* On weblogin check if we have invalid public key tokens * If so update them all with the new token This ensures that your marked as invalid tokens work again if you once login on the web. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>tags/v15.0.0beta1
@@ -320,6 +320,7 @@ class LoginController extends Controller { | |||
// requires https://github.com/owncloud/core/pull/24616 | |||
$this->userSession->completeLogin($loginResult, ['loginName' => $user, 'password' => $password]); | |||
$this->userSession->createSessionToken($this->request, $loginResult->getUID(), $user, $password, IToken::REMEMBER); | |||
$this->userSession->updateTokens($loginResult->getUID(), $password); | |||
// User has successfully logged in, now remove the password reset link, when it is available | |||
$this->config->deleteUserValue($loginResult->getUID(), 'core', 'lostpassword'); |
@@ -347,5 +347,7 @@ class DefaultTokenProvider implements IProvider { | |||
$this->invalidateToken($tokenId); | |||
} | |||
public function updatePasswords(string $uid, string $password) { | |||
// Nothing to do here | |||
} | |||
} |
@@ -164,4 +164,12 @@ interface IProvider { | |||
* @param string $tokenId | |||
*/ | |||
public function markPasswordInvalid(IToken $token, string $tokenId); | |||
/** | |||
* Update all the passwords of $uid if required | |||
* | |||
* @param string $uid | |||
* @param string $password | |||
*/ | |||
public function updatePasswords(string $uid, string $password); | |||
} |
@@ -232,4 +232,11 @@ class Manager implements IProvider { | |||
public function markPasswordInvalid(IToken $token, string $tokenId) { | |||
$this->getProvider($token)->markPasswordInvalid($token, $tokenId); | |||
} | |||
public function updatePasswords(string $uid, string $password) { | |||
$this->defaultTokenProvider->updatePasswords($uid, $password); | |||
$this->publicKeyTokenProvider->updatePasswords($uid, $password); | |||
} | |||
} |
@@ -169,4 +169,19 @@ class PublicKeyTokenMapper extends QBMapper { | |||
$qb->execute(); | |||
} | |||
public function hasExpiredTokens(string $uid): bool { | |||
$qb = $this->db->getQueryBuilder(); | |||
$qb->select('*') | |||
->from('authtoken') | |||
->where($qb->expr()->eq('uid', $qb->createNamedParameter($uid))) | |||
->andWhere($qb->expr()->eq('password_invalid', $qb->createNamedParameter(true), IQueryBuilder::PARAM_BOOL)) | |||
->setMaxResults(1); | |||
$cursor = $qb->execute(); | |||
$data = $cursor->fetchAll(); | |||
$cursor->closeCursor(); | |||
return count($data) === 1; | |||
} | |||
} |
@@ -327,5 +327,20 @@ class PublicKeyTokenProvider implements IProvider { | |||
$this->mapper->update($token); | |||
} | |||
public function updatePasswords(string $uid, string $password) { | |||
if (!$this->mapper->hasExpiredTokens($uid)) { | |||
// Nothing to do here | |||
return; | |||
} | |||
// Update the password for all tokens | |||
$tokens = $this->mapper->getTokenByUser($uid); | |||
foreach ($tokens as $t) { | |||
$publicKey = $t->getPublicKey(); | |||
$t->setPassword($this->encryptPassword($password, $publicKey)); | |||
$this->updateToken($t); | |||
} | |||
} | |||
} |
@@ -950,5 +950,9 @@ class Session implements IUserSession, Emitter { | |||
} | |||
} | |||
public function updateTokens(string $uid, string $password) { | |||
$this->tokenProvider->updatePasswords($uid, $password); | |||
} | |||
} |