Limit the length of app password names

author Joas Schilling <coding@schilljs.com>

Tue, 22 Mar 2022 09:51:54 +0000 (10:51 +0100)

committer John Molakvoæ (Rebase PR Action) <skjnldsv@users.noreply.github.com>

Fri, 13 May 2022 18:34:18 +0000 (18:34 +0000)
author Joas Schilling <coding@schilljs.com>
Tue, 22 Mar 2022 09:51:54 +0000 (10:51 +0100)
committer John Molakvoæ (Rebase PR Action) <skjnldsv@users.noreply.github.com>
Fri, 13 May 2022 18:34:18 +0000 (18:34 +0000)
diff --git a/apps/settings/lib/Controller/AuthSettingsController.php b/apps/settings/lib/Controller/AuthSettingsController.php

index 566c03536ab6e8e3763222f45224709de696badc..241cecd71132518da0602224c1663fac5b8fe6b0 100644 (file)
--- a/apps/settings/lib/Controller/AuthSettingsController.php
+++ b/apps/settings/lib/Controller/AuthSettingsController.php
@@ -146,6 +146,10 @@ class AuthSettingsController extends Controller {
                         return $this->getServiceNotAvailableResponse();
                 }
  
+               if (mb_strlen($name) > 128) {
+                       $name = mb_substr($name, 0, 120) . '…';
+               }
+
                 $token = $this->generateRandomDeviceToken();
                 $deviceToken = $this->tokenProvider->generateToken($token, $this->uid, $loginName, $password, $name, IToken::PERMANENT_TOKEN);
                 $tokenData = $deviceToken->jsonSerialize();
@@ -242,6 +246,10 @@ class AuthSettingsController extends Controller {
                         $this->publishActivity($scope['filesystem'] ? Provider::APP_TOKEN_FILESYSTEM_GRANTED : Provider::APP_TOKEN_FILESYSTEM_REVOKED, $token->getId(), ['name' => $currentName]);
                 }
  
+               if (mb_strlen($name) > 128) {
+                       $name = mb_substr($name, 0, 120) . '…';
+               }
+
                 if ($token instanceof INamedToken && $name !== $currentName) {
                         $token->setName($name);
                         $this->publishActivity(Provider::APP_TOKEN_RENAMED, $token->getId(), ['name' => $currentName, 'newName' => $name]);
diff --git a/lib/private/Authentication/Token/IProvider.php b/lib/private/Authentication/Token/IProvider.php

index 2b6223fded974ba5d62c7cb869fea79f4dd45bc3..8cdca96f3cc87d38abf2320d0f3291655e2dc8bb 100644 (file)
--- a/lib/private/Authentication/Token/IProvider.php
+++ b/lib/private/Authentication/Token/IProvider.php
@@ -45,7 +45,7 @@ interface IProvider {
          * @param string $uid
          * @param string $loginName
          * @param string|null $password
-        * @param string $name
+        * @param string $name Name will be trimmed to 120 chars when longer
          * @param int $type token type
          * @param int $remember whether the session token should be used for remember-me
          * @return IToken
diff --git a/lib/private/Authentication/Token/Manager.php b/lib/private/Authentication/Token/Manager.php

index 073569de0cfce947dee1e8ef859e8715e4915ea0..f8cf612ac2b4d894a4b52c03fd18469aec683f01 100644 (file)
--- a/lib/private/Authentication/Token/Manager.php
+++ b/lib/private/Authentication/Token/Manager.php
@@ -54,7 +54,7 @@ class Manager implements IProvider {
          * @param string $uid
          * @param string $loginName
          * @param string|null $password
-        * @param string $name
+        * @param string $name Name will be trimmed to 120 chars when longer
          * @param int $type token type
          * @param int $remember whether the session token should be used for remember-me
          * @return IToken
@@ -66,6 +66,10 @@ class Manager implements IProvider {
                                                                   string $name,
                                                                   int $type = IToken::TEMPORARY_TOKEN,
                                                                   int $remember = IToken::DO_NOT_REMEMBER): IToken {
+               if (mb_strlen($name) > 128) {
+                       $name = mb_substr($name, 0, 120) . '…';
+               }
+
                 try {
                         return $this->publicKeyTokenProvider->generateToken(
                                 $token,
diff --git a/lib/private/Authentication/Token/PublicKeyTokenProvider.php b/lib/private/Authentication/Token/PublicKeyTokenProvider.php

index 4657a8027679c297b9301ea1a4d7efebb1551338..fd9e8336cc236029c0d38f4f0c8d92f85238ce17 100644 (file)
--- a/lib/private/Authentication/Token/PublicKeyTokenProvider.php
+++ b/lib/private/Authentication/Token/PublicKeyTokenProvider.php
@@ -85,6 +85,10 @@ class PublicKeyTokenProvider implements IProvider {
                                                                   string $name,
                                                                   int $type = IToken::TEMPORARY_TOKEN,
                                                                   int $remember = IToken::DO_NOT_REMEMBER): IToken {
+               if (mb_strlen($name) > 128) {
+                       throw new InvalidTokenException('The given name is too long');
+               }
+
                 $dbToken = $this->newToken($token, $uid, $loginName, $password, $name, $type, $remember);
                 $this->mapper->insert($dbToken);
  
diff --git a/tests/lib/Authentication/Token/ManagerTest.php b/tests/lib/Authentication/Token/ManagerTest.php

index fb92b3e50186a322c14f436b454bc90e12180219..ee2b3cdc768099497934911c9d0685da2e9ba54e 100644 (file)
--- a/tests/lib/Authentication/Token/ManagerTest.php
+++ b/tests/lib/Authentication/Token/ManagerTest.php
@@ -127,6 +127,37 @@ class ManagerTest extends TestCase {
                 $this->assertSame($token, $actual);
         }
  
+       public function testGenerateTokenTooLongName() {
+               $token = $this->createMock(IToken::class);
+               $token->method('getName')
+                       ->willReturn(str_repeat('a', 120) . '…');
+
+
+               $this->publicKeyTokenProvider->expects($this->once())
+                       ->method('generateToken')
+                       ->with(
+                               'token',
+                               'uid',
+                               'loginName',
+                               'password',
+                               str_repeat('a', 120) . '…',
+                               IToken::TEMPORARY_TOKEN,
+                               IToken::REMEMBER
+                       )->willReturn($token);
+
+               $actual = $this->manager->generateToken(
+                       'token',
+                       'uid',
+                       'loginName',
+                       'password',
+                       str_repeat('a', 200),
+                       IToken::TEMPORARY_TOKEN,
+                       IToken::REMEMBER
+               );
+
+               $this->assertSame(121, mb_strlen($actual->getName()));
+       }
+
         public function tokenData(): array {
                 return [
                         [new DefaultToken()],
author	Joas Schilling <coding@schilljs.com>
	Tue, 22 Mar 2022 09:51:54 +0000 (10:51 +0100)
committer	John Molakvoæ (Rebase PR Action) <skjnldsv@users.noreply.github.com>
	Fri, 13 May 2022 18:34:18 +0000 (18:34 +0000)
apps/settings/lib/Controller/AuthSettingsController.php		patch \| blob \| history
lib/private/Authentication/Token/IProvider.php		patch \| blob \| history
lib/private/Authentication/Token/Manager.php		patch \| blob \| history
lib/private/Authentication/Token/PublicKeyTokenProvider.php		patch \| blob \| history
tests/lib/Authentication/Token/ManagerTest.php		patch \| blob \| history