diff --git a/apps/files_external/lib/Migration/DummyUserSession.php b/apps/files_external/lib/Migration/DummyUserSession.php
index 004ca019eb..0cc726d35b 100644
--- a/apps/files_external/lib/Migration/DummyUserSession.php
+++ b/apps/files_external/lib/Migration/DummyUserSession.php
@@ -50,4 +50,24 @@ class DummyUserSession implements IUserSession {
public function isLoggedIn() {
return !is_null($this->user);
}
+
+ /**
+ * get getImpersonatingUserID
+ *
+ * @return string|null
+ * @since 17.0.0
+ */
+ public function getImpersonatingUserID() : ?string {
+ return null;
+ }
+
+ /**
+ * set setImpersonatingUserID
+ *
+ * @since 17.0.0
+ */
+ public function setImpersonatingUserID(bool $useCurrentUser = true): void {
+ //no OP
+ }
+
}
diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php
index 13519d97ef..ba909c8105 100644
--- a/lib/private/User/Session.php
+++ b/lib/private/User/Session.php
@@ -314,6 +314,29 @@ class Session implements IUserSession, Emitter {
return null;
}
+ /**
+ * @return mixed
+ */
+ public function getImpersonatingUserID(): ?string {
+
+ return $this->session->get('oldUserId');
+
+ }
+
+ public function setImpersonatingUserID(bool $useCurrentUser = true): void {
+ if ($useCurrentUser === false) {
+ $this->session->remove('oldUserId');
+ return;
+ }
+
+ $currentUser = $this->getUser();
+
+ if ($currentUser === null) {
+ throw new \OC\User\NoUserException();
+ }
+ $this->session->set('oldUserId', $currentUser->getUID());
+
+ }
/**
* set the token id
*
diff --git a/lib/public/IUserSession.php b/lib/public/IUserSession.php
index d7bf5f9a38..b3c470e5be 100644
--- a/lib/public/IUserSession.php
+++ b/lib/public/IUserSession.php
@@ -42,6 +42,7 @@ namespace OCP;
interface IUserSession {
/**
* Do a user login
+ *
* @param string $user the username
* @param string $password the password
* @return bool true if successful
@@ -52,6 +53,7 @@ interface IUserSession {
/**
* Logs the user out including all the session data
* Logout, destroys session
+ *
* @return void
* @since 6.0.0
*/
@@ -80,4 +82,19 @@ interface IUserSession {
* @since 8.0.0
*/
public function isLoggedIn();
+
+ /**
+ * get getImpersonatingUserID
+ *
+ * @return string|null
+ * @since 18.0.0
+ */
+ public function getImpersonatingUserID(): ?string;
+
+ /**
+ * set setImpersonatingUserID
+ *
+ * @since 18.0.0
+ */
+ public function setImpersonatingUserID(bool $useCurrentUser = true): void;
}
diff --git a/settings/Controller/AuthSettingsController.php b/settings/Controller/AuthSettingsController.php
index da9414dcb1..7582f1287b 100644
--- a/settings/Controller/AuthSettingsController.php
+++ b/settings/Controller/AuthSettingsController.php
@@ -44,6 +44,7 @@ use OCP\AppFramework\Http\JSONResponse;
use OCP\ILogger;
use OCP\IRequest;
use OCP\ISession;
+use OCP\IUserSession;
use OCP\Security\ISecureRandom;
use OCP\Session\Exceptions\SessionNotAvailableException;
@@ -55,6 +56,9 @@ class AuthSettingsController extends Controller {
/** @var ISession */
private $session;
+ /** IUserSession */
+ private $userSession;
+
/** @var string */
private $uid;
@@ -77,6 +81,7 @@ class AuthSettingsController extends Controller {
* @param ISession $session
* @param ISecureRandom $random
* @param string|null $userId
+ * @param IUserSession $userSession
* @param IManager $activityManager
* @param RemoteWipe $remoteWipe
* @param ILogger $logger
@@ -87,12 +92,14 @@ class AuthSettingsController extends Controller {
ISession $session,
ISecureRandom $random,
?string $userId,
+ IUserSession $userSession,
IManager $activityManager,
RemoteWipe $remoteWipe,
ILogger $logger) {
parent::__construct($appName, $request);
$this->tokenProvider = $tokenProvider;
$this->uid = $userId;
+ $this->userSession = $userSession;
$this->session = $session;
$this->random = $random;
$this->activityManager = $activityManager;
@@ -114,6 +121,10 @@ class AuthSettingsController extends Controller {
} catch (SessionNotAvailableException $ex) {
return $this->getServiceNotAvailableResponse();
}
+ if ($this->userSession->getImpersonatingUserID() !== null)
+ {
+ return $this->getServiceNotAvailableResponse();
+ }
try {
$sessionToken = $this->tokenProvider->getToken($sessionId);
diff --git a/settings/Settings/Personal/Security.php b/settings/Settings/Personal/Security.php
index 29c161f9da..1d40377f18 100644
--- a/settings/Settings/Personal/Security.php
+++ b/settings/Settings/Personal/Security.php
@@ -80,11 +80,18 @@ class Security implements ISettings {
$passwordChangeSupported = $user->canChangePassword();
}
+ $this->initialStateService->provideInitialState(
+ 'settings',
+ 'can_create_app_token',
+ $this->userSession->getImpersonatingUserID() !== null
+ );
+
return new TemplateResponse('settings', 'settings/personal/security', [
'passwordChangeSupported' => $passwordChangeSupported,
'twoFactorProviderData' => $this->getTwoFactorProviderData(),
'themedark' => $this->config->getUserValue($this->uid, 'accessibility', 'theme', false)
]);
+
}
public function getSection(): string {
diff --git a/settings/src/components/AuthTokenSection.vue b/settings/src/components/AuthTokenSection.vue
index c74348631d..7ddca56859 100644
--- a/settings/src/components/AuthTokenSection.vue
+++ b/settings/src/components/AuthTokenSection.vue
@@ -28,7 +28,7 @@
@rename="rename"
@delete="deleteToken"
@wipe="wipeToken" />
-
+
@@ -63,7 +63,7 @@
props: {
tokens: {
type: Array,
- requried: true,
+ required: true,
},
},
components: {
diff --git a/settings/src/main-personal-security.js b/settings/src/main-personal-security.js
index 2284cebea7..9f020efd5f 100644
--- a/settings/src/main-personal-security.js
+++ b/settings/src/main-personal-security.js
@@ -35,5 +35,6 @@ const View = Vue.extend(AuthTokenSection);
new View({
propsData: {
tokens: OCP.InitialState.loadState('settings', 'app_tokens'),
+ canCreateToken: OCP.InitialState.loadState('settings', 'can_create_app_token'),
}
}).$mount('#security-authtokens');