Disable app token creation for impersonated people, ref #15539
Signed-off-by: Greta Doci <gretadoci@gmail.com>
This commit is contained in:
Greta Doci
Roeland Jago Douma
parent
d231fc9843
commit
0a874c51af
|
|
@ -50,4 +50,24 @@ class DummyUserSession implements IUserSession {
|
|||
public function isLoggedIn() {
|
||||
return !is_null($this->user);
|
||||
}
|
||||
|
||||
/**
|
||||
* get getImpersonatingUserID
|
||||
*
|
||||
* @return string|null
|
||||
* @since 17.0.0
|
||||
*/
|
||||
public function getImpersonatingUserID() : ?string {
|
||||
return null;
|
||||
}
|
||||
|
||||
/**
|
||||
* set setImpersonatingUserID
|
||||
*
|
||||
* @since 17.0.0
|
||||
*/
|
||||
public function setImpersonatingUserID(bool $useCurrentUser = true): void {
|
||||
//no OP
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -314,6 +314,29 @@ class Session implements IUserSession, Emitter {
|
|||
return null;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return mixed
|
||||
*/
|
||||
public function getImpersonatingUserID(): ?string {
|
||||
|
||||
return $this->session->get('oldUserId');
|
||||
|
||||
}
|
||||
|
||||
public function setImpersonatingUserID(bool $useCurrentUser = true): void {
|
||||
if ($useCurrentUser === false) {
|
||||
$this->session->remove('oldUserId');
|
||||
return;
|
||||
}
|
||||
|
||||
$currentUser = $this->getUser();
|
||||
|
||||
if ($currentUser === null) {
|
||||
throw new \OC\User\NoUserException();
|
||||
}
|
||||
$this->session->set('oldUserId', $currentUser->getUID());
|
||||
|
||||
}
|
||||
/**
|
||||
* set the token id
|
||||
*
|
||||
|
|
|
|||
|
|
@ -42,6 +42,7 @@ namespace OCP;
|
|||
interface IUserSession {
|
||||
/**
|
||||
* Do a user login
|
||||
*
|
||||
* @param string $user the username
|
||||
* @param string $password the password
|
||||
* @return bool true if successful
|
||||
|
|
@ -52,6 +53,7 @@ interface IUserSession {
|
|||
/**
|
||||
* Logs the user out including all the session data
|
||||
* Logout, destroys session
|
||||
*
|
||||
* @return void
|
||||
* @since 6.0.0
|
||||
*/
|
||||
|
|
@ -80,4 +82,19 @@ interface IUserSession {
|
|||
* @since 8.0.0
|
||||
*/
|
||||
public function isLoggedIn();
|
||||
|
||||
/**
|
||||
* get getImpersonatingUserID
|
||||
*
|
||||
* @return string|null
|
||||
* @since 18.0.0
|
||||
*/
|
||||
public function getImpersonatingUserID(): ?string;
|
||||
|
||||
/**
|
||||
* set setImpersonatingUserID
|
||||
*
|
||||
* @since 18.0.0
|
||||
*/
|
||||
public function setImpersonatingUserID(bool $useCurrentUser = true): void;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -44,6 +44,7 @@ use OCP\AppFramework\Http\JSONResponse;
|
|||
use OCP\ILogger;
|
||||
use OCP\IRequest;
|
||||
use OCP\ISession;
|
||||
use OCP\IUserSession;
|
||||
use OCP\Security\ISecureRandom;
|
||||
use OCP\Session\Exceptions\SessionNotAvailableException;
|
||||
|
||||
|
|
@ -55,6 +56,9 @@ class AuthSettingsController extends Controller {
|
|||
/** @var ISession */
|
||||
private $session;
|
||||
|
||||
/** IUserSession */
|
||||
private $userSession;
|
||||
|
||||
/** @var string */
|
||||
private $uid;
|
||||
|
||||
|
|
@ -77,6 +81,7 @@ class AuthSettingsController extends Controller {
|
|||
* @param ISession $session
|
||||
* @param ISecureRandom $random
|
||||
* @param string|null $userId
|
||||
* @param IUserSession $userSession
|
||||
* @param IManager $activityManager
|
||||
* @param RemoteWipe $remoteWipe
|
||||
* @param ILogger $logger
|
||||
|
|
@ -87,12 +92,14 @@ class AuthSettingsController extends Controller {
|
|||
ISession $session,
|
||||
ISecureRandom $random,
|
||||
?string $userId,
|
||||
IUserSession $userSession,
|
||||
IManager $activityManager,
|
||||
RemoteWipe $remoteWipe,
|
||||
ILogger $logger) {
|
||||
parent::__construct($appName, $request);
|
||||
$this->tokenProvider = $tokenProvider;
|
||||
$this->uid = $userId;
|
||||
$this->userSession = $userSession;
|
||||
$this->session = $session;
|
||||
$this->random = $random;
|
||||
$this->activityManager = $activityManager;
|
||||
|
|
@ -114,6 +121,10 @@ class AuthSettingsController extends Controller {
|
|||
} catch (SessionNotAvailableException $ex) {
|
||||
return $this->getServiceNotAvailableResponse();
|
||||
}
|
||||
if ($this->userSession->getImpersonatingUserID() !== null)
|
||||
{
|
||||
return $this->getServiceNotAvailableResponse();
|
||||
}
|
||||
|
||||
try {
|
||||
$sessionToken = $this->tokenProvider->getToken($sessionId);
|
||||
|
|
|
|||
|
|
@ -80,11 +80,18 @@ class Security implements ISettings {
|
|||
$passwordChangeSupported = $user->canChangePassword();
|
||||
}
|
||||
|
||||
$this->initialStateService->provideInitialState(
|
||||
'settings',
|
||||
'can_create_app_token',
|
||||
$this->userSession->getImpersonatingUserID() !== null
|
||||
);
|
||||
|
||||
return new TemplateResponse('settings', 'settings/personal/security', [
|
||||
'passwordChangeSupported' => $passwordChangeSupported,
|
||||
'twoFactorProviderData' => $this->getTwoFactorProviderData(),
|
||||
'themedark' => $this->config->getUserValue($this->uid, 'accessibility', 'theme', false)
|
||||
]);
|
||||
|
||||
}
|
||||
|
||||
public function getSection(): string {
|
||||
|
|
|
|||
|
|
@ -28,7 +28,7 @@
|
|||
@rename="rename"
|
||||
@delete="deleteToken"
|
||||
@wipe="wipeToken" />
|
||||
<AuthTokenSetupDialogue :add="addNewToken" />
|
||||
<AuthTokenSetupDialogue v-if="canCreateToken" :add="addNewToken" />
|
||||
</div>
|
||||
</template>
|
||||
|
||||
|
|
@ -63,7 +63,7 @@
|
|||
props: {
|
||||
tokens: {
|
||||
type: Array,
|
||||
requried: true,
|
||||
required: true,
|
||||
},
|
||||
},
|
||||
components: {
|
||||
|
|
|
|||
|
|
@ -35,5 +35,6 @@ const View = Vue.extend(AuthTokenSection);
|
|||
new View({
|
||||
propsData: {
|
||||
tokens: OCP.InitialState.loadState('settings', 'app_tokens'),
|
||||
canCreateToken: OCP.InitialState.loadState('settings', 'can_create_app_token'),
|
||||
}
|
||||
}).$mount('#security-authtokens');
|
||||
|
|
|
|||
Loading…
Reference in New Issue