diff options
author | Vincent Petry <pvince81@owncloud.com> | 2016-05-18 16:31:53 +0200 |
---|---|---|
committer | Vincent Petry <pvince81@owncloud.com> | 2016-05-18 16:31:53 +0200 |
commit | 6231b72e250f275c30228d0738155b78c2333576 (patch) | |
tree | a90bf06e5ad4418c92c698f65b05fcdac6b402d6 /lib | |
parent | eea3c99af6444bba68245da4ac43775145e93977 (diff) | |
parent | 98b465a8b9c6900f12ca2efa5d51036b6ccc4b8b (diff) | |
download | nextcloud-server-6231b72e250f275c30228d0738155b78c2333576.tar.gz nextcloud-server-6231b72e250f275c30228d0738155b78c2333576.zip |
Merge pull request #24677 from owncloud/single-token-provider
a single token provider suffices
Diffstat (limited to 'lib')
-rw-r--r-- | lib/private/Authentication/Token/DefaultToken.php | 9 | ||||
-rw-r--r-- | lib/private/Authentication/Token/DefaultTokenProvider.php | 16 | ||||
-rw-r--r-- | lib/private/Authentication/Token/IProvider.php | 37 | ||||
-rw-r--r-- | lib/private/Authentication/Token/IToken.php | 10 | ||||
-rw-r--r-- | lib/private/Server.php | 6 | ||||
-rw-r--r-- | lib/private/User/Session.php | 65 |
6 files changed, 85 insertions, 58 deletions
diff --git a/lib/private/Authentication/Token/DefaultToken.php b/lib/private/Authentication/Token/DefaultToken.php index 25caf675a43..08451a46151 100644 --- a/lib/private/Authentication/Token/DefaultToken.php +++ b/lib/private/Authentication/Token/DefaultToken.php @@ -77,5 +77,14 @@ class DefaultToken extends Entity implements IToken { public function getUID() { return $this->uid; } + + /** + * Get the (encrypted) login password + * + * @return string + */ + public function getPassword() { + return parent::getPassword(); + } } diff --git a/lib/private/Authentication/Token/DefaultTokenProvider.php b/lib/private/Authentication/Token/DefaultTokenProvider.php index deca5b409e8..a335b79e332 100644 --- a/lib/private/Authentication/Token/DefaultTokenProvider.php +++ b/lib/private/Authentication/Token/DefaultTokenProvider.php @@ -103,25 +103,27 @@ class DefaultTokenProvider implements IProvider { } /** - * @param string $token + * Get a token by token id + * + * @param string $tokenId * @throws InvalidTokenException * @return DefaultToken */ - public function getToken($token) { + public function getToken($tokenId) { try { - return $this->mapper->getToken($this->hashToken($token)); + return $this->mapper->getToken($this->hashToken($tokenId)); } catch (DoesNotExistException $ex) { throw new InvalidTokenException(); } } /** - * @param DefaultToken $savedToken - * @param string $token session token + * @param IToken $savedToken + * @param string $tokenId session token * @return string */ - public function getPassword(DefaultToken $savedToken, $token) { - return $this->decryptPassword($savedToken->getPassword(), $token); + public function getPassword(IToken $savedToken, $tokenId) { + return $this->decryptPassword($savedToken->getPassword(), $tokenId); } /** diff --git a/lib/private/Authentication/Token/IProvider.php b/lib/private/Authentication/Token/IProvider.php index f8a3262ca8b..1fd3a70fbbf 100644 --- a/lib/private/Authentication/Token/IProvider.php +++ b/lib/private/Authentication/Token/IProvider.php @@ -27,6 +27,27 @@ use OC\Authentication\Exceptions\InvalidTokenException; interface IProvider { /** + * Create and persist a new token + * + * @param string $token + * @param string $uid + * @param string $password + * @param string $name + * @param int $type token type + * @return DefaultToken + */ + public function generateToken($token, $uid, $password, $name, $type = IToken::TEMPORARY_TOKEN); + + /** + * Get a token by token id + * + * @param string $tokenId + * @throws InvalidTokenException + * @return IToken + */ + public function getToken($tokenId) ; + + /** * @param string $token * @throws InvalidTokenException * @return IToken @@ -34,9 +55,25 @@ interface IProvider { public function validateToken($token); /** + * Invalidate (delete) the given session token + * + * @param string $token + */ + public function invalidateToken($token); + + /** * Update token activity timestamp * * @param IToken $token */ public function updateToken(IToken $token); + + /** + * Get the (unencrypted) password of the given token + * + * @param IToken $token + * @param string $tokenId + * @return string + */ + public function getPassword(IToken $token, $tokenId); } diff --git a/lib/private/Authentication/Token/IToken.php b/lib/private/Authentication/Token/IToken.php index 9b2bd18f83b..2a01ea75ea9 100644 --- a/lib/private/Authentication/Token/IToken.php +++ b/lib/private/Authentication/Token/IToken.php @@ -22,9 +22,6 @@ namespace OC\Authentication\Token; -/** - * @since 9.1.0 - */ interface IToken { const TEMPORARY_TOKEN = 0; @@ -43,4 +40,11 @@ interface IToken { * @return string */ public function getUID(); + + /** + * Get the (encrypted) login password + * + * @return string + */ + public function getPassword(); } diff --git a/lib/private/Server.php b/lib/private/Server.php index 8ece9addd3d..a4294ee2c88 100644 --- a/lib/private/Server.php +++ b/lib/private/Server.php @@ -231,15 +231,11 @@ class Server extends ServerContainer implements IServerContainer { // might however be called when ownCloud is not yet setup. if (\OC::$server->getSystemConfig()->getValue('installed', false)) { $defaultTokenProvider = $c->query('OC\Authentication\Token\DefaultTokenProvider'); - $tokenProviders = [ - $defaultTokenProvider, - ]; } else { $defaultTokenProvider = null; - $tokenProviders = []; } - $userSession = new \OC\User\Session($manager, $session, $timeFactory, $defaultTokenProvider, $tokenProviders); + $userSession = new \OC\User\Session($manager, $session, $timeFactory, $defaultTokenProvider); $userSession->listen('\OC\User', 'preCreateUser', function ($uid, $password) { \OC_Hook::emit('OC_User', 'pre_createUser', array('run' => true, 'uid' => $uid, 'password' => $password)); }); diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php index c9f42d7e414..3f074fa8adf 100644 --- a/lib/private/User/Session.php +++ b/lib/private/User/Session.php @@ -35,7 +35,6 @@ namespace OC\User; use OC; use OC\Authentication\Exceptions\InvalidTokenException; -use OC\Authentication\Token\DefaultTokenProvider; use OC\Authentication\Token\IProvider; use OC\Authentication\Token\IToken; use OC\Hooks\Emitter; @@ -69,35 +68,20 @@ use OCP\Session\Exceptions\SessionNotAvailableException; * @package OC\User */ class Session implements IUserSession, Emitter { - /* - * @var Manager $manager - */ - + + /** @var Manager $manager */ private $manager; - /* - * @var ISession $session - */ + /** @var ISession $session */ private $session; - /* - * @var ITimeFactory - */ + /** @var ITimeFactory */ private $timeFacory; - /** - * @var DefaultTokenProvider - */ + /** @var IProvider */ private $tokenProvider; - /** - * @var IProvider[] - */ - private $tokenProviders; - - /** - * @var User $activeUser - */ + /** @var User $activeUser */ protected $activeUser; /** @@ -105,20 +89,18 @@ class Session implements IUserSession, Emitter { * @param ISession $session * @param ITimeFactory $timeFacory * @param IProvider $tokenProvider - * @param IProvider[] $tokenProviders */ - public function __construct(IUserManager $manager, ISession $session, ITimeFactory $timeFacory, $tokenProvider, array $tokenProviders = []) { + public function __construct(IUserManager $manager, ISession $session, ITimeFactory $timeFacory, $tokenProvider) { $this->manager = $manager; $this->session = $session; $this->timeFacory = $timeFacory; $this->tokenProvider = $tokenProvider; - $this->tokenProviders = $tokenProviders; } /** - * @param DefaultTokenProvider $provider + * @param IProvider $provider */ - public function setTokenProvider(DefaultTokenProvider $provider) { + public function setTokenProvider(IProvider $provider) { $this->tokenProvider = $provider; } @@ -246,7 +228,7 @@ class Session implements IUserSession, Emitter { } // Session is valid, so the token can be refreshed - $this->updateToken($this->tokenProvider, $token); + $this->updateToken($token); } /** @@ -418,34 +400,31 @@ class Session implements IUserSession, Emitter { * @return boolean */ private function validateToken($token) { - foreach ($this->tokenProviders as $provider) { - try { - $token = $provider->validateToken($token); - if (!is_null($token)) { - $result = $this->loginWithToken($token->getUID()); - if ($result) { - // Login success - $this->updateToken($provider, $token); - return true; - } + try { + $token = $this->tokenProvider->validateToken($token); + if (!is_null($token)) { + $result = $this->loginWithToken($token->getUID()); + if ($result) { + // Login success + $this->updateToken($token); + return true; } - } catch (InvalidTokenException $ex) { - } + } catch (InvalidTokenException $ex) { + } return false; } /** - * @param IProvider $provider * @param IToken $token */ - private function updateToken(IProvider $provider, IToken $token) { + private function updateToken(IToken $token) { // To save unnecessary DB queries, this is only done once a minute $lastTokenUpdate = $this->session->get('last_token_update') ? : 0; $now = $this->timeFacory->getTime(); if ($lastTokenUpdate < ($now - 60)) { - $provider->updateToken($token); + $this->tokenProvider->updateToken($token); $this->session->set('last_token_update', $now); } } |