diff options
Diffstat (limited to 'apps/oauth2/lib/Db')
| -rw-r--r-- | apps/oauth2/lib/Db/AccessToken.php | 42 | ||||
| -rw-r--r-- | apps/oauth2/lib/Db/AccessTokenMapper.php | 81 | ||||
| -rw-r--r-- | apps/oauth2/lib/Db/Client.php | 28 | ||||
| -rw-r--r-- | apps/oauth2/lib/Db/ClientMapper.php | 67 |
4 files changed, 103 insertions, 115 deletions
diff --git a/apps/oauth2/lib/Db/AccessToken.php b/apps/oauth2/lib/Db/AccessToken.php index 8266a9a0068..34adc4f4797 100644 --- a/apps/oauth2/lib/Db/AccessToken.php +++ b/apps/oauth2/lib/Db/AccessToken.php @@ -1,27 +1,13 @@ <?php + /** - * @copyright Copyright (c) 2017 Lukas Reschke <lukas@statuscode.ch> - * - * @license GNU AGPL version 3 or any later version - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as - * published by the Free Software Foundation, either version 3 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - * + * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later */ - namespace OCA\OAuth2\Db; use OCP\AppFramework\Db\Entity; +use OCP\DB\Types; /** * @method int getTokenId() @@ -32,6 +18,10 @@ use OCP\AppFramework\Db\Entity; * @method void setEncryptedToken(string $token) * @method string getHashedCode() * @method void setHashedCode(string $token) + * @method int getCodeCreatedAt() + * @method void setCodeCreatedAt(int $createdAt) + * @method int getTokenCount() + * @method void setTokenCount(int $tokenCount) */ class AccessToken extends Entity { /** @var int */ @@ -42,12 +32,18 @@ class AccessToken extends Entity { protected $hashedCode; /** @var string */ protected $encryptedToken; + /** @var int */ + protected $codeCreatedAt; + /** @var int */ + protected $tokenCount; public function __construct() { - $this->addType('id', 'int'); - $this->addType('token_id', 'int'); - $this->addType('client_id', 'int'); - $this->addType('hashed_code', 'string'); - $this->addType('encrypted_token', 'string'); + $this->addType('id', Types::INTEGER); + $this->addType('tokenId', Types::INTEGER); + $this->addType('clientId', Types::INTEGER); + $this->addType('hashedCode', 'string'); + $this->addType('encryptedToken', 'string'); + $this->addType('codeCreatedAt', Types::INTEGER); + $this->addType('tokenCount', Types::INTEGER); } } diff --git a/apps/oauth2/lib/Db/AccessTokenMapper.php b/apps/oauth2/lib/Db/AccessTokenMapper.php index 2661c853372..8d5f6cf1da1 100644 --- a/apps/oauth2/lib/Db/AccessTokenMapper.php +++ b/apps/oauth2/lib/Db/AccessTokenMapper.php @@ -1,37 +1,31 @@ <?php + +declare(strict_types=1); + /** - * @copyright Copyright (c) 2017 Lukas Reschke <lukas@statuscode.ch> - * - * @license GNU AGPL version 3 or any later version - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as - * published by the Free Software Foundation, either version 3 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - * + * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later */ - namespace OCA\OAuth2\Db; +use OCA\OAuth2\Controller\OauthApiController; use OCA\OAuth2\Exceptions\AccessTokenNotFoundException; -use OCP\AppFramework\Db\Mapper; +use OCP\AppFramework\Db\IMapperException; +use OCP\AppFramework\Db\QBMapper; +use OCP\AppFramework\Utility\ITimeFactory; +use OCP\DB\Exception; use OCP\DB\QueryBuilder\IQueryBuilder; use OCP\IDBConnection; -class AccessTokenMapper extends Mapper { +/** + * @template-extends QBMapper<AccessToken> + */ +class AccessTokenMapper extends QBMapper { - /** - * @param IDBConnection $db - */ - public function __construct(IDBConnection $db) { + public function __construct( + IDBConnection $db, + private ITimeFactory $timeFactory, + ) { parent::__construct($db, 'oauth2_access_tokens'); } @@ -40,19 +34,20 @@ class AccessTokenMapper extends Mapper { * @return AccessToken * @throws AccessTokenNotFoundException */ - public function getByCode($code) { + public function getByCode(string $code): AccessToken { $qb = $this->db->getQueryBuilder(); $qb ->select('*') ->from($this->tableName) ->where($qb->expr()->eq('hashed_code', $qb->createNamedParameter(hash('sha512', $code)))); - $result = $qb->execute(); - $row = $result->fetch(); - $result->closeCursor(); - if($row === false) { - throw new AccessTokenNotFoundException(); + + try { + $token = $this->findEntity($qb); + } catch (IMapperException $e) { + throw new AccessTokenNotFoundException('Could not find access token', 0, $e); } - return AccessToken::fromRow($row); + + return $token; } /** @@ -60,11 +55,31 @@ class AccessTokenMapper extends Mapper { * * @param int $id */ - public function deleteByClientId($id) { + public function deleteByClientId(int $id) { $qb = $this->db->getQueryBuilder(); $qb ->delete($this->tableName) ->where($qb->expr()->eq('client_id', $qb->createNamedParameter($id, IQueryBuilder::PARAM_INT))); - $qb->execute(); + $qb->executeStatement(); + } + + /** + * Delete access tokens that have an expired authorization code + * -> those that are old enough + * and which never delivered any oauth token (still in authorization state) + * + * @return void + * @throws Exception + */ + public function cleanupExpiredAuthorizationCode(): void { + $now = $this->timeFactory->now()->getTimestamp(); + $maxTokenCreationTs = $now - OauthApiController::AUTHORIZATION_CODE_EXPIRES_AFTER; + + $qb = $this->db->getQueryBuilder(); + $qb + ->delete($this->tableName) + ->where($qb->expr()->eq('token_count', $qb->createNamedParameter(0, IQueryBuilder::PARAM_INT))) + ->andWhere($qb->expr()->lt('code_created_at', $qb->createNamedParameter($maxTokenCreationTs, IQueryBuilder::PARAM_INT))); + $qb->executeStatement(); } } diff --git a/apps/oauth2/lib/Db/Client.php b/apps/oauth2/lib/Db/Client.php index 85c1630cb15..8fce0040c96 100644 --- a/apps/oauth2/lib/Db/Client.php +++ b/apps/oauth2/lib/Db/Client.php @@ -1,27 +1,13 @@ <?php + /** - * @copyright Copyright (c) 2017 Lukas Reschke <lukas@statuscode.ch> - * - * @license GNU AGPL version 3 or any later version - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as - * published by the Free Software Foundation, either version 3 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - * + * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later */ - namespace OCA\OAuth2\Db; use OCP\AppFramework\Db\Entity; +use OCP\DB\Types; /** * @method string getClientIdentifier() @@ -44,10 +30,10 @@ class Client extends Entity { protected $secret; public function __construct() { - $this->addType('id', 'int'); + $this->addType('id', Types::INTEGER); $this->addType('name', 'string'); - $this->addType('redirect_uri', 'string'); - $this->addType('client_identifier', 'string'); + $this->addType('redirectUri', 'string'); + $this->addType('clientIdentifier', 'string'); $this->addType('secret', 'string'); } } diff --git a/apps/oauth2/lib/Db/ClientMapper.php b/apps/oauth2/lib/Db/ClientMapper.php index 9df07e2789f..c5ca2989d0f 100644 --- a/apps/oauth2/lib/Db/ClientMapper.php +++ b/apps/oauth2/lib/Db/ClientMapper.php @@ -1,32 +1,23 @@ <?php + +declare(strict_types=1); + /** - * @copyright Copyright (c) 2017 Lukas Reschke <lukas@statuscode.ch> - * - * @license GNU AGPL version 3 or any later version - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as - * published by the Free Software Foundation, either version 3 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - * + * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later */ - namespace OCA\OAuth2\Db; use OCA\OAuth2\Exceptions\ClientNotFoundException; -use OCP\AppFramework\Db\Mapper; +use OCP\AppFramework\Db\IMapperException; +use OCP\AppFramework\Db\QBMapper; use OCP\DB\QueryBuilder\IQueryBuilder; use OCP\IDBConnection; -class ClientMapper extends Mapper { +/** + * @template-extends QBMapper<Client> + */ +class ClientMapper extends QBMapper { /** * @param IDBConnection $db @@ -40,50 +31,50 @@ class ClientMapper extends Mapper { * @return Client * @throws ClientNotFoundException */ - public function getByIdentifier($clientIdentifier) { + public function getByIdentifier(string $clientIdentifier): Client { $qb = $this->db->getQueryBuilder(); $qb ->select('*') ->from($this->tableName) ->where($qb->expr()->eq('client_identifier', $qb->createNamedParameter($clientIdentifier))); - $result = $qb->execute(); - $row = $result->fetch(); - $result->closeCursor(); - if($row === false) { - throw new ClientNotFoundException(); + + try { + $client = $this->findEntity($qb); + } catch (IMapperException $e) { + throw new ClientNotFoundException('could not find client ' . $clientIdentifier, 0, $e); } - return Client::fromRow($row); + return $client; } /** - * @param string $uid internal uid of the client + * @param int $id internal id of the client * @return Client * @throws ClientNotFoundException */ - public function getByUid($uid) { + public function getByUid(int $id): Client { $qb = $this->db->getQueryBuilder(); $qb ->select('*') ->from($this->tableName) - ->where($qb->expr()->eq('id', $qb->createNamedParameter($uid, IQueryBuilder::PARAM_INT))); - $result = $qb->execute(); - $row = $result->fetch(); - $result->closeCursor(); - if($row === false) { - throw new ClientNotFoundException(); + ->where($qb->expr()->eq('id', $qb->createNamedParameter($id, IQueryBuilder::PARAM_INT))); + + try { + $client = $this->findEntity($qb); + } catch (IMapperException $e) { + throw new ClientNotFoundException('could not find client with id ' . $id, 0, $e); } - return Client::fromRow($row); + return $client; } /** * @return Client[] */ - public function getClients() { + public function getClients(): array { $qb = $this->db->getQueryBuilder(); $qb ->select('*') ->from($this->tableName); - return $this->findEntities($qb->getSQL()); + return $this->findEntities($qb); } } |