aboutsummaryrefslogtreecommitdiffstats
path: root/settings/Controller
diff options
context:
space:
mode:
authorDaniel Kesselberg <mail@danielkesselberg.de>2019-01-22 18:01:14 +0100
committerDaniel Kesselberg <mail@danielkesselberg.de>2019-01-30 19:10:58 +0100
commit17b82c5d76ed849872d0ef8e3ea39e07cd6fd4e6 (patch)
treee2c5845937272c2d4a2c21d94b51afa497fee4c9 /settings/Controller
parentf24fa2051d7c2866ced8cfe26bf147b3ce031082 (diff)
downloadnextcloud-server-17b82c5d76ed849872d0ef8e3ea39e07cd6fd4e6.tar.gz
nextcloud-server-17b82c5d76ed849872d0ef8e3ea39e07cd6fd4e6.zip
Add token name for delete activity
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
Diffstat (limited to 'settings/Controller')
-rw-r--r--settings/Controller/AuthSettingsController.php39
1 files changed, 30 insertions, 9 deletions
diff --git a/settings/Controller/AuthSettingsController.php b/settings/Controller/AuthSettingsController.php
index 13b16c3ea73..26203c8abab 100644
--- a/settings/Controller/AuthSettingsController.php
+++ b/settings/Controller/AuthSettingsController.php
@@ -154,7 +154,7 @@ class AuthSettingsController extends Controller {
$tokenData = $deviceToken->jsonSerialize();
$tokenData['canDelete'] = true;
- $this->publishActivity(Provider::APP_TOKEN_CREATED, $deviceToken->getId(), $name);
+ $this->publishActivity(Provider::APP_TOKEN_CREATED, $deviceToken->getId(), $deviceToken->getName());
return new JSONResponse([
'token' => $token,
@@ -191,11 +191,18 @@ class AuthSettingsController extends Controller {
* @NoAdminRequired
* @NoSubadminRequired
*
- * @return array
+ * @param int $id
+ * @return array|JSONResponse
*/
public function destroy($id) {
- $this->tokenProvider->invalidateTokenById($this->uid, $id);
- $this->publishActivity(Provider::APP_TOKEN_DELETED, $id);
+ try {
+ $token = $this->findTokenByIdAndUser($id);
+ } catch (InvalidTokenException $e) {
+ return new JSONResponse([], Http::STATUS_NOT_FOUND);
+ }
+
+ $this->tokenProvider->invalidateTokenById($this->uid, $token->getId());
+ $this->publishActivity(Provider::APP_TOKEN_DELETED, $token->getId(), $token->getName());
return [];
}
@@ -209,10 +216,7 @@ class AuthSettingsController extends Controller {
*/
public function update($id, array $scope) {
try {
- $token = $this->tokenProvider->getTokenById((string)$id);
- if ($token->getUID() !== $this->uid) {
- throw new InvalidTokenException('User mismatch');
- }
+ $token = $this->findTokenByIdAndUser($id);
} catch (InvalidTokenException $e) {
return new JSONResponse([], Http::STATUS_NOT_FOUND);
}
@@ -220,8 +224,9 @@ class AuthSettingsController extends Controller {
$token->setScope([
'filesystem' => $scope['filesystem']
]);
+
$this->tokenProvider->updateToken($token);
- $this->publishActivity(Provider::APP_TOKEN_UPDATED, $id, $token->getName());
+ $this->publishActivity(Provider::APP_TOKEN_UPDATED, $token->getId(), $token->getName());
return [];
}
@@ -246,4 +251,20 @@ class AuthSettingsController extends Controller {
$this->logger->logException($e);
}
}
+
+ /**
+ * Find a token by given id and check if uid for current session belongs to this token
+ *
+ * @param int $id
+ * @return IToken
+ * @throws InvalidTokenException
+ * @throws \OC\Authentication\Exceptions\ExpiredTokenException
+ */
+ private function findTokenByIdAndUser(int $id): IToken {
+ $token = $this->tokenProvider->getTokenById((string)$id);
+ if ($token->getUID() !== $this->uid) {
+ throw new InvalidTokenException('This token does not belong to you!');
+ }
+ return $token;
+ }
}