upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-04-26 16:48:59 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 31

fix(Token): take over scope in token refresh with login by cookie

Browse source 
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
This commit is contained in:
Arthur Schiwon 2024-07-19 15:53:46 +02:00
parent a3c3eab09c
commit 99182aac37
No known key found for this signature in database
GPG key ID: 7424F1874854DF23
3 changed files with 19 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
lib/private/Authentication/Token/IProvider.php
View file

@ -35,7 +35,9 @@ interface IProvider {
?string $password,
string $name,
int $type = OCPIToken::TEMPORARY_TOKEN,
int $remember = OCPIToken::DO_NOT_REMEMBER): OCPIToken;
int $remember = OCPIToken::DO_NOT_REMEMBER,
?array $scope = null,
): OCPIToken;
/**
* Get a token by token id

7
lib/private/Authentication/Token/Manager.php
View file

@ -42,7 +42,9 @@ class Manager implements IProvider, OCPIProvider {
$password,
string $name,
int $type = OCPIToken::TEMPORARY_TOKEN,
int $remember = OCPIToken::DO_NOT_REMEMBER): OCPIToken {
int $remember = OCPIToken::DO_NOT_REMEMBER,
?array $scope = null,
): OCPIToken {
if (mb_strlen($name) > 128) {
$name = mb_substr($name, 0, 120) . '…';
}
@ -55,7 +57,8 @@ class Manager implements IProvider, OCPIProvider {
$password,
$name,
$type,
$remember
$remember,
$scope,
);
} catch (UniqueConstraintViolationException $e) {
// It's rare, but if two requests of the same session (e.g. env-based SAML)

14
lib/private/Authentication/Token/PublicKeyTokenProvider.php
View file

@ -85,7 +85,9 @@ class PublicKeyTokenProvider implements IProvider {
?string $password,
string $name,
int $type = OCPIToken::TEMPORARY_TOKEN,
int $remember = OCPIToken::DO_NOT_REMEMBER): OCPIToken {
int $remember = OCPIToken::DO_NOT_REMEMBER,
?array $scope = null,
): OCPIToken {
if (strlen($token) < self::TOKEN_MIN_LENGTH) {
$exception = new InvalidTokenException('Token is too short, minimum of ' . self::TOKEN_MIN_LENGTH . ' characters is required, ' . strlen($token) . ' characters given');
$this->logger->error('Invalid token provided when generating new token', ['exception' => $exception]);
@ -107,6 +109,10 @@ class PublicKeyTokenProvider implements IProvider {
$dbToken->setPasswordHash($randomOldToken->getPasswordHash());
}
if ($scope !== null) {
$dbToken->setScope($scope);
}
$this->mapper->insert($dbToken);
if (!$oldTokenMatches && $password !== null) {
@ -234,6 +240,8 @@ class PublicKeyTokenProvider implements IProvider {
$privateKey = $this->decrypt($token->getPrivateKey(), $oldSessionId);
$password = $this->decryptPassword($token->getPassword(), $privateKey);
}
$scope = $token->getScope() === '' ? null : $token->getScopeAsArray();
$newToken = $this->generateToken(
$sessionId,
$token->getUID(),
@ -241,9 +249,9 @@ class PublicKeyTokenProvider implements IProvider {
$password,
$token->getName(),
OCPIToken::TEMPORARY_TOKEN,
$token->getRemember()
$token->getRemember(),
$scope,
);
$newToken->setScope($token->getScopeAsArray());
$this->cacheToken($newToken);
$this->cacheInvalidHash($token->getToken());