delete auth token when client gets deleted
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
This commit is contained in:
Bjoern Schiessle
Lukas Reschke
parent
23b296b66e
commit
1eb7f4956b
|
|
@ -21,6 +21,8 @@
|
|||
|
||||
namespace OCA\OAuth2\Controller;
|
||||
|
||||
use OC\Authentication\Token\DefaultTokenMapper;
|
||||
use OCA\OAuth2\Db\AccessTokenMapper;
|
||||
use OCA\OAuth2\Db\Client;
|
||||
use OCA\OAuth2\Db\ClientMapper;
|
||||
use OCP\AppFramework\Controller;
|
||||
|
|
@ -36,6 +38,10 @@ class SettingsController extends Controller {
|
|||
private $clientMapper;
|
||||
/** @var ISecureRandom */
|
||||
private $secureRandom;
|
||||
/** @var AccessTokenMapper */
|
||||
private $accessTokenMapper;
|
||||
/** @var DefaultTokenMapper */
|
||||
private $defaultTokenMapper;
|
||||
|
||||
const validChars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
|
||||
|
||||
|
|
@ -45,16 +51,23 @@ class SettingsController extends Controller {
|
|||
* @param IURLGenerator $urlGenerator
|
||||
* @param ClientMapper $clientMapper
|
||||
* @param ISecureRandom $secureRandom
|
||||
* @param AccessTokenMapper $accessTokenMapper
|
||||
* @param DefaultTokenMapper $defaultTokenMapper
|
||||
*/
|
||||
public function __construct($appName,
|
||||
IRequest $request,
|
||||
IURLGenerator $urlGenerator,
|
||||
ClientMapper $clientMapper,
|
||||
ISecureRandom $secureRandom) {
|
||||
ISecureRandom $secureRandom,
|
||||
AccessTokenMapper $accessTokenMapper,
|
||||
DefaultTokenMapper $defaultTokenMapper
|
||||
) {
|
||||
parent::__construct($appName, $request);
|
||||
$this->urlGenerator = $urlGenerator;
|
||||
$this->secureRandom = $secureRandom;
|
||||
$this->clientMapper = $clientMapper;
|
||||
$this->accessTokenMapper = $accessTokenMapper;
|
||||
$this->defaultTokenMapper = $defaultTokenMapper;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -78,8 +91,9 @@ class SettingsController extends Controller {
|
|||
* @return RedirectResponse
|
||||
*/
|
||||
public function deleteClient($id) {
|
||||
$client = new Client();
|
||||
$client->setId($id);
|
||||
$client = $this->clientMapper->getByUid($id);
|
||||
$this->accessTokenMapper->deleteByClientId($id);
|
||||
$this->defaultTokenMapper->deleteByName($client->getName());
|
||||
$this->clientMapper->delete($client);
|
||||
return new RedirectResponse($this->urlGenerator->getAbsoluteURL('/index.php/settings/admin/security'));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -22,6 +22,7 @@
|
|||
namespace OCA\OAuth2\Db;
|
||||
|
||||
use OCP\AppFramework\Db\Mapper;
|
||||
use OCP\DB\QueryBuilder\IQueryBuilder;
|
||||
use OCP\IDBConnection;
|
||||
|
||||
class AccessTokenMapper extends Mapper {
|
||||
|
|
@ -48,4 +49,17 @@ class AccessTokenMapper extends Mapper {
|
|||
$result->closeCursor();
|
||||
return AccessToken::fromRow($row);
|
||||
}
|
||||
|
||||
/**
|
||||
* delete all access token from a given client
|
||||
*
|
||||
* @param int $id
|
||||
*/
|
||||
public function deleteByClientId($id) {
|
||||
$qb = $this->db->getQueryBuilder();
|
||||
$qb
|
||||
->delete($this->tableName)
|
||||
->where($qb->expr()->eq('client_id', $qb->createNamedParameter($id, IQueryBuilder::PARAM_INT)));
|
||||
$qb->execute();
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -22,6 +22,7 @@
|
|||
namespace OCA\OAuth2\Db;
|
||||
|
||||
use OCP\AppFramework\Db\Mapper;
|
||||
use OCP\DB\QueryBuilder\IQueryBuilder;
|
||||
use OCP\IDBConnection;
|
||||
|
||||
class ClientMapper extends Mapper {
|
||||
|
|
@ -54,6 +55,27 @@ class ClientMapper extends Mapper {
|
|||
return Client::fromRow($row);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string $uid internal uid of the client
|
||||
* @return Client
|
||||
*/
|
||||
public function getByUid($uid) {
|
||||
$qb = $this->db->getQueryBuilder();
|
||||
$qb
|
||||
->select('*')
|
||||
->from($this->tableName)
|
||||
->where($qb->expr()->eq('id', $qb->createNamedParameter($uid, IQueryBuilder::PARAM_INT)));
|
||||
$result = $qb->execute();
|
||||
$row = $result->fetch();
|
||||
$result->closeCursor();
|
||||
|
||||
if (!is_array($row)) {
|
||||
$row = [];
|
||||
}
|
||||
|
||||
return Client::fromRow($row);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return Client[]
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -23,7 +23,6 @@ namespace OCA\OAuth2\Settings;
|
|||
|
||||
use OCA\OAuth2\Db\ClientMapper;
|
||||
use OCP\AppFramework\Http\TemplateResponse;
|
||||
use OCP\IConfig;
|
||||
use OCP\Settings\ISettings;
|
||||
|
||||
class Admin implements ISettings {
|
||||
|
|
|
|||
|
|
@ -31,7 +31,7 @@ use OCP\IUser;
|
|||
class DefaultTokenMapper extends Mapper {
|
||||
|
||||
public function __construct(IDBConnection $db) {
|
||||
parent::__construct($db, 'authtoken');
|
||||
parent::__construct($db, 'AuthToken');
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -42,7 +42,7 @@ class DefaultTokenMapper extends Mapper {
|
|||
public function invalidate($token) {
|
||||
/* @var $qb IQueryBuilder */
|
||||
$qb = $this->db->getQueryBuilder();
|
||||
$qb->delete('authtoken')
|
||||
$qb->delete('AuthToken')
|
||||
->where($qb->expr()->eq('token', $qb->createParameter('token')))
|
||||
->setParameter('token', $token)
|
||||
->execute();
|
||||
|
|
@ -55,7 +55,7 @@ class DefaultTokenMapper extends Mapper {
|
|||
public function invalidateOld($olderThan, $remember = IToken::DO_NOT_REMEMBER) {
|
||||
/* @var $qb IQueryBuilder */
|
||||
$qb = $this->db->getQueryBuilder();
|
||||
$qb->delete('authtoken')
|
||||
$qb->delete('AuthToken')
|
||||
->where($qb->expr()->lt('last_activity', $qb->createNamedParameter($olderThan, IQueryBuilder::PARAM_INT)))
|
||||
->andWhere($qb->expr()->eq('type', $qb->createNamedParameter(IToken::TEMPORARY_TOKEN, IQueryBuilder::PARAM_INT)))
|
||||
->andWhere($qb->expr()->eq('remember', $qb->createNamedParameter($remember, IQueryBuilder::PARAM_INT)))
|
||||
|
|
@ -73,7 +73,7 @@ class DefaultTokenMapper extends Mapper {
|
|||
/* @var $qb IQueryBuilder */
|
||||
$qb = $this->db->getQueryBuilder();
|
||||
$result = $qb->select('id', 'uid', 'login_name', 'password', 'name', 'type', 'remember', 'token', 'last_activity', 'last_check', 'scope')
|
||||
->from('authtoken')
|
||||
->from('AuthToken')
|
||||
->where($qb->expr()->eq('token', $qb->createNamedParameter($token)))
|
||||
->execute();
|
||||
|
||||
|
|
@ -97,7 +97,7 @@ class DefaultTokenMapper extends Mapper {
|
|||
/* @var $qb IQueryBuilder */
|
||||
$qb = $this->db->getQueryBuilder();
|
||||
$result = $qb->select('id', 'uid', 'login_name', 'password', 'name', 'type', 'token', 'last_activity', 'last_check', 'scope')
|
||||
->from('authtoken')
|
||||
->from('AuthToken')
|
||||
->where($qb->expr()->eq('id', $qb->createNamedParameter($id)))
|
||||
->execute();
|
||||
|
||||
|
|
@ -122,7 +122,7 @@ class DefaultTokenMapper extends Mapper {
|
|||
/* @var $qb IQueryBuilder */
|
||||
$qb = $this->db->getQueryBuilder();
|
||||
$qb->select('id', 'uid', 'login_name', 'password', 'name', 'type', 'remember', 'token', 'last_activity', 'last_check', 'scope')
|
||||
->from('authtoken')
|
||||
->from('AuthToken')
|
||||
->where($qb->expr()->eq('uid', $qb->createNamedParameter($user->getUID())))
|
||||
->setMaxResults(1000);
|
||||
$result = $qb->execute();
|
||||
|
|
@ -143,10 +143,22 @@ class DefaultTokenMapper extends Mapper {
|
|||
public function deleteById(IUser $user, $id) {
|
||||
/* @var $qb IQueryBuilder */
|
||||
$qb = $this->db->getQueryBuilder();
|
||||
$qb->delete('authtoken')
|
||||
$qb->delete('AuthToken')
|
||||
->where($qb->expr()->eq('id', $qb->createNamedParameter($id)))
|
||||
->andWhere($qb->expr()->eq('uid', $qb->createNamedParameter($user->getUID())));
|
||||
$qb->execute();
|
||||
}
|
||||
|
||||
/**
|
||||
* delete all auth token which belong to a specific client if the client was deleted
|
||||
*
|
||||
* @param string $name
|
||||
*/
|
||||
public function deleteByName($name) {
|
||||
$qb = $this->db->getQueryBuilder();
|
||||
$qb->delete('AuthToken')
|
||||
->where($qb->expr()->eq('name', $qb->createNamedParameter($name)));
|
||||
$qb->execute();
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -49,7 +49,7 @@ $config = \OC::$server->getConfig();
|
|||
$urlGenerator = \OC::$server->getURLGenerator();
|
||||
|
||||
// Highlight navigation entry
|
||||
OC_Util::addScript('settings', 'authtoken');
|
||||
OC_Util::addScript('settings', 'AuthToken');
|
||||
OC_Util::addScript('settings', 'authtoken_collection');
|
||||
OC_Util::addScript('settings', 'authtoken_view');
|
||||
OC_Util::addScript('settings', 'usersettings');
|
||||
|
|
|
|||
|
|
@ -58,8 +58,8 @@ class DefaultTokenMapperTest extends TestCase {
|
|||
|
||||
private function resetDatabase() {
|
||||
$qb = $this->dbConnection->getQueryBuilder();
|
||||
$qb->delete('authtoken')->execute();
|
||||
$qb->insert('authtoken')->values([
|
||||
$qb->delete('AuthToken')->execute();
|
||||
$qb->insert('AuthToken')->values([
|
||||
'uid' => $qb->createNamedParameter('user1'),
|
||||
'login_name' => $qb->createNamedParameter('User1'),
|
||||
'password' => $qb->createNamedParameter('a75c7116460c082912d8f6860a850904|3nz5qbG1nNSLLi6V|c55365a0e54cfdfac4a175bcf11a7612aea74492277bba6e5d96a24497fa9272488787cb2f3ad34d8b9b8060934fce02f008d371df3ff3848f4aa61944851ff0'),
|
||||
|
|
@ -69,7 +69,7 @@ class DefaultTokenMapperTest extends TestCase {
|
|||
'last_activity' => $qb->createNamedParameter($this->time - 120, IQueryBuilder::PARAM_INT), // Two minutes ago
|
||||
'last_check' => $this->time - 60 * 10, // 10mins ago
|
||||
])->execute();
|
||||
$qb->insert('authtoken')->values([
|
||||
$qb->insert('AuthToken')->values([
|
||||
'uid' => $qb->createNamedParameter('user2'),
|
||||
'login_name' => $qb->createNamedParameter('User2'),
|
||||
'password' => $qb->createNamedParameter('971a337057853344700bbeccf836519f|UwOQwyb34sJHtqPV|036d4890f8c21d17bbc7b88072d8ef049a5c832a38e97f3e3d5f9186e896c2593aee16883f617322fa242728d0236ff32d163caeb4bd45e14ca002c57a88665f'),
|
||||
|
|
@ -79,7 +79,7 @@ class DefaultTokenMapperTest extends TestCase {
|
|||
'last_activity' => $qb->createNamedParameter($this->time - 60 * 60 * 24 * 3, IQueryBuilder::PARAM_INT), // Three days ago
|
||||
'last_check' => $this->time - 10, // 10secs ago
|
||||
])->execute();
|
||||
$qb->insert('authtoken')->values([
|
||||
$qb->insert('AuthToken')->values([
|
||||
'uid' => $qb->createNamedParameter('user1'),
|
||||
'login_name' => $qb->createNamedParameter('User1'),
|
||||
'password' => $qb->createNamedParameter('063de945d6f6b26862d9b6f40652f2d5|DZ/z520tfdXPtd0T|395f6b89be8d9d605e409e20b9d9abe477fde1be38a3223f9e508f979bf906e50d9eaa4dca983ca4fb22a241eb696c3f98654e7775f78c4caf13108f98642b53'),
|
||||
|
|
@ -94,7 +94,7 @@ class DefaultTokenMapperTest extends TestCase {
|
|||
private function getNumberOfTokens() {
|
||||
$qb = $this->dbConnection->getQueryBuilder();
|
||||
$result = $qb->select($qb->createFunction('count(*) as `count`'))
|
||||
->from('authtoken')
|
||||
->from('AuthToken')
|
||||
->execute()
|
||||
->fetch();
|
||||
return (int) $result['count'];
|
||||
|
|
@ -211,7 +211,7 @@ class DefaultTokenMapperTest extends TestCase {
|
|||
$user = $this->createMock(IUser::class);
|
||||
$qb = $this->dbConnection->getQueryBuilder();
|
||||
$qb->select('id')
|
||||
->from('authtoken')
|
||||
->from('AuthToken')
|
||||
->where($qb->expr()->eq('token', $qb->createNamedParameter('9c5a2e661482b65597408a6bb6c4a3d1af36337381872ac56e445a06cdb7fea2b1039db707545c11027a4966919918b19d875a8b774840b18c6cbb7ae56fe206')));
|
||||
$result = $qb->execute();
|
||||
$id = $result->fetch()['id'];
|
||||
|
|
|
|||
Loading…
Reference in New Issue