nextcloud / server

lib/private/Authentication/Token/PublicKeyTokenProvider.php

Indentation +337 added lines, -337 removed lines

@@ -34,341 +34,341 @@
 use OCP\Security\ICrypto;
 
 class PublicKeyTokenProvider implements IProvider {
-	/** @var PublicKeyTokenMapper */
-	private $mapper;
-
-	/** @var ICrypto */
-	private $crypto;
-
-	/** @var IConfig */
-	private $config;
-
-	/** @var ILogger $logger */
-	private $logger;
-
-	/** @var ITimeFactory $time */
-	private $time;
-
-	public function __construct(PublicKeyTokenMapper $mapper,
-								ICrypto $crypto,
-								IConfig $config,
-								ILogger $logger,
-								ITimeFactory $time) {
-		$this->mapper = $mapper;
-		$this->crypto = $crypto;
-		$this->config = $config;
-		$this->logger = $logger;
-		$this->time = $time;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public function generateToken(string $token,
-								  string $uid,
-								  string $loginName,
-								  $password,
-								  string $name,
-								  int $type = IToken::TEMPORARY_TOKEN,
-								  int $remember = IToken::DO_NOT_REMEMBER): IToken {
-		$dbToken = $this->newToken($token, $uid, $loginName, $password, $name, $type, $remember);
-
-		$this->mapper->insert($dbToken);
-
-		return $dbToken;
-	}
-
-	public function getToken(string $tokenId): IToken {
-		try {
-			$token = $this->mapper->getToken($this->hashToken($tokenId));
-		} catch (DoesNotExistException $ex) {
-			throw new InvalidTokenException();
-		}
-
-		if ((int)$token->getExpires() !== 0 && $token->getExpires() < $this->time->getTime()) {
-			throw new ExpiredTokenException($token);
-		}
-
-		if ($token->getType() === IToken::WIPE_TOKEN) {
-			throw new WipeTokenException($token);
-		}
-
-		return $token;
-	}
-
-	public function getTokenById(int $tokenId): IToken {
-		try {
-			$token = $this->mapper->getTokenById($tokenId);
-		} catch (DoesNotExistException $ex) {
-			throw new InvalidTokenException();
-		}
-
-		if ((int)$token->getExpires() !== 0 && $token->getExpires() < $this->time->getTime()) {
-			throw new ExpiredTokenException($token);
-		}
-
-		if ($token->getType() === IToken::WIPE_TOKEN) {
-			throw new WipeTokenException($token);
-		}
-
-		return $token;
-	}
-
-	public function renewSessionToken(string $oldSessionId, string $sessionId) {
-		$token = $this->getToken($oldSessionId);
-
-		if (!($token instanceof PublicKeyToken)) {
-			throw new InvalidTokenException();
-		}
-
-		$password = null;
-		if (!is_null($token->getPassword())) {
-			$privateKey = $this->decrypt($token->getPrivateKey(), $oldSessionId);
-			$password = $this->decryptPassword($token->getPassword(), $privateKey);
-		}
-
-		$this->generateToken(
-			$sessionId,
-			$token->getUID(),
-			$token->getLoginName(),
-			$password,
-			$token->getName(),
-			IToken::TEMPORARY_TOKEN,
-			$token->getRemember()
-		);
-
-		$this->mapper->delete($token);
-	}
-
-	public function invalidateToken(string $token) {
-		$this->mapper->invalidate($this->hashToken($token));
-	}
-
-	public function invalidateTokenById(string $uid, int $id) {
-		$this->mapper->deleteById($uid, $id);
-	}
-
-	public function invalidateOldTokens() {
-		$olderThan = $this->time->getTime() - (int) $this->config->getSystemValue('session_lifetime', 60 * 60 * 24);
-		$this->logger->debug('Invalidating session tokens older than ' . date('c', $olderThan), ['app' => 'cron']);
-		$this->mapper->invalidateOld($olderThan, IToken::DO_NOT_REMEMBER);
-		$rememberThreshold = $this->time->getTime() - (int) $this->config->getSystemValue('remember_login_cookie_lifetime', 60 * 60 * 24 * 15);
-		$this->logger->debug('Invalidating remembered session tokens older than ' . date('c', $rememberThreshold), ['app' => 'cron']);
-		$this->mapper->invalidateOld($rememberThreshold, IToken::REMEMBER);
-	}
-
-	public function updateToken(IToken $token) {
-		if (!($token instanceof PublicKeyToken)) {
-			throw new InvalidTokenException();
-		}
-		$this->mapper->update($token);
-	}
-
-	public function updateTokenActivity(IToken $token) {
-		if (!($token instanceof PublicKeyToken)) {
-			throw new InvalidTokenException();
-		}
-		/** @var DefaultToken $token */
-		$now = $this->time->getTime();
-		if ($token->getLastActivity() < ($now - 60)) {
-			// Update token only once per minute
-			$token->setLastActivity($now);
-			$this->mapper->update($token);
-		}
-	}
-
-	public function getTokenByUser(string $uid): array {
-		return $this->mapper->getTokenByUser($uid);
-	}
-
-	public function getPassword(IToken $token, string $tokenId): string {
-		if (!($token instanceof PublicKeyToken)) {
-			throw new InvalidTokenException();
-		}
-
-		if ($token->getPassword() === null) {
-			throw new PasswordlessTokenException();
-		}
-
-		// Decrypt private key with tokenId
-		$privateKey = $this->decrypt($token->getPrivateKey(), $tokenId);
-
-		// Decrypt password with private key
-		return $this->decryptPassword($token->getPassword(), $privateKey);
-	}
-
-	public function setPassword(IToken $token, string $tokenId, string $password) {
-		if (!($token instanceof PublicKeyToken)) {
-			throw new InvalidTokenException();
-		}
-
-		// When changing passwords all temp tokens are deleted
-		$this->mapper->deleteTempToken($token);
-
-		// Update the password for all tokens
-		$tokens = $this->mapper->getTokenByUser($token->getUID());
-		foreach ($tokens as $t) {
-			$publicKey = $t->getPublicKey();
-			$t->setPassword($this->encryptPassword($password, $publicKey));
-			$this->updateToken($t);
-		}
-	}
-
-	public function rotate(IToken $token, string $oldTokenId, string $newTokenId): IToken {
-		if (!($token instanceof PublicKeyToken)) {
-			throw new InvalidTokenException();
-		}
-
-		// Decrypt private key with oldTokenId
-		$privateKey = $this->decrypt($token->getPrivateKey(), $oldTokenId);
-		// Encrypt with the new token
-		$token->setPrivateKey($this->encrypt($privateKey, $newTokenId));
-
-		$token->setToken($this->hashToken($newTokenId));
-		$this->updateToken($token);
-
-		return $token;
-	}
-
-	private function encrypt(string $plaintext, string $token): string {
-		$secret = $this->config->getSystemValue('secret');
-		return $this->crypto->encrypt($plaintext, $token . $secret);
-	}
-
-	/**
-	 * @throws InvalidTokenException
-	 */
-	private function decrypt(string $cipherText, string $token): string {
-		$secret = $this->config->getSystemValue('secret');
-		try {
-			return $this->crypto->decrypt($cipherText, $token . $secret);
-		} catch (\Exception $ex) {
-			// Delete the invalid token
-			$this->invalidateToken($token);
-			throw new InvalidTokenException();
-		}
-	}
-
-	private function encryptPassword(string $password, string $publicKey): string {
-		openssl_public_encrypt($password, $encryptedPassword, $publicKey, OPENSSL_PKCS1_OAEP_PADDING);
-		$encryptedPassword = base64_encode($encryptedPassword);
-
-		return $encryptedPassword;
-	}
-
-	private function decryptPassword(string $encryptedPassword, string $privateKey): string {
-		$encryptedPassword = base64_decode($encryptedPassword);
-		openssl_private_decrypt($encryptedPassword, $password, $privateKey, OPENSSL_PKCS1_OAEP_PADDING);
-
-		return $password;
-	}
-
-	private function hashToken(string $token): string {
-		$secret = $this->config->getSystemValue('secret');
-		return hash('sha512', $token . $secret);
-	}
-
-	/**
-	 * Convert a DefaultToken to a publicKeyToken
-	 * This will also be updated directly in the Database
-	 * @throws \RuntimeException when OpenSSL reports a problem
-	 */
-	public function convertToken(DefaultToken $defaultToken, string $token, $password): PublicKeyToken {
-		$pkToken = $this->newToken(
-			$token,
-			$defaultToken->getUID(),
-			$defaultToken->getLoginName(),
-			$password,
-			$defaultToken->getName(),
-			$defaultToken->getType(),
-			$defaultToken->getRemember()
-		);
-
-		$pkToken->setExpires($defaultToken->getExpires());
-		$pkToken->setId($defaultToken->getId());
-
-		return $this->mapper->update($pkToken);
-	}
-
-	/**
-	 * @throws \RuntimeException when OpenSSL reports a problem
-	 */
-	private function newToken(string $token,
-							  string $uid,
-							  string $loginName,
-							  $password,
-							  string $name,
-							  int $type,
-							  int $remember): PublicKeyToken {
-		$dbToken = new PublicKeyToken();
-		$dbToken->setUid($uid);
-		$dbToken->setLoginName($loginName);
-
-		$config = array_merge([
-			'digest_alg' => 'sha512',
-			'private_key_bits' => 2048,
-		], $this->config->getSystemValue('openssl', []));
-
-		// Generate new key
-		$res = openssl_pkey_new($config);
-		if ($res === false) {
-			$this->logOpensslError();
-			throw new \RuntimeException('OpenSSL reported a problem');
-		}
-
-		openssl_pkey_export($res, $privateKey);
-
-		// Extract the public key from $res to $pubKey
-		$publicKey = openssl_pkey_get_details($res);
-		$publicKey = $publicKey['key'];
-
-		$dbToken->setPublicKey($publicKey);
-		$dbToken->setPrivateKey($this->encrypt($privateKey, $token));
-
-		if (!is_null($password)) {
-			$dbToken->setPassword($this->encryptPassword($password, $publicKey));
-		}
-
-		$dbToken->setName($name);
-		$dbToken->setToken($this->hashToken($token));
-		$dbToken->setType($type);
-		$dbToken->setRemember($remember);
-		$dbToken->setLastActivity($this->time->getTime());
-		$dbToken->setLastCheck($this->time->getTime());
-		$dbToken->setVersion(PublicKeyToken::VERSION);
-
-		return $dbToken;
-	}
-
-	public function markPasswordInvalid(IToken $token, string $tokenId) {
-		if (!($token instanceof PublicKeyToken)) {
-			throw new InvalidTokenException();
-		}
-
-		$token->setPasswordInvalid(true);
-		$this->mapper->update($token);
-	}
-
-	public function updatePasswords(string $uid, string $password) {
-		if (!$this->mapper->hasExpiredTokens($uid)) {
-			// Nothing to do here
-			return;
-		}
-
-		// Update the password for all tokens
-		$tokens = $this->mapper->getTokenByUser($uid);
-		foreach ($tokens as $t) {
-			$publicKey = $t->getPublicKey();
-			$t->setPassword($this->encryptPassword($password, $publicKey));
-			$this->updateToken($t);
-		}
-	}
-
-	private function logOpensslError() {
-		$errors = [];
-		while ($error = openssl_error_string()) {
-			$errors[] = $error;
-		}
-		$this->logger->critical('Something is wrong with your openssl setup: ' . implode(', ', $errors));
-	}
+    /** @var PublicKeyTokenMapper */
+    private $mapper;
+
+    /** @var ICrypto */
+    private $crypto;
+
+    /** @var IConfig */
+    private $config;
+
+    /** @var ILogger $logger */
+    private $logger;
+
+    /** @var ITimeFactory $time */
+    private $time;
+
+    public function __construct(PublicKeyTokenMapper $mapper,
+                                ICrypto $crypto,
+                                IConfig $config,
+                                ILogger $logger,
+                                ITimeFactory $time) {
+        $this->mapper = $mapper;
+        $this->crypto = $crypto;
+        $this->config = $config;
+        $this->logger = $logger;
+        $this->time = $time;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public function generateToken(string $token,
+                                    string $uid,
+                                    string $loginName,
+                                    $password,
+                                    string $name,
+                                    int $type = IToken::TEMPORARY_TOKEN,
+                                    int $remember = IToken::DO_NOT_REMEMBER): IToken {
+        $dbToken = $this->newToken($token, $uid, $loginName, $password, $name, $type, $remember);
+
+        $this->mapper->insert($dbToken);
+
+        return $dbToken;
+    }
+
+    public function getToken(string $tokenId): IToken {
+        try {
+            $token = $this->mapper->getToken($this->hashToken($tokenId));
+        } catch (DoesNotExistException $ex) {
+            throw new InvalidTokenException();
+        }
+
+        if ((int)$token->getExpires() !== 0 && $token->getExpires() < $this->time->getTime()) {
+            throw new ExpiredTokenException($token);
+        }
+
+        if ($token->getType() === IToken::WIPE_TOKEN) {
+            throw new WipeTokenException($token);
+        }
+
+        return $token;
+    }
+
+    public function getTokenById(int $tokenId): IToken {
+        try {
+            $token = $this->mapper->getTokenById($tokenId);
+        } catch (DoesNotExistException $ex) {
+            throw new InvalidTokenException();
+        }
+
+        if ((int)$token->getExpires() !== 0 && $token->getExpires() < $this->time->getTime()) {
+            throw new ExpiredTokenException($token);
+        }
+
+        if ($token->getType() === IToken::WIPE_TOKEN) {
+            throw new WipeTokenException($token);
+        }
+
+        return $token;
+    }
+
+    public function renewSessionToken(string $oldSessionId, string $sessionId) {
+        $token = $this->getToken($oldSessionId);
+
+        if (!($token instanceof PublicKeyToken)) {
+            throw new InvalidTokenException();
+        }
+
+        $password = null;
+        if (!is_null($token->getPassword())) {
+            $privateKey = $this->decrypt($token->getPrivateKey(), $oldSessionId);
+            $password = $this->decryptPassword($token->getPassword(), $privateKey);
+        }
+
+        $this->generateToken(
+            $sessionId,
+            $token->getUID(),
+            $token->getLoginName(),
+            $password,
+            $token->getName(),
+            IToken::TEMPORARY_TOKEN,
+            $token->getRemember()
+        );
+
+        $this->mapper->delete($token);
+    }
+
+    public function invalidateToken(string $token) {
+        $this->mapper->invalidate($this->hashToken($token));
+    }
+
+    public function invalidateTokenById(string $uid, int $id) {
+        $this->mapper->deleteById($uid, $id);
+    }
+
+    public function invalidateOldTokens() {
+        $olderThan = $this->time->getTime() - (int) $this->config->getSystemValue('session_lifetime', 60 * 60 * 24);
+        $this->logger->debug('Invalidating session tokens older than ' . date('c', $olderThan), ['app' => 'cron']);
+        $this->mapper->invalidateOld($olderThan, IToken::DO_NOT_REMEMBER);
+        $rememberThreshold = $this->time->getTime() - (int) $this->config->getSystemValue('remember_login_cookie_lifetime', 60 * 60 * 24 * 15);
+        $this->logger->debug('Invalidating remembered session tokens older than ' . date('c', $rememberThreshold), ['app' => 'cron']);
+        $this->mapper->invalidateOld($rememberThreshold, IToken::REMEMBER);
+    }
+
+    public function updateToken(IToken $token) {
+        if (!($token instanceof PublicKeyToken)) {
+            throw new InvalidTokenException();
+        }
+        $this->mapper->update($token);
+    }
+
+    public function updateTokenActivity(IToken $token) {
+        if (!($token instanceof PublicKeyToken)) {
+            throw new InvalidTokenException();
+        }
+        /** @var DefaultToken $token */
+        $now = $this->time->getTime();
+        if ($token->getLastActivity() < ($now - 60)) {
+            // Update token only once per minute
+            $token->setLastActivity($now);
+            $this->mapper->update($token);
+        }
+    }
+
+    public function getTokenByUser(string $uid): array {
+        return $this->mapper->getTokenByUser($uid);
+    }
+
+    public function getPassword(IToken $token, string $tokenId): string {
+        if (!($token instanceof PublicKeyToken)) {
+            throw new InvalidTokenException();
+        }
+
+        if ($token->getPassword() === null) {
+            throw new PasswordlessTokenException();
+        }
+
+        // Decrypt private key with tokenId
+        $privateKey = $this->decrypt($token->getPrivateKey(), $tokenId);
+
+        // Decrypt password with private key
+        return $this->decryptPassword($token->getPassword(), $privateKey);
+    }
+
+    public function setPassword(IToken $token, string $tokenId, string $password) {
+        if (!($token instanceof PublicKeyToken)) {
+            throw new InvalidTokenException();
+        }
+
+        // When changing passwords all temp tokens are deleted
+        $this->mapper->deleteTempToken($token);
+
+        // Update the password for all tokens
+        $tokens = $this->mapper->getTokenByUser($token->getUID());
+        foreach ($tokens as $t) {
+            $publicKey = $t->getPublicKey();
+            $t->setPassword($this->encryptPassword($password, $publicKey));
+            $this->updateToken($t);
+        }
+    }
+
+    public function rotate(IToken $token, string $oldTokenId, string $newTokenId): IToken {
+        if (!($token instanceof PublicKeyToken)) {
+            throw new InvalidTokenException();
+        }
+
+        // Decrypt private key with oldTokenId
+        $privateKey = $this->decrypt($token->getPrivateKey(), $oldTokenId);
+        // Encrypt with the new token
+        $token->setPrivateKey($this->encrypt($privateKey, $newTokenId));
+
+        $token->setToken($this->hashToken($newTokenId));
+        $this->updateToken($token);
+
+        return $token;
+    }
+
+    private function encrypt(string $plaintext, string $token): string {
+        $secret = $this->config->getSystemValue('secret');
+        return $this->crypto->encrypt($plaintext, $token . $secret);
+    }
+
+    /**
+     * @throws InvalidTokenException
+     */
+    private function decrypt(string $cipherText, string $token): string {
+        $secret = $this->config->getSystemValue('secret');
+        try {
+            return $this->crypto->decrypt($cipherText, $token . $secret);
+        } catch (\Exception $ex) {
+            // Delete the invalid token
+            $this->invalidateToken($token);
+            throw new InvalidTokenException();
+        }
+    }
+
+    private function encryptPassword(string $password, string $publicKey): string {
+        openssl_public_encrypt($password, $encryptedPassword, $publicKey, OPENSSL_PKCS1_OAEP_PADDING);
+        $encryptedPassword = base64_encode($encryptedPassword);
+
+        return $encryptedPassword;
+    }
+
+    private function decryptPassword(string $encryptedPassword, string $privateKey): string {
+        $encryptedPassword = base64_decode($encryptedPassword);
+        openssl_private_decrypt($encryptedPassword, $password, $privateKey, OPENSSL_PKCS1_OAEP_PADDING);
+
+        return $password;
+    }
+
+    private function hashToken(string $token): string {
+        $secret = $this->config->getSystemValue('secret');
+        return hash('sha512', $token . $secret);
+    }
+
+    /**
+     * Convert a DefaultToken to a publicKeyToken
+     * This will also be updated directly in the Database
+     * @throws \RuntimeException when OpenSSL reports a problem
+     */
+    public function convertToken(DefaultToken $defaultToken, string $token, $password): PublicKeyToken {
+        $pkToken = $this->newToken(
+            $token,
+            $defaultToken->getUID(),
+            $defaultToken->getLoginName(),
+            $password,
+            $defaultToken->getName(),
+            $defaultToken->getType(),
+            $defaultToken->getRemember()
+        );
+
+        $pkToken->setExpires($defaultToken->getExpires());
+        $pkToken->setId($defaultToken->getId());
+
+        return $this->mapper->update($pkToken);
+    }
+
+    /**
+     * @throws \RuntimeException when OpenSSL reports a problem
+     */
+    private function newToken(string $token,
+                                string $uid,
+                                string $loginName,
+                                $password,
+                                string $name,
+                                int $type,
+                                int $remember): PublicKeyToken {
+        $dbToken = new PublicKeyToken();
+        $dbToken->setUid($uid);
+        $dbToken->setLoginName($loginName);
+
+        $config = array_merge([
+            'digest_alg' => 'sha512',
+            'private_key_bits' => 2048,
+        ], $this->config->getSystemValue('openssl', []));
+
+        // Generate new key
+        $res = openssl_pkey_new($config);
+        if ($res === false) {
+            $this->logOpensslError();
+            throw new \RuntimeException('OpenSSL reported a problem');
+        }
+
+        openssl_pkey_export($res, $privateKey);
+
+        // Extract the public key from $res to $pubKey
+        $publicKey = openssl_pkey_get_details($res);
+        $publicKey = $publicKey['key'];
+
+        $dbToken->setPublicKey($publicKey);
+        $dbToken->setPrivateKey($this->encrypt($privateKey, $token));
+
+        if (!is_null($password)) {
+            $dbToken->setPassword($this->encryptPassword($password, $publicKey));
+        }
+
+        $dbToken->setName($name);
+        $dbToken->setToken($this->hashToken($token));
+        $dbToken->setType($type);
+        $dbToken->setRemember($remember);
+        $dbToken->setLastActivity($this->time->getTime());
+        $dbToken->setLastCheck($this->time->getTime());
+        $dbToken->setVersion(PublicKeyToken::VERSION);
+
+        return $dbToken;
+    }
+
+    public function markPasswordInvalid(IToken $token, string $tokenId) {
+        if (!($token instanceof PublicKeyToken)) {
+            throw new InvalidTokenException();
+        }
+
+        $token->setPasswordInvalid(true);
+        $this->mapper->update($token);
+    }
+
+    public function updatePasswords(string $uid, string $password) {
+        if (!$this->mapper->hasExpiredTokens($uid)) {
+            // Nothing to do here
+            return;
+        }
+
+        // Update the password for all tokens
+        $tokens = $this->mapper->getTokenByUser($uid);
+        foreach ($tokens as $t) {
+            $publicKey = $t->getPublicKey();
+            $t->setPassword($this->encryptPassword($password, $publicKey));
+            $this->updateToken($t);
+        }
+    }
+
+    private function logOpensslError() {
+        $errors = [];
+        while ($error = openssl_error_string()) {
+            $errors[] = $error;
+        }
+        $this->logger->critical('Something is wrong with your openssl setup: ' . implode(', ', $errors));
+    }
 }

lib/private/Authentication/Token/IProvider.php

Indentation +145 added lines, -145 removed lines

@@ -34,149 +34,149 @@
 interface IProvider {
 
 
-	/**
-	 * Create and persist a new token
-	 *
-	 * @param string $token
-	 * @param string $uid
-	 * @param string $loginName
-	 * @param string|null $password
-	 * @param string $name
-	 * @param int $type token type
-	 * @param int $remember whether the session token should be used for remember-me
-	 * @return IToken
-	 * @throws \RuntimeException when OpenSSL reports a problem
-	 */
-	public function generateToken(string $token,
-								  string $uid,
-								  string $loginName,
-								  $password,
-								  string $name,
-								  int $type = IToken::TEMPORARY_TOKEN,
-								  int $remember = IToken::DO_NOT_REMEMBER): IToken;
-
-	/**
-	 * Get a token by token id
-	 *
-	 * @param string $tokenId
-	 * @throws InvalidTokenException
-	 * @throws ExpiredTokenException
-	 * @throws WipeTokenException
-	 * @return IToken
-	 */
-	public function getToken(string $tokenId): IToken;
-
-	/**
-	 * Get a token by token id
-	 *
-	 * @param int $tokenId
-	 * @throws InvalidTokenException
-	 * @throws ExpiredTokenException
-	 * @throws WipeTokenException
-	 * @return IToken
-	 */
-	public function getTokenById(int $tokenId): IToken;
-
-	/**
-	 * Duplicate an existing session token
-	 *
-	 * @param string $oldSessionId
-	 * @param string $sessionId
-	 * @throws InvalidTokenException
-	 * @throws \RuntimeException when OpenSSL reports a problem
-	 */
-	public function renewSessionToken(string $oldSessionId, string $sessionId);
-
-	/**
-	 * Invalidate (delete) the given session token
-	 *
-	 * @param string $token
-	 */
-	public function invalidateToken(string $token);
-
-	/**
-	 * Invalidate (delete) the given token
-	 *
-	 * @param string $uid
-	 * @param int $id
-	 */
-	public function invalidateTokenById(string $uid, int $id);
-
-	/**
-	 * Invalidate (delete) old session tokens
-	 */
-	public function invalidateOldTokens();
-
-	/**
-	 * Save the updated token
-	 *
-	 * @param IToken $token
-	 */
-	public function updateToken(IToken $token);
-
-	/**
-	 * Update token activity timestamp
-	 *
-	 * @param IToken $token
-	 */
-	public function updateTokenActivity(IToken $token);
-
-	/**
-	 * Get all tokens of a user
-	 *
-	 * The provider may limit the number of result rows in case of an abuse
-	 * where a high number of (session) tokens is generated
-	 *
-	 * @param string $uid
-	 * @return IToken[]
-	 */
-	public function getTokenByUser(string $uid): array;
-
-	/**
-	 * Get the (unencrypted) password of the given token
-	 *
-	 * @param IToken $token
-	 * @param string $tokenId
-	 * @throws InvalidTokenException
-	 * @throws PasswordlessTokenException
-	 * @return string
-	 */
-	public function getPassword(IToken $token, string $tokenId): string;
-
-	/**
-	 * Encrypt and set the password of the given token
-	 *
-	 * @param IToken $token
-	 * @param string $tokenId
-	 * @param string $password
-	 * @throws InvalidTokenException
-	 */
-	public function setPassword(IToken $token, string $tokenId, string $password);
-
-	/**
-	 * Rotate the token. Usefull for for example oauth tokens
-	 *
-	 * @param IToken $token
-	 * @param string $oldTokenId
-	 * @param string $newTokenId
-	 * @return IToken
-	 * @throws \RuntimeException when OpenSSL reports a problem
-	 */
-	public function rotate(IToken $token, string $oldTokenId, string $newTokenId): IToken;
-
-	/**
-	 * Marks a token as having an invalid password.
-	 *
-	 * @param IToken $token
-	 * @param string $tokenId
-	 */
-	public function markPasswordInvalid(IToken $token, string $tokenId);
-
-	/**
-	 * Update all the passwords of $uid if required
-	 *
-	 * @param string $uid
-	 * @param string $password
-	 */
-	public function updatePasswords(string $uid, string $password);
+    /**
+     * Create and persist a new token
+     *
+     * @param string $token
+     * @param string $uid
+     * @param string $loginName
+     * @param string|null $password
+     * @param string $name
+     * @param int $type token type
+     * @param int $remember whether the session token should be used for remember-me
+     * @return IToken
+     * @throws \RuntimeException when OpenSSL reports a problem
+     */
+    public function generateToken(string $token,
+                                    string $uid,
+                                    string $loginName,
+                                    $password,
+                                    string $name,
+                                    int $type = IToken::TEMPORARY_TOKEN,
+                                    int $remember = IToken::DO_NOT_REMEMBER): IToken;
+
+    /**
+     * Get a token by token id
+     *
+     * @param string $tokenId
+     * @throws InvalidTokenException
+     * @throws ExpiredTokenException
+     * @throws WipeTokenException
+     * @return IToken
+     */
+    public function getToken(string $tokenId): IToken;
+
+    /**
+     * Get a token by token id
+     *
+     * @param int $tokenId
+     * @throws InvalidTokenException
+     * @throws ExpiredTokenException
+     * @throws WipeTokenException
+     * @return IToken
+     */
+    public function getTokenById(int $tokenId): IToken;
+
+    /**
+     * Duplicate an existing session token
+     *
+     * @param string $oldSessionId
+     * @param string $sessionId
+     * @throws InvalidTokenException
+     * @throws \RuntimeException when OpenSSL reports a problem
+     */
+    public function renewSessionToken(string $oldSessionId, string $sessionId);
+
+    /**
+     * Invalidate (delete) the given session token
+     *
+     * @param string $token
+     */
+    public function invalidateToken(string $token);
+
+    /**
+     * Invalidate (delete) the given token
+     *
+     * @param string $uid
+     * @param int $id
+     */
+    public function invalidateTokenById(string $uid, int $id);
+
+    /**
+     * Invalidate (delete) old session tokens
+     */
+    public function invalidateOldTokens();
+
+    /**
+     * Save the updated token
+     *
+     * @param IToken $token
+     */
+    public function updateToken(IToken $token);
+
+    /**
+     * Update token activity timestamp
+     *
+     * @param IToken $token
+     */
+    public function updateTokenActivity(IToken $token);
+
+    /**
+     * Get all tokens of a user
+     *
+     * The provider may limit the number of result rows in case of an abuse
+     * where a high number of (session) tokens is generated
+     *
+     * @param string $uid
+     * @return IToken[]
+     */
+    public function getTokenByUser(string $uid): array;
+
+    /**
+     * Get the (unencrypted) password of the given token
+     *
+     * @param IToken $token
+     * @param string $tokenId
+     * @throws InvalidTokenException
+     * @throws PasswordlessTokenException
+     * @return string
+     */
+    public function getPassword(IToken $token, string $tokenId): string;
+
+    /**
+     * Encrypt and set the password of the given token
+     *
+     * @param IToken $token
+     * @param string $tokenId
+     * @param string $password
+     * @throws InvalidTokenException
+     */
+    public function setPassword(IToken $token, string $tokenId, string $password);
+
+    /**
+     * Rotate the token. Usefull for for example oauth tokens
+     *
+     * @param IToken $token
+     * @param string $oldTokenId
+     * @param string $newTokenId
+     * @return IToken
+     * @throws \RuntimeException when OpenSSL reports a problem
+     */
+    public function rotate(IToken $token, string $oldTokenId, string $newTokenId): IToken;
+
+    /**
+     * Marks a token as having an invalid password.
+     *
+     * @param IToken $token
+     * @param string $tokenId
+     */
+    public function markPasswordInvalid(IToken $token, string $tokenId);
+
+    /**
+     * Update all the passwords of $uid if required
+     *
+     * @param string $uid
+     * @param string $password
+     */
+    public function updatePasswords(string $uid, string $password);
 }

lib/private/Authentication/Token/Manager.php

Indentation +221 added lines, -221 removed lines

@@ -30,227 +30,227 @@
 
 class Manager implements IProvider {
 
-	/** @var DefaultTokenProvider */
-	private $defaultTokenProvider;
-
-	/** @var PublicKeyTokenProvider */
-	private $publicKeyTokenProvider;
-
-	public function __construct(DefaultTokenProvider $defaultTokenProvider, PublicKeyTokenProvider $publicKeyTokenProvider) {
-		$this->defaultTokenProvider = $defaultTokenProvider;
-		$this->publicKeyTokenProvider = $publicKeyTokenProvider;
-	}
-
-	/**
-	 * Create and persist a new token
-	 *
-	 * @param string $token
-	 * @param string $uid
-	 * @param string $loginName
-	 * @param string|null $password
-	 * @param string $name
-	 * @param int $type token type
-	 * @param int $remember whether the session token should be used for remember-me
-	 * @return IToken
-	 */
-	public function generateToken(string $token,
-								  string $uid,
-								  string $loginName,
-								  $password,
-								  string $name,
-								  int $type = IToken::TEMPORARY_TOKEN,
-								  int $remember = IToken::DO_NOT_REMEMBER): IToken {
-		return $this->publicKeyTokenProvider->generateToken(
-			$token,
-			$uid,
-			$loginName,
-			$password,
-			$name,
-			$type,
-			$remember
-		);
-	}
-
-	/**
-	 * Save the updated token
-	 *
-	 * @param IToken $token
-	 * @throws InvalidTokenException
-	 */
-	public function updateToken(IToken $token) {
-		$provider = $this->getProvider($token);
-		$provider->updateToken($token);
-	}
-
-	/**
-	 * Update token activity timestamp
-	 *
-	 * @throws InvalidTokenException
-	 * @param IToken $token
-	 */
-	public function updateTokenActivity(IToken $token) {
-		$provider = $this->getProvider($token);
-		$provider->updateTokenActivity($token);
-	}
-
-	/**
-	 * @param string $uid
-	 * @return IToken[]
-	 */
-	public function getTokenByUser(string $uid): array {
-		$old = $this->defaultTokenProvider->getTokenByUser($uid);
-		$new = $this->publicKeyTokenProvider->getTokenByUser($uid);
-
-		return array_merge($old, $new);
-	}
-
-	/**
-	 * Get a token by token
-	 *
-	 * @param string $tokenId
-	 * @throws InvalidTokenException
-	 * @throws \RuntimeException when OpenSSL reports a problem
-	 * @return IToken
-	 */
-	public function getToken(string $tokenId): IToken {
-		try {
-			return $this->publicKeyTokenProvider->getToken($tokenId);
-		} catch (WipeTokenException $e) {
-			throw $e;
-		} catch (ExpiredTokenException $e) {
-			throw $e;
-		} catch(InvalidTokenException $e) {
-			// No worries we try to convert it to a PublicKey Token
-		}
-
-		//Convert!
-		$token = $this->defaultTokenProvider->getToken($tokenId);
-
-		try {
-			$password = $this->defaultTokenProvider->getPassword($token, $tokenId);
-		} catch (PasswordlessTokenException $e) {
-			$password = null;
-		}
-
-		return $this->publicKeyTokenProvider->convertToken($token, $tokenId, $password);
-	}
-
-	/**
-	 * Get a token by token id
-	 *
-	 * @param int $tokenId
-	 * @throws InvalidTokenException
-	 * @return IToken
-	 */
-	public function getTokenById(int $tokenId): IToken {
-		try {
-			return $this->publicKeyTokenProvider->getTokenById($tokenId);
-		} catch (ExpiredTokenException $e) {
-			throw $e;
-		} catch (WipeTokenException $e) {
-			throw $e;
-		} catch (InvalidTokenException $e) {
-			return $this->defaultTokenProvider->getTokenById($tokenId);
-		}
-	}
-
-	/**
-	 * @param string $oldSessionId
-	 * @param string $sessionId
-	 * @throws InvalidTokenException
-	 */
-	public function renewSessionToken(string $oldSessionId, string $sessionId) {
-		try {
-			$this->publicKeyTokenProvider->renewSessionToken($oldSessionId, $sessionId);
-		} catch (ExpiredTokenException $e) {
-			throw $e;
-		} catch (InvalidTokenException $e) {
-			$this->defaultTokenProvider->renewSessionToken($oldSessionId, $sessionId);
-		}
-	}
-
-	/**
-	 * @param IToken $savedToken
-	 * @param string $tokenId session token
-	 * @throws InvalidTokenException
-	 * @throws PasswordlessTokenException
-	 * @return string
-	 */
-	public function getPassword(IToken $savedToken, string $tokenId): string {
-		$provider = $this->getProvider($savedToken);
-		return $provider->getPassword($savedToken, $tokenId);
-	}
-
-	public function setPassword(IToken $token, string $tokenId, string $password) {
-		$provider = $this->getProvider($token);
-		$provider->setPassword($token, $tokenId, $password);
-	}
-
-	public function invalidateToken(string $token) {
-		$this->defaultTokenProvider->invalidateToken($token);
-		$this->publicKeyTokenProvider->invalidateToken($token);
-	}
-
-	public function invalidateTokenById(string $uid, int $id) {
-		$this->defaultTokenProvider->invalidateTokenById($uid, $id);
-		$this->publicKeyTokenProvider->invalidateTokenById($uid, $id);
-	}
-
-	public function invalidateOldTokens() {
-		$this->defaultTokenProvider->invalidateOldTokens();
-		$this->publicKeyTokenProvider->invalidateOldTokens();
-	}
-
-	/**
-	 * @param IToken $token
-	 * @param string $oldTokenId
-	 * @param string $newTokenId
-	 * @return IToken
-	 * @throws InvalidTokenException
-	 * @throws \RuntimeException when OpenSSL reports a problem
-	 */
-	public function rotate(IToken $token, string $oldTokenId, string $newTokenId): IToken {
-		if ($token instanceof DefaultToken) {
-			try {
-				$password = $this->defaultTokenProvider->getPassword($token, $oldTokenId);
-			} catch (PasswordlessTokenException $e) {
-				$password = null;
-			}
-
-			return $this->publicKeyTokenProvider->convertToken($token, $newTokenId, $password);
-		}
-
-		if ($token instanceof PublicKeyToken) {
-			return $this->publicKeyTokenProvider->rotate($token, $oldTokenId, $newTokenId);
-		}
-
-		throw new InvalidTokenException();
-	}
-
-	/**
-	 * @param IToken $token
-	 * @return IProvider
-	 * @throws InvalidTokenException
-	 */
-	private function getProvider(IToken $token): IProvider {
-		if ($token instanceof DefaultToken) {
-			return $this->defaultTokenProvider;
-		}
-		if ($token instanceof PublicKeyToken) {
-			return $this->publicKeyTokenProvider;
-		}
-		throw new InvalidTokenException();
-	}
-
-
-	public function markPasswordInvalid(IToken $token, string $tokenId) {
-		$this->getProvider($token)->markPasswordInvalid($token, $tokenId);
-	}
-
-	public function updatePasswords(string $uid, string $password) {
-		$this->defaultTokenProvider->updatePasswords($uid, $password);
-		$this->publicKeyTokenProvider->updatePasswords($uid, $password);
-	}
+    /** @var DefaultTokenProvider */
+    private $defaultTokenProvider;
+
+    /** @var PublicKeyTokenProvider */
+    private $publicKeyTokenProvider;
+
+    public function __construct(DefaultTokenProvider $defaultTokenProvider, PublicKeyTokenProvider $publicKeyTokenProvider) {
+        $this->defaultTokenProvider = $defaultTokenProvider;
+        $this->publicKeyTokenProvider = $publicKeyTokenProvider;
+    }
+
+    /**
+     * Create and persist a new token
+     *
+     * @param string $token
+     * @param string $uid
+     * @param string $loginName
+     * @param string|null $password
+     * @param string $name
+     * @param int $type token type
+     * @param int $remember whether the session token should be used for remember-me
+     * @return IToken
+     */
+    public function generateToken(string $token,
+                                    string $uid,
+                                    string $loginName,
+                                    $password,
+                                    string $name,
+                                    int $type = IToken::TEMPORARY_TOKEN,
+                                    int $remember = IToken::DO_NOT_REMEMBER): IToken {
+        return $this->publicKeyTokenProvider->generateToken(
+            $token,
+            $uid,
+            $loginName,
+            $password,
+            $name,
+            $type,
+            $remember
+        );
+    }
+
+    /**
+     * Save the updated token
+     *
+     * @param IToken $token
+     * @throws InvalidTokenException
+     */
+    public function updateToken(IToken $token) {
+        $provider = $this->getProvider($token);
+        $provider->updateToken($token);
+    }
+
+    /**
+     * Update token activity timestamp
+     *
+     * @throws InvalidTokenException
+     * @param IToken $token
+     */
+    public function updateTokenActivity(IToken $token) {
+        $provider = $this->getProvider($token);
+        $provider->updateTokenActivity($token);
+    }
+
+    /**
+     * @param string $uid
+     * @return IToken[]
+     */
+    public function getTokenByUser(string $uid): array {
+        $old = $this->defaultTokenProvider->getTokenByUser($uid);
+        $new = $this->publicKeyTokenProvider->getTokenByUser($uid);
+
+        return array_merge($old, $new);
+    }
+
+    /**
+     * Get a token by token
+     *
+     * @param string $tokenId
+     * @throws InvalidTokenException
+     * @throws \RuntimeException when OpenSSL reports a problem
+     * @return IToken
+     */
+    public function getToken(string $tokenId): IToken {
+        try {
+            return $this->publicKeyTokenProvider->getToken($tokenId);
+        } catch (WipeTokenException $e) {
+            throw $e;
+        } catch (ExpiredTokenException $e) {
+            throw $e;
+        } catch(InvalidTokenException $e) {
+            // No worries we try to convert it to a PublicKey Token
+        }
+
+        //Convert!
+        $token = $this->defaultTokenProvider->getToken($tokenId);
+
+        try {
+            $password = $this->defaultTokenProvider->getPassword($token, $tokenId);
+        } catch (PasswordlessTokenException $e) {
+            $password = null;
+        }
+
+        return $this->publicKeyTokenProvider->convertToken($token, $tokenId, $password);
+    }
+
+    /**
+     * Get a token by token id
+     *
+     * @param int $tokenId
+     * @throws InvalidTokenException
+     * @return IToken
+     */
+    public function getTokenById(int $tokenId): IToken {
+        try {
+            return $this->publicKeyTokenProvider->getTokenById($tokenId);
+        } catch (ExpiredTokenException $e) {
+            throw $e;
+        } catch (WipeTokenException $e) {
+            throw $e;
+        } catch (InvalidTokenException $e) {
+            return $this->defaultTokenProvider->getTokenById($tokenId);
+        }
+    }
+
+    /**
+     * @param string $oldSessionId
+     * @param string $sessionId
+     * @throws InvalidTokenException
+     */
+    public function renewSessionToken(string $oldSessionId, string $sessionId) {
+        try {
+            $this->publicKeyTokenProvider->renewSessionToken($oldSessionId, $sessionId);
+        } catch (ExpiredTokenException $e) {
+            throw $e;
+        } catch (InvalidTokenException $e) {
+            $this->defaultTokenProvider->renewSessionToken($oldSessionId, $sessionId);
+        }
+    }
+
+    /**
+     * @param IToken $savedToken
+     * @param string $tokenId session token
+     * @throws InvalidTokenException
+     * @throws PasswordlessTokenException
+     * @return string
+     */
+    public function getPassword(IToken $savedToken, string $tokenId): string {
+        $provider = $this->getProvider($savedToken);
+        return $provider->getPassword($savedToken, $tokenId);
+    }
+
+    public function setPassword(IToken $token, string $tokenId, string $password) {
+        $provider = $this->getProvider($token);
+        $provider->setPassword($token, $tokenId, $password);
+    }
+
+    public function invalidateToken(string $token) {
+        $this->defaultTokenProvider->invalidateToken($token);
+        $this->publicKeyTokenProvider->invalidateToken($token);
+    }
+
+    public function invalidateTokenById(string $uid, int $id) {
+        $this->defaultTokenProvider->invalidateTokenById($uid, $id);
+        $this->publicKeyTokenProvider->invalidateTokenById($uid, $id);
+    }
+
+    public function invalidateOldTokens() {
+        $this->defaultTokenProvider->invalidateOldTokens();
+        $this->publicKeyTokenProvider->invalidateOldTokens();
+    }
+
+    /**
+     * @param IToken $token
+     * @param string $oldTokenId
+     * @param string $newTokenId
+     * @return IToken
+     * @throws InvalidTokenException
+     * @throws \RuntimeException when OpenSSL reports a problem
+     */
+    public function rotate(IToken $token, string $oldTokenId, string $newTokenId): IToken {
+        if ($token instanceof DefaultToken) {
+            try {
+                $password = $this->defaultTokenProvider->getPassword($token, $oldTokenId);
+            } catch (PasswordlessTokenException $e) {
+                $password = null;
+            }
+
+            return $this->publicKeyTokenProvider->convertToken($token, $newTokenId, $password);
+        }
+
+        if ($token instanceof PublicKeyToken) {
+            return $this->publicKeyTokenProvider->rotate($token, $oldTokenId, $newTokenId);
+        }
+
+        throw new InvalidTokenException();
+    }
+
+    /**
+     * @param IToken $token
+     * @return IProvider
+     * @throws InvalidTokenException
+     */
+    private function getProvider(IToken $token): IProvider {
+        if ($token instanceof DefaultToken) {
+            return $this->defaultTokenProvider;
+        }
+        if ($token instanceof PublicKeyToken) {
+            return $this->publicKeyTokenProvider;
+        }
+        throw new InvalidTokenException();
+    }
+
+
+    public function markPasswordInvalid(IToken $token, string $tokenId) {
+        $this->getProvider($token)->markPasswordInvalid($token, $tokenId);
+    }
+
+    public function updatePasswords(string $uid, string $password) {
+        $this->defaultTokenProvider->updatePasswords($uid, $password);
+        $this->publicKeyTokenProvider->updatePasswords($uid, $password);
+    }
 
 
 }