delete auth token when client gets deleted

Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>

7 files changed, 79 insertions, 18 deletions

diff --git a/apps/oauth2/lib/Controller/SettingsController.php b/apps/oauth2/lib/Controller/SettingsController.php
index 1d376694f5a..f9ded6c0968 100644
--- a/apps/oauth2/lib/Controller/SettingsController.php
+++ b/apps/oauth2/lib/Controller/SettingsController.php
@@ -21,6 +21,8 @@
 
 namespace OCA\OAuth2\Controller;
 
+use OC\Authentication\Token\DefaultTokenMapper;
+use OCA\OAuth2\Db\AccessTokenMapper;
 use OCA\OAuth2\Db\Client;
 use OCA\OAuth2\Db\ClientMapper;
 use OCP\AppFramework\Controller;
@@ -36,6 +38,10 @@ class SettingsController extends Controller {
 	private $clientMapper;
 	/** @var ISecureRandom */
 	private $secureRandom;
+	/** @var AccessTokenMapper  */
+	private $accessTokenMapper;
+	/** @var  DefaultTokenMapper */
+	private $defaultTokenMapper;
 
 	const validChars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
 
@@ -45,16 +51,23 @@ class SettingsController extends Controller {
 	 * @param IURLGenerator $urlGenerator
 	 * @param ClientMapper $clientMapper
 	 * @param ISecureRandom $secureRandom
+	 * @param AccessTokenMapper $accessTokenMapper
+	 * @param DefaultTokenMapper $defaultTokenMapper
 	 */
 	public function __construct($appName,
 								IRequest $request,
 								IURLGenerator $urlGenerator,
 								ClientMapper $clientMapper,
-								ISecureRandom $secureRandom) {
+								ISecureRandom $secureRandom,
+								AccessTokenMapper $accessTokenMapper,
+								DefaultTokenMapper $defaultTokenMapper
+	) {
 		parent::__construct($appName, $request);
 		$this->urlGenerator = $urlGenerator;
 		$this->secureRandom = $secureRandom;
 		$this->clientMapper = $clientMapper;
+		$this->accessTokenMapper = $accessTokenMapper;
+		$this->defaultTokenMapper = $defaultTokenMapper;
 	}
 
 	/**
@@ -78,8 +91,9 @@ class SettingsController extends Controller {
 	 * @return RedirectResponse
 	 */
 	public function deleteClient($id) {
-		$client = new Client();
-		$client->setId($id);
+		$client = $this->clientMapper->getByUid($id);
+		$this->accessTokenMapper->deleteByClientId($id);
+		$this->defaultTokenMapper->deleteByName($client->getName());
 		$this->clientMapper->delete($client);
 		return new RedirectResponse($this->urlGenerator->getAbsoluteURL('/index.php/settings/admin/security'));
 	}
diff --git a/apps/oauth2/lib/Db/AccessTokenMapper.php b/apps/oauth2/lib/Db/AccessTokenMapper.php
index 2751302522c..51b97bf8d7a 100644
--- a/apps/oauth2/lib/Db/AccessTokenMapper.php
+++ b/apps/oauth2/lib/Db/AccessTokenMapper.php
@@ -22,6 +22,7 @@
 namespace OCA\OAuth2\Db;
 
 use OCP\AppFramework\Db\Mapper;
+use OCP\DB\QueryBuilder\IQueryBuilder;
 use OCP\IDBConnection;
 
 class AccessTokenMapper extends Mapper {
@@ -48,4 +49,17 @@ class AccessTokenMapper extends Mapper {
 		$result->closeCursor();
 		return AccessToken::fromRow($row);
 	}
+
+	/**
+	 * delete all access token from a given client
+	 *
+	 * @param int $id
+	 */
+	public function deleteByClientId($id) {
+		$qb = $this->db->getQueryBuilder();
+		$qb
+			->delete($this->tableName)
+			->where($qb->expr()->eq('client_id', $qb->createNamedParameter($id, IQueryBuilder::PARAM_INT)));
+		$qb->execute();
+	}
 }
diff --git a/apps/oauth2/lib/Db/ClientMapper.php b/apps/oauth2/lib/Db/ClientMapper.php
index 38751a2e5cf..cf00afacb70 100644
--- a/apps/oauth2/lib/Db/ClientMapper.php
+++ b/apps/oauth2/lib/Db/ClientMapper.php
@@ -22,6 +22,7 @@
 namespace OCA\OAuth2\Db;
 
 use OCP\AppFramework\Db\Mapper;
+use OCP\DB\QueryBuilder\IQueryBuilder;
 use OCP\IDBConnection;
 
 class ClientMapper extends Mapper {
@@ -55,6 +56,27 @@ class ClientMapper extends Mapper {
 	}
 
 	/**
+	 * @param string $uid internal uid of the client
+	 * @return Client
+	 */
+	public function getByUid($uid) {
+		$qb = $this->db->getQueryBuilder();
+		$qb
+			->select('*')
+			->from($this->tableName)
+			->where($qb->expr()->eq('id', $qb->createNamedParameter($uid, IQueryBuilder::PARAM_INT)));
+		$result = $qb->execute();
+		$row = $result->fetch();
+		$result->closeCursor();
+
+		if (!is_array($row)) {
+			$row = [];
+		}
+
+		return Client::fromRow($row);
+	}
+
+	/**
 	 * @return Client[]
 	 */
 	public function getClients() {
diff --git a/apps/oauth2/lib/Settings/Admin.php b/apps/oauth2/lib/Settings/Admin.php
index aa120bcb7d7..07c3fe733ad 100644
--- a/apps/oauth2/lib/Settings/Admin.php
+++ b/apps/oauth2/lib/Settings/Admin.php
@@ -23,7 +23,6 @@ namespace OCA\OAuth2\Settings;
 
 use OCA\OAuth2\Db\ClientMapper;
 use OCP\AppFramework\Http\TemplateResponse;
-use OCP\IConfig;
 use OCP\Settings\ISettings;
 
 class Admin implements ISettings {
diff --git a/lib/private/Authentication/Token/DefaultTokenMapper.php b/lib/private/Authentication/Token/DefaultTokenMapper.php
index 8848cd3ec56..a69e9e940cd 100644
--- a/lib/private/Authentication/Token/DefaultTokenMapper.php
+++ b/lib/private/Authentication/Token/DefaultTokenMapper.php
@@ -31,7 +31,7 @@ use OCP\IUser;
 class DefaultTokenMapper extends Mapper {
 
 	public function __construct(IDBConnection $db) {
-		parent::__construct($db, 'authtoken');
+		parent::__construct($db, 'AuthToken');
 	}
 
 	/**
@@ -42,7 +42,7 @@ class DefaultTokenMapper extends Mapper {
 	public function invalidate($token) {
 		/* @var $qb IQueryBuilder */
 		$qb = $this->db->getQueryBuilder();
-		$qb->delete('authtoken')
+		$qb->delete('AuthToken')
 			->where($qb->expr()->eq('token', $qb->createParameter('token')))
 			->setParameter('token', $token)
 			->execute();
@@ -55,7 +55,7 @@ class DefaultTokenMapper extends Mapper {
 	public function invalidateOld($olderThan, $remember = IToken::DO_NOT_REMEMBER) {
 		/* @var $qb IQueryBuilder */
 		$qb = $this->db->getQueryBuilder();
-		$qb->delete('authtoken')
+		$qb->delete('AuthToken')
 			->where($qb->expr()->lt('last_activity', $qb->createNamedParameter($olderThan, IQueryBuilder::PARAM_INT)))
 			->andWhere($qb->expr()->eq('type', $qb->createNamedParameter(IToken::TEMPORARY_TOKEN, IQueryBuilder::PARAM_INT)))
 			->andWhere($qb->expr()->eq('remember', $qb->createNamedParameter($remember, IQueryBuilder::PARAM_INT)))
@@ -73,7 +73,7 @@ class DefaultTokenMapper extends Mapper {
 		/* @var $qb IQueryBuilder */
 		$qb = $this->db->getQueryBuilder();
 		$result = $qb->select('id', 'uid', 'login_name', 'password', 'name', 'type', 'remember', 'token', 'last_activity', 'last_check', 'scope')
-			->from('authtoken')
+			->from('AuthToken')
 			->where($qb->expr()->eq('token', $qb->createNamedParameter($token)))
 			->execute();
 
@@ -97,7 +97,7 @@ class DefaultTokenMapper extends Mapper {
 		/* @var $qb IQueryBuilder */
 		$qb = $this->db->getQueryBuilder();
 		$result = $qb->select('id', 'uid', 'login_name', 'password', 'name', 'type', 'token', 'last_activity', 'last_check', 'scope')
-			->from('authtoken')
+			->from('AuthToken')
 			->where($qb->expr()->eq('id', $qb->createNamedParameter($id)))
 			->execute();
 
@@ -122,7 +122,7 @@ class DefaultTokenMapper extends Mapper {
 		/* @var $qb IQueryBuilder */
 		$qb = $this->db->getQueryBuilder();
 		$qb->select('id', 'uid', 'login_name', 'password', 'name', 'type', 'remember', 'token', 'last_activity', 'last_check', 'scope')
-			->from('authtoken')
+			->from('AuthToken')
 			->where($qb->expr()->eq('uid', $qb->createNamedParameter($user->getUID())))
 			->setMaxResults(1000);
 		$result = $qb->execute();
@@ -143,10 +143,22 @@ class DefaultTokenMapper extends Mapper {
 	public function deleteById(IUser $user, $id) {
 		/* @var $qb IQueryBuilder */
 		$qb = $this->db->getQueryBuilder();
-		$qb->delete('authtoken')
+		$qb->delete('AuthToken')
 			->where($qb->expr()->eq('id', $qb->createNamedParameter($id)))
 			->andWhere($qb->expr()->eq('uid', $qb->createNamedParameter($user->getUID())));
 		$qb->execute();
 	}
 
+	/**
+	 * delete all auth token which belong to a specific client if the client was deleted
+	 *
+	 * @param string $name
+	 */
+	public function deleteByName($name) {
+		$qb = $this->db->getQueryBuilder();
+		$qb->delete('AuthToken')
+			->where($qb->expr()->eq('name', $qb->createNamedParameter($name)));
+		$qb->execute();
+	}
+
 }
diff --git a/settings/personal.php b/settings/personal.php
index 86ac4f753f4..7f99dc3259b 100644
--- a/settings/personal.php
+++ b/settings/personal.php
@@ -49,7 +49,7 @@ $config = \OC::$server->getConfig();
 $urlGenerator = \OC::$server->getURLGenerator();
 
 // Highlight navigation entry
-OC_Util::addScript('settings', 'authtoken');
+OC_Util::addScript('settings', 'AuthToken');
 OC_Util::addScript('settings', 'authtoken_collection');
 OC_Util::addScript('settings', 'authtoken_view');
 OC_Util::addScript('settings', 'usersettings');
diff --git a/tests/lib/Authentication/Token/DefaultTokenMapperTest.php b/tests/lib/Authentication/Token/DefaultTokenMapperTest.php
index 8fe0762daad..650031b6d30 100644
--- a/tests/lib/Authentication/Token/DefaultTokenMapperTest.php
+++ b/tests/lib/Authentication/Token/DefaultTokenMapperTest.php
@@ -58,8 +58,8 @@ class DefaultTokenMapperTest extends TestCase {
 
 	private function resetDatabase() {
 		$qb = $this->dbConnection->getQueryBuilder();
-		$qb->delete('authtoken')->execute();
-		$qb->insert('authtoken')->values([
+		$qb->delete('AuthToken')->execute();
+		$qb->insert('AuthToken')->values([
 			'uid' => $qb->createNamedParameter('user1'),
 			'login_name' => $qb->createNamedParameter('User1'),
 			'password' => $qb->createNamedParameter('a75c7116460c082912d8f6860a850904|3nz5qbG1nNSLLi6V|c55365a0e54cfdfac4a175bcf11a7612aea74492277bba6e5d96a24497fa9272488787cb2f3ad34d8b9b8060934fce02f008d371df3ff3848f4aa61944851ff0'),
@@ -69,7 +69,7 @@ class DefaultTokenMapperTest extends TestCase {
 			'last_activity' => $qb->createNamedParameter($this->time - 120, IQueryBuilder::PARAM_INT), // Two minutes ago
 			'last_check' => $this->time - 60 * 10, // 10mins ago
 		])->execute();
-		$qb->insert('authtoken')->values([
+		$qb->insert('AuthToken')->values([
 			'uid' => $qb->createNamedParameter('user2'),
 			'login_name' => $qb->createNamedParameter('User2'),
 			'password' => $qb->createNamedParameter('971a337057853344700bbeccf836519f|UwOQwyb34sJHtqPV|036d4890f8c21d17bbc7b88072d8ef049a5c832a38e97f3e3d5f9186e896c2593aee16883f617322fa242728d0236ff32d163caeb4bd45e14ca002c57a88665f'),
@@ -79,7 +79,7 @@ class DefaultTokenMapperTest extends TestCase {
 			'last_activity' => $qb->createNamedParameter($this->time - 60 * 60 * 24 * 3, IQueryBuilder::PARAM_INT), // Three days ago
 			'last_check' => $this->time -  10, // 10secs ago
 		])->execute();
-		$qb->insert('authtoken')->values([
+		$qb->insert('AuthToken')->values([
 			'uid' => $qb->createNamedParameter('user1'),
 			'login_name' => $qb->createNamedParameter('User1'),
 			'password' => $qb->createNamedParameter('063de945d6f6b26862d9b6f40652f2d5|DZ/z520tfdXPtd0T|395f6b89be8d9d605e409e20b9d9abe477fde1be38a3223f9e508f979bf906e50d9eaa4dca983ca4fb22a241eb696c3f98654e7775f78c4caf13108f98642b53'),
@@ -94,7 +94,7 @@ class DefaultTokenMapperTest extends TestCase {
 	private function getNumberOfTokens() {
 		$qb = $this->dbConnection->getQueryBuilder();
 		$result = $qb->select($qb->createFunction('count(*) as `count`'))
-			->from('authtoken')
+			->from('AuthToken')
 			->execute()
 			->fetch();
 		return (int) $result['count'];
@@ -211,7 +211,7 @@ class DefaultTokenMapperTest extends TestCase {
 		$user = $this->createMock(IUser::class);
 		$qb = $this->dbConnection->getQueryBuilder();
 		$qb->select('id')
-			->from('authtoken')
+			->from('AuthToken')
 			->where($qb->expr()->eq('token', $qb->createNamedParameter('9c5a2e661482b65597408a6bb6c4a3d1af36337381872ac56e445a06cdb7fea2b1039db707545c11027a4966919918b19d875a8b774840b18c6cbb7ae56fe206')));
 		$result = $qb->execute();
 		$id = $result->fetch()['id'];