upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-06-07 15:53:04 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 9

Merge pull request #46668 from nextcloud/backport/46640/stable28

Browse source 
[stable28] fix(Token): take over scope in token refresh with login by cookie
This commit is contained in:
Andy Scherzinger 2024-07-25 19:43:16 +02:00 committed by GitHub
commit 9c94775260
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 19 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
lib/private/Authentication/Token/IProvider.php
View file

@ -55,7 +55,9 @@ interface IProvider {
?string $password,
string $name,
int $type = OCPIToken::TEMPORARY_TOKEN,
int $remember = OCPIToken::DO_NOT_REMEMBER): OCPIToken;
int $remember = OCPIToken::DO_NOT_REMEMBER,
?array $scope = null,
): OCPIToken;
/**
* Get a token by token id

7
lib/private/Authentication/Token/Manager.php
View file

@ -62,7 +62,9 @@ class Manager implements IProvider, OCPIProvider {
$password,
string $name,
int $type = OCPIToken::TEMPORARY_TOKEN,
int $remember = OCPIToken::DO_NOT_REMEMBER): OCPIToken {
int $remember = OCPIToken::DO_NOT_REMEMBER,
?array $scope = null,
): OCPIToken {
if (mb_strlen($name) > 128) {
$name = mb_substr($name, 0, 120) . '…';
}
@ -75,7 +77,8 @@ class Manager implements IProvider, OCPIProvider {
$password,
$name,
$type,
$remember
$remember,
$scope,
);
} catch (UniqueConstraintViolationException $e) {
// It's rare, but if two requests of the same session (e.g. env-based SAML)

14
lib/private/Authentication/Token/PublicKeyTokenProvider.php
View file

@ -107,7 +107,9 @@ class PublicKeyTokenProvider implements IProvider {
?string $password,
string $name,
int $type = OCPIToken::TEMPORARY_TOKEN,
int $remember = OCPIToken::DO_NOT_REMEMBER): OCPIToken {
int $remember = OCPIToken::DO_NOT_REMEMBER,
?array $scope = null,
): OCPIToken {
if (strlen($token) < self::TOKEN_MIN_LENGTH) {
$exception = new InvalidTokenException('Token is too short, minimum of ' . self::TOKEN_MIN_LENGTH . ' characters is required, ' . strlen($token) . ' characters given');
$this->logger->error('Invalid token provided when generating new token', ['exception' => $exception]);
@ -129,6 +131,10 @@ class PublicKeyTokenProvider implements IProvider {
$dbToken->setPasswordHash($randomOldToken->getPasswordHash());
}
if ($scope !== null) {
$dbToken->setScope($scope);
}
$this->mapper->insert($dbToken);
if (!$oldTokenMatches && $password !== null) {
@ -256,6 +262,8 @@ class PublicKeyTokenProvider implements IProvider {
$privateKey = $this->decrypt($token->getPrivateKey(), $oldSessionId);
$password = $this->decryptPassword($token->getPassword(), $privateKey);
}
$scope = $token->getScope() === '' ? null : $token->getScopeAsArray();
$newToken = $this->generateToken(
$sessionId,
$token->getUID(),
@ -263,9 +271,9 @@ class PublicKeyTokenProvider implements IProvider {
$password,
$token->getName(),
OCPIToken::TEMPORARY_TOKEN,
$token->getRemember()
$token->getRemember(),
$scope,
);
$newToken->setScope($token->getScopeAsArray());
$this->cacheToken($newToken);
$this->cacheInvalidHash($token->getToken());