diff options
| author | Joas Schilling <213943+nickvergessen@users.noreply.github.com> | 2023-02-10 01:29:30 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-02-10 01:29:30 +0100 |
| commit | e47d56ac36d0f1d3e47392a7d9688decf847e1bc (patch) | |
| tree | 3baa0951b87e0dd63338c719dbd4ff23f69a77f8 /lib/private/Authentication | |
| parent | f0b6a6f3079cb5c8f1d907a4c96a35b626bc2a7a (diff) | |
| parent | a81d8ecef54374615b142483047ece092b326baa (diff) | |
| download | nextcloud-server-e47d56ac36d0f1d3e47392a7d9688decf847e1bc.tar.gz nextcloud-server-e47d56ac36d0f1d3e47392a7d9688decf847e1bc.zip | |
Merge pull request #36621 from nextcloud/perf/noid/only-check-for-token-when-it-can-actually-be
fix(performance): Only search for auth tokens when the provided login…
Diffstat (limited to 'lib/private/Authentication')
| -rw-r--r-- | lib/private/Authentication/Token/PublicKeyTokenProvider.php | 31 |
1 files changed, 30 insertions, 1 deletions
diff --git a/lib/private/Authentication/Token/PublicKeyTokenProvider.php b/lib/private/Authentication/Token/PublicKeyTokenProvider.php index e64abcd231f..84708065070 100644 --- a/lib/private/Authentication/Token/PublicKeyTokenProvider.php +++ b/lib/private/Authentication/Token/PublicKeyTokenProvider.php @@ -46,6 +46,8 @@ use OCP\Security\IHasher; use Psr\Log\LoggerInterface; class PublicKeyTokenProvider implements IProvider { + public const TOKEN_MIN_LENGTH = 22; + use TTransactional; /** @var PublicKeyTokenMapper */ @@ -98,6 +100,12 @@ class PublicKeyTokenProvider implements IProvider { string $name, int $type = IToken::TEMPORARY_TOKEN, int $remember = IToken::DO_NOT_REMEMBER): IToken { + if (strlen($token) < self::TOKEN_MIN_LENGTH) { + $exception = new InvalidTokenException('Token is too short, minimum of ' . self::TOKEN_MIN_LENGTH . ' characters is required, ' . strlen($token) . ' characters given'); + $this->logger->error('Invalid token provided when generating new token', ['exception' => $exception]); + throw $exception; + } + if (mb_strlen($name) > 128) { $name = mb_substr($name, 0, 120) . '…'; } @@ -126,6 +134,27 @@ class PublicKeyTokenProvider implements IProvider { } public function getToken(string $tokenId): IToken { + /** + * Token length: 72 + * @see \OC\Core\Controller\ClientFlowLoginController::generateAppPassword + * @see \OC\Core\Controller\AppPasswordController::getAppPassword + * @see \OC\Core\Command\User\AddAppPassword::execute + * @see \OC\Core\Service\LoginFlowV2Service::flowDone + * @see \OCA\Talk\MatterbridgeManager::generatePassword + * @see \OCA\Preferred_Providers\Controller\PasswordController::generateAppPassword + * @see \OCA\GlobalSiteSelector\TokenHandler::generateAppPassword + * + * Token length: 22-256 - https://www.php.net/manual/en/session.configuration.php#ini.session.sid-length + * @see \OC\User\Session::createSessionToken + * + * Token length: 29 + * @see \OCA\Settings\Controller\AuthSettingsController::generateRandomDeviceToken + * @see \OCA\Registration\Service\RegistrationService::generateAppPassword + */ + if (strlen($tokenId) < self::TOKEN_MIN_LENGTH) { + throw new InvalidTokenException('Token is too short for a generated token, should be the password during basic auth'); + } + $tokenHash = $this->hashToken($tokenId); if (isset($this->cache[$tokenHash])) { @@ -136,7 +165,7 @@ class PublicKeyTokenProvider implements IProvider { $token = $this->cache[$tokenHash]; } else { try { - $token = $this->mapper->getToken($this->hashToken($tokenId)); + $token = $this->mapper->getToken($tokenHash); $this->cache[$token->getToken()] = $token; } catch (DoesNotExistException $ex) { try { |