From 5f71805c35d04e585ea6d4227254b11204413dfd Mon Sep 17 00:00:00 2001 From: Lukas Reschke Date: Thu, 4 May 2017 23:46:59 +0200 Subject: Add basic implementation for OAuth 2.0 Authorization Code Flow Signed-off-by: Lukas Reschke --- lib/private/User/Session.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/private') diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php index f818666c374..0291c1baecb 100644 --- a/lib/private/User/Session.php +++ b/lib/private/User/Session.php @@ -725,7 +725,7 @@ class Session implements IUserSession, Emitter { */ public function tryTokenLogin(IRequest $request) { $authHeader = $request->getHeader('Authorization'); - if (strpos($authHeader, 'token ') === false) { + if (strpos($authHeader, 'Bearer ') === false) { // No auth header, let's try session id try { $token = $this->session->getId(); @@ -733,7 +733,7 @@ class Session implements IUserSession, Emitter { return false; } } else { - $token = substr($authHeader, 6); + $token = substr($authHeader, 7); } if (!$this->loginWithToken($token)) { -- cgit v1.2.3 From 1eb7f4956b1cdc99d0345600047cd6137051790f Mon Sep 17 00:00:00 2001 From: Bjoern Schiessle Date: Fri, 12 May 2017 16:14:32 +0200 Subject: delete auth token when client gets deleted Signed-off-by: Bjoern Schiessle --- apps/oauth2/lib/Controller/SettingsController.php | 20 ++++++++++++++--- apps/oauth2/lib/Db/AccessTokenMapper.php | 14 ++++++++++++ apps/oauth2/lib/Db/ClientMapper.php | 22 ++++++++++++++++++ apps/oauth2/lib/Settings/Admin.php | 1 - .../Authentication/Token/DefaultTokenMapper.php | 26 ++++++++++++++++------ settings/personal.php | 2 +- .../Token/DefaultTokenMapperTest.php | 12 +++++----- 7 files changed, 79 insertions(+), 18 deletions(-) (limited to 'lib/private') diff --git a/apps/oauth2/lib/Controller/SettingsController.php b/apps/oauth2/lib/Controller/SettingsController.php index 1d376694f5a..f9ded6c0968 100644 --- a/apps/oauth2/lib/Controller/SettingsController.php +++ b/apps/oauth2/lib/Controller/SettingsController.php @@ -21,6 +21,8 @@ namespace OCA\OAuth2\Controller; +use OC\Authentication\Token\DefaultTokenMapper; +use OCA\OAuth2\Db\AccessTokenMapper; use OCA\OAuth2\Db\Client; use OCA\OAuth2\Db\ClientMapper; use OCP\AppFramework\Controller; @@ -36,6 +38,10 @@ class SettingsController extends Controller { private $clientMapper; /** @var ISecureRandom */ private $secureRandom; + /** @var AccessTokenMapper */ + private $accessTokenMapper; + /** @var DefaultTokenMapper */ + private $defaultTokenMapper; const validChars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'; @@ -45,16 +51,23 @@ class SettingsController extends Controller { * @param IURLGenerator $urlGenerator * @param ClientMapper $clientMapper * @param ISecureRandom $secureRandom + * @param AccessTokenMapper $accessTokenMapper + * @param DefaultTokenMapper $defaultTokenMapper */ public function __construct($appName, IRequest $request, IURLGenerator $urlGenerator, ClientMapper $clientMapper, - ISecureRandom $secureRandom) { + ISecureRandom $secureRandom, + AccessTokenMapper $accessTokenMapper, + DefaultTokenMapper $defaultTokenMapper + ) { parent::__construct($appName, $request); $this->urlGenerator = $urlGenerator; $this->secureRandom = $secureRandom; $this->clientMapper = $clientMapper; + $this->accessTokenMapper = $accessTokenMapper; + $this->defaultTokenMapper = $defaultTokenMapper; } /** @@ -78,8 +91,9 @@ class SettingsController extends Controller { * @return RedirectResponse */ public function deleteClient($id) { - $client = new Client(); - $client->setId($id); + $client = $this->clientMapper->getByUid($id); + $this->accessTokenMapper->deleteByClientId($id); + $this->defaultTokenMapper->deleteByName($client->getName()); $this->clientMapper->delete($client); return new RedirectResponse($this->urlGenerator->getAbsoluteURL('/index.php/settings/admin/security')); } diff --git a/apps/oauth2/lib/Db/AccessTokenMapper.php b/apps/oauth2/lib/Db/AccessTokenMapper.php index 2751302522c..51b97bf8d7a 100644 --- a/apps/oauth2/lib/Db/AccessTokenMapper.php +++ b/apps/oauth2/lib/Db/AccessTokenMapper.php @@ -22,6 +22,7 @@ namespace OCA\OAuth2\Db; use OCP\AppFramework\Db\Mapper; +use OCP\DB\QueryBuilder\IQueryBuilder; use OCP\IDBConnection; class AccessTokenMapper extends Mapper { @@ -48,4 +49,17 @@ class AccessTokenMapper extends Mapper { $result->closeCursor(); return AccessToken::fromRow($row); } + + /** + * delete all access token from a given client + * + * @param int $id + */ + public function deleteByClientId($id) { + $qb = $this->db->getQueryBuilder(); + $qb + ->delete($this->tableName) + ->where($qb->expr()->eq('client_id', $qb->createNamedParameter($id, IQueryBuilder::PARAM_INT))); + $qb->execute(); + } } diff --git a/apps/oauth2/lib/Db/ClientMapper.php b/apps/oauth2/lib/Db/ClientMapper.php index 38751a2e5cf..cf00afacb70 100644 --- a/apps/oauth2/lib/Db/ClientMapper.php +++ b/apps/oauth2/lib/Db/ClientMapper.php @@ -22,6 +22,7 @@ namespace OCA\OAuth2\Db; use OCP\AppFramework\Db\Mapper; +use OCP\DB\QueryBuilder\IQueryBuilder; use OCP\IDBConnection; class ClientMapper extends Mapper { @@ -54,6 +55,27 @@ class ClientMapper extends Mapper { return Client::fromRow($row); } + /** + * @param string $uid internal uid of the client + * @return Client + */ + public function getByUid($uid) { + $qb = $this->db->getQueryBuilder(); + $qb + ->select('*') + ->from($this->tableName) + ->where($qb->expr()->eq('id', $qb->createNamedParameter($uid, IQueryBuilder::PARAM_INT))); + $result = $qb->execute(); + $row = $result->fetch(); + $result->closeCursor(); + + if (!is_array($row)) { + $row = []; + } + + return Client::fromRow($row); + } + /** * @return Client[] */ diff --git a/apps/oauth2/lib/Settings/Admin.php b/apps/oauth2/lib/Settings/Admin.php index aa120bcb7d7..07c3fe733ad 100644 --- a/apps/oauth2/lib/Settings/Admin.php +++ b/apps/oauth2/lib/Settings/Admin.php @@ -23,7 +23,6 @@ namespace OCA\OAuth2\Settings; use OCA\OAuth2\Db\ClientMapper; use OCP\AppFramework\Http\TemplateResponse; -use OCP\IConfig; use OCP\Settings\ISettings; class Admin implements ISettings { diff --git a/lib/private/Authentication/Token/DefaultTokenMapper.php b/lib/private/Authentication/Token/DefaultTokenMapper.php index 8848cd3ec56..a69e9e940cd 100644 --- a/lib/private/Authentication/Token/DefaultTokenMapper.php +++ b/lib/private/Authentication/Token/DefaultTokenMapper.php @@ -31,7 +31,7 @@ use OCP\IUser; class DefaultTokenMapper extends Mapper { public function __construct(IDBConnection $db) { - parent::__construct($db, 'authtoken'); + parent::__construct($db, 'AuthToken'); } /** @@ -42,7 +42,7 @@ class DefaultTokenMapper extends Mapper { public function invalidate($token) { /* @var $qb IQueryBuilder */ $qb = $this->db->getQueryBuilder(); - $qb->delete('authtoken') + $qb->delete('AuthToken') ->where($qb->expr()->eq('token', $qb->createParameter('token'))) ->setParameter('token', $token) ->execute(); @@ -55,7 +55,7 @@ class DefaultTokenMapper extends Mapper { public function invalidateOld($olderThan, $remember = IToken::DO_NOT_REMEMBER) { /* @var $qb IQueryBuilder */ $qb = $this->db->getQueryBuilder(); - $qb->delete('authtoken') + $qb->delete('AuthToken') ->where($qb->expr()->lt('last_activity', $qb->createNamedParameter($olderThan, IQueryBuilder::PARAM_INT))) ->andWhere($qb->expr()->eq('type', $qb->createNamedParameter(IToken::TEMPORARY_TOKEN, IQueryBuilder::PARAM_INT))) ->andWhere($qb->expr()->eq('remember', $qb->createNamedParameter($remember, IQueryBuilder::PARAM_INT))) @@ -73,7 +73,7 @@ class DefaultTokenMapper extends Mapper { /* @var $qb IQueryBuilder */ $qb = $this->db->getQueryBuilder(); $result = $qb->select('id', 'uid', 'login_name', 'password', 'name', 'type', 'remember', 'token', 'last_activity', 'last_check', 'scope') - ->from('authtoken') + ->from('AuthToken') ->where($qb->expr()->eq('token', $qb->createNamedParameter($token))) ->execute(); @@ -97,7 +97,7 @@ class DefaultTokenMapper extends Mapper { /* @var $qb IQueryBuilder */ $qb = $this->db->getQueryBuilder(); $result = $qb->select('id', 'uid', 'login_name', 'password', 'name', 'type', 'token', 'last_activity', 'last_check', 'scope') - ->from('authtoken') + ->from('AuthToken') ->where($qb->expr()->eq('id', $qb->createNamedParameter($id))) ->execute(); @@ -122,7 +122,7 @@ class DefaultTokenMapper extends Mapper { /* @var $qb IQueryBuilder */ $qb = $this->db->getQueryBuilder(); $qb->select('id', 'uid', 'login_name', 'password', 'name', 'type', 'remember', 'token', 'last_activity', 'last_check', 'scope') - ->from('authtoken') + ->from('AuthToken') ->where($qb->expr()->eq('uid', $qb->createNamedParameter($user->getUID()))) ->setMaxResults(1000); $result = $qb->execute(); @@ -143,10 +143,22 @@ class DefaultTokenMapper extends Mapper { public function deleteById(IUser $user, $id) { /* @var $qb IQueryBuilder */ $qb = $this->db->getQueryBuilder(); - $qb->delete('authtoken') + $qb->delete('AuthToken') ->where($qb->expr()->eq('id', $qb->createNamedParameter($id))) ->andWhere($qb->expr()->eq('uid', $qb->createNamedParameter($user->getUID()))); $qb->execute(); } + /** + * delete all auth token which belong to a specific client if the client was deleted + * + * @param string $name + */ + public function deleteByName($name) { + $qb = $this->db->getQueryBuilder(); + $qb->delete('AuthToken') + ->where($qb->expr()->eq('name', $qb->createNamedParameter($name))); + $qb->execute(); + } + } diff --git a/settings/personal.php b/settings/personal.php index 86ac4f753f4..7f99dc3259b 100644 --- a/settings/personal.php +++ b/settings/personal.php @@ -49,7 +49,7 @@ $config = \OC::$server->getConfig(); $urlGenerator = \OC::$server->getURLGenerator(); // Highlight navigation entry -OC_Util::addScript('settings', 'authtoken'); +OC_Util::addScript('settings', 'AuthToken'); OC_Util::addScript('settings', 'authtoken_collection'); OC_Util::addScript('settings', 'authtoken_view'); OC_Util::addScript('settings', 'usersettings'); diff --git a/tests/lib/Authentication/Token/DefaultTokenMapperTest.php b/tests/lib/Authentication/Token/DefaultTokenMapperTest.php index 8fe0762daad..650031b6d30 100644 --- a/tests/lib/Authentication/Token/DefaultTokenMapperTest.php +++ b/tests/lib/Authentication/Token/DefaultTokenMapperTest.php @@ -58,8 +58,8 @@ class DefaultTokenMapperTest extends TestCase { private function resetDatabase() { $qb = $this->dbConnection->getQueryBuilder(); - $qb->delete('authtoken')->execute(); - $qb->insert('authtoken')->values([ + $qb->delete('AuthToken')->execute(); + $qb->insert('AuthToken')->values([ 'uid' => $qb->createNamedParameter('user1'), 'login_name' => $qb->createNamedParameter('User1'), 'password' => $qb->createNamedParameter('a75c7116460c082912d8f6860a850904|3nz5qbG1nNSLLi6V|c55365a0e54cfdfac4a175bcf11a7612aea74492277bba6e5d96a24497fa9272488787cb2f3ad34d8b9b8060934fce02f008d371df3ff3848f4aa61944851ff0'), @@ -69,7 +69,7 @@ class DefaultTokenMapperTest extends TestCase { 'last_activity' => $qb->createNamedParameter($this->time - 120, IQueryBuilder::PARAM_INT), // Two minutes ago 'last_check' => $this->time - 60 * 10, // 10mins ago ])->execute(); - $qb->insert('authtoken')->values([ + $qb->insert('AuthToken')->values([ 'uid' => $qb->createNamedParameter('user2'), 'login_name' => $qb->createNamedParameter('User2'), 'password' => $qb->createNamedParameter('971a337057853344700bbeccf836519f|UwOQwyb34sJHtqPV|036d4890f8c21d17bbc7b88072d8ef049a5c832a38e97f3e3d5f9186e896c2593aee16883f617322fa242728d0236ff32d163caeb4bd45e14ca002c57a88665f'), @@ -79,7 +79,7 @@ class DefaultTokenMapperTest extends TestCase { 'last_activity' => $qb->createNamedParameter($this->time - 60 * 60 * 24 * 3, IQueryBuilder::PARAM_INT), // Three days ago 'last_check' => $this->time - 10, // 10secs ago ])->execute(); - $qb->insert('authtoken')->values([ + $qb->insert('AuthToken')->values([ 'uid' => $qb->createNamedParameter('user1'), 'login_name' => $qb->createNamedParameter('User1'), 'password' => $qb->createNamedParameter('063de945d6f6b26862d9b6f40652f2d5|DZ/z520tfdXPtd0T|395f6b89be8d9d605e409e20b9d9abe477fde1be38a3223f9e508f979bf906e50d9eaa4dca983ca4fb22a241eb696c3f98654e7775f78c4caf13108f98642b53'), @@ -94,7 +94,7 @@ class DefaultTokenMapperTest extends TestCase { private function getNumberOfTokens() { $qb = $this->dbConnection->getQueryBuilder(); $result = $qb->select($qb->createFunction('count(*) as `count`')) - ->from('authtoken') + ->from('AuthToken') ->execute() ->fetch(); return (int) $result['count']; @@ -211,7 +211,7 @@ class DefaultTokenMapperTest extends TestCase { $user = $this->createMock(IUser::class); $qb = $this->dbConnection->getQueryBuilder(); $qb->select('id') - ->from('authtoken') + ->from('AuthToken') ->where($qb->expr()->eq('token', $qb->createNamedParameter('9c5a2e661482b65597408a6bb6c4a3d1af36337381872ac56e445a06cdb7fea2b1039db707545c11027a4966919918b19d875a8b774840b18c6cbb7ae56fe206'))); $result = $qb->execute(); $id = $result->fetch()['id']; -- cgit v1.2.3 From 77827ebf112f7ce1bad5ce5912c7b3900e399ce5 Mon Sep 17 00:00:00 2001 From: Lukas Reschke Date: Thu, 18 May 2017 16:36:50 +0200 Subject: Rename table back to lowercase Signed-off-by: Lukas Reschke --- lib/private/Authentication/Token/DefaultTokenMapper.php | 16 ++++++++-------- .../lib/Authentication/Token/DefaultTokenMapperTest.php | 16 ++++++++++------ 2 files changed, 18 insertions(+), 14 deletions(-) (limited to 'lib/private') diff --git a/lib/private/Authentication/Token/DefaultTokenMapper.php b/lib/private/Authentication/Token/DefaultTokenMapper.php index a69e9e940cd..44bc553a92e 100644 --- a/lib/private/Authentication/Token/DefaultTokenMapper.php +++ b/lib/private/Authentication/Token/DefaultTokenMapper.php @@ -31,7 +31,7 @@ use OCP\IUser; class DefaultTokenMapper extends Mapper { public function __construct(IDBConnection $db) { - parent::__construct($db, 'AuthToken'); + parent::__construct($db, 'authtoken'); } /** @@ -42,7 +42,7 @@ class DefaultTokenMapper extends Mapper { public function invalidate($token) { /* @var $qb IQueryBuilder */ $qb = $this->db->getQueryBuilder(); - $qb->delete('AuthToken') + $qb->delete('authtoken') ->where($qb->expr()->eq('token', $qb->createParameter('token'))) ->setParameter('token', $token) ->execute(); @@ -55,7 +55,7 @@ class DefaultTokenMapper extends Mapper { public function invalidateOld($olderThan, $remember = IToken::DO_NOT_REMEMBER) { /* @var $qb IQueryBuilder */ $qb = $this->db->getQueryBuilder(); - $qb->delete('AuthToken') + $qb->delete('authtoken') ->where($qb->expr()->lt('last_activity', $qb->createNamedParameter($olderThan, IQueryBuilder::PARAM_INT))) ->andWhere($qb->expr()->eq('type', $qb->createNamedParameter(IToken::TEMPORARY_TOKEN, IQueryBuilder::PARAM_INT))) ->andWhere($qb->expr()->eq('remember', $qb->createNamedParameter($remember, IQueryBuilder::PARAM_INT))) @@ -73,7 +73,7 @@ class DefaultTokenMapper extends Mapper { /* @var $qb IQueryBuilder */ $qb = $this->db->getQueryBuilder(); $result = $qb->select('id', 'uid', 'login_name', 'password', 'name', 'type', 'remember', 'token', 'last_activity', 'last_check', 'scope') - ->from('AuthToken') + ->from('authtoken') ->where($qb->expr()->eq('token', $qb->createNamedParameter($token))) ->execute(); @@ -97,7 +97,7 @@ class DefaultTokenMapper extends Mapper { /* @var $qb IQueryBuilder */ $qb = $this->db->getQueryBuilder(); $result = $qb->select('id', 'uid', 'login_name', 'password', 'name', 'type', 'token', 'last_activity', 'last_check', 'scope') - ->from('AuthToken') + ->from('authtoken') ->where($qb->expr()->eq('id', $qb->createNamedParameter($id))) ->execute(); @@ -122,7 +122,7 @@ class DefaultTokenMapper extends Mapper { /* @var $qb IQueryBuilder */ $qb = $this->db->getQueryBuilder(); $qb->select('id', 'uid', 'login_name', 'password', 'name', 'type', 'remember', 'token', 'last_activity', 'last_check', 'scope') - ->from('AuthToken') + ->from('authtoken') ->where($qb->expr()->eq('uid', $qb->createNamedParameter($user->getUID()))) ->setMaxResults(1000); $result = $qb->execute(); @@ -143,7 +143,7 @@ class DefaultTokenMapper extends Mapper { public function deleteById(IUser $user, $id) { /* @var $qb IQueryBuilder */ $qb = $this->db->getQueryBuilder(); - $qb->delete('AuthToken') + $qb->delete('authtoken') ->where($qb->expr()->eq('id', $qb->createNamedParameter($id))) ->andWhere($qb->expr()->eq('uid', $qb->createNamedParameter($user->getUID()))); $qb->execute(); @@ -156,7 +156,7 @@ class DefaultTokenMapper extends Mapper { */ public function deleteByName($name) { $qb = $this->db->getQueryBuilder(); - $qb->delete('AuthToken') + $qb->delete('authtoken') ->where($qb->expr()->eq('name', $qb->createNamedParameter($name))); $qb->execute(); } diff --git a/tests/lib/Authentication/Token/DefaultTokenMapperTest.php b/tests/lib/Authentication/Token/DefaultTokenMapperTest.php index 650031b6d30..13427f7cb97 100644 --- a/tests/lib/Authentication/Token/DefaultTokenMapperTest.php +++ b/tests/lib/Authentication/Token/DefaultTokenMapperTest.php @@ -58,8 +58,8 @@ class DefaultTokenMapperTest extends TestCase { private function resetDatabase() { $qb = $this->dbConnection->getQueryBuilder(); - $qb->delete('AuthToken')->execute(); - $qb->insert('AuthToken')->values([ + $qb->delete('authtoken')->execute(); + $qb->insert('authtoken')->values([ 'uid' => $qb->createNamedParameter('user1'), 'login_name' => $qb->createNamedParameter('User1'), 'password' => $qb->createNamedParameter('a75c7116460c082912d8f6860a850904|3nz5qbG1nNSLLi6V|c55365a0e54cfdfac4a175bcf11a7612aea74492277bba6e5d96a24497fa9272488787cb2f3ad34d8b9b8060934fce02f008d371df3ff3848f4aa61944851ff0'), @@ -69,7 +69,7 @@ class DefaultTokenMapperTest extends TestCase { 'last_activity' => $qb->createNamedParameter($this->time - 120, IQueryBuilder::PARAM_INT), // Two minutes ago 'last_check' => $this->time - 60 * 10, // 10mins ago ])->execute(); - $qb->insert('AuthToken')->values([ + $qb->insert('authtoken')->values([ 'uid' => $qb->createNamedParameter('user2'), 'login_name' => $qb->createNamedParameter('User2'), 'password' => $qb->createNamedParameter('971a337057853344700bbeccf836519f|UwOQwyb34sJHtqPV|036d4890f8c21d17bbc7b88072d8ef049a5c832a38e97f3e3d5f9186e896c2593aee16883f617322fa242728d0236ff32d163caeb4bd45e14ca002c57a88665f'), @@ -79,7 +79,7 @@ class DefaultTokenMapperTest extends TestCase { 'last_activity' => $qb->createNamedParameter($this->time - 60 * 60 * 24 * 3, IQueryBuilder::PARAM_INT), // Three days ago 'last_check' => $this->time - 10, // 10secs ago ])->execute(); - $qb->insert('AuthToken')->values([ + $qb->insert('authtoken')->values([ 'uid' => $qb->createNamedParameter('user1'), 'login_name' => $qb->createNamedParameter('User1'), 'password' => $qb->createNamedParameter('063de945d6f6b26862d9b6f40652f2d5|DZ/z520tfdXPtd0T|395f6b89be8d9d605e409e20b9d9abe477fde1be38a3223f9e508f979bf906e50d9eaa4dca983ca4fb22a241eb696c3f98654e7775f78c4caf13108f98642b53'), @@ -94,7 +94,7 @@ class DefaultTokenMapperTest extends TestCase { private function getNumberOfTokens() { $qb = $this->dbConnection->getQueryBuilder(); $result = $qb->select($qb->createFunction('count(*) as `count`')) - ->from('AuthToken') + ->from('authtoken') ->execute() ->fetch(); return (int) $result['count']; @@ -190,6 +190,7 @@ class DefaultTokenMapperTest extends TestCase { } public function testGetTokenByUser() { + /** @var IUser|\PHPUnit_Framework_MockObject_MockObject $user */ $user = $this->createMock(IUser::class); $user->expects($this->once()) ->method('getUID') @@ -199,6 +200,7 @@ class DefaultTokenMapperTest extends TestCase { } public function testGetTokenByUserNotFound() { + /** @var IUser|\PHPUnit_Framework_MockObject_MockObject $user */ $user = $this->createMock(IUser::class); $user->expects($this->once()) ->method('getUID') @@ -208,10 +210,11 @@ class DefaultTokenMapperTest extends TestCase { } public function testDeleteById() { + /** @var IUser|\PHPUnit_Framework_MockObject_MockObject $user */ $user = $this->createMock(IUser::class); $qb = $this->dbConnection->getQueryBuilder(); $qb->select('id') - ->from('AuthToken') + ->from('authtoken') ->where($qb->expr()->eq('token', $qb->createNamedParameter('9c5a2e661482b65597408a6bb6c4a3d1af36337381872ac56e445a06cdb7fea2b1039db707545c11027a4966919918b19d875a8b774840b18c6cbb7ae56fe206'))); $result = $qb->execute(); $id = $result->fetch()['id']; @@ -224,6 +227,7 @@ class DefaultTokenMapperTest extends TestCase { } public function testDeleteByIdWrongUser() { + /** @var IUser|\PHPUnit_Framework_MockObject_MockObject $user */ $user = $this->createMock(IUser::class); $id = 33; $user->expects($this->once()) -- cgit v1.2.3