Disable app token creation for impersonated people, ref #15539

Signed-off-by: Greta Doci <gretadoci@gmail.com>

4 files changed, 21 insertions, 2 deletions

diff --git a/settings/Controller/AuthSettingsController.php b/settings/Controller/AuthSettingsController.php
index da9414dcb10..7582f1287b9 100644
--- a/settings/Controller/AuthSettingsController.php
+++ b/settings/Controller/AuthSettingsController.php
@@ -44,6 +44,7 @@ use OCP\AppFramework\Http\JSONResponse;
 use OCP\ILogger;
 use OCP\IRequest;
 use OCP\ISession;
+use OCP\IUserSession;
 use OCP\Security\ISecureRandom;
 use OCP\Session\Exceptions\SessionNotAvailableException;
 
@@ -55,6 +56,9 @@ class AuthSettingsController extends Controller {
 	/** @var ISession */
 	private $session;
 
+	/** IUserSession */
+	private  $userSession;
+
 	/** @var string */
 	private $uid;
 
@@ -77,6 +81,7 @@ class AuthSettingsController extends Controller {
 	 * @param ISession $session
 	 * @param ISecureRandom $random
 	 * @param string|null $userId
+	 * @param IUserSession $userSession
 	 * @param IManager $activityManager
 	 * @param RemoteWipe $remoteWipe
 	 * @param ILogger $logger
@@ -87,12 +92,14 @@ class AuthSettingsController extends Controller {
 								ISession $session,
 								ISecureRandom $random,
 								?string $userId,
+								IUserSession $userSession,
 								IManager $activityManager,
 								RemoteWipe $remoteWipe,
 								ILogger $logger) {
 		parent::__construct($appName, $request);
 		$this->tokenProvider = $tokenProvider;
 		$this->uid = $userId;
+		$this->userSession = $userSession;
 		$this->session = $session;
 		$this->random = $random;
 		$this->activityManager = $activityManager;
@@ -114,6 +121,10 @@ class AuthSettingsController extends Controller {
 		} catch (SessionNotAvailableException $ex) {
 			return $this->getServiceNotAvailableResponse();
 		}
+		if ($this->userSession->getImpersonatingUserID() !== null)
+		{
+			return $this->getServiceNotAvailableResponse();
+		}
 
 		try {
 			$sessionToken = $this->tokenProvider->getToken($sessionId);
diff --git a/settings/Settings/Personal/Security.php b/settings/Settings/Personal/Security.php
index 29c161f9da7..1d40377f184 100644
--- a/settings/Settings/Personal/Security.php
+++ b/settings/Settings/Personal/Security.php
@@ -80,11 +80,18 @@ class Security implements ISettings {
 			$passwordChangeSupported = $user->canChangePassword();
 		}
 
+		$this->initialStateService->provideInitialState(
+			'settings',
+			'can_create_app_token',
+			$this->userSession->getImpersonatingUserID() !== null
+		);
+
 		return new TemplateResponse('settings', 'settings/personal/security', [
 			'passwordChangeSupported' => $passwordChangeSupported,
 			'twoFactorProviderData' => $this->getTwoFactorProviderData(),
 			'themedark' => $this->config->getUserValue($this->uid, 'accessibility', 'theme', false)
 		]);
+
 	}
 
 	public function getSection(): string {
diff --git a/settings/src/components/AuthTokenSection.vue b/settings/src/components/AuthTokenSection.vue
index c74348631db..7ddca568590 100644
--- a/settings/src/components/AuthTokenSection.vue
+++ b/settings/src/components/AuthTokenSection.vue
@@ -28,7 +28,7 @@
 					   @rename="rename"
 					   @delete="deleteToken"
 					   @wipe="wipeToken" />
-		<AuthTokenSetupDialogue :add="addNewToken" />
+		<AuthTokenSetupDialogue v-if="canCreateToken" :add="addNewToken" />
 	</div>
 </template>
 
@@ -63,7 +63,7 @@
 		props: {
 			tokens: {
 				type: Array,
-				requried: true,
+				required: true,
 			},
 		},
 		components: {
diff --git a/settings/src/main-personal-security.js b/settings/src/main-personal-security.js
index 2284cebea7b..9f020efd5f4 100644
--- a/settings/src/main-personal-security.js
+++ b/settings/src/main-personal-security.js
@@ -35,5 +35,6 @@ const View = Vue.extend(AuthTokenSection);
 new View({
 	propsData: {
 		tokens: OCP.InitialState.loadState('settings', 'app_tokens'),
+		canCreateToken: OCP.InitialState.loadState('settings', 'can_create_app_token'),
 	}
 }).$mount('#security-authtokens');