Allow the rotation of tokens
This for example will allow rotating the apptoken for oauth Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This commit is contained in:
parent
9e657d0577
commit
0885bd4ee5
|
@ -28,10 +28,8 @@ use OCP\AppFramework\Db\Entity;
|
|||
* @method void setId(int $id)
|
||||
* @method void setUid(string $uid);
|
||||
* @method void setLoginName(string $loginName)
|
||||
* @method void setPassword(string $password)
|
||||
* @method void setName(string $name)
|
||||
* @method string getName()
|
||||
* @method void setToken(string $token)
|
||||
* @method string getToken()
|
||||
* @method void setType(string $type)
|
||||
* @method int getType()
|
||||
|
@ -173,4 +171,12 @@ class DefaultToken extends Entity implements IToken {
|
|||
parent::setScope((string)$scope);
|
||||
}
|
||||
}
|
||||
|
||||
public function setToken($token) {
|
||||
parent::setToken($token);
|
||||
}
|
||||
|
||||
public function setPassword($password = null) {
|
||||
parent::setPassword($password);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -261,6 +261,28 @@ class DefaultTokenProvider implements IProvider {
|
|||
$this->mapper->invalidateOld($rememberThreshold, IToken::REMEMBER);
|
||||
}
|
||||
|
||||
/**
|
||||
* Rotate the token. Usefull for for example oauth tokens
|
||||
*
|
||||
* @param IToken $token
|
||||
* @param string $oldTokenId
|
||||
* @param string $newTokenId
|
||||
* @return IToken
|
||||
*/
|
||||
public function rotate(IToken $token, $oldTokenId, $newTokenId) {
|
||||
try {
|
||||
$password = $this->getPassword($token, $oldTokenId);
|
||||
$token->setPassword($this->encryptPassword($password, $newTokenId));
|
||||
} catch (PasswordlessTokenException $e) {
|
||||
|
||||
}
|
||||
|
||||
$token->setToken($this->hashToken($newTokenId));
|
||||
$this->updateToken($token);
|
||||
|
||||
return $token;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string $token
|
||||
* @return string
|
||||
|
|
|
@ -135,4 +135,14 @@ interface IProvider {
|
|||
* @throws InvalidTokenException
|
||||
*/
|
||||
public function setPassword(IToken $token, $tokenId, $password);
|
||||
|
||||
/**
|
||||
* Rotate the token. Usefull for for example oauth tokens
|
||||
*
|
||||
* @param IToken $token
|
||||
* @param string $oldTokenId
|
||||
* @param string $newTokenId
|
||||
* @return IToken
|
||||
*/
|
||||
public function rotate(IToken $token, $oldTokenId, $newTokenId);
|
||||
}
|
||||
|
|
|
@ -93,4 +93,18 @@ interface IToken extends JsonSerializable {
|
|||
* @param array $scope
|
||||
*/
|
||||
public function setScope($scope);
|
||||
|
||||
/**
|
||||
* Set the token
|
||||
*
|
||||
* @param string $token
|
||||
*/
|
||||
public function setToken($token);
|
||||
|
||||
/**
|
||||
* Set the password
|
||||
*
|
||||
* @param string $password
|
||||
*/
|
||||
public function setPassword($password);
|
||||
}
|
||||
|
|
|
@ -417,4 +417,46 @@ class DefaultTokenProviderTest extends TestCase {
|
|||
|
||||
$this->tokenProvider->getTokenById(42);
|
||||
}
|
||||
|
||||
public function testRotate() {
|
||||
$token = new DefaultToken();
|
||||
$token->setPassword('oldencryptedpassword');
|
||||
|
||||
$this->config->method('getSystemValue')
|
||||
->with('secret')
|
||||
->willReturn('mysecret');
|
||||
|
||||
$this->crypto->method('decrypt')
|
||||
->with('oldencryptedpassword', 'oldtokenmysecret')
|
||||
->willReturn('mypassword');
|
||||
$this->crypto->method('encrypt')
|
||||
->with('mypassword', 'newtokenmysecret')
|
||||
->willReturn('newencryptedpassword');
|
||||
|
||||
$this->mapper->expects($this->once())
|
||||
->method('update')
|
||||
->with($this->callback(function (DefaultToken $token) {
|
||||
return $token->getPassword() === 'newencryptedpassword' &&
|
||||
$token->getToken() === hash('sha512', 'newtokenmysecret');
|
||||
}));
|
||||
|
||||
$this->tokenProvider->rotate($token, 'oldtoken', 'newtoken');
|
||||
}
|
||||
|
||||
public function testRotateNoPassword() {
|
||||
$token = new DefaultToken();
|
||||
|
||||
$this->config->method('getSystemValue')
|
||||
->with('secret')
|
||||
->willReturn('mysecret');
|
||||
|
||||
$this->mapper->expects($this->once())
|
||||
->method('update')
|
||||
->with($this->callback(function (DefaultToken $token) {
|
||||
return $token->getPassword() === null &&
|
||||
$token->getToken() === hash('sha512', 'newtokenmysecret');
|
||||
}));
|
||||
|
||||
$this->tokenProvider->rotate($token, 'oldtoken', 'newtoken');
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue