Limit the length of app password names

Signed-off-by: Joas Schilling <coding@schilljs.com>

diff --git a/apps/settings/lib/Controller/AuthSettingsController.php b/apps/settings/lib/Controller/AuthSettingsController.php
index 3255fcce56e7b74c4f78cb6cb7b806c17f13504a..38db7be1e918704cdb5fa9732d2c1f40ad63e752 100644 (file)
--- a/apps/settings/lib/Controller/AuthSettingsController.php
+++ b/apps/settings/lib/Controller/AuthSettingsController.php
@@ -145,6 +145,10 @@ class AuthSettingsController extends Controller {
                        return $this->getServiceNotAvailableResponse();
                }
 
+               if (mb_strlen($name) > 128) {
+                       $name = mb_substr($name, 0, 120) . '…';
+               }
+
                $token = $this->generateRandomDeviceToken();
                $deviceToken = $this->tokenProvider->generateToken($token, $this->uid, $loginName, $password, $name, IToken::PERMANENT_TOKEN);
                $tokenData = $deviceToken->jsonSerialize();
@@ -241,6 +245,10 @@ class AuthSettingsController extends Controller {
                        $this->publishActivity($scope['filesystem'] ? Provider::APP_TOKEN_FILESYSTEM_GRANTED : Provider::APP_TOKEN_FILESYSTEM_REVOKED, $token->getId(), ['name' => $currentName]);
                }
 
+               if (mb_strlen($name) > 128) {
+                       $name = mb_substr($name, 0, 120) . '…';
+               }
+
                if ($token instanceof INamedToken && $name !== $currentName) {
                        $token->setName($name);
                        $this->publishActivity(Provider::APP_TOKEN_RENAMED, $token->getId(), ['name' => $currentName, 'newName' => $name]);

diff --git a/core/Controller/AppPasswordController.php b/core/Controller/AppPasswordController.php
index 41f0f6e4f273e3c3d4abae797e14001e8ad6c855..7cc0310746d5e8c4f62e65612d8d0db12e9fd338 100644 (file)
--- a/core/Controller/AppPasswordController.php
+++ b/core/Controller/AppPasswordController.php
@@ -99,6 +99,9 @@ class AppPasswordController extends \OCP\AppFramework\OCSController {
                }
 
                $userAgent = $this->request->getHeader('USER_AGENT');
+               if (mb_strlen($userAgent) > 128) {
+                       $userAgent = mb_substr($userAgent, 0, 120) . '…';
+               }
 
                $token = $this->random->generate(72, ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_DIGITS);
 

diff --git a/core/Controller/ClientFlowLoginController.php b/core/Controller/ClientFlowLoginController.php
index e067f0ff6b5f5b3406f0c29c3aa2b336a40794f4..ff6b888888478a270164ad71358d438305d0c26e 100644 (file)
--- a/core/Controller/ClientFlowLoginController.php
+++ b/core/Controller/ClientFlowLoginController.php
@@ -322,6 +322,10 @@ class ClientFlowLoginController extends Controller {
                        $clientName = $client->getName();
                }
 
+               if (mb_strlen($clientName) > 128) {
+                       $clientName = mb_substr($clientName, 0, 120) . '…';
+               }
+
                $token = $this->random->generate(72, ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_DIGITS);
                $uid = $this->userSession->getUser()->getUID();
                $generatedToken = $this->tokenProvider->generateToken(

diff --git a/lib/private/Authentication/Token/Manager.php b/lib/private/Authentication/Token/Manager.php
index 0a7a821e23e7ebfa65b2be9b70fd0facc0bbb64c..ae0874733f8b11603470fdece98fc487a4dcc51c 100644 (file)
--- a/lib/private/Authentication/Token/Manager.php
+++ b/lib/private/Authentication/Token/Manager.php
@@ -61,6 +61,10 @@ class Manager implements IProvider {
                                                                  string $name,
                                                                  int $type = IToken::TEMPORARY_TOKEN,
                                                                  int $remember = IToken::DO_NOT_REMEMBER): IToken {
+               if (mb_strlen($name) > 128) {
+                       throw new InvalidTokenException('The given name is too long');
+               }
+
                try {
                        return $this->publicKeyTokenProvider->generateToken(
                                $token,

diff --git a/lib/private/Authentication/Token/PublicKeyTokenProvider.php b/lib/private/Authentication/Token/PublicKeyTokenProvider.php
index d2ee47cf38051c3a0e5091b85c601dfd4ed7a517..26337029d77d64c1c0deabf26b772a215182a99e 100644 (file)
--- a/lib/private/Authentication/Token/PublicKeyTokenProvider.php
+++ b/lib/private/Authentication/Token/PublicKeyTokenProvider.php
@@ -84,6 +84,10 @@ class PublicKeyTokenProvider implements IProvider {
                                                                  string $name,
                                                                  int $type = IToken::TEMPORARY_TOKEN,
                                                                  int $remember = IToken::DO_NOT_REMEMBER): IToken {
+               if (mb_strlen($name) > 128) {
+                       throw new InvalidTokenException('The given name is too long');
+               }
+
                $dbToken = $this->newToken($token, $uid, $loginName, $password, $name, $type, $remember);
                $this->mapper->insert($dbToken);