diff options
author | Robin Appelman <robin@icewind.nl> | 2020-05-15 17:09:57 +0200 |
---|---|---|
committer | Morris Jobke <hey@morrisjobke.de> | 2020-07-30 11:43:15 +0200 |
commit | c864e5dfc245e1de1bed6b73e11e5b3a4cdf65b7 (patch) | |
tree | 41b68d23787a4f4b3c6f61b8f5357816439936af /apps | |
parent | 7ad0f66fc437a63d9b4deac3cd74814882acd6f0 (diff) | |
download | nextcloud-server-c864e5dfc245e1de1bed6b73e11e5b3a4cdf65b7.tar.gz nextcloud-server-c864e5dfc245e1de1bed6b73e11e5b3a4cdf65b7.zip |
remove saved credentails if the user no longer has any storage configured using them
Signed-off-by: Robin Appelman <robin@icewind.nl>
Diffstat (limited to 'apps')
-rw-r--r-- | apps/files_external/appinfo/info.xml | 4 | ||||
-rw-r--r-- | apps/files_external/lib/BackgroundJob/CredentialsCleanup.php | 69 | ||||
-rw-r--r-- | apps/files_external/lib/Service/UserGlobalStoragesService.php | 13 |
3 files changed, 82 insertions, 4 deletions
diff --git a/apps/files_external/appinfo/info.xml b/apps/files_external/appinfo/info.xml index c2ac25bcea9..03a8845d3d6 100644 --- a/apps/files_external/appinfo/info.xml +++ b/apps/files_external/appinfo/info.xml @@ -31,6 +31,10 @@ External storage can be configured using the GUI or at the command line. This se <nextcloud min-version="20" max-version="20"/> </dependencies> + <background-jobs> + <job>OCA\Files_External\BackgroundJob\CredentialsCleanup</job> + </background-jobs> + <commands> <command>OCA\Files_External\Command\ListCommand</command> <command>OCA\Files_External\Command\Config</command> diff --git a/apps/files_external/lib/BackgroundJob/CredentialsCleanup.php b/apps/files_external/lib/BackgroundJob/CredentialsCleanup.php new file mode 100644 index 00000000000..80cb51f1573 --- /dev/null +++ b/apps/files_external/lib/BackgroundJob/CredentialsCleanup.php @@ -0,0 +1,69 @@ +<?php + +declare(strict_types=1); +/** + * @copyright Copyright (c) 2020 Robin Appelman <robin@icewind.nl> + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ + +namespace OCA\Files_External\BackgroundJob; + +use OCA\Files_External\Lib\Auth\Password\LoginCredentials; +use OCA\Files_External\Lib\StorageConfig; +use OCA\Files_External\Service\UserGlobalStoragesService; +use OCP\AppFramework\Utility\ITimeFactory; +use OCP\BackgroundJob\TimedJob; +use OCP\Security\ICredentialsManager; +use OCP\IUser; +use OCP\IUserManager; + +class CredentialsCleanup extends TimedJob { + private $credentialsManager; + private $userGlobalStoragesService; + private $userManager; + + public function __construct( + ITimeFactory $time, + ICredentialsManager $credentialsManager, + UserGlobalStoragesService $userGlobalStoragesService, + IUserManager $userManager + ) { + parent::__construct($time); + + $this->credentialsManager = $credentialsManager; + $this->userGlobalStoragesService = $userGlobalStoragesService; + $this->userManager = $userManager; + + // run every day + $this->setInterval(24 * 60 * 60); + } + + protected function run($argument) { + $this->userManager->callForSeenUsers(function (IUser $user) { + $storages = $this->userGlobalStoragesService->getAllStoragesForUser($user); + + $usesLoginCredentials = array_reduce($storages, function (bool $uses, StorageConfig $storage) { + return $uses || $storage->getAuthMechanism() instanceof LoginCredentials; + }, false); + + if (!$usesLoginCredentials) { + $this->credentialsManager->delete($user->getUID(), LoginCredentials::CREDENTIALS_IDENTIFIER); + } + }); + } +} diff --git a/apps/files_external/lib/Service/UserGlobalStoragesService.php b/apps/files_external/lib/Service/UserGlobalStoragesService.php index 7b9af773233..b8ea137428f 100644 --- a/apps/files_external/lib/Service/UserGlobalStoragesService.php +++ b/apps/files_external/lib/Service/UserGlobalStoragesService.php @@ -27,6 +27,7 @@ namespace OCA\Files_External\Service; use OCA\Files_External\Lib\StorageConfig; use OCP\Files\Config\IUserMountCache; use OCP\IGroupManager; +use OCP\IUser; use OCP\IUserSession; /** @@ -177,14 +178,18 @@ class UserGlobalStoragesService extends GlobalStoragesService { /** * Gets all storages for the user, admin, personal, global, etc * + * @param IUser|null $user user to get the storages for, if not set the currently logged in user will be used * @return StorageConfig[] array of storage configs */ - public function getAllStoragesForUser() { - if (is_null($this->getUser())) { + public function getAllStoragesForUser(IUser $user = null) { + if (is_null($user)) { + $user = $this->getUser(); + } + if (is_null($user)) { return []; } - $groupIds = $this->groupManager->getUserGroupIds($this->getUser()); - $mounts = $this->dbConfig->getMountsForUser($this->getUser()->getUID(), $groupIds); + $groupIds = $this->groupManager->getUserGroupIds($user); + $mounts = $this->dbConfig->getMountsForUser($user->getUID(), $groupIds); $configs = array_map([$this, 'getStorageConfigFromDBMount'], $mounts); $configs = array_filter($configs, function ($config) { return $config instanceof StorageConfig; |