Add controller to generate client tokens
This commit is contained in:
Christoph Wurst
Thomas Müller
parent
3ab922601a
commit
53636c73d6
|
|
@ -32,6 +32,7 @@ use OC\AppFramework\Utility\TimeFactory;
|
||||||
use OC\Core\Controller\AvatarController;
|
use OC\Core\Controller\AvatarController;
|
||||||
use OC\Core\Controller\LoginController;
|
use OC\Core\Controller\LoginController;
|
||||||
use OC\Core\Controller\LostController;
|
use OC\Core\Controller\LostController;
|
||||||
|
use OC\Core\Controller\TokenController;
|
||||||
use OC\Core\Controller\UserController;
|
use OC\Core\Controller\UserController;
|
||||||
use OC_Defaults;
|
use OC_Defaults;
|
||||||
use OCP\AppFramework\App;
|
use OCP\AppFramework\App;
|
||||||
|
|
@ -103,6 +104,15 @@ class Application extends App {
|
||||||
$c->query('URLGenerator')
|
$c->query('URLGenerator')
|
||||||
);
|
);
|
||||||
});
|
});
|
||||||
|
$container->registerService('TokenController', function(SimpleContainer $c) {
|
||||||
|
return new TokenController(
|
||||||
|
$c->query('AppName'),
|
||||||
|
$c->query('Request'),
|
||||||
|
$c->query('UserManager'),
|
||||||
|
$c->query('OC\Authentication\Token\DefaultTokenProvider'),
|
||||||
|
$c->query('SecureRandom')
|
||||||
|
);
|
||||||
|
});
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Core class wrappers
|
* Core class wrappers
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,82 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @author Christoph Wurst <christoph@owncloud.com>
|
||||||
|
*
|
||||||
|
* @copyright Copyright (c) 2016, ownCloud, Inc.
|
||||||
|
* @license AGPL-3.0
|
||||||
|
*
|
||||||
|
* This code is free software: you can redistribute it and/or modify
|
||||||
|
* it under the terms of the GNU Affero General Public License, version 3,
|
||||||
|
* as published by the Free Software Foundation.
|
||||||
|
*
|
||||||
|
* This program is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU Affero General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU Affero General Public License, version 3,
|
||||||
|
* along with this program. If not, see <http://www.gnu.org/licenses/>
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
namespace OC\Core\Controller;
|
||||||
|
|
||||||
|
use OC\AppFramework\Http;
|
||||||
|
use OC\Authentication\Token\DefaultTokenProvider;
|
||||||
|
use OC\User\Manager;
|
||||||
|
use OCP\AppFramework\Controller;
|
||||||
|
use OCP\AppFramework\Http\Response;
|
||||||
|
use OCP\IRequest;
|
||||||
|
use OCP\Security\ISecureRandom;
|
||||||
|
|
||||||
|
class TokenController extends Controller {
|
||||||
|
|
||||||
|
/** @var Manager */
|
||||||
|
private $userManager;
|
||||||
|
|
||||||
|
/** @var DefaultTokenProvider */
|
||||||
|
private $tokenProvider;
|
||||||
|
|
||||||
|
/** @var ISecureRandom */
|
||||||
|
private $secureRandom;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param string $appName
|
||||||
|
* @param IRequest $request
|
||||||
|
* @param Manager $userManager
|
||||||
|
* @param DefaultTokenProvider $tokenProvider
|
||||||
|
* @param ISecureRandom $crypto
|
||||||
|
*/
|
||||||
|
public function __construct($appName, IRequest $request, Manager $userManager, DefaultTokenProvider $tokenProvider,
|
||||||
|
ISecureRandom $crypto) {
|
||||||
|
parent::__construct($appName, $request);
|
||||||
|
$this->userManager = $userManager;
|
||||||
|
$this->tokenProvider = $tokenProvider;
|
||||||
|
$this->secureRandom = $crypto;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Generate a new access token clients can authenticate with
|
||||||
|
*
|
||||||
|
* @PublicPage
|
||||||
|
* @NoCSRFRequired
|
||||||
|
*
|
||||||
|
* @param string $user
|
||||||
|
* @param string $password
|
||||||
|
*/
|
||||||
|
public function generateToken($user, $password, $name = 'unknown client') {
|
||||||
|
if (is_null($user) || is_null($password)) {
|
||||||
|
return new Response([], Http::STATUS_UNPROCESSABLE_ENTITY);
|
||||||
|
}
|
||||||
|
if ($this->userManager->checkPassword($user, $password) === false) {
|
||||||
|
return new Response([], Http::STATUS_UNAUTHORIZED);
|
||||||
|
}
|
||||||
|
$token = $this->secureRandom->generate(128);
|
||||||
|
$this->tokenProvider->generateToken($token, $user, $password, $name);
|
||||||
|
return [
|
||||||
|
'token' => $token,
|
||||||
|
];
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
@ -45,6 +45,7 @@ $application->registerRoutes($this, [
|
||||||
['name' => 'login#tryLogin', 'url' => '/login', 'verb' => 'POST'],
|
['name' => 'login#tryLogin', 'url' => '/login', 'verb' => 'POST'],
|
||||||
['name' => 'login#showLoginForm', 'url' => '/login', 'verb' => 'GET'],
|
['name' => 'login#showLoginForm', 'url' => '/login', 'verb' => 'GET'],
|
||||||
['name' => 'login#logout', 'url' => '/logout', 'verb' => 'GET'],
|
['name' => 'login#logout', 'url' => '/logout', 'verb' => 'GET'],
|
||||||
|
['name' => 'token#generateToken', 'url' => '/token/generate', 'verb' => 'POST'],
|
||||||
],
|
],
|
||||||
]);
|
]);
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -353,7 +353,7 @@ class Session implements IUserSession, Emitter {
|
||||||
// User does not exist
|
// User does not exist
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
$name = isset($request->server['HTTP_USER_AGENT']) ? $request->server['HTTP_USER_AGENT'] : 'unknown device';
|
$name = isset($request->server['HTTP_USER_AGENT']) ? $request->server['HTTP_USER_AGENT'] : 'unknown browser';
|
||||||
// TODO: use ISession::getId(), https://github.com/owncloud/core/pull/24229
|
// TODO: use ISession::getId(), https://github.com/owncloud/core/pull/24229
|
||||||
$sessionId = session_id();
|
$sessionId = session_id();
|
||||||
$token = $this->tokenProvider->generateToken($sessionId, $uid, $password, $name);
|
$token = $this->tokenProvider->generateToken($sessionId, $uid, $password, $name);
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue