aboutsummaryrefslogtreecommitdiffstats
path: root/lib/private/Authentication/Token/Manager.php
diff options
context:
space:
mode:
Diffstat (limited to 'lib/private/Authentication/Token/Manager.php')
-rw-r--r--lib/private/Authentication/Token/Manager.php114
1 files changed, 57 insertions, 57 deletions
diff --git a/lib/private/Authentication/Token/Manager.php b/lib/private/Authentication/Token/Manager.php
index f8a0fb11c52..6953f47b004 100644
--- a/lib/private/Authentication/Token/Manager.php
+++ b/lib/private/Authentication/Token/Manager.php
@@ -1,40 +1,22 @@
<?php
declare(strict_types=1);
-
/**
- * @copyright Copyright 2018, Roeland Jago Douma <roeland@famdouma.nl>
- *
- * @author Christoph Wurst <christoph@winzerhof-wurst.at>
- * @author Morris Jobke <hey@morrisjobke.de>
- * @author Roeland Jago Douma <roeland@famdouma.nl>
- *
- * @license GNU AGPL version 3 or any later version
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
+ * SPDX-FileCopyrightText: 2018 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
*/
namespace OC\Authentication\Token;
use Doctrine\DBAL\Exception\UniqueConstraintViolationException;
-use OC\Authentication\Exceptions\ExpiredTokenException;
-use OC\Authentication\Exceptions\InvalidTokenException;
+use OC\Authentication\Exceptions\InvalidTokenException as OcInvalidTokenException;
use OC\Authentication\Exceptions\PasswordlessTokenException;
-use OC\Authentication\Exceptions\WipeTokenException;
-
-class Manager implements IProvider {
+use OCP\Authentication\Exceptions\ExpiredTokenException;
+use OCP\Authentication\Exceptions\InvalidTokenException;
+use OCP\Authentication\Exceptions\WipeTokenException;
+use OCP\Authentication\Token\IProvider as OCPIProvider;
+use OCP\Authentication\Token\IToken as OCPIToken;
+class Manager implements IProvider, OCPIProvider {
/** @var PublicKeyTokenProvider */
private $publicKeyTokenProvider;
@@ -52,15 +34,17 @@ class Manager implements IProvider {
* @param string $name Name will be trimmed to 120 chars when longer
* @param int $type token type
* @param int $remember whether the session token should be used for remember-me
- * @return IToken
+ * @return OCPIToken
*/
public function generateToken(string $token,
- string $uid,
- string $loginName,
- $password,
- string $name,
- int $type = IToken::TEMPORARY_TOKEN,
- int $remember = IToken::DO_NOT_REMEMBER): IToken {
+ string $uid,
+ string $loginName,
+ $password,
+ string $name,
+ int $type = OCPIToken::TEMPORARY_TOKEN,
+ int $remember = OCPIToken::DO_NOT_REMEMBER,
+ ?array $scope = null,
+ ): OCPIToken {
if (mb_strlen($name) > 128) {
$name = mb_substr($name, 0, 120) . '…';
}
@@ -73,7 +57,8 @@ class Manager implements IProvider {
$password,
$name,
$type,
- $remember
+ $remember,
+ $scope,
);
} catch (UniqueConstraintViolationException $e) {
// It's rare, but if two requests of the same session (e.g. env-based SAML)
@@ -93,10 +78,10 @@ class Manager implements IProvider {
/**
* Save the updated token
*
- * @param IToken $token
+ * @param OCPIToken $token
* @throws InvalidTokenException
*/
- public function updateToken(IToken $token) {
+ public function updateToken(OCPIToken $token) {
$provider = $this->getProvider($token);
$provider->updateToken($token);
}
@@ -105,16 +90,16 @@ class Manager implements IProvider {
* Update token activity timestamp
*
* @throws InvalidTokenException
- * @param IToken $token
+ * @param OCPIToken $token
*/
- public function updateTokenActivity(IToken $token) {
+ public function updateTokenActivity(OCPIToken $token) {
$provider = $this->getProvider($token);
$provider->updateTokenActivity($token);
}
/**
* @param string $uid
- * @return IToken[]
+ * @return OCPIToken[]
*/
public function getTokenByUser(string $uid): array {
return $this->publicKeyTokenProvider->getTokenByUser($uid);
@@ -126,9 +111,9 @@ class Manager implements IProvider {
* @param string $tokenId
* @throws InvalidTokenException
* @throws \RuntimeException when OpenSSL reports a problem
- * @return IToken
+ * @return OCPIToken
*/
- public function getToken(string $tokenId): IToken {
+ public function getToken(string $tokenId): OCPIToken {
try {
return $this->publicKeyTokenProvider->getToken($tokenId);
} catch (WipeTokenException $e) {
@@ -145,9 +130,9 @@ class Manager implements IProvider {
*
* @param int $tokenId
* @throws InvalidTokenException
- * @return IToken
+ * @return OCPIToken
*/
- public function getTokenById(int $tokenId): IToken {
+ public function getTokenById(int $tokenId): OCPIToken {
try {
return $this->publicKeyTokenProvider->getTokenById($tokenId);
} catch (ExpiredTokenException $e) {
@@ -163,9 +148,9 @@ class Manager implements IProvider {
* @param string $oldSessionId
* @param string $sessionId
* @throws InvalidTokenException
- * @return IToken
+ * @return OCPIToken
*/
- public function renewSessionToken(string $oldSessionId, string $sessionId): IToken {
+ public function renewSessionToken(string $oldSessionId, string $sessionId): OCPIToken {
try {
return $this->publicKeyTokenProvider->renewSessionToken($oldSessionId, $sessionId);
} catch (ExpiredTokenException $e) {
@@ -176,18 +161,18 @@ class Manager implements IProvider {
}
/**
- * @param IToken $savedToken
+ * @param OCPIToken $savedToken
* @param string $tokenId session token
* @throws InvalidTokenException
* @throws PasswordlessTokenException
* @return string
*/
- public function getPassword(IToken $savedToken, string $tokenId): string {
+ public function getPassword(OCPIToken $savedToken, string $tokenId): string {
$provider = $this->getProvider($savedToken);
return $provider->getPassword($savedToken, $tokenId);
}
- public function setPassword(IToken $token, string $tokenId, string $password) {
+ public function setPassword(OCPIToken $token, string $tokenId, string $password) {
$provider = $this->getProvider($token);
$provider->setPassword($token, $tokenId, $password);
}
@@ -204,40 +189,55 @@ class Manager implements IProvider {
$this->publicKeyTokenProvider->invalidateOldTokens();
}
+ public function invalidateLastUsedBefore(string $uid, int $before): void {
+ $this->publicKeyTokenProvider->invalidateLastUsedBefore($uid, $before);
+ }
+
/**
- * @param IToken $token
+ * @param OCPIToken $token
* @param string $oldTokenId
* @param string $newTokenId
- * @return IToken
+ * @return OCPIToken
* @throws InvalidTokenException
* @throws \RuntimeException when OpenSSL reports a problem
*/
- public function rotate(IToken $token, string $oldTokenId, string $newTokenId): IToken {
+ public function rotate(OCPIToken $token, string $oldTokenId, string $newTokenId): OCPIToken {
if ($token instanceof PublicKeyToken) {
return $this->publicKeyTokenProvider->rotate($token, $oldTokenId, $newTokenId);
}
- throw new InvalidTokenException();
+ /** @psalm-suppress DeprecatedClass We have to throw the OC version so both OC and OCP catches catch it */
+ throw new OcInvalidTokenException();
}
/**
- * @param IToken $token
+ * @param OCPIToken $token
* @return IProvider
* @throws InvalidTokenException
*/
- private function getProvider(IToken $token): IProvider {
+ private function getProvider(OCPIToken $token): IProvider {
if ($token instanceof PublicKeyToken) {
return $this->publicKeyTokenProvider;
}
- throw new InvalidTokenException();
+ /** @psalm-suppress DeprecatedClass We have to throw the OC version so both OC and OCP catches catch it */
+ throw new OcInvalidTokenException();
}
- public function markPasswordInvalid(IToken $token, string $tokenId) {
+ public function markPasswordInvalid(OCPIToken $token, string $tokenId) {
$this->getProvider($token)->markPasswordInvalid($token, $tokenId);
}
public function updatePasswords(string $uid, string $password) {
$this->publicKeyTokenProvider->updatePasswords($uid, $password);
}
+
+ public function invalidateTokensOfUser(string $uid, ?string $clientName) {
+ $tokens = $this->getTokenByUser($uid);
+ foreach ($tokens as $token) {
+ if ($clientName === null || ($token->getName() === $clientName)) {
+ $this->invalidateTokenById($uid, $token->getId());
+ }
+ }
+ }
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-14 21:01:47 +0000