diff options
3 files changed, 51 insertions, 26 deletions
diff --git a/apps/settings/lib/WellKnown/SecurityTxtHandler.php b/apps/settings/lib/WellKnown/SecurityTxtHandler.php index e0b627dc269..665dfba0710 100644 --- a/apps/settings/lib/WellKnown/SecurityTxtHandler.php +++ b/apps/settings/lib/WellKnown/SecurityTxtHandler.php @@ -38,7 +38,7 @@ class SecurityTxtHandler implements IHandler { } $response = "Contact: https://hackerone.com/nextcloud -Expires: 2023-04-31T23:00:00.000Z +Expires: 2023-04-30T23:00:00.000Z Acknowledgments: https://hackerone.com/nextcloud/thanks Acknowledgments: https://github.com/nextcloud/security-advisories/security/advisories Policy: https://hackerone.com/nextcloud diff --git a/lib/private/Authentication/Token/PublicKeyTokenProvider.php b/lib/private/Authentication/Token/PublicKeyTokenProvider.php index 0f1767e845b..249f9bd411f 100644 --- a/lib/private/Authentication/Token/PublicKeyTokenProvider.php +++ b/lib/private/Authentication/Token/PublicKeyTokenProvider.php @@ -34,14 +34,18 @@ use OC\Authentication\Exceptions\InvalidTokenException; use OC\Authentication\Exceptions\TokenPasswordExpiredException; use OC\Authentication\Exceptions\PasswordlessTokenException; use OC\Authentication\Exceptions\WipeTokenException; +use OCP\AppFramework\Db\TTransactional; use OCP\Cache\CappedMemoryCache; use OCP\AppFramework\Db\DoesNotExistException; use OCP\AppFramework\Utility\ITimeFactory; use OCP\IConfig; +use OCP\IDBConnection; use OCP\Security\ICrypto; use Psr\Log\LoggerInterface; class PublicKeyTokenProvider implements IProvider { + use TTransactional; + /** @var PublicKeyTokenMapper */ private $mapper; @@ -51,6 +55,8 @@ class PublicKeyTokenProvider implements IProvider { /** @var IConfig */ private $config; + private IDBConnection $db; + /** @var LoggerInterface */ private $logger; @@ -63,11 +69,13 @@ class PublicKeyTokenProvider implements IProvider { public function __construct(PublicKeyTokenMapper $mapper, ICrypto $crypto, IConfig $config, + IDBConnection $db, LoggerInterface $logger, ITimeFactory $time) { $this->mapper = $mapper; $this->crypto = $crypto; $this->config = $config; + $this->db = $db; $this->logger = $logger; $this->time = $time; @@ -158,31 +166,32 @@ class PublicKeyTokenProvider implements IProvider { public function renewSessionToken(string $oldSessionId, string $sessionId): IToken { $this->cache->clear(); - $token = $this->getToken($oldSessionId); - - if (!($token instanceof PublicKeyToken)) { - throw new InvalidTokenException("Invalid token type"); - } + return $this->atomic(function () use ($oldSessionId, $sessionId) { + $token = $this->getToken($oldSessionId); - $password = null; - if (!is_null($token->getPassword())) { - $privateKey = $this->decrypt($token->getPrivateKey(), $oldSessionId); - $password = $this->decryptPassword($token->getPassword(), $privateKey); - } - - $newToken = $this->generateToken( - $sessionId, - $token->getUID(), - $token->getLoginName(), - $password, - $token->getName(), - IToken::TEMPORARY_TOKEN, - $token->getRemember() - ); - - $this->mapper->delete($token); + if (!($token instanceof PublicKeyToken)) { + throw new InvalidTokenException("Invalid token type"); + } - return $newToken; + $password = null; + if (!is_null($token->getPassword())) { + $privateKey = $this->decrypt($token->getPrivateKey(), $oldSessionId); + $password = $this->decryptPassword($token->getPassword(), $privateKey); + } + $newToken = $this->generateToken( + $sessionId, + $token->getUID(), + $token->getLoginName(), + $password, + $token->getName(), + IToken::TEMPORARY_TOKEN, + $token->getRemember() + ); + + $this->mapper->delete($token); + + return $newToken; + }, $this->db); } public function invalidateToken(string $token) { diff --git a/tests/lib/Authentication/Token/PublicKeyTokenProviderTest.php b/tests/lib/Authentication/Token/PublicKeyTokenProviderTest.php index 1ef0aa80817..2e39bbaa8db 100644 --- a/tests/lib/Authentication/Token/PublicKeyTokenProviderTest.php +++ b/tests/lib/Authentication/Token/PublicKeyTokenProviderTest.php @@ -1,4 +1,7 @@ <?php + +declare(strict_types=1); + /** * @copyright Copyright (c) 2018 Roeland Jago Douma <roeland@famdouma.nl> * @@ -34,6 +37,7 @@ use OCP\AppFramework\Db\DoesNotExistException; use OCP\AppFramework\Utility\ITimeFactory; use OCP\IConfig; use OCP\Security\ICrypto; +use PHPUnit\Framework\MockObject\MockObject; use Psr\Log\LoggerInterface; use Test\TestCase; @@ -46,6 +50,8 @@ class PublicKeyTokenProviderTest extends TestCase { private $crypto; /** @var IConfig|\PHPUnit\Framework\MockObject\MockObject */ private $config; + /** @var IDBConnection|IDBConnection|MockObject */ + private IDBConnection $db; /** @var LoggerInterface|\PHPUnit\Framework\MockObject\MockObject */ private $logger; /** @var ITimeFactory|\PHPUnit\Framework\MockObject\MockObject */ @@ -66,14 +72,24 @@ class PublicKeyTokenProviderTest extends TestCase { ['secret', '', '1f4h9s'], ['openssl', [], []], ]); + $this->db = $this->createMock(IDBConnection::class); + $this->db->method('atomic')->willReturnCallback(function ($cb) { + return $cb(); + }); $this->logger = $this->createMock(LoggerInterface::class); $this->timeFactory = $this->createMock(ITimeFactory::class); $this->time = 1313131; $this->timeFactory->method('getTime') ->willReturn($this->time); - $this->tokenProvider = new PublicKeyTokenProvider($this->mapper, $this->crypto, $this->config, $this->logger, - $this->timeFactory); + $this->tokenProvider = new PublicKeyTokenProvider( + $this->mapper, + $this->crypto, + $this->config, + $this->db, + $this->logger, + $this->timeFactory, + ); } public function testGenerateToken() { |