diff options
| author | John Molakvoæ <skjnldsv@users.noreply.github.com> | 2023-01-06 08:52:57 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-01-06 08:52:57 +0100 |
| commit | 467c213795a8c7e803ef3e19a5fe1d4a44886de3 (patch) | |
| tree | c4e4dbbfad2196bd2e0dc5788450a30b673befe0 /lib | |
| parent | d427849cd30fd329ac720220a332b697a3965d22 (diff) | |
| parent | c001c4b3ac1bcdcd25df12c8bead13fc12727da8 (diff) | |
| download | nextcloud-server-467c213795a8c7e803ef3e19a5fe1d4a44886de3.tar.gz nextcloud-server-467c213795a8c7e803ef3e19a5fe1d4a44886de3.zip | |
Merge pull request #35094 from nextcloud/invalidateTokensWhenDeletingOAuthClient
fixes https://github.com/nextcloud/server/issues/35068
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/composer/autoload.php | 17 | ||||
| -rw-r--r-- | lib/composer/composer/autoload_classmap.php | 1 | ||||
| -rw-r--r-- | lib/composer/composer/autoload_static.php | 1 | ||||
| -rw-r--r-- | lib/private/Authentication/Token/Manager.php | 12 | ||||
| -rw-r--r-- | lib/private/Server.php | 2 | ||||
| -rw-r--r-- | lib/public/Authentication/Token/IProvider.php | 41 |
6 files changed, 71 insertions, 3 deletions
diff --git a/lib/composer/autoload.php b/lib/composer/autoload.php index a3d144b1777..15b9b7274b1 100644 --- a/lib/composer/autoload.php +++ b/lib/composer/autoload.php @@ -3,8 +3,21 @@ // autoload.php @generated by Composer if (PHP_VERSION_ID < 50600) { - echo 'Composer 2.3.0 dropped support for autoloading on PHP <5.6 and you are running '.PHP_VERSION.', please upgrade PHP or use Composer 2.2 LTS via "composer self-update --2.2". Aborting.'.PHP_EOL; - exit(1); + if (!headers_sent()) { + header('HTTP/1.1 500 Internal Server Error'); + } + $err = 'Composer 2.3.0 dropped support for autoloading on PHP <5.6 and you are running '.PHP_VERSION.', please upgrade PHP or use Composer 2.2 LTS via "composer self-update --2.2". Aborting.'.PHP_EOL; + if (!ini_get('display_errors')) { + if (PHP_SAPI === 'cli' || PHP_SAPI === 'phpdbg') { + fwrite(STDERR, $err); + } elseif (!headers_sent()) { + echo $err; + } + } + trigger_error( + $err, + E_USER_ERROR + ); } require_once __DIR__ . '/composer/autoload_real.php'; diff --git a/lib/composer/composer/autoload_classmap.php b/lib/composer/composer/autoload_classmap.php index 285b8f7a4d1..b46174a23d8 100644 --- a/lib/composer/composer/autoload_classmap.php +++ b/lib/composer/composer/autoload_classmap.php @@ -92,6 +92,7 @@ return array( 'OCP\\Authentication\\IApacheBackend' => $baseDir . '/lib/public/Authentication/IApacheBackend.php', 'OCP\\Authentication\\LoginCredentials\\ICredentials' => $baseDir . '/lib/public/Authentication/LoginCredentials/ICredentials.php', 'OCP\\Authentication\\LoginCredentials\\IStore' => $baseDir . '/lib/public/Authentication/LoginCredentials/IStore.php', + 'OCP\\Authentication\\Token\\IProvider' => $baseDir . '/lib/public/Authentication/Token/IProvider.php', 'OCP\\Authentication\\TwoFactorAuth\\ALoginSetupController' => $baseDir . '/lib/public/Authentication/TwoFactorAuth/ALoginSetupController.php', 'OCP\\Authentication\\TwoFactorAuth\\IActivatableAtLogin' => $baseDir . '/lib/public/Authentication/TwoFactorAuth/IActivatableAtLogin.php', 'OCP\\Authentication\\TwoFactorAuth\\IActivatableByAdmin' => $baseDir . '/lib/public/Authentication/TwoFactorAuth/IActivatableByAdmin.php', diff --git a/lib/composer/composer/autoload_static.php b/lib/composer/composer/autoload_static.php index 191e96ec9c4..2324a9c8ef5 100644 --- a/lib/composer/composer/autoload_static.php +++ b/lib/composer/composer/autoload_static.php @@ -121,6 +121,7 @@ class ComposerStaticInit53792487c5a8370acc0b06b1a864ff4c 'OCP\\Authentication\\IApacheBackend' => __DIR__ . '/../../..' . '/lib/public/Authentication/IApacheBackend.php', 'OCP\\Authentication\\LoginCredentials\\ICredentials' => __DIR__ . '/../../..' . '/lib/public/Authentication/LoginCredentials/ICredentials.php', 'OCP\\Authentication\\LoginCredentials\\IStore' => __DIR__ . '/../../..' . '/lib/public/Authentication/LoginCredentials/IStore.php', + 'OCP\\Authentication\\Token\\IProvider' => __DIR__ . '/../../..' . '/lib/public/Authentication/Token/IProvider.php', 'OCP\\Authentication\\TwoFactorAuth\\ALoginSetupController' => __DIR__ . '/../../..' . '/lib/public/Authentication/TwoFactorAuth/ALoginSetupController.php', 'OCP\\Authentication\\TwoFactorAuth\\IActivatableAtLogin' => __DIR__ . '/../../..' . '/lib/public/Authentication/TwoFactorAuth/IActivatableAtLogin.php', 'OCP\\Authentication\\TwoFactorAuth\\IActivatableByAdmin' => __DIR__ . '/../../..' . '/lib/public/Authentication/TwoFactorAuth/IActivatableByAdmin.php', diff --git a/lib/private/Authentication/Token/Manager.php b/lib/private/Authentication/Token/Manager.php index f8a0fb11c52..27b13804b37 100644 --- a/lib/private/Authentication/Token/Manager.php +++ b/lib/private/Authentication/Token/Manager.php @@ -32,8 +32,9 @@ use OC\Authentication\Exceptions\ExpiredTokenException; use OC\Authentication\Exceptions\InvalidTokenException; use OC\Authentication\Exceptions\PasswordlessTokenException; use OC\Authentication\Exceptions\WipeTokenException; +use OCP\Authentication\Token\IProvider as OCPIProvider; -class Manager implements IProvider { +class Manager implements IProvider, OCPIProvider { /** @var PublicKeyTokenProvider */ private $publicKeyTokenProvider; @@ -240,4 +241,13 @@ class Manager implements IProvider { public function updatePasswords(string $uid, string $password) { $this->publicKeyTokenProvider->updatePasswords($uid, $password); } + + public function invalidateTokensOfUser(string $uid, ?string $clientName) { + $tokens = $this->getTokenByUser($uid); + foreach ($tokens as $token) { + if ($clientName === null || ($token->getName() === $clientName)) { + $this->invalidateTokenById($uid, $token->getId()); + } + } + } } diff --git a/lib/private/Server.php b/lib/private/Server.php index 0d67012e70d..d14ba471999 100644 --- a/lib/private/Server.php +++ b/lib/private/Server.php @@ -157,6 +157,7 @@ use OCA\Theming\Util; use OCP\Accounts\IAccountManager; use OCP\App\IAppManager; use OCP\Authentication\LoginCredentials\IStore; +use OCP\Authentication\Token\IProvider as OCPIProvider; use OCP\BackgroundJob\IJobList; use OCP\Collaboration\AutoComplete\IManager; use OCP\Command\IBus; @@ -536,6 +537,7 @@ class Server extends ServerContainer implements IServerContainer { }); $this->registerAlias(IStore::class, Store::class); $this->registerAlias(IProvider::class, Authentication\Token\Manager::class); + $this->registerAlias(OCPIProvider::class, Authentication\Token\Manager::class); $this->registerService(\OC\User\Session::class, function (Server $c) { $manager = $c->get(IUserManager::class); diff --git a/lib/public/Authentication/Token/IProvider.php b/lib/public/Authentication/Token/IProvider.php new file mode 100644 index 00000000000..da2e400eb79 --- /dev/null +++ b/lib/public/Authentication/Token/IProvider.php @@ -0,0 +1,41 @@ +<?php + +declare(strict_types=1); + +/** + * @copyright Copyright (c) 2022 Artur Neumann <artur@jankaritech.com> + * + * @author Artur Neumann <artur@jankaritech.com> + * + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see <http://www.gnu.org/licenses/> + * + */ +namespace OCP\Authentication\Token; + +/** + * @since 24.0.8 + */ +interface IProvider { + /** + * invalidates all tokens of a specific user + * if a client name is given only tokens of that client will be invalidated + * + * @param string $uid + * @param string|null $clientName + * @since 24.0.8 + * @return void + */ + public function invalidateTokensOfUser(string $uid, ?string $clientName); +} |