diff options
| -rw-r--r-- | build/integration/features/bootstrap/Auth.php | 20 | ||||
| -rw-r--r-- | core/Application.php | 1 | ||||
| -rw-r--r-- | core/Controller/TokenController.php | 105 | ||||
| -rw-r--r-- | core/routes.php | 1 | ||||
| -rw-r--r-- | lib/composer/composer/autoload_classmap.php | 1 | ||||
| -rw-r--r-- | lib/composer/composer/autoload_static.php | 1 | ||||
| -rw-r--r-- | tests/Core/Controller/TokenControllerTest.php | 130 |
7 files changed, 14 insertions, 245 deletions
diff --git a/build/integration/features/bootstrap/Auth.php b/build/integration/features/bootstrap/Auth.php index e0eb5393bb8..f4b1a3e5b47 100644 --- a/build/integration/features/bootstrap/Auth.php +++ b/build/integration/features/bootstrap/Auth.php @@ -67,13 +67,21 @@ trait Auth { * @Given a new client token is used */ public function aNewClientTokenIsUsed() { + $this->loggingInUsingWebAs('user0'); + + $fullUrl = substr($this->baseUrl, 0, -5) . '/index.php/settings/personal/authtokens'; $client = new Client(); - $resp = $client->post(substr($this->baseUrl, 0, -5) . '/token/generate', [ - 'json' => [ - 'user' => 'user0', - 'password' => '123456', - ] - ]); + $options = [ + 'auth' => ['user0', '123456'], + 'body' => [ + 'requesttoken' => $this->requestToken, + 'name' => md5(microtime()), + ], + 'cookies' => $this->cookieJar, + ]; + + $resp = $client->send($client->createRequest('POST', $fullUrl, $options)); + $this->clientToken = json_decode($resp->getBody()->getContents())->token; } diff --git a/core/Application.php b/core/Application.php index 4fa83f09854..97b1e1d37f1 100644 --- a/core/Application.php +++ b/core/Application.php @@ -49,6 +49,5 @@ class Application extends App { $container->registerService('defaultMailAddress', function() { return Util::getDefaultEmailAddress('lostpassword-noreply'); }); - $container->registerAlias(IProvider::class, DefaultTokenProvider::class); } } diff --git a/core/Controller/TokenController.php b/core/Controller/TokenController.php deleted file mode 100644 index 865bae9665c..00000000000 --- a/core/Controller/TokenController.php +++ /dev/null @@ -1,105 +0,0 @@ -<?php -/** - * @copyright Copyright (c) 2016, ownCloud, Inc. - * - * @author Christoph Wurst <christoph@owncloud.com> - * @author Lukas Reschke <lukas@statuscode.ch> - * - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * - */ - -namespace OC\Core\Controller; - -use OC\AppFramework\Http; -use OC\Authentication\Token\IProvider; -use OC\Authentication\Token\IToken; -use OC\Authentication\TwoFactorAuth\Manager as TwoFactorAuthManager; -use OCP\AppFramework\Controller; -use OCP\AppFramework\Http\JSONResponse; -use OCP\IRequest; -use OCP\IUserManager; -use OCP\Security\ISecureRandom; - -class TokenController extends Controller { - /** @var IUserManager */ - private $userManager; - /** @var IProvider */ - private $tokenProvider; - /** @var TwoFactorAuthManager */ - private $twoFactorAuthManager; - /** @var ISecureRandom */ - private $secureRandom; - - /** - * @param string $appName - * @param IRequest $request - * @param IUserManager $userManager - * @param IProvider $tokenProvider - * @param TwoFactorAuthManager $twoFactorAuthManager - * @param ISecureRandom $secureRandom - */ - public function __construct($appName, - IRequest $request, - IUserManager $userManager, - IProvider $tokenProvider, - TwoFactorAuthManager $twoFactorAuthManager, - ISecureRandom $secureRandom) { - parent::__construct($appName, $request); - $this->userManager = $userManager; - $this->tokenProvider = $tokenProvider; - $this->secureRandom = $secureRandom; - $this->twoFactorAuthManager = $twoFactorAuthManager; - } - - /** - * Generate a new access token clients can authenticate with - * - * @PublicPage - * @NoCSRFRequired - * - * @param string $user - * @param string $password - * @param string $name the name of the client - * @return JSONResponse - */ - public function generateToken($user, $password, $name = 'unknown client') { - if (is_null($user) || is_null($password)) { - $response = new JSONResponse(); - $response->setStatus(Http::STATUS_UNPROCESSABLE_ENTITY); - return $response; - } - $loginName = $user; - $user = $this->userManager->checkPassword($loginName, $password); - if ($user === false) { - $response = new JSONResponse(); - $response->setStatus(Http::STATUS_UNAUTHORIZED); - return $response; - } - - if ($this->twoFactorAuthManager->isTwoFactorAuthenticated($user)) { - $resp = new JSONResponse(); - $resp->setStatus(Http::STATUS_UNAUTHORIZED); - return $resp; - } - - $token = $this->secureRandom->generate(128); - $this->tokenProvider->generateToken($token, $user->getUID(), $loginName, $password, $name, IToken::PERMANENT_TOKEN); - return new JSONResponse([ - 'token' => $token, - ]); - } - -} diff --git a/core/routes.php b/core/routes.php index b04b0db4ce7..337f6fb27c3 100644 --- a/core/routes.php +++ b/core/routes.php @@ -48,7 +48,6 @@ $application->registerRoutes($this, [ ['name' => 'login#tryLogin', 'url' => '/login', 'verb' => 'POST'], ['name' => 'login#showLoginForm', 'url' => '/login', 'verb' => 'GET'], ['name' => 'login#logout', 'url' => '/logout', 'verb' => 'GET'], - ['name' => 'token#generateToken', 'url' => '/token/generate', 'verb' => 'POST'], ['name' => 'TwoFactorChallenge#selectChallenge', 'url' => '/login/selectchallenge', 'verb' => 'GET'], ['name' => 'TwoFactorChallenge#showChallenge', 'url' => '/login/challenge/{challengeProviderId}', 'verb' => 'GET'], ['name' => 'TwoFactorChallenge#solveChallenge', 'url' => '/login/challenge/{challengeProviderId}', 'verb' => 'POST'], diff --git a/lib/composer/composer/autoload_classmap.php b/lib/composer/composer/autoload_classmap.php index 75929bdbefe..2fa4df4d9e9 100644 --- a/lib/composer/composer/autoload_classmap.php +++ b/lib/composer/composer/autoload_classmap.php @@ -399,7 +399,6 @@ return array( 'OC\\Core\\Controller\\LostController' => $baseDir . '/core/Controller/LostController.php', 'OC\\Core\\Controller\\OCSController' => $baseDir . '/core/Controller/OCSController.php', 'OC\\Core\\Controller\\SetupController' => $baseDir . '/core/Controller/SetupController.php', - 'OC\\Core\\Controller\\TokenController' => $baseDir . '/core/Controller/TokenController.php', 'OC\\Core\\Controller\\TwoFactorChallengeController' => $baseDir . '/core/Controller/TwoFactorChallengeController.php', 'OC\\Core\\Controller\\UserController' => $baseDir . '/core/Controller/UserController.php', 'OC\\Core\\Middleware\\TwoFactorMiddleware' => $baseDir . '/core/Middleware/TwoFactorMiddleware.php', diff --git a/lib/composer/composer/autoload_static.php b/lib/composer/composer/autoload_static.php index e07e07edc4b..ad493bfb041 100644 --- a/lib/composer/composer/autoload_static.php +++ b/lib/composer/composer/autoload_static.php @@ -429,7 +429,6 @@ class ComposerStaticInit53792487c5a8370acc0b06b1a864ff4c 'OC\\Core\\Controller\\LostController' => __DIR__ . '/../../..' . '/core/Controller/LostController.php', 'OC\\Core\\Controller\\OCSController' => __DIR__ . '/../../..' . '/core/Controller/OCSController.php', 'OC\\Core\\Controller\\SetupController' => __DIR__ . '/../../..' . '/core/Controller/SetupController.php', - 'OC\\Core\\Controller\\TokenController' => __DIR__ . '/../../..' . '/core/Controller/TokenController.php', 'OC\\Core\\Controller\\TwoFactorChallengeController' => __DIR__ . '/../../..' . '/core/Controller/TwoFactorChallengeController.php', 'OC\\Core\\Controller\\UserController' => __DIR__ . '/../../..' . '/core/Controller/UserController.php', 'OC\\Core\\Middleware\\TwoFactorMiddleware' => __DIR__ . '/../../..' . '/core/Middleware/TwoFactorMiddleware.php', diff --git a/tests/Core/Controller/TokenControllerTest.php b/tests/Core/Controller/TokenControllerTest.php deleted file mode 100644 index 0e965aac2e5..00000000000 --- a/tests/Core/Controller/TokenControllerTest.php +++ /dev/null @@ -1,130 +0,0 @@ -<?php - -/** - * @author Christoph Wurst <christoph@owncloud.com> - * - * @copyright Copyright (c) 2016, ownCloud, Inc. - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * - */ - -namespace Tests\Core\Controller; - -use OC\AppFramework\Http; -use OC\Authentication\Token\IToken; -use OC\Core\Controller\TokenController; -use OCP\AppFramework\Http\JSONResponse; -use Test\TestCase; - -class TokenControllerTest extends TestCase { - - /** \OC\Core\Controller\TokenController */ - private $tokenController; - private $request; - private $userManager; - private $tokenProvider; - private $twoFactorAuthManager; - private $secureRandom; - - protected function setUp() { - parent::setUp(); - - $this->request = $this->getMockBuilder('\OCP\IRequest')->getMock(); - $this->userManager = $this->getMockBuilder('\OC\User\Manager') - ->disableOriginalConstructor() - ->getMock(); - $this->tokenProvider = $this->getMockBuilder('\OC\Authentication\Token\IProvider') - ->getMock(); - $this->twoFactorAuthManager = $this->getMockBuilder('\OC\Authentication\TwoFactorAuth\Manager') - ->disableOriginalConstructor() - ->getMock(); - $this->secureRandom = $this->getMockBuilder('\OCP\Security\ISecureRandom') - ->getMock(); - - $this->tokenController = new TokenController('core', $this->request, $this->userManager, $this->tokenProvider, $this->twoFactorAuthManager, $this->secureRandom); - } - - public function testWithoutCredentials() { - $expected = new JSONResponse(); - $expected->setStatus(Http::STATUS_UNPROCESSABLE_ENTITY); - - $actual = $this->tokenController->generateToken(null, null); - - $this->assertEquals($expected, $actual); - } - - public function testWithInvalidCredentials() { - $this->userManager->expects($this->once()) - ->method('checkPassword') - ->with('john', 'passme') - ->will($this->returnValue(false)); - $expected = new JSONResponse(); - $expected->setStatus(Http::STATUS_UNAUTHORIZED); - - $actual = $this->tokenController->generateToken('john', 'passme'); - - $this->assertEquals($expected, $actual); - } - - public function testWithValidCredentials() { - $user = $this->getMockBuilder('\OCP\IUser')->getMock(); - $this->userManager->expects($this->once()) - ->method('checkPassword') - ->with('john', '123456') - ->will($this->returnValue($user)); - $user->expects($this->once()) - ->method('getUID') - ->will($this->returnValue('john')); - $this->twoFactorAuthManager->expects($this->once()) - ->method('isTwoFactorAuthenticated') - ->with($user) - ->will($this->returnValue(false)); - $this->secureRandom->expects($this->once()) - ->method('generate') - ->with(128) - ->will($this->returnValue('verysecurerandomtoken')); - $this->tokenProvider->expects($this->once()) - ->method('generateToken') - ->with('verysecurerandomtoken', 'john', 'john', '123456', 'unknown client', IToken::PERMANENT_TOKEN); - $expected = new JSONResponse([ - 'token' => 'verysecurerandomtoken' - ]); - - $actual = $this->tokenController->generateToken('john', '123456'); - - $this->assertEquals($expected, $actual); - } - - public function testWithValidCredentialsBut2faEnabled() { - $user = $this->getMockBuilder('\OCP\IUser')->getMock(); - $this->userManager->expects($this->once()) - ->method('checkPassword') - ->with('john', '123456') - ->will($this->returnValue($user)); - $this->twoFactorAuthManager->expects($this->once()) - ->method('isTwoFactorAuthenticated') - ->with($user) - ->will($this->returnValue(true)); - $this->secureRandom->expects($this->never()) - ->method('generate'); - $expected = new JSONResponse(); - $expected->setStatus(Http::STATUS_UNAUTHORIZED); - - $actual = $this->tokenController->generateToken('john', '123456'); - - $this->assertEquals($expected, $actual); - } - -} |