From 0570327c7e47b6ce81b3ee62bf35021dba93bc4e Mon Sep 17 00:00:00 2001 From: Artur Neumann Date: Mon, 21 Nov 2022 17:28:21 +0545 Subject: public interface to invalidate tokens of user Signed-off-by: Artur Neumann --- lib/private/Authentication/Token/Manager.php | 12 ++++++++- lib/private/Server.php | 2 ++ lib/public/Authentication/Token/IProvider.php | 37 +++++++++++++++++++++++++++ 3 files changed, 50 insertions(+), 1 deletion(-) create mode 100644 lib/public/Authentication/Token/IProvider.php (limited to 'lib') diff --git a/lib/private/Authentication/Token/Manager.php b/lib/private/Authentication/Token/Manager.php index f8a0fb11c52..27b13804b37 100644 --- a/lib/private/Authentication/Token/Manager.php +++ b/lib/private/Authentication/Token/Manager.php @@ -32,8 +32,9 @@ use OC\Authentication\Exceptions\ExpiredTokenException; use OC\Authentication\Exceptions\InvalidTokenException; use OC\Authentication\Exceptions\PasswordlessTokenException; use OC\Authentication\Exceptions\WipeTokenException; +use OCP\Authentication\Token\IProvider as OCPIProvider; -class Manager implements IProvider { +class Manager implements IProvider, OCPIProvider { /** @var PublicKeyTokenProvider */ private $publicKeyTokenProvider; @@ -240,4 +241,13 @@ class Manager implements IProvider { public function updatePasswords(string $uid, string $password) { $this->publicKeyTokenProvider->updatePasswords($uid, $password); } + + public function invalidateTokensOfUser(string $uid, ?string $clientName) { + $tokens = $this->getTokenByUser($uid); + foreach ($tokens as $token) { + if ($clientName === null || ($token->getName() === $clientName)) { + $this->invalidateTokenById($uid, $token->getId()); + } + } + } } diff --git a/lib/private/Server.php b/lib/private/Server.php index 0d67012e70d..d14ba471999 100644 --- a/lib/private/Server.php +++ b/lib/private/Server.php @@ -157,6 +157,7 @@ use OCA\Theming\Util; use OCP\Accounts\IAccountManager; use OCP\App\IAppManager; use OCP\Authentication\LoginCredentials\IStore; +use OCP\Authentication\Token\IProvider as OCPIProvider; use OCP\BackgroundJob\IJobList; use OCP\Collaboration\AutoComplete\IManager; use OCP\Command\IBus; @@ -536,6 +537,7 @@ class Server extends ServerContainer implements IServerContainer { }); $this->registerAlias(IStore::class, Store::class); $this->registerAlias(IProvider::class, Authentication\Token\Manager::class); + $this->registerAlias(OCPIProvider::class, Authentication\Token\Manager::class); $this->registerService(\OC\User\Session::class, function (Server $c) { $manager = $c->get(IUserManager::class); diff --git a/lib/public/Authentication/Token/IProvider.php b/lib/public/Authentication/Token/IProvider.php new file mode 100644 index 00000000000..9000868907e --- /dev/null +++ b/lib/public/Authentication/Token/IProvider.php @@ -0,0 +1,37 @@ + + * + * @author Artur Neumann + * + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see + * + */ +namespace OCP\Authentication\Token; + +interface IProvider { + /** + * invalidates all tokens of a specific user + * if a client name is given only tokens of that client will be invalidated + * + * @param string $uid + * @param string|null $clientName + * @return void + */ + public function invalidateTokensOfUser(string $uid, ?string $clientName); +} -- cgit v1.2.3