diff options
| -rw-r--r-- | core/Command/User/AuthTokens/Add.php (renamed from core/Command/User/AddAppPassword.php) | 7 | ||||
| -rw-r--r-- | core/Command/User/AuthTokens/Delete.php | 120 | ||||
| -rw-r--r-- | core/Command/User/AuthTokens/ListCommand.php | 100 | ||||
| -rw-r--r-- | core/register_command.php | 4 | ||||
| -rw-r--r-- | lib/composer/composer/autoload_classmap.php | 4 | ||||
| -rw-r--r-- | lib/composer/composer/autoload_static.php | 4 | ||||
| -rw-r--r-- | lib/private/Authentication/Token/IProvider.php | 5 | ||||
| -rw-r--r-- | lib/private/Authentication/Token/Manager.php | 4 | ||||
| -rw-r--r-- | lib/private/Authentication/Token/PublicKeyTokenMapper.php | 9 | ||||
| -rw-r--r-- | lib/private/Authentication/Token/PublicKeyTokenProvider.php | 6 | ||||
| -rw-r--r-- | tests/Core/Command/User/AuthTokens/DeleteTest.php | 170 | ||||
| -rw-r--r-- | tests/lib/Authentication/Token/ManagerTest.php | 8 | ||||
| -rw-r--r-- | tests/lib/Authentication/Token/PublicKeyTokenMapperTest.php | 34 | ||||
| -rw-r--r-- | tests/lib/Authentication/Token/PublicKeyTokenProviderTest.php | 8 |
14 files changed, 471 insertions, 12 deletions
diff --git a/core/Command/User/AddAppPassword.php b/core/Command/User/AuthTokens/Add.php index 8c506c8510e..e067c069c79 100644 --- a/core/Command/User/AddAppPassword.php +++ b/core/Command/User/AuthTokens/Add.php @@ -24,7 +24,7 @@ declare(strict_types=1); * along with this program. If not, see <http://www.gnu.org/licenses/>. * */ -namespace OC\Core\Command\User; +namespace OC\Core\Command\User\AuthTokens; use OC\Authentication\Events\AppPasswordCreatedEvent; use OC\Authentication\Token\IProvider; @@ -40,7 +40,7 @@ use Symfony\Component\Console\Input\InputOption; use Symfony\Component\Console\Output\OutputInterface; use Symfony\Component\Console\Question\Question; -class AddAppPassword extends Command { +class Add extends Command { public function __construct( protected IUserManager $userManager, protected IProvider $tokenProvider, @@ -52,7 +52,8 @@ class AddAppPassword extends Command { protected function configure() { $this - ->setName('user:add-app-password') + ->setName('user:auth-tokens:add') + ->setAliases(['user:add-app-password']) ->setDescription('Add app password for the named user') ->addArgument( 'user', diff --git a/core/Command/User/AuthTokens/Delete.php b/core/Command/User/AuthTokens/Delete.php new file mode 100644 index 00000000000..8cd6f2e6205 --- /dev/null +++ b/core/Command/User/AuthTokens/Delete.php @@ -0,0 +1,120 @@ +<?php +/** + * @copyright Copyright (c) 2023 Lucas Azevedo <lhs_azevedo@hotmail.com> + * + * @author Lucas Azevedo <lhs_azevedo@hotmail.com> + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ +namespace OC\Core\Command\User\AuthTokens; + +use DateTimeImmutable; +use OC\Core\Command\Base; +use OC\Authentication\Token\IProvider; +use Symfony\Component\Console\Command\Command; +use Symfony\Component\Console\Exception\RuntimeException; +use Symfony\Component\Console\Input\InputArgument; +use Symfony\Component\Console\Input\InputInterface; +use Symfony\Component\Console\Input\InputOption; +use Symfony\Component\Console\Output\OutputInterface; + +class Delete extends Base { + public function __construct( + protected IProvider $tokenProvider, + ) { + parent::__construct(); + } + + protected function configure(): void { + $this + ->setName('user:auth-tokens:delete') + ->setDescription('Deletes an authentication token') + ->addArgument( + 'uid', + InputArgument::REQUIRED, + 'ID of the user to delete tokens for' + ) + ->addArgument( + 'id', + InputArgument::OPTIONAL, + 'ID of the auth token to delete' + ) + ->addOption( + 'last-used-before', + null, + InputOption::VALUE_REQUIRED, + 'Delete tokens last used before a given date.' + ); + } + + protected function execute(InputInterface $input, OutputInterface $output): int { + $uid = $input->getArgument('uid'); + $id = (int) $input->getArgument('id'); + $before = $input->getOption('last-used-before'); + + if ($before) { + if ($id) { + throw new RuntimeException('Option --last-used-before cannot be used with [<id>]'); + } + + return $this->deleteLastUsedBefore($uid, $before); + } + + if (!$id) { + throw new RuntimeException('Not enough arguments. Specify the token <id> or use the --last-used-before option.'); + } + return $this->deleteById($uid, $id); + } + + protected function deleteById(string $uid, int $id): int { + $this->tokenProvider->invalidateTokenById($uid, $id); + + return Command::SUCCESS; + } + + protected function deleteLastUsedBefore(string $uid, string $before): int { + $date = $this->parseDateOption($before); + if (!$date) { + throw new RuntimeException('Invalid date format. Acceptable formats are: ISO8601 (w/o fractions), "YYYY-MM-DD" and Unix time in seconds.'); + } + + $this->tokenProvider->invalidateLastUsedBefore($uid, $date->getTimestamp()); + + return Command::SUCCESS; + } + + /** + * @return \DateTimeImmutable|false + */ + protected function parseDateOption(string $input) { + $date = false; + + // Handle Unix timestamp + if (filter_var($input, FILTER_VALIDATE_INT)) { + return new DateTimeImmutable('@' . $input); + } + + // ISO8601 + $date = DateTimeImmutable::createFromFormat(DateTimeImmutable::ATOM, $input); + if ($date) { + return $date; + } + + // YYYY-MM-DD + return DateTimeImmutable::createFromFormat('!Y-m-d', $input); + } +} diff --git a/core/Command/User/AuthTokens/ListCommand.php b/core/Command/User/AuthTokens/ListCommand.php new file mode 100644 index 00000000000..bfc49606259 --- /dev/null +++ b/core/Command/User/AuthTokens/ListCommand.php @@ -0,0 +1,100 @@ +<?php +/** + * @copyright Copyright (c) 2023 Lucas Azevedo <lhs_azevedo@hotmail.com> + * + * @author Lucas Azevedo <lhs_azevedo@hotmail.com> + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ +namespace OC\Core\Command\User\AuthTokens; + +use OC\Core\Command\Base; +use OC\Authentication\Token\IProvider; +use OC\Authentication\Token\IToken; +use OCP\IUserManager; +use Symfony\Component\Console\Input\InputArgument; +use Symfony\Component\Console\Input\InputInterface; +use Symfony\Component\Console\Output\OutputInterface; + +class ListCommand extends Base { + public function __construct( + protected IUserManager $userManager, + protected IProvider $tokenProvider, + ) { + parent::__construct(); + } + + protected function configure(): void { + parent::configure(); + + $this + ->setName('user:auth-tokens:list') + ->setDescription('List authentication tokens of an user') + ->addArgument( + 'user', + InputArgument::REQUIRED, + 'User to list auth tokens for' + ); + } + + protected function execute(InputInterface $input, OutputInterface $output): int { + $user = $this->userManager->get($input->getArgument('user')); + + if (is_null($user)) { + $output->writeln('<error>user not found</error>'); + return 1; + } + + $tokens = $this->tokenProvider->getTokenByUser($user->getUID()); + + $tokens = array_map(function (IToken $token) use ($input): mixed { + $sensitive = [ + 'password', + 'password_hash', + 'token', + 'public_key', + 'private_key', + ]; + $data = array_diff_key($token->jsonSerialize(), array_flip($sensitive)); + + if ($input->getOption('output') === self::OUTPUT_FORMAT_PLAIN) { + $data = $this->formatTokenForPlainOutput($data); + } + + return $data; + }, $tokens); + + $this->writeTableInOutputFormat($input, $output, $tokens); + + return 0; + } + + public function formatTokenForPlainOutput(array $token): array { + $token['scope'] = implode(', ', array_keys(array_filter($token['scope'] ?? []))); + + $token['lastActivity'] = date(DATE_ATOM, $token['lastActivity']); + + $token['type'] = match ($token['type']) { + IToken::TEMPORARY_TOKEN => 'temporary', + IToken::PERMANENT_TOKEN => 'permanent', + IToken::WIPE_TOKEN => 'wipe', + default => $token['type'], + }; + + return $token; + } +} diff --git a/core/register_command.php b/core/register_command.php index 63e56d7c228..d9e5dfcd775 100644 --- a/core/register_command.php +++ b/core/register_command.php @@ -193,7 +193,9 @@ if (\OC::$server->getConfig()->getSystemValue('installed', false)) { $application->add(new OC\Core\Command\User\ListCommand(\OC::$server->getUserManager(), \OC::$server->getGroupManager())); $application->add(new OC\Core\Command\User\Info(\OC::$server->getUserManager(), \OC::$server->getGroupManager())); $application->add(new OC\Core\Command\User\SyncAccountDataCommand(\OC::$server->getUserManager(), \OC::$server->get(\OCP\Accounts\IAccountManager::class))); - $application->add(new OC\Core\Command\User\AddAppPassword(\OC::$server->get(\OCP\IUserManager::class), \OC::$server->get(\OC\Authentication\Token\IProvider::class), \OC::$server->get(\OCP\Security\ISecureRandom::class), \OC::$server->get(\OCP\EventDispatcher\IEventDispatcher::class))); + $application->add(\OC::$server->get(\OC\Core\Command\User\AuthTokens\Add::class)); + $application->add(\OC::$server->get(\OC\Core\Command\User\AuthTokens\ListCommand::class)); + $application->add(\OC::$server->get(\OC\Core\Command\User\AuthTokens\Delete::class)); $application->add(new OC\Core\Command\Group\Add(\OC::$server->getGroupManager())); $application->add(new OC\Core\Command\Group\Delete(\OC::$server->getGroupManager())); diff --git a/lib/composer/composer/autoload_classmap.php b/lib/composer/composer/autoload_classmap.php index 0b1716d5678..704d59d000b 100644 --- a/lib/composer/composer/autoload_classmap.php +++ b/lib/composer/composer/autoload_classmap.php @@ -1042,7 +1042,9 @@ return array( 'OC\\Core\\Command\\TwoFactorAuth\\State' => $baseDir . '/core/Command/TwoFactorAuth/State.php', 'OC\\Core\\Command\\Upgrade' => $baseDir . '/core/Command/Upgrade.php', 'OC\\Core\\Command\\User\\Add' => $baseDir . '/core/Command/User/Add.php', - 'OC\\Core\\Command\\User\\AddAppPassword' => $baseDir . '/core/Command/User/AddAppPassword.php', + 'OC\\Core\\Command\\User\\AuthTokens\\Add' => $baseDir . '/core/Command/User/AuthTokens/Add.php', + 'OC\\Core\\Command\\User\\AuthTokens\\Delete' => $baseDir . '/core/Command/User/AuthTokens/Delete.php', + 'OC\\Core\\Command\\User\\AuthTokens\\ListCommand' => $baseDir . '/core/Command/User/AuthTokens/ListCommand.php', 'OC\\Core\\Command\\User\\Delete' => $baseDir . '/core/Command/User/Delete.php', 'OC\\Core\\Command\\User\\Disable' => $baseDir . '/core/Command/User/Disable.php', 'OC\\Core\\Command\\User\\Enable' => $baseDir . '/core/Command/User/Enable.php', diff --git a/lib/composer/composer/autoload_static.php b/lib/composer/composer/autoload_static.php index a4f48614d7b..fb3ef9ad3d0 100644 --- a/lib/composer/composer/autoload_static.php +++ b/lib/composer/composer/autoload_static.php @@ -1075,7 +1075,9 @@ class ComposerStaticInit749170dad3f5e7f9ca158f5a9f04f6a2 'OC\\Core\\Command\\TwoFactorAuth\\State' => __DIR__ . '/../../..' . '/core/Command/TwoFactorAuth/State.php', 'OC\\Core\\Command\\Upgrade' => __DIR__ . '/../../..' . '/core/Command/Upgrade.php', 'OC\\Core\\Command\\User\\Add' => __DIR__ . '/../../..' . '/core/Command/User/Add.php', - 'OC\\Core\\Command\\User\\AddAppPassword' => __DIR__ . '/../../..' . '/core/Command/User/AddAppPassword.php', + 'OC\\Core\\Command\\User\\AuthTokens\\Add' => __DIR__ . '/../../..' . '/core/Command/User/AuthTokens/Add.php', + 'OC\\Core\\Command\\User\\AuthTokens\\Delete' => __DIR__ . '/../../..' . '/core/Command/User/AuthTokens/Delete.php', + 'OC\\Core\\Command\\User\\AuthTokens\\ListCommand' => __DIR__ . '/../../..' . '/core/Command/User/AuthTokens/ListCommand.php', 'OC\\Core\\Command\\User\\Delete' => __DIR__ . '/../../..' . '/core/Command/User/Delete.php', 'OC\\Core\\Command\\User\\Disable' => __DIR__ . '/../../..' . '/core/Command/User/Disable.php', 'OC\\Core\\Command\\User\\Enable' => __DIR__ . '/../../..' . '/core/Command/User/Enable.php', diff --git a/lib/private/Authentication/Token/IProvider.php b/lib/private/Authentication/Token/IProvider.php index b5af3f3a5ee..a12d3ba34d9 100644 --- a/lib/private/Authentication/Token/IProvider.php +++ b/lib/private/Authentication/Token/IProvider.php @@ -110,6 +110,11 @@ interface IProvider { public function invalidateOldTokens(); /** + * Invalidate (delete) tokens last used before a given date + */ + public function invalidateLastUsedBefore(string $uid, int $before): void; + + /** * Save the updated token * * @param IToken $token diff --git a/lib/private/Authentication/Token/Manager.php b/lib/private/Authentication/Token/Manager.php index 761e799d298..6a1c7d4c1e7 100644 --- a/lib/private/Authentication/Token/Manager.php +++ b/lib/private/Authentication/Token/Manager.php @@ -204,6 +204,10 @@ class Manager implements IProvider, OCPIProvider { $this->publicKeyTokenProvider->invalidateOldTokens(); } + public function invalidateLastUsedBefore(string $uid, int $before): void { + $this->publicKeyTokenProvider->invalidateLastUsedBefore($uid, $before); + } + /** * @param IToken $token * @param string $oldTokenId diff --git a/lib/private/Authentication/Token/PublicKeyTokenMapper.php b/lib/private/Authentication/Token/PublicKeyTokenMapper.php index 8feb275b3b7..855639dd907 100644 --- a/lib/private/Authentication/Token/PublicKeyTokenMapper.php +++ b/lib/private/Authentication/Token/PublicKeyTokenMapper.php @@ -69,6 +69,15 @@ class PublicKeyTokenMapper extends QBMapper { ->execute(); } + public function invalidateLastUsedBefore(string $uid, int $before): int { + $qb = $this->db->getQueryBuilder(); + $qb->delete($this->tableName) + ->where($qb->expr()->eq('uid', $qb->createNamedParameter($uid))) + ->andWhere($qb->expr()->lt('last_activity', $qb->createNamedParameter($before, IQueryBuilder::PARAM_INT))) + ->andWhere($qb->expr()->eq('version', $qb->createNamedParameter(PublicKeyToken::VERSION, IQueryBuilder::PARAM_INT))); + return $qb->executeStatement(); + } + /** * Get the user UID for the given token * diff --git a/lib/private/Authentication/Token/PublicKeyTokenProvider.php b/lib/private/Authentication/Token/PublicKeyTokenProvider.php index f5fcd4dcef2..3fb11611076 100644 --- a/lib/private/Authentication/Token/PublicKeyTokenProvider.php +++ b/lib/private/Authentication/Token/PublicKeyTokenProvider.php @@ -273,6 +273,12 @@ class PublicKeyTokenProvider implements IProvider { $this->mapper->invalidateOld($rememberThreshold, IToken::REMEMBER); } + public function invalidateLastUsedBefore(string $uid, int $before): void { + $this->cache->clear(); + + $this->mapper->invalidateLastUsedBefore($uid, $before); + } + public function updateToken(IToken $token) { $this->cache->clear(); diff --git a/tests/Core/Command/User/AuthTokens/DeleteTest.php b/tests/Core/Command/User/AuthTokens/DeleteTest.php new file mode 100644 index 00000000000..528d4c6869b --- /dev/null +++ b/tests/Core/Command/User/AuthTokens/DeleteTest.php @@ -0,0 +1,170 @@ +<?php +/** + * @copyright Copyright (c) 2023 Lucas Azevedo <lhs_azevedo@hotmail.com> + * + * @author Lucas Azevedo <lhs_azevedo@hotmail.com> + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ +namespace Tests\Core\Command\User\AuthTokens; + +use OC\Core\Command\User\AuthTokens\Delete; +use OC\Authentication\Token\IProvider; +use Symfony\Component\Console\Command\Command; +use Symfony\Component\Console\Exception\RuntimeException; +use Symfony\Component\Console\Input\InputInterface; +use Symfony\Component\Console\Output\OutputInterface; +use Test\TestCase; + +class DeleteTest extends TestCase { + /** @var \PHPUnit\Framework\MockObject\MockObject */ + protected $tokenProvider; + /** @var \PHPUnit\Framework\MockObject\MockObject */ + protected $consoleInput; + /** @var \PHPUnit\Framework\MockObject\MockObject */ + protected $consoleOutput; + + /** @var \Symfony\Component\Console\Command\Command */ + protected $command; + + protected function setUp(): void { + parent::setUp(); + + $tokenProvider = $this->tokenProvider = $this->getMockBuilder(IProvider::class) + ->disableOriginalConstructor() + ->getMock(); + $this->consoleInput = $this->getMockBuilder(InputInterface::class)->getMock(); + $this->consoleOutput = $this->getMockBuilder(OutputInterface::class)->getMock(); + + /** @var \OC\Authentication\Token\IProvider $tokenProvider */ + $this->command = new Delete($tokenProvider); + } + + public function testDeleteTokenById() { + $this->consoleInput->expects($this->exactly(2)) + ->method('getArgument') + ->withConsecutive(['uid'], ['id']) + ->willReturnOnConsecutiveCalls('user', 42); + + $this->consoleInput->expects($this->once()) + ->method('getOption') + ->with('last-used-before') + ->willReturn(null); + + $this->tokenProvider->expects($this->once()) + ->method('invalidateTokenById') + ->with('user', 42); + + $result = self::invokePrivate($this->command, 'execute', [$this->consoleInput, $this->consoleOutput]); + $this->assertSame(Command::SUCCESS, $result); + } + + public function testDeleteTokenByIdRequiresTokenId() { + $this->consoleInput->expects($this->exactly(2)) + ->method('getArgument') + ->withConsecutive(['uid'], ['id']) + ->willReturnOnConsecutiveCalls('user', null); + + $this->consoleInput->expects($this->once()) + ->method('getOption') + ->with('last-used-before') + ->willReturn(null); + + $this->expectException(RuntimeException::class); + + $this->tokenProvider->expects($this->never())->method('invalidateTokenById'); + + $result = self::invokePrivate($this->command, 'execute', [$this->consoleInput, $this->consoleOutput]); + $this->assertSame(Command::FAILURE, $result); + } + + public function testDeleteTokensLastUsedBefore() { + $this->consoleInput->expects($this->exactly(2)) + ->method('getArgument') + ->withConsecutive(['uid'], ['id']) + ->willReturnOnConsecutiveCalls('user', null); + + $this->consoleInput->expects($this->once()) + ->method('getOption') + ->with('last-used-before') + ->willReturn('946684800'); + + $this->tokenProvider->expects($this->once()) + ->method('invalidateLastUsedBefore') + ->with('user', 946684800); + + $result = self::invokePrivate($this->command, 'execute', [$this->consoleInput, $this->consoleOutput]); + $this->assertSame(Command::SUCCESS, $result); + } + + public function testLastUsedBeforeAcceptsIso8601Expanded() { + $this->consoleInput->expects($this->exactly(2)) + ->method('getArgument') + ->withConsecutive(['uid'], ['id']) + ->willReturnOnConsecutiveCalls('user', null); + + $this->consoleInput->expects($this->once()) + ->method('getOption') + ->with('last-used-before') + ->willReturn('2000-01-01T00:00:00Z'); + + $this->tokenProvider->expects($this->once()) + ->method('invalidateLastUsedBefore') + ->with('user', 946684800); + + $result = self::invokePrivate($this->command, 'execute', [$this->consoleInput, $this->consoleOutput]); + $this->assertSame(Command::SUCCESS, $result); + } + + public function testLastUsedBeforeAcceptsYmd() { + $this->consoleInput->expects($this->exactly(2)) + ->method('getArgument') + ->withConsecutive(['uid'], ['id']) + ->willReturnOnConsecutiveCalls('user', null); + + $this->consoleInput->expects($this->once()) + ->method('getOption') + ->with('last-used-before') + ->willReturn('2000-01-01'); + + $this->tokenProvider->expects($this->once()) + ->method('invalidateLastUsedBefore') + ->with('user', 946684800); + + $result = self::invokePrivate($this->command, 'execute', [$this->consoleInput, $this->consoleOutput]); + $this->assertSame(Command::SUCCESS, $result); + } + + public function testIdAndLastUsedBeforeAreMutuallyExclusive() { + $this->consoleInput->expects($this->exactly(2)) + ->method('getArgument') + ->withConsecutive(['uid'], ['id']) + ->willReturnOnConsecutiveCalls('user', 42); + + $this->consoleInput->expects($this->once()) + ->method('getOption') + ->with('last-used-before') + ->willReturn('946684800'); + + $this->expectException(RuntimeException::class); + + $this->tokenProvider->expects($this->never())->method('invalidateLastUsedBefore'); + + $result = self::invokePrivate($this->command, 'execute', [$this->consoleInput, $this->consoleOutput]); + $this->assertSame(Command::SUCCESS, $result); + } +} diff --git a/tests/lib/Authentication/Token/ManagerTest.php b/tests/lib/Authentication/Token/ManagerTest.php index de3e5e1c362..3dd889dcae2 100644 --- a/tests/lib/Authentication/Token/ManagerTest.php +++ b/tests/lib/Authentication/Token/ManagerTest.php @@ -243,6 +243,14 @@ class ManagerTest extends TestCase { $this->manager->invalidateOldTokens(); } + public function testInvalidateLastUsedBefore() { + $this->publicKeyTokenProvider->expects($this->once()) + ->method('invalidateLastUsedBefore') + ->with('user', 946684800); + + $this->manager->invalidateLastUsedBefore('user', 946684800); + } + public function testGetTokenByUser() { $t1 = new PublicKeyToken(); $t2 = new PublicKeyToken(); diff --git a/tests/lib/Authentication/Token/PublicKeyTokenMapperTest.php b/tests/lib/Authentication/Token/PublicKeyTokenMapperTest.php index 27646f19888..68962b26931 100644 --- a/tests/lib/Authentication/Token/PublicKeyTokenMapperTest.php +++ b/tests/lib/Authentication/Token/PublicKeyTokenMapperTest.php @@ -113,6 +113,20 @@ class PublicKeyTokenMapperTest extends TestCase { 'version' => $qb->createNamedParameter(2), 'password_invalid' => $qb->createNamedParameter(1), ])->execute(); + $qb->insert('authtoken')->values([ + 'uid' => $qb->createNamedParameter('user3'), + 'login_name' => $qb->createNamedParameter('User3'), + 'password' => $qb->createNamedParameter('063de945d6f6b26862d9b6f40652f2d5|DZ/z520tfdXPtd0T|395f6b89be8d9d605e409e20b9d9abe477fde1be38a3223f9e508f979bf906e50d9eaa4dca983ca4fb22a241eb696c3f98654e7775f78c4caf13108f98642b53'), + 'name' => $qb->createNamedParameter('Iceweasel on Linux'), + 'token' => $qb->createNamedParameter('84c5808c6445b6d65b8aa5b03840f09b27de603f0fb970906fb14ea4b115b7bf5ec53fada5c093fe46afdcd7bbc9617253a4d105f7dfb32719f9973d72412f31'), + 'type' => $qb->createNamedParameter(IToken::PERMANENT_TOKEN), + 'last_activity' => $qb->createNamedParameter($this->time - 60 * 3, IQueryBuilder::PARAM_INT), // Three minutes ago + 'last_check' => $this->time - 60 * 10, // 10mins ago + 'public_key' => $qb->createNamedParameter('public key'), + 'private_key' => $qb->createNamedParameter('private key'), + 'version' => $qb->createNamedParameter(2), + 'password_invalid' => $qb->createNamedParameter(1), + ])->execute(); } private function getNumberOfTokens() { @@ -129,7 +143,7 @@ class PublicKeyTokenMapperTest extends TestCase { $this->mapper->invalidate($token); - $this->assertSame(3, $this->getNumberOfTokens()); + $this->assertSame(4, $this->getNumberOfTokens()); } public function testInvalidateInvalid() { @@ -137,7 +151,7 @@ class PublicKeyTokenMapperTest extends TestCase { $this->mapper->invalidate($token); - $this->assertSame(4, $this->getNumberOfTokens()); + $this->assertSame(5, $this->getNumberOfTokens()); } public function testInvalidateOld() { @@ -145,7 +159,15 @@ class PublicKeyTokenMapperTest extends TestCase { $this->mapper->invalidateOld($olderThan); - $this->assertSame(3, $this->getNumberOfTokens()); + $this->assertSame(4, $this->getNumberOfTokens()); + } + + public function testInvalidateLastUsedBefore() { + $before = $this->time - 60 * 2; // Two minutes + + $this->mapper->invalidateLastUsedBefore('user3', $before); + + $this->assertSame(4, $this->getNumberOfTokens()); } public function testGetToken() { @@ -238,7 +260,7 @@ class PublicKeyTokenMapperTest extends TestCase { $id = $result->fetch()['id']; $this->mapper->deleteById('user1', (int)$id); - $this->assertEquals(3, $this->getNumberOfTokens()); + $this->assertEquals(4, $this->getNumberOfTokens()); } public function testDeleteByIdWrongUser() { @@ -247,7 +269,7 @@ class PublicKeyTokenMapperTest extends TestCase { $id = 33; $this->mapper->deleteById('user1000', $id); - $this->assertEquals(4, $this->getNumberOfTokens()); + $this->assertEquals(5, $this->getNumberOfTokens()); } public function testDeleteByName() { @@ -258,7 +280,7 @@ class PublicKeyTokenMapperTest extends TestCase { $result = $qb->execute(); $name = $result->fetch()['name']; $this->mapper->deleteByName($name); - $this->assertEquals(3, $this->getNumberOfTokens()); + $this->assertEquals(4, $this->getNumberOfTokens()); } public function testHasExpiredTokens() { diff --git a/tests/lib/Authentication/Token/PublicKeyTokenProviderTest.php b/tests/lib/Authentication/Token/PublicKeyTokenProviderTest.php index e37ef68852d..b3f5241877e 100644 --- a/tests/lib/Authentication/Token/PublicKeyTokenProviderTest.php +++ b/tests/lib/Authentication/Token/PublicKeyTokenProviderTest.php @@ -361,6 +361,14 @@ class PublicKeyTokenProviderTest extends TestCase { $this->tokenProvider->invalidateOldTokens(); } + public function testInvalidateLastUsedBefore() { + $this->mapper->expects($this->once()) + ->method('invalidateLastUsedBefore') + ->with('user', 946684800); + + $this->tokenProvider->invalidateLastUsedBefore('user', 946684800); + } + public function testRenewSessionTokenWithoutPassword() { $token = 'oldIdtokentokentokentoken'; $uid = 'user'; |