|
|
@@ -27,6 +27,7 @@ use OC\Authentication\Exceptions\ExpiredTokenException; |
|
|
|
use OC\Authentication\Exceptions\InvalidTokenException; |
|
|
|
use OC\Authentication\Exceptions\PasswordlessTokenException; |
|
|
|
use OC\Authentication\Exceptions\WipeTokenException; |
|
|
|
use OC\Cache\CappedMemoryCache; |
|
|
|
use OCP\AppFramework\Db\DoesNotExistException; |
|
|
|
use OCP\AppFramework\Utility\ITimeFactory; |
|
|
|
use OCP\IConfig; |
|
|
@@ -49,6 +50,9 @@ class PublicKeyTokenProvider implements IProvider { |
|
|
|
/** @var ITimeFactory $time */ |
|
|
|
private $time; |
|
|
|
|
|
|
|
/** @var CappedMemoryCache */ |
|
|
|
private $cache; |
|
|
|
|
|
|
|
public function __construct(PublicKeyTokenMapper $mapper, |
|
|
|
ICrypto $crypto, |
|
|
|
IConfig $config, |
|
|
@@ -59,6 +63,8 @@ class PublicKeyTokenProvider implements IProvider { |
|
|
|
$this->config = $config; |
|
|
|
$this->logger = $logger; |
|
|
|
$this->time = $time; |
|
|
|
|
|
|
|
$this->cache = new CappedMemoryCache(); |
|
|
|
} |
|
|
|
|
|
|
|
/** |
|
|
@@ -72,17 +78,26 @@ class PublicKeyTokenProvider implements IProvider { |
|
|
|
int $type = IToken::TEMPORARY_TOKEN, |
|
|
|
int $remember = IToken::DO_NOT_REMEMBER): IToken { |
|
|
|
$dbToken = $this->newToken($token, $uid, $loginName, $password, $name, $type, $remember); |
|
|
|
|
|
|
|
$this->mapper->insert($dbToken); |
|
|
|
|
|
|
|
// Add the token to the cache |
|
|
|
$this->cache[$dbToken->getToken()] = $dbToken; |
|
|
|
|
|
|
|
return $dbToken; |
|
|
|
} |
|
|
|
|
|
|
|
public function getToken(string $tokenId): IToken { |
|
|
|
try { |
|
|
|
$token = $this->mapper->getToken($this->hashToken($tokenId)); |
|
|
|
} catch (DoesNotExistException $ex) { |
|
|
|
throw new InvalidTokenException(); |
|
|
|
$tokenHash = $this->hashToken($tokenId); |
|
|
|
|
|
|
|
if (isset($this->cache[$tokenHash])) { |
|
|
|
$token = $this->cache[$tokenHash]; |
|
|
|
} else { |
|
|
|
try { |
|
|
|
$token = $this->mapper->getToken($this->hashToken($tokenId)); |
|
|
|
$this->cache[$token->getToken()] = $token; |
|
|
|
} catch (DoesNotExistException $ex) { |
|
|
|
throw new InvalidTokenException(); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
if ((int)$token->getExpires() !== 0 && $token->getExpires() < $this->time->getTime()) { |
|
|
@@ -115,6 +130,8 @@ class PublicKeyTokenProvider implements IProvider { |
|
|
|
} |
|
|
|
|
|
|
|
public function renewSessionToken(string $oldSessionId, string $sessionId) { |
|
|
|
$this->cache->clear(); |
|
|
|
|
|
|
|
$token = $this->getToken($oldSessionId); |
|
|
|
|
|
|
|
if (!($token instanceof PublicKeyToken)) { |
|
|
@@ -141,14 +158,20 @@ class PublicKeyTokenProvider implements IProvider { |
|
|
|
} |
|
|
|
|
|
|
|
public function invalidateToken(string $token) { |
|
|
|
$this->cache->clear(); |
|
|
|
|
|
|
|
$this->mapper->invalidate($this->hashToken($token)); |
|
|
|
} |
|
|
|
|
|
|
|
public function invalidateTokenById(string $uid, int $id) { |
|
|
|
$this->cache->clear(); |
|
|
|
|
|
|
|
$this->mapper->deleteById($uid, $id); |
|
|
|
} |
|
|
|
|
|
|
|
public function invalidateOldTokens() { |
|
|
|
$this->cache->clear(); |
|
|
|
|
|
|
|
$olderThan = $this->time->getTime() - (int) $this->config->getSystemValue('session_lifetime', 60 * 60 * 24); |
|
|
|
$this->logger->debug('Invalidating session tokens older than ' . date('c', $olderThan), ['app' => 'cron']); |
|
|
|
$this->mapper->invalidateOld($olderThan, IToken::DO_NOT_REMEMBER); |
|
|
@@ -158,6 +181,8 @@ class PublicKeyTokenProvider implements IProvider { |
|
|
|
} |
|
|
|
|
|
|
|
public function updateToken(IToken $token) { |
|
|
|
$this->cache->clear(); |
|
|
|
|
|
|
|
if (!($token instanceof PublicKeyToken)) { |
|
|
|
throw new InvalidTokenException(); |
|
|
|
} |
|
|
@@ -165,6 +190,8 @@ class PublicKeyTokenProvider implements IProvider { |
|
|
|
} |
|
|
|
|
|
|
|
public function updateTokenActivity(IToken $token) { |
|
|
|
$this->cache->clear(); |
|
|
|
|
|
|
|
if (!($token instanceof PublicKeyToken)) { |
|
|
|
throw new InvalidTokenException(); |
|
|
|
} |
|
|
@@ -198,6 +225,8 @@ class PublicKeyTokenProvider implements IProvider { |
|
|
|
} |
|
|
|
|
|
|
|
public function setPassword(IToken $token, string $tokenId, string $password) { |
|
|
|
$this->cache->clear(); |
|
|
|
|
|
|
|
if (!($token instanceof PublicKeyToken)) { |
|
|
|
throw new InvalidTokenException(); |
|
|
|
} |
|
|
@@ -215,6 +244,8 @@ class PublicKeyTokenProvider implements IProvider { |
|
|
|
} |
|
|
|
|
|
|
|
public function rotate(IToken $token, string $oldTokenId, string $newTokenId): IToken { |
|
|
|
$this->cache->clear(); |
|
|
|
|
|
|
|
if (!($token instanceof PublicKeyToken)) { |
|
|
|
throw new InvalidTokenException(); |
|
|
|
} |
|
|
@@ -274,6 +305,8 @@ class PublicKeyTokenProvider implements IProvider { |
|
|
|
* @throws \RuntimeException when OpenSSL reports a problem |
|
|
|
*/ |
|
|
|
public function convertToken(DefaultToken $defaultToken, string $token, $password): PublicKeyToken { |
|
|
|
$this->cache->clear(); |
|
|
|
|
|
|
|
$pkToken = $this->newToken( |
|
|
|
$token, |
|
|
|
$defaultToken->getUID(), |
|
|
@@ -344,6 +377,8 @@ class PublicKeyTokenProvider implements IProvider { |
|
|
|
} |
|
|
|
|
|
|
|
public function markPasswordInvalid(IToken $token, string $tokenId) { |
|
|
|
$this->cache->clear(); |
|
|
|
|
|
|
|
if (!($token instanceof PublicKeyToken)) { |
|
|
|
throw new InvalidTokenException(); |
|
|
|
} |
|
|
@@ -353,6 +388,8 @@ class PublicKeyTokenProvider implements IProvider { |
|
|
|
} |
|
|
|
|
|
|
|
public function updatePasswords(string $uid, string $password) { |
|
|
|
$this->cache->clear(); |
|
|
|
|
|
|
|
if (!$this->mapper->hasExpiredTokens($uid)) { |
|
|
|
// Nothing to do here |
|
|
|
return; |