From 5af683d2c4d0883ae9038c33078cbb792a0974e7 Mon Sep 17 00:00:00 2001 From: Lucas Azevedo Date: Thu, 24 Aug 2023 11:42:30 -0300 Subject: Namespace user auth token commands Signed-off-by: Lucas Azevedo --- core/Command/User/AddAppPassword.php | 121 -------------------------- core/Command/User/AuthTokens.php | 79 ----------------- core/Command/User/AuthTokens/Add.php | 122 +++++++++++++++++++++++++++ core/Command/User/AuthTokens/Delete.php | 56 ++++++++++++ core/Command/User/AuthTokens/ListCommand.php | 79 +++++++++++++++++ core/Command/User/DeleteAuthToken.php | 56 ------------ 6 files changed, 257 insertions(+), 256 deletions(-) delete mode 100644 core/Command/User/AddAppPassword.php delete mode 100644 core/Command/User/AuthTokens.php create mode 100644 core/Command/User/AuthTokens/Add.php create mode 100644 core/Command/User/AuthTokens/Delete.php create mode 100644 core/Command/User/AuthTokens/ListCommand.php delete mode 100644 core/Command/User/DeleteAuthToken.php (limited to 'core/Command/User') diff --git a/core/Command/User/AddAppPassword.php b/core/Command/User/AddAppPassword.php deleted file mode 100644 index 8c506c8510e..00000000000 --- a/core/Command/User/AddAppPassword.php +++ /dev/null @@ -1,121 +0,0 @@ - - * @author Sean Molenaar - * - * @license GNU AGPL version 3 or any later version - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as - * published by the Free Software Foundation, either version 3 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see . - * - */ -namespace OC\Core\Command\User; - -use OC\Authentication\Events\AppPasswordCreatedEvent; -use OC\Authentication\Token\IProvider; -use OC\Authentication\Token\IToken; -use OCP\EventDispatcher\IEventDispatcher; -use OCP\IUserManager; -use OCP\Security\ISecureRandom; -use Symfony\Component\Console\Command\Command; -use Symfony\Component\Console\Helper\QuestionHelper; -use Symfony\Component\Console\Input\InputArgument; -use Symfony\Component\Console\Input\InputInterface; -use Symfony\Component\Console\Input\InputOption; -use Symfony\Component\Console\Output\OutputInterface; -use Symfony\Component\Console\Question\Question; - -class AddAppPassword extends Command { - public function __construct( - protected IUserManager $userManager, - protected IProvider $tokenProvider, - private ISecureRandom $random, - private IEventDispatcher $eventDispatcher, - ) { - parent::__construct(); - } - - protected function configure() { - $this - ->setName('user:add-app-password') - ->setDescription('Add app password for the named user') - ->addArgument( - 'user', - InputArgument::REQUIRED, - 'Username to add app password for' - ) - ->addOption( - 'password-from-env', - null, - InputOption::VALUE_NONE, - 'Read password from environment variable NC_PASS/OC_PASS. Alternatively it will be asked for interactively or an app password without the login password will be created.' - ) - ; - } - - protected function execute(InputInterface $input, OutputInterface $output): int { - $username = $input->getArgument('user'); - $password = null; - - $user = $this->userManager->get($username); - if (is_null($user)) { - $output->writeln('User does not exist'); - return 1; - } - - if ($input->getOption('password-from-env')) { - $password = getenv('NC_PASS') ?? getenv('OC_PASS'); - if (!$password) { - $output->writeln('--password-from-env given, but NC_PASS is empty!'); - return 1; - } - } elseif ($input->isInteractive()) { - /** @var QuestionHelper $helper */ - $helper = $this->getHelper('question'); - - $question = new Question('Enter the user password: '); - $question->setHidden(true); - /** @var null|string $password */ - $password = $helper->ask($input, $output, $question); - } - - if ($password === null) { - $output->writeln('No password provided. The generated app password will therefore have limited capabilities. Any operation that requires the login password will fail.'); - } - - $token = $this->random->generate(72, ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_DIGITS); - $generatedToken = $this->tokenProvider->generateToken( - $token, - $user->getUID(), - $user->getUID(), - $password, - 'cli', - IToken::PERMANENT_TOKEN, - IToken::DO_NOT_REMEMBER - ); - - $this->eventDispatcher->dispatchTyped( - new AppPasswordCreatedEvent($generatedToken) - ); - - $output->writeln('app password:'); - $output->writeln($token); - - return 0; - } -} diff --git a/core/Command/User/AuthTokens.php b/core/Command/User/AuthTokens.php deleted file mode 100644 index 43fa687781e..00000000000 --- a/core/Command/User/AuthTokens.php +++ /dev/null @@ -1,79 +0,0 @@ - - * - * @author Lucas Azevedo - * - * @license GNU AGPL version 3 or any later version - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as - * published by the Free Software Foundation, either version 3 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see . - * - */ -namespace OC\Core\Command\User; - -use OC\Core\Command\Base; -use OC\Authentication\Token\IProvider; -use OC\Authentication\Token\IToken; -use OCP\IUserManager; -use Symfony\Component\Console\Input\InputArgument; -use Symfony\Component\Console\Input\InputInterface; -use Symfony\Component\Console\Output\OutputInterface; - -class AuthTokens extends Base { - public function __construct( - protected IUserManager $userManager, - protected IProvider $tokenProvider, - ) { - parent::__construct(); - } - - protected function configure(): void { - parent::configure(); - - $this - ->setName('user:auth-tokens') - ->setDescription('List authentication tokens of an user') - ->addArgument( - 'user', - InputArgument::REQUIRED, - 'User to list auth tokens for' - ); - } - - protected function execute(InputInterface $input, OutputInterface $output): int { - $user = $this->userManager->get($input->getArgument('user')); - - if (is_null($user)) { - $output->writeln('user not found'); - return 1; - } - - $tokens = $this->tokenProvider->getTokenByUser($user->getUID()); - - $data = array_map(function (IToken $token): mixed { - $filtered = [ - 'password', - 'password_hash', - 'token', - 'public_key', - 'private_key', - ]; - return array_diff_key($token->jsonSerialize(), array_flip($filtered)); - }, $tokens); - - $this->writeArrayInOutputFormat($input, $output, $data); - - return 0; - } -} diff --git a/core/Command/User/AuthTokens/Add.php b/core/Command/User/AuthTokens/Add.php new file mode 100644 index 00000000000..e067c069c79 --- /dev/null +++ b/core/Command/User/AuthTokens/Add.php @@ -0,0 +1,122 @@ + + * @author Sean Molenaar + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + * + */ +namespace OC\Core\Command\User\AuthTokens; + +use OC\Authentication\Events\AppPasswordCreatedEvent; +use OC\Authentication\Token\IProvider; +use OC\Authentication\Token\IToken; +use OCP\EventDispatcher\IEventDispatcher; +use OCP\IUserManager; +use OCP\Security\ISecureRandom; +use Symfony\Component\Console\Command\Command; +use Symfony\Component\Console\Helper\QuestionHelper; +use Symfony\Component\Console\Input\InputArgument; +use Symfony\Component\Console\Input\InputInterface; +use Symfony\Component\Console\Input\InputOption; +use Symfony\Component\Console\Output\OutputInterface; +use Symfony\Component\Console\Question\Question; + +class Add extends Command { + public function __construct( + protected IUserManager $userManager, + protected IProvider $tokenProvider, + private ISecureRandom $random, + private IEventDispatcher $eventDispatcher, + ) { + parent::__construct(); + } + + protected function configure() { + $this + ->setName('user:auth-tokens:add') + ->setAliases(['user:add-app-password']) + ->setDescription('Add app password for the named user') + ->addArgument( + 'user', + InputArgument::REQUIRED, + 'Username to add app password for' + ) + ->addOption( + 'password-from-env', + null, + InputOption::VALUE_NONE, + 'Read password from environment variable NC_PASS/OC_PASS. Alternatively it will be asked for interactively or an app password without the login password will be created.' + ) + ; + } + + protected function execute(InputInterface $input, OutputInterface $output): int { + $username = $input->getArgument('user'); + $password = null; + + $user = $this->userManager->get($username); + if (is_null($user)) { + $output->writeln('User does not exist'); + return 1; + } + + if ($input->getOption('password-from-env')) { + $password = getenv('NC_PASS') ?? getenv('OC_PASS'); + if (!$password) { + $output->writeln('--password-from-env given, but NC_PASS is empty!'); + return 1; + } + } elseif ($input->isInteractive()) { + /** @var QuestionHelper $helper */ + $helper = $this->getHelper('question'); + + $question = new Question('Enter the user password: '); + $question->setHidden(true); + /** @var null|string $password */ + $password = $helper->ask($input, $output, $question); + } + + if ($password === null) { + $output->writeln('No password provided. The generated app password will therefore have limited capabilities. Any operation that requires the login password will fail.'); + } + + $token = $this->random->generate(72, ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_DIGITS); + $generatedToken = $this->tokenProvider->generateToken( + $token, + $user->getUID(), + $user->getUID(), + $password, + 'cli', + IToken::PERMANENT_TOKEN, + IToken::DO_NOT_REMEMBER + ); + + $this->eventDispatcher->dispatchTyped( + new AppPasswordCreatedEvent($generatedToken) + ); + + $output->writeln('app password:'); + $output->writeln($token); + + return 0; + } +} diff --git a/core/Command/User/AuthTokens/Delete.php b/core/Command/User/AuthTokens/Delete.php new file mode 100644 index 00000000000..928387f1cc6 --- /dev/null +++ b/core/Command/User/AuthTokens/Delete.php @@ -0,0 +1,56 @@ + + * + * @author Lucas Azevedo + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + * + */ +namespace OC\Core\Command\User\AuthTokens; + +use OC\Core\Command\Base; +use OC\Authentication\Token\IProvider; +use Symfony\Component\Console\Input\InputArgument; +use Symfony\Component\Console\Input\InputInterface; +use Symfony\Component\Console\Output\OutputInterface; + +class Delete extends Base { + public function __construct( + protected IProvider $tokenProvider, + ) { + parent::__construct(); + } + + protected function configure(): void { + $this + ->setName('user:auth-tokens:delete') + ->setDescription('Deletes an authentication token') + ->addArgument( + 'id', + InputArgument::REQUIRED, + 'ID of the auth token to delete' + ); + } + + protected function execute(InputInterface $input, OutputInterface $output): int { + $token = $this->tokenProvider->getTokenById($input->getArgument('id')); + + $this->tokenProvider->invalidateTokenById($token->getUID(), $token->getId()); + + return 0; + } +} diff --git a/core/Command/User/AuthTokens/ListCommand.php b/core/Command/User/AuthTokens/ListCommand.php new file mode 100644 index 00000000000..6739e8b4648 --- /dev/null +++ b/core/Command/User/AuthTokens/ListCommand.php @@ -0,0 +1,79 @@ + + * + * @author Lucas Azevedo + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + * + */ +namespace OC\Core\Command\User\AuthTokens; + +use OC\Core\Command\Base; +use OC\Authentication\Token\IProvider; +use OC\Authentication\Token\IToken; +use OCP\IUserManager; +use Symfony\Component\Console\Input\InputArgument; +use Symfony\Component\Console\Input\InputInterface; +use Symfony\Component\Console\Output\OutputInterface; + +class ListCommand extends Base { + public function __construct( + protected IUserManager $userManager, + protected IProvider $tokenProvider, + ) { + parent::__construct(); + } + + protected function configure(): void { + parent::configure(); + + $this + ->setName('user:auth-tokens:list') + ->setDescription('List authentication tokens of an user') + ->addArgument( + 'user', + InputArgument::REQUIRED, + 'User to list auth tokens for' + ); + } + + protected function execute(InputInterface $input, OutputInterface $output): int { + $user = $this->userManager->get($input->getArgument('user')); + + if (is_null($user)) { + $output->writeln('user not found'); + return 1; + } + + $tokens = $this->tokenProvider->getTokenByUser($user->getUID()); + + $data = array_map(function (IToken $token): mixed { + $filtered = [ + 'password', + 'password_hash', + 'token', + 'public_key', + 'private_key', + ]; + return array_diff_key($token->jsonSerialize(), array_flip($filtered)); + }, $tokens); + + $this->writeArrayInOutputFormat($input, $output, $data); + + return 0; + } +} diff --git a/core/Command/User/DeleteAuthToken.php b/core/Command/User/DeleteAuthToken.php deleted file mode 100644 index 13b63242b79..00000000000 --- a/core/Command/User/DeleteAuthToken.php +++ /dev/null @@ -1,56 +0,0 @@ - - * - * @author Lucas Azevedo - * - * @license GNU AGPL version 3 or any later version - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as - * published by the Free Software Foundation, either version 3 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see . - * - */ -namespace OC\Core\Command\User; - -use OC\Core\Command\Base; -use OC\Authentication\Token\IProvider; -use Symfony\Component\Console\Input\InputArgument; -use Symfony\Component\Console\Input\InputInterface; -use Symfony\Component\Console\Output\OutputInterface; - -class DeleteAuthToken extends Base { - public function __construct( - protected IProvider $tokenProvider, - ) { - parent::__construct(); - } - - protected function configure(): void { - $this - ->setName('user:delete-auth-token') - ->setDescription('Deletes an authentication token') - ->addArgument( - 'id', - InputArgument::REQUIRED, - 'ID of the auth token to delete' - ); - } - - protected function execute(InputInterface $input, OutputInterface $output): int { - $token = $this->tokenProvider->getTokenById($input->getArgument('id')); - - $this->tokenProvider->invalidateTokenById($token->getUID(), $token->getId()); - - return 0; - } -} -- cgit v1.2.3