From 2dcb4cfbd644babf0ee202b4489689d882ae1dd3 Mon Sep 17 00:00:00 2001
From: Roeland Jago Douma <roeland@famdouma.nl>
Date: Fri, 17 May 2019 09:51:47 +0200
Subject: [PATCH] Allow clients to delete their own apptoken

Fixes #15480

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
---
 core/Controller/AppPasswordController.php     | 23 ++++++++
 core/routes.php                               |  1 +
 .../Controller/AppPasswordControllerTest.php  | 57 +++++++++++++++++++
 3 files changed, 81 insertions(+)

diff --git a/core/Controller/AppPasswordController.php b/core/Controller/AppPasswordController.php
index a858bb025d9..01ca1e2597b 100644
--- a/core/Controller/AppPasswordController.php
+++ b/core/Controller/AppPasswordController.php
@@ -24,6 +24,7 @@ declare(strict_types=1);
 
 namespace OC\Core\Controller;
 
+use OC\Authentication\Exceptions\InvalidTokenException;
 use OC\Authentication\Token\IProvider;
 use OC\Authentication\Token\IToken;
 use OCP\AppFramework\Http\DataResponse;
@@ -115,4 +116,26 @@ class AppPasswordController extends \OCP\AppFramework\OCSController {
 			'apppassword' => $token
 		]);
 	}
+
+	/**
+	 * @NoAdminRequired
+	 *
+	 * @return DataResponse
+	 */
+	public function deleteAppPassword() {
+		if (!$this->session->exists('app_password')) {
+			throw new OCSForbiddenException('no app password in use');
+		}
+
+		$appPassword = $this->session->get('app_password');
+
+		try {
+			$token = $this->tokenProvider->getToken($appPassword);
+		} catch (InvalidTokenException $e) {
+			throw new OCSForbiddenException('could not remove apptoken');
+		}
+
+		$this->tokenProvider->invalidateTokenById($token->getUID(), $token->getId());
+		return new DataResponse();
+	}
 }
diff --git a/core/routes.php b/core/routes.php
index 1544fd67e07..073352c4421 100644
--- a/core/routes.php
+++ b/core/routes.php
@@ -102,6 +102,7 @@ $application->registerRoutes($this, [
 		['root' => '/core', 'name' => 'WhatsNew#get', 'url' => '/whatsnew', 'verb' => 'GET'],
 		['root' => '/core', 'name' => 'WhatsNew#dismiss', 'url' => '/whatsnew', 'verb' => 'POST'],
 		['root' => '/core', 'name' => 'AppPassword#getAppPassword', 'url' => '/getapppassword', 'verb' => 'GET'],
+		['root' => '/core', 'name' => 'AppPassword#deleteAppPassword', 'url' => '/apppassword', 'verb' => 'DELETE'],
 
 		['root' => '/collaboration', 'name' => 'CollaborationResources#searchCollections', 'url' => '/resources/collections/search/{filter}', 'verb' => 'GET'],
 		['root' => '/collaboration', 'name' => 'CollaborationResources#listCollection', 'url' => '/resources/collections/{collectionId}', 'verb' => 'GET'],
diff --git a/tests/Core/Controller/AppPasswordControllerTest.php b/tests/Core/Controller/AppPasswordControllerTest.php
index a66bcb3fc26..a7be7a90b09 100644
--- a/tests/Core/Controller/AppPasswordControllerTest.php
+++ b/tests/Core/Controller/AppPasswordControllerTest.php
@@ -24,9 +24,11 @@ declare(strict_types=1);
 
 namespace Tests\Core\Controller;
 
+use OC\Authentication\Exceptions\InvalidTokenException;
 use OC\Authentication\Token\IProvider;
 use OC\Authentication\Token\IToken;
 use OC\Core\Controller\AppPasswordController;
+use OCP\AppFramework\Http\DataResponse;
 use OCP\AppFramework\OCS\OCSForbiddenException;
 use OCP\Authentication\Exceptions\CredentialsUnavailableException;
 use OCP\Authentication\Exceptions\PasswordUnavailableException;
@@ -187,5 +189,60 @@ class AppPasswordControllerTest extends TestCase {
 		$this->controller->getAppPassword();
 	}
 
+	public function testDeleteAppPasswordNoAppPassword() {
+		$this->session->method('exists')
+			->with('app_password')
+			->willReturn(false);
+
+		$this->expectException(OCSForbiddenException::class);
+
+		$this->controller->deleteAppPassword();
+	}
+
+	public function testDeleteAppPasswordFails() {
+		$this->session->method('exists')
+			->with('app_password')
+			->willReturn(true);
+		$this->session->method('get')
+			->with('app_password')
+			->willReturn('myAppPassword');
+
+		$this->tokenProvider->method('getToken')
+			->with('myAppPassword')
+			->willThrowException(new InvalidTokenException());
+
+		$this->expectException(OCSForbiddenException::class);
+
+		$this->controller->deleteAppPassword();
+	}
+
+	public function testDeleteAppPasswordSuccess() {
+		$this->session->method('exists')
+			->with('app_password')
+			->willReturn(true);
+		$this->session->method('get')
+			->with('app_password')
+			->willReturn('myAppPassword');
+
+		$token = $this->createMock(IToken::class);
+		$this->tokenProvider->method('getToken')
+			->with('myAppPassword')
+			->willReturn($token);
+
+		$token->method('getUID')
+			->willReturn('myUID');
+		$token->method('getId')
+			->willReturn(42);
+
+		$this->tokenProvider->expects($this->once())
+			->method('invalidateTokenById')
+			->with(
+				'myUID',
+				42
+			);
 
+		$result = $this->controller->deleteAppPassword();
+
+		$this->assertEquals(new DataResponse(), $result);
+	}
 }
-- 
2.39.5