diff options
Diffstat (limited to 'lib/private/Authentication/Token/PublicKeyTokenProvider.php')
| -rw-r--r-- | lib/private/Authentication/Token/PublicKeyTokenProvider.php | 64 |
1 files changed, 57 insertions, 7 deletions
diff --git a/lib/private/Authentication/Token/PublicKeyTokenProvider.php b/lib/private/Authentication/Token/PublicKeyTokenProvider.php index 318d4468ddc..19987bec253 100644 --- a/lib/private/Authentication/Token/PublicKeyTokenProvider.php +++ b/lib/private/Authentication/Token/PublicKeyTokenProvider.php @@ -25,8 +25,10 @@ namespace OC\Authentication\Token; use OC\Authentication\Exceptions\ExpiredTokenException; use OC\Authentication\Exceptions\InvalidTokenException; +use OC\Authentication\Exceptions\TokenPasswordExpiredException; use OC\Authentication\Exceptions\PasswordlessTokenException; use OC\Authentication\Exceptions\WipeTokenException; +use OC\Cache\CappedMemoryCache; use OCP\AppFramework\Db\DoesNotExistException; use OCP\AppFramework\Utility\ITimeFactory; use OCP\IConfig; @@ -49,6 +51,9 @@ class PublicKeyTokenProvider implements IProvider { /** @var ITimeFactory $time */ private $time; + /** @var CappedMemoryCache */ + private $cache; + public function __construct(PublicKeyTokenMapper $mapper, ICrypto $crypto, IConfig $config, @@ -59,6 +64,8 @@ class PublicKeyTokenProvider implements IProvider { $this->config = $config; $this->logger = $logger; $this->time = $time; + + $this->cache = new CappedMemoryCache(); } /** @@ -72,17 +79,26 @@ class PublicKeyTokenProvider implements IProvider { int $type = IToken::TEMPORARY_TOKEN, int $remember = IToken::DO_NOT_REMEMBER): IToken { $dbToken = $this->newToken($token, $uid, $loginName, $password, $name, $type, $remember); - $this->mapper->insert($dbToken); + // Add the token to the cache + $this->cache[$dbToken->getToken()] = $dbToken; + return $dbToken; } public function getToken(string $tokenId): IToken { - try { - $token = $this->mapper->getToken($this->hashToken($tokenId)); - } catch (DoesNotExistException $ex) { - throw new InvalidTokenException(); + $tokenHash = $this->hashToken($tokenId); + + if (isset($this->cache[$tokenHash])) { + $token = $this->cache[$tokenHash]; + } else { + try { + $token = $this->mapper->getToken($this->hashToken($tokenId)); + $this->cache[$token->getToken()] = $token; + } catch (DoesNotExistException $ex) { + throw new InvalidTokenException(); + } } if ((int)$token->getExpires() !== 0 && $token->getExpires() < $this->time->getTime()) { @@ -93,6 +109,11 @@ class PublicKeyTokenProvider implements IProvider { throw new WipeTokenException($token); } + if ($token->getPasswordInvalid() === true) { + //The password is invalid we should throw an TokenPasswordExpiredException + throw new TokenPasswordExpiredException($token); + } + return $token; } @@ -111,10 +132,17 @@ class PublicKeyTokenProvider implements IProvider { throw new WipeTokenException($token); } + if ($token->getPasswordInvalid() === true) { + //The password is invalid we should throw an TokenPasswordExpiredException + throw new TokenPasswordExpiredException($token); + } + return $token; } - public function renewSessionToken(string $oldSessionId, string $sessionId) { + public function renewSessionToken(string $oldSessionId, string $sessionId): IToken { + $this->cache->clear(); + $token = $this->getToken($oldSessionId); if (!($token instanceof PublicKeyToken)) { @@ -127,7 +155,7 @@ class PublicKeyTokenProvider implements IProvider { $password = $this->decryptPassword($token->getPassword(), $privateKey); } - $this->generateToken( + $newToken = $this->generateToken( $sessionId, $token->getUID(), $token->getLoginName(), @@ -138,17 +166,25 @@ class PublicKeyTokenProvider implements IProvider { ); $this->mapper->delete($token); + + return $newToken; } public function invalidateToken(string $token) { + $this->cache->clear(); + $this->mapper->invalidate($this->hashToken($token)); } public function invalidateTokenById(string $uid, int $id) { + $this->cache->clear(); + $this->mapper->deleteById($uid, $id); } public function invalidateOldTokens() { + $this->cache->clear(); + $olderThan = $this->time->getTime() - (int) $this->config->getSystemValue('session_lifetime', 60 * 60 * 24); $this->logger->debug('Invalidating session tokens older than ' . date('c', $olderThan), ['app' => 'cron']); $this->mapper->invalidateOld($olderThan, IToken::DO_NOT_REMEMBER); @@ -158,6 +194,8 @@ class PublicKeyTokenProvider implements IProvider { } public function updateToken(IToken $token) { + $this->cache->clear(); + if (!($token instanceof PublicKeyToken)) { throw new InvalidTokenException(); } @@ -165,6 +203,8 @@ class PublicKeyTokenProvider implements IProvider { } public function updateTokenActivity(IToken $token) { + $this->cache->clear(); + if (!($token instanceof PublicKeyToken)) { throw new InvalidTokenException(); } @@ -198,6 +238,8 @@ class PublicKeyTokenProvider implements IProvider { } public function setPassword(IToken $token, string $tokenId, string $password) { + $this->cache->clear(); + if (!($token instanceof PublicKeyToken)) { throw new InvalidTokenException(); } @@ -215,6 +257,8 @@ class PublicKeyTokenProvider implements IProvider { } public function rotate(IToken $token, string $oldTokenId, string $newTokenId): IToken { + $this->cache->clear(); + if (!($token instanceof PublicKeyToken)) { throw new InvalidTokenException(); } @@ -274,6 +318,8 @@ class PublicKeyTokenProvider implements IProvider { * @throws \RuntimeException when OpenSSL reports a problem */ public function convertToken(DefaultToken $defaultToken, string $token, $password): PublicKeyToken { + $this->cache->clear(); + $pkToken = $this->newToken( $token, $defaultToken->getUID(), @@ -344,6 +390,8 @@ class PublicKeyTokenProvider implements IProvider { } public function markPasswordInvalid(IToken $token, string $tokenId) { + $this->cache->clear(); + if (!($token instanceof PublicKeyToken)) { throw new InvalidTokenException(); } @@ -353,6 +401,8 @@ class PublicKeyTokenProvider implements IProvider { } public function updatePasswords(string $uid, string $password) { + $this->cache->clear(); + if (!$this->mapper->hasExpiredTokens($uid)) { // Nothing to do here return; |