From 19cc757531959a14df40a79d550c82b39e4bc5a2 Mon Sep 17 00:00:00 2001
From: Arthur Schiwon <blizzz@arthur-schiwon.de>
Date: Fri, 13 Aug 2021 15:53:17 +0200
Subject: move verification token logic out of lost password controller

- to make it reusable
- needed for local email verification

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
---
 .../VerificationToken/IVerificationToken.php       | 55 ++++++++++++++++
 .../VerificationToken/InvalidTokenException.php    | 74 ++++++++++++++++++++++
 2 files changed, 129 insertions(+)
 create mode 100644 lib/public/Security/VerificationToken/IVerificationToken.php
 create mode 100644 lib/public/Security/VerificationToken/InvalidTokenException.php

(limited to 'lib/public/Security')

diff --git a/lib/public/Security/VerificationToken/IVerificationToken.php b/lib/public/Security/VerificationToken/IVerificationToken.php
new file mode 100644
index 00000000000..12c03178fb6
--- /dev/null
+++ b/lib/public/Security/VerificationToken/IVerificationToken.php
@@ -0,0 +1,55 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * @copyright Copyright (c) 2021 Arthur Schiwon <blizzz@arthur-schiwon.de>
+ *
+ * @author Arthur Schiwon <blizzz@arthur-schiwon.de>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OCP\Security\VerificationToken;
+
+use OCP\IUser;
+
+/**
+ * @since 23.0.0
+ */
+interface IVerificationToken {
+
+	/**
+	 * Checks whether the a provided tokent matches a stored token and its
+	 * constraints. An InvalidTokenException is thrown on issues, otherwise
+	 * the check is successful.
+	 *
+	 * null can be passed as $user, but mind that this is for conveniently
+	 * passing the return of IUserManager::getUser() to this method. When
+	 * $user is null, InvalidTokenException is thrown for all the issued
+	 * tokens are user related.
+	 *
+	 * @throws InvalidTokenException
+	 * @since 23.0.0
+	 */
+	public function check(string $token, ?IUser $user, string $subject, string $passwordPrefix = ''): void;
+
+	/**
+	 * @since 23.0.0
+	 */
+	public function create(IUser $user, string $subject, string $passwordPrefix = ''): string;
+}
diff --git a/lib/public/Security/VerificationToken/InvalidTokenException.php b/lib/public/Security/VerificationToken/InvalidTokenException.php
new file mode 100644
index 00000000000..5c8144c5c74
--- /dev/null
+++ b/lib/public/Security/VerificationToken/InvalidTokenException.php
@@ -0,0 +1,74 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * @copyright Copyright (c) 2021 Arthur Schiwon <blizzz@arthur-schiwon.de>
+ *
+ * @author Arthur Schiwon <blizzz@arthur-schiwon.de>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OCP\Security\VerificationToken;
+
+/** @since 23.0.0 */
+class InvalidTokenException extends \Exception {
+
+	/**
+	 * @since 23.0.0
+	 */
+	public function __construct(int $code) {
+		parent::__construct('', $code);
+	}
+
+	/**
+	 * @var int
+	 * @since 23.0.0
+	 */
+	public const USER_UNKNOWN = 1;
+
+	/**
+	 * @var int
+	 * @since 23.0.0
+	 */
+	public const TOKEN_NOT_FOUND = 2;
+
+	/**
+	 * @var int
+	 * @since 23.0.0
+	 */
+	public const TOKEN_DECRYPTION_ERROR = 3;
+
+	/**
+	 * @var int
+	 * @since 23.0.0
+	 */
+	public const TOKEN_INVALID_FORMAT = 4;
+
+	/**
+	 * @var int
+	 * @since 23.0.0
+	 */
+	public const TOKEN_EXPIRED = 5;
+
+	/**
+	 * @var int
+	 * @since 23.0.0
+	 */
+	public const TOKEN_MISMATCH = 6;
+}
-- 
cgit v1.2.3