mirror of
https://github.com/nextcloud/server.git
synced 2026-06-07 07:43:18 -04:00
Merge pull request #42726 from nextcloud/backport/42640/stable28
[stable28] Always catch OCP versions of authentication exceptions
This commit is contained in:
Côme Chilliet
GitHub
commit
b768934478
18 changed files with 104 additions and 98 deletions
|
|
@ -28,8 +28,6 @@ declare(strict_types=1);
|
|||
*/
|
||||
namespace OCA\OAuth2\Controller;
|
||||
|
||||
use OC\Authentication\Exceptions\ExpiredTokenException;
|
||||
use OC\Authentication\Exceptions\InvalidTokenException;
|
||||
use OC\Authentication\Token\IProvider as TokenProvider;
|
||||
use OCA\OAuth2\Db\AccessTokenMapper;
|
||||
use OCA\OAuth2\Db\ClientMapper;
|
||||
|
|
@ -39,6 +37,8 @@ use OCP\AppFramework\Controller;
|
|||
use OCP\AppFramework\Http;
|
||||
use OCP\AppFramework\Http\JSONResponse;
|
||||
use OCP\AppFramework\Utility\ITimeFactory;
|
||||
use OCP\Authentication\Exceptions\ExpiredTokenException;
|
||||
use OCP\Authentication\Exceptions\InvalidTokenException;
|
||||
use OCP\DB\Exception;
|
||||
use OCP\IRequest;
|
||||
use OCP\Security\Bruteforce\IThrottler;
|
||||
|
|
|
|||
|
|
@ -26,10 +26,10 @@ declare(strict_types=1);
|
|||
*/
|
||||
namespace OCA\OAuth2\Migration;
|
||||
|
||||
use OC\Authentication\Exceptions\InvalidTokenException;
|
||||
use OC\Authentication\Token\IProvider as TokenProvider;
|
||||
use OCA\OAuth2\Db\AccessToken;
|
||||
use OCP\AppFramework\Utility\ITimeFactory;
|
||||
use OCP\Authentication\Exceptions\InvalidTokenException;
|
||||
use OCP\IDBConnection;
|
||||
use OCP\Migration\IOutput;
|
||||
use OCP\Migration\IRepairStep;
|
||||
|
|
|
|||
|
|
@ -32,19 +32,20 @@
|
|||
namespace OCA\Settings\Controller;
|
||||
|
||||
use BadMethodCallException;
|
||||
use OC\Authentication\Exceptions\ExpiredTokenException;
|
||||
use OC\Authentication\Exceptions\InvalidTokenException;
|
||||
use OC\Authentication\Exceptions\InvalidTokenException as OcInvalidTokenException;
|
||||
use OC\Authentication\Exceptions\PasswordlessTokenException;
|
||||
use OC\Authentication\Exceptions\WipeTokenException;
|
||||
use OC\Authentication\Token\INamedToken;
|
||||
use OC\Authentication\Token\IProvider;
|
||||
use OC\Authentication\Token\IToken;
|
||||
use OC\Authentication\Token\RemoteWipe;
|
||||
use OCA\Settings\Activity\Provider;
|
||||
use OCP\Activity\IManager;
|
||||
use OCP\AppFramework\Controller;
|
||||
use OCP\AppFramework\Http;
|
||||
use OCP\AppFramework\Http\JSONResponse;
|
||||
use OCP\Authentication\Exceptions\ExpiredTokenException;
|
||||
use OCP\Authentication\Exceptions\InvalidTokenException;
|
||||
use OCP\Authentication\Exceptions\WipeTokenException;
|
||||
use OCP\Authentication\Token\IToken;
|
||||
use OCP\IRequest;
|
||||
use OCP\ISession;
|
||||
use OCP\IUserSession;
|
||||
|
|
@ -292,7 +293,8 @@ class AuthSettingsController extends Controller {
|
|||
$token = $e->getToken();
|
||||
}
|
||||
if ($token->getUID() !== $this->uid) {
|
||||
throw new InvalidTokenException('This token does not belong to you!');
|
||||
/** @psalm-suppress DeprecatedClass We have to throw the OC version so both OC and OCP catches catch it */
|
||||
throw new OcInvalidTokenException('This token does not belong to you!');
|
||||
}
|
||||
return $token;
|
||||
}
|
||||
|
|
@ -305,7 +307,7 @@ class AuthSettingsController extends Controller {
|
|||
* @param int $id
|
||||
* @return JSONResponse
|
||||
* @throws InvalidTokenException
|
||||
* @throws \OC\Authentication\Exceptions\ExpiredTokenException
|
||||
* @throws ExpiredTokenException
|
||||
*/
|
||||
public function wipe(int $id): JSONResponse {
|
||||
if ($this->checkAppToken()) {
|
||||
|
|
|
|||
|
|
@ -25,12 +25,12 @@ declare(strict_types=1);
|
|||
*/
|
||||
namespace OCA\Settings\Settings\Personal\Security;
|
||||
|
||||
use OC\Authentication\Exceptions\InvalidTokenException;
|
||||
use OC\Authentication\Token\INamedToken;
|
||||
use OC\Authentication\Token\IProvider as IAuthTokenProvider;
|
||||
use OC\Authentication\Token\IToken;
|
||||
use OCP\AppFramework\Http\TemplateResponse;
|
||||
use OCP\AppFramework\Services\IInitialState;
|
||||
use OCP\Authentication\Exceptions\InvalidTokenException;
|
||||
use OCP\ISession;
|
||||
use OCP\IUserSession;
|
||||
use OCP\Session\Exceptions\SessionNotAvailableException;
|
||||
|
|
|
|||
|
|
@ -29,13 +29,13 @@ declare(strict_types=1);
|
|||
namespace OC\Core\Controller;
|
||||
|
||||
use OC\Authentication\Events\AppPasswordCreatedEvent;
|
||||
use OC\Authentication\Exceptions\InvalidTokenException;
|
||||
use OC\Authentication\Token\IProvider;
|
||||
use OC\Authentication\Token\IToken;
|
||||
use OCP\AppFramework\Http;
|
||||
use OCP\AppFramework\Http\DataResponse;
|
||||
use OCP\AppFramework\OCS\OCSForbiddenException;
|
||||
use OCP\Authentication\Exceptions\CredentialsUnavailableException;
|
||||
use OCP\Authentication\Exceptions\InvalidTokenException;
|
||||
use OCP\Authentication\Exceptions\PasswordUnavailableException;
|
||||
use OCP\Authentication\LoginCredentials\IStore;
|
||||
use OCP\EventDispatcher\IEventDispatcher;
|
||||
|
|
|
|||
|
|
@ -33,7 +33,6 @@
|
|||
namespace OC\Core\Controller;
|
||||
|
||||
use OC\Authentication\Events\AppPasswordCreatedEvent;
|
||||
use OC\Authentication\Exceptions\InvalidTokenException;
|
||||
use OC\Authentication\Exceptions\PasswordlessTokenException;
|
||||
use OC\Authentication\Token\IProvider;
|
||||
use OC\Authentication\Token\IToken;
|
||||
|
|
@ -47,6 +46,7 @@ use OCP\AppFramework\Http\Attribute\UseSession;
|
|||
use OCP\AppFramework\Http\Response;
|
||||
use OCP\AppFramework\Http\StandaloneTemplateResponse;
|
||||
use OCP\AppFramework\Utility\ITimeFactory;
|
||||
use OCP\Authentication\Exceptions\InvalidTokenException;
|
||||
use OCP\Defaults;
|
||||
use OCP\EventDispatcher\IEventDispatcher;
|
||||
use OCP\IL10N;
|
||||
|
|
|
|||
|
|
@ -27,7 +27,6 @@ declare(strict_types=1);
|
|||
*/
|
||||
namespace OC\Core\Controller;
|
||||
|
||||
use OC\Authentication\Exceptions\InvalidTokenException;
|
||||
use OC\Core\Db\LoginFlowV2;
|
||||
use OC\Core\Exception\LoginFlowV2NotFoundException;
|
||||
use OC\Core\Service\LoginFlowV2Service;
|
||||
|
|
@ -40,6 +39,7 @@ use OCP\AppFramework\Http\JSONResponse;
|
|||
use OCP\AppFramework\Http\RedirectResponse;
|
||||
use OCP\AppFramework\Http\Response;
|
||||
use OCP\AppFramework\Http\StandaloneTemplateResponse;
|
||||
use OCP\Authentication\Exceptions\InvalidTokenException;
|
||||
use OCP\Defaults;
|
||||
use OCP\IL10N;
|
||||
use OCP\IRequest;
|
||||
|
|
|
|||
|
|
@ -26,11 +26,11 @@ declare(strict_types=1);
|
|||
*/
|
||||
namespace OC\Core\Controller;
|
||||
|
||||
use OC\Authentication\Exceptions\InvalidTokenException;
|
||||
use OC\Authentication\Token\RemoteWipe;
|
||||
use OCP\AppFramework\Controller;
|
||||
use OCP\AppFramework\Http;
|
||||
use OCP\AppFramework\Http\JSONResponse;
|
||||
use OCP\Authentication\Exceptions\InvalidTokenException;
|
||||
use OCP\IRequest;
|
||||
|
||||
class WipeController extends Controller {
|
||||
|
|
|
|||
|
|
@ -26,7 +26,6 @@ declare(strict_types=1);
|
|||
*/
|
||||
namespace OC\Core\Service;
|
||||
|
||||
use OC\Authentication\Exceptions\InvalidTokenException;
|
||||
use OC\Authentication\Exceptions\PasswordlessTokenException;
|
||||
use OC\Authentication\Token\IProvider;
|
||||
use OC\Authentication\Token\IToken;
|
||||
|
|
@ -37,6 +36,7 @@ use OC\Core\Db\LoginFlowV2Mapper;
|
|||
use OC\Core\Exception\LoginFlowV2NotFoundException;
|
||||
use OCP\AppFramework\Db\DoesNotExistException;
|
||||
use OCP\AppFramework\Utility\ITimeFactory;
|
||||
use OCP\Authentication\Exceptions\InvalidTokenException;
|
||||
use OCP\IConfig;
|
||||
use OCP\Security\ICrypto;
|
||||
use OCP\Security\ISecureRandom;
|
||||
|
|
|
|||
|
|
@ -25,16 +25,14 @@ declare(strict_types=1);
|
|||
*/
|
||||
namespace OC\Authentication\Events;
|
||||
|
||||
use OC\Authentication\Token\IToken;
|
||||
use OCP\Authentication\Token\IToken;
|
||||
use OCP\EventDispatcher\Event;
|
||||
|
||||
class AppPasswordCreatedEvent extends Event {
|
||||
/** @var IToken */
|
||||
private $token;
|
||||
|
||||
public function __construct(IToken $token) {
|
||||
public function __construct(
|
||||
private IToken $token,
|
||||
) {
|
||||
parent::__construct();
|
||||
$this->token = $token;
|
||||
}
|
||||
|
||||
public function getToken(): IToken {
|
||||
|
|
|
|||
|
|
@ -26,10 +26,10 @@ declare(strict_types=1);
|
|||
*/
|
||||
namespace OC\Authentication\LoginCredentials;
|
||||
|
||||
use OC\Authentication\Exceptions\InvalidTokenException;
|
||||
use OC\Authentication\Exceptions\PasswordlessTokenException;
|
||||
use OC\Authentication\Token\IProvider;
|
||||
use OCP\Authentication\Exceptions\CredentialsUnavailableException;
|
||||
use OCP\Authentication\Exceptions\InvalidTokenException;
|
||||
use OCP\Authentication\LoginCredentials\ICredentials;
|
||||
use OCP\Authentication\LoginCredentials\IStore;
|
||||
use OCP\ISession;
|
||||
|
|
|
|||
|
|
@ -29,10 +29,11 @@ declare(strict_types=1);
|
|||
*/
|
||||
namespace OC\Authentication\Token;
|
||||
|
||||
use OC\Authentication\Exceptions\ExpiredTokenException;
|
||||
use OC\Authentication\Exceptions\InvalidTokenException;
|
||||
use OC\Authentication\Exceptions\PasswordlessTokenException;
|
||||
use OC\Authentication\Exceptions\WipeTokenException;
|
||||
use OCP\Authentication\Exceptions\ExpiredTokenException;
|
||||
use OCP\Authentication\Exceptions\InvalidTokenException;
|
||||
use OCP\Authentication\Exceptions\WipeTokenException;
|
||||
use OCP\Authentication\Token\IToken as OCPIToken;
|
||||
|
||||
interface IProvider {
|
||||
/**
|
||||
|
|
@ -45,7 +46,7 @@ interface IProvider {
|
|||
* @param string $name Name will be trimmed to 120 chars when longer
|
||||
* @param int $type token type
|
||||
* @param int $remember whether the session token should be used for remember-me
|
||||
* @return IToken
|
||||
* @return OCPIToken
|
||||
* @throws \RuntimeException when OpenSSL reports a problem
|
||||
*/
|
||||
public function generateToken(string $token,
|
||||
|
|
@ -53,8 +54,8 @@ interface IProvider {
|
|||
string $loginName,
|
||||
?string $password,
|
||||
string $name,
|
||||
int $type = IToken::TEMPORARY_TOKEN,
|
||||
int $remember = IToken::DO_NOT_REMEMBER): IToken;
|
||||
int $type = OCPIToken::TEMPORARY_TOKEN,
|
||||
int $remember = OCPIToken::DO_NOT_REMEMBER): OCPIToken;
|
||||
|
||||
/**
|
||||
* Get a token by token id
|
||||
|
|
@ -63,9 +64,9 @@ interface IProvider {
|
|||
* @throws InvalidTokenException
|
||||
* @throws ExpiredTokenException
|
||||
* @throws WipeTokenException
|
||||
* @return IToken
|
||||
* @return OCPIToken
|
||||
*/
|
||||
public function getToken(string $tokenId): IToken;
|
||||
public function getToken(string $tokenId): OCPIToken;
|
||||
|
||||
/**
|
||||
* Get a token by token id
|
||||
|
|
@ -74,9 +75,9 @@ interface IProvider {
|
|||
* @throws InvalidTokenException
|
||||
* @throws ExpiredTokenException
|
||||
* @throws WipeTokenException
|
||||
* @return IToken
|
||||
* @return OCPIToken
|
||||
*/
|
||||
public function getTokenById(int $tokenId): IToken;
|
||||
public function getTokenById(int $tokenId): OCPIToken;
|
||||
|
||||
/**
|
||||
* Duplicate an existing session token
|
||||
|
|
@ -85,9 +86,9 @@ interface IProvider {
|
|||
* @param string $sessionId
|
||||
* @throws InvalidTokenException
|
||||
* @throws \RuntimeException when OpenSSL reports a problem
|
||||
* @return IToken The new token
|
||||
* @return OCPIToken The new token
|
||||
*/
|
||||
public function renewSessionToken(string $oldSessionId, string $sessionId): IToken;
|
||||
public function renewSessionToken(string $oldSessionId, string $sessionId): OCPIToken;
|
||||
|
||||
/**
|
||||
* Invalidate (delete) the given session token
|
||||
|
|
@ -117,16 +118,16 @@ interface IProvider {
|
|||
/**
|
||||
* Save the updated token
|
||||
*
|
||||
* @param IToken $token
|
||||
* @param OCPIToken $token
|
||||
*/
|
||||
public function updateToken(IToken $token);
|
||||
public function updateToken(OCPIToken $token);
|
||||
|
||||
/**
|
||||
* Update token activity timestamp
|
||||
*
|
||||
* @param IToken $token
|
||||
* @param OCPIToken $token
|
||||
*/
|
||||
public function updateTokenActivity(IToken $token);
|
||||
public function updateTokenActivity(OCPIToken $token);
|
||||
|
||||
/**
|
||||
* Get all tokens of a user
|
||||
|
|
@ -135,49 +136,49 @@ interface IProvider {
|
|||
* where a high number of (session) tokens is generated
|
||||
*
|
||||
* @param string $uid
|
||||
* @return IToken[]
|
||||
* @return OCPIToken[]
|
||||
*/
|
||||
public function getTokenByUser(string $uid): array;
|
||||
|
||||
/**
|
||||
* Get the (unencrypted) password of the given token
|
||||
*
|
||||
* @param IToken $savedToken
|
||||
* @param OCPIToken $savedToken
|
||||
* @param string $tokenId
|
||||
* @throws InvalidTokenException
|
||||
* @throws PasswordlessTokenException
|
||||
* @return string
|
||||
*/
|
||||
public function getPassword(IToken $savedToken, string $tokenId): string;
|
||||
public function getPassword(OCPIToken $savedToken, string $tokenId): string;
|
||||
|
||||
/**
|
||||
* Encrypt and set the password of the given token
|
||||
*
|
||||
* @param IToken $token
|
||||
* @param OCPIToken $token
|
||||
* @param string $tokenId
|
||||
* @param string $password
|
||||
* @throws InvalidTokenException
|
||||
*/
|
||||
public function setPassword(IToken $token, string $tokenId, string $password);
|
||||
public function setPassword(OCPIToken $token, string $tokenId, string $password);
|
||||
|
||||
/**
|
||||
* Rotate the token. Useful for for example oauth tokens
|
||||
*
|
||||
* @param IToken $token
|
||||
* @param OCPIToken $token
|
||||
* @param string $oldTokenId
|
||||
* @param string $newTokenId
|
||||
* @return IToken
|
||||
* @return OCPIToken
|
||||
* @throws \RuntimeException when OpenSSL reports a problem
|
||||
*/
|
||||
public function rotate(IToken $token, string $oldTokenId, string $newTokenId): IToken;
|
||||
public function rotate(OCPIToken $token, string $oldTokenId, string $newTokenId): OCPIToken;
|
||||
|
||||
/**
|
||||
* Marks a token as having an invalid password.
|
||||
*
|
||||
* @param IToken $token
|
||||
* @param OCPIToken $token
|
||||
* @param string $tokenId
|
||||
*/
|
||||
public function markPasswordInvalid(IToken $token, string $tokenId);
|
||||
public function markPasswordInvalid(OCPIToken $token, string $tokenId);
|
||||
|
||||
/**
|
||||
* Update all the passwords of $uid if required
|
||||
|
|
|
|||
|
|
@ -28,11 +28,13 @@ declare(strict_types=1);
|
|||
namespace OC\Authentication\Token;
|
||||
|
||||
use Doctrine\DBAL\Exception\UniqueConstraintViolationException;
|
||||
use OC\Authentication\Exceptions\ExpiredTokenException;
|
||||
use OC\Authentication\Exceptions\InvalidTokenException;
|
||||
use OC\Authentication\Exceptions\InvalidTokenException as OcInvalidTokenException;
|
||||
use OC\Authentication\Exceptions\PasswordlessTokenException;
|
||||
use OC\Authentication\Exceptions\WipeTokenException;
|
||||
use OCP\Authentication\Exceptions\ExpiredTokenException;
|
||||
use OCP\Authentication\Exceptions\InvalidTokenException;
|
||||
use OCP\Authentication\Exceptions\WipeTokenException;
|
||||
use OCP\Authentication\Token\IProvider as OCPIProvider;
|
||||
use OCP\Authentication\Token\IToken as OCPIToken;
|
||||
|
||||
class Manager implements IProvider, OCPIProvider {
|
||||
/** @var PublicKeyTokenProvider */
|
||||
|
|
@ -52,15 +54,15 @@ class Manager implements IProvider, OCPIProvider {
|
|||
* @param string $name Name will be trimmed to 120 chars when longer
|
||||
* @param int $type token type
|
||||
* @param int $remember whether the session token should be used for remember-me
|
||||
* @return IToken
|
||||
* @return OCPIToken
|
||||
*/
|
||||
public function generateToken(string $token,
|
||||
string $uid,
|
||||
string $loginName,
|
||||
$password,
|
||||
string $name,
|
||||
int $type = IToken::TEMPORARY_TOKEN,
|
||||
int $remember = IToken::DO_NOT_REMEMBER): IToken {
|
||||
int $type = OCPIToken::TEMPORARY_TOKEN,
|
||||
int $remember = OCPIToken::DO_NOT_REMEMBER): OCPIToken {
|
||||
if (mb_strlen($name) > 128) {
|
||||
$name = mb_substr($name, 0, 120) . '…';
|
||||
}
|
||||
|
|
@ -93,10 +95,10 @@ class Manager implements IProvider, OCPIProvider {
|
|||
/**
|
||||
* Save the updated token
|
||||
*
|
||||
* @param IToken $token
|
||||
* @param OCPIToken $token
|
||||
* @throws InvalidTokenException
|
||||
*/
|
||||
public function updateToken(IToken $token) {
|
||||
public function updateToken(OCPIToken $token) {
|
||||
$provider = $this->getProvider($token);
|
||||
$provider->updateToken($token);
|
||||
}
|
||||
|
|
@ -105,16 +107,16 @@ class Manager implements IProvider, OCPIProvider {
|
|||
* Update token activity timestamp
|
||||
*
|
||||
* @throws InvalidTokenException
|
||||
* @param IToken $token
|
||||
* @param OCPIToken $token
|
||||
*/
|
||||
public function updateTokenActivity(IToken $token) {
|
||||
public function updateTokenActivity(OCPIToken $token) {
|
||||
$provider = $this->getProvider($token);
|
||||
$provider->updateTokenActivity($token);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string $uid
|
||||
* @return IToken[]
|
||||
* @return OCPIToken[]
|
||||
*/
|
||||
public function getTokenByUser(string $uid): array {
|
||||
return $this->publicKeyTokenProvider->getTokenByUser($uid);
|
||||
|
|
@ -126,9 +128,9 @@ class Manager implements IProvider, OCPIProvider {
|
|||
* @param string $tokenId
|
||||
* @throws InvalidTokenException
|
||||
* @throws \RuntimeException when OpenSSL reports a problem
|
||||
* @return IToken
|
||||
* @return OCPIToken
|
||||
*/
|
||||
public function getToken(string $tokenId): IToken {
|
||||
public function getToken(string $tokenId): OCPIToken {
|
||||
try {
|
||||
return $this->publicKeyTokenProvider->getToken($tokenId);
|
||||
} catch (WipeTokenException $e) {
|
||||
|
|
@ -145,9 +147,9 @@ class Manager implements IProvider, OCPIProvider {
|
|||
*
|
||||
* @param int $tokenId
|
||||
* @throws InvalidTokenException
|
||||
* @return IToken
|
||||
* @return OCPIToken
|
||||
*/
|
||||
public function getTokenById(int $tokenId): IToken {
|
||||
public function getTokenById(int $tokenId): OCPIToken {
|
||||
try {
|
||||
return $this->publicKeyTokenProvider->getTokenById($tokenId);
|
||||
} catch (ExpiredTokenException $e) {
|
||||
|
|
@ -163,9 +165,9 @@ class Manager implements IProvider, OCPIProvider {
|
|||
* @param string $oldSessionId
|
||||
* @param string $sessionId
|
||||
* @throws InvalidTokenException
|
||||
* @return IToken
|
||||
* @return OCPIToken
|
||||
*/
|
||||
public function renewSessionToken(string $oldSessionId, string $sessionId): IToken {
|
||||
public function renewSessionToken(string $oldSessionId, string $sessionId): OCPIToken {
|
||||
try {
|
||||
return $this->publicKeyTokenProvider->renewSessionToken($oldSessionId, $sessionId);
|
||||
} catch (ExpiredTokenException $e) {
|
||||
|
|
@ -176,18 +178,18 @@ class Manager implements IProvider, OCPIProvider {
|
|||
}
|
||||
|
||||
/**
|
||||
* @param IToken $savedToken
|
||||
* @param OCPIToken $savedToken
|
||||
* @param string $tokenId session token
|
||||
* @throws InvalidTokenException
|
||||
* @throws PasswordlessTokenException
|
||||
* @return string
|
||||
*/
|
||||
public function getPassword(IToken $savedToken, string $tokenId): string {
|
||||
public function getPassword(OCPIToken $savedToken, string $tokenId): string {
|
||||
$provider = $this->getProvider($savedToken);
|
||||
return $provider->getPassword($savedToken, $tokenId);
|
||||
}
|
||||
|
||||
public function setPassword(IToken $token, string $tokenId, string $password) {
|
||||
public function setPassword(OCPIToken $token, string $tokenId, string $password) {
|
||||
$provider = $this->getProvider($token);
|
||||
$provider->setPassword($token, $tokenId, $password);
|
||||
}
|
||||
|
|
@ -209,35 +211,37 @@ class Manager implements IProvider, OCPIProvider {
|
|||
}
|
||||
|
||||
/**
|
||||
* @param IToken $token
|
||||
* @param OCPIToken $token
|
||||
* @param string $oldTokenId
|
||||
* @param string $newTokenId
|
||||
* @return IToken
|
||||
* @return OCPIToken
|
||||
* @throws InvalidTokenException
|
||||
* @throws \RuntimeException when OpenSSL reports a problem
|
||||
*/
|
||||
public function rotate(IToken $token, string $oldTokenId, string $newTokenId): IToken {
|
||||
public function rotate(OCPIToken $token, string $oldTokenId, string $newTokenId): OCPIToken {
|
||||
if ($token instanceof PublicKeyToken) {
|
||||
return $this->publicKeyTokenProvider->rotate($token, $oldTokenId, $newTokenId);
|
||||
}
|
||||
|
||||
throw new InvalidTokenException();
|
||||
/** @psalm-suppress DeprecatedClass We have to throw the OC version so both OC and OCP catches catch it */
|
||||
throw new OcInvalidTokenException();
|
||||
}
|
||||
|
||||
/**
|
||||
* @param IToken $token
|
||||
* @param OCPIToken $token
|
||||
* @return IProvider
|
||||
* @throws InvalidTokenException
|
||||
*/
|
||||
private function getProvider(IToken $token): IProvider {
|
||||
private function getProvider(OCPIToken $token): IProvider {
|
||||
if ($token instanceof PublicKeyToken) {
|
||||
return $this->publicKeyTokenProvider;
|
||||
}
|
||||
throw new InvalidTokenException();
|
||||
/** @psalm-suppress DeprecatedClass We have to throw the OC version so both OC and OCP catches catch it */
|
||||
throw new OcInvalidTokenException();
|
||||
}
|
||||
|
||||
|
||||
public function markPasswordInvalid(IToken $token, string $tokenId) {
|
||||
public function markPasswordInvalid(OCPIToken $token, string $tokenId) {
|
||||
$this->getProvider($token)->markPasswordInvalid($token, $tokenId);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -37,6 +37,7 @@ use OC\Authentication\Exceptions\WipeTokenException;
|
|||
use OCP\AppFramework\Db\DoesNotExistException;
|
||||
use OCP\AppFramework\Db\TTransactional;
|
||||
use OCP\AppFramework\Utility\ITimeFactory;
|
||||
use OCP\Authentication\Token\IToken as OCPIToken;
|
||||
use OCP\Cache\CappedMemoryCache;
|
||||
use OCP\IConfig;
|
||||
use OCP\IDBConnection;
|
||||
|
|
@ -98,8 +99,8 @@ class PublicKeyTokenProvider implements IProvider {
|
|||
string $loginName,
|
||||
?string $password,
|
||||
string $name,
|
||||
int $type = IToken::TEMPORARY_TOKEN,
|
||||
int $remember = IToken::DO_NOT_REMEMBER): IToken {
|
||||
int $type = OCPIToken::TEMPORARY_TOKEN,
|
||||
int $remember = OCPIToken::DO_NOT_REMEMBER): OCPIToken {
|
||||
if (strlen($token) < self::TOKEN_MIN_LENGTH) {
|
||||
$exception = new InvalidTokenException('Token is too short, minimum of ' . self::TOKEN_MIN_LENGTH . ' characters is required, ' . strlen($token) . ' characters given');
|
||||
$this->logger->error('Invalid token provided when generating new token', ['exception' => $exception]);
|
||||
|
|
@ -133,7 +134,7 @@ class PublicKeyTokenProvider implements IProvider {
|
|||
return $dbToken;
|
||||
}
|
||||
|
||||
public function getToken(string $tokenId): IToken {
|
||||
public function getToken(string $tokenId): OCPIToken {
|
||||
/**
|
||||
* Token length: 72
|
||||
* @see \OC\Core\Controller\ClientFlowLoginController::generateAppPassword
|
||||
|
|
@ -183,7 +184,7 @@ class PublicKeyTokenProvider implements IProvider {
|
|||
throw new ExpiredTokenException($token);
|
||||
}
|
||||
|
||||
if ($token->getType() === IToken::WIPE_TOKEN) {
|
||||
if ($token->getType() === OCPIToken::WIPE_TOKEN) {
|
||||
throw new WipeTokenException($token);
|
||||
}
|
||||
|
||||
|
|
@ -195,7 +196,7 @@ class PublicKeyTokenProvider implements IProvider {
|
|||
return $token;
|
||||
}
|
||||
|
||||
public function getTokenById(int $tokenId): IToken {
|
||||
public function getTokenById(int $tokenId): OCPIToken {
|
||||
try {
|
||||
$token = $this->mapper->getTokenById($tokenId);
|
||||
} catch (DoesNotExistException $ex) {
|
||||
|
|
@ -206,7 +207,7 @@ class PublicKeyTokenProvider implements IProvider {
|
|||
throw new ExpiredTokenException($token);
|
||||
}
|
||||
|
||||
if ($token->getType() === IToken::WIPE_TOKEN) {
|
||||
if ($token->getType() === OCPIToken::WIPE_TOKEN) {
|
||||
throw new WipeTokenException($token);
|
||||
}
|
||||
|
||||
|
|
@ -218,7 +219,7 @@ class PublicKeyTokenProvider implements IProvider {
|
|||
return $token;
|
||||
}
|
||||
|
||||
public function renewSessionToken(string $oldSessionId, string $sessionId): IToken {
|
||||
public function renewSessionToken(string $oldSessionId, string $sessionId): OCPIToken {
|
||||
$this->cache->clear();
|
||||
|
||||
return $this->atomic(function () use ($oldSessionId, $sessionId) {
|
||||
|
|
@ -239,7 +240,7 @@ class PublicKeyTokenProvider implements IProvider {
|
|||
$token->getLoginName(),
|
||||
$password,
|
||||
$token->getName(),
|
||||
IToken::TEMPORARY_TOKEN,
|
||||
OCPIToken::TEMPORARY_TOKEN,
|
||||
$token->getRemember()
|
||||
);
|
||||
|
||||
|
|
@ -267,10 +268,10 @@ class PublicKeyTokenProvider implements IProvider {
|
|||
|
||||
$olderThan = $this->time->getTime() - $this->config->getSystemValueInt('session_lifetime', 60 * 60 * 24);
|
||||
$this->logger->debug('Invalidating session tokens older than ' . date('c', $olderThan), ['app' => 'cron']);
|
||||
$this->mapper->invalidateOld($olderThan, IToken::DO_NOT_REMEMBER);
|
||||
$this->mapper->invalidateOld($olderThan, OCPIToken::DO_NOT_REMEMBER);
|
||||
$rememberThreshold = $this->time->getTime() - $this->config->getSystemValueInt('remember_login_cookie_lifetime', 60 * 60 * 24 * 15);
|
||||
$this->logger->debug('Invalidating remembered session tokens older than ' . date('c', $rememberThreshold), ['app' => 'cron']);
|
||||
$this->mapper->invalidateOld($rememberThreshold, IToken::REMEMBER);
|
||||
$this->mapper->invalidateOld($rememberThreshold, OCPIToken::REMEMBER);
|
||||
}
|
||||
|
||||
public function invalidateLastUsedBefore(string $uid, int $before): void {
|
||||
|
|
@ -279,7 +280,7 @@ class PublicKeyTokenProvider implements IProvider {
|
|||
$this->mapper->invalidateLastUsedBefore($uid, $before);
|
||||
}
|
||||
|
||||
public function updateToken(IToken $token) {
|
||||
public function updateToken(OCPIToken $token) {
|
||||
$this->cache->clear();
|
||||
|
||||
if (!($token instanceof PublicKeyToken)) {
|
||||
|
|
@ -288,7 +289,7 @@ class PublicKeyTokenProvider implements IProvider {
|
|||
$this->mapper->update($token);
|
||||
}
|
||||
|
||||
public function updateTokenActivity(IToken $token) {
|
||||
public function updateTokenActivity(OCPIToken $token) {
|
||||
$this->cache->clear();
|
||||
|
||||
if (!($token instanceof PublicKeyToken)) {
|
||||
|
|
@ -310,7 +311,7 @@ class PublicKeyTokenProvider implements IProvider {
|
|||
return $this->mapper->getTokenByUser($uid);
|
||||
}
|
||||
|
||||
public function getPassword(IToken $savedToken, string $tokenId): string {
|
||||
public function getPassword(OCPIToken $savedToken, string $tokenId): string {
|
||||
if (!($savedToken instanceof PublicKeyToken)) {
|
||||
throw new InvalidTokenException("Invalid token type");
|
||||
}
|
||||
|
|
@ -326,7 +327,7 @@ class PublicKeyTokenProvider implements IProvider {
|
|||
return $this->decryptPassword($savedToken->getPassword(), $privateKey);
|
||||
}
|
||||
|
||||
public function setPassword(IToken $token, string $tokenId, string $password) {
|
||||
public function setPassword(OCPIToken $token, string $tokenId, string $password) {
|
||||
$this->cache->clear();
|
||||
|
||||
if (!($token instanceof PublicKeyToken)) {
|
||||
|
|
@ -353,7 +354,7 @@ class PublicKeyTokenProvider implements IProvider {
|
|||
return $this->hasher->hash(sha1($password) . $password);
|
||||
}
|
||||
|
||||
public function rotate(IToken $token, string $oldTokenId, string $newTokenId): IToken {
|
||||
public function rotate(OCPIToken $token, string $oldTokenId, string $newTokenId): OCPIToken {
|
||||
$this->cache->clear();
|
||||
|
||||
if (!($token instanceof PublicKeyToken)) {
|
||||
|
|
@ -478,7 +479,7 @@ class PublicKeyTokenProvider implements IProvider {
|
|||
return $dbToken;
|
||||
}
|
||||
|
||||
public function markPasswordInvalid(IToken $token, string $tokenId) {
|
||||
public function markPasswordInvalid(OCPIToken $token, string $tokenId) {
|
||||
$this->cache->clear();
|
||||
|
||||
if (!($token instanceof PublicKeyToken)) {
|
||||
|
|
|
|||
|
|
@ -29,8 +29,8 @@ namespace OC\Authentication\Token;
|
|||
|
||||
use OC\Authentication\Events\RemoteWipeFinished;
|
||||
use OC\Authentication\Events\RemoteWipeStarted;
|
||||
use OC\Authentication\Exceptions\InvalidTokenException;
|
||||
use OC\Authentication\Exceptions\WipeTokenException;
|
||||
use OCP\Authentication\Exceptions\InvalidTokenException;
|
||||
use OCP\Authentication\Exceptions\WipeTokenException;
|
||||
use OCP\EventDispatcher\IEventDispatcher;
|
||||
use OCP\IUser;
|
||||
use Psr\Log\LoggerInterface;
|
||||
|
|
|
|||
|
|
@ -29,10 +29,10 @@ namespace OC\Authentication\TwoFactorAuth;
|
|||
|
||||
use BadMethodCallException;
|
||||
use Exception;
|
||||
use OC\Authentication\Exceptions\InvalidTokenException;
|
||||
use OC\Authentication\Token\IProvider as TokenProvider;
|
||||
use OCP\Activity\IManager;
|
||||
use OCP\AppFramework\Utility\ITimeFactory;
|
||||
use OCP\Authentication\Exceptions\InvalidTokenException;
|
||||
use OCP\Authentication\TwoFactorAuth\IActivatableAtLogin;
|
||||
use OCP\Authentication\TwoFactorAuth\IProvider;
|
||||
use OCP\Authentication\TwoFactorAuth\IRegistry;
|
||||
|
|
|
|||
|
|
@ -33,8 +33,8 @@ declare(strict_types=1);
|
|||
*/
|
||||
namespace OC\Session;
|
||||
|
||||
use OC\Authentication\Exceptions\InvalidTokenException;
|
||||
use OC\Authentication\Token\IProvider;
|
||||
use OCP\Authentication\Exceptions\InvalidTokenException;
|
||||
use OCP\Session\Exceptions\SessionNotAvailableException;
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -39,8 +39,6 @@
|
|||
namespace OC\User;
|
||||
|
||||
use OC;
|
||||
use OC\Authentication\Exceptions\ExpiredTokenException;
|
||||
use OC\Authentication\Exceptions\InvalidTokenException;
|
||||
use OC\Authentication\Exceptions\PasswordlessTokenException;
|
||||
use OC\Authentication\Exceptions\PasswordLoginForbiddenException;
|
||||
use OC\Authentication\Token\IProvider;
|
||||
|
|
@ -51,6 +49,8 @@ use OC_User;
|
|||
use OC_Util;
|
||||
use OCA\DAV\Connector\Sabre\Auth;
|
||||
use OCP\AppFramework\Utility\ITimeFactory;
|
||||
use OCP\Authentication\Exceptions\ExpiredTokenException;
|
||||
use OCP\Authentication\Exceptions\InvalidTokenException;
|
||||
use OCP\EventDispatcher\GenericEvent;
|
||||
use OCP\EventDispatcher\IEventDispatcher;
|
||||
use OCP\Files\NotPermittedException;
|
||||
|
|
|
|||
Loading…
Reference in a new issue