diff options
| author | Christoph Wurst <christoph@winzerhof-wurst.at> | 2020-06-15 16:09:39 +0200 |
|---|---|---|
| committer | Christoph Wurst <christoph@winzerhof-wurst.at> | 2020-06-15 19:24:04 +0200 |
| commit | 3474afa9381e587e45c43a84079cae28c05a3433 (patch) | |
| tree | d26a7c3c56249c74c63f901a7f8f35d299c75ce0 /lib/private/Authentication | |
| parent | 2d262a1a032d5e603905fb3aba7744ef0a98cf86 (diff) | |
| download | nextcloud-server-3474afa9381e587e45c43a84079cae28c05a3433.tar.gz nextcloud-server-3474afa9381e587e45c43a84079cae28c05a3433.zip | |
Clean up auth tokens when user is deleted
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Diffstat (limited to 'lib/private/Authentication')
| -rw-r--r-- | lib/private/Authentication/Listeners/UserDeletedTokenCleanupListener.php | 72 |
1 files changed, 72 insertions, 0 deletions
diff --git a/lib/private/Authentication/Listeners/UserDeletedTokenCleanupListener.php b/lib/private/Authentication/Listeners/UserDeletedTokenCleanupListener.php new file mode 100644 index 00000000000..d6238eb5ac8 --- /dev/null +++ b/lib/private/Authentication/Listeners/UserDeletedTokenCleanupListener.php @@ -0,0 +1,72 @@ +<?php + +declare(strict_types=1); + +/** + * @copyright 2020 Christoph Wurst <christoph@winzerhof-wurst.at> + * + * @author 2020 Christoph Wurst <christoph@winzerhof-wurst.at> + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +namespace OC\Authentication\Listeners; + +use OC\Authentication\Token\Manager; +use OCP\EventDispatcher\Event; +use OCP\EventDispatcher\IEventListener; +use OCP\ILogger; +use OCP\User\Events\UserDeletedEvent; +use Throwable; + +class UserDeletedTokenCleanupListener implements IEventListener { + + /** @var Manager */ + private $manager; + + /** @var ILogger */ + private $logger; + + public function __construct(Manager $manager, + ILogger $logger) { + $this->manager = $manager; + $this->logger = $logger; + } + + public function handle(Event $event): void { + if (!($event instanceof UserDeletedEvent)) { + // Unrelated + return; + } + + /** + * Catch any exception during this process as any failure here shouldn't block the + * user deletion. + */ + try { + $uid = $event->getUser()->getUID(); + $tokens = $this->manager->getTokenByUser($uid); + foreach ($tokens as $token) { + $this->manager->invalidateTokenById($uid, $token->getId()); + } + } catch (Throwable $e) { + $this->logger->logException($e, [ + 'message' => 'Could not clean up auth tokens after user deletion: ' . $e->getMessage(), + 'error' => ILogger::ERROR, + ]); + } + } +} |