From 19bb66a88965aeab3b2f048a20132e528e06baa2 Mon Sep 17 00:00:00 2001 From: Artur Neumann Date: Mon, 21 Nov 2022 17:28:21 +0545 Subject: [PATCH] public interface to invalidate tokens of user Signed-off-by: Artur Neumann --- .../lib/Controller/SettingsController.php | 11 +----- lib/private/Authentication/Token/Manager.php | 12 +++++- lib/private/Server.php | 2 + lib/public/Authentication/Token/IProvider.php | 37 +++++++++++++++++++ 4 files changed, 52 insertions(+), 10 deletions(-) create mode 100644 lib/public/Authentication/Token/IProvider.php diff --git a/apps/oauth2/lib/Controller/SettingsController.php b/apps/oauth2/lib/Controller/SettingsController.php index 872288064dd..c24308140ec 100644 --- a/apps/oauth2/lib/Controller/SettingsController.php +++ b/apps/oauth2/lib/Controller/SettingsController.php @@ -30,7 +30,7 @@ declare(strict_types=1); */ namespace OCA\OAuth2\Controller; -use OC\Authentication\Token\IProvider as IAuthTokenProvider; +use OCP\Authentication\Token\IProvider as IAuthTokenProvider; use OCA\OAuth2\Db\AccessTokenMapper; use OCA\OAuth2\Db\Client; use OCA\OAuth2\Db\ClientMapper; @@ -106,14 +106,7 @@ class SettingsController extends Controller { $client = $this->clientMapper->getByUid($id); $this->userManager->callForAllUsers(function (IUser $user) use ($client) { - $tokens = $this->tokenProvider->getTokenByUser($user->getUID()); - foreach ($tokens as $token) { - if ($token->getName() === $client->getName()) { - $this->tokenProvider->invalidateTokenById( - $user->getUID(), $token->getId() - ); - } - } + $this->tokenProvider->invalidateTokensOfUser($user->getUID(), $client->getName()); }); $this->accessTokenMapper->deleteByClientId($id); diff --git a/lib/private/Authentication/Token/Manager.php b/lib/private/Authentication/Token/Manager.php index 59c7ca714c6..761e799d298 100644 --- a/lib/private/Authentication/Token/Manager.php +++ b/lib/private/Authentication/Token/Manager.php @@ -32,8 +32,9 @@ use OC\Authentication\Exceptions\ExpiredTokenException; use OC\Authentication\Exceptions\InvalidTokenException; use OC\Authentication\Exceptions\PasswordlessTokenException; use OC\Authentication\Exceptions\WipeTokenException; +use OCP\Authentication\Token\IProvider as OCPIProvider; -class Manager implements IProvider { +class Manager implements IProvider, OCPIProvider { /** @var PublicKeyTokenProvider */ private $publicKeyTokenProvider; @@ -239,4 +240,13 @@ class Manager implements IProvider { public function updatePasswords(string $uid, string $password) { $this->publicKeyTokenProvider->updatePasswords($uid, $password); } + + public function invalidateTokensOfUser(string $uid, ?string $clientName) { + $tokens = $this->getTokenByUser($uid); + foreach ($tokens as $token) { + if ($clientName === null || ($token->getName() === $clientName)) { + $this->invalidateTokenById($uid, $token->getId()); + } + } + } } diff --git a/lib/private/Server.php b/lib/private/Server.php index 24c752946af..ea30f456e29 100644 --- a/lib/private/Server.php +++ b/lib/private/Server.php @@ -163,6 +163,7 @@ use OCA\Theming\Util; use OCP\Accounts\IAccountManager; use OCP\App\IAppManager; use OCP\Authentication\LoginCredentials\IStore; +use OCP\Authentication\Token\IProvider as OCPIProvider; use OCP\BackgroundJob\IJobList; use OCP\Collaboration\AutoComplete\IManager; use OCP\Collaboration\Reference\IReferenceManager; @@ -550,6 +551,7 @@ class Server extends ServerContainer implements IServerContainer { }); $this->registerAlias(IStore::class, Store::class); $this->registerAlias(IProvider::class, Authentication\Token\Manager::class); + $this->registerAlias(OCPIProvider::class, Authentication\Token\Manager::class); $this->registerService(\OC\User\Session::class, function (Server $c) { $manager = $c->get(IUserManager::class); diff --git a/lib/public/Authentication/Token/IProvider.php b/lib/public/Authentication/Token/IProvider.php new file mode 100644 index 00000000000..9000868907e --- /dev/null +++ b/lib/public/Authentication/Token/IProvider.php @@ -0,0 +1,37 @@ + + * + * @author Artur Neumann + * + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see + * + */ +namespace OCP\Authentication\Token; + +interface IProvider { + /** + * invalidates all tokens of a specific user + * if a client name is given only tokens of that client will be invalidated + * + * @param string $uid + * @param string|null $clientName + * @return void + */ + public function invalidateTokensOfUser(string $uid, ?string $clientName); +} -- 2.39.5