aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorCôme Chilliet <come.chilliet@nextcloud.com>2024-01-04 12:20:14 +0100
committerbackportbot-nextcloud[bot] <backportbot-nextcloud[bot]@users.noreply.github.com>2024-01-11 18:00:59 +0000
commit360e7ffcca0940400317d238cfce751b6b10d058 (patch)
tree62b3ef5224cd966a02291f63363fb6b75eb850c9
parent2b378f6ab2a64a4a22ebbb9883883116aa1de0fa (diff)
downloadnextcloud-server-360e7ffcca0940400317d238cfce751b6b10d058.tar.gz
nextcloud-server-360e7ffcca0940400317d238cfce751b6b10d058.zip
Always catch OCP versions of authentication exceptions
And always throw OC versions for BC Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
-rw-r--r--apps/oauth2/lib/Controller/OauthApiController.php4
-rw-r--r--apps/oauth2/lib/Migration/SetTokenExpiration.php2
-rw-r--r--apps/settings/lib/Controller/AuthSettingsController.php12
-rw-r--r--apps/settings/lib/Settings/Personal/Security/Authtokens.php2
-rw-r--r--core/Controller/AppPasswordController.php2
-rw-r--r--core/Controller/ClientFlowLoginController.php5
-rw-r--r--core/Controller/ClientFlowLoginV2Controller.php5
-rw-r--r--core/Controller/WipeController.php2
-rw-r--r--core/Service/LoginFlowV2Service.php2
-rw-r--r--lib/private/Authentication/LoginCredentials/Store.php2
-rw-r--r--lib/private/Authentication/Token/Manager.php13
-rw-r--r--lib/private/Authentication/Token/RemoteWipe.php4
-rw-r--r--lib/private/Authentication/TwoFactorAuth/Manager.php2
-rw-r--r--lib/private/Session/Internal.php2
-rw-r--r--lib/private/User/Session.php4
15 files changed, 34 insertions, 29 deletions
diff --git a/apps/oauth2/lib/Controller/OauthApiController.php b/apps/oauth2/lib/Controller/OauthApiController.php
index dfb952a0951..46b68b1d585 100644
--- a/apps/oauth2/lib/Controller/OauthApiController.php
+++ b/apps/oauth2/lib/Controller/OauthApiController.php
@@ -28,8 +28,6 @@ declare(strict_types=1);
*/
namespace OCA\OAuth2\Controller;
-use OC\Authentication\Exceptions\ExpiredTokenException;
-use OC\Authentication\Exceptions\InvalidTokenException;
use OC\Authentication\Token\IProvider as TokenProvider;
use OCA\OAuth2\Db\AccessTokenMapper;
use OCA\OAuth2\Db\ClientMapper;
@@ -39,6 +37,8 @@ use OCP\AppFramework\Controller;
use OCP\AppFramework\Http;
use OCP\AppFramework\Http\JSONResponse;
use OCP\AppFramework\Utility\ITimeFactory;
+use OCP\Authentication\Exceptions\ExpiredTokenException;
+use OCP\Authentication\Exceptions\InvalidTokenException;
use OCP\DB\Exception;
use OCP\IRequest;
use OCP\Security\Bruteforce\IThrottler;
diff --git a/apps/oauth2/lib/Migration/SetTokenExpiration.php b/apps/oauth2/lib/Migration/SetTokenExpiration.php
index 696d3b7f04a..5a5c5ff4781 100644
--- a/apps/oauth2/lib/Migration/SetTokenExpiration.php
+++ b/apps/oauth2/lib/Migration/SetTokenExpiration.php
@@ -26,10 +26,10 @@ declare(strict_types=1);
*/
namespace OCA\OAuth2\Migration;
-use OC\Authentication\Exceptions\InvalidTokenException;
use OC\Authentication\Token\IProvider as TokenProvider;
use OCA\OAuth2\Db\AccessToken;
use OCP\AppFramework\Utility\ITimeFactory;
+use OCP\Authentication\Exceptions\InvalidTokenException;
use OCP\IDBConnection;
use OCP\Migration\IOutput;
use OCP\Migration\IRepairStep;
diff --git a/apps/settings/lib/Controller/AuthSettingsController.php b/apps/settings/lib/Controller/AuthSettingsController.php
index c0dc8cbac85..cfff6582074 100644
--- a/apps/settings/lib/Controller/AuthSettingsController.php
+++ b/apps/settings/lib/Controller/AuthSettingsController.php
@@ -32,10 +32,8 @@
namespace OCA\Settings\Controller;
use BadMethodCallException;
-use OC\Authentication\Exceptions\ExpiredTokenException;
-use OC\Authentication\Exceptions\InvalidTokenException;
+use OC\Authentication\Exceptions\InvalidTokenException as OcInvalidTokenException;
use OC\Authentication\Exceptions\PasswordlessTokenException;
-use OC\Authentication\Exceptions\WipeTokenException;
use OC\Authentication\Token\INamedToken;
use OC\Authentication\Token\IProvider;
use OC\Authentication\Token\IToken;
@@ -45,6 +43,9 @@ use OCP\Activity\IManager;
use OCP\AppFramework\Controller;
use OCP\AppFramework\Http;
use OCP\AppFramework\Http\JSONResponse;
+use OCP\Authentication\Exceptions\ExpiredTokenException;
+use OCP\Authentication\Exceptions\InvalidTokenException;
+use OCP\Authentication\Exceptions\WipeTokenException;
use OCP\IRequest;
use OCP\ISession;
use OCP\IUserSession;
@@ -292,7 +293,8 @@ class AuthSettingsController extends Controller {
$token = $e->getToken();
}
if ($token->getUID() !== $this->uid) {
- throw new InvalidTokenException('This token does not belong to you!');
+ /* We have to throw the OC version so both OC and OCP catches catch it */
+ throw new OcInvalidTokenException('This token does not belong to you!');
}
return $token;
}
@@ -305,7 +307,7 @@ class AuthSettingsController extends Controller {
* @param int $id
* @return JSONResponse
* @throws InvalidTokenException
- * @throws \OC\Authentication\Exceptions\ExpiredTokenException
+ * @throws ExpiredTokenException
*/
public function wipe(int $id): JSONResponse {
if ($this->checkAppToken()) {
diff --git a/apps/settings/lib/Settings/Personal/Security/Authtokens.php b/apps/settings/lib/Settings/Personal/Security/Authtokens.php
index e713344ce88..9a7405fb7a2 100644
--- a/apps/settings/lib/Settings/Personal/Security/Authtokens.php
+++ b/apps/settings/lib/Settings/Personal/Security/Authtokens.php
@@ -25,12 +25,12 @@ declare(strict_types=1);
*/
namespace OCA\Settings\Settings\Personal\Security;
-use OC\Authentication\Exceptions\InvalidTokenException;
use OC\Authentication\Token\INamedToken;
use OC\Authentication\Token\IProvider as IAuthTokenProvider;
use OC\Authentication\Token\IToken;
use OCP\AppFramework\Http\TemplateResponse;
use OCP\AppFramework\Services\IInitialState;
+use OCP\Authentication\Exceptions\InvalidTokenException;
use OCP\ISession;
use OCP\IUserSession;
use OCP\Session\Exceptions\SessionNotAvailableException;
diff --git a/core/Controller/AppPasswordController.php b/core/Controller/AppPasswordController.php
index 205381e83c1..a4b7791997a 100644
--- a/core/Controller/AppPasswordController.php
+++ b/core/Controller/AppPasswordController.php
@@ -29,13 +29,13 @@ declare(strict_types=1);
namespace OC\Core\Controller;
use OC\Authentication\Events\AppPasswordCreatedEvent;
-use OC\Authentication\Exceptions\InvalidTokenException;
use OC\Authentication\Token\IProvider;
use OC\Authentication\Token\IToken;
use OCP\AppFramework\Http;
use OCP\AppFramework\Http\DataResponse;
use OCP\AppFramework\OCS\OCSForbiddenException;
use OCP\Authentication\Exceptions\CredentialsUnavailableException;
+use OCP\Authentication\Exceptions\InvalidTokenException;
use OCP\Authentication\Exceptions\PasswordUnavailableException;
use OCP\Authentication\LoginCredentials\IStore;
use OCP\EventDispatcher\IEventDispatcher;
diff --git a/core/Controller/ClientFlowLoginController.php b/core/Controller/ClientFlowLoginController.php
index 07a78ba368b..57f57bbf887 100644
--- a/core/Controller/ClientFlowLoginController.php
+++ b/core/Controller/ClientFlowLoginController.php
@@ -33,7 +33,7 @@
namespace OC\Core\Controller;
use OC\Authentication\Events\AppPasswordCreatedEvent;
-use OC\Authentication\Exceptions\InvalidTokenException;
+use OC\Authentication\Exceptions\InvalidTokenException as OcInvalidTokenException;
use OC\Authentication\Exceptions\PasswordlessTokenException;
use OC\Authentication\Token\IProvider;
use OC\Authentication\Token\IToken;
@@ -47,6 +47,7 @@ use OCP\AppFramework\Http\Attribute\UseSession;
use OCP\AppFramework\Http\Response;
use OCP\AppFramework\Http\StandaloneTemplateResponse;
use OCP\AppFramework\Utility\ITimeFactory;
+use OCP\Authentication\Exceptions\InvalidTokenException;
use OCP\Defaults;
use OCP\EventDispatcher\IEventDispatcher;
use OCP\IL10N;
@@ -331,7 +332,7 @@ class ClientFlowLoginController extends Controller {
try {
$token = $this->tokenProvider->getToken($password);
if ($token->getLoginName() !== $user) {
- throw new InvalidTokenException('login name does not match');
+ throw new OcInvalidTokenException('login name does not match');
}
} catch (InvalidTokenException $e) {
$response = new StandaloneTemplateResponse(
diff --git a/core/Controller/ClientFlowLoginV2Controller.php b/core/Controller/ClientFlowLoginV2Controller.php
index 8aafabf9892..df522096272 100644
--- a/core/Controller/ClientFlowLoginV2Controller.php
+++ b/core/Controller/ClientFlowLoginV2Controller.php
@@ -27,7 +27,7 @@ declare(strict_types=1);
*/
namespace OC\Core\Controller;
-use OC\Authentication\Exceptions\InvalidTokenException;
+use OC\Authentication\Exceptions\InvalidTokenException as OcInvalidTokenException;
use OC\Core\Db\LoginFlowV2;
use OC\Core\Exception\LoginFlowV2NotFoundException;
use OC\Core\Service\LoginFlowV2Service;
@@ -40,6 +40,7 @@ use OCP\AppFramework\Http\JSONResponse;
use OCP\AppFramework\Http\RedirectResponse;
use OCP\AppFramework\Http\Response;
use OCP\AppFramework\Http\StandaloneTemplateResponse;
+use OCP\Authentication\Exceptions\InvalidTokenException;
use OCP\Defaults;
use OCP\IL10N;
use OCP\IRequest;
@@ -211,7 +212,7 @@ class ClientFlowLoginV2Controller extends Controller {
try {
$token = \OC::$server->get(\OC\Authentication\Token\IProvider::class)->getToken($password);
if ($token->getLoginName() !== $user) {
- throw new InvalidTokenException('login name does not match');
+ throw new OcInvalidTokenException('login name does not match');
}
} catch (InvalidTokenException $e) {
$response = new StandaloneTemplateResponse(
diff --git a/core/Controller/WipeController.php b/core/Controller/WipeController.php
index 537fd7126f6..c18b74e4b96 100644
--- a/core/Controller/WipeController.php
+++ b/core/Controller/WipeController.php
@@ -26,11 +26,11 @@ declare(strict_types=1);
*/
namespace OC\Core\Controller;
-use OC\Authentication\Exceptions\InvalidTokenException;
use OC\Authentication\Token\RemoteWipe;
use OCP\AppFramework\Controller;
use OCP\AppFramework\Http;
use OCP\AppFramework\Http\JSONResponse;
+use OCP\Authentication\Exceptions\InvalidTokenException;
use OCP\IRequest;
class WipeController extends Controller {
diff --git a/core/Service/LoginFlowV2Service.php b/core/Service/LoginFlowV2Service.php
index 7e254672ebd..e6a2d93b77d 100644
--- a/core/Service/LoginFlowV2Service.php
+++ b/core/Service/LoginFlowV2Service.php
@@ -26,7 +26,6 @@ declare(strict_types=1);
*/
namespace OC\Core\Service;
-use OC\Authentication\Exceptions\InvalidTokenException;
use OC\Authentication\Exceptions\PasswordlessTokenException;
use OC\Authentication\Token\IProvider;
use OC\Authentication\Token\IToken;
@@ -37,6 +36,7 @@ use OC\Core\Db\LoginFlowV2Mapper;
use OC\Core\Exception\LoginFlowV2NotFoundException;
use OCP\AppFramework\Db\DoesNotExistException;
use OCP\AppFramework\Utility\ITimeFactory;
+use OCP\Authentication\Exceptions\InvalidTokenException;
use OCP\IConfig;
use OCP\Security\ICrypto;
use OCP\Security\ISecureRandom;
diff --git a/lib/private/Authentication/LoginCredentials/Store.php b/lib/private/Authentication/LoginCredentials/Store.php
index e1e29946446..2e00ac211c1 100644
--- a/lib/private/Authentication/LoginCredentials/Store.php
+++ b/lib/private/Authentication/LoginCredentials/Store.php
@@ -26,10 +26,10 @@ declare(strict_types=1);
*/
namespace OC\Authentication\LoginCredentials;
-use OC\Authentication\Exceptions\InvalidTokenException;
use OC\Authentication\Exceptions\PasswordlessTokenException;
use OC\Authentication\Token\IProvider;
use OCP\Authentication\Exceptions\CredentialsUnavailableException;
+use OCP\Authentication\Exceptions\InvalidTokenException;
use OCP\Authentication\LoginCredentials\ICredentials;
use OCP\Authentication\LoginCredentials\IStore;
use OCP\ISession;
diff --git a/lib/private/Authentication/Token/Manager.php b/lib/private/Authentication/Token/Manager.php
index 18ec687cac2..9154092f25a 100644
--- a/lib/private/Authentication/Token/Manager.php
+++ b/lib/private/Authentication/Token/Manager.php
@@ -28,10 +28,11 @@ declare(strict_types=1);
namespace OC\Authentication\Token;
use Doctrine\DBAL\Exception\UniqueConstraintViolationException;
-use OC\Authentication\Exceptions\ExpiredTokenException;
-use OC\Authentication\Exceptions\InvalidTokenException;
-use OC\Authentication\Exceptions\PasswordlessTokenException;
-use OC\Authentication\Exceptions\WipeTokenException;
+use OC\Authentication\Exceptions\InvalidTokenException as OcInvalidTokenException;
+use OCP\Authentication\Exceptions\ExpiredTokenException;
+use OCP\Authentication\Exceptions\InvalidTokenException;
+use OCP\Authentication\Exceptions\PasswordlessTokenException;
+use OCP\Authentication\Exceptions\WipeTokenException;
use OCP\Authentication\Token\IProvider as OCPIProvider;
class Manager implements IProvider, OCPIProvider {
@@ -221,7 +222,7 @@ class Manager implements IProvider, OCPIProvider {
return $this->publicKeyTokenProvider->rotate($token, $oldTokenId, $newTokenId);
}
- throw new InvalidTokenException();
+ throw new OcInvalidTokenException();
}
/**
@@ -233,7 +234,7 @@ class Manager implements IProvider, OCPIProvider {
if ($token instanceof PublicKeyToken) {
return $this->publicKeyTokenProvider;
}
- throw new InvalidTokenException();
+ throw new OcInvalidTokenException();
}
diff --git a/lib/private/Authentication/Token/RemoteWipe.php b/lib/private/Authentication/Token/RemoteWipe.php
index e4882f678d9..f5267764e24 100644
--- a/lib/private/Authentication/Token/RemoteWipe.php
+++ b/lib/private/Authentication/Token/RemoteWipe.php
@@ -29,8 +29,8 @@ namespace OC\Authentication\Token;
use OC\Authentication\Events\RemoteWipeFinished;
use OC\Authentication\Events\RemoteWipeStarted;
-use OC\Authentication\Exceptions\InvalidTokenException;
-use OC\Authentication\Exceptions\WipeTokenException;
+use OCP\Authentication\Exceptions\InvalidTokenException;
+use OCP\Authentication\Exceptions\WipeTokenException;
use OCP\EventDispatcher\IEventDispatcher;
use OCP\IUser;
use Psr\Log\LoggerInterface;
diff --git a/lib/private/Authentication/TwoFactorAuth/Manager.php b/lib/private/Authentication/TwoFactorAuth/Manager.php
index 4defcb9a585..3870c797f8d 100644
--- a/lib/private/Authentication/TwoFactorAuth/Manager.php
+++ b/lib/private/Authentication/TwoFactorAuth/Manager.php
@@ -29,10 +29,10 @@ namespace OC\Authentication\TwoFactorAuth;
use BadMethodCallException;
use Exception;
-use OC\Authentication\Exceptions\InvalidTokenException;
use OC\Authentication\Token\IProvider as TokenProvider;
use OCP\Activity\IManager;
use OCP\AppFramework\Utility\ITimeFactory;
+use OCP\Authentication\Exceptions\InvalidTokenException;
use OCP\Authentication\TwoFactorAuth\IActivatableAtLogin;
use OCP\Authentication\TwoFactorAuth\IProvider;
use OCP\Authentication\TwoFactorAuth\IRegistry;
diff --git a/lib/private/Session/Internal.php b/lib/private/Session/Internal.php
index e8e2a4f2d8e..5fb9b05c5f4 100644
--- a/lib/private/Session/Internal.php
+++ b/lib/private/Session/Internal.php
@@ -33,8 +33,8 @@ declare(strict_types=1);
*/
namespace OC\Session;
-use OC\Authentication\Exceptions\InvalidTokenException;
use OC\Authentication\Token\IProvider;
+use OCP\Authentication\Exceptions\InvalidTokenException;
use OCP\Session\Exceptions\SessionNotAvailableException;
/**
diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php
index 5689de3995f..02a7a7e9e16 100644
--- a/lib/private/User/Session.php
+++ b/lib/private/User/Session.php
@@ -39,8 +39,6 @@
namespace OC\User;
use OC;
-use OC\Authentication\Exceptions\ExpiredTokenException;
-use OC\Authentication\Exceptions\InvalidTokenException;
use OC\Authentication\Exceptions\PasswordlessTokenException;
use OC\Authentication\Exceptions\PasswordLoginForbiddenException;
use OC\Authentication\Token\IProvider;
@@ -51,6 +49,8 @@ use OC_User;
use OC_Util;
use OCA\DAV\Connector\Sabre\Auth;
use OCP\AppFramework\Utility\ITimeFactory;
+use OCP\Authentication\Exceptions\ExpiredTokenException;
+use OCP\Authentication\Exceptions\InvalidTokenException;
use OCP\EventDispatcher\GenericEvent;
use OCP\EventDispatcher\IEventDispatcher;
use OCP\Files\NotPermittedException;