$currentName = $token->getName();
if ($scope !== $token->getScopeAsArray()) {
- $token->setScope(['filesystem' => $scope['filesystem']]);
- $this->publishActivity($scope['filesystem'] ? Provider::APP_TOKEN_FILESYSTEM_GRANTED : Provider::APP_TOKEN_FILESYSTEM_REVOKED, $token->getId(), ['name' => $currentName]);
+ $token->setScope([IToken::SCOPE_FILESYSTEM => $scope[IToken::SCOPE_FILESYSTEM]]);
+ $this->publishActivity($scope[IToken::SCOPE_FILESYSTEM] ? Provider::APP_TOKEN_FILESYSTEM_GRANTED : Provider::APP_TOKEN_FILESYSTEM_REVOKED, $token->getId(), ['name' => $currentName]);
}
if (mb_strlen($name) > 128) {
$token->expects($this->once())
->method('getScopeAsArray')
- ->willReturn(['filesystem' => true]);
+ ->willReturn([IToken::SCOPE_FILESYSTEM => true]);
$token->expects($this->once())
->method('setName')
->method('updateToken')
->with($this->equalTo($token));
- $this->assertSame([], $this->controller->update($tokenId, ['filesystem' => true], $newName));
+ $this->assertSame([], $this->controller->update($tokenId, [IToken::SCOPE_FILESYSTEM => true], $newName));
}
public function dataUpdateFilesystemScope(): array {
$token->expects($this->once())
->method('getScopeAsArray')
- ->willReturn(['filesystem' => $filesystem]);
+ ->willReturn([IToken::SCOPE_FILESYSTEM => $filesystem]);
$token->expects($this->once())
->method('setScope')
- ->with($this->equalTo(['filesystem' => $newFilesystem]));
+ ->with($this->equalTo([IToken::SCOPE_FILESYSTEM => $newFilesystem]));
$this->tokenProvider->expects($this->once())
->method('updateToken')
->with($this->equalTo($token));
- $this->assertSame([], $this->controller->update($tokenId, ['filesystem' => $newFilesystem], 'App password'));
+ $this->assertSame([], $this->controller->update($tokenId, [IToken::SCOPE_FILESYSTEM => $newFilesystem], 'App password'));
}
public function testUpdateNoChange(): void {
$token->expects($this->once())
->method('getScopeAsArray')
- ->willReturn(['filesystem' => true]);
+ ->willReturn([IToken::SCOPE_FILESYSTEM => true]);
$token->expects($this->never())
->method('setName');
->method('updateToken')
->with($this->equalTo($token));
- $this->assertSame([], $this->controller->update($tokenId, ['filesystem' => true], 'App password'));
+ $this->assertSame([], $this->controller->update($tokenId, [IToken::SCOPE_FILESYSTEM => true], 'App password'));
}
public function testUpdateExpired() {
->method('updateToken')
->with($this->equalTo($token));
- $this->assertSame([], $this->controller->update($tokenId, ['filesystem' => true], 'App password'));
+ $this->assertSame([], $this->controller->update($tokenId, [IToken::SCOPE_FILESYSTEM => true], 'App password'));
}
public function testUpdateTokenWrongUser() {
$this->tokenProvider->expects($this->never())
->method('updateToken');
- $response = $this->controller->update($tokenId, ['filesystem' => true], 'App password');
+ $response = $this->controller->update($tokenId, [IToken::SCOPE_FILESYSTEM => true], 'App password');
$this->assertSame([], $response->getData());
$this->assertSame(\OCP\AppFramework\Http::STATUS_NOT_FOUND, $response->getStatus());
}
$this->tokenProvider->expects($this->never())
->method('updateToken');
- $response = $this->controller->update(42, ['filesystem' => true], 'App password');
+ $response = $this->controller->update(42, [IToken::SCOPE_FILESYSTEM => true], 'App password');
$this->assertSame([], $response->getData());
$this->assertSame(\OCP\AppFramework\Http::STATUS_NOT_FOUND, $response->getStatus());
}
use OCA\Settings\Settings\Personal\Security\Authtokens;
use OCP\AppFramework\Http\TemplateResponse;
use OCP\AppFramework\Services\IInitialState;
+use OCP\Authentication\Token\IToken;
use OCP\ISession;
use OCP\IUserSession;
use PHPUnit\Framework\MockObject\MockObject;
'type' => 0,
'canDelete' => false,
'current' => true,
- 'scope' => ['filesystem' => true],
+ 'scope' => [IToken::SCOPE_FILESYSTEM => true],
'canRename' => false,
],
[
'lastActivity' => 0,
'type' => 0,
'canDelete' => true,
- 'scope' => ['filesystem' => true],
+ 'scope' => [IToken::SCOPE_FILESYSTEM => true],
'canRename' => true,
],
]
use OCP\Authentication\Exceptions\ExpiredTokenException;
use OCP\Authentication\Exceptions\InvalidTokenException;
use OCP\Authentication\Exceptions\WipeTokenException;
+use OCP\Authentication\Token\IToken;
use OCP\ISession;
use OCP\IUserSession;
use OCP\Session\Exceptions\SessionNotAvailableException;
return;
}
$scope = $token->getScopeAsArray();
- if (isset($scope['sso-based-login']) && $scope['sso-based-login'] === true) {
+ if (isset($scope[IToken::SCOPE_SKIP_PASSWORD_VALIDATION]) && $scope[IToken::SCOPE_SKIP_PASSWORD_VALIDATION] === true) {
// Users logging in from SSO backends cannot confirm their password by design
return;
}
namespace OC\Authentication\Token;
use OCP\AppFramework\Db\Entity;
+use OCP\Authentication\Token\IToken;
/**
* @method void setId(int $id)
$scope = json_decode($this->getScope(), true);
if (!$scope) {
return [
- 'filesystem' => true
+ IToken::SCOPE_FILESYSTEM => true
];
}
return $scope;
*/
namespace OC\Lockdown;
-use OC\Authentication\Token\IToken;
+use OCP\Authentication\Token\IToken;
use OCP\ISession;
use OCP\Lockdown\ILockdownManager;
public function canAccessFilesystem() {
$scope = $this->getScopeAsArray();
- return !$scope || $scope['filesystem'];
+ return !$scope || $scope[IToken::SCOPE_FILESYSTEM];
}
}
use OCP\Authentication\Exceptions\ExpiredTokenException;
use OCP\Authentication\Exceptions\InvalidTokenException;
use OCP\Authentication\Exceptions\WipeTokenException;
+use OCP\Authentication\Token\IToken;
use OCP\Constants;
use OCP\Defaults;
use OCP\Files\FileInfo;
return true;
}
$scope = $token->getScopeAsArray();
- return !isset($scope['sso-based-login']) || $scope['sso-based-login'] === false;
+ return !isset($scope[IToken::SCOPE_SKIP_PASSWORD_VALIDATION]) || $scope[IToken::SCOPE_SKIP_PASSWORD_VALIDATION] === false;
}
}
*/
use OC\Authentication\Token\IProvider;
use OC\User\LoginException;
+use OCP\Authentication\Token\IToken;
use OCP\EventDispatcher\IEventDispatcher;
use OCP\IGroupManager;
use OCP\ISession;
if (empty($password)) {
$tokenProvider = \OC::$server->get(IProvider::class);
$token = $tokenProvider->getToken($userSession->getSession()->getId());
- $token->setScope(['sso-based-login' => true]);
+ $token->setScope([IToken::SCOPE_SKIP_PASSWORD_VALIDATION => true]);
$tokenProvider->updateToken($token);
}
*/
public const REMEMBER = 1;
+ /**
+ * @since 30.0.0
+ */
+ public const SCOPE_FILESYSTEM = 'filesystem';
+ /**
+ * @since 30.0.0
+ */
+ public const SCOPE_SKIP_PASSWORD_VALIDATION = 'password-unconfirmable';
+
/**
* Get the token ID
* @since 28.0.0
$token = $this->createMock(IToken::class);
$token->method('getScopeAsArray')
- ->willReturn(['sso-based-login' => true]);
+ ->willReturn([IToken::SCOPE_SKIP_PASSWORD_VALIDATION => true]);
$this->tokenProvider->expects($this->once())
->method('getToken')
->with($sessionId)
namespace Test\Authentication\Token;
use OC\Authentication\Token\PublicKeyToken;
+use OCP\Authentication\Token\IToken;
use Test\TestCase;
class PublicKeyTokenTest extends TestCase {
public function testSetScopeAsArray() {
- $scope = ['filesystem' => false];
+ $scope = [IToken::SCOPE_FILESYSTEM => false];
$token = new PublicKeyToken();
$token->setScope($scope);
$this->assertEquals(json_encode($scope), $token->getScope());
}
public function testDefaultScope() {
- $scope = ['filesystem' => true];
+ $scope = [IToken::SCOPE_FILESYSTEM => true];
$token = new PublicKeyToken();
$this->assertEquals($scope, $token->getScopeAsArray());
}
use OC\Authentication\Token\PublicKeyToken;
use OC\Files\Filesystem;
use OC\Lockdown\Filesystem\NullStorage;
+use OCP\Authentication\Token\IToken;
use Test\Traits\UserTrait;
/**
protected function tearDown(): void {
$token = new PublicKeyToken();
$token->setScope([
- 'filesystem' => true
+ IToken::SCOPE_FILESYSTEM => true
]);
\OC::$server->get('LockdownManager')->setToken($token);
parent::tearDown();
parent::setUp();
$token = new PublicKeyToken();
$token->setScope([
- 'filesystem' => false
+ IToken::SCOPE_FILESYSTEM => false
]);
\OC::$server->get('LockdownManager')->setToken($token);
use OC\Authentication\Token\PublicKeyToken;
use OC\Lockdown\LockdownManager;
+use OCP\Authentication\Token\IToken;
use OCP\ISession;
use Test\TestCase;
public function testCanAccessFilesystemAllowed() {
$token = new PublicKeyToken();
- $token->setScope(['filesystem' => true]);
+ $token->setScope([IToken::SCOPE_FILESYSTEM => true]);
$manager = new LockdownManager($this->sessionCallback);
$manager->setToken($token);
$this->assertTrue($manager->canAccessFilesystem());
public function testCanAccessFilesystemNotAllowed() {
$token = new PublicKeyToken();
- $token->setScope(['filesystem' => false]);
+ $token->setScope([IToken::SCOPE_FILESYSTEM => false]);
$manager = new LockdownManager($this->sessionCallback);
$manager->setToken($token);
$this->assertFalse($manager->canAccessFilesystem());
projects / nextcloud-server.git / commitdiff