Merge pull request #41017 from nextcloud/fix/move-token-iprovider-to-ocp

Move IToken and IProvider::getToken to OCP

apps/settings/lib/Controller/AuthSettingsController.php

@@ -53,14 +53,13 @@ use OCP\Session\Exceptions\SessionNotAvailableException;
 use Psr\Log\LoggerInterface;
 
 class AuthSettingsController extends Controller {
-
 	/** @var IProvider */
 	private $tokenProvider;
 
 	/** @var ISession */
 	private $session;
 
-	/** IUserSession */
+	/** @var IUserSession */
 	private $userSession;
 
 	/** @var string */

build/psalm-baseline.xml

@@ -2080,7 +2080,7 @@
       <code>$trySession</code>
     </RedundantCondition>
   </file>
-  <file src="lib/private/Authentication/Token/IToken.php">
+  <file src="lib/public/Authentication/Token/IToken.php">
     <AmbiguousConstantInheritance>
       <code>DO_NOT_REMEMBER</code>
       <code>PERMANENT_TOKEN</code>

lib/composer/composer/autoload_classmap.php

@@ -106,13 +106,17 @@ return array(
     'OCP\\Authentication\\Events\\AnyLoginFailedEvent' => $baseDir . '/lib/public/Authentication/Events/AnyLoginFailedEvent.php',
     'OCP\\Authentication\\Events\\LoginFailedEvent' => $baseDir . '/lib/public/Authentication/Events/LoginFailedEvent.php',
     'OCP\\Authentication\\Exceptions\\CredentialsUnavailableException' => $baseDir . '/lib/public/Authentication/Exceptions/CredentialsUnavailableException.php',
+    'OCP\\Authentication\\Exceptions\\ExpiredTokenException' => $baseDir . '/lib/public/Authentication/Exceptions/ExpiredTokenException.php',
+    'OCP\\Authentication\\Exceptions\\InvalidTokenException' => $baseDir . '/lib/public/Authentication/Exceptions/InvalidTokenException.php',
     'OCP\\Authentication\\Exceptions\\PasswordUnavailableException' => $baseDir . '/lib/public/Authentication/Exceptions/PasswordUnavailableException.php',
+    'OCP\\Authentication\\Exceptions\\WipeTokenException' => $baseDir . '/lib/public/Authentication/Exceptions/WipeTokenException.php',
     'OCP\\Authentication\\IAlternativeLogin' => $baseDir . '/lib/public/Authentication/IAlternativeLogin.php',
     'OCP\\Authentication\\IApacheBackend' => $baseDir . '/lib/public/Authentication/IApacheBackend.php',
     'OCP\\Authentication\\IProvideUserSecretBackend' => $baseDir . '/lib/public/Authentication/IProvideUserSecretBackend.php',
     'OCP\\Authentication\\LoginCredentials\\ICredentials' => $baseDir . '/lib/public/Authentication/LoginCredentials/ICredentials.php',
     'OCP\\Authentication\\LoginCredentials\\IStore' => $baseDir . '/lib/public/Authentication/LoginCredentials/IStore.php',
     'OCP\\Authentication\\Token\\IProvider' => $baseDir . '/lib/public/Authentication/Token/IProvider.php',
+    'OCP\\Authentication\\Token\\IToken' => $baseDir . '/lib/public/Authentication/Token/IToken.php',
     'OCP\\Authentication\\TwoFactorAuth\\ALoginSetupController' => $baseDir . '/lib/public/Authentication/TwoFactorAuth/ALoginSetupController.php',
     'OCP\\Authentication\\TwoFactorAuth\\IActivatableAtLogin' => $baseDir . '/lib/public/Authentication/TwoFactorAuth/IActivatableAtLogin.php',
     'OCP\\Authentication\\TwoFactorAuth\\IActivatableByAdmin' => $baseDir . '/lib/public/Authentication/TwoFactorAuth/IActivatableByAdmin.php',

lib/composer/composer/autoload_static.php

@@ -139,13 +139,17 @@ class ComposerStaticInit749170dad3f5e7f9ca158f5a9f04f6a2
         'OCP\\Authentication\\Events\\AnyLoginFailedEvent' => __DIR__ . '/../../..' . '/lib/public/Authentication/Events/AnyLoginFailedEvent.php',
         'OCP\\Authentication\\Events\\LoginFailedEvent' => __DIR__ . '/../../..' . '/lib/public/Authentication/Events/LoginFailedEvent.php',
         'OCP\\Authentication\\Exceptions\\CredentialsUnavailableException' => __DIR__ . '/../../..' . '/lib/public/Authentication/Exceptions/CredentialsUnavailableException.php',
+        'OCP\\Authentication\\Exceptions\\ExpiredTokenException' => __DIR__ . '/../../..' . '/lib/public/Authentication/Exceptions/ExpiredTokenException.php',
+        'OCP\\Authentication\\Exceptions\\InvalidTokenException' => __DIR__ . '/../../..' . '/lib/public/Authentication/Exceptions/InvalidTokenException.php',
         'OCP\\Authentication\\Exceptions\\PasswordUnavailableException' => __DIR__ . '/../../..' . '/lib/public/Authentication/Exceptions/PasswordUnavailableException.php',
+        'OCP\\Authentication\\Exceptions\\WipeTokenException' => __DIR__ . '/../../..' . '/lib/public/Authentication/Exceptions/WipeTokenException.php',
         'OCP\\Authentication\\IAlternativeLogin' => __DIR__ . '/../../..' . '/lib/public/Authentication/IAlternativeLogin.php',
         'OCP\\Authentication\\IApacheBackend' => __DIR__ . '/../../..' . '/lib/public/Authentication/IApacheBackend.php',
         'OCP\\Authentication\\IProvideUserSecretBackend' => __DIR__ . '/../../..' . '/lib/public/Authentication/IProvideUserSecretBackend.php',
         'OCP\\Authentication\\LoginCredentials\\ICredentials' => __DIR__ . '/../../..' . '/lib/public/Authentication/LoginCredentials/ICredentials.php',
         'OCP\\Authentication\\LoginCredentials\\IStore' => __DIR__ . '/../../..' . '/lib/public/Authentication/LoginCredentials/IStore.php',
         'OCP\\Authentication\\Token\\IProvider' => __DIR__ . '/../../..' . '/lib/public/Authentication/Token/IProvider.php',
+        'OCP\\Authentication\\Token\\IToken' => __DIR__ . '/../../..' . '/lib/public/Authentication/Token/IToken.php',
         'OCP\\Authentication\\TwoFactorAuth\\ALoginSetupController' => __DIR__ . '/../../..' . '/lib/public/Authentication/TwoFactorAuth/ALoginSetupController.php',
         'OCP\\Authentication\\TwoFactorAuth\\IActivatableAtLogin' => __DIR__ . '/../../..' . '/lib/public/Authentication/TwoFactorAuth/IActivatableAtLogin.php',
         'OCP\\Authentication\\TwoFactorAuth\\IActivatableByAdmin' => __DIR__ . '/../../..' . '/lib/public/Authentication/TwoFactorAuth/IActivatableByAdmin.php',

lib/private/Authentication/Exceptions/ExpiredTokenException.php

@@ -27,17 +27,19 @@ namespace OC\Authentication\Exceptions;
 
 use OC\Authentication\Token\IToken;
 
-class ExpiredTokenException extends InvalidTokenException {
-	/** @var IToken */
-	private $token;
-
-	public function __construct(IToken $token) {
-		parent::__construct();
-
-		$this->token = $token;
+/**
+ * @deprecated 28.0.0 use {@see \OCP\Authentication\Exceptions\ExpiredTokenException} instead
+ */
+class ExpiredTokenException extends \OCP\Authentication\Exceptions\ExpiredTokenException {
+	public function __construct(
+		IToken $token,
+	) {
+		parent::__construct($token);
 	}
 
 	public function getToken(): IToken {
-		return $this->token;
+		$token = parent::getToken();
+		/** @var IToken $token We know that we passed OC interface from constructor */
+		return $token;
 	}
 }

lib/private/Authentication/Exceptions/InvalidTokenException.php

@@ -24,7 +24,8 @@ declare(strict_types=1);
  */
 namespace OC\Authentication\Exceptions;
 
-use Exception;
-
-class InvalidTokenException extends Exception {
+/**
+ * @deprecated 28.0.0 use OCP version instead
+ */
+class InvalidTokenException extends \OCP\Authentication\Exceptions\InvalidTokenException {
 }

lib/private/Authentication/Exceptions/WipeTokenException.php

@@ -27,17 +27,19 @@ namespace OC\Authentication\Exceptions;
 
 use OC\Authentication\Token\IToken;
 
-class WipeTokenException extends InvalidTokenException {
-	/** @var IToken */
-	private $token;
-
-	public function __construct(IToken $token) {
-		parent::__construct();
-
-		$this->token = $token;
+/**
+ * @deprecated 28.0.0 use {@see \OCP\Authentication\Exceptions\WipeTokenException} instead
+ */
+class WipeTokenException extends \OCP\Authentication\Exceptions\WipeTokenException {
+	public function __construct(
+		IToken $token,
+	) {
+		parent::__construct($token);
 	}
 
 	public function getToken(): IToken {
-		return $this->token;
+		$token = parent::getToken();
+		/** @var IToken $token We know that we passed OC interface from constructor */
+		return $token;
 	}
 }

lib/private/Authentication/Token/IToken.php

@@ -26,109 +26,10 @@ declare(strict_types=1);
  */
 namespace OC\Authentication\Token;
 
-use JsonSerializable;
+use OCP\Authentication\Token\IToken as OCPIToken;
 
-interface IToken extends JsonSerializable {
-	public const TEMPORARY_TOKEN = 0;
-	public const PERMANENT_TOKEN = 1;
-	public const WIPE_TOKEN = 2;
-	public const DO_NOT_REMEMBER = 0;
-	public const REMEMBER = 1;
-
-	/**
-	 * Get the token ID
-	 *
-	 * @return int
-	 */
-	public function getId(): int;
-
-	/**
-	 * Get the user UID
-	 *
-	 * @return string
-	 */
-	public function getUID(): string;
-
-	/**
-	 * Get the login name used when generating the token
-	 *
-	 * @return string
-	 */
-	public function getLoginName(): string;
-
-	/**
-	 * Get the (encrypted) login password
-	 *
-	 * @return string|null
-	 */
-	public function getPassword();
-
-	/**
-	 * Get the timestamp of the last password check
-	 *
-	 * @return int
-	 */
-	public function getLastCheck(): int;
-
-	/**
-	 * Set the timestamp of the last password check
-	 *
-	 * @param int $time
-	 */
-	public function setLastCheck(int $time);
-
-	/**
-	 * Get the authentication scope for this token
-	 *
-	 * @return string
-	 */
-	public function getScope(): string;
-
-	/**
-	 * Get the authentication scope for this token
-	 *
-	 * @return array
-	 */
-	public function getScopeAsArray(): array;
-
-	/**
-	 * Set the authentication scope for this token
-	 *
-	 * @param array $scope
-	 */
-	public function setScope($scope);
-
-	/**
-	 * Get the name of the token
-	 * @return string
-	 */
-	public function getName(): string;
-
-	/**
-	 * Get the remember state of the token
-	 *
-	 * @return int
-	 */
-	public function getRemember(): int;
-
-	/**
-	 * Set the token
-	 *
-	 * @param string $token
-	 */
-	public function setToken(string $token);
-
-	/**
-	 * Set the password
-	 *
-	 * @param string $password
-	 */
-	public function setPassword(string $password);
-
-	/**
-	 * Set the expiration time of the token
-	 *
-	 * @param int|null $expires
-	 */
-	public function setExpires($expires);
+/**
+ * @deprecated 28.0.0 use {@see \OCP\Authentication\Token\IToken} instead
+ */
+interface IToken extends OCPIToken {
 }

lib/private/Authentication/Token/PublicKeyToken.php

@@ -137,10 +137,8 @@ class PublicKeyToken extends Entity implements INamedToken, IWipeableToken {
 
 	/**
 	 * Get the (encrypted) login password
-	 *
-	 * @return string|null
 	 */
-	public function getPassword() {
+	public function getPassword(): ?string {
 		return parent::getPassword();
 	}
 
@@ -165,10 +163,8 @@ class PublicKeyToken extends Entity implements INamedToken, IWipeableToken {
 
 	/**
 	 * Get the timestamp of the last password check
-	 *
-	 * @param int $time
 	 */
-	public function setLastCheck(int $time) {
+	public function setLastCheck(int $time): void {
 		parent::setLastCheck($time);
 	}
 
@@ -191,7 +187,7 @@ class PublicKeyToken extends Entity implements INamedToken, IWipeableToken {
 		return $scope;
 	}
 
-	public function setScope($scope) {
+	public function setScope(array|string|null $scope): void {
 		if (is_array($scope)) {
 			parent::setScope(json_encode($scope));
 		} else {
@@ -211,15 +207,15 @@ class PublicKeyToken extends Entity implements INamedToken, IWipeableToken {
 		return parent::getRemember();
 	}
 
-	public function setToken(string $token) {
+	public function setToken(string $token): void {
 		parent::setToken($token);
 	}
 
-	public function setPassword(string $password = null) {
+	public function setPassword(string $password = null): void {
 		parent::setPassword($password);
 	}
 
-	public function setExpires($expires) {
+	public function setExpires($expires): void {
 		parent::setExpires($expires);
 	}
 

lib/public/Authentication/Exceptions/ExpiredTokenException.php

@@ -0,0 +1,49 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * @copyright Copyright (c) 2018 Roeland Jago Douma <roeland@famdouma.nl>
+ *
+ * @author Roeland Jago Douma <roeland@famdouma.nl>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+namespace OCP\Authentication\Exceptions;
+
+use OCP\Authentication\Token\IToken;
+
+/**
+ * @since 28.0.0
+ */
+class ExpiredTokenException extends InvalidTokenException {
+	/**
+	 * @since 28.0.0
+	 */
+	public function __construct(
+		private IToken $token,
+	) {
+		parent::__construct();
+	}
+
+	/**
+	 * @since 28.0.0
+	 */
+	public function getToken(): IToken {
+		return $this->token;
+	}
+}

lib/public/Authentication/Exceptions/InvalidTokenException.php

@@ -0,0 +1,33 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * @copyright Copyright (c) 2016, ownCloud, Inc.
+ *
+ * @author Christoph Wurst <christoph@winzerhof-wurst.at>
+ *
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+namespace OCP\Authentication\Exceptions;
+
+use Exception;
+
+/**
+ * @since 28.0.0
+ */
+class InvalidTokenException extends Exception {
+}

lib/public/Authentication/Exceptions/WipeTokenException.php

@@ -0,0 +1,49 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * @copyright Copyright (c) 2019, Roeland Jago Douma <roeland@famdouma.nl>
+ *
+ * @author Roeland Jago Douma <roeland@famdouma.nl>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+namespace OCP\Authentication\Exceptions;
+
+use OCP\Authentication\Token\IToken;
+
+/**
+ * @since 28.0.0
+ */
+class WipeTokenException extends InvalidTokenException {
+	/**
+	 * @since 28.0.0
+	 */
+	public function __construct(
+		private IToken $token,
+	) {
+		parent::__construct();
+	}
+
+	/**
+	 * @since 28.0.0
+	 */
+	public function getToken(): IToken {
+		return $this->token;
+	}
+}

lib/public/Authentication/Token/IProvider.php

@@ -24,6 +24,10 @@ declare(strict_types=1);
  */
 namespace OCP\Authentication\Token;
 
+use OCP\Authentication\Exceptions\ExpiredTokenException;
+use OCP\Authentication\Exceptions\InvalidTokenException;
+use OCP\Authentication\Exceptions\WipeTokenException;
+
 /**
  * @since 24.0.8
  */
@@ -38,4 +42,15 @@ interface IProvider {
 	 * @return void
 	 */
 	public function invalidateTokensOfUser(string $uid, ?string $clientName);
+
+	/**
+	 * Get a token by token string id
+	 *
+	 * @since 28.0.0
+	 * @throws InvalidTokenException
+	 * @throws ExpiredTokenException
+	 * @throws WipeTokenException
+	 * @return IToken
+	 */
+	public function getToken(string $tokenId): IToken;
 }

lib/public/Authentication/Token/IToken.php

@@ -0,0 +1,139 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * @copyright Copyright (c) 2016, ownCloud, Inc.
+ *
+ * @author Christoph Wurst <christoph@winzerhof-wurst.at>
+ * @author Robin Appelman <robin@icewind.nl>
+ * @author Roeland Jago Douma <roeland@famdouma.nl>
+ *
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+namespace OCP\Authentication\Token;
+
+use JsonSerializable;
+
+/**
+ * @since 28.0.0
+ */
+interface IToken extends JsonSerializable {
+	/**
+	 * @since 28.0.0
+	 */
+	public const TEMPORARY_TOKEN = 0;
+	/**
+	 * @since 28.0.0
+	 */
+	public const PERMANENT_TOKEN = 1;
+	/**
+	 * @since 28.0.0
+	 */
+	public const WIPE_TOKEN = 2;
+	/**
+	 * @since 28.0.0
+	 */
+	public const DO_NOT_REMEMBER = 0;
+	/**
+	 * @since 28.0.0
+	 */
+	public const REMEMBER = 1;
+
+	/**
+	 * Get the token ID
+	 * @since 28.0.0
+	 */
+	public function getId(): int;
+
+	/**
+	 * Get the user UID
+	 * @since 28.0.0
+	 */
+	public function getUID(): string;
+
+	/**
+	 * Get the login name used when generating the token
+	 * @since 28.0.0
+	 */
+	public function getLoginName(): string;
+
+	/**
+	 * Get the (encrypted) login password
+	 * @since 28.0.0
+	 */
+	public function getPassword(): ?string;
+
+	/**
+	 * Get the timestamp of the last password check
+	 * @since 28.0.0
+	 */
+	public function getLastCheck(): int;
+
+	/**
+	 * Set the timestamp of the last password check
+	 * @since 28.0.0
+	 */
+	public function setLastCheck(int $time): void;
+
+	/**
+	 * Get the authentication scope for this token
+	 * @since 28.0.0
+	 */
+	public function getScope(): string;
+
+	/**
+	 * Get the authentication scope for this token
+	 * @since 28.0.0
+	 */
+	public function getScopeAsArray(): array;
+
+	/**
+	 * Set the authentication scope for this token
+	 * @since 28.0.0
+	 */
+	public function setScope(array $scope): void;
+
+	/**
+	 * Get the name of the token
+	 * @since 28.0.0
+	 */
+	public function getName(): string;
+
+	/**
+	 * Get the remember state of the token
+	 * @since 28.0.0
+	 */
+	public function getRemember(): int;
+
+	/**
+	 * Set the token
+	 * @since 28.0.0
+	 */
+	public function setToken(string $token): void;
+
+	/**
+	 * Set the password
+	 * @since 28.0.0
+	 */
+	public function setPassword(string $password): void;
+
+	/**
+	 * Set the expiration time of the token
+	 * @since 28.0.0
+	 */
+	public function setExpires(?int $expires): void;
+}