summaryrefslogtreecommitdiffstats
path: root/core/Controller/AppPasswordController.php
diff options
context:
space:
mode:
authorRoeland Jago Douma <roeland@famdouma.nl>2019-08-27 13:46:06 +0200
committerRoeland Jago Douma <roeland@famdouma.nl>2019-08-27 13:46:06 +0200
commitcd1f44380461774f58127c19e92815cfa4a8957d (patch)
treedc3c1b8cc208cc3ee9dde2f26290fc049d20ae68 /core/Controller/AppPasswordController.php
parentb7577b6401cb68a6a1f4dc9090facb79a6438753 (diff)
downloadnextcloud-server-cd1f44380461774f58127c19e92815cfa4a8957d.tar.gz
nextcloud-server-cd1f44380461774f58127c19e92815cfa4a8957d.zip
Allow rotation of apppasswords
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Diffstat (limited to 'core/Controller/AppPasswordController.php')
-rw-r--r--core/Controller/AppPasswordController.php24
1 files changed, 24 insertions, 0 deletions
diff --git a/core/Controller/AppPasswordController.php b/core/Controller/AppPasswordController.php
index 01ca1e2597b..a66acb3c5f3 100644
--- a/core/Controller/AppPasswordController.php
+++ b/core/Controller/AppPasswordController.php
@@ -138,4 +138,28 @@ class AppPasswordController extends \OCP\AppFramework\OCSController {
$this->tokenProvider->invalidateTokenById($token->getUID(), $token->getId());
return new DataResponse();
}
+
+ /**
+ * @NoAdminRequired
+ */
+ public function rotateAppPassword(): DataResponse {
+ if (!$this->session->exists('app_password')) {
+ throw new OCSForbiddenException('no app password in use');
+ }
+
+ $appPassword = $this->session->get('app_password');
+
+ try {
+ $token = $this->tokenProvider->getToken($appPassword);
+ } catch (InvalidTokenException $e) {
+ throw new OCSForbiddenException('could not rotate apptoken');
+ }
+
+ $newToken = $this->random->generate(72, ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_DIGITS);
+ $this->tokenProvider->rotate($token, $appPassword, $newToken);
+
+ return new DataResponse([
+ 'apppassword' => $newToken,
+ ]);
+ }
}