diff options
| author | Roeland Jago Douma <roeland@famdouma.nl> | 2019-10-07 14:05:57 +0200 |
|---|---|---|
| committer | Christoph Wurst <christoph@winzerhof-wurst.at> | 2019-12-02 18:57:13 +0100 |
| commit | b371e735cf457c9c36d88270713fb4dd605a24e9 (patch) | |
| tree | 22350ba6c070c6029abe257c5b83d93108a8a5bd /lib/private/Authentication | |
| parent | 407c2c13ab7d2322127198b7a2ab77990c7b2190 (diff) | |
| download | nextcloud-server-b371e735cf457c9c36d88270713fb4dd605a24e9.tar.gz nextcloud-server-b371e735cf457c9c36d88270713fb4dd605a24e9.zip | |
Throw an invalid token exception is token is marked outdated
This avoids hitting the backend with multiple requests for the same
token. And will help avoid quick LDAP lockouts.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Diffstat (limited to 'lib/private/Authentication')
| -rw-r--r-- | lib/private/Authentication/Exceptions/TokenPasswordExpiredException.php | 29 | ||||
| -rw-r--r-- | lib/private/Authentication/Token/PublicKeyTokenProvider.php | 11 |
2 files changed, 40 insertions, 0 deletions
diff --git a/lib/private/Authentication/Exceptions/TokenPasswordExpiredException.php b/lib/private/Authentication/Exceptions/TokenPasswordExpiredException.php new file mode 100644 index 00000000000..6719037b4a0 --- /dev/null +++ b/lib/private/Authentication/Exceptions/TokenPasswordExpiredException.php @@ -0,0 +1,29 @@ +<?php +declare(strict_types=1); +/** + * @copyright Copyright (c) 2019, Roeland Jago Douma <roeland@famdouma.nl> + * + * @author Roeland Jago Douma <roeland@famdouma.nl> + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ + +namespace OC\Authentication\Exceptions; + +class TokenPasswordExpiredException extends ExpiredTokenException { + +} diff --git a/lib/private/Authentication/Token/PublicKeyTokenProvider.php b/lib/private/Authentication/Token/PublicKeyTokenProvider.php index 624e2c0cadc..19987bec253 100644 --- a/lib/private/Authentication/Token/PublicKeyTokenProvider.php +++ b/lib/private/Authentication/Token/PublicKeyTokenProvider.php @@ -25,6 +25,7 @@ namespace OC\Authentication\Token; use OC\Authentication\Exceptions\ExpiredTokenException; use OC\Authentication\Exceptions\InvalidTokenException; +use OC\Authentication\Exceptions\TokenPasswordExpiredException; use OC\Authentication\Exceptions\PasswordlessTokenException; use OC\Authentication\Exceptions\WipeTokenException; use OC\Cache\CappedMemoryCache; @@ -108,6 +109,11 @@ class PublicKeyTokenProvider implements IProvider { throw new WipeTokenException($token); } + if ($token->getPasswordInvalid() === true) { + //The password is invalid we should throw an TokenPasswordExpiredException + throw new TokenPasswordExpiredException($token); + } + return $token; } @@ -126,6 +132,11 @@ class PublicKeyTokenProvider implements IProvider { throw new WipeTokenException($token); } + if ($token->getPasswordInvalid() === true) { + //The password is invalid we should throw an TokenPasswordExpiredException + throw new TokenPasswordExpiredException($token); + } + return $token; } |