diff options
9 files changed, 34 insertions, 97 deletions
diff --git a/lib/private/Authentication/Token/DefaultTokenMapper.php b/lib/private/Authentication/Token/DefaultTokenMapper.php index 0a3f32ffb46..02964e3f59c 100644 --- a/lib/private/Authentication/Token/DefaultTokenMapper.php +++ b/lib/private/Authentication/Token/DefaultTokenMapper.php @@ -33,7 +33,6 @@ use OCP\AppFramework\Db\DoesNotExistException; use OCP\AppFramework\Db\QBMapper; use OCP\DB\QueryBuilder\IQueryBuilder; use OCP\IDBConnection; -use OCP\IUser; class DefaultTokenMapper extends QBMapper { @@ -124,15 +123,15 @@ class DefaultTokenMapper extends QBMapper { * The provider may limit the number of result rows in case of an abuse * where a high number of (session) tokens is generated * - * @param IUser $user + * @param string $uid * @return DefaultToken[] */ - public function getTokenByUser(IUser $user): array { + public function getTokenByUser(string $uid): array { /* @var $qb IQueryBuilder */ $qb = $this->db->getQueryBuilder(); $qb->select('id', 'uid', 'login_name', 'password', 'name', 'token', 'type', 'remember', 'last_activity', 'last_check', 'scope', 'expires', 'version') ->from('authtoken') - ->where($qb->expr()->eq('uid', $qb->createNamedParameter($user->getUID()))) + ->where($qb->expr()->eq('uid', $qb->createNamedParameter($uid))) ->andWhere($qb->expr()->eq('version', $qb->createNamedParameter(1, IQueryBuilder::PARAM_INT))) ->setMaxResults(1000); $result = $qb->execute(); @@ -146,16 +145,12 @@ class DefaultTokenMapper extends QBMapper { return $entities; } - /** - * @param IUser $user - * @param int $id - */ - public function deleteById(IUser $user, int $id) { + public function deleteById(string $uid, int $id) { /* @var $qb IQueryBuilder */ $qb = $this->db->getQueryBuilder(); $qb->delete('authtoken') ->where($qb->expr()->eq('id', $qb->createNamedParameter($id))) - ->andWhere($qb->expr()->eq('uid', $qb->createNamedParameter($user->getUID()))) + ->andWhere($qb->expr()->eq('uid', $qb->createNamedParameter($uid))) ->andWhere($qb->expr()->eq('version', $qb->createNamedParameter(1, IQueryBuilder::PARAM_INT))); $qb->execute(); } diff --git a/lib/private/Authentication/Token/DefaultTokenProvider.php b/lib/private/Authentication/Token/DefaultTokenProvider.php index 7a43dbb23e1..ed3c14c1745 100644 --- a/lib/private/Authentication/Token/DefaultTokenProvider.php +++ b/lib/private/Authentication/Token/DefaultTokenProvider.php @@ -143,17 +143,8 @@ class DefaultTokenProvider implements IProvider { } } - /** - * Get all tokens of a user - * - * The provider may limit the number of result rows in case of an abuse - * where a high number of (session) tokens is generated - * - * @param IUser $user - * @return IToken[] - */ - public function getTokenByUser(IUser $user): array { - return $this->mapper->getTokenByUser($user); + public function getTokenByUser(string $uid): array { + return $this->mapper->getTokenByUser($uid); } /** @@ -265,14 +256,8 @@ class DefaultTokenProvider implements IProvider { $this->mapper->invalidate($this->hashToken($token)); } - /** - * Invalidate (delete) the given token - * - * @param IUser $user - * @param int $id - */ - public function invalidateTokenById(IUser $user, int $id) { - $this->mapper->deleteById($user, $id); + public function invalidateTokenById(string $uid, int $id) { + $this->mapper->deleteById($uid, $id); } /** diff --git a/lib/private/Authentication/Token/IProvider.php b/lib/private/Authentication/Token/IProvider.php index 0efffefac68..ab46bd12126 100644 --- a/lib/private/Authentication/Token/IProvider.php +++ b/lib/private/Authentication/Token/IProvider.php @@ -28,7 +28,6 @@ namespace OC\Authentication\Token; use OC\Authentication\Exceptions\InvalidTokenException; use OC\Authentication\Exceptions\PasswordlessTokenException; -use OCP\IUser; interface IProvider { @@ -92,10 +91,10 @@ interface IProvider { /** * Invalidate (delete) the given token * - * @param IUser $user + * @param string $uid * @param int $id */ - public function invalidateTokenById(IUser $user, int $id); + public function invalidateTokenById(string $uid, int $id); /** * Invalidate (delete) old session tokens @@ -122,10 +121,10 @@ interface IProvider { * The provider may limit the number of result rows in case of an abuse * where a high number of (session) tokens is generated * - * @param IUser $user + * @param string $uid * @return IToken[] */ - public function getTokenByUser(IUser $user): array; + public function getTokenByUser(string $uid): array; /** * Get the (unencrypted) password of the given token diff --git a/lib/private/Authentication/Token/Manager.php b/lib/private/Authentication/Token/Manager.php index 85fe91cdf14..7ec90e92ed0 100644 --- a/lib/private/Authentication/Token/Manager.php +++ b/lib/private/Authentication/Token/Manager.php @@ -104,8 +104,8 @@ class Manager implements IProvider { * @param IUser $user * @return IToken[] */ - public function getTokenByUser(IUser $user): array { - return $this->defaultTokenProvider->getTokenByUser($user); + public function getTokenByUser(string $uid): array { + return $this->defaultTokenProvider->getTokenByUser($uid); } /** @@ -188,9 +188,9 @@ class Manager implements IProvider { * @param IUser $user * @param int $id */ - public function invalidateTokenById(IUser $user, int $id) { + public function invalidateTokenById(string $uid, int $id) { //TODO find way to distinguis between tokens - $this->defaultTokenProvider->invalidateTokenById($user, $id); + $this->defaultTokenProvider->invalidateTokenById($uid, $id); } /** diff --git a/lib/private/Authentication/Token/PublicKeyTokenMapper.php b/lib/private/Authentication/Token/PublicKeyTokenMapper.php index 0d5657cb582..6feb176fb68 100644 --- a/lib/private/Authentication/Token/PublicKeyTokenMapper.php +++ b/lib/private/Authentication/Token/PublicKeyTokenMapper.php @@ -28,7 +28,6 @@ use OCP\AppFramework\Db\DoesNotExistException; use OCP\AppFramework\Db\QBMapper; use OCP\DB\QueryBuilder\IQueryBuilder; use OCP\IDBConnection; -use OCP\IUser; class PublicKeyTokenMapper extends QBMapper { @@ -115,15 +114,15 @@ class PublicKeyTokenMapper extends QBMapper { * The provider may limit the number of result rows in case of an abuse * where a high number of (session) tokens is generated * - * @param IUser $user + * @param string $uid * @return DefaultToken[] */ - public function getTokenByUser(IUser $user): array { + public function getTokenByUser(string $uid): array { /* @var $qb IQueryBuilder */ $qb = $this->db->getQueryBuilder(); $qb->select('*') ->from('authtoken') - ->where($qb->expr()->eq('uid', $qb->createNamedParameter($user->getUID()))) + ->where($qb->expr()->eq('uid', $qb->createNamedParameter($uid))) ->andWhere($qb->expr()->eq('version', $qb->createNamedParameter(2, IQueryBuilder::PARAM_INT))) ->setMaxResults(1000); $result = $qb->execute(); @@ -137,16 +136,12 @@ class PublicKeyTokenMapper extends QBMapper { return $entities; } - /** - * @param IUser $user - * @param int $id - */ - public function deleteById(IUser $user, int $id) { + public function deleteById(string $uid, int $id) { /* @var $qb IQueryBuilder */ $qb = $this->db->getQueryBuilder(); $qb->delete('authtoken') ->where($qb->expr()->eq('id', $qb->createNamedParameter($id))) - ->andWhere($qb->expr()->eq('uid', $qb->createNamedParameter($user->getUID()))) + ->andWhere($qb->expr()->eq('uid', $qb->createNamedParameter($uid))) ->andWhere($qb->expr()->eq('version', $qb->createNamedParameter(2, IQueryBuilder::PARAM_INT))); $qb->execute(); } diff --git a/lib/private/Authentication/Token/PublicKeyTokenProvider.php b/lib/private/Authentication/Token/PublicKeyTokenProvider.php index 1c5f3da147f..926e3c678d4 100644 --- a/lib/private/Authentication/Token/PublicKeyTokenProvider.php +++ b/lib/private/Authentication/Token/PublicKeyTokenProvider.php @@ -161,8 +161,8 @@ class PublicKeyTokenProvider implements IProvider { $this->mapper->invalidate($this->hashToken($token)); } - public function invalidateTokenById(IUser $user, int $id) { - $this->mapper->deleteById($user, $id); + public function invalidateTokenById(string $uid, int $id) { + $this->mapper->deleteById($uid, $id); } public function invalidateOldTokens() { @@ -194,8 +194,8 @@ class PublicKeyTokenProvider implements IProvider { } } - public function getTokenByUser(IUser $user): array { - return $this->mapper->getTokenByUser($user); + public function getTokenByUser(string $uid): array { + return $this->mapper->getTokenByUser($uid); } public function getPassword(IToken $token, string $tokenId): string { diff --git a/settings/Controller/AuthSettingsController.php b/settings/Controller/AuthSettingsController.php index 6eaa64cfac2..06cabd00b07 100644 --- a/settings/Controller/AuthSettingsController.php +++ b/settings/Controller/AuthSettingsController.php @@ -83,11 +83,7 @@ class AuthSettingsController extends Controller { * @return JSONResponse|array */ public function index() { - $user = $this->userManager->get($this->uid); - if ($user === null) { - return []; - } - $tokens = $this->tokenProvider->getTokenByUser($user); + $tokens = $this->tokenProvider->getTokenByUser($this->uid); try { $sessionId = $this->session->getId(); @@ -182,12 +178,7 @@ class AuthSettingsController extends Controller { * @return array */ public function destroy($id) { - $user = $this->userManager->get($this->uid); - if (is_null($user)) { - return []; - } - - $this->tokenProvider->invalidateTokenById($user, $id); + $this->tokenProvider->invalidateTokenById($this->uid, $id); return []; } diff --git a/tests/Settings/Controller/AuthSettingsControllerTest.php b/tests/Settings/Controller/AuthSettingsControllerTest.php index 461b32b7a48..1c957299e39 100644 --- a/tests/Settings/Controller/AuthSettingsControllerTest.php +++ b/tests/Settings/Controller/AuthSettingsControllerTest.php @@ -75,13 +75,9 @@ class AuthSettingsControllerTest extends TestCase { $sessionToken = new DefaultToken(); $sessionToken->setId(100); - $this->userManager->expects($this->once()) - ->method('get') - ->with($this->uid) - ->will($this->returnValue($this->user)); $this->tokenProvider->expects($this->once()) ->method('getTokenByUser') - ->with($this->user) + ->with($this->uid) ->will($this->returnValue($tokens)); $this->session->expects($this->once()) ->method('getId') @@ -192,13 +188,9 @@ class AuthSettingsControllerTest extends TestCase { $id = 123; $user = $this->createMock(IUser::class); - $this->userManager->expects($this->once()) - ->method('get') - ->with($this->uid) - ->will($this->returnValue($user)); $this->tokenProvider->expects($this->once()) ->method('invalidateTokenById') - ->with($user, $id); + ->with($this->uid, $id); $this->assertEquals([], $this->controller->destroy($id)); } diff --git a/tests/lib/Authentication/Token/DefaultTokenMapperTest.php b/tests/lib/Authentication/Token/DefaultTokenMapperTest.php index b5d24a7ab5e..ab09c005297 100644 --- a/tests/lib/Authentication/Token/DefaultTokenMapperTest.php +++ b/tests/lib/Authentication/Token/DefaultTokenMapperTest.php @@ -190,23 +190,11 @@ class DefaultTokenMapperTest extends TestCase { } public function testGetTokenByUser() { - /** @var IUser|\PHPUnit_Framework_MockObject_MockObject $user */ - $user = $this->createMock(IUser::class); - $user->expects($this->once()) - ->method('getUID') - ->will($this->returnValue('user1')); - - $this->assertCount(2, $this->mapper->getTokenByUser($user)); + $this->assertCount(2, $this->mapper->getTokenByUser('user1')); } public function testGetTokenByUserNotFound() { - /** @var IUser|\PHPUnit_Framework_MockObject_MockObject $user */ - $user = $this->createMock(IUser::class); - $user->expects($this->once()) - ->method('getUID') - ->will($this->returnValue('user1000')); - - $this->assertCount(0, $this->mapper->getTokenByUser($user)); + $this->assertCount(0, $this->mapper->getTokenByUser('user1000')); } public function testDeleteById() { @@ -218,23 +206,15 @@ class DefaultTokenMapperTest extends TestCase { ->where($qb->expr()->eq('token', $qb->createNamedParameter('9c5a2e661482b65597408a6bb6c4a3d1af36337381872ac56e445a06cdb7fea2b1039db707545c11027a4966919918b19d875a8b774840b18c6cbb7ae56fe206'))); $result = $qb->execute(); $id = $result->fetch()['id']; - $user->expects($this->once()) - ->method('getUID') - ->will($this->returnValue('user1')); - $this->mapper->deleteById($user, $id); + $this->mapper->deleteById('user1', $id); $this->assertEquals(2, $this->getNumberOfTokens()); } public function testDeleteByIdWrongUser() { - /** @var IUser|\PHPUnit_Framework_MockObject_MockObject $user */ - $user = $this->createMock(IUser::class); $id = 33; - $user->expects($this->once()) - ->method('getUID') - ->will($this->returnValue('user10000')); - $this->mapper->deleteById($user, $id); + $this->mapper->deleteById('user1000', $id); $this->assertEquals(3, $this->getNumberOfTokens()); } |