summaryrefslogtreecommitdiffstats
path: root/core
diff options
context:
space:
mode:
authorRoeland Jago Douma <rullzer@users.noreply.github.com>2019-09-04 10:49:10 +0200
committerGitHub <noreply@github.com>2019-09-04 10:49:10 +0200
commitca0fbaca8c0b6a548e175a1b259879d1aee40cd7 (patch)
tree4925ec7216f2b5b33c5eb793c822884bacde137b /core
parent560b9851e505116bda090d4db53c98a6e6d21fe3 (diff)
parentcd1f44380461774f58127c19e92815cfa4a8957d (diff)
downloadnextcloud-server-ca0fbaca8c0b6a548e175a1b259879d1aee40cd7.tar.gz
nextcloud-server-ca0fbaca8c0b6a548e175a1b259879d1aee40cd7.zip
Merge pull request #16882 from nextcloud/enh/apppassword_rotation
Allow rotation of apppasswords
Diffstat (limited to 'core')
-rw-r--r--core/Controller/AppPasswordController.php24
-rw-r--r--core/routes.php1
2 files changed, 25 insertions, 0 deletions
diff --git a/core/Controller/AppPasswordController.php b/core/Controller/AppPasswordController.php
index 01ca1e2597b..a66acb3c5f3 100644
--- a/core/Controller/AppPasswordController.php
+++ b/core/Controller/AppPasswordController.php
@@ -138,4 +138,28 @@ class AppPasswordController extends \OCP\AppFramework\OCSController {
$this->tokenProvider->invalidateTokenById($token->getUID(), $token->getId());
return new DataResponse();
}
+
+ /**
+ * @NoAdminRequired
+ */
+ public function rotateAppPassword(): DataResponse {
+ if (!$this->session->exists('app_password')) {
+ throw new OCSForbiddenException('no app password in use');
+ }
+
+ $appPassword = $this->session->get('app_password');
+
+ try {
+ $token = $this->tokenProvider->getToken($appPassword);
+ } catch (InvalidTokenException $e) {
+ throw new OCSForbiddenException('could not rotate apptoken');
+ }
+
+ $newToken = $this->random->generate(72, ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_DIGITS);
+ $this->tokenProvider->rotate($token, $appPassword, $newToken);
+
+ return new DataResponse([
+ 'apppassword' => $newToken,
+ ]);
+ }
}
diff --git a/core/routes.php b/core/routes.php
index ec8f995304d..829fa8576c8 100644
--- a/core/routes.php
+++ b/core/routes.php
@@ -107,6 +107,7 @@ $application->registerRoutes($this, [
['root' => '/core', 'name' => 'WhatsNew#get', 'url' => '/whatsnew', 'verb' => 'GET'],
['root' => '/core', 'name' => 'WhatsNew#dismiss', 'url' => '/whatsnew', 'verb' => 'POST'],
['root' => '/core', 'name' => 'AppPassword#getAppPassword', 'url' => '/getapppassword', 'verb' => 'GET'],
+ ['root' => '/core', 'name' => 'AppPassword#rotateAppPassword', 'url' => '/apppassword/rotate', 'verb' => 'POST'],
['root' => '/core', 'name' => 'AppPassword#deleteAppPassword', 'url' => '/apppassword', 'verb' => 'DELETE'],
['root' => '/collaboration', 'name' => 'CollaborationResources#searchCollections', 'url' => '/resources/collections/search/{filter}', 'verb' => 'GET'],