nextcloud/lib/private/Security/CredentialsManager.php

<?php
/**
 * @copyright Copyright (c) 2016, ownCloud, Inc.
 *
 * @author Robin McCorkell <robin@mccorkell.me.uk>
 * @author Roeland Jago Douma <roeland@famdouma.nl>
 *
 * @license AGPL-3.0
 *
 * This code is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License, version 3,
 * as published by the Free Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License, version 3,
 * along with this program. If not, see <http://www.gnu.org/licenses/>
 *
 */

namespace OC\Security;

use OCP\IDBConnection;
use OCP\Security\ICredentialsManager;
use OCP\Security\ICrypto;

/**
 * Store and retrieve credentials for external services
 *
 * @package OC\Security
 */
class CredentialsManager implements ICredentialsManager {
	public const DB_TABLE = 'credentials';

	/** @var ICrypto */
	protected $crypto;

	/** @var IDBConnection */
	protected $dbConnection;

	/**
	 * @param ICrypto $crypto
	 * @param IDBConnection $dbConnection
	 */
	public function __construct(ICrypto $crypto, IDBConnection $dbConnection) {
		$this->crypto = $crypto;
		$this->dbConnection = $dbConnection;
	}

	/**
	 * Store a set of credentials
	 *
	 * @param string $userId empty string for system-wide credentials
	 * @param string $identifier
	 * @param mixed $credentials
	 */
	public function store($userId, $identifier, $credentials) {
		$value = $this->crypto->encrypt(json_encode($credentials));

		$this->dbConnection->setValues(self::DB_TABLE, [
			'user' => (string)$userId,
			'identifier' => $identifier,
		], [
			'credentials' => $value,
		]);
	}

	/**
	 * Retrieve a set of credentials
	 *
	 * @param string $userId empty string for system-wide credentials
	 * @param string $identifier
	 * @return mixed
	 */
	public function retrieve($userId, $identifier) {
		$qb = $this->dbConnection->getQueryBuilder();
		$qb->select('credentials')
			->from(self::DB_TABLE)
			->where($qb->expr()->eq('user', $qb->createNamedParameter((string)$userId)))
			->andWhere($qb->expr()->eq('identifier', $qb->createNamedParameter($identifier)))
		;
		$result = $qb->execute()->fetch();

		if (!$result) {
			return null;
		}
		$value = $result['credentials'];

		return json_decode($this->crypto->decrypt($value), true);
	}

	/**
	 * Delete a set of credentials
	 *
	 * @param string $userId empty string for system-wide credentials
	 * @param string $identifier
	 * @return int rows removed
	 */
	public function delete($userId, $identifier) {
		$qb = $this->dbConnection->getQueryBuilder();
		$qb->delete(self::DB_TABLE)
			->where($qb->expr()->eq('user', $qb->createNamedParameter((string)$userId)))
			->andWhere($qb->expr()->eq('identifier', $qb->createNamedParameter($identifier)))
		;
		return $qb->execute();
	}

	/**
	 * Erase all credentials stored for a user
	 *
	 * @param string $userId
	 * @return int rows removed
	 */
	public function erase($userId) {
		$qb = $this->dbConnection->getQueryBuilder();
		$qb->delete(self::DB_TABLE)
			->where($qb->expr()->eq('user', $qb->createNamedParameter($userId)))
		;
		return $qb->execute();
	}
}
Introduce CredentialsManager for storage of credentials in DB CredentialsManager performs a simple role, of storing and retrieving encrypted credentials from the database. Credentials are stored by user ID (which may be null) and credentials identifier. Credentials themselves may be of any type that can be JSON encoded. The rationale behind this is to avoid further (mis)use of oc_preferences, which was being used for all manner of data not related to user preferences. 2015-08-24 18:13:16 +03:00			`<?php`
			`/**`
Fix others 2016-07-21 18:07:57 +03:00			`* @copyright Copyright (c) 2016, ownCloud, Inc.`
			`*`
Update author information Probably nice for the people that contributed to 9.0 to see themselves in the AUTHORS file :) 2016-03-01 19:25:15 +03:00			`* @author Robin McCorkell <robin@mccorkell.me.uk>`
Update license headers Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2019-12-03 21:57:53 +03:00			`* @author Roeland Jago Douma <roeland@famdouma.nl>`
Introduce CredentialsManager for storage of credentials in DB CredentialsManager performs a simple role, of storing and retrieving encrypted credentials from the database. Credentials are stored by user ID (which may be null) and credentials identifier. Credentials themselves may be of any type that can be JSON encoded. The rationale behind this is to avoid further (mis)use of oc_preferences, which was being used for all manner of data not related to user preferences. 2015-08-24 18:13:16 +03:00			`*`
			`* @license AGPL-3.0`
			`*`
			`* This code is free software: you can redistribute it and/or modify`
			`* it under the terms of the GNU Affero General Public License, version 3,`
			`* as published by the Free Software Foundation.`
			`*`
			`* This program is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU Affero General Public License for more details.`
			`*`
			`* You should have received a copy of the GNU Affero General Public License, version 3,`
Update license headers Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2019-12-03 21:57:53 +03:00			`* along with this program. If not, see <http://www.gnu.org/licenses/>`
Introduce CredentialsManager for storage of credentials in DB CredentialsManager performs a simple role, of storing and retrieving encrypted credentials from the database. Credentials are stored by user ID (which may be null) and credentials identifier. Credentials themselves may be of any type that can be JSON encoded. The rationale behind this is to avoid further (mis)use of oc_preferences, which was being used for all manner of data not related to user preferences. 2015-08-24 18:13:16 +03:00			`*`
			`*/`

			`namespace OC\Security;`

			`use OCP\IDBConnection;`
			`use OCP\Security\ICredentialsManager;`
Some php-cs fixes * Order the imports * No leading slash on imports * Empty line before namespace * One line per import * Empty after imports * Emmpty line at bottom of file Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2019-11-22 22:52:10 +03:00			`use OCP\Security\ICrypto;`
Introduce CredentialsManager for storage of credentials in DB CredentialsManager performs a simple role, of storing and retrieving encrypted credentials from the database. Credentials are stored by user ID (which may be null) and credentials identifier. Credentials themselves may be of any type that can be JSON encoded. The rationale behind this is to avoid further (mis)use of oc_preferences, which was being used for all manner of data not related to user preferences. 2015-08-24 18:13:16 +03:00
			`/**`
			`* Store and retrieve credentials for external services`
			`*`
			`* @package OC\Security`
			`*/`
			`class CredentialsManager implements ICredentialsManager {`
Add visibility to all constants Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2020-04-10 17:54:27 +03:00			`public const DB_TABLE = 'credentials';`
Introduce CredentialsManager for storage of credentials in DB CredentialsManager performs a simple role, of storing and retrieving encrypted credentials from the database. Credentials are stored by user ID (which may be null) and credentials identifier. Credentials themselves may be of any type that can be JSON encoded. The rationale behind this is to avoid further (mis)use of oc_preferences, which was being used for all manner of data not related to user preferences. 2015-08-24 18:13:16 +03:00
			`/** @var ICrypto */`
			`protected $crypto;`

			`/** @var IDBConnection */`
			`protected $dbConnection;`

			`/**`
			`* @param ICrypto $crypto`
			`* @param IDBConnection $dbConnection`
			`*/`
			`public function __construct(ICrypto $crypto, IDBConnection $dbConnection) {`
			`$this->crypto = $crypto;`
			`$this->dbConnection = $dbConnection;`
			`}`

			`/**`
			`* Store a set of credentials`
			`*`
fix credentialsManager documentation and ensure userId to be used as string Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de> 2020-04-15 20:34:23 +03:00			`* @param string $userId empty string for system-wide credentials`
Introduce CredentialsManager for storage of credentials in DB CredentialsManager performs a simple role, of storing and retrieving encrypted credentials from the database. Credentials are stored by user ID (which may be null) and credentials identifier. Credentials themselves may be of any type that can be JSON encoded. The rationale behind this is to avoid further (mis)use of oc_preferences, which was being used for all manner of data not related to user preferences. 2015-08-24 18:13:16 +03:00			`* @param string $identifier`
			`* @param mixed $credentials`
			`*/`
			`public function store($userId, $identifier, $credentials) {`
			`$value = $this->crypto->encrypt(json_encode($credentials));`

			`$this->dbConnection->setValues(self::DB_TABLE, [`
fix credentialsManager documentation and ensure userId to be used as string Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de> 2020-04-15 20:34:23 +03:00			`'user' => (string)$userId,`
Introduce CredentialsManager for storage of credentials in DB CredentialsManager performs a simple role, of storing and retrieving encrypted credentials from the database. Credentials are stored by user ID (which may be null) and credentials identifier. Credentials themselves may be of any type that can be JSON encoded. The rationale behind this is to avoid further (mis)use of oc_preferences, which was being used for all manner of data not related to user preferences. 2015-08-24 18:13:16 +03:00			`'identifier' => $identifier,`
			`], [`
			`'credentials' => $value,`
			`]);`
			`}`

			`/**`
			`* Retrieve a set of credentials`
			`*`
fix credentialsManager documentation and ensure userId to be used as string Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de> 2020-04-15 20:34:23 +03:00			`* @param string $userId empty string for system-wide credentials`
Introduce CredentialsManager for storage of credentials in DB CredentialsManager performs a simple role, of storing and retrieving encrypted credentials from the database. Credentials are stored by user ID (which may be null) and credentials identifier. Credentials themselves may be of any type that can be JSON encoded. The rationale behind this is to avoid further (mis)use of oc_preferences, which was being used for all manner of data not related to user preferences. 2015-08-24 18:13:16 +03:00			`* @param string $identifier`
			`* @return mixed`
			`*/`
			`public function retrieve($userId, $identifier) {`
			`$qb = $this->dbConnection->getQueryBuilder();`
			`$qb->select('credentials')`
			`->from(self::DB_TABLE)`
fix credentialsManager documentation and ensure userId to be used as string Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de> 2020-04-15 20:34:23 +03:00			`->where($qb->expr()->eq('user', $qb->createNamedParameter((string)$userId)))`
Introduce CredentialsManager for storage of credentials in DB CredentialsManager performs a simple role, of storing and retrieving encrypted credentials from the database. Credentials are stored by user ID (which may be null) and credentials identifier. Credentials themselves may be of any type that can be JSON encoded. The rationale behind this is to avoid further (mis)use of oc_preferences, which was being used for all manner of data not related to user preferences. 2015-08-24 18:13:16 +03:00			`->andWhere($qb->expr()->eq('identifier', $qb->createNamedParameter($identifier)))`
			`;`
			`$result = $qb->execute()->fetch();`

			`if (!$result) {`
			`return null;`
			`}`
			`$value = $result['credentials'];`

			`return json_decode($this->crypto->decrypt($value), true);`
			`}`

			`/**`
			`* Delete a set of credentials`
			`*`
fix credentialsManager documentation and ensure userId to be used as string Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de> 2020-04-15 20:34:23 +03:00			`* @param string $userId empty string for system-wide credentials`
Introduce CredentialsManager for storage of credentials in DB CredentialsManager performs a simple role, of storing and retrieving encrypted credentials from the database. Credentials are stored by user ID (which may be null) and credentials identifier. Credentials themselves may be of any type that can be JSON encoded. The rationale behind this is to avoid further (mis)use of oc_preferences, which was being used for all manner of data not related to user preferences. 2015-08-24 18:13:16 +03:00			`* @param string $identifier`
			`* @return int rows removed`
			`*/`
			`public function delete($userId, $identifier) {`
			`$qb = $this->dbConnection->getQueryBuilder();`
			`$qb->delete(self::DB_TABLE)`
fix credentialsManager documentation and ensure userId to be used as string Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de> 2020-04-15 20:34:23 +03:00			`->where($qb->expr()->eq('user', $qb->createNamedParameter((string)$userId)))`
Introduce CredentialsManager for storage of credentials in DB CredentialsManager performs a simple role, of storing and retrieving encrypted credentials from the database. Credentials are stored by user ID (which may be null) and credentials identifier. Credentials themselves may be of any type that can be JSON encoded. The rationale behind this is to avoid further (mis)use of oc_preferences, which was being used for all manner of data not related to user preferences. 2015-08-24 18:13:16 +03:00			`->andWhere($qb->expr()->eq('identifier', $qb->createNamedParameter($identifier)))`
			`;`
			`return $qb->execute();`
			`}`

			`/**`
			`* Erase all credentials stored for a user`
			`*`
			`* @param string $userId`
			`* @return int rows removed`
			`*/`
			`public function erase($userId) {`
			`$qb = $this->dbConnection->getQueryBuilder();`
			`$qb->delete(self::DB_TABLE)`
			`->where($qb->expr()->eq('user', $qb->createNamedParameter($userId)))`
			`;`
			`return $qb->execute();`
			`}`
			`}`