Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>tags/v29.0.0beta1
@@ -33,7 +33,7 @@ use OC\Authentication\Exceptions\PasswordlessTokenException; | |||
use OCP\Authentication\Exceptions\ExpiredTokenException; | |||
use OCP\Authentication\Exceptions\InvalidTokenException; | |||
use OCP\Authentication\Exceptions\WipeTokenException; | |||
use OCP\Authentication\Token\IToken; | |||
use OCP\Authentication\Token\IToken as OCPIToken; | |||
interface IProvider { | |||
/** | |||
@@ -46,7 +46,7 @@ interface IProvider { | |||
* @param string $name Name will be trimmed to 120 chars when longer | |||
* @param int $type token type | |||
* @param int $remember whether the session token should be used for remember-me | |||
* @return IToken | |||
* @return OCPIToken | |||
* @throws \RuntimeException when OpenSSL reports a problem | |||
*/ | |||
public function generateToken(string $token, | |||
@@ -54,8 +54,8 @@ interface IProvider { | |||
string $loginName, | |||
?string $password, | |||
string $name, | |||
int $type = IToken::TEMPORARY_TOKEN, | |||
int $remember = IToken::DO_NOT_REMEMBER): IToken; | |||
int $type = OCPIToken::TEMPORARY_TOKEN, | |||
int $remember = OCPIToken::DO_NOT_REMEMBER): OCPIToken; | |||
/** | |||
* Get a token by token id | |||
@@ -64,9 +64,9 @@ interface IProvider { | |||
* @throws InvalidTokenException | |||
* @throws ExpiredTokenException | |||
* @throws WipeTokenException | |||
* @return IToken | |||
* @return OCPIToken | |||
*/ | |||
public function getToken(string $tokenId): IToken; | |||
public function getToken(string $tokenId): OCPIToken; | |||
/** | |||
* Get a token by token id | |||
@@ -75,9 +75,9 @@ interface IProvider { | |||
* @throws InvalidTokenException | |||
* @throws ExpiredTokenException | |||
* @throws WipeTokenException | |||
* @return IToken | |||
* @return OCPIToken | |||
*/ | |||
public function getTokenById(int $tokenId): IToken; | |||
public function getTokenById(int $tokenId): OCPIToken; | |||
/** | |||
* Duplicate an existing session token | |||
@@ -86,9 +86,9 @@ interface IProvider { | |||
* @param string $sessionId | |||
* @throws InvalidTokenException | |||
* @throws \RuntimeException when OpenSSL reports a problem | |||
* @return IToken The new token | |||
* @return OCPIToken The new token | |||
*/ | |||
public function renewSessionToken(string $oldSessionId, string $sessionId): IToken; | |||
public function renewSessionToken(string $oldSessionId, string $sessionId): OCPIToken; | |||
/** | |||
* Invalidate (delete) the given session token | |||
@@ -118,16 +118,16 @@ interface IProvider { | |||
/** | |||
* Save the updated token | |||
* | |||
* @param IToken $token | |||
* @param OCPIToken $token | |||
*/ | |||
public function updateToken(IToken $token); | |||
public function updateToken(OCPIToken $token); | |||
/** | |||
* Update token activity timestamp | |||
* | |||
* @param IToken $token | |||
* @param OCPIToken $token | |||
*/ | |||
public function updateTokenActivity(IToken $token); | |||
public function updateTokenActivity(OCPIToken $token); | |||
/** | |||
* Get all tokens of a user | |||
@@ -136,49 +136,49 @@ interface IProvider { | |||
* where a high number of (session) tokens is generated | |||
* | |||
* @param string $uid | |||
* @return IToken[] | |||
* @return OCPIToken[] | |||
*/ | |||
public function getTokenByUser(string $uid): array; | |||
/** | |||
* Get the (unencrypted) password of the given token | |||
* | |||
* @param IToken $savedToken | |||
* @param OCPIToken $savedToken | |||
* @param string $tokenId | |||
* @throws InvalidTokenException | |||
* @throws PasswordlessTokenException | |||
* @return string | |||
*/ | |||
public function getPassword(IToken $savedToken, string $tokenId): string; | |||
public function getPassword(OCPIToken $savedToken, string $tokenId): string; | |||
/** | |||
* Encrypt and set the password of the given token | |||
* | |||
* @param IToken $token | |||
* @param OCPIToken $token | |||
* @param string $tokenId | |||
* @param string $password | |||
* @throws InvalidTokenException | |||
*/ | |||
public function setPassword(IToken $token, string $tokenId, string $password); | |||
public function setPassword(OCPIToken $token, string $tokenId, string $password); | |||
/** | |||
* Rotate the token. Useful for for example oauth tokens | |||
* | |||
* @param IToken $token | |||
* @param OCPIToken $token | |||
* @param string $oldTokenId | |||
* @param string $newTokenId | |||
* @return IToken | |||
* @return OCPIToken | |||
* @throws \RuntimeException when OpenSSL reports a problem | |||
*/ | |||
public function rotate(IToken $token, string $oldTokenId, string $newTokenId): IToken; | |||
public function rotate(OCPIToken $token, string $oldTokenId, string $newTokenId): OCPIToken; | |||
/** | |||
* Marks a token as having an invalid password. | |||
* | |||
* @param IToken $token | |||
* @param OCPIToken $token | |||
* @param string $tokenId | |||
*/ | |||
public function markPasswordInvalid(IToken $token, string $tokenId); | |||
public function markPasswordInvalid(OCPIToken $token, string $tokenId); | |||
/** | |||
* Update all the passwords of $uid if required |
@@ -34,7 +34,7 @@ use OCP\Authentication\Exceptions\ExpiredTokenException; | |||
use OCP\Authentication\Exceptions\InvalidTokenException; | |||
use OCP\Authentication\Exceptions\WipeTokenException; | |||
use OCP\Authentication\Token\IProvider as OCPIProvider; | |||
use OCP\Authentication\Token\IToken; | |||
use OCP\Authentication\Token\IToken as OCPIToken; | |||
class Manager implements IProvider, OCPIProvider { | |||
/** @var PublicKeyTokenProvider */ | |||
@@ -54,15 +54,15 @@ class Manager implements IProvider, OCPIProvider { | |||
* @param string $name Name will be trimmed to 120 chars when longer | |||
* @param int $type token type | |||
* @param int $remember whether the session token should be used for remember-me | |||
* @return IToken | |||
* @return OCPIToken | |||
*/ | |||
public function generateToken(string $token, | |||
string $uid, | |||
string $loginName, | |||
$password, | |||
string $name, | |||
int $type = IToken::TEMPORARY_TOKEN, | |||
int $remember = IToken::DO_NOT_REMEMBER): IToken { | |||
int $type = OCPIToken::TEMPORARY_TOKEN, | |||
int $remember = OCPIToken::DO_NOT_REMEMBER): OCPIToken { | |||
if (mb_strlen($name) > 128) { | |||
$name = mb_substr($name, 0, 120) . '…'; | |||
} | |||
@@ -95,10 +95,10 @@ class Manager implements IProvider, OCPIProvider { | |||
/** | |||
* Save the updated token | |||
* | |||
* @param IToken $token | |||
* @param OCPIToken $token | |||
* @throws InvalidTokenException | |||
*/ | |||
public function updateToken(IToken $token) { | |||
public function updateToken(OCPIToken $token) { | |||
$provider = $this->getProvider($token); | |||
$provider->updateToken($token); | |||
} | |||
@@ -107,16 +107,16 @@ class Manager implements IProvider, OCPIProvider { | |||
* Update token activity timestamp | |||
* | |||
* @throws InvalidTokenException | |||
* @param IToken $token | |||
* @param OCPIToken $token | |||
*/ | |||
public function updateTokenActivity(IToken $token) { | |||
public function updateTokenActivity(OCPIToken $token) { | |||
$provider = $this->getProvider($token); | |||
$provider->updateTokenActivity($token); | |||
} | |||
/** | |||
* @param string $uid | |||
* @return IToken[] | |||
* @return OCPIToken[] | |||
*/ | |||
public function getTokenByUser(string $uid): array { | |||
return $this->publicKeyTokenProvider->getTokenByUser($uid); | |||
@@ -128,9 +128,9 @@ class Manager implements IProvider, OCPIProvider { | |||
* @param string $tokenId | |||
* @throws InvalidTokenException | |||
* @throws \RuntimeException when OpenSSL reports a problem | |||
* @return IToken | |||
* @return OCPIToken | |||
*/ | |||
public function getToken(string $tokenId): IToken { | |||
public function getToken(string $tokenId): OCPIToken { | |||
try { | |||
return $this->publicKeyTokenProvider->getToken($tokenId); | |||
} catch (WipeTokenException $e) { | |||
@@ -147,9 +147,9 @@ class Manager implements IProvider, OCPIProvider { | |||
* | |||
* @param int $tokenId | |||
* @throws InvalidTokenException | |||
* @return IToken | |||
* @return OCPIToken | |||
*/ | |||
public function getTokenById(int $tokenId): IToken { | |||
public function getTokenById(int $tokenId): OCPIToken { | |||
try { | |||
return $this->publicKeyTokenProvider->getTokenById($tokenId); | |||
} catch (ExpiredTokenException $e) { | |||
@@ -165,9 +165,9 @@ class Manager implements IProvider, OCPIProvider { | |||
* @param string $oldSessionId | |||
* @param string $sessionId | |||
* @throws InvalidTokenException | |||
* @return IToken | |||
* @return OCPIToken | |||
*/ | |||
public function renewSessionToken(string $oldSessionId, string $sessionId): IToken { | |||
public function renewSessionToken(string $oldSessionId, string $sessionId): OCPIToken { | |||
try { | |||
return $this->publicKeyTokenProvider->renewSessionToken($oldSessionId, $sessionId); | |||
} catch (ExpiredTokenException $e) { | |||
@@ -178,18 +178,18 @@ class Manager implements IProvider, OCPIProvider { | |||
} | |||
/** | |||
* @param IToken $savedToken | |||
* @param OCPIToken $savedToken | |||
* @param string $tokenId session token | |||
* @throws InvalidTokenException | |||
* @throws PasswordlessTokenException | |||
* @return string | |||
*/ | |||
public function getPassword(IToken $savedToken, string $tokenId): string { | |||
public function getPassword(OCPIToken $savedToken, string $tokenId): string { | |||
$provider = $this->getProvider($savedToken); | |||
return $provider->getPassword($savedToken, $tokenId); | |||
} | |||
public function setPassword(IToken $token, string $tokenId, string $password) { | |||
public function setPassword(OCPIToken $token, string $tokenId, string $password) { | |||
$provider = $this->getProvider($token); | |||
$provider->setPassword($token, $tokenId, $password); | |||
} | |||
@@ -211,14 +211,14 @@ class Manager implements IProvider, OCPIProvider { | |||
} | |||
/** | |||
* @param IToken $token | |||
* @param OCPIToken $token | |||
* @param string $oldTokenId | |||
* @param string $newTokenId | |||
* @return IToken | |||
* @return OCPIToken | |||
* @throws InvalidTokenException | |||
* @throws \RuntimeException when OpenSSL reports a problem | |||
*/ | |||
public function rotate(IToken $token, string $oldTokenId, string $newTokenId): IToken { | |||
public function rotate(OCPIToken $token, string $oldTokenId, string $newTokenId): OCPIToken { | |||
if ($token instanceof PublicKeyToken) { | |||
return $this->publicKeyTokenProvider->rotate($token, $oldTokenId, $newTokenId); | |||
} | |||
@@ -228,11 +228,11 @@ class Manager implements IProvider, OCPIProvider { | |||
} | |||
/** | |||
* @param IToken $token | |||
* @param OCPIToken $token | |||
* @return IProvider | |||
* @throws InvalidTokenException | |||
*/ | |||
private function getProvider(IToken $token): IProvider { | |||
private function getProvider(OCPIToken $token): IProvider { | |||
if ($token instanceof PublicKeyToken) { | |||
return $this->publicKeyTokenProvider; | |||
} | |||
@@ -241,7 +241,7 @@ class Manager implements IProvider, OCPIProvider { | |||
} | |||
public function markPasswordInvalid(IToken $token, string $tokenId) { | |||
public function markPasswordInvalid(OCPIToken $token, string $tokenId) { | |||
$this->getProvider($token)->markPasswordInvalid($token, $tokenId); | |||
} | |||
@@ -37,7 +37,7 @@ use OC\Authentication\Exceptions\WipeTokenException; | |||
use OCP\AppFramework\Db\DoesNotExistException; | |||
use OCP\AppFramework\Db\TTransactional; | |||
use OCP\AppFramework\Utility\ITimeFactory; | |||
use OCP\Authentication\Token\IToken; | |||
use OCP\Authentication\Token\IToken as OCPIToken; | |||
use OCP\Cache\CappedMemoryCache; | |||
use OCP\IConfig; | |||
use OCP\IDBConnection; | |||
@@ -99,8 +99,8 @@ class PublicKeyTokenProvider implements IProvider { | |||
string $loginName, | |||
?string $password, | |||
string $name, | |||
int $type = IToken::TEMPORARY_TOKEN, | |||
int $remember = IToken::DO_NOT_REMEMBER): IToken { | |||
int $type = OCPIToken::TEMPORARY_TOKEN, | |||
int $remember = OCPIToken::DO_NOT_REMEMBER): OCPIToken { | |||
if (strlen($token) < self::TOKEN_MIN_LENGTH) { | |||
$exception = new InvalidTokenException('Token is too short, minimum of ' . self::TOKEN_MIN_LENGTH . ' characters is required, ' . strlen($token) . ' characters given'); | |||
$this->logger->error('Invalid token provided when generating new token', ['exception' => $exception]); | |||
@@ -134,7 +134,7 @@ class PublicKeyTokenProvider implements IProvider { | |||
return $dbToken; | |||
} | |||
public function getToken(string $tokenId): IToken { | |||
public function getToken(string $tokenId): OCPIToken { | |||
/** | |||
* Token length: 72 | |||
* @see \OC\Core\Controller\ClientFlowLoginController::generateAppPassword | |||
@@ -184,7 +184,7 @@ class PublicKeyTokenProvider implements IProvider { | |||
throw new ExpiredTokenException($token); | |||
} | |||
if ($token->getType() === IToken::WIPE_TOKEN) { | |||
if ($token->getType() === OCPIToken::WIPE_TOKEN) { | |||
throw new WipeTokenException($token); | |||
} | |||
@@ -196,7 +196,7 @@ class PublicKeyTokenProvider implements IProvider { | |||
return $token; | |||
} | |||
public function getTokenById(int $tokenId): IToken { | |||
public function getTokenById(int $tokenId): OCPIToken { | |||
try { | |||
$token = $this->mapper->getTokenById($tokenId); | |||
} catch (DoesNotExistException $ex) { | |||
@@ -207,7 +207,7 @@ class PublicKeyTokenProvider implements IProvider { | |||
throw new ExpiredTokenException($token); | |||
} | |||
if ($token->getType() === IToken::WIPE_TOKEN) { | |||
if ($token->getType() === OCPIToken::WIPE_TOKEN) { | |||
throw new WipeTokenException($token); | |||
} | |||
@@ -219,7 +219,7 @@ class PublicKeyTokenProvider implements IProvider { | |||
return $token; | |||
} | |||
public function renewSessionToken(string $oldSessionId, string $sessionId): IToken { | |||
public function renewSessionToken(string $oldSessionId, string $sessionId): OCPIToken { | |||
$this->cache->clear(); | |||
return $this->atomic(function () use ($oldSessionId, $sessionId) { | |||
@@ -240,7 +240,7 @@ class PublicKeyTokenProvider implements IProvider { | |||
$token->getLoginName(), | |||
$password, | |||
$token->getName(), | |||
IToken::TEMPORARY_TOKEN, | |||
OCPIToken::TEMPORARY_TOKEN, | |||
$token->getRemember() | |||
); | |||
@@ -268,10 +268,10 @@ class PublicKeyTokenProvider implements IProvider { | |||
$olderThan = $this->time->getTime() - $this->config->getSystemValueInt('session_lifetime', 60 * 60 * 24); | |||
$this->logger->debug('Invalidating session tokens older than ' . date('c', $olderThan), ['app' => 'cron']); | |||
$this->mapper->invalidateOld($olderThan, IToken::DO_NOT_REMEMBER); | |||
$this->mapper->invalidateOld($olderThan, OCPIToken::DO_NOT_REMEMBER); | |||
$rememberThreshold = $this->time->getTime() - $this->config->getSystemValueInt('remember_login_cookie_lifetime', 60 * 60 * 24 * 15); | |||
$this->logger->debug('Invalidating remembered session tokens older than ' . date('c', $rememberThreshold), ['app' => 'cron']); | |||
$this->mapper->invalidateOld($rememberThreshold, IToken::REMEMBER); | |||
$this->mapper->invalidateOld($rememberThreshold, OCPIToken::REMEMBER); | |||
} | |||
public function invalidateLastUsedBefore(string $uid, int $before): void { | |||
@@ -280,7 +280,7 @@ class PublicKeyTokenProvider implements IProvider { | |||
$this->mapper->invalidateLastUsedBefore($uid, $before); | |||
} | |||
public function updateToken(IToken $token) { | |||
public function updateToken(OCPIToken $token) { | |||
$this->cache->clear(); | |||
if (!($token instanceof PublicKeyToken)) { | |||
@@ -289,7 +289,7 @@ class PublicKeyTokenProvider implements IProvider { | |||
$this->mapper->update($token); | |||
} | |||
public function updateTokenActivity(IToken $token) { | |||
public function updateTokenActivity(OCPIToken $token) { | |||
$this->cache->clear(); | |||
if (!($token instanceof PublicKeyToken)) { | |||
@@ -311,7 +311,7 @@ class PublicKeyTokenProvider implements IProvider { | |||
return $this->mapper->getTokenByUser($uid); | |||
} | |||
public function getPassword(IToken $savedToken, string $tokenId): string { | |||
public function getPassword(OCPIToken $savedToken, string $tokenId): string { | |||
if (!($savedToken instanceof PublicKeyToken)) { | |||
throw new InvalidTokenException("Invalid token type"); | |||
} | |||
@@ -327,7 +327,7 @@ class PublicKeyTokenProvider implements IProvider { | |||
return $this->decryptPassword($savedToken->getPassword(), $privateKey); | |||
} | |||
public function setPassword(IToken $token, string $tokenId, string $password) { | |||
public function setPassword(OCPIToken $token, string $tokenId, string $password) { | |||
$this->cache->clear(); | |||
if (!($token instanceof PublicKeyToken)) { | |||
@@ -354,7 +354,7 @@ class PublicKeyTokenProvider implements IProvider { | |||
return $this->hasher->hash(sha1($password) . $password); | |||
} | |||
public function rotate(IToken $token, string $oldTokenId, string $newTokenId): IToken { | |||
public function rotate(OCPIToken $token, string $oldTokenId, string $newTokenId): OCPIToken { | |||
$this->cache->clear(); | |||
if (!($token instanceof PublicKeyToken)) { | |||
@@ -479,7 +479,7 @@ class PublicKeyTokenProvider implements IProvider { | |||
return $dbToken; | |||
} | |||
public function markPasswordInvalid(IToken $token, string $tokenId) { | |||
public function markPasswordInvalid(OCPIToken $token, string $tokenId) { | |||
$this->cache->clear(); | |||
if (!($token instanceof PublicKeyToken)) { |