diff options
| author | Vincent Petry <pvince81@owncloud.com> | 2016-05-23 14:17:01 +0200 |
|---|---|---|
| committer | Vincent Petry <pvince81@owncloud.com> | 2016-05-23 14:17:01 +0200 |
| commit | 57525a02f8e0153dcb8c83e0e8b7bafe34a3f820 (patch) | |
| tree | d6aaafba86dbe9df75fabe369ad6b53ef62234cf | |
| parent | bd87f6747376063b05ad5f1f7ce12446dddd5697 (diff) | |
| parent | 74277c25be2f3231e52a73a684bd14452a9ff2aa (diff) | |
| download | nextcloud-server-57525a02f8e0153dcb8c83e0e8b7bafe34a3f820.tar.gz nextcloud-server-57525a02f8e0153dcb8c83e0e8b7bafe34a3f820.zip | |
Merge pull request #24703 from owncloud/personal-settings-auth-tokens
Personal settings auth tokens
| -rw-r--r-- | lib/private/Authentication/Token/DefaultToken.php | 10 | ||||
| -rw-r--r-- | lib/private/Authentication/Token/DefaultTokenMapper.php | 13 | ||||
| -rw-r--r-- | lib/private/Authentication/Token/DefaultTokenProvider.php | 12 | ||||
| -rw-r--r-- | lib/private/Authentication/Token/IProvider.php | 13 | ||||
| -rw-r--r-- | lib/private/Authentication/Token/IToken.php | 6 | ||||
| -rw-r--r-- | lib/private/Server.php | 3 | ||||
| -rw-r--r-- | settings/Application.php | 18 | ||||
| -rw-r--r-- | settings/Controller/AuthSettingsController.php | 151 | ||||
| -rw-r--r-- | settings/css/settings.css | 33 | ||||
| -rw-r--r-- | settings/js/authtoken.js | 33 | ||||
| -rw-r--r-- | settings/js/authtoken_collection.js | 52 | ||||
| -rw-r--r-- | settings/js/authtoken_view.js | 242 | ||||
| -rw-r--r-- | settings/js/personal.js | 7 | ||||
| -rw-r--r-- | settings/personal.php | 5 | ||||
| -rw-r--r-- | settings/routes.php | 3 | ||||
| -rw-r--r-- | settings/templates/personal.php | 41 | ||||
| -rw-r--r-- | tests/lib/Authentication/Token/DefaultTokenMapperTest.php | 27 | ||||
| -rw-r--r-- | tests/lib/Authentication/Token/DefaultTokenProviderTest.php | 11 | ||||
| -rw-r--r-- | tests/settings/controller/AuthSettingsControllerTest.php | 156 |
19 files changed, 826 insertions, 10 deletions
diff --git a/lib/private/Authentication/Token/DefaultToken.php b/lib/private/Authentication/Token/DefaultToken.php index 08451a46151..4a64eacb247 100644 --- a/lib/private/Authentication/Token/DefaultToken.php +++ b/lib/private/Authentication/Token/DefaultToken.php @@ -28,7 +28,6 @@ use OCP\AppFramework\Db\Entity; * @method void setId(int $id) * @method void setUid(string $uid); * @method void setPassword(string $password) - * @method string getPassword() * @method void setName(string $name) * @method string getName() * @method void setToken(string $token) @@ -87,4 +86,13 @@ class DefaultToken extends Entity implements IToken { return parent::getPassword(); } + public function jsonSerialize() { + return [ + 'id' => $this->id, + 'name' => $this->name, + 'lastActivity' => $this->lastActivity, + 'type' => $this->type, + ]; + } + } diff --git a/lib/private/Authentication/Token/DefaultTokenMapper.php b/lib/private/Authentication/Token/DefaultTokenMapper.php index 9f173571270..970c2242dbe 100644 --- a/lib/private/Authentication/Token/DefaultTokenMapper.php +++ b/lib/private/Authentication/Token/DefaultTokenMapper.php @@ -111,4 +111,17 @@ class DefaultTokenMapper extends Mapper { return $entities; } + /** + * @param IUser $user + * @param int $id + */ + public function deleteById(IUser $user, $id) { + /* @var $qb IQueryBuilder */ + $qb = $this->db->getQueryBuilder(); + $qb->delete('authtoken') + ->where($qb->expr()->eq('id', $qb->createNamedParameter($id))) + ->andWhere($qb->expr()->eq('uid', $qb->createNamedParameter($user->getUID()))); + $qb->execute(); + } + } diff --git a/lib/private/Authentication/Token/DefaultTokenProvider.php b/lib/private/Authentication/Token/DefaultTokenProvider.php index 6c69d852d7b..0f7c54dab57 100644 --- a/lib/private/Authentication/Token/DefaultTokenProvider.php +++ b/lib/private/Authentication/Token/DefaultTokenProvider.php @@ -134,6 +134,7 @@ class DefaultTokenProvider implements IProvider { /** * @param IToken $savedToken * @param string $tokenId session token + * @throws InvalidTokenException * @return string */ public function getPassword(IToken $savedToken, $tokenId) { @@ -150,6 +151,16 @@ class DefaultTokenProvider implements IProvider { } /** + * Invalidate (delete) the given token + * + * @param IUser $user + * @param int $id + */ + public function invalidateTokenById(IUser $user, $id) { + $this->mapper->deleteById($user, $id); + } + + /** * Invalidate (delete) old session tokens */ public function invalidateOldTokens() { @@ -203,6 +214,7 @@ class DefaultTokenProvider implements IProvider { * * @param string $password * @param string $token + * @throws InvalidTokenException * @return string the decrypted key */ private function decryptPassword($password, $token) { diff --git a/lib/private/Authentication/Token/IProvider.php b/lib/private/Authentication/Token/IProvider.php index a5c5faa5639..e4e4581e738 100644 --- a/lib/private/Authentication/Token/IProvider.php +++ b/lib/private/Authentication/Token/IProvider.php @@ -35,7 +35,7 @@ interface IProvider { * @param string $password * @param string $name * @param int $type token type - * @return DefaultToken + * @return IToken */ public function generateToken($token, $uid, $password, $name, $type = IToken::TEMPORARY_TOKEN); @@ -47,7 +47,7 @@ interface IProvider { * @return IToken */ public function getToken($tokenId) ; - + /** * @param string $token * @throws InvalidTokenException @@ -63,6 +63,14 @@ interface IProvider { public function invalidateToken($token); /** + * Invalidate (delete) the given token + * + * @param IUser $user + * @param int $id + */ + public function invalidateTokenById(IUser $user, $id); + + /** * Update token activity timestamp * * @param IToken $token @@ -85,6 +93,7 @@ interface IProvider { * * @param IToken $token * @param string $tokenId + * @throws InvalidTokenException * @return string */ public function getPassword(IToken $token, $tokenId); diff --git a/lib/private/Authentication/Token/IToken.php b/lib/private/Authentication/Token/IToken.php index 2a01ea75ea9..b741cd4ac22 100644 --- a/lib/private/Authentication/Token/IToken.php +++ b/lib/private/Authentication/Token/IToken.php @@ -22,7 +22,9 @@ namespace OC\Authentication\Token; -interface IToken { +use JsonSerializable; + +interface IToken extends JsonSerializable { const TEMPORARY_TOKEN = 0; const PERMANENT_TOKEN = 1; @@ -30,7 +32,7 @@ interface IToken { /** * Get the token ID * - * @return string + * @return int */ public function getId(); diff --git a/lib/private/Server.php b/lib/private/Server.php index 0b7b8f9e403..ea0c436d84b 100644 --- a/lib/private/Server.php +++ b/lib/private/Server.php @@ -223,6 +223,7 @@ class Server extends ServerContainer implements IServerContainer { $timeFactory = new TimeFactory(); return new \OC\Authentication\Token\DefaultTokenProvider($mapper, $crypto, $config, $logger, $timeFactory); }); + $this->registerAlias('OC\Authentication\Token\IProvider', 'OC\Authentication\Token\DefaultTokenProvider'); $this->registerService('UserSession', function (Server $c) { $manager = $c->getUserManager(); $session = new \OC\Session\Memory(''); @@ -230,7 +231,7 @@ class Server extends ServerContainer implements IServerContainer { // Token providers might require a working database. This code // might however be called when ownCloud is not yet setup. if (\OC::$server->getSystemConfig()->getValue('installed', false)) { - $defaultTokenProvider = $c->query('OC\Authentication\Token\DefaultTokenProvider'); + $defaultTokenProvider = $c->query('OC\Authentication\Token\IProvider'); } else { $defaultTokenProvider = null; } diff --git a/settings/Application.php b/settings/Application.php index 5b84d028abf..728c2bf9de4 100644 --- a/settings/Application.php +++ b/settings/Application.php @@ -29,7 +29,9 @@ namespace OC\Settings; use OC\Files\View; +use OC\Server; use OC\Settings\Controller\AppSettingsController; +use OC\Settings\Controller\AuthSettingsController; use OC\Settings\Controller\CertificateController; use OC\Settings\Controller\CheckSetupController; use OC\Settings\Controller\EncryptionController; @@ -39,10 +41,9 @@ use OC\Settings\Controller\MailSettingsController; use OC\Settings\Controller\SecuritySettingsController; use OC\Settings\Controller\UsersController; use OC\Settings\Middleware\SubadminMiddleware; -use \OCP\AppFramework\App; +use OCP\AppFramework\App; use OCP\IContainer; -use \OCP\Util; -use OC\Server; +use OCP\Util; /** * @package OC\Settings @@ -97,6 +98,17 @@ class Application extends App { $c->query('OcsClient') ); }); + $container->registerService('AuthSettingsController', function(IContainer $c) { + return new AuthSettingsController( + $c->query('AppName'), + $c->query('Request'), + $c->query('ServerContainer')->query('OC\Authentication\Token\IProvider'), + $c->query('UserManager'), + $c->query('ServerContainer')->getSession(), + $c->query('ServerContainer')->getSecureRandom(), + $c->query('UserId') + ); + }); $container->registerService('SecuritySettingsController', function(IContainer $c) { return new SecuritySettingsController( $c->query('AppName'), diff --git a/settings/Controller/AuthSettingsController.php b/settings/Controller/AuthSettingsController.php new file mode 100644 index 00000000000..75311920d2a --- /dev/null +++ b/settings/Controller/AuthSettingsController.php @@ -0,0 +1,151 @@ +<?php + +/** + * @author Christoph Wurst <christoph@owncloud.com> + * + * @copyright Copyright (c) 2016, ownCloud, Inc. + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see <http://www.gnu.org/licenses/> + * + */ + +namespace OC\Settings\Controller; + +use OC\AppFramework\Http; +use OC\Authentication\Exceptions\InvalidTokenException; +use OC\Authentication\Token\IProvider; +use OC\Authentication\Token\IToken; +use OCP\AppFramework\Controller; +use OCP\AppFramework\Http\JSONResponse; +use OCP\IRequest; +use OCP\ISession; +use OCP\IUserManager; +use OCP\Security\ISecureRandom; +use OCP\Session\Exceptions\SessionNotAvailableException; + +class AuthSettingsController extends Controller { + + /** @var IProvider */ + private $tokenProvider; + + /** @var IUserManager */ + private $userManager; + + /** @var ISession */ + private $session; + + /** @var string */ + private $uid; + + /** @var ISecureRandom */ + private $random; + + /** + * @param string $appName + * @param IRequest $request + * @param IProvider $tokenProvider + * @param IUserManager $userManager + * @param ISession $session + * @param ISecureRandom $random + * @param string $uid + */ + public function __construct($appName, IRequest $request, IProvider $tokenProvider, IUserManager $userManager, + ISession $session, ISecureRandom $random, $uid) { + parent::__construct($appName, $request); + $this->tokenProvider = $tokenProvider; + $this->userManager = $userManager; + $this->uid = $uid; + $this->session = $session; + $this->random = $random; + } + + /** + * @NoAdminRequired + * @NoSubadminRequired + * + * @return JSONResponse + */ + public function index() { + $user = $this->userManager->get($this->uid); + if (is_null($user)) { + return []; + } + return $this->tokenProvider->getTokenByUser($user); + } + + /** + * @NoAdminRequired + * @NoSubadminRequired + * + * @return JSONResponse + */ + public function create($name) { + try { + $sessionId = $this->session->getId(); + } catch (SessionNotAvailableException $ex) { + $resp = new JSONResponse(); + $resp->setStatus(Http::STATUS_SERVICE_UNAVAILABLE); + return $resp; + } + + try { + $sessionToken = $this->tokenProvider->getToken($sessionId); + $password = $this->tokenProvider->getPassword($sessionToken, $sessionId); + } catch (InvalidTokenException $ex) { + $resp = new JSONResponse(); + $resp->setStatus(Http::STATUS_SERVICE_UNAVAILABLE); + return $resp; + } + + $token = $this->generateRandomDeviceToken(); + $deviceToken = $this->tokenProvider->generateToken($token, $this->uid, $password, $name, IToken::PERMANENT_TOKEN); + + return [ + 'token' => $token, + 'deviceToken' => $deviceToken + ]; + } + + /** + * Return a 20 digit device password + * + * Example: ABCDE-FGHIJ-KLMNO-PQRST + * + * @return string + */ + private function generateRandomDeviceToken() { + $groups = []; + for ($i = 0; $i < 4; $i++) { + $groups[] = $this->random->generate(5, implode('', range('A', 'Z'))); + } + return implode('-', $groups); + } + + /** + * @NoAdminRequired + * @NoSubadminRequired + * + * @return JSONResponse + */ + public function destroy($id) { + $user = $this->userManager->get($this->uid); + if (is_null($user)) { + return []; + } + + $this->tokenProvider->invalidateTokenById($user, $id); + return []; + } + +} diff --git a/settings/css/settings.css b/settings/css/settings.css index edc4939d2d8..5fc96343502 100644 --- a/settings/css/settings.css +++ b/settings/css/settings.css @@ -100,6 +100,39 @@ input#identity { table.nostyle label { margin-right: 2em; } table.nostyle td { padding: 0.2em 0; } +#sessions table, +#devices table { + width: 100%; + min-height: 150px; + padding-top: 25px; +} +#sessions table th, +#devices table th { + font-weight: 800; +} +#sessions table th, +#sessions table td, +#devices table th, +#devices table td { + padding: 10px; +} + +#sessions .token-list td, +#devices .token-list td { + border-top: 1px solid #DDD; +} +#sessions .token-list td a.icon-delete, +#devices .token-list td a.icon-delete { + display: block; + opacity: 0.6; +} + +#device-new-token { + width: 186px; + font-family: monospace; + background-color: lightyellow; +} + /* USERS */ #newgroup-init a span { margin-left: 20px; } #newgroup-init a span:before { diff --git a/settings/js/authtoken.js b/settings/js/authtoken.js new file mode 100644 index 00000000000..215192d7163 --- /dev/null +++ b/settings/js/authtoken.js @@ -0,0 +1,33 @@ +/* global Backbone */ + +/** + * @author Christoph Wurst <christoph@owncloud.com> + * + * @copyright Copyright (c) 2016, ownCloud, Inc. + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see <http://www.gnu.org/licenses/> + * + */ + +(function(OC, Backbone) { + 'use strict'; + + OC.Settings = OC.Settings || {}; + + var AuthToken = Backbone.Model.extend({ + }); + + OC.Settings.AuthToken = AuthToken; + +})(OC, Backbone); diff --git a/settings/js/authtoken_collection.js b/settings/js/authtoken_collection.js new file mode 100644 index 00000000000..a78e053995f --- /dev/null +++ b/settings/js/authtoken_collection.js @@ -0,0 +1,52 @@ +/* global Backbone */ + +/** + * @author Christoph Wurst <christoph@owncloud.com> + * + * @copyright Copyright (c) 2016, ownCloud, Inc. + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see <http://www.gnu.org/licenses/> + * + */ + +(function(OC, Backbone) { + 'use strict'; + + OC.Settings = OC.Settings || {}; + + var AuthTokenCollection = Backbone.Collection.extend({ + + model: OC.Settings.AuthToken, + + /** + * Show recently used sessions/devices first + * + * @param {OC.Settigns.AuthToken} t1 + * @param {OC.Settigns.AuthToken} t2 + * @returns {Boolean} + */ + comparator: function (t1, t2) { + var ts1 = parseInt(t1.get('lastActivity'), 10); + var ts2 = parseInt(t2.get('lastActivity'), 10); + return ts1 < ts2; + }, + + tokenType: null, + + url: OC.generateUrl('/settings/personal/authtokens') + }); + + OC.Settings.AuthTokenCollection = AuthTokenCollection; + +})(OC, Backbone); diff --git a/settings/js/authtoken_view.js b/settings/js/authtoken_view.js new file mode 100644 index 00000000000..a165a465247 --- /dev/null +++ b/settings/js/authtoken_view.js @@ -0,0 +1,242 @@ +/* global Backbone, Handlebars, moment */ + +/** + * @author Christoph Wurst <christoph@owncloud.com> + * + * @copyright Copyright (c) 2016, ownCloud, Inc. + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see <http://www.gnu.org/licenses/> + * + */ + +(function(OC, _, Backbone, $, Handlebars, moment) { + 'use strict'; + + OC.Settings = OC.Settings || {}; + + var TEMPLATE_TOKEN = + '<tr data-id="{{id}}">' + + '<td>{{name}}</td>' + + '<td><span class="last-activity" title="{{lastActivityTime}}">{{lastActivity}}</span></td>' + + '<td><a class="icon-delete" title="' + t('core', 'Disconnect') + '"></a></td>' + + '<tr>'; + + var SubView = Backbone.View.extend({ + collection: null, + + /** + * token type + * - 0: browser + * - 1: device + * + * @see OC\Authentication\Token\IToken + */ + type: 0, + + _template: undefined, + + template: function(data) { + if (_.isUndefined(this._template)) { + this._template = Handlebars.compile(TEMPLATE_TOKEN); + } + + return this._template(data); + }, + + initialize: function(options) { + this.type = options.type; + this.collection = options.collection; + + this.on(this.collection, 'change', this.render); + }, + + render: function() { + var _this = this; + + var list = this.$('.token-list'); + var tokens = this.collection.filter(function(token) { + return parseInt(token.get('type'), 10) === _this.type; + }); + list.html(''); + + // Show header only if there are tokens to show + console.log(tokens.length > 0); + this._toggleHeader(tokens.length > 0); + + tokens.forEach(function(token) { + var viewData = token.toJSON(); + var ts = viewData.lastActivity * 1000; + viewData.lastActivity = OC.Util.relativeModifiedDate(ts); + viewData.lastActivityTime = OC.Util.formatDate(ts, 'LLL'); + var html = _this.template(viewData); + var $html = $(html); + $html.find('.last-activity').tooltip(); + $html.find('.icon-delete').tooltip(); + list.append($html); + }); + }, + + toggleLoading: function(state) { + this.$('.token-list').toggleClass('icon-loading', state); + }, + + _toggleHeader: function(show) { + this.$('.hidden-when-empty').toggleClass('hidden', !show); + } + }); + + var AuthTokenView = Backbone.View.extend({ + collection: null, + + _views: [], + + _form: undefined, + + _tokenName: undefined, + + _addTokenBtn: undefined, + + _result: undefined, + + _newToken: undefined, + + _hideTokenBtn: undefined, + + _addingToken: false, + + initialize: function(options) { + this.collection = options.collection; + + var tokenTypes = [0, 1]; + var _this = this; + _.each(tokenTypes, function(type) { + var el = type === 0 ? '#sessions' : '#devices'; + _this._views.push(new SubView({ + el: el, + type: type, + collection: _this.collection + })); + + var $el = $(el); + $el.on('click', 'a.icon-delete', _.bind(_this._onDeleteToken, _this)); + }); + + this._form = $('#device-token-form'); + this._tokenName = $('#device-token-name'); + this._addTokenBtn = $('#device-add-token'); + this._addTokenBtn.click(_.bind(this._addDeviceToken, this)); + + this._result = $('#device-token-result'); + this._newToken = $('#device-new-token'); + this._newToken.on('focus', _.bind(this._onNewTokenFocus, this)); + this._hideTokenBtn = $('#device-token-hide'); + this._hideTokenBtn.click(_.bind(this._hideToken, this)); + }, + + render: function() { + _.each(this._views, function(view) { + view.render(); + view.toggleLoading(false); + }); + }, + + reload: function() { + var _this = this; + + _.each(this._views, function(view) { + view.toggleLoading(true); + }); + + var loadingTokens = this.collection.fetch(); + + $.when(loadingTokens).done(function() { + _this.render(); + }); + $.when(loadingTokens).fail(function() { + OC.Notification.showTemporary(t('core', 'Error while loading browser sessions and device tokens')); + }); + }, + + _addDeviceToken: function() { + var _this = this; + this._toggleAddingToken(true); + + var deviceName = this._tokenName.val(); + var creatingToken = $.ajax(OC.generateUrl('/settings/personal/authtokens'), { + method: 'POST', + data: { + name: deviceName + } + }); + + $.when(creatingToken).done(function(resp) { + _this.collection.add(resp.deviceToken); + _this.render(); + _this._newToken.val(resp.token); + _this._toggleFormResult(false); + _this._newToken.select(); + _this._tokenName.val(''); + }); + $.when(creatingToken).fail(function() { + OC.Notification.showTemporary(t('core', 'Error while creating device token')); + }); + $.when(creatingToken).always(function() { + _this._toggleAddingToken(false); + }); + }, + + _onNewTokenFocus: function() { + this._newToken.select(); + }, + + _hideToken: function() { + this._toggleFormResult(true); + }, + + _toggleAddingToken: function(state) { + this._addingToken = state; + this._addTokenBtn.toggleClass('icon-loading-small', state); + }, + + _onDeleteToken: function(event) { + var $target = $(event.target); + var $row = $target.closest('tr'); + var id = $row.data('id'); + + var token = this.collection.get(id); + if (_.isUndefined(token)) { + // Ignore event + return; + } + + var destroyingToken = token.destroy(); + + var _this = this; + $.when(destroyingToken).fail(function() { + OC.Notification.showTemporary(t('core', 'Error while deleting the token')); + }); + $.when(destroyingToken).always(function() { + _this.render(); + }); + }, + + _toggleFormResult: function(showForm) { + this._form.toggleClass('hidden', !showForm); + this._result.toggleClass('hidden', showForm); + } + }); + + OC.Settings.AuthTokenView = AuthTokenView; + +})(OC, _, Backbone, $, Handlebars, moment); diff --git a/settings/js/personal.js b/settings/js/personal.js index 09f63f3f6af..aea2400e999 100644 --- a/settings/js/personal.js +++ b/settings/js/personal.js @@ -361,6 +361,13 @@ $(document).ready(function () { if (oc_config.enable_avatars) { $('#avatar .avatardiv').avatar(OC.currentUser, 145); } + + // Show token views + var collection = new OC.Settings.AuthTokenCollection(); + var view = new OC.Settings.AuthTokenView({ + collection: collection + }); + view.reload(); }); if (!OC.Encryption) { diff --git a/settings/personal.php b/settings/personal.php index 6c2fccbec9b..3b283fb2d38 100644 --- a/settings/personal.php +++ b/settings/personal.php @@ -42,6 +42,9 @@ $config = \OC::$server->getConfig(); $urlGenerator = \OC::$server->getURLGenerator(); // Highlight navigation entry +OC_Util::addScript('settings', 'authtoken'); +OC_Util::addScript('settings', 'authtoken_collection'); +OC_Util::addScript('settings', 'authtoken_view'); OC_Util::addScript( 'settings', 'personal' ); OC_Util::addScript('settings', 'certificates'); OC_Util::addStyle( 'settings', 'settings' ); @@ -171,6 +174,8 @@ $tmpl->assign('groups', $groups2); // add hardcoded forms from the template $formsAndMore = []; $formsAndMore[]= ['anchor' => 'avatar', 'section-name' => $l->t('Personal info')]; +$formsAndMore[]= ['anchor' => 'sessions', 'section-name' => $l->t('Sessions')]; +$formsAndMore[]= ['anchor' => 'devices', 'section-name' => $l->t('Devices')]; $formsAndMore[]= ['anchor' => 'clientsbox', 'section-name' => $l->t('Sync clients')]; $forms=OC_App::getForms('personal'); diff --git a/settings/routes.php b/settings/routes.php index 90e1d1e442b..5c356e01734 100644 --- a/settings/routes.php +++ b/settings/routes.php @@ -36,7 +36,8 @@ $application = new Application(); $application->registerRoutes($this, [ 'resources' => [ 'groups' => ['url' => '/settings/users/groups'], - 'users' => ['url' => '/settings/users/users'] + 'users' => ['url' => '/settings/users/users'], + 'AuthSettings' => ['url' => '/settings/personal/authtokens'], ], 'routes' => [ ['name' => 'MailSettings#setMailSettings', 'url' => '/settings/admin/mailsettings', 'verb' => 'POST'], diff --git a/settings/templates/personal.php b/settings/templates/personal.php index 29bf240e7e3..dcc83b3e99e 100644 --- a/settings/templates/personal.php +++ b/settings/templates/personal.php @@ -139,6 +139,47 @@ if($_['passwordChangeSupported']) { } ?> +<div id="sessions" class="section"> + <h2><?php p($l->t('Sessions'));?></h2> + <span class="hidden-when-empty"><?php p($l->t('These are the web browsers currently logged in to your ownCloud.'));?></span> + <table> + <thead class="token-list-header"> + <tr> + <th><?php p($l->t('Browser'));?></th> + <th><?php p($l->t('Most recent activity'));?></th> + <th></th> + </tr> + </thead> + <tbody class="token-list icon-loading"> + </tbody> + </table> +</div> + +<div id="devices" class="section"> + <h2><?php p($l->t('Devices'));?></h2> + <span class="hidden-when-empty"><?php p($l->t("You've linked these devices."));?></span> + <table> + <thead class="hidden-when-empty"> + <tr> + <th><?php p($l->t('Name'));?></th> + <th><?php p($l->t('Most recent activity'));?></th> + <th></th> + </tr> + </thead> + <tbody class="token-list icon-loading"> + </tbody> + </table> + <p><?php p($l->t('A device password is a passcode that gives an app or device permissions to access your ownCloud account.'));?></p> + <div id="device-token-form"> + <input id="device-token-name" type="text" placeholder="Device name"> + <button id="device-add-token" class="button">Create new device password</button> + </div> + <div id="device-token-result" class="hidden"> + <input id="device-new-token" type="text" readonly="readonly"/> + <button id="device-token-hide" class="button">Done</button> + </div> +</div> + <form id="language" class="section"> <h2> <label for="languageinput"><?php p($l->t('Language'));?></label> diff --git a/tests/lib/Authentication/Token/DefaultTokenMapperTest.php b/tests/lib/Authentication/Token/DefaultTokenMapperTest.php index e17149a5c1b..9179e23bfb2 100644 --- a/tests/lib/Authentication/Token/DefaultTokenMapperTest.php +++ b/tests/lib/Authentication/Token/DefaultTokenMapperTest.php @@ -159,4 +159,31 @@ class DefaultTokenMapperTest extends TestCase { $this->assertCount(0, $this->mapper->getTokenByUser($user)); } + public function testDeleteById() { + $user = $this->getMock('\OCP\IUser'); + $qb = $this->dbConnection->getQueryBuilder(); + $qb->select('id') + ->from('authtoken') + ->where($qb->expr()->eq('token', $qb->createNamedParameter('9c5a2e661482b65597408a6bb6c4a3d1af36337381872ac56e445a06cdb7fea2b1039db707545c11027a4966919918b19d875a8b774840b18c6cbb7ae56fe206'))); + $result = $qb->execute(); + $id = $result->fetch()['id']; + $user->expects($this->once()) + ->method('getUID') + ->will($this->returnValue('user1')); + + $this->mapper->deleteById($user, $id); + $this->assertEquals(2, $this->getNumberOfTokens()); + } + + public function testDeleteByIdWrongUser() { + $user = $this->getMock('\OCP\IUser'); + $id = 33; + $user->expects($this->once()) + ->method('getUID') + ->will($this->returnValue('user10000')); + + $this->mapper->deleteById($user, $id); + $this->assertEquals(3, $this->getNumberOfTokens()); + } + } diff --git a/tests/lib/Authentication/Token/DefaultTokenProviderTest.php b/tests/lib/Authentication/Token/DefaultTokenProviderTest.php index eeb249cfa8a..8af5e1e933a 100644 --- a/tests/lib/Authentication/Token/DefaultTokenProviderTest.php +++ b/tests/lib/Authentication/Token/DefaultTokenProviderTest.php @@ -170,6 +170,17 @@ class DefaultTokenProviderTest extends TestCase { $this->tokenProvider->invalidateToken('token7'); } + public function testInvaildateTokenById() { + $id = 123; + $user = $this->getMock('\OCP\IUser'); + + $this->mapper->expects($this->once()) + ->method('deleteById') + ->with($user, $id); + + $this->tokenProvider->invalidateTokenById($user, $id); + } + public function testInvalidateOldTokens() { $defaultSessionLifetime = 60 * 60 * 24; $this->config->expects($this->once()) diff --git a/tests/settings/controller/AuthSettingsControllerTest.php b/tests/settings/controller/AuthSettingsControllerTest.php new file mode 100644 index 00000000000..49491c8ff52 --- /dev/null +++ b/tests/settings/controller/AuthSettingsControllerTest.php @@ -0,0 +1,156 @@ +<?php + +/** + * @author Christoph Wurst <christoph@owncloud.com> + * + * @copyright Copyright (c) 2016, ownCloud, Inc. + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see <http://www.gnu.org/licenses/> + * + */ + +namespace Test\Settings\Controller; + +use OC\AppFramework\Http; +use OC\Authentication\Exceptions\InvalidTokenException; +use OC\Authentication\Token\IToken; +use OC\Settings\Controller\AuthSettingsController; +use OCP\AppFramework\Http\JSONResponse; +use OCP\Session\Exceptions\SessionNotAvailableException; +use Test\TestCase; + +class AuthSettingsControllerTest extends TestCase { + + /** @var AuthSettingsController */ + private $controller; + private $request; + private $tokenProvider; + private $userManager; + private $session; + private $secureRandom; + private $uid; + + protected function setUp() { + parent::setUp(); + + $this->request = $this->getMock('\OCP\IRequest'); + $this->tokenProvider = $this->getMock('\OC\Authentication\Token\IProvider'); + $this->userManager = $this->getMock('\OCP\IUserManager'); + $this->session = $this->getMock('\OCP\ISession'); + $this->secureRandom = $this->getMock('\OCP\Security\ISecureRandom'); + $this->uid = 'jane'; + $this->user = $this->getMock('\OCP\IUser'); + + $this->controller = new AuthSettingsController('core', $this->request, $this->tokenProvider, $this->userManager, $this->session, $this->secureRandom, $this->uid); + } + + public function testIndex() { + $result = [ + 'token1', + 'token2', + ]; + $this->userManager->expects($this->once()) + ->method('get') + ->with($this->uid) + ->will($this->returnValue($this->user)); + $this->tokenProvider->expects($this->once()) + ->method('getTokenByUser') + ->with($this->user) + ->will($this->returnValue($result)); + + $this->assertEquals($result, $this->controller->index()); + } + + public function testCreate() { + $name = 'Nexus 4'; + $sessionToken = $this->getMock('\OC\Authentication\Token\IToken'); + $deviceToken = $this->getMock('\OC\Authentication\Token\IToken'); + $password = '123456'; + + $this->session->expects($this->once()) + ->method('getId') + ->will($this->returnValue('sessionid')); + $this->tokenProvider->expects($this->once()) + ->method('getToken') + ->with('sessionid') + ->will($this->returnValue($sessionToken)); + $this->tokenProvider->expects($this->once()) + ->method('getPassword') + ->with($sessionToken, 'sessionid') + ->will($this->returnValue($password)); + + $this->secureRandom->expects($this->exactly(4)) + ->method('generate') + ->with(5, implode('', range('A', 'Z'))) + ->will($this->returnValue('XXXXX')); + $newToken = 'XXXXX-XXXXX-XXXXX-XXXXX'; + + $this->tokenProvider->expects($this->once()) + ->method('generateToken') + ->with($newToken, $this->uid, $password, $name, IToken::PERMANENT_TOKEN) + ->will($this->returnValue($deviceToken)); + + $expected = [ + 'token' => $newToken, + 'deviceToken' => $deviceToken, + ]; + $this->assertEquals($expected, $this->controller->create($name)); + } + + public function testCreateSessionNotAvailable() { + $name = 'personal phone'; + + $this->session->expects($this->once()) + ->method('getId') + ->will($this->throwException(new SessionNotAvailableException())); + + $expected = new JSONResponse(); + $expected->setStatus(Http::STATUS_SERVICE_UNAVAILABLE); + + $this->assertEquals($expected, $this->controller->create($name)); + } + + public function testCreateInvalidToken() { + $name = 'Company IPhone'; + + $this->session->expects($this->once()) + ->method('getId') + ->will($this->returnValue('sessionid')); + $this->tokenProvider->expects($this->once()) + ->method('getToken') + ->with('sessionid') + ->will($this->throwException(new InvalidTokenException())); + + $expected = new JSONResponse(); + $expected->setStatus(Http::STATUS_SERVICE_UNAVAILABLE); + + $this->assertEquals($expected, $this->controller->create($name)); + } + + public function testDestroy() { + $id = 123; + $user = $this->getMock('\OCP\IUser'); + + $this->userManager->expects($this->once()) + ->method('get') + ->with($this->uid) + ->will($this->returnValue($user)); + $this->tokenProvider->expects($this->once()) + ->method('invalidateTokenById') + ->with($user, $id); + + $this->assertEquals([], $this->controller->destroy($id)); + } + +} |