diff options
Diffstat (limited to 'lib/private/Authentication/Token/DefaultTokenProvider.php')
| -rw-r--r-- | lib/private/Authentication/Token/DefaultTokenProvider.php | 343 |
1 files changed, 0 insertions, 343 deletions
diff --git a/lib/private/Authentication/Token/DefaultTokenProvider.php b/lib/private/Authentication/Token/DefaultTokenProvider.php deleted file mode 100644 index c10d7f17bc2..00000000000 --- a/lib/private/Authentication/Token/DefaultTokenProvider.php +++ /dev/null @@ -1,343 +0,0 @@ -<?php - -declare(strict_types=1); - -/** - * @copyright Copyright (c) 2016, ownCloud, Inc. - * @copyright Copyright (c) 2016, Christoph Wurst <christoph@winzerhof-wurst.at> - * - * @author Christoph Wurst <christoph@winzerhof-wurst.at> - * @author Flávio Gomes da Silva Lisboa <flavio.lisboa@serpro.gov.br> - * @author Joas Schilling <coding@schilljs.com> - * @author Lukas Reschke <lukas@statuscode.ch> - * @author Martin <github@diemattels.at> - * @author Robin Appelman <robin@icewind.nl> - * @author Roeland Jago Douma <roeland@famdouma.nl> - * - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * - */ -namespace OC\Authentication\Token; - -use Exception; -use OC\Authentication\Exceptions\ExpiredTokenException; -use OC\Authentication\Exceptions\InvalidTokenException; -use OC\Authentication\Exceptions\PasswordlessTokenException; -use OCP\AppFramework\Db\DoesNotExistException; -use OCP\AppFramework\Utility\ITimeFactory; -use OCP\IConfig; -use OCP\Security\ICrypto; -use Psr\Log\LoggerInterface; - -class DefaultTokenProvider implements IProvider { - - /** @var DefaultTokenMapper */ - private $mapper; - - /** @var ICrypto */ - private $crypto; - - /** @var IConfig */ - private $config; - - /** @var LoggerInterface */ - private $logger; - - /** @var ITimeFactory */ - private $time; - - public function __construct(DefaultTokenMapper $mapper, - ICrypto $crypto, - IConfig $config, - LoggerInterface $logger, - ITimeFactory $time) { - $this->mapper = $mapper; - $this->crypto = $crypto; - $this->config = $config; - $this->logger = $logger; - $this->time = $time; - } - - /** - * {@inheritDoc} - */ - public function generateToken(string $token, - string $uid, - string $loginName, - ?string $password, - string $name, - int $type = IToken::TEMPORARY_TOKEN, - int $remember = IToken::DO_NOT_REMEMBER): IToken { - $dbToken = new DefaultToken(); - $dbToken->setUid($uid); - $dbToken->setLoginName($loginName); - if (!is_null($password)) { - $dbToken->setPassword($this->encryptPassword($password, $token)); - } - $dbToken->setName($name); - $dbToken->setToken($this->hashToken($token)); - $dbToken->setType($type); - $dbToken->setRemember($remember); - $dbToken->setLastActivity($this->time->getTime()); - $dbToken->setLastCheck($this->time->getTime()); - $dbToken->setVersion(DefaultToken::VERSION); - - $this->mapper->insert($dbToken); - - return $dbToken; - } - - /** - * Save the updated token - * - * @param IToken $token - * @throws InvalidTokenException - */ - public function updateToken(IToken $token) { - if (!($token instanceof DefaultToken)) { - throw new InvalidTokenException("Invalid token type"); - } - $this->mapper->update($token); - } - - /** - * Update token activity timestamp - * - * @throws InvalidTokenException - * @param IToken $token - */ - public function updateTokenActivity(IToken $token) { - if (!($token instanceof DefaultToken)) { - throw new InvalidTokenException("Invalid token type"); - } - /** @var DefaultToken $token */ - $now = $this->time->getTime(); - if ($token->getLastActivity() < ($now - 60)) { - // Update token only once per minute - $token->setLastActivity($now); - $this->mapper->update($token); - } - } - - public function getTokenByUser(string $uid): array { - return $this->mapper->getTokenByUser($uid); - } - - /** - * Get a token by token - * - * @param string $tokenId - * @throws InvalidTokenException - * @throws ExpiredTokenException - * @return IToken - */ - public function getToken(string $tokenId): IToken { - try { - $token = $this->mapper->getToken($this->hashToken($tokenId)); - } catch (DoesNotExistException $ex) { - throw new InvalidTokenException("Token does not exist", 0, $ex); - } - - if ((int)$token->getExpires() !== 0 && $token->getExpires() < $this->time->getTime()) { - throw new ExpiredTokenException($token); - } - - return $token; - } - - /** - * Get a token by token id - * - * @param int $tokenId - * @throws InvalidTokenException - * @throws ExpiredTokenException - * @return IToken - */ - public function getTokenById(int $tokenId): IToken { - try { - $token = $this->mapper->getTokenById($tokenId); - } catch (DoesNotExistException $ex) { - throw new InvalidTokenException("Token with ID $tokenId does not exist", 0, $ex); - } - - if ((int)$token->getExpires() !== 0 && $token->getExpires() < $this->time->getTime()) { - throw new ExpiredTokenException($token); - } - - return $token; - } - - /** - * @param string $oldSessionId - * @param string $sessionId - * @throws InvalidTokenException - * @return IToken - */ - public function renewSessionToken(string $oldSessionId, string $sessionId): IToken { - $token = $this->getToken($oldSessionId); - - $newToken = new DefaultToken(); - $newToken->setUid($token->getUID()); - $newToken->setLoginName($token->getLoginName()); - if (!is_null($token->getPassword())) { - $password = $this->decryptPassword($token->getPassword(), $oldSessionId); - $newToken->setPassword($this->encryptPassword($password, $sessionId)); - } - $newToken->setName($token->getName()); - $newToken->setToken($this->hashToken($sessionId)); - $newToken->setType(IToken::TEMPORARY_TOKEN); - $newToken->setRemember($token->getRemember()); - $newToken->setLastActivity($this->time->getTime()); - $this->mapper->insert($newToken); - $this->mapper->delete($token); - - return $newToken; - } - - /** - * @param IToken $savedToken - * @param string $tokenId session token - * @throws InvalidTokenException - * @throws PasswordlessTokenException - * @return string - */ - public function getPassword(IToken $savedToken, string $tokenId): string { - $password = $savedToken->getPassword(); - if ($password === null || $password === '') { - throw new PasswordlessTokenException(); - } - return $this->decryptPassword($password, $tokenId); - } - - /** - * Encrypt and set the password of the given token - * - * @param IToken $token - * @param string $tokenId - * @param string $password - * @throws InvalidTokenException - */ - public function setPassword(IToken $token, string $tokenId, string $password) { - if (!($token instanceof DefaultToken)) { - throw new InvalidTokenException("Invalid token type"); - } - /** @var DefaultToken $token */ - $token->setPassword($this->encryptPassword($password, $tokenId)); - $this->mapper->update($token); - } - - /** - * Invalidate (delete) the given session token - * - * @param string $token - */ - public function invalidateToken(string $token) { - $this->mapper->invalidate($this->hashToken($token)); - } - - public function invalidateTokenById(string $uid, int $id) { - $this->mapper->deleteById($uid, $id); - } - - /** - * Invalidate (delete) old session tokens - */ - public function invalidateOldTokens() { - $olderThan = $this->time->getTime() - (int) $this->config->getSystemValue('session_lifetime', 60 * 60 * 24); - $this->logger->debug('Invalidating session tokens older than ' . date('c', $olderThan), ['app' => 'cron']); - $this->mapper->invalidateOld($olderThan, IToken::DO_NOT_REMEMBER); - $rememberThreshold = $this->time->getTime() - (int) $this->config->getSystemValue('remember_login_cookie_lifetime', 60 * 60 * 24 * 15); - $this->logger->debug('Invalidating remembered session tokens older than ' . date('c', $rememberThreshold), ['app' => 'cron']); - $this->mapper->invalidateOld($rememberThreshold, IToken::REMEMBER); - } - - /** - * Rotate the token. Usefull for for example oauth tokens - * - * @param IToken $token - * @param string $oldTokenId - * @param string $newTokenId - * @return IToken - */ - public function rotate(IToken $token, string $oldTokenId, string $newTokenId): IToken { - try { - $password = $this->getPassword($token, $oldTokenId); - $token->setPassword($this->encryptPassword($password, $newTokenId)); - } catch (PasswordlessTokenException $e) { - } - - $token->setToken($this->hashToken($newTokenId)); - $this->updateToken($token); - - return $token; - } - - /** - * @param string $token - * @return string - */ - private function hashToken(string $token): string { - $secret = $this->config->getSystemValue('secret'); - return hash('sha512', $token . $secret); - } - - /** - * Encrypt the given password - * - * The token is used as key - * - * @param string $password - * @param string $token - * @return string encrypted password - */ - private function encryptPassword(string $password, string $token): string { - $secret = $this->config->getSystemValue('secret'); - return $this->crypto->encrypt($password, $token . $secret); - } - - /** - * Decrypt the given password - * - * The token is used as key - * - * @param string $password - * @param string $token - * @throws InvalidTokenException - * @return string the decrypted key - */ - private function decryptPassword(string $password, string $token): string { - $secret = $this->config->getSystemValue('secret'); - try { - return $this->crypto->decrypt($password, $token . $secret); - } catch (Exception $ex) { - // Delete the invalid token - $this->invalidateToken($token); - throw new InvalidTokenException("Can not decrypt token password: " . $ex->getMessage(), 0, $ex); - } - } - - public function markPasswordInvalid(IToken $token, string $tokenId) { - if (!($token instanceof DefaultToken)) { - throw new InvalidTokenException("Invalid token type"); - } - - //No need to mark as invalid. We just invalide default tokens - $this->invalidateToken($tokenId); - } - - public function updatePasswords(string $uid, string $password) { - // Nothing to do here - } -} |