_TOKEN,
	284	+ IToken::DO_NOT_REMEMBER
	285	+ );
286	286
287		- if($client) {
288		- $code = $this->random->generate(128);
289		- $accessToken = new AccessToken();
290		- $accessToken->setClientId($client->getId());
291		- $accessToken->setEncryptedToken($this->crypto->encrypt($token, $code));
292		- $accessToken->setHashedCode(hash('sha512', $code));
293		- $accessToken->setTokenId($generatedToken->getId());
294		- $this->accessTokenMapper->insert($accessToken);
	287	+ if($client) {
	288	+ $code = $this->random->generate(128);
	289	+ $accessToken = new AccessToken();
	290	+ $accessToken->setClientId($client->getId());
	291	+ $accessToken->setEncryptedToken($this->crypto->encrypt($token, $code));
	292	+ $accessToken->setHashedCode(hash('sha512', $code));
	293	+ $accessToken->setTokenId($generatedToken->getId());
	294	+ $this->accessTokenMapper->insert($accessToken);
295	295
296		- $redirectUri = sprintf(
297		- '%s?state=%s&code=%s',
298		- $client->getRedirectUri(),
299		- urlencode($this->session->get('oauth.state')),
300		- urlencode($code)
301		- );
302		- $this->session->remove('oauth.state');
303		- } else {
304		- $redirectUri = 'nc://login/server:' . $this->request->getServerHost() . '&user:' . urlencode($loginName) . '&password:' . urlencode($token);
305		- }
	296	+ $redirectUri = sprintf(
	297	+ '%s?state=%s&code=%s',
	298	+ $client->getRedirectUri(),
	299	+ urlencode($this->session->get('oauth.state')),
	300	+ urlencode($code)
	301	+ );
	302	+ $this->session->remove('oauth.state');
	303	+ } else {
	304	+ $redirectUri = 'nc://login/server:' . $this->request->getServerHost() . '&user:' . urlencode($loginName) . '&password:' . urlencode($token);
	305	+ }
306	306
307		- return new Http\RedirectResponse($redirectUri);
308		- }
	307	+ return new Http\RedirectResponse($redirectUri);
	308	+ }
309	309	}

		@@ -30,135 +30,135 @@
		block discarded – undo
30	30
31	31	class DefaultTokenMapper extends Mapper {
32	32
33		- public function __construct(IDBConnection $db) {
34		- parent::__construct($db, 'authtoken');
35		- }
36		-
37		- /**
38		- * Invalidate (delete) a given token
39		- *
40		- * @param string $token
41		- */
42		- public function invalidate($token) {
43		- /* @var $qb IQueryBuilder */
44		- $qb = $this->db->getQueryBuilder();
45		- $qb->delete('authtoken')
46		- ->where($qb->expr()->eq('token', $qb->createParameter('token')))
47		- ->setParameter('token', $token)
48		- ->execute();
49		- }
50		-
51		- /**
52		- * @param int $olderThan
53		- * @param int $remember
54		- */
55		- public function invalidateOld($olderThan, $remember = IToken::DO_NOT_REMEMBER) {
56		- /* @var $qb IQueryBuilder */
57		- $qb = $this->db->getQueryBuilder();
58		- $qb->delete('authtoken')
59		- ->where($qb->expr()->lt('last_activity', $qb->createNamedParameter($olderThan, IQueryBuilder::PARAM_INT)))
60		- ->andWhere($qb->expr()->eq('type', $qb->createNamedParameter(IToken::TEMPORARY_TOKEN, IQueryBuilder::PARAM_INT)))
61		- ->andWhere($qb->expr()->eq('remember', $qb->createNamedParameter($remember, IQueryBuilder::PARAM_INT)))
62		- ->execute();
63		- }
64		-
65		- /**
66		- * Get the user UID for the given token
67		- *
68		- * @param string $token
69		- * @throws DoesNotExistException
70		- * @return DefaultToken
71		- */
72		- public function getToken($token) {
73		- /* @var $qb IQueryBuilder */
74		- $qb = $this->db->getQueryBuilder();
75		- $result = $qb->select('id', 'uid', 'login_name', 'password', 'name', 'type', 'remember', 'token', 'last_activity', 'last_check', 'scope')
76		- ->from('authtoken')
77		- ->where($qb->expr()->eq('token', $qb->createNamedParameter($token)))
78		- ->execute();
79		-
80		- $data = $result->fetch();
81		- $result->closeCursor();
82		- if ($data === false) {
83		- throw new DoesNotExistException('token does not exist');
84		- }
	33	+ public function __construct(IDBConnection $db) {
	34	+ parent::__construct($db, 'authtoken');
	35	+ }
	36	+
	37	+ /**
	38	+ * Invalidate (delete) a given token
	39	+ *
	40	+ * @param string $token
	41	+ */
	42	+ public function invalidate($token) {
	43	+ /* @var $qb IQueryBuilder */
	44	+ $qb = $this->db->getQueryBuilder();
	45	+ $qb->delete('authtoken')
	46	+ ->where($qb->expr()->eq('token', $qb->createParameter('token')))
	47	+ ->setParameter('token', $token)
	48	+ ->execute();
	49	+ }
	50	+
	51	+ /**
	52	+ * @param int $olderThan
	53	+ * @param int $remember
	54	+ */
	55	+ public function invalidateOld($olderThan, $remember = IToken::DO_NOT_REMEMBER) {
	56	+ /* @var $qb IQueryBuilder */
	57	+ $qb = $this->db->getQueryBuilder();
	58	+ $qb->delete('authtoken')
	59	+ ->where($qb->expr()->lt('last_activity', $qb->createNamedParameter($olderThan, IQueryBuilder::PARAM_INT)))
	60	+ ->andWhere($qb->expr()->eq('type', $qb->createNamedParameter(IToken::TEMPORARY_TOKEN, IQueryBuilder::PARAM_INT)))
	61	+ ->andWhere($qb->expr()->eq('remember', $qb->createNamedParameter($remember, IQueryBuilder::PARAM_INT)))
	62	+ ->execute();
	63	+ }
	64	+
	65	+ /**
	66	+ * Get the user UID for the given token
	67	+ *
	68	+ * @param string $token
	69	+ * @throws DoesNotExistException
	70	+ * @return DefaultToken
	71	+ */
	72	+ public function getToken($token) {
	73	+ /* @var $qb IQueryBuilder */
	74	+ $qb = $this->db->getQueryBuilder();
	75	+ $result = $qb->select('id', 'uid', 'login_name', 'password', 'name', 'type', 'remember', 'token', 'last_activity', 'last_check', 'scope')
	76	+ ->from('authtoken')
	77	+ ->where($qb->expr()->eq('token', $qb->createNamedParameter($token)))
	78	+ ->execute();
	79	+
	80	+ $data = $result->fetch();
	81	+ $result->closeCursor();
	82	+ if ($data === false) {
	83	+ throw new DoesNotExistException('token does not exist');
	84	+ }
85	85	;
86		- return DefaultToken::fromRow($data);
87		- }
88		-
89		- /**
90		- * Get the token for $id
91		- *
92		- * @param string $id
93		- * @throws DoesNotExistException
94		- * @return DefaultToken
95		- */
96		- public function getTokenById($id) {
97		- /* @var $qb IQueryBuilder */
98		- $qb = $this->db->getQueryBuilder();
99		- $result = $qb->select('id', 'uid', 'login_name', 'password', 'name', 'type', 'token', 'last_activity', 'last_check', 'scope')
100		- ->from('authtoken')
101		- ->where($qb->expr()->eq('id', $qb->createNamedParameter($id)))
102		- ->execute();
103		-
104		- $data = $result->fetch();
105		- $result->closeCursor();
106		- if ($data === false) {
107		- throw new DoesNotExistException('token does not exist');
108		- };
109		- return DefaultToken::fromRow($data);
110		- }
111		-
112		- /**
113		- * Get all token of a user
114		- *
115		- * The provider may limit the number of result rows in case of an abuse
116		- * where a high number of (session) tokens is generated
117		- *
118		- * @param IUser $user
119		- * @return DefaultToken[]
120		- */
121		- public function getTokenByUser(IUser $user) {
122		- /* @var $qb IQueryBuilder */
123		- $qb = $this->db->getQueryBuilder();
124		- $qb->select('id', 'uid', 'login_name', 'password', 'name', 'type', 'remember', 'token', 'last_activity', 'last_check', 'scope')
125		- ->from('authtoken')
126		- ->where($qb->expr()->eq('uid', $qb->createNamedParameter($user->getUID())))
127		- ->setMaxResults(1000);
128		- $result = $qb->execute();
129		- $data = $result->fetchAll();
130		- $result->closeCursor();
131		-
132		- $entities = array_map(function ($row) {
133		- return DefaultToken::fromRow($row);
134		- }, $data);
135		-
136		- return $entities;
137		- }
138		-
139		- /**
140		- * @param IUser $user
141		- * @param int $id
142		- */
143		- public function deleteById(IUser $user, $id) {
144		- /* @var $qb IQueryBuilder */
145		- $qb = $this->db->getQueryBuilder();
146		- $qb->delete('authtoken')
147		- ->where($qb->expr()->eq('id', $qb->createNamedParameter($id)))
148		- ->andWhere($qb->expr()->eq('uid', $qb->createNamedParameter($user->getUID())));
149		- $qb->execute();
150		- }
151		-
152		- /**
153		- * delete all auth token which belong to a specific client if the client was deleted
154		- *
155		- * @param string $name
156		- */
157		- public function deleteByName($name) {
158		- $qb = $this->db->getQueryBuilder();
159		- $qb->delete('authtoken')
160		- ->where($qb->expr()->eq('name', $qb->createNamedParameter($name)));
161		- $qb->execute();
162		- }
	86	+ return DefaultToken::fromRow($data);
	87	+ }
	88	+
	89	+ /**
	90	+ * Get the token for $id
	91	+ *
	92	+ * @param string $id
	93	+ * @throws DoesNotExistException
	94	+ * @return DefaultToken
	95	+ */
	96	+ public function getTokenById($id) {
	97	+ /* @var $qb IQueryBuilder */
	98	+ $qb = $this->db->getQueryBuilder();
	99	+ $result = $qb->select('id', 'uid', 'login_name', 'password', 'name', 'type', 'token', 'last_activity', 'last_check', 'scope')
	100	+ ->from('authtoken')
	101	+ ->where($qb->expr()->eq('id', $qb->createNamedParameter($id)))
	102	+ ->execute();
	103	+
	104	+ $data = $result->fetch();
	105	+ $result->closeCursor();
	106	+ if ($data === false) {
	107	+ throw new DoesNotExistException('token does not exist');
	108	+ };
	109	+ return DefaultToken::fromRow($data);
	110	+ }
	111	+
	112	+ /**
	113	+ * Get all token of a user
	114	+ *
	115	+ * The provider may limit the number of result rows in case of an abuse
	116	+ * where a high number of (session) tokens is generated
	117	+ *
	118	+ * @param IUser $user
	119	+ * @return DefaultToken[]
	120	+ */
	121	+ public function getTokenByUser(IUser $user) {
	122	+ /* @var $qb IQueryBuilder */
	123	+ $qb = $this->db->getQueryBuilder();
	124	+ $qb->select('id', 'uid', 'login_name', 'password', 'name', 'type', 'remember', 'token', 'last_activity', 'last_check', 'scope')
	125	+ ->from('authtoken')
	126	+ ->where($qb->expr()->eq('uid', $qb->createNamedParameter($user->getUID())))
	127	+ ->setMaxResults(1000);
	128	+ $result = $qb->execute();
	129	+ $data = $result->fetchAll();
	130	+ $result->closeCursor();
	131	+
	132	+ $entities = array_map(function ($row) {
	133	+ return DefaultToken::fromRow($row);
	134	+ }, $data);
	135	+
	136	+ return $entities;
	137	+ }
	138	+
	139	+ /**
	140	+ * @param IUser $user
	141	+ * @param int $id
	142	+ */
	143	+ public function deleteById(IUser $user, $id) {
	144	+ /* @var $qb IQueryBuilder */
	145	+ $qb = $this->db->getQueryBuilder();
	146	+ $qb->delete('authtoken')
	147	+ ->where($qb->expr()->eq('id', $qb->createNamedParameter($id)))
	148	+ ->andWhere($qb->expr()->eq('uid', $qb->createNamedParameter($user->getUID())));
	149	+ $qb->execute();
	150	+ }
	151	+
	152	+ /**
	153	+ * delete all auth token which belong to a specific client if the client was deleted
	154	+ *
	155	+ * @param string $name
	156	+ */
	157	+ public function deleteByName($name) {
	158	+ $qb = $this->db->getQueryBuilder();
	159	+ $qb->delete('authtoken')
	160	+ ->where($qb->expr()->eq('name', $qb->createNamedParameter($name)));
	161	+ $qb->execute();
	162	+ }
163	163
164	164	}

nextcloud / server

Pull Request — master (#4704)

Status

Category

Indentation +44 added lines, -44 removed lines patch added patch discarded remove patch

Indentation +52 added lines, -52 removed lines patch added patch discarded remove patch

Indentation +243 added lines, -243 removed lines patch added patch discarded remove patch

Indentation +129 added lines, -129 removed lines patch added patch discarded remove patch