diff --git a/core/Application.php b/core/Application.php index faadad3298..a835dc7fbb 100644 --- a/core/Application.php +++ b/core/Application.php @@ -32,6 +32,7 @@ use OC\AppFramework\Utility\TimeFactory; use OC\Core\Controller\AvatarController; use OC\Core\Controller\LoginController; use OC\Core\Controller\LostController; +use OC\Core\Controller\TokenController; use OC\Core\Controller\UserController; use OC_Defaults; use OCP\AppFramework\App; @@ -103,6 +104,15 @@ class Application extends App { $c->query('URLGenerator') ); }); + $container->registerService('TokenController', function(SimpleContainer $c) { + return new TokenController( + $c->query('AppName'), + $c->query('Request'), + $c->query('UserManager'), + $c->query('OC\Authentication\Token\DefaultTokenProvider'), + $c->query('SecureRandom') + ); + }); /** * Core class wrappers diff --git a/core/Controller/TokenController.php b/core/Controller/TokenController.php new file mode 100644 index 0000000000..45e33e832b --- /dev/null +++ b/core/Controller/TokenController.php @@ -0,0 +1,82 @@ + + * + * @copyright Copyright (c) 2016, ownCloud, Inc. + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see + * + */ + +namespace OC\Core\Controller; + +use OC\AppFramework\Http; +use OC\Authentication\Token\DefaultTokenProvider; +use OC\User\Manager; +use OCP\AppFramework\Controller; +use OCP\AppFramework\Http\Response; +use OCP\IRequest; +use OCP\Security\ISecureRandom; + +class TokenController extends Controller { + + /** @var Manager */ + private $userManager; + + /** @var DefaultTokenProvider */ + private $tokenProvider; + + /** @var ISecureRandom */ + private $secureRandom; + + /** + * @param string $appName + * @param IRequest $request + * @param Manager $userManager + * @param DefaultTokenProvider $tokenProvider + * @param ISecureRandom $crypto + */ + public function __construct($appName, IRequest $request, Manager $userManager, DefaultTokenProvider $tokenProvider, + ISecureRandom $crypto) { + parent::__construct($appName, $request); + $this->userManager = $userManager; + $this->tokenProvider = $tokenProvider; + $this->secureRandom = $crypto; + } + + /** + * Generate a new access token clients can authenticate with + * + * @PublicPage + * @NoCSRFRequired + * + * @param string $user + * @param string $password + */ + public function generateToken($user, $password, $name = 'unknown client') { + if (is_null($user) || is_null($password)) { + return new Response([], Http::STATUS_UNPROCESSABLE_ENTITY); + } + if ($this->userManager->checkPassword($user, $password) === false) { + return new Response([], Http::STATUS_UNAUTHORIZED); + } + $token = $this->secureRandom->generate(128); + $this->tokenProvider->generateToken($token, $user, $password, $name); + return [ + 'token' => $token, + ]; + } + +} diff --git a/core/routes.php b/core/routes.php index e86cd702b8..7090935200 100644 --- a/core/routes.php +++ b/core/routes.php @@ -45,6 +45,7 @@ $application->registerRoutes($this, [ ['name' => 'login#tryLogin', 'url' => '/login', 'verb' => 'POST'], ['name' => 'login#showLoginForm', 'url' => '/login', 'verb' => 'GET'], ['name' => 'login#logout', 'url' => '/logout', 'verb' => 'GET'], + ['name' => 'token#generateToken', 'url' => '/token/generate', 'verb' => 'POST'], ], ]); diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php index 7d4594e720..5d869a04ca 100644 --- a/lib/private/User/Session.php +++ b/lib/private/User/Session.php @@ -353,7 +353,7 @@ class Session implements IUserSession, Emitter { // User does not exist return false; } - $name = isset($request->server['HTTP_USER_AGENT']) ? $request->server['HTTP_USER_AGENT'] : 'unknown device'; + $name = isset($request->server['HTTP_USER_AGENT']) ? $request->server['HTTP_USER_AGENT'] : 'unknown browser'; // TODO: use ISession::getId(), https://github.com/owncloud/core/pull/24229 $sessionId = session_id(); $token = $this->tokenProvider->generateToken($sessionId, $uid, $password, $name);