summaryrefslogtreecommitdiffstats
path: root/lib/private/Authentication
diff options
context:
space:
mode:
authorChristoph Wurst <christoph@owncloud.com>2016-04-25 14:10:55 +0200
committerThomas Müller <thomas.mueller@tmit.eu>2016-05-11 13:36:46 +0200
commitd8cde414bd13c327ec2edaf1ae38380073c93e3e (patch)
treea9b49e4cf7717d0af6c09bb412b589811e1547d2 /lib/private/Authentication
parentf39e163d4a6ee63444bfb6a797e12a482bd0a49f (diff)
downloadnextcloud-server-d8cde414bd13c327ec2edaf1ae38380073c93e3e.tar.gz
nextcloud-server-d8cde414bd13c327ec2edaf1ae38380073c93e3e.zip
token based auth
* Add InvalidTokenException * add DefaultTokenMapper and use it to check if a auth token exists * create new token for the browser session if none exists hash stored token; save user agent * encrypt login password when creating the token
Diffstat (limited to 'lib/private/Authentication')
-rw-r--r--lib/private/Authentication/Exceptions/InvalidTokenException.php29
-rw-r--r--lib/private/Authentication/Token/DefaultToken.php58
-rw-r--r--lib/private/Authentication/Token/DefaultTokenMapper.php43
-rw-r--r--lib/private/Authentication/Token/DefaultTokenProvider.php91
-rw-r--r--lib/private/Authentication/Token/IProvider.php35
-rw-r--r--lib/private/Authentication/Token/IToken.php36
6 files changed, 292 insertions, 0 deletions
diff --git a/lib/private/Authentication/Exceptions/InvalidTokenException.php b/lib/private/Authentication/Exceptions/InvalidTokenException.php
new file mode 100644
index 00000000000..3e52d3b78f0
--- /dev/null
+++ b/lib/private/Authentication/Exceptions/InvalidTokenException.php
@@ -0,0 +1,29 @@
+<?php
+
+/**
+ * @author Christoph Wurst <christoph@owncloud.com>
+ *
+ * @copyright Copyright (c) 2016, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+namespace OC\Authentication\Exceptions;
+
+use Exception;
+
+class InvalidTokenException extends Exception {
+
+}
diff --git a/lib/private/Authentication/Token/DefaultToken.php b/lib/private/Authentication/Token/DefaultToken.php
new file mode 100644
index 00000000000..28aee555601
--- /dev/null
+++ b/lib/private/Authentication/Token/DefaultToken.php
@@ -0,0 +1,58 @@
+<?php
+
+/**
+ * @author Christoph Wurst <christoph@owncloud.com>
+ *
+ * @copyright Copyright (c) 2016, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+namespace OC\Authentication\Token;
+
+use OCP\AppFramework\Db\Entity;
+
+class DefaultToken extends Entity implements IToken {
+
+ /**
+ * @var string user UID
+ */
+ protected $uid;
+
+ /**
+ * @var string encrypted user password
+ */
+ protected $password;
+
+ /**
+ * @var string token name (e.g. browser/OS)
+ */
+ protected $name;
+
+ /**
+ * @var string
+ */
+ protected $token;
+
+ /**
+ * Get the token ID
+ *
+ * @return string
+ */
+ public function getId() {
+ return $token;
+ }
+
+}
diff --git a/lib/private/Authentication/Token/DefaultTokenMapper.php b/lib/private/Authentication/Token/DefaultTokenMapper.php
new file mode 100644
index 00000000000..35989d0d350
--- /dev/null
+++ b/lib/private/Authentication/Token/DefaultTokenMapper.php
@@ -0,0 +1,43 @@
+<?php
+
+/**
+ * @author Christoph Wurst <christoph@owncloud.com>
+ *
+ * @copyright Copyright (c) 2016, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+namespace OC\Authentication\Token;
+
+use OCP\AppFramework\Db\Mapper;
+use OCP\IDBConnection;
+
+class DefaultTokenMapper extends Mapper {
+
+ public function __construct(IDBConnection $db) {
+ parent::__construct($db, 'authtoken');
+ }
+
+ public function getTokenUser($token) {
+ $sql = 'SELECT `uid` '
+ . 'FROM `' . $this->getTableName() . '` '
+ . 'WHERE `token` = ?';
+ return $this->findEntity($sql, [
+ $token
+ ]);
+ }
+
+}
diff --git a/lib/private/Authentication/Token/DefaultTokenProvider.php b/lib/private/Authentication/Token/DefaultTokenProvider.php
new file mode 100644
index 00000000000..c8aa396526b
--- /dev/null
+++ b/lib/private/Authentication/Token/DefaultTokenProvider.php
@@ -0,0 +1,91 @@
+<?php
+
+/**
+ * @author Christoph Wurst <christoph@owncloud.com>
+ *
+ * @copyright Copyright (c) 2016, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+namespace OC\Authentication\Token;
+
+use OC\Authentication\Exceptions\InvalidTokenException;
+use OCP\AppFramework\Db\DoesNotExistException;
+use OCP\IConfig;
+use OCP\ILogger;
+use OCP\Security\ICrypto;
+
+class DefaultTokenProvider implements IProvider {
+
+ /** @var DefaultTokenMapper */
+ private $mapper;
+
+ /** @var ICrypto */
+ private $crypto;
+
+ /** @var IConfig */
+ private $config;
+
+ /** @var ILogger $logger */
+ private $logger;
+
+ public function __construct(DefaultTokenMapper $mapper, ICrypto $crypto,
+ IConfig $config, ILogger $logger) {
+ $this->mapper = $mapper;
+ $this->crypto = $crypto;
+ $this->config = $config;
+ $this->logger = $logger;
+ }
+
+ /**
+ * Create and persist a new token
+ *
+ * @param string $token
+ * @param string $uid
+ * @param string $password
+ * @return DefaultToken
+ */
+ public function generateToken($token, $uid, $password, $name) {
+ $dbToken = new DefaultToken();
+ $dbToken->setUid($uid);
+ $secret = $this->config->getSystemValue('secret');
+ $dbToken->setPassword($this->crypto->encrypt($password . $secret));
+ $dbToken->setName($name);
+ $dbToken->setToken(hash('sha512', $token));
+
+ $this->mapper->insert($dbToken);
+
+ return $dbToken;
+ }
+
+ /**
+ * @param string $token
+ * @throws InvalidTokenException
+ * @return string user UID
+ */
+ public function validateToken($token) {
+ $this->logger->debug('validating default token <' . $token . '>');
+ try {
+ $dbToken = $this->mapper->getTokenUser(hash('sha512', $token));
+ $this->logger->debug('valid token for ' . $dbToken->getUid());
+ return $dbToken->getUid();
+ } catch (DoesNotExistException $ex) {
+ $this->logger->warning('invalid token');
+ throw new InvalidTokenException();
+ }
+ }
+
+}
diff --git a/lib/private/Authentication/Token/IProvider.php b/lib/private/Authentication/Token/IProvider.php
new file mode 100644
index 00000000000..4fceef19a1c
--- /dev/null
+++ b/lib/private/Authentication/Token/IProvider.php
@@ -0,0 +1,35 @@
+<?php
+
+/**
+ * @author Christoph Wurst <christoph@owncloud.com>
+ *
+ * @copyright Copyright (c) 2016, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+namespace OC\Authentication\Token;
+
+use OC\Authentication\Exceptions\InvalidTokenException;
+
+interface IProvider {
+
+ /**
+ * @param string $token
+ * @throws InvalidTokenException
+ * @return string user UID
+ */
+ public function validateToken($token);
+}
diff --git a/lib/private/Authentication/Token/IToken.php b/lib/private/Authentication/Token/IToken.php
new file mode 100644
index 00000000000..10b54c0d2a8
--- /dev/null
+++ b/lib/private/Authentication/Token/IToken.php
@@ -0,0 +1,36 @@
+<?php
+
+/**
+ * @author Christoph Wurst <christoph@owncloud.com>
+ *
+ * @copyright Copyright (c) 2016, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+namespace OC\Authentication\Token;
+
+/**
+ * @since 9.1.0
+ */
+interface IToken {
+
+ /**
+ * Get the token ID
+ *
+ * @return string
+ */
+ public function getId();
+}