diff options
| author | Julien Veyssier <julien-nc@posteo.net> | 2024-01-22 12:34:47 +0100 |
|---|---|---|
| committer | Julien Veyssier <julien-nc@posteo.net> | 2024-01-22 13:26:01 +0100 |
| commit | 3f19bf7660b3659cab2ba5345a930425423ff345 (patch) | |
| tree | 4ccaf9c635dbfd64de8c48c2fa7f775ec44a10fa /core | |
| parent | 9282aa900db2561cc9f1a62fbb1a1960769d57e1 (diff) | |
| download | nextcloud-server-3f19bf7660b3659cab2ba5345a930425423ff345.tar.gz nextcloud-server-3f19bf7660b3659cab2ba5345a930425423ff345.zip | |
make OAuth2 authorization code expire
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
Diffstat (limited to 'core')
| -rw-r--r-- | core/Controller/ClientFlowLoginController.php | 33 |
1 files changed, 20 insertions, 13 deletions
diff --git a/core/Controller/ClientFlowLoginController.php b/core/Controller/ClientFlowLoginController.php index 85a793bd92b..3179b577df3 100644 --- a/core/Controller/ClientFlowLoginController.php +++ b/core/Controller/ClientFlowLoginController.php @@ -44,6 +44,7 @@ use OCP\AppFramework\Http; use OCP\AppFramework\Http\Attribute\UseSession; use OCP\AppFramework\Http\Response; use OCP\AppFramework\Http\StandaloneTemplateResponse; +use OCP\AppFramework\Utility\ITimeFactory; use OCP\Defaults; use OCP\EventDispatcher\IEventDispatcher; use OCP\IL10N; @@ -68,22 +69,26 @@ class ClientFlowLoginController extends Controller { private AccessTokenMapper $accessTokenMapper; private ICrypto $crypto; private IEventDispatcher $eventDispatcher; + private ITimeFactory $timeFactory; public const STATE_NAME = 'client.flow.state.token'; - public function __construct(string $appName, - IRequest $request, - IUserSession $userSession, - IL10N $l10n, - Defaults $defaults, - ISession $session, - IProvider $tokenProvider, - ISecureRandom $random, - IURLGenerator $urlGenerator, - ClientMapper $clientMapper, - AccessTokenMapper $accessTokenMapper, - ICrypto $crypto, - IEventDispatcher $eventDispatcher) { + public function __construct( + string $appName, + IRequest $request, + IUserSession $userSession, + IL10N $l10n, + Defaults $defaults, + ISession $session, + IProvider $tokenProvider, + ISecureRandom $random, + IURLGenerator $urlGenerator, + ClientMapper $clientMapper, + AccessTokenMapper $accessTokenMapper, + ICrypto $crypto, + IEventDispatcher $eventDispatcher, + ITimeFactory $timeFactory + ) { parent::__construct($appName, $request); $this->userSession = $userSession; $this->l10n = $l10n; @@ -96,6 +101,7 @@ class ClientFlowLoginController extends Controller { $this->accessTokenMapper = $accessTokenMapper; $this->crypto = $crypto; $this->eventDispatcher = $eventDispatcher; + $this->timeFactory = $timeFactory; } private function getClientName(): string { @@ -305,6 +311,7 @@ class ClientFlowLoginController extends Controller { $accessToken->setEncryptedToken($this->crypto->encrypt($token, $code)); $accessToken->setHashedCode(hash('sha512', $code)); $accessToken->setTokenId($generatedToken->getId()); + $accessToken->setCodeCreatedAt($this->timeFactory->now()->getTimestamp()); $this->accessTokenMapper->insert($accessToken); $redirectUri = $client->getRedirectUri(); |