diff options
| author | Roeland Jago Douma <roeland@famdouma.nl> | 2018-09-26 13:36:04 +0200 |
|---|---|---|
| committer | Roeland Jago Douma <roeland@famdouma.nl> | 2018-10-02 19:50:54 +0200 |
| commit | d9febae5b2cbe2147c892030ca9d1b5db7304e9f (patch) | |
| tree | f5faf8f7ae470438e9162427c7f2e08d579b486c | |
| parent | 00e99af5863e40e89c012f3ce642802c891def4e (diff) | |
| download | nextcloud-server-d9febae5b2cbe2147c892030ca9d1b5db7304e9f.tar.gz nextcloud-server-d9febae5b2cbe2147c892030ca9d1b5db7304e9f.zip | |
Update all the publickey tokens if needed on web login
* On weblogin check if we have invalid public key tokens
* If so update them all with the new token
This ensures that your marked as invalid tokens work again if you once
login on the web.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
| -rw-r--r-- | core/Controller/LoginController.php | 1 | ||||
| -rw-r--r-- | lib/private/Authentication/Token/DefaultTokenProvider.php | 4 | ||||
| -rw-r--r-- | lib/private/Authentication/Token/IProvider.php | 8 | ||||
| -rw-r--r-- | lib/private/Authentication/Token/Manager.php | 7 | ||||
| -rw-r--r-- | lib/private/Authentication/Token/PublicKeyTokenMapper.php | 15 | ||||
| -rw-r--r-- | lib/private/Authentication/Token/PublicKeyTokenProvider.php | 15 | ||||
| -rw-r--r-- | lib/private/User/Session.php | 4 |
7 files changed, 53 insertions, 1 deletions
diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php index 09b6fe54384..14e3b4c40b3 100644 --- a/core/Controller/LoginController.php +++ b/core/Controller/LoginController.php @@ -320,6 +320,7 @@ class LoginController extends Controller { // requires https://github.com/owncloud/core/pull/24616 $this->userSession->completeLogin($loginResult, ['loginName' => $user, 'password' => $password]); $this->userSession->createSessionToken($this->request, $loginResult->getUID(), $user, $password, IToken::REMEMBER); + $this->userSession->updateTokens($loginResult->getUID(), $password); // User has successfully logged in, now remove the password reset link, when it is available $this->config->deleteUserValue($loginResult->getUID(), 'core', 'lostpassword'); diff --git a/lib/private/Authentication/Token/DefaultTokenProvider.php b/lib/private/Authentication/Token/DefaultTokenProvider.php index 19aba58b056..a27a875a27f 100644 --- a/lib/private/Authentication/Token/DefaultTokenProvider.php +++ b/lib/private/Authentication/Token/DefaultTokenProvider.php @@ -347,5 +347,7 @@ class DefaultTokenProvider implements IProvider { $this->invalidateToken($tokenId); } - + public function updatePasswords(string $uid, string $password) { + // Nothing to do here + } } diff --git a/lib/private/Authentication/Token/IProvider.php b/lib/private/Authentication/Token/IProvider.php index d1b067868b4..7ee76b7b384 100644 --- a/lib/private/Authentication/Token/IProvider.php +++ b/lib/private/Authentication/Token/IProvider.php @@ -164,4 +164,12 @@ interface IProvider { * @param string $tokenId */ public function markPasswordInvalid(IToken $token, string $tokenId); + + /** + * Update all the passwords of $uid if required + * + * @param string $uid + * @param string $password + */ + public function updatePasswords(string $uid, string $password); } diff --git a/lib/private/Authentication/Token/Manager.php b/lib/private/Authentication/Token/Manager.php index 711d2110393..7c991eadea9 100644 --- a/lib/private/Authentication/Token/Manager.php +++ b/lib/private/Authentication/Token/Manager.php @@ -232,4 +232,11 @@ class Manager implements IProvider { public function markPasswordInvalid(IToken $token, string $tokenId) { $this->getProvider($token)->markPasswordInvalid($token, $tokenId); } + + public function updatePasswords(string $uid, string $password) { + $this->defaultTokenProvider->updatePasswords($uid, $password); + $this->publicKeyTokenProvider->updatePasswords($uid, $password); + } + + } diff --git a/lib/private/Authentication/Token/PublicKeyTokenMapper.php b/lib/private/Authentication/Token/PublicKeyTokenMapper.php index 5e5c69dbc46..df91066c44f 100644 --- a/lib/private/Authentication/Token/PublicKeyTokenMapper.php +++ b/lib/private/Authentication/Token/PublicKeyTokenMapper.php @@ -169,4 +169,19 @@ class PublicKeyTokenMapper extends QBMapper { $qb->execute(); } + + public function hasExpiredTokens(string $uid): bool { + $qb = $this->db->getQueryBuilder(); + $qb->select('*') + ->from('authtoken') + ->where($qb->expr()->eq('uid', $qb->createNamedParameter($uid))) + ->andWhere($qb->expr()->eq('password_invalid', $qb->createNamedParameter(true), IQueryBuilder::PARAM_BOOL)) + ->setMaxResults(1); + + $cursor = $qb->execute(); + $data = $cursor->fetchAll(); + $cursor->closeCursor(); + + return count($data) === 1; + } } diff --git a/lib/private/Authentication/Token/PublicKeyTokenProvider.php b/lib/private/Authentication/Token/PublicKeyTokenProvider.php index 9afdb5a8ff5..33c0b1d59eb 100644 --- a/lib/private/Authentication/Token/PublicKeyTokenProvider.php +++ b/lib/private/Authentication/Token/PublicKeyTokenProvider.php @@ -327,5 +327,20 @@ class PublicKeyTokenProvider implements IProvider { $this->mapper->update($token); } + public function updatePasswords(string $uid, string $password) { + if (!$this->mapper->hasExpiredTokens($uid)) { + // Nothing to do here + return; + } + + // Update the password for all tokens + $tokens = $this->mapper->getTokenByUser($uid); + foreach ($tokens as $t) { + $publicKey = $t->getPublicKey(); + $t->setPassword($this->encryptPassword($password, $publicKey)); + $this->updateToken($t); + } + } + } diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php index 8ac42eac4eb..a9c638dca93 100644 --- a/lib/private/User/Session.php +++ b/lib/private/User/Session.php @@ -950,5 +950,9 @@ class Session implements IUserSession, Emitter { } } + public function updateTokens(string $uid, string $password) { + $this->tokenProvider->updatePasswords($uid, $password); + } + } |