diff options
author | Roeland Jago Douma <roeland@famdouma.nl> | 2019-08-27 13:46:06 +0200 |
---|---|---|
committer | Roeland Jago Douma <roeland@famdouma.nl> | 2019-08-27 13:46:06 +0200 |
commit | cd1f44380461774f58127c19e92815cfa4a8957d (patch) | |
tree | dc3c1b8cc208cc3ee9dde2f26290fc049d20ae68 /core/Controller/AppPasswordController.php | |
parent | b7577b6401cb68a6a1f4dc9090facb79a6438753 (diff) | |
download | nextcloud-server-cd1f44380461774f58127c19e92815cfa4a8957d.tar.gz nextcloud-server-cd1f44380461774f58127c19e92815cfa4a8957d.zip |
Allow rotation of apppasswords
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Diffstat (limited to 'core/Controller/AppPasswordController.php')
-rw-r--r-- | core/Controller/AppPasswordController.php | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/core/Controller/AppPasswordController.php b/core/Controller/AppPasswordController.php index 01ca1e2597b..a66acb3c5f3 100644 --- a/core/Controller/AppPasswordController.php +++ b/core/Controller/AppPasswordController.php @@ -138,4 +138,28 @@ class AppPasswordController extends \OCP\AppFramework\OCSController { $this->tokenProvider->invalidateTokenById($token->getUID(), $token->getId()); return new DataResponse(); } + + /** + * @NoAdminRequired + */ + public function rotateAppPassword(): DataResponse { + if (!$this->session->exists('app_password')) { + throw new OCSForbiddenException('no app password in use'); + } + + $appPassword = $this->session->get('app_password'); + + try { + $token = $this->tokenProvider->getToken($appPassword); + } catch (InvalidTokenException $e) { + throw new OCSForbiddenException('could not rotate apptoken'); + } + + $newToken = $this->random->generate(72, ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_DIGITS); + $this->tokenProvider->rotate($token, $appPassword, $newToken); + + return new DataResponse([ + 'apppassword' => $newToken, + ]); + } } |