Merge pull request #17415 from nextcloud/backport/17397/stable17

[stable17] Fix updating and deleting authtokens

2 files changed, 51 insertions, 2 deletions

diff --git a/settings/Controller/AuthSettingsController.php b/settings/Controller/AuthSettingsController.php
index da9414dcb10..1d6e26d0f73 100644
--- a/settings/Controller/AuthSettingsController.php
+++ b/settings/Controller/AuthSettingsController.php
@@ -29,6 +29,7 @@ namespace OC\Settings\Controller;
 
 use BadMethodCallException;
 use OC\Authentication\Exceptions\InvalidTokenException;
+use OC\Authentication\Exceptions\ExpiredTokenException;
 use OC\Authentication\Exceptions\PasswordlessTokenException;
 use OC\Authentication\Exceptions\WipeTokenException;
 use OC\Authentication\Token\INamedToken;
@@ -248,10 +249,13 @@ class AuthSettingsController extends Controller {
 	 * @param int $id
 	 * @return IToken
 	 * @throws InvalidTokenException
-	 * @throws \OC\Authentication\Exceptions\ExpiredTokenException
 	 */
 	private function findTokenByIdAndUser(int $id): IToken {
-		$token = $this->tokenProvider->getTokenById($id);
+		try {
+			$token = $this->tokenProvider->getTokenById($id);
+		} catch (ExpiredTokenException $e) {
+			$token = $e->getToken();
+		}
 		if ($token->getUID() !== $this->uid) {
 			throw new InvalidTokenException('This token does not belong to you!');
 		}
diff --git a/tests/Settings/Controller/AuthSettingsControllerTest.php b/tests/Settings/Controller/AuthSettingsControllerTest.php
index d335abc98a3..113d24089ec 100644
--- a/tests/Settings/Controller/AuthSettingsControllerTest.php
+++ b/tests/Settings/Controller/AuthSettingsControllerTest.php
@@ -23,6 +23,7 @@ namespace Test\Settings\Controller;
 
 use OC\AppFramework\Http;
 use OC\Authentication\Exceptions\InvalidTokenException;
+use OC\Authentication\Exceptions\ExpiredTokenException;
 use OC\Authentication\Token\DefaultToken;
 use OC\Authentication\Token\IProvider;
 use OC\Authentication\Token\IToken;
@@ -183,6 +184,30 @@ class AuthSettingsControllerTest extends TestCase {
 		$this->assertEquals([], $this->controller->destroy($tokenId));
 	}
 
+	public function testDestroyExpired() {
+		$tokenId = 124;
+		$token = $this->createMock(DefaultToken::class);
+
+		$token->expects($this->exactly(2))
+			->method('getId')
+			->willReturn($tokenId);
+
+		$token->expects($this->once())
+			->method('getUID')
+			->willReturn($this->uid);
+
+		$this->tokenProvider->expects($this->once())
+			->method('getTokenById')
+			->with($this->equalTo($tokenId))
+			->willThrowException(new ExpiredTokenException($token));
+
+		$this->tokenProvider->expects($this->once())
+			->method('invalidateTokenById')
+			->with($this->uid, $tokenId);
+
+		$this->assertSame([], $this->controller->destroy($tokenId));
+	}
+
 	public function testDestroyWrongUser() {
 		$tokenId = 124;
 		$token = $this->createMock(DefaultToken::class);
@@ -315,6 +340,26 @@ class AuthSettingsControllerTest extends TestCase {
 		$this->assertSame([], $this->controller->update($tokenId, ['filesystem' => true], 'App password'));
 	}
 
+	public function testUpdateExpired() {
+		$tokenId = 42;
+		$token = $this->createMock(DefaultToken::class);
+
+		$token->expects($this->once())
+			->method('getUID')
+			->willReturn($this->uid);
+
+		$this->tokenProvider->expects($this->once())
+			->method('getTokenById')
+			->with($this->equalTo($tokenId))
+			->willThrowException(new ExpiredTokenException($token));
+
+		$this->tokenProvider->expects($this->once())
+			->method('updateToken')
+			->with($this->equalTo($token));
+
+		$this->assertSame([], $this->controller->update($tokenId, ['filesystem' => true], 'App password'));
+	}
+
 	public function testUpdateTokenWrongUser() {
 		$tokenId = 42;
 		$token = $this->createMock(DefaultToken::class);