diff options
| author | Git'Fellow <12234510+solracsf@users.noreply.github.com> | 2025-01-21 22:52:12 +0100 |
|---|---|---|
| committer | Git'Fellow <12234510+solracsf@users.noreply.github.com> | 2025-01-22 16:59:12 +0100 |
| commit | 3c208955241d2608d50eee355852bf21b7f33933 (patch) | |
| tree | 6f9199322b0ee711828e657e58209d6b794e6159 /lib/private/Authentication/Token | |
| parent | 250549cd031c6b62fd5728c531fed2bdc219e565 (diff) | |
| download | nextcloud-server-authPropertyPromotion.tar.gz nextcloud-server-authPropertyPromotion.zip | |
refactor(authentication): Use constructor property promotionauthPropertyPromotion
fix: error
Diffstat (limited to 'lib/private/Authentication/Token')
7 files changed, 79 insertions, 135 deletions
diff --git a/lib/private/Authentication/Token/IProvider.php b/lib/private/Authentication/Token/IProvider.php index d47427e79bf..4a30406e76b 100644 --- a/lib/private/Authentication/Token/IProvider.php +++ b/lib/private/Authentication/Token/IProvider.php @@ -19,12 +19,7 @@ interface IProvider { /** * Create and persist a new token * - * @param string $token - * @param string $uid - * @param string $loginName - * @param string|null $password * @param string $name Name will be trimmed to 120 chars when longer - * @param int $type token type * @param int $remember whether the session token should be used for remember-me * @return OCPIToken * @throws \RuntimeException when OpenSSL reports a problem diff --git a/lib/private/Authentication/Token/Manager.php b/lib/private/Authentication/Token/Manager.php index 6953f47b004..95bea8bee19 100644 --- a/lib/private/Authentication/Token/Manager.php +++ b/lib/private/Authentication/Token/Manager.php @@ -1,6 +1,7 @@ <?php declare(strict_types=1); + /** * SPDX-FileCopyrightText: 2018 Nextcloud GmbH and Nextcloud contributors * SPDX-License-Identifier: AGPL-3.0-or-later @@ -17,29 +18,23 @@ use OCP\Authentication\Token\IProvider as OCPIProvider; use OCP\Authentication\Token\IToken as OCPIToken; class Manager implements IProvider, OCPIProvider { - /** @var PublicKeyTokenProvider */ - private $publicKeyTokenProvider; - public function __construct(PublicKeyTokenProvider $publicKeyTokenProvider) { - $this->publicKeyTokenProvider = $publicKeyTokenProvider; + public function __construct( + private PublicKeyTokenProvider $publicKeyTokenProvider, + ) { } /** * Create and persist a new token * - * @param string $token - * @param string $uid - * @param string $loginName - * @param string|null $password * @param string $name Name will be trimmed to 120 chars when longer - * @param int $type token type * @param int $remember whether the session token should be used for remember-me * @return OCPIToken */ public function generateToken(string $token, string $uid, string $loginName, - $password, + ?string $password, string $name, int $type = OCPIToken::TEMPORARY_TOKEN, int $remember = OCPIToken::DO_NOT_REMEMBER, @@ -78,7 +73,6 @@ class Manager implements IProvider, OCPIProvider { /** * Save the updated token * - * @param OCPIToken $token * @throws InvalidTokenException */ public function updateToken(OCPIToken $token) { @@ -90,7 +84,6 @@ class Manager implements IProvider, OCPIProvider { * Update token activity timestamp * * @throws InvalidTokenException - * @param OCPIToken $token */ public function updateTokenActivity(OCPIToken $token) { $provider = $this->getProvider($token); @@ -98,7 +91,6 @@ class Manager implements IProvider, OCPIProvider { } /** - * @param string $uid * @return OCPIToken[] */ public function getTokenByUser(string $uid): array { @@ -108,10 +100,8 @@ class Manager implements IProvider, OCPIProvider { /** * Get a token by token * - * @param string $tokenId * @throws InvalidTokenException * @throws \RuntimeException when OpenSSL reports a problem - * @return OCPIToken */ public function getToken(string $tokenId): OCPIToken { try { @@ -128,9 +118,7 @@ class Manager implements IProvider, OCPIProvider { /** * Get a token by token id * - * @param int $tokenId * @throws InvalidTokenException - * @return OCPIToken */ public function getTokenById(int $tokenId): OCPIToken { try { @@ -145,10 +133,7 @@ class Manager implements IProvider, OCPIProvider { } /** - * @param string $oldSessionId - * @param string $sessionId * @throws InvalidTokenException - * @return OCPIToken */ public function renewSessionToken(string $oldSessionId, string $sessionId): OCPIToken { try { @@ -161,11 +146,8 @@ class Manager implements IProvider, OCPIProvider { } /** - * @param OCPIToken $savedToken - * @param string $tokenId session token * @throws InvalidTokenException * @throws PasswordlessTokenException - * @return string */ public function getPassword(OCPIToken $savedToken, string $tokenId): string { $provider = $this->getProvider($savedToken); @@ -194,10 +176,6 @@ class Manager implements IProvider, OCPIProvider { } /** - * @param OCPIToken $token - * @param string $oldTokenId - * @param string $newTokenId - * @return OCPIToken * @throws InvalidTokenException * @throws \RuntimeException when OpenSSL reports a problem */ @@ -211,8 +189,6 @@ class Manager implements IProvider, OCPIProvider { } /** - * @param OCPIToken $token - * @return IProvider * @throws InvalidTokenException */ private function getProvider(OCPIToken $token): IProvider { diff --git a/lib/private/Authentication/Token/PublicKeyToken.php b/lib/private/Authentication/Token/PublicKeyToken.php index be427ab4839..e2a025346ed 100644 --- a/lib/private/Authentication/Token/PublicKeyToken.php +++ b/lib/private/Authentication/Token/PublicKeyToken.php @@ -111,8 +111,6 @@ class PublicKeyToken extends Entity implements INamedToken, IWipeableToken { /** * Get the login name used when generating the token - * - * @return string */ public function getLoginName(): string { return parent::getLoginName(); @@ -137,8 +135,6 @@ class PublicKeyToken extends Entity implements INamedToken, IWipeableToken { /** * Get the timestamp of the last password check - * - * @return int */ public function getLastCheck(): int { return parent::getLastCheck(); diff --git a/lib/private/Authentication/Token/PublicKeyTokenMapper.php b/lib/private/Authentication/Token/PublicKeyTokenMapper.php index 9aabd69e57a..cd9a57f4478 100644 --- a/lib/private/Authentication/Token/PublicKeyTokenMapper.php +++ b/lib/private/Authentication/Token/PublicKeyTokenMapper.php @@ -25,7 +25,7 @@ class PublicKeyTokenMapper extends QBMapper { /** * Invalidate (delete) a given token */ - public function invalidate(string $token) { + public function invalidate(string $token): void { /* @var $qb IQueryBuilder */ $qb = $this->db->getQueryBuilder(); $qb->delete($this->tableName) @@ -34,12 +34,7 @@ class PublicKeyTokenMapper extends QBMapper { ->executeStatement(); } - /** - * @param int $olderThan - * @param int $type - * @param int|null $remember - */ - public function invalidateOld(int $olderThan, int $type = IToken::TEMPORARY_TOKEN, ?int $remember = null) { + public function invalidateOld(int $olderThan, int $type = IToken::TEMPORARY_TOKEN, ?int $remember = null): void { /* @var $qb IQueryBuilder */ $qb = $this->db->getQueryBuilder(); $delete = $qb->delete($this->tableName) @@ -146,10 +141,8 @@ class PublicKeyTokenMapper extends QBMapper { /** * delete all auth token which belong to a specific client if the client was deleted - * - * @param string $name */ - public function deleteByName(string $name) { + public function deleteByName(string $name): void { $qb = $this->db->getQueryBuilder(); $qb->delete($this->tableName) ->where($qb->expr()->eq('name', $qb->createNamedParameter($name), IQueryBuilder::PARAM_STR)) @@ -157,7 +150,7 @@ class PublicKeyTokenMapper extends QBMapper { $qb->executeStatement(); } - public function deleteTempToken(PublicKeyToken $except) { + public function deleteTempToken(PublicKeyToken $except): void { $qb = $this->db->getQueryBuilder(); $qb->delete($this->tableName) @@ -165,7 +158,6 @@ class PublicKeyTokenMapper extends QBMapper { ->andWhere($qb->expr()->eq('type', $qb->createNamedParameter(IToken::TEMPORARY_TOKEN))) ->andWhere($qb->expr()->neq('id', $qb->createNamedParameter($except->getId()))) ->andWhere($qb->expr()->eq('version', $qb->createNamedParameter(PublicKeyToken::VERSION, IQueryBuilder::PARAM_INT))); - $qb->executeStatement(); } diff --git a/lib/private/Authentication/Token/PublicKeyTokenProvider.php b/lib/private/Authentication/Token/PublicKeyTokenProvider.php index 12c3a1d535b..67f8cc6475b 100644 --- a/lib/private/Authentication/Token/PublicKeyTokenProvider.php +++ b/lib/private/Authentication/Token/PublicKeyTokenProvider.php @@ -32,48 +32,22 @@ class PublicKeyTokenProvider implements IProvider { use TTransactional; - /** @var PublicKeyTokenMapper */ - private $mapper; - - /** @var ICrypto */ - private $crypto; - - /** @var IConfig */ - private $config; - - private IDBConnection $db; - - /** @var LoggerInterface */ - private $logger; - - /** @var ITimeFactory */ - private $time; - /** @var ICache */ private $cache; - /** @var IHasher */ - private $hasher; - - public function __construct(PublicKeyTokenMapper $mapper, - ICrypto $crypto, - IConfig $config, - IDBConnection $db, - LoggerInterface $logger, - ITimeFactory $time, - IHasher $hasher, - ICacheFactory $cacheFactory) { - $this->mapper = $mapper; - $this->crypto = $crypto; - $this->config = $config; - $this->db = $db; - $this->logger = $logger; - $this->time = $time; - + public function __construct( + private PublicKeyTokenMapper $mapper, + private ICrypto $crypto, + private IConfig $config, + private IDBConnection $db, + private LoggerInterface $logger, + private ITimeFactory $time, + private IHasher $hasher, + private ICacheFactory $cacheFactory, + ) { $this->cache = $cacheFactory->isLocalCacheAvailable() ? $cacheFactory->createLocal('authtoken_') : $cacheFactory->createInMemory(); - $this->hasher = $hasher; } /** @@ -176,11 +150,7 @@ class PublicKeyTokenProvider implements IProvider { */ private function getTokenFromCache(string $tokenHash): ?PublicKeyToken { $serializedToken = $this->cache->get($tokenHash); - if ($serializedToken === false) { - return null; - } - - if ($serializedToken === null) { + if ($serializedToken === false || $serializedToken === null) { return null; } @@ -200,6 +170,9 @@ class PublicKeyTokenProvider implements IProvider { $this->cache->set($tokenHash, false, self::TOKEN_CACHE_TTL * 2); } + /** + * @throws InvalidTokenException when token doesn't exist + */ public function getTokenById(int $tokenId): OCPIToken { try { $token = $this->mapper->getTokenById($tokenId); @@ -212,6 +185,11 @@ class PublicKeyTokenProvider implements IProvider { return $token; } + /** + * @throws ExpiredTokenException + * @throws WipeTokenException + * @throws TokenPasswordExpiredException + */ private function checkToken($token): void { if ((int)$token->getExpires() !== 0 && $token->getExpires() < $this->time->getTime()) { throw new ExpiredTokenException($token); @@ -227,11 +205,14 @@ class PublicKeyTokenProvider implements IProvider { } } + /** + * @throws InvalidTokenException + */ public function renewSessionToken(string $oldSessionId, string $sessionId): OCPIToken { return $this->atomic(function () use ($oldSessionId, $sessionId) { $token = $this->getToken($oldSessionId); - if (!($token instanceof PublicKeyToken)) { + if (!$token instanceof PublicKeyToken) { throw new InvalidTokenException('Invalid token type'); } @@ -261,24 +242,25 @@ class PublicKeyTokenProvider implements IProvider { }, $this->db); } - public function invalidateToken(string $token) { + public function invalidateToken(string $token): void { $tokenHash = $this->hashToken($token); $this->mapper->invalidate($this->hashToken($token)); $this->mapper->invalidate($this->hashTokenWithEmptySecret($token)); $this->cacheInvalidHash($tokenHash); } - public function invalidateTokenById(string $uid, int $id) { + public function invalidateTokenById(string $uid, int $id): void { $token = $this->mapper->getTokenById($id); if ($token->getUID() !== $uid) { return; } - $this->mapper->invalidate($token->getToken()); - $this->cacheInvalidHash($token->getToken()); + $tokenId = $token->getToken(); + $this->mapper->invalidate($tokenId); + $this->cacheInvalidHash($tokenId); } - public function invalidateOldTokens() { + public function invalidateOldTokens(): void { $olderThan = $this->time->getTime() - $this->config->getSystemValueInt('session_lifetime', 60 * 60 * 24); $this->logger->debug('Invalidating session tokens older than ' . date('c', $olderThan), ['app' => 'cron']); $this->mapper->invalidateOld($olderThan, OCPIToken::TEMPORARY_TOKEN, OCPIToken::DO_NOT_REMEMBER); @@ -300,16 +282,22 @@ class PublicKeyTokenProvider implements IProvider { $this->mapper->invalidateLastUsedBefore($uid, $before); } - public function updateToken(OCPIToken $token) { - if (!($token instanceof PublicKeyToken)) { + /** + * @throws InvalidTokenException + */ + public function updateToken(OCPIToken $token): void { + if (!$token instanceof PublicKeyToken) { throw new InvalidTokenException('Invalid token type'); } $this->mapper->update($token); $this->cacheToken($token); } - public function updateTokenActivity(OCPIToken $token) { - if (!($token instanceof PublicKeyToken)) { + /** + * @throws InvalidTokenException + */ + public function updateTokenActivity(OCPIToken $token): void { + if (!$token instanceof PublicKeyToken) { throw new InvalidTokenException('Invalid token type'); } @@ -329,8 +317,12 @@ class PublicKeyTokenProvider implements IProvider { return $this->mapper->getTokenByUser($uid); } + /** + * @throws InvalidTokenException + * @throws PasswordlessTokenException + */ public function getPassword(OCPIToken $savedToken, string $tokenId): string { - if (!($savedToken instanceof PublicKeyToken)) { + if (!$savedToken instanceof PublicKeyToken) { throw new InvalidTokenException('Invalid token type'); } @@ -345,8 +337,11 @@ class PublicKeyTokenProvider implements IProvider { return $this->decryptPassword($savedToken->getPassword(), $privateKey); } - public function setPassword(OCPIToken $token, string $tokenId, string $password) { - if (!($token instanceof PublicKeyToken)) { + /** + * @throws InvalidTokenException + */ + public function setPassword(OCPIToken $token, string $tokenId, string $password): void { + if (!$token instanceof PublicKeyToken) { throw new InvalidTokenException('Invalid token type'); } @@ -370,8 +365,11 @@ class PublicKeyTokenProvider implements IProvider { return $this->hasher->hash(sha1($password) . $password); } + /** + * @throws InvalidTokenException + */ public function rotate(OCPIToken $token, string $oldTokenId, string $newTokenId): OCPIToken { - if (!($token instanceof PublicKeyToken)) { + if (!$token instanceof PublicKeyToken) { throw new InvalidTokenException('Invalid token type'); } @@ -493,8 +491,11 @@ class PublicKeyTokenProvider implements IProvider { return $dbToken; } - public function markPasswordInvalid(OCPIToken $token, string $tokenId) { - if (!($token instanceof PublicKeyToken)) { + /** + * @throws InvalidTokenException + */ + public function markPasswordInvalid(OCPIToken $token, string $tokenId): void { + if (!$token instanceof PublicKeyToken) { throw new InvalidTokenException('Invalid token type'); } @@ -503,7 +504,7 @@ class PublicKeyTokenProvider implements IProvider { $this->cacheToken($token); } - public function updatePasswords(string $uid, string $password) { + public function updatePasswords(string $uid, string $password): void { // prevent setting an empty pw as result of pw-less-login if ($password === '' || !$this->config->getSystemValueBool('auth.storeCryptedPassword', true)) { return; @@ -556,7 +557,7 @@ class PublicKeyTokenProvider implements IProvider { }, $this->db); } - private function logOpensslError() { + private function logOpensslError(): void { $errors = []; while ($error = openssl_error_string()) { $errors[] = $error; diff --git a/lib/private/Authentication/Token/RemoteWipe.php b/lib/private/Authentication/Token/RemoteWipe.php index 80ba330b66d..6dc0aa738ba 100644 --- a/lib/private/Authentication/Token/RemoteWipe.php +++ b/lib/private/Authentication/Token/RemoteWipe.php @@ -18,27 +18,15 @@ use Psr\Log\LoggerInterface; use function array_filter; class RemoteWipe { - /** @var IProvider */ - private $tokenProvider; - /** @var IEventDispatcher */ - private $eventDispatcher; - - /** @var LoggerInterface */ - private $logger; - - public function __construct(IProvider $tokenProvider, - IEventDispatcher $eventDispatcher, - LoggerInterface $logger) { - $this->tokenProvider = $tokenProvider; - $this->eventDispatcher = $eventDispatcher; - $this->logger = $logger; + public function __construct( + private IProvider $tokenProvider, + private IEventDispatcher $eventDispatcher, + private LoggerInterface $logger, + ) { } /** - * @param IToken $token - * @return bool - * * @throws InvalidTokenException * @throws WipeTokenException */ @@ -54,8 +42,6 @@ class RemoteWipe { } /** - * @param IUser $user - * * @return bool true if any tokens have been marked for remote wipe */ public function markAllTokensForWipe(IUser $user): bool { @@ -79,8 +65,6 @@ class RemoteWipe { } /** - * @param string $token - * * @return bool whether wiping was started * @throws InvalidTokenException * @@ -106,8 +90,6 @@ class RemoteWipe { } /** - * @param string $token - * * @return bool whether wiping could be finished * @throws InvalidTokenException */ diff --git a/lib/private/Authentication/Token/TokenCleanupJob.php b/lib/private/Authentication/Token/TokenCleanupJob.php index 041d2e8a5e2..c109cd3fb72 100644 --- a/lib/private/Authentication/Token/TokenCleanupJob.php +++ b/lib/private/Authentication/Token/TokenCleanupJob.php @@ -9,11 +9,13 @@ use OCP\AppFramework\Utility\ITimeFactory; use OCP\BackgroundJob\TimedJob; class TokenCleanupJob extends TimedJob { - private IProvider $provider; - public function __construct(ITimeFactory $time, IProvider $provider) { + public function __construct( + ITimeFactory $time, + private IProvider $provider, + ) { parent::__construct($time); - $this->provider = $provider; + // Run once a day at off-peak time $this->setInterval(24 * 60 * 60); $this->setTimeSensitivity(self::TIME_INSENSITIVE); |