fix(performance): Only search for auth tokens when the provided login is long enough

Signed-off-by: Joas Schilling <coding@schilljs.com>
author: Joas Schilling <coding@schilljs.com> 2023-02-08 22:45:23 +0100
committer: Joas Schilling <coding@schilljs.com> 2023-02-08 22:45:23 +0100
commit: 03a585ab4fe499753d9dc03e17dd82aeaea8205e (patch)
tree: 2d7227a826b498157aca6b3a60572e59d69d465e /lib/private
parent: 08802ad13f2485f5b8c24dbfe295ce3ad15836c6 (diff)
download: nextcloud-server-03a585ab4fe499753d9dc03e17dd82aeaea8205e.tar.gz
nextcloud-server-03a585ab4fe499753d9dc03e17dd82aeaea8205e.zip
1 files changed, 22 insertions, 1 deletions
diff --git a/lib/private/Authentication/Token/PublicKeyTokenProvider.php b/lib/private/Authentication/Token/PublicKeyTokenProvider.php
index c8adec24b31..bbedd54f91a 100644
--- a/lib/private/Authentication/Token/PublicKeyTokenProvider.php
+++ b/lib/private/Authentication/Token/PublicKeyTokenProvider.php
@@ -112,6 +112,27 @@ class PublicKeyTokenProvider implements IProvider {
 	}
 
 	public function getToken(string $tokenId): IToken {
+		/**
+		 * Token length: 72
+		 * @see \OC\Core\Controller\ClientFlowLoginController::generateAppPassword
+		 * @see \OC\Core\Controller\AppPasswordController::getAppPassword
+		 * @see \OC\Core\Command\User\AddAppPassword::execute
+		 * @see \OC\Core\Service\LoginFlowV2Service::flowDone
+		 * @see \OCA\Talk\MatterbridgeManager::generatePassword
+		 * @see \OCA\Preferred_Providers\Controller\PasswordController::generateAppPassword
+		 * @see \OCA\GlobalSiteSelector\TokenHandler::generateAppPassword
+		 *
+		 * Token length: 32-256 - https://www.php.net/manual/en/session.configuration.php#ini.session.sid-length
+		 * @see \OC\User\Session::createSessionToken
+		 *
+		 * Token length: 29
+		 * @see \OCA\Settings\Controller\AuthSettingsController::generateRandomDeviceToken
+		 * @see \OCA\Registration\Service\RegistrationService::generateAppPassword
+		 */
+		if (strlen($tokenId) < 29) {
+			throw new InvalidTokenException('Token is too short for a generated token, should be the password during basic auth');
+		}
+
 		$tokenHash = $this->hashToken($tokenId);
 
 		if (isset($this->cache[$tokenHash])) {
@@ -122,7 +143,7 @@ class PublicKeyTokenProvider implements IProvider {
 			$token = $this->cache[$tokenHash];
 		} else {
 			try {
-				$token = $this->mapper->getToken($this->hashToken($tokenId));
+				$token = $this->mapper->getToken($tokenHash);
 				$this->cache[$token->getToken()] = $token;
 			} catch (DoesNotExistException $ex) {
 				try {
author	Joas Schilling <coding@schilljs.com>	2023-02-08 22:45:23 +0100
committer	Joas Schilling <coding@schilljs.com>	2023-02-08 22:45:23 +0100
commit	03a585ab4fe499753d9dc03e17dd82aeaea8205e (patch)
tree	2d7227a826b498157aca6b3a60572e59d69d465e /lib/private
parent	08802ad13f2485f5b8c24dbfe295ce3ad15836c6 (diff)
download	nextcloud-server-03a585ab4fe499753d9dc03e17dd82aeaea8205e.tar.gz nextcloud-server-03a585ab4fe499753d9dc03e17dd82aeaea8205e.zip