diff options
| author | Roeland Jago Douma <rullzer@users.noreply.github.com> | 2019-09-04 10:49:10 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-09-04 10:49:10 +0200 |
| commit | ca0fbaca8c0b6a548e175a1b259879d1aee40cd7 (patch) | |
| tree | 4925ec7216f2b5b33c5eb793c822884bacde137b | |
| parent | 560b9851e505116bda090d4db53c98a6e6d21fe3 (diff) | |
| parent | cd1f44380461774f58127c19e92815cfa4a8957d (diff) | |
| download | nextcloud-server-ca0fbaca8c0b6a548e175a1b259879d1aee40cd7.tar.gz nextcloud-server-ca0fbaca8c0b6a548e175a1b259879d1aee40cd7.zip | |
Merge pull request #16882 from nextcloud/enh/apppassword_rotation
Allow rotation of apppasswords
| -rw-r--r-- | core/Controller/AppPasswordController.php | 24 | ||||
| -rw-r--r-- | core/routes.php | 1 |
2 files changed, 25 insertions, 0 deletions
diff --git a/core/Controller/AppPasswordController.php b/core/Controller/AppPasswordController.php index 01ca1e2597b..a66acb3c5f3 100644 --- a/core/Controller/AppPasswordController.php +++ b/core/Controller/AppPasswordController.php @@ -138,4 +138,28 @@ class AppPasswordController extends \OCP\AppFramework\OCSController { $this->tokenProvider->invalidateTokenById($token->getUID(), $token->getId()); return new DataResponse(); } + + /** + * @NoAdminRequired + */ + public function rotateAppPassword(): DataResponse { + if (!$this->session->exists('app_password')) { + throw new OCSForbiddenException('no app password in use'); + } + + $appPassword = $this->session->get('app_password'); + + try { + $token = $this->tokenProvider->getToken($appPassword); + } catch (InvalidTokenException $e) { + throw new OCSForbiddenException('could not rotate apptoken'); + } + + $newToken = $this->random->generate(72, ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_DIGITS); + $this->tokenProvider->rotate($token, $appPassword, $newToken); + + return new DataResponse([ + 'apppassword' => $newToken, + ]); + } } diff --git a/core/routes.php b/core/routes.php index ec8f995304d..829fa8576c8 100644 --- a/core/routes.php +++ b/core/routes.php @@ -107,6 +107,7 @@ $application->registerRoutes($this, [ ['root' => '/core', 'name' => 'WhatsNew#get', 'url' => '/whatsnew', 'verb' => 'GET'], ['root' => '/core', 'name' => 'WhatsNew#dismiss', 'url' => '/whatsnew', 'verb' => 'POST'], ['root' => '/core', 'name' => 'AppPassword#getAppPassword', 'url' => '/getapppassword', 'verb' => 'GET'], + ['root' => '/core', 'name' => 'AppPassword#rotateAppPassword', 'url' => '/apppassword/rotate', 'verb' => 'POST'], ['root' => '/core', 'name' => 'AppPassword#deleteAppPassword', 'url' => '/apppassword', 'verb' => 'DELETE'], ['root' => '/collaboration', 'name' => 'CollaborationResources#searchCollections', 'url' => '/resources/collections/search/{filter}', 'verb' => 'GET'], |