diff --git a/core/Controller/AppPasswordController.php b/core/Controller/AppPasswordController.php index a858bb025d..01ca1e2597 100644 --- a/core/Controller/AppPasswordController.php +++ b/core/Controller/AppPasswordController.php @@ -24,6 +24,7 @@ declare(strict_types=1); namespace OC\Core\Controller; +use OC\Authentication\Exceptions\InvalidTokenException; use OC\Authentication\Token\IProvider; use OC\Authentication\Token\IToken; use OCP\AppFramework\Http\DataResponse; @@ -115,4 +116,26 @@ class AppPasswordController extends \OCP\AppFramework\OCSController { 'apppassword' => $token ]); } + + /** + * @NoAdminRequired + * + * @return DataResponse + */ + public function deleteAppPassword() { + if (!$this->session->exists('app_password')) { + throw new OCSForbiddenException('no app password in use'); + } + + $appPassword = $this->session->get('app_password'); + + try { + $token = $this->tokenProvider->getToken($appPassword); + } catch (InvalidTokenException $e) { + throw new OCSForbiddenException('could not remove apptoken'); + } + + $this->tokenProvider->invalidateTokenById($token->getUID(), $token->getId()); + return new DataResponse(); + } } diff --git a/core/routes.php b/core/routes.php index 1544fd67e0..073352c442 100644 --- a/core/routes.php +++ b/core/routes.php @@ -102,6 +102,7 @@ $application->registerRoutes($this, [ ['root' => '/core', 'name' => 'WhatsNew#get', 'url' => '/whatsnew', 'verb' => 'GET'], ['root' => '/core', 'name' => 'WhatsNew#dismiss', 'url' => '/whatsnew', 'verb' => 'POST'], ['root' => '/core', 'name' => 'AppPassword#getAppPassword', 'url' => '/getapppassword', 'verb' => 'GET'], + ['root' => '/core', 'name' => 'AppPassword#deleteAppPassword', 'url' => '/apppassword', 'verb' => 'DELETE'], ['root' => '/collaboration', 'name' => 'CollaborationResources#searchCollections', 'url' => '/resources/collections/search/{filter}', 'verb' => 'GET'], ['root' => '/collaboration', 'name' => 'CollaborationResources#listCollection', 'url' => '/resources/collections/{collectionId}', 'verb' => 'GET'], diff --git a/tests/Core/Controller/AppPasswordControllerTest.php b/tests/Core/Controller/AppPasswordControllerTest.php index a66bcb3fc2..a7be7a90b0 100644 --- a/tests/Core/Controller/AppPasswordControllerTest.php +++ b/tests/Core/Controller/AppPasswordControllerTest.php @@ -24,9 +24,11 @@ declare(strict_types=1); namespace Tests\Core\Controller; +use OC\Authentication\Exceptions\InvalidTokenException; use OC\Authentication\Token\IProvider; use OC\Authentication\Token\IToken; use OC\Core\Controller\AppPasswordController; +use OCP\AppFramework\Http\DataResponse; use OCP\AppFramework\OCS\OCSForbiddenException; use OCP\Authentication\Exceptions\CredentialsUnavailableException; use OCP\Authentication\Exceptions\PasswordUnavailableException; @@ -187,5 +189,60 @@ class AppPasswordControllerTest extends TestCase { $this->controller->getAppPassword(); } + public function testDeleteAppPasswordNoAppPassword() { + $this->session->method('exists') + ->with('app_password') + ->willReturn(false); + $this->expectException(OCSForbiddenException::class); + + $this->controller->deleteAppPassword(); + } + + public function testDeleteAppPasswordFails() { + $this->session->method('exists') + ->with('app_password') + ->willReturn(true); + $this->session->method('get') + ->with('app_password') + ->willReturn('myAppPassword'); + + $this->tokenProvider->method('getToken') + ->with('myAppPassword') + ->willThrowException(new InvalidTokenException()); + + $this->expectException(OCSForbiddenException::class); + + $this->controller->deleteAppPassword(); + } + + public function testDeleteAppPasswordSuccess() { + $this->session->method('exists') + ->with('app_password') + ->willReturn(true); + $this->session->method('get') + ->with('app_password') + ->willReturn('myAppPassword'); + + $token = $this->createMock(IToken::class); + $this->tokenProvider->method('getToken') + ->with('myAppPassword') + ->willReturn($token); + + $token->method('getUID') + ->willReturn('myUID'); + $token->method('getId') + ->willReturn(42); + + $this->tokenProvider->expects($this->once()) + ->method('invalidateTokenById') + ->with( + 'myUID', + 42 + ); + + $result = $this->controller->deleteAppPassword(); + + $this->assertEquals(new DataResponse(), $result); + } }