Set OAuth token expiration

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This commit is contained in:
Roeland Jago Douma 2018-05-16 10:35:18 +02:00
parent bbcb36cd60
commit 49795d2006
No known key found for this signature in database
GPG Key ID: F941078878347C0C
5 changed files with 89 additions and 2 deletions

View File

@ -5,7 +5,7 @@
<name>OAuth 2.0</name> <name>OAuth 2.0</name>
<summary>Allows OAuth2 compatible authentication from other web applications.</summary> <summary>Allows OAuth2 compatible authentication from other web applications.</summary>
<description>The OAuth2 app allows administrators to configure the built-in authentication workflow to also allow OAuth2 compatible authentication from other web applications.</description> <description>The OAuth2 app allows administrators to configure the built-in authentication workflow to also allow OAuth2 compatible authentication from other web applications.</description>
<version>1.2.0</version> <version>1.2.1</version>
<licence>agpl</licence> <licence>agpl</licence>
<author>Lukas Reschke</author> <author>Lukas Reschke</author>
<namespace>OAuth2</namespace> <namespace>OAuth2</namespace>
@ -20,6 +20,12 @@
<nextcloud min-version="14" max-version="14" /> <nextcloud min-version="14" max-version="14" />
</dependencies> </dependencies>
<repair-steps>
<post-migration>
<step>OCA\OAuth2\Migration\SetTokenExpiration</step>
</post-migration>
</repair-steps>
<settings> <settings>
<admin>OCA\OAuth2\Settings\Admin</admin> <admin>OCA\OAuth2\Settings\Admin</admin>
</settings> </settings>

View File

@ -15,5 +15,6 @@ return array(
'OCA\\OAuth2\\Db\\ClientMapper' => $baseDir . '/../lib/Db/ClientMapper.php', 'OCA\\OAuth2\\Db\\ClientMapper' => $baseDir . '/../lib/Db/ClientMapper.php',
'OCA\\OAuth2\\Exceptions\\AccessTokenNotFoundException' => $baseDir . '/../lib/Exceptions/AccessTokenNotFoundException.php', 'OCA\\OAuth2\\Exceptions\\AccessTokenNotFoundException' => $baseDir . '/../lib/Exceptions/AccessTokenNotFoundException.php',
'OCA\\OAuth2\\Exceptions\\ClientNotFoundException' => $baseDir . '/../lib/Exceptions/ClientNotFoundException.php', 'OCA\\OAuth2\\Exceptions\\ClientNotFoundException' => $baseDir . '/../lib/Exceptions/ClientNotFoundException.php',
'OCA\\OAuth2\\Migration\\SetTokenExpiration' => $baseDir . '/../lib/Migration/SetTokenExpiration.php',
'OCA\\OAuth2\\Settings\\Admin' => $baseDir . '/../lib/Settings/Admin.php', 'OCA\\OAuth2\\Settings\\Admin' => $baseDir . '/../lib/Settings/Admin.php',
); );

View File

@ -30,6 +30,7 @@ class ComposerStaticInitOAuth2
'OCA\\OAuth2\\Db\\ClientMapper' => __DIR__ . '/..' . '/../lib/Db/ClientMapper.php', 'OCA\\OAuth2\\Db\\ClientMapper' => __DIR__ . '/..' . '/../lib/Db/ClientMapper.php',
'OCA\\OAuth2\\Exceptions\\AccessTokenNotFoundException' => __DIR__ . '/..' . '/../lib/Exceptions/AccessTokenNotFoundException.php', 'OCA\\OAuth2\\Exceptions\\AccessTokenNotFoundException' => __DIR__ . '/..' . '/../lib/Exceptions/AccessTokenNotFoundException.php',
'OCA\\OAuth2\\Exceptions\\ClientNotFoundException' => __DIR__ . '/..' . '/../lib/Exceptions/ClientNotFoundException.php', 'OCA\\OAuth2\\Exceptions\\ClientNotFoundException' => __DIR__ . '/..' . '/../lib/Exceptions/ClientNotFoundException.php',
'OCA\\OAuth2\\Migration\\SetTokenExpiration' => __DIR__ . '/..' . '/../lib/Migration/SetTokenExpiration.php',
'OCA\\OAuth2\\Settings\\Admin' => __DIR__ . '/..' . '/../lib/Settings/Admin.php', 'OCA\\OAuth2\\Settings\\Admin' => __DIR__ . '/..' . '/../lib/Settings/Admin.php',
); );

View File

@ -65,9 +65,11 @@ class OauthApiController extends Controller {
* @NoCSRFRequired * @NoCSRFRequired
* *
* @param string $code * @param string $code
* @param string $client_id
* @param string $client_secret
* @return JSONResponse * @return JSONResponse
*/ */
public function getToken($code) { public function getToken($code, $client_id, $client_secret) {
$accessToken = $this->accessTokenMapper->getByCode($code); $accessToken = $this->accessTokenMapper->getByCode($code);
$decryptedToken = $this->crypto->decrypt($accessToken->getEncryptedToken(), $code); $decryptedToken = $this->crypto->decrypt($accessToken->getEncryptedToken(), $code);
$newCode = $this->secureRandom->generate(128); $newCode = $this->secureRandom->generate(128);

View File

@ -0,0 +1,77 @@
<?php
/**
* @copyright Copyright 2018, Roeland Jago Douma <roeland@famdouma.nl>
*
* @author Roeland Jago Douma <roeland@famdouma.nl>
*
* @license GNU AGPL version 3 or any later version
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
namespace OCA\OAuth2\Migration;
use OC\Authentication\Exceptions\InvalidTokenException;
use OC\Authentication\Token\IProvider as TokenProvider;
use OCA\OAuth2\Db\AccessToken;
use OCP\AppFramework\Utility\ITimeFactory;
use OCP\IDBConnection;
use OCP\Migration\IOutput;
use OCP\Migration\IRepairStep;
class SetTokenExpiration implements IRepairStep {
/** @var IDBConnection */
private $connection;
/** @var ITimeFactory */
private $time;
/** @var TokenProvider */
private $tokenProvider;
public function __construct(IDBConnection $connection,
ITimeFactory $timeFactory,
TokenProvider $tokenProvider) {
$this->connection = $connection;
$this->time = $timeFactory;
$this->tokenProvider = $tokenProvider;
}
public function getName() {
return 'Update OAuth token expiration times';
}
public function run(IOutput $output) {
$qb = $this->connection->getQueryBuilder();
$qb->select('*')
->from('oauth2_access_tokens');
$cursor = $qb->execute();
while($row = $cursor->fetch()) {
$token = AccessToken::fromRow($row);
try {
$appToken = $this->tokenProvider->getTokenById($token->getTokenId());
$appToken->setExpires($this->time->getTime() + 3600);
$this->tokenProvider->updateToken($appToken);
} catch (InvalidTokenException $e) {
//Skip this token
}
}
$cursor->closeCursor();
}
}