From eee9f1eec417c9bb976046e4114d3df943da62e1 Mon Sep 17 00:00:00 2001 From: Côme Chilliet Date: Thu, 4 Jan 2024 12:20:14 +0100 Subject: Always catch OCP versions of authentication exceptions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit And always throw OC versions for BC Signed-off-by: Côme Chilliet --- apps/settings/lib/Controller/AuthSettingsController.php | 12 +++++++----- apps/settings/lib/Settings/Personal/Security/Authtokens.php | 2 +- 2 files changed, 8 insertions(+), 6 deletions(-) (limited to 'apps/settings') diff --git a/apps/settings/lib/Controller/AuthSettingsController.php b/apps/settings/lib/Controller/AuthSettingsController.php index c0dc8cbac85..cfff6582074 100644 --- a/apps/settings/lib/Controller/AuthSettingsController.php +++ b/apps/settings/lib/Controller/AuthSettingsController.php @@ -32,10 +32,8 @@ namespace OCA\Settings\Controller; use BadMethodCallException; -use OC\Authentication\Exceptions\ExpiredTokenException; -use OC\Authentication\Exceptions\InvalidTokenException; +use OC\Authentication\Exceptions\InvalidTokenException as OcInvalidTokenException; use OC\Authentication\Exceptions\PasswordlessTokenException; -use OC\Authentication\Exceptions\WipeTokenException; use OC\Authentication\Token\INamedToken; use OC\Authentication\Token\IProvider; use OC\Authentication\Token\IToken; @@ -45,6 +43,9 @@ use OCP\Activity\IManager; use OCP\AppFramework\Controller; use OCP\AppFramework\Http; use OCP\AppFramework\Http\JSONResponse; +use OCP\Authentication\Exceptions\ExpiredTokenException; +use OCP\Authentication\Exceptions\InvalidTokenException; +use OCP\Authentication\Exceptions\WipeTokenException; use OCP\IRequest; use OCP\ISession; use OCP\IUserSession; @@ -292,7 +293,8 @@ class AuthSettingsController extends Controller { $token = $e->getToken(); } if ($token->getUID() !== $this->uid) { - throw new InvalidTokenException('This token does not belong to you!'); + /* We have to throw the OC version so both OC and OCP catches catch it */ + throw new OcInvalidTokenException('This token does not belong to you!'); } return $token; } @@ -305,7 +307,7 @@ class AuthSettingsController extends Controller { * @param int $id * @return JSONResponse * @throws InvalidTokenException - * @throws \OC\Authentication\Exceptions\ExpiredTokenException + * @throws ExpiredTokenException */ public function wipe(int $id): JSONResponse { if ($this->checkAppToken()) { diff --git a/apps/settings/lib/Settings/Personal/Security/Authtokens.php b/apps/settings/lib/Settings/Personal/Security/Authtokens.php index e713344ce88..9a7405fb7a2 100644 --- a/apps/settings/lib/Settings/Personal/Security/Authtokens.php +++ b/apps/settings/lib/Settings/Personal/Security/Authtokens.php @@ -25,12 +25,12 @@ declare(strict_types=1); */ namespace OCA\Settings\Settings\Personal\Security; -use OC\Authentication\Exceptions\InvalidTokenException; use OC\Authentication\Token\INamedToken; use OC\Authentication\Token\IProvider as IAuthTokenProvider; use OC\Authentication\Token\IToken; use OCP\AppFramework\Http\TemplateResponse; use OCP\AppFramework\Services\IInitialState; +use OCP\Authentication\Exceptions\InvalidTokenException; use OCP\ISession; use OCP\IUserSession; use OCP\Session\Exceptions\SessionNotAvailableException; -- cgit v1.2.3 From 95ea6188dc43aaccd648a9bcdd1a3de77e4233c9 Mon Sep 17 00:00:00 2001 From: Côme Chilliet Date: Mon, 8 Jan 2024 17:47:22 +0100 Subject: Suppress or fix psalm errors related to InvalidTokenException MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Côme Chilliet --- apps/settings/lib/Controller/AuthSettingsController.php | 2 +- core/Controller/ClientFlowLoginController.php | 3 +-- core/Controller/ClientFlowLoginV2Controller.php | 3 +-- lib/private/Authentication/Token/IProvider.php | 6 +++--- lib/private/Authentication/Token/Manager.php | 4 +++- 5 files changed, 9 insertions(+), 9 deletions(-) (limited to 'apps/settings') diff --git a/apps/settings/lib/Controller/AuthSettingsController.php b/apps/settings/lib/Controller/AuthSettingsController.php index cfff6582074..9b21c4bc363 100644 --- a/apps/settings/lib/Controller/AuthSettingsController.php +++ b/apps/settings/lib/Controller/AuthSettingsController.php @@ -293,7 +293,7 @@ class AuthSettingsController extends Controller { $token = $e->getToken(); } if ($token->getUID() !== $this->uid) { - /* We have to throw the OC version so both OC and OCP catches catch it */ + /** @psalm-suppress DeprecatedClass We have to throw the OC version so both OC and OCP catches catch it */ throw new OcInvalidTokenException('This token does not belong to you!'); } return $token; diff --git a/core/Controller/ClientFlowLoginController.php b/core/Controller/ClientFlowLoginController.php index 57f57bbf887..40b47a6685d 100644 --- a/core/Controller/ClientFlowLoginController.php +++ b/core/Controller/ClientFlowLoginController.php @@ -33,7 +33,6 @@ namespace OC\Core\Controller; use OC\Authentication\Events\AppPasswordCreatedEvent; -use OC\Authentication\Exceptions\InvalidTokenException as OcInvalidTokenException; use OC\Authentication\Exceptions\PasswordlessTokenException; use OC\Authentication\Token\IProvider; use OC\Authentication\Token\IToken; @@ -332,7 +331,7 @@ class ClientFlowLoginController extends Controller { try { $token = $this->tokenProvider->getToken($password); if ($token->getLoginName() !== $user) { - throw new OcInvalidTokenException('login name does not match'); + throw new InvalidTokenException('login name does not match'); } } catch (InvalidTokenException $e) { $response = new StandaloneTemplateResponse( diff --git a/core/Controller/ClientFlowLoginV2Controller.php b/core/Controller/ClientFlowLoginV2Controller.php index df522096272..b52672a5ccc 100644 --- a/core/Controller/ClientFlowLoginV2Controller.php +++ b/core/Controller/ClientFlowLoginV2Controller.php @@ -27,7 +27,6 @@ declare(strict_types=1); */ namespace OC\Core\Controller; -use OC\Authentication\Exceptions\InvalidTokenException as OcInvalidTokenException; use OC\Core\Db\LoginFlowV2; use OC\Core\Exception\LoginFlowV2NotFoundException; use OC\Core\Service\LoginFlowV2Service; @@ -212,7 +211,7 @@ class ClientFlowLoginV2Controller extends Controller { try { $token = \OC::$server->get(\OC\Authentication\Token\IProvider::class)->getToken($password); if ($token->getLoginName() !== $user) { - throw new OcInvalidTokenException('login name does not match'); + throw new InvalidTokenException('login name does not match'); } } catch (InvalidTokenException $e) { $response = new StandaloneTemplateResponse( diff --git a/lib/private/Authentication/Token/IProvider.php b/lib/private/Authentication/Token/IProvider.php index 4af5e2b25c3..b852f4e7e86 100644 --- a/lib/private/Authentication/Token/IProvider.php +++ b/lib/private/Authentication/Token/IProvider.php @@ -29,10 +29,10 @@ declare(strict_types=1); */ namespace OC\Authentication\Token; -use OC\Authentication\Exceptions\ExpiredTokenException; -use OC\Authentication\Exceptions\InvalidTokenException; use OC\Authentication\Exceptions\PasswordlessTokenException; -use OC\Authentication\Exceptions\WipeTokenException; +use OCP\Authentication\Exceptions\ExpiredTokenException; +use OCP\Authentication\Exceptions\InvalidTokenException; +use OCP\Authentication\Exceptions\WipeTokenException; interface IProvider { /** diff --git a/lib/private/Authentication/Token/Manager.php b/lib/private/Authentication/Token/Manager.php index 9154092f25a..d84a81705ff 100644 --- a/lib/private/Authentication/Token/Manager.php +++ b/lib/private/Authentication/Token/Manager.php @@ -29,9 +29,9 @@ namespace OC\Authentication\Token; use Doctrine\DBAL\Exception\UniqueConstraintViolationException; use OC\Authentication\Exceptions\InvalidTokenException as OcInvalidTokenException; +use OC\Authentication\Exceptions\PasswordlessTokenException; use OCP\Authentication\Exceptions\ExpiredTokenException; use OCP\Authentication\Exceptions\InvalidTokenException; -use OCP\Authentication\Exceptions\PasswordlessTokenException; use OCP\Authentication\Exceptions\WipeTokenException; use OCP\Authentication\Token\IProvider as OCPIProvider; @@ -222,6 +222,7 @@ class Manager implements IProvider, OCPIProvider { return $this->publicKeyTokenProvider->rotate($token, $oldTokenId, $newTokenId); } + /** @psalm-suppress DeprecatedClass We have to throw the OC version so both OC and OCP catches catch it */ throw new OcInvalidTokenException(); } @@ -234,6 +235,7 @@ class Manager implements IProvider, OCPIProvider { if ($token instanceof PublicKeyToken) { return $this->publicKeyTokenProvider; } + /** @psalm-suppress DeprecatedClass We have to throw the OC version so both OC and OCP catches catch it */ throw new OcInvalidTokenException(); } -- cgit v1.2.3 From 8fc39aeb1ccc36f6f95d7b7968bdaf434af413ca Mon Sep 17 00:00:00 2001 From: Côme Chilliet Date: Mon, 8 Jan 2024 18:01:23 +0100 Subject: Use IToken from OCP instead of OC MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Côme Chilliet --- apps/settings/lib/Controller/AuthSettingsController.php | 2 +- lib/private/Authentication/Token/IProvider.php | 1 + lib/private/Authentication/Token/Manager.php | 1 + lib/private/Authentication/Token/PublicKeyTokenProvider.php | 1 + 4 files changed, 4 insertions(+), 1 deletion(-) (limited to 'apps/settings') diff --git a/apps/settings/lib/Controller/AuthSettingsController.php b/apps/settings/lib/Controller/AuthSettingsController.php index 9b21c4bc363..8a01c7c2468 100644 --- a/apps/settings/lib/Controller/AuthSettingsController.php +++ b/apps/settings/lib/Controller/AuthSettingsController.php @@ -36,7 +36,6 @@ use OC\Authentication\Exceptions\InvalidTokenException as OcInvalidTokenExceptio use OC\Authentication\Exceptions\PasswordlessTokenException; use OC\Authentication\Token\INamedToken; use OC\Authentication\Token\IProvider; -use OC\Authentication\Token\IToken; use OC\Authentication\Token\RemoteWipe; use OCA\Settings\Activity\Provider; use OCP\Activity\IManager; @@ -46,6 +45,7 @@ use OCP\AppFramework\Http\JSONResponse; use OCP\Authentication\Exceptions\ExpiredTokenException; use OCP\Authentication\Exceptions\InvalidTokenException; use OCP\Authentication\Exceptions\WipeTokenException; +use OCP\Authentication\Token\IToken; use OCP\IRequest; use OCP\ISession; use OCP\IUserSession; diff --git a/lib/private/Authentication/Token/IProvider.php b/lib/private/Authentication/Token/IProvider.php index b852f4e7e86..90103160ce2 100644 --- a/lib/private/Authentication/Token/IProvider.php +++ b/lib/private/Authentication/Token/IProvider.php @@ -33,6 +33,7 @@ use OC\Authentication\Exceptions\PasswordlessTokenException; use OCP\Authentication\Exceptions\ExpiredTokenException; use OCP\Authentication\Exceptions\InvalidTokenException; use OCP\Authentication\Exceptions\WipeTokenException; +use OCP\Authentication\Token\IToken; interface IProvider { /** diff --git a/lib/private/Authentication/Token/Manager.php b/lib/private/Authentication/Token/Manager.php index d84a81705ff..60e8d6372f1 100644 --- a/lib/private/Authentication/Token/Manager.php +++ b/lib/private/Authentication/Token/Manager.php @@ -34,6 +34,7 @@ use OCP\Authentication\Exceptions\ExpiredTokenException; use OCP\Authentication\Exceptions\InvalidTokenException; use OCP\Authentication\Exceptions\WipeTokenException; use OCP\Authentication\Token\IProvider as OCPIProvider; +use OCP\Authentication\Token\IToken; class Manager implements IProvider, OCPIProvider { /** @var PublicKeyTokenProvider */ diff --git a/lib/private/Authentication/Token/PublicKeyTokenProvider.php b/lib/private/Authentication/Token/PublicKeyTokenProvider.php index a88194726ae..07f615af2b5 100644 --- a/lib/private/Authentication/Token/PublicKeyTokenProvider.php +++ b/lib/private/Authentication/Token/PublicKeyTokenProvider.php @@ -37,6 +37,7 @@ use OC\Authentication\Exceptions\WipeTokenException; use OCP\AppFramework\Db\DoesNotExistException; use OCP\AppFramework\Db\TTransactional; use OCP\AppFramework\Utility\ITimeFactory; +use OCP\Authentication\Token\IToken; use OCP\Cache\CappedMemoryCache; use OCP\IConfig; use OCP\IDBConnection; -- cgit v1.2.3