diff options
| author | Christoph Wurst <christoph@owncloud.com> | 2016-04-26 11:32:35 +0200 |
|---|---|---|
| committer | Thomas Müller <thomas.mueller@tmit.eu> | 2016-05-11 13:36:46 +0200 |
| commit | 3ab922601a2e6b9b170007461b9e0718c70bddcd (patch) | |
| tree | 77f04125c2d7c422f74f4583cf116da7a9ff56c9 /lib/private/Authentication/Token | |
| parent | 2fa5e0a24e34b109fcd4adb98932e9537884bc9a (diff) | |
| download | nextcloud-server-3ab922601a2e6b9b170007461b9e0718c70bddcd.tar.gz nextcloud-server-3ab922601a2e6b9b170007461b9e0718c70bddcd.zip | |
Check if session token is valid and log user out if the check fails
* Update last_activity timestamp of the session token
* Check user backend credentials once in 5 minutes
Diffstat (limited to 'lib/private/Authentication/Token')
| -rw-r--r-- | lib/private/Authentication/Token/DefaultToken.php | 7 | ||||
| -rw-r--r-- | lib/private/Authentication/Token/DefaultTokenMapper.php | 6 | ||||
| -rw-r--r-- | lib/private/Authentication/Token/DefaultTokenProvider.php | 67 |
3 files changed, 66 insertions, 14 deletions
diff --git a/lib/private/Authentication/Token/DefaultToken.php b/lib/private/Authentication/Token/DefaultToken.php index 9bdae789afd..6b859d7d063 100644 --- a/lib/private/Authentication/Token/DefaultToken.php +++ b/lib/private/Authentication/Token/DefaultToken.php @@ -51,13 +51,8 @@ class DefaultToken extends Entity implements IToken { */ protected $lastActivity; - /** - * Get the token ID - * - * @return string - */ public function getId() { - return $this->token; + return $this->id; } } diff --git a/lib/private/Authentication/Token/DefaultTokenMapper.php b/lib/private/Authentication/Token/DefaultTokenMapper.php index 9a73192c0d8..d54d2489399 100644 --- a/lib/private/Authentication/Token/DefaultTokenMapper.php +++ b/lib/private/Authentication/Token/DefaultTokenMapper.php @@ -61,10 +61,10 @@ class DefaultTokenMapper extends Mapper { * * @param string $token * @throws DoesNotExistException - * @return string + * @return DefaultToken */ - public function getTokenUser($token) { - $sql = 'SELECT `uid` ' + public function getToken($token) { + $sql = 'SELECT `id`, `uid`, `password`, `name`, `token`, `last_activity` ' . 'FROM `' . $this->getTableName() . '` ' . 'WHERE `token` = ?'; return $this->findEntity($sql, [ diff --git a/lib/private/Authentication/Token/DefaultTokenProvider.php b/lib/private/Authentication/Token/DefaultTokenProvider.php index 71f798da370..b3564e0e81b 100644 --- a/lib/private/Authentication/Token/DefaultTokenProvider.php +++ b/lib/private/Authentication/Token/DefaultTokenProvider.php @@ -48,8 +48,7 @@ class DefaultTokenProvider implements IProvider { * @param IConfig $config * @param ILogger $logger */ - public function __construct(DefaultTokenMapper $mapper, ICrypto $crypto, - IConfig $config, ILogger $logger) { + public function __construct(DefaultTokenMapper $mapper, ICrypto $crypto, IConfig $config, ILogger $logger) { $this->mapper = $mapper; $this->crypto = $crypto; $this->config = $config; @@ -67,8 +66,7 @@ class DefaultTokenProvider implements IProvider { public function generateToken($token, $uid, $password, $name) { $dbToken = new DefaultToken(); $dbToken->setUid($uid); - $secret = $this->config->getSystemValue('secret'); - $dbToken->setPassword($this->crypto->encrypt($password . $secret)); + $dbToken->setPassword($this->encryptPassword($password, $token)); $dbToken->setName($name); $dbToken->setToken($this->hashToken($token)); $dbToken->setLastActivity(time()); @@ -79,6 +77,37 @@ class DefaultTokenProvider implements IProvider { } /** + * Update token activity timestamp + * + * @param DefaultToken $token + */ + public function updateToken(DefaultToken $token) { + $token->setLastActivity(time()); + + $this->mapper->update($token); + } + + /** + * @param string $token + * @throws InvalidTokenException + */ + public function getToken($token) { + try { + return $this->mapper->getToken($this->hashToken($token)); + } catch (DoesNotExistException $ex) { + throw new InvalidTokenException(); + } + } + + /** + * @param DefaultToken $savedToken + * @param string $token session token + */ + public function getPassword(DefaultToken $savedToken, $token) { + return $this->decryptPassword($savedToken->getPassword(), $token); + } + + /** * Invalidate (delete) the given session token * * @param string $token @@ -104,7 +133,7 @@ class DefaultTokenProvider implements IProvider { public function validateToken($token) { $this->logger->debug('validating default token <' . $token . '>'); try { - $dbToken = $this->mapper->getTokenUser($this->hashToken($token)); + $dbToken = $this->mapper->getToken($this->hashToken($token)); $this->logger->debug('valid token for ' . $dbToken->getUid()); return $dbToken->getUid(); } catch (DoesNotExistException $ex) { @@ -121,4 +150,32 @@ class DefaultTokenProvider implements IProvider { return hash('sha512', $token); } + /** + * Encrypt the given password + * + * The token is used as key + * + * @param string $password + * @param string $token + * @return string encrypted password + */ + private function encryptPassword($password, $token) { + $secret = $this->config->getSystemValue('secret'); + return $this->crypto->encrypt($password, $token . $secret); + } + + /** + * Decrypt the given password + * + * The token is used as key + * + * @param string $password + * @param string $token + * @return string the decrypted key + */ + private function decryptPassword($password, $token) { + $secret = $this->config->getSystemValue('secret'); + return $this->crypto->decrypt($password, $token . $secret); + } + } |