From 17b82c5d76ed849872d0ef8e3ea39e07cd6fd4e6 Mon Sep 17 00:00:00 2001 From: Daniel Kesselberg Date: Tue, 22 Jan 2019 18:01:14 +0100 Subject: Add token name for delete activity Signed-off-by: Daniel Kesselberg --- settings/Activity/Provider.php | 2 +- settings/Controller/AuthSettingsController.php | 39 ++++++++++++++++++++------ 2 files changed, 31 insertions(+), 10 deletions(-) diff --git a/settings/Activity/Provider.php b/settings/Activity/Provider.php index 1c5db89ec5c..68606b80739 100644 --- a/settings/Activity/Provider.php +++ b/settings/Activity/Provider.php @@ -115,7 +115,7 @@ class Provider implements IProvider { } else if ($event->getSubject() === self::APP_TOKEN_UPDATED) { $subject = $this->l->t('You updated app password "%1$s"', $event->getSubjectParameters()); } else if ($event->getSubject() === self::APP_TOKEN_DELETED) { - $subject = $this->l->t('You deleted an app token'); + $subject = $this->l->t('You deleted app password "%1$s"', $event->getSubjectParameters()); } else { throw new \InvalidArgumentException(); diff --git a/settings/Controller/AuthSettingsController.php b/settings/Controller/AuthSettingsController.php index 13b16c3ea73..26203c8abab 100644 --- a/settings/Controller/AuthSettingsController.php +++ b/settings/Controller/AuthSettingsController.php @@ -154,7 +154,7 @@ class AuthSettingsController extends Controller { $tokenData = $deviceToken->jsonSerialize(); $tokenData['canDelete'] = true; - $this->publishActivity(Provider::APP_TOKEN_CREATED, $deviceToken->getId(), $name); + $this->publishActivity(Provider::APP_TOKEN_CREATED, $deviceToken->getId(), $deviceToken->getName()); return new JSONResponse([ 'token' => $token, @@ -191,11 +191,18 @@ class AuthSettingsController extends Controller { * @NoAdminRequired * @NoSubadminRequired * - * @return array + * @param int $id + * @return array|JSONResponse */ public function destroy($id) { - $this->tokenProvider->invalidateTokenById($this->uid, $id); - $this->publishActivity(Provider::APP_TOKEN_DELETED, $id); + try { + $token = $this->findTokenByIdAndUser($id); + } catch (InvalidTokenException $e) { + return new JSONResponse([], Http::STATUS_NOT_FOUND); + } + + $this->tokenProvider->invalidateTokenById($this->uid, $token->getId()); + $this->publishActivity(Provider::APP_TOKEN_DELETED, $token->getId(), $token->getName()); return []; } @@ -209,10 +216,7 @@ class AuthSettingsController extends Controller { */ public function update($id, array $scope) { try { - $token = $this->tokenProvider->getTokenById((string)$id); - if ($token->getUID() !== $this->uid) { - throw new InvalidTokenException('User mismatch'); - } + $token = $this->findTokenByIdAndUser($id); } catch (InvalidTokenException $e) { return new JSONResponse([], Http::STATUS_NOT_FOUND); } @@ -220,8 +224,9 @@ class AuthSettingsController extends Controller { $token->setScope([ 'filesystem' => $scope['filesystem'] ]); + $this->tokenProvider->updateToken($token); - $this->publishActivity(Provider::APP_TOKEN_UPDATED, $id, $token->getName()); + $this->publishActivity(Provider::APP_TOKEN_UPDATED, $token->getId(), $token->getName()); return []; } @@ -246,4 +251,20 @@ class AuthSettingsController extends Controller { $this->logger->logException($e); } } + + /** + * Find a token by given id and check if uid for current session belongs to this token + * + * @param int $id + * @return IToken + * @throws InvalidTokenException + * @throws \OC\Authentication\Exceptions\ExpiredTokenException + */ + private function findTokenByIdAndUser(int $id): IToken { + $token = $this->tokenProvider->getTokenById((string)$id); + if ($token->getUID() !== $this->uid) { + throw new InvalidTokenException('This token does not belong to you!'); + } + return $token; + } } -- cgit v1.2.3