mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Disable app token creation for impersonated people, ref #15539 

Signed-off-by: Greta Doci <gretadoci@gmail.com>
This commit is contained in:
Greta Doci 2019-06-12 14:26:01 +02:00 committed by Roeland Jago Douma
parent d231fc9843
commit 0a874c51af
No known key found for this signature in database
GPG Key ID: F941078878347C0C
7 changed files with 81 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
apps/files_external/lib/Migration/DummyUserSession.php
View File

@ -50,4 +50,24 @@ class DummyUserSession implements IUserSession {
public function isLoggedIn() { public function isLoggedIn() {
return !is_null($this->user); return !is_null($this->user);
} }
/**
* get getImpersonatingUserID
*
* @return string|null
* @since 17.0.0
*/
public function getImpersonatingUserID() : ?string {
return null;
}
/**
* set setImpersonatingUserID
*
* @since 17.0.0
*/
public function setImpersonatingUserID(bool $useCurrentUser = true): void {
//no OP
}
} }

23
lib/private/User/Session.php
View File

@ -314,6 +314,29 @@ class Session implements IUserSession, Emitter {
return null; return null;
} }
/**
* @return mixed
*/
public function getImpersonatingUserID(): ?string {
return $this->session->get('oldUserId');
}
public function setImpersonatingUserID(bool $useCurrentUser = true): void {
if ($useCurrentUser === false) {
$this->session->remove('oldUserId');
return;
}
$currentUser = $this->getUser();
if ($currentUser === null) {
throw new \OC\User\NoUserException();
}
$this->session->set('oldUserId', $currentUser->getUID());
}
/** /**
* set the token id * set the token id
* *

17
lib/public/IUserSession.php
View File

@ -42,6 +42,7 @@ namespace OCP;
interface IUserSession { interface IUserSession {
/** /**
* Do a user login * Do a user login
*
* @param string $user the username * @param string $user the username
* @param string $password the password * @param string $password the password
* @return bool true if successful * @return bool true if successful
@ -52,6 +53,7 @@ interface IUserSession {
/** /**
* Logs the user out including all the session data * Logs the user out including all the session data
* Logout, destroys session * Logout, destroys session
*
* @return void * @return void
* @since 6.0.0 * @since 6.0.0
*/ */
@ -80,4 +82,19 @@ interface IUserSession {
* @since 8.0.0 * @since 8.0.0
*/ */
public function isLoggedIn(); public function isLoggedIn();
/**
* get getImpersonatingUserID
*
* @return string|null
* @since 18.0.0
*/
public function getImpersonatingUserID(): ?string;
/**
* set setImpersonatingUserID
*
* @since 18.0.0
*/
public function setImpersonatingUserID(bool $useCurrentUser = true): void;
} }

11
settings/Controller/AuthSettingsController.php
View File

@ -44,6 +44,7 @@ use OCP\AppFramework\Http\JSONResponse;
use OCP\ILogger; use OCP\ILogger;
use OCP\IRequest; use OCP\IRequest;
use OCP\ISession; use OCP\ISession;
use OCP\IUserSession;
use OCP\Security\ISecureRandom; use OCP\Security\ISecureRandom;
use OCP\Session\Exceptions\SessionNotAvailableException; use OCP\Session\Exceptions\SessionNotAvailableException;
@ -55,6 +56,9 @@ class AuthSettingsController extends Controller {
/** @var ISession */ /** @var ISession */
private $session; private $session;
/** IUserSession */
private $userSession;
/** @var string */ /** @var string */
private $uid; private $uid;
@ -77,6 +81,7 @@ class AuthSettingsController extends Controller {
* @param ISession $session * @param ISession $session
* @param ISecureRandom $random * @param ISecureRandom $random
* @param string|null $userId * @param string|null $userId
* @param IUserSession $userSession
* @param IManager $activityManager * @param IManager $activityManager
* @param RemoteWipe $remoteWipe * @param RemoteWipe $remoteWipe
* @param ILogger $logger * @param ILogger $logger
@ -87,12 +92,14 @@ class AuthSettingsController extends Controller {
ISession $session, ISession $session,
ISecureRandom $random, ISecureRandom $random,
?string $userId, ?string $userId,
IUserSession $userSession,
IManager $activityManager, IManager $activityManager,
RemoteWipe $remoteWipe, RemoteWipe $remoteWipe,
ILogger $logger) { ILogger $logger) {
parent::__construct($appName, $request); parent::__construct($appName, $request);
$this->tokenProvider = $tokenProvider; $this->tokenProvider = $tokenProvider;
$this->uid = $userId; $this->uid = $userId;
$this->userSession = $userSession;
$this->session = $session; $this->session = $session;
$this->random = $random; $this->random = $random;
$this->activityManager = $activityManager; $this->activityManager = $activityManager;
@ -114,6 +121,10 @@ class AuthSettingsController extends Controller {
} catch (SessionNotAvailableException $ex) { } catch (SessionNotAvailableException $ex) {
return $this->getServiceNotAvailableResponse(); return $this->getServiceNotAvailableResponse();
} }
if ($this->userSession->getImpersonatingUserID() !== null)
{
return $this->getServiceNotAvailableResponse();
}
try { try {
$sessionToken = $this->tokenProvider->getToken($sessionId); $sessionToken = $this->tokenProvider->getToken($sessionId);

7
settings/Settings/Personal/Security.php
View File

@ -80,11 +80,18 @@ class Security implements ISettings {
$passwordChangeSupported = $user->canChangePassword(); $passwordChangeSupported = $user->canChangePassword();
} }
$this->initialStateService->provideInitialState(
'settings',
'can_create_app_token',
$this->userSession->getImpersonatingUserID() !== null
);
return new TemplateResponse('settings', 'settings/personal/security', [ return new TemplateResponse('settings', 'settings/personal/security', [
'passwordChangeSupported' => $passwordChangeSupported, 'passwordChangeSupported' => $passwordChangeSupported,
'twoFactorProviderData' => $this->getTwoFactorProviderData(), 'twoFactorProviderData' => $this->getTwoFactorProviderData(),
'themedark' => $this->config->getUserValue($this->uid, 'accessibility', 'theme', false) 'themedark' => $this->config->getUserValue($this->uid, 'accessibility', 'theme', false)
]); ]);
} }
public function getSection(): string { public function getSection(): string {

4
settings/src/components/AuthTokenSection.vue
View File

@ -28,7 +28,7 @@
@rename="rename" @rename="rename"
@delete="deleteToken" @delete="deleteToken"
@wipe="wipeToken" /> @wipe="wipeToken" />
<AuthTokenSetupDialogue :add="addNewToken" /> <AuthTokenSetupDialogue v-if="canCreateToken" :add="addNewToken" />
</div> </div>
</template> </template>
@ -63,7 +63,7 @@
props: { props: {
tokens: { tokens: {
type: Array, type: Array,
requried: true, required: true,
}, },
}, },
components: { components: {

1
settings/src/main-personal-security.js
View File

@ -35,5 +35,6 @@ const View = Vue.extend(AuthTokenSection);
new View({ new View({
propsData: { propsData: {
tokens: OCP.InitialState.loadState('settings', 'app_tokens'), tokens: OCP.InitialState.loadState('settings', 'app_tokens'),
canCreateToken: OCP.InitialState.loadState('settings', 'can_create_app_token'),
} }
}).$mount('#security-authtokens'); }).$mount('#security-authtokens');