mirror of
https://github.com/nextcloud/server.git
synced 2026-04-20 22:00:39 -04:00
rename oauth2_access_token's created_at to code_created_at
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
This commit is contained in:
Julien Veyssier
parent
e944980eb6
commit
c6da99474e
6 changed files with 21 additions and 21 deletions
|
|
@ -126,15 +126,15 @@ class OauthApiController extends Controller {
|
|||
|
||||
// check authorization code expiration
|
||||
$now = $this->timeFactory->now()->getTimestamp();
|
||||
$tokenCreatedAt = $accessToken->getCreatedAt();
|
||||
if ($tokenCreatedAt < $now - self::AUTHORIZATION_CODE_EXPIRES_AFTER) {
|
||||
$codeCreatedAt = $accessToken->getCodeCreatedAt();
|
||||
if ($codeCreatedAt < $now - self::AUTHORIZATION_CODE_EXPIRES_AFTER) {
|
||||
// we know this token is not useful anymore
|
||||
$this->accessTokenMapper->delete($accessToken);
|
||||
|
||||
$response = new JSONResponse([
|
||||
'error' => 'invalid_request',
|
||||
], Http::STATUS_BAD_REQUEST);
|
||||
$expiredSince = $now - self::AUTHORIZATION_CODE_EXPIRES_AFTER - $tokenCreatedAt;
|
||||
$expiredSince = $now - self::AUTHORIZATION_CODE_EXPIRES_AFTER - $codeCreatedAt;
|
||||
$response->throttle(['invalid_request' => 'authorization_code_expired', 'expired_since' => $expiredSince]);
|
||||
return $response;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -34,8 +34,8 @@ use OCP\AppFramework\Db\Entity;
|
|||
* @method void setEncryptedToken(string $token)
|
||||
* @method string getHashedCode()
|
||||
* @method void setHashedCode(string $token)
|
||||
* @method int getCreatedAt()
|
||||
* @method void setCreatedAt(int $createdAt)
|
||||
* @method int getCodeCreatedAt()
|
||||
* @method void setCodeCreatedAt(int $createdAt)
|
||||
* @method int getTokenCount()
|
||||
* @method void setTokenCount(int $tokenCount)
|
||||
*/
|
||||
|
|
@ -49,7 +49,7 @@ class AccessToken extends Entity {
|
|||
/** @var string */
|
||||
protected $encryptedToken;
|
||||
/** @var int */
|
||||
protected $createdAt;
|
||||
protected $codeCreatedAt;
|
||||
/** @var int */
|
||||
protected $tokenCount;
|
||||
|
||||
|
|
@ -59,7 +59,7 @@ class AccessToken extends Entity {
|
|||
$this->addType('clientId', 'int');
|
||||
$this->addType('hashedCode', 'string');
|
||||
$this->addType('encryptedToken', 'string');
|
||||
$this->addType('created_at', 'int');
|
||||
$this->addType('code_created_at', 'int');
|
||||
$this->addType('token_count', 'int');
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -99,7 +99,7 @@ class AccessTokenMapper extends QBMapper {
|
|||
$qb
|
||||
->delete($this->tableName)
|
||||
->where($qb->expr()->eq('token_count', $qb->createNamedParameter(0, IQueryBuilder::PARAM_INT)))
|
||||
->andWhere($qb->expr()->lt('created_at', $qb->createNamedParameter($maxTokenCreationTs, IQueryBuilder::PARAM_INT)));
|
||||
->andWhere($qb->expr()->lt('code_created_at', $qb->createNamedParameter($maxTokenCreationTs, IQueryBuilder::PARAM_INT)));
|
||||
$qb->executeStatement();
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -47,8 +47,8 @@ class Version011603Date20230620111039 extends SimpleMigrationStep {
|
|||
if ($schema->hasTable('oauth2_access_tokens')) {
|
||||
$table = $schema->getTable('oauth2_access_tokens');
|
||||
$dbChanged = false;
|
||||
if (!$table->hasColumn('created_at')) {
|
||||
$table->addColumn('created_at', Types::BIGINT, [
|
||||
if (!$table->hasColumn('code_created_at')) {
|
||||
$table->addColumn('code_created_at', Types::BIGINT, [
|
||||
'notnull' => true,
|
||||
'default' => 0,
|
||||
]);
|
||||
|
|
@ -62,7 +62,7 @@ class Version011603Date20230620111039 extends SimpleMigrationStep {
|
|||
$dbChanged = true;
|
||||
}
|
||||
if (!$table->hasIndex('oauth2_tk_c_created_idx')) {
|
||||
$table->addIndex(['token_count', 'created_at'], 'oauth2_tk_c_created_idx');
|
||||
$table->addIndex(['token_count', 'code_created_at'], 'oauth2_tk_c_created_idx');
|
||||
$dbChanged = true;
|
||||
}
|
||||
if ($dbChanged) {
|
||||
|
|
|
|||
|
|
@ -127,7 +127,7 @@ class OauthApiControllerTest extends TestCase {
|
|||
}
|
||||
|
||||
public function testGetTokenExpiredCode() {
|
||||
$tokenCreatedAt = 100;
|
||||
$codeCreatedAt = 100;
|
||||
$expiredSince = 123;
|
||||
|
||||
$expected = new JSONResponse([
|
||||
|
|
@ -137,13 +137,13 @@ class OauthApiControllerTest extends TestCase {
|
|||
|
||||
$accessToken = new AccessToken();
|
||||
$accessToken->setClientId(42);
|
||||
$accessToken->setCreatedAt($tokenCreatedAt);
|
||||
$accessToken->setCodeCreatedAt($codeCreatedAt);
|
||||
|
||||
$this->accessTokenMapper->method('getByCode')
|
||||
->with('validcode')
|
||||
->willReturn($accessToken);
|
||||
|
||||
$tsNow = $tokenCreatedAt + OauthApiController::AUTHORIZATION_CODE_EXPIRES_AFTER + $expiredSince;
|
||||
$tsNow = $codeCreatedAt + OauthApiController::AUTHORIZATION_CODE_EXPIRES_AFTER + $expiredSince;
|
||||
$dateNow = (new \DateTimeImmutable())->setTimestamp($tsNow);
|
||||
$this->timeFactory->method('now')
|
||||
->willReturn($dateNow);
|
||||
|
|
@ -154,7 +154,7 @@ class OauthApiControllerTest extends TestCase {
|
|||
public function testGetTokenWithCodeForActiveToken() {
|
||||
// if a token has already delivered oauth tokens,
|
||||
// it should not be possible to get a new oauth token from a valid authorization code
|
||||
$tokenCreatedAt = 100;
|
||||
$codeCreatedAt = 100;
|
||||
|
||||
$expected = new JSONResponse([
|
||||
'error' => 'invalid_request',
|
||||
|
|
@ -163,14 +163,14 @@ class OauthApiControllerTest extends TestCase {
|
|||
|
||||
$accessToken = new AccessToken();
|
||||
$accessToken->setClientId(42);
|
||||
$accessToken->setCreatedAt($tokenCreatedAt);
|
||||
$accessToken->setCodeCreatedAt($codeCreatedAt);
|
||||
$accessToken->setTokenCount(1);
|
||||
|
||||
$this->accessTokenMapper->method('getByCode')
|
||||
->with('validcode')
|
||||
->willReturn($accessToken);
|
||||
|
||||
$tsNow = $tokenCreatedAt + 1;
|
||||
$tsNow = $codeCreatedAt + 1;
|
||||
$dateNow = (new \DateTimeImmutable())->setTimestamp($tsNow);
|
||||
$this->timeFactory->method('now')
|
||||
->willReturn($dateNow);
|
||||
|
|
@ -181,7 +181,7 @@ class OauthApiControllerTest extends TestCase {
|
|||
public function testGetTokenClientDoesNotExist() {
|
||||
// In this test, the token's authorization code is valid and has not expired
|
||||
// and we check what happens when the associated Oauth client does not exist
|
||||
$tokenCreatedAt = 100;
|
||||
$codeCreatedAt = 100;
|
||||
|
||||
$expected = new JSONResponse([
|
||||
'error' => 'invalid_request',
|
||||
|
|
@ -190,14 +190,14 @@ class OauthApiControllerTest extends TestCase {
|
|||
|
||||
$accessToken = new AccessToken();
|
||||
$accessToken->setClientId(42);
|
||||
$accessToken->setCreatedAt($tokenCreatedAt);
|
||||
$accessToken->setCodeCreatedAt($codeCreatedAt);
|
||||
|
||||
$this->accessTokenMapper->method('getByCode')
|
||||
->with('validcode')
|
||||
->willReturn($accessToken);
|
||||
|
||||
// 'now' is before the token's authorization code expiration
|
||||
$tsNow = $tokenCreatedAt + OauthApiController::AUTHORIZATION_CODE_EXPIRES_AFTER - 1;
|
||||
$tsNow = $codeCreatedAt + OauthApiController::AUTHORIZATION_CODE_EXPIRES_AFTER - 1;
|
||||
$dateNow = (new \DateTimeImmutable())->setTimestamp($tsNow);
|
||||
$this->timeFactory->method('now')
|
||||
->willReturn($dateNow);
|
||||
|
|
|
|||
|
|
@ -289,7 +289,7 @@ class ClientFlowLoginController extends Controller {
|
|||
$accessToken->setEncryptedToken($this->crypto->encrypt($token, $code));
|
||||
$accessToken->setHashedCode(hash('sha512', $code));
|
||||
$accessToken->setTokenId($generatedToken->getId());
|
||||
$accessToken->setCreatedAt($this->timeFactory->now()->getTimestamp());
|
||||
$accessToken->setCodeCreatedAt($this->timeFactory->now()->getTimestamp());
|
||||
$this->accessTokenMapper->insert($accessToken);
|
||||
|
||||
$redirectUri = $client->getRedirectUri();
|
||||
|
|
|
|||
Loading…
Reference in a new issue