mirror of
https://github.com/nextcloud/server.git
synced 2026-05-28 04:32:30 -04:00
Merge pull request #54545 from nextcloud/enh/noid/add-token-invalidated-event
Dispatch new event when invalidating an authentication token
This commit is contained in:
Julien Veyssier
GitHub
commit
8a8e1c83ec
5 changed files with 62 additions and 2 deletions
|
|
@ -157,6 +157,7 @@ return array(
|
|||
'OCP\\App\\ManagerEvent' => $baseDir . '/lib/public/App/ManagerEvent.php',
|
||||
'OCP\\Authentication\\Events\\AnyLoginFailedEvent' => $baseDir . '/lib/public/Authentication/Events/AnyLoginFailedEvent.php',
|
||||
'OCP\\Authentication\\Events\\LoginFailedEvent' => $baseDir . '/lib/public/Authentication/Events/LoginFailedEvent.php',
|
||||
'OCP\\Authentication\\Events\\TokenInvalidatedEvent' => $baseDir . '/lib/public/Authentication/Events/TokenInvalidatedEvent.php',
|
||||
'OCP\\Authentication\\Exceptions\\CredentialsUnavailableException' => $baseDir . '/lib/public/Authentication/Exceptions/CredentialsUnavailableException.php',
|
||||
'OCP\\Authentication\\Exceptions\\ExpiredTokenException' => $baseDir . '/lib/public/Authentication/Exceptions/ExpiredTokenException.php',
|
||||
'OCP\\Authentication\\Exceptions\\InvalidTokenException' => $baseDir . '/lib/public/Authentication/Exceptions/InvalidTokenException.php',
|
||||
|
|
|
|||
|
|
@ -198,6 +198,7 @@ class ComposerStaticInit749170dad3f5e7f9ca158f5a9f04f6a2
|
|||
'OCP\\App\\ManagerEvent' => __DIR__ . '/../../..' . '/lib/public/App/ManagerEvent.php',
|
||||
'OCP\\Authentication\\Events\\AnyLoginFailedEvent' => __DIR__ . '/../../..' . '/lib/public/Authentication/Events/AnyLoginFailedEvent.php',
|
||||
'OCP\\Authentication\\Events\\LoginFailedEvent' => __DIR__ . '/../../..' . '/lib/public/Authentication/Events/LoginFailedEvent.php',
|
||||
'OCP\\Authentication\\Events\\TokenInvalidatedEvent' => __DIR__ . '/../../..' . '/lib/public/Authentication/Events/TokenInvalidatedEvent.php',
|
||||
'OCP\\Authentication\\Exceptions\\CredentialsUnavailableException' => __DIR__ . '/../../..' . '/lib/public/Authentication/Exceptions/CredentialsUnavailableException.php',
|
||||
'OCP\\Authentication\\Exceptions\\ExpiredTokenException' => __DIR__ . '/../../..' . '/lib/public/Authentication/Exceptions/ExpiredTokenException.php',
|
||||
'OCP\\Authentication\\Exceptions\\InvalidTokenException' => __DIR__ . '/../../..' . '/lib/public/Authentication/Exceptions/InvalidTokenException.php',
|
||||
|
|
|
|||
|
|
@ -15,7 +15,9 @@ use OC\Authentication\Exceptions\WipeTokenException;
|
|||
use OCP\AppFramework\Db\DoesNotExistException;
|
||||
use OCP\AppFramework\Db\TTransactional;
|
||||
use OCP\AppFramework\Utility\ITimeFactory;
|
||||
use OCP\Authentication\Events\TokenInvalidatedEvent;
|
||||
use OCP\Authentication\Token\IToken as OCPIToken;
|
||||
use OCP\EventDispatcher\IEventDispatcher;
|
||||
use OCP\ICache;
|
||||
use OCP\ICacheFactory;
|
||||
use OCP\IConfig;
|
||||
|
|
@ -55,6 +57,8 @@ class PublicKeyTokenProvider implements IProvider {
|
|||
/** @var IHasher */
|
||||
private $hasher;
|
||||
|
||||
private IEventDispatcher $eventDispatcher;
|
||||
|
||||
public function __construct(PublicKeyTokenMapper $mapper,
|
||||
ICrypto $crypto,
|
||||
IConfig $config,
|
||||
|
|
@ -62,7 +66,9 @@ class PublicKeyTokenProvider implements IProvider {
|
|||
LoggerInterface $logger,
|
||||
ITimeFactory $time,
|
||||
IHasher $hasher,
|
||||
ICacheFactory $cacheFactory) {
|
||||
ICacheFactory $cacheFactory,
|
||||
IEventDispatcher $eventDispatcher,
|
||||
) {
|
||||
$this->mapper = $mapper;
|
||||
$this->crypto = $crypto;
|
||||
$this->config = $config;
|
||||
|
|
@ -74,6 +80,7 @@ class PublicKeyTokenProvider implements IProvider {
|
|||
? $cacheFactory->createLocal('authtoken_')
|
||||
: $cacheFactory->createInMemory();
|
||||
$this->hasher = $hasher;
|
||||
$this->eventDispatcher = $eventDispatcher;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -263,9 +270,17 @@ class PublicKeyTokenProvider implements IProvider {
|
|||
|
||||
public function invalidateToken(string $token) {
|
||||
$tokenHash = $this->hashToken($token);
|
||||
$tokenEntry = null;
|
||||
try {
|
||||
$tokenEntry = $this->mapper->getToken($tokenHash);
|
||||
} catch (DoesNotExistException) {
|
||||
}
|
||||
$this->mapper->invalidate($this->hashToken($token));
|
||||
$this->mapper->invalidate($this->hashTokenWithEmptySecret($token));
|
||||
$this->cacheInvalidHash($tokenHash);
|
||||
if ($tokenEntry !== null) {
|
||||
$this->eventDispatcher->dispatchTyped(new TokenInvalidatedEvent($tokenEntry));
|
||||
}
|
||||
}
|
||||
|
||||
public function invalidateTokenById(string $uid, int $id) {
|
||||
|
|
@ -275,7 +290,7 @@ class PublicKeyTokenProvider implements IProvider {
|
|||
}
|
||||
$this->mapper->invalidate($token->getToken());
|
||||
$this->cacheInvalidHash($token->getToken());
|
||||
|
||||
$this->eventDispatcher->dispatchTyped(new TokenInvalidatedEvent($token));
|
||||
}
|
||||
|
||||
public function invalidateOldTokens() {
|
||||
|
|
|
|||
38
lib/public/Authentication/Events/TokenInvalidatedEvent.php
Normal file
38
lib/public/Authentication/Events/TokenInvalidatedEvent.php
Normal file
|
|
@ -0,0 +1,38 @@
|
|||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
/**
|
||||
* SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors
|
||||
* SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
*/
|
||||
namespace OCP\Authentication\Events;
|
||||
|
||||
use OCP\Authentication\Token\IToken;
|
||||
use OCP\EventDispatcher\Event;
|
||||
|
||||
/**
|
||||
* Emitted when an authentication token is invalidated
|
||||
*
|
||||
* @since 32.0.0
|
||||
*/
|
||||
class TokenInvalidatedEvent extends Event {
|
||||
|
||||
/**
|
||||
* @since 32.0.0
|
||||
*/
|
||||
public function __construct(
|
||||
private IToken $token,
|
||||
) {
|
||||
parent::__construct();
|
||||
}
|
||||
|
||||
/**
|
||||
* returns the token that has been invalidated
|
||||
*
|
||||
* @since 32.0.0
|
||||
*/
|
||||
public function getToken(): IToken {
|
||||
return $this->token;
|
||||
}
|
||||
}
|
||||
|
|
@ -18,6 +18,7 @@ use OC\Authentication\Token\PublicKeyTokenProvider;
|
|||
use OCP\AppFramework\Db\DoesNotExistException;
|
||||
use OCP\AppFramework\Utility\ITimeFactory;
|
||||
use OCP\Authentication\Token\IToken;
|
||||
use OCP\EventDispatcher\IEventDispatcher;
|
||||
use OCP\ICacheFactory;
|
||||
use OCP\IConfig;
|
||||
use OCP\IDBConnection;
|
||||
|
|
@ -49,6 +50,8 @@ class PublicKeyTokenProviderTest extends TestCase {
|
|||
private $cacheFactory;
|
||||
/** @var int */
|
||||
private $time;
|
||||
/** @var IEventDispatcher */
|
||||
private $eventDispatcher;
|
||||
|
||||
protected function setUp(): void {
|
||||
parent::setUp();
|
||||
|
|
@ -72,6 +75,7 @@ class PublicKeyTokenProviderTest extends TestCase {
|
|||
$this->timeFactory->method('getTime')
|
||||
->willReturn($this->time);
|
||||
$this->cacheFactory = $this->createMock(ICacheFactory::class);
|
||||
$this->eventDispatcher = Server::get(IEventDispatcher::class);
|
||||
|
||||
$this->tokenProvider = new PublicKeyTokenProvider(
|
||||
$this->mapper,
|
||||
|
|
@ -82,6 +86,7 @@ class PublicKeyTokenProviderTest extends TestCase {
|
|||
$this->timeFactory,
|
||||
$this->hasher,
|
||||
$this->cacheFactory,
|
||||
$this->eventDispatcher,
|
||||
);
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue