diff options
Diffstat (limited to 'lib/private/Security/VerificationToken')
| -rw-r--r-- | lib/private/Security/VerificationToken/CleanUpJob.php | 44 | ||||
| -rw-r--r-- | lib/private/Security/VerificationToken/VerificationToken.php | 75 |
2 files changed, 37 insertions, 82 deletions
diff --git a/lib/private/Security/VerificationToken/CleanUpJob.php b/lib/private/Security/VerificationToken/CleanUpJob.php index 4510dcffe0a..ba8f4352f80 100644 --- a/lib/private/Security/VerificationToken/CleanUpJob.php +++ b/lib/private/Security/VerificationToken/CleanUpJob.php @@ -1,36 +1,17 @@ <?php declare(strict_types=1); - /** - * @copyright Copyright (c) 2021 Arthur Schiwon <blizzz@arthur-schiwon.de> - * - * @author Arthur Schiwon <blizzz@arthur-schiwon.de> - * - * @license GNU AGPL version 3 or any later version - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as - * published by the Free Software Foundation, either version 3 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see <https://www.gnu.org/licenses/>. - * + * SPDX-FileCopyrightText: 2021 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later */ - namespace OC\Security\VerificationToken; use OCP\AppFramework\Utility\ITimeFactory; -use OCP\IConfig; -use OCP\IUserManager; use OCP\BackgroundJob\IJobList; use OCP\BackgroundJob\Job; +use OCP\IConfig; +use OCP\IUserManager; use OCP\Security\VerificationToken\InvalidTokenException; use OCP\Security\VerificationToken\IVerificationToken; @@ -39,18 +20,17 @@ class CleanUpJob extends Job { protected ?string $userId = null; protected ?string $subject = null; protected ?string $pwdPrefix = null; - private IConfig $config; - private IVerificationToken $verificationToken; - private IUserManager $userManager; - public function __construct(ITimeFactory $time, IConfig $config, IVerificationToken $verificationToken, IUserManager $userManager) { + public function __construct( + ITimeFactory $time, + private IConfig $config, + private IVerificationToken $verificationToken, + private IUserManager $userManager, + ) { parent::__construct($time); - $this->config = $config; - $this->verificationToken = $verificationToken; - $this->userManager = $userManager; } - public function setArgument($argument) { + public function setArgument($argument): void { parent::setArgument($argument); $args = \json_decode($argument, true); $this->userId = (string)$args['userId']; @@ -59,7 +39,7 @@ class CleanUpJob extends Job { $this->runNotBefore = (int)$args['notBefore']; } - protected function run($argument) { + protected function run($argument): void { try { $user = $this->userManager->get($this->userId); if ($user === null) { diff --git a/lib/private/Security/VerificationToken/VerificationToken.php b/lib/private/Security/VerificationToken/VerificationToken.php index 2d3f902b622..89f45180359 100644 --- a/lib/private/Security/VerificationToken/VerificationToken.php +++ b/lib/private/Security/VerificationToken/VerificationToken.php @@ -1,29 +1,10 @@ <?php declare(strict_types=1); - /** - * @copyright Copyright (c) 2021 Arthur Schiwon <blizzz@arthur-schiwon.de> - * - * @author Arthur Schiwon <blizzz@arthur-schiwon.de> - * - * @license GNU AGPL version 3 or any later version - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as - * published by the Free Software Foundation, either version 3 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see <https://www.gnu.org/licenses/>. - * + * SPDX-FileCopyrightText: 2021 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later */ - namespace OC\Security\VerificationToken; use OCP\AppFramework\Utility\ITimeFactory; @@ -39,29 +20,13 @@ use function json_encode; class VerificationToken implements IVerificationToken { protected const TOKEN_LIFETIME = 60 * 60 * 24 * 7; - /** @var IConfig */ - private $config; - /** @var ICrypto */ - private $crypto; - /** @var ITimeFactory */ - private $timeFactory; - /** @var ISecureRandom */ - private $secureRandom; - /** @var IJobList */ - private $jobList; - public function __construct( - IConfig $config, - ICrypto $crypto, - ITimeFactory $timeFactory, - ISecureRandom $secureRandom, - IJobList $jobList + private IConfig $config, + private ICrypto $crypto, + private ITimeFactory $timeFactory, + private ISecureRandom $secureRandom, + private IJobList $jobList, ) { - $this->config = $config; - $this->crypto = $crypto; - $this->timeFactory = $timeFactory; - $this->secureRandom = $secureRandom; - $this->jobList = $jobList; } /** @@ -71,7 +36,13 @@ class VerificationToken implements IVerificationToken { throw new InvalidTokenException($code); } - public function check(string $token, ?IUser $user, string $subject, string $passwordPrefix = '', bool $expiresWithLogin = false): void { + public function check( + string $token, + ?IUser $user, + string $subject, + string $passwordPrefix = '', + bool $expiresWithLogin = false, + ): void { if ($user === null || !$user->isEnabled()) { $this->throwInvalidTokenException(InvalidTokenException::USER_UNKNOWN); } @@ -82,7 +53,7 @@ class VerificationToken implements IVerificationToken { } try { - $decryptedToken = $this->crypto->decrypt($encryptedToken, $passwordPrefix.$this->config->getSystemValue('secret')); + $decryptedToken = $this->crypto->decrypt($encryptedToken, $passwordPrefix . $this->config->getSystemValueString('secret')); } catch (\Exception $e) { // Retry with empty secret as a fallback for instances where the secret might not have been set by accident try { @@ -107,15 +78,19 @@ class VerificationToken implements IVerificationToken { } } - public function create(IUser $user, string $subject, string $passwordPrefix = ''): string { + public function create( + IUser $user, + string $subject, + string $passwordPrefix = '', + ): string { $token = $this->secureRandom->generate( 21, - ISecureRandom::CHAR_DIGITS. - ISecureRandom::CHAR_LOWER. - ISecureRandom::CHAR_UPPER + ISecureRandom::CHAR_DIGITS + . ISecureRandom::CHAR_LOWER + . ISecureRandom::CHAR_UPPER ); - $tokenValue = $this->timeFactory->getTime() .':'. $token; - $encryptedValue = $this->crypto->encrypt($tokenValue, $passwordPrefix . $this->config->getSystemValue('secret')); + $tokenValue = $this->timeFactory->getTime() . ':' . $token; + $encryptedValue = $this->crypto->encrypt($tokenValue, $passwordPrefix . $this->config->getSystemValueString('secret')); $this->config->setUserValue($user->getUID(), 'core', $subject, $encryptedValue); $jobArgs = json_encode([ 'userId' => $user->getUID(), |