mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #15936 from nextcloud/bugfix/15539/wronguser-apptoken-impersonation 

Disable app token creation for impersonated people, ref #15539
This commit is contained in:
Roeland Jago Douma 2019-09-15 19:34:07 +02:00 committed by GitHub
parent a195c186e6 68ef242a0a
commit 8137616b4b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
17 changed files with 175 additions and 113 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
apps/encryption/lib/Hooks/UserHooks.php
View File

@ -68,7 +68,7 @@ class UserHooks implements IHook {
/** /**
* @var IUserSession * @var IUserSession
*/ */
private $user; private $userSession;
/** /**
* @var Util * @var Util
*/ */
@ -93,7 +93,7 @@ class UserHooks implements IHook {
* @param IUserManager $userManager * @param IUserManager $userManager
* @param ILogger $logger * @param ILogger $logger
* @param Setup $userSetup * @param Setup $userSetup
* @param IUserSession $user * @param IUserSession $userSession
* @param Util $util * @param Util $util
* @param Session $session * @param Session $session
* @param Crypt $crypt * @param Crypt $crypt
@ -103,7 +103,7 @@ class UserHooks implements IHook {
IUserManager $userManager, IUserManager $userManager,
ILogger $logger, ILogger $logger,
Setup $userSetup, Setup $userSetup,
IUserSession $user, IUserSession $userSession,
Util $util, Util $util,
Session $session, Session $session,
Crypt $crypt, Crypt $crypt,
@ -113,7 +113,7 @@ class UserHooks implements IHook {
$this->userManager = $userManager; $this->userManager = $userManager;
$this->logger = $logger; $this->logger = $logger;
$this->userSetup = $userSetup; $this->userSetup = $userSetup;
$this->user = $user; $this->userSession = $userSession;
$this->util = $util; $this->util = $util;
$this->session = $session; $this->session = $session;
$this->recovery = $recovery; $this->recovery = $recovery;
@ -253,7 +253,7 @@ class UserHooks implements IHook {
} }
// Get existing decrypted private key // Get existing decrypted private key
$user = $this->user->getUser(); $user = $this->userSession->getUser();
// current logged in user changes his own password // current logged in user changes his own password
if ($user && $params['uid'] === $user->getUID()) { if ($user && $params['uid'] === $user->getUID()) {
@ -265,7 +265,7 @@ class UserHooks implements IHook {
// Save private key // Save private key
if ($encryptedPrivateKey) { if ($encryptedPrivateKey) {
$this->keyManager->setPrivateKey($this->user->getUser()->getUID(), $this->keyManager->setPrivateKey($user->getUID(),
$this->crypt->generateHeader() . $encryptedPrivateKey); $this->crypt->generateHeader() . $encryptedPrivateKey);
} else { } else {
$this->logger->error('Encryption could not update users encryption password'); $this->logger->error('Encryption could not update users encryption password');
@ -275,8 +275,8 @@ class UserHooks implements IHook {
// private key has not changed, only the passphrase // private key has not changed, only the passphrase
// used to decrypt it has changed // used to decrypt it has changed
} else { // admin changed the password for a different user, create new keys and re-encrypt file keys } else { // admin changed the password for a different user, create new keys and re-encrypt file keys
$user = $params['uid']; $userId = $params['uid'];
$this->initMountPoints($user); $this->initMountPoints($userId);
$recoveryPassword = isset($params['recoveryPassword']) ? $params['recoveryPassword'] : null; $recoveryPassword = isset($params['recoveryPassword']) ? $params['recoveryPassword'] : null;
$recoveryKeyId = $this->keyManager->getRecoveryKeyId(); $recoveryKeyId = $this->keyManager->getRecoveryKeyId();
@ -296,9 +296,9 @@ class UserHooks implements IHook {
// ...encryption was activated for the first time (no keys exists) // ...encryption was activated for the first time (no keys exists)
// ...the user doesn't have any files // ...the user doesn't have any files
if ( if (
($this->recovery->isRecoveryEnabledForUser($user) && $recoveryPassword) ($this->recovery->isRecoveryEnabledForUser($userId) && $recoveryPassword)
|| !$this->keyManager->userHasKeys($user) || !$this->keyManager->userHasKeys($userId)
|| !$this->util->userHasFiles($user) || !$this->util->userHasFiles($userId)
) { ) {
// backup old keys // backup old keys
@ -309,16 +309,16 @@ class UserHooks implements IHook {
$keyPair = $this->crypt->createKeyPair(); $keyPair = $this->crypt->createKeyPair();
// Save public key // Save public key
$this->keyManager->setPublicKey($user, $keyPair['publicKey']); $this->keyManager->setPublicKey($userId, $keyPair['publicKey']);
// Encrypt private key with new password // Encrypt private key with new password
$encryptedKey = $this->crypt->encryptPrivateKey($keyPair['privateKey'], $newUserPassword, $user); $encryptedKey = $this->crypt->encryptPrivateKey($keyPair['privateKey'], $newUserPassword, $userId);
if ($encryptedKey) { if ($encryptedKey) {
$this->keyManager->setPrivateKey($user, $this->crypt->generateHeader() . $encryptedKey); $this->keyManager->setPrivateKey($userId, $this->crypt->generateHeader() . $encryptedKey);
if ($recoveryPassword) { // if recovery key is set we can re-encrypt the key files if ($recoveryPassword) { // if recovery key is set we can re-encrypt the key files
$this->recovery->recoverUsersFiles($recoveryPassword, $user); $this->recovery->recoverUsersFiles($recoveryPassword, $userId);
} }
} else { } else {
$this->logger->error('Encryption Could not update users encryption password'); $this->logger->error('Encryption Could not update users encryption password');

22
apps/encryption/lib/Recovery.php
View File

@ -46,10 +46,6 @@ class Recovery {
* @var Crypt * @var Crypt
*/ */
protected $crypt; protected $crypt;
/**
* @var ISecureRandom
*/
private $random;
/** /**
* @var KeyManager * @var KeyManager
*/ */
@ -58,10 +54,6 @@ class Recovery {
* @var IConfig * @var IConfig
*/ */
private $config; private $config;
/**
* @var IStorage
*/
private $keyStorage;
/** /**
* @var View * @var View
*/ */
@ -72,29 +64,23 @@ class Recovery {
private $file; private $file;
/** /**
* @param IUserSession $user * @param IUserSession $userSession
* @param Crypt $crypt * @param Crypt $crypt
* @param ISecureRandom $random
* @param KeyManager $keyManager * @param KeyManager $keyManager
* @param IConfig $config * @param IConfig $config
* @param IStorage $keyStorage
* @param IFile $file * @param IFile $file
* @param View $view * @param View $view
*/ */
public function __construct(IUserSession $user, public function __construct(IUserSession $userSession,
Crypt $crypt, Crypt $crypt,
ISecureRandom $random,
KeyManager $keyManager, KeyManager $keyManager,
IConfig $config, IConfig $config,
IStorage $keyStorage,
IFile $file, IFile $file,
View $view) { View $view) {
$this->user = ($user && $user->isLoggedIn()) ? $user->getUser() : false; $this->user = ($userSession && $userSession->isLoggedIn()) ? $userSession->getUser() : false;
$this->crypt = $crypt; $this->crypt = $crypt;
$this->random = $random;
$this->keyManager = $keyManager; $this->keyManager = $keyManager;
$this->config = $config; $this->config = $config;
$this->keyStorage = $keyStorage;
$this->view = $view; $this->view = $view;
$this->file = $file; $this->file = $file;
} }
@ -169,7 +155,7 @@ class Recovery {
* @return bool * @return bool
*/ */
public function isRecoveryEnabledForUser($user = '') { public function isRecoveryEnabledForUser($user = '') {
$uid = empty($user) ? $this->user->getUID() : $user; $uid = $user === '' ? $this->user->getUID() : $user;
$recoveryMode = $this->config->getUserValue($uid, $recoveryMode = $this->config->getUserValue($uid,
'encryption', 'encryption',
'recoveryEnabled', 'recoveryEnabled',

29
apps/encryption/tests/Controller/SettingsControllerTest.php
View File

@ -34,8 +34,10 @@ use OCP\AppFramework\Http;
use OCP\IL10N; use OCP\IL10N;
use OCP\IRequest; use OCP\IRequest;
use OCP\ISession; use OCP\ISession;
use OCP\IUser;
use OCP\IUserManager; use OCP\IUserManager;
use OCP\IUserSession; use OCP\IUserSession;
use PHPUnit\Framework\MockObject\MockObject;
use Test\TestCase; use Test\TestCase;
class SettingsControllerTest extends TestCase { class SettingsControllerTest extends TestCase {
@ -63,6 +65,8 @@ class SettingsControllerTest extends TestCase {
/** @var \OCA\Encryption\Session|\PHPUnit_Framework_MockObject_MockObject */ /** @var \OCA\Encryption\Session|\PHPUnit_Framework_MockObject_MockObject */
private $sessionMock; private $sessionMock;
/** @var MockObject|IUser */
private $user;
/** @var \OCP\ISession|\PHPUnit_Framework_MockObject_MockObject */ /** @var \OCP\ISession|\PHPUnit_Framework_MockObject_MockObject */
private $ocSessionMock; private $ocSessionMock;
@ -94,28 +98,17 @@ class SettingsControllerTest extends TestCase {
$this->cryptMock = $this->getMockBuilder(Crypt::class) $this->cryptMock = $this->getMockBuilder(Crypt::class)
->disableOriginalConstructor()->getMock(); ->disableOriginalConstructor()->getMock();
$this->userSessionMock = $this->getMockBuilder(IUserSession::class)
->disableOriginalConstructor()
->setMethods([
'isLoggedIn',
'getUID',
'login',
'logout',
'setUser',
'getUser',
'canChangePassword',
])
->getMock();
$this->ocSessionMock = $this->getMockBuilder(ISession::class)->disableOriginalConstructor()->getMock(); $this->ocSessionMock = $this->getMockBuilder(ISession::class)->disableOriginalConstructor()->getMock();
$this->userSessionMock->expects($this->any()) $this->user = $this->createMock(IUser::class);
$this->user->expects($this->any())
->method('getUID') ->method('getUID')
->willReturn('testUserUid'); ->willReturn('testUserUid');
$this->userSessionMock = $this->createMock(IUserSession::class);
$this->userSessionMock->expects($this->any()) $this->userSessionMock->expects($this->any())
->method($this->anything()) ->method('getUser')
->will($this->returnSelf()); ->willReturn($this->user);
$this->sessionMock = $this->getMockBuilder(Session::class) $this->sessionMock = $this->getMockBuilder(Session::class)
->disableOriginalConstructor()->getMock(); ->disableOriginalConstructor()->getMock();
@ -146,7 +139,9 @@ class SettingsControllerTest extends TestCase {
$oldPassword = 'old'; $oldPassword = 'old';
$newPassword = 'new'; $newPassword = 'new';
$this->userSessionMock->expects($this->once())->method('getUID')->willReturn('uid'); $this->user->expects($this->any())
->method('getUID')
->willReturn('uid');
$this->userManagerMock $this->userManagerMock
->expects($this->exactly(2)) ->expects($this->exactly(2))

28
apps/encryption/tests/Hooks/UserHooksTest.php
View File

@ -41,6 +41,7 @@ use OCP\ILogger;
use OCP\IUser; use OCP\IUser;
use OCP\IUserManager; use OCP\IUserManager;
use OCP\IUserSession; use OCP\IUserSession;
use PHPUnit\Framework\MockObject\MockObject;
use Test\TestCase; use Test\TestCase;
/** /**
@ -79,6 +80,10 @@ class UserHooksTest extends TestCase {
* @var \PHPUnit_Framework_MockObject_MockObject * @var \PHPUnit_Framework_MockObject_MockObject
*/ */
private $userSessionMock; private $userSessionMock;
/**
* @var MockObject|IUser
*/
private $user;
/** /**
* @var \PHPUnit_Framework_MockObject_MockObject * @var \PHPUnit_Framework_MockObject_MockObject
*/ */
@ -343,24 +348,15 @@ class UserHooksTest extends TestCase {
->disableOriginalConstructor() ->disableOriginalConstructor()
->getMock(); ->getMock();
$this->userSessionMock = $this->getMockBuilder(IUserSession::class) $this->user = $this->createMock(IUser::class);
->disableOriginalConstructor() $this->user->expects($this->any())
->setMethods([ ->method('getUID')
'isLoggedIn', ->willReturn('testUser');
'getUID',
'login',
'logout',
'setUser',
'getUser',
'canChangePassword'
])
->getMock();
$this->userSessionMock->expects($this->any())->method('getUID')->will($this->returnValue('testUser'));
$this->userSessionMock = $this->createMock(IUserSession::class);
$this->userSessionMock->expects($this->any()) $this->userSessionMock->expects($this->any())
->method($this->anything()) ->method('getUser')
->will($this->returnSelf()); ->willReturn($this->user);
$utilMock = $this->getMockBuilder(Util::class) $utilMock = $this->getMockBuilder(Util::class)
->disableOriginalConstructor() ->disableOriginalConstructor()

38
apps/encryption/tests/RecoveryTest.php
View File

@ -36,8 +36,10 @@ use OCA\Encryption\Recovery;
use OCP\Encryption\IFile; use OCP\Encryption\IFile;
use OCP\Encryption\Keys\IStorage; use OCP\Encryption\Keys\IStorage;
use OCP\IConfig; use OCP\IConfig;
use OCP\IUser;
use OCP\IUserSession; use OCP\IUserSession;
use OCP\Security\ISecureRandom; use OCP\Security\ISecureRandom;
use PHPUnit\Framework\MockObject\MockObject;
use Test\TestCase; use Test\TestCase;
class RecoveryTest extends TestCase { class RecoveryTest extends TestCase {
@ -54,6 +56,10 @@ class RecoveryTest extends TestCase {
* @var \OCP\IUserSession|\PHPUnit_Framework_MockObject_MockObject * @var \OCP\IUserSession|\PHPUnit_Framework_MockObject_MockObject
*/ */
private $userSessionMock; private $userSessionMock;
/**
* @var MockObject|IUser
*/
private $user;
/** /**
* @var \OCA\Encryption\KeyManager|\PHPUnit_Framework_MockObject_MockObject * @var \OCA\Encryption\KeyManager|\PHPUnit_Framework_MockObject_MockObject
*/ */
@ -257,32 +263,22 @@ class RecoveryTest extends TestCase {
protected function setUp() { protected function setUp() {
parent::setUp(); parent::setUp();
$this->user = $this->createMock(IUser::class);
$this->user->expects($this->any())
->method('getUID')
->willReturn('admin');
$this->userSessionMock = $this->getMockBuilder(IUserSession::class) $this->userSessionMock = $this->createMock(IUserSession::class);
->disableOriginalConstructor()
->setMethods([
'isLoggedIn',
'getUID',
'login',
'logout',
'setUser',
'getUser'
])
->getMock();
$this->userSessionMock->expects($this->any())->method('getUID')->will($this->returnValue('admin'));
$this->userSessionMock->expects($this->any()) $this->userSessionMock->expects($this->any())
->method($this->anything()) ->method('getUser')
->will($this->returnSelf()); ->willReturn($this->user);
$this->userSessionMock->expects($this->any())
->method('isLoggedIn')
->willReturn(true);
$this->cryptMock = $this->getMockBuilder(Crypt::class)->disableOriginalConstructor()->getMock(); $this->cryptMock = $this->getMockBuilder(Crypt::class)->disableOriginalConstructor()->getMock();
/** @var \OCP\Security\ISecureRandom $randomMock */
$randomMock = $this->createMock(ISecureRandom::class);
$this->keyManagerMock = $this->getMockBuilder(KeyManager::class)->disableOriginalConstructor()->getMock(); $this->keyManagerMock = $this->getMockBuilder(KeyManager::class)->disableOriginalConstructor()->getMock();
$this->configMock = $this->createMock(IConfig::class); $this->configMock = $this->createMock(IConfig::class);
/** @var \OCP\Encryption\Keys\IStorage $keyStorageMock */
$keyStorageMock = $this->createMock(IStorage::class);
$this->fileMock = $this->createMock(IFile::class); $this->fileMock = $this->createMock(IFile::class);
$this->viewMock = $this->createMock(View::class); $this->viewMock = $this->createMock(View::class);
@ -296,10 +292,8 @@ class RecoveryTest extends TestCase {
$this->instance = new Recovery($this->userSessionMock, $this->instance = new Recovery($this->userSessionMock,
$this->cryptMock, $this->cryptMock,
$randomMock,
$this->keyManagerMock, $this->keyManagerMock,
$this->configMock, $this->configMock,
$keyStorageMock,
$this->fileMock, $this->fileMock,
$this->viewMock); $this->viewMock);
} }

31
apps/encryption/tests/UtilTest.php
View File

@ -36,8 +36,10 @@ use OCP\Files\Mount\IMountPoint;
use OCP\Files\Storage; use OCP\Files\Storage;
use OCP\IConfig; use OCP\IConfig;
use OCP\ILogger; use OCP\ILogger;
use OCP\IUser;
use OCP\IUserManager; use OCP\IUserManager;
use OCP\IUserSession; use OCP\IUserSession;
use PHPUnit\Framework\MockObject\MockObject;
use Test\TestCase; use Test\TestCase;
class UtilTest extends TestCase { class UtilTest extends TestCase {
@ -91,27 +93,20 @@ class UtilTest extends TestCase {
->getMock(); ->getMock();
/** @var \OCP\ILogger $loggerMock */ /** @var \OCP\ILogger $loggerMock */
$loggerMock = $this->createMock(ILogger::class); $loggerMock = $this->createMock(ILogger::class);
/** @var \OCP\IUserSession|\PHPUnit_Framework_MockObject_MockObject $userSessionMock */
$userSessionMock = $this->getMockBuilder(IUserSession::class)
->disableOriginalConstructor()
->setMethods([
'isLoggedIn',
'getUID',
'login',
'logout',
'setUser',
'getUser'
])
->getMock();
$userSessionMock->method('isLoggedIn')->will($this->returnValue(true)); $user = $this->createMock(IUser::class);
$user->expects($this->any())
$userSessionMock->method('getUID')->will($this->returnValue('admin')); ->method('getUID')
->willReturn('admin');
/** @var IUserSession|MockObject $userSessionMock */
$userSessionMock = $this->createMock(IUserSession::class);
$userSessionMock->expects($this->any()) $userSessionMock->expects($this->any())
->method($this->anything()) ->method('getUser')
->will($this->returnSelf()); ->willReturn($user);
$userSessionMock->expects($this->any())
->method('isLoggedIn')
->willReturn(true);
$this->configMock = $this->createMock(IConfig::class); $this->configMock = $this->createMock(IConfig::class);

20
apps/files_external/lib/Migration/DummyUserSession.php
View File

@ -50,4 +50,24 @@ class DummyUserSession implements IUserSession {
public function isLoggedIn() { public function isLoggedIn() {
return !is_null($this->user); return !is_null($this->user);
} }
/**
* get getImpersonatingUserID
*
* @return string|null
* @since 17.0.0
*/
public function getImpersonatingUserID() : ?string {
return null;
}
/**
* set setImpersonatingUserID
*
* @since 17.0.0
*/
public function setImpersonatingUserID(bool $useCurrentUser = true): void {
//no OP
}
} }

23
lib/private/User/Session.php
View File

@ -314,6 +314,29 @@ class Session implements IUserSession, Emitter {
return null; return null;
} }
/**
* @return mixed
*/
public function getImpersonatingUserID(): ?string {
return $this->session->get('oldUserId');
}
public function setImpersonatingUserID(bool $useCurrentUser = true): void {
if ($useCurrentUser === false) {
$this->session->remove('oldUserId');
return;
}
$currentUser = $this->getUser();
if ($currentUser === null) {
throw new \OC\User\NoUserException();
}
$this->session->set('oldUserId', $currentUser->getUID());
}
/** /**
* set the token id * set the token id
* *

17
lib/public/IUserSession.php
View File

@ -42,6 +42,7 @@ namespace OCP;
interface IUserSession { interface IUserSession {
/** /**
* Do a user login * Do a user login
*
* @param string $user the username * @param string $user the username
* @param string $password the password * @param string $password the password
* @return bool true if successful * @return bool true if successful
@ -52,6 +53,7 @@ interface IUserSession {
/** /**
* Logs the user out including all the session data * Logs the user out including all the session data
* Logout, destroys session * Logout, destroys session
*
* @return void * @return void
* @since 6.0.0 * @since 6.0.0
*/ */
@ -80,4 +82,19 @@ interface IUserSession {
* @since 8.0.0 * @since 8.0.0
*/ */
public function isLoggedIn(); public function isLoggedIn();
/**
* get getImpersonatingUserID
*
* @return string|null
* @since 18.0.0
*/
public function getImpersonatingUserID(): ?string;
/**
* set setImpersonatingUserID
*
* @since 18.0.0
*/
public function setImpersonatingUserID(bool $useCurrentUser = true): void;
} }

11
settings/Controller/AuthSettingsController.php
View File

@ -44,6 +44,7 @@ use OCP\AppFramework\Http\JSONResponse;
use OCP\ILogger; use OCP\ILogger;
use OCP\IRequest; use OCP\IRequest;
use OCP\ISession; use OCP\ISession;
use OCP\IUserSession;
use OCP\Security\ISecureRandom; use OCP\Security\ISecureRandom;
use OCP\Session\Exceptions\SessionNotAvailableException; use OCP\Session\Exceptions\SessionNotAvailableException;
@ -55,6 +56,9 @@ class AuthSettingsController extends Controller {
/** @var ISession */ /** @var ISession */
private $session; private $session;
/** IUserSession */
private $userSession;
/** @var string */ /** @var string */
private $uid; private $uid;
@ -77,6 +81,7 @@ class AuthSettingsController extends Controller {
* @param ISession $session * @param ISession $session
* @param ISecureRandom $random * @param ISecureRandom $random
* @param string|null $userId * @param string|null $userId
* @param IUserSession $userSession
* @param IManager $activityManager * @param IManager $activityManager
* @param RemoteWipe $remoteWipe * @param RemoteWipe $remoteWipe
* @param ILogger $logger * @param ILogger $logger
@ -87,12 +92,14 @@ class AuthSettingsController extends Controller {
ISession $session, ISession $session,
ISecureRandom $random, ISecureRandom $random,
?string $userId, ?string $userId,
IUserSession $userSession,
IManager $activityManager, IManager $activityManager,
RemoteWipe $remoteWipe, RemoteWipe $remoteWipe,
ILogger $logger) { ILogger $logger) {
parent::__construct($appName, $request); parent::__construct($appName, $request);
$this->tokenProvider = $tokenProvider; $this->tokenProvider = $tokenProvider;
$this->uid = $userId; $this->uid = $userId;
$this->userSession = $userSession;
$this->session = $session; $this->session = $session;
$this->random = $random; $this->random = $random;
$this->activityManager = $activityManager; $this->activityManager = $activityManager;
@ -114,6 +121,10 @@ class AuthSettingsController extends Controller {
} catch (SessionNotAvailableException $ex) { } catch (SessionNotAvailableException $ex) {
return $this->getServiceNotAvailableResponse(); return $this->getServiceNotAvailableResponse();
} }
if ($this->userSession->getImpersonatingUserID() !== null)
{
return $this->getServiceNotAvailableResponse();
}
try { try {
$sessionToken = $this->tokenProvider->getToken($sessionId); $sessionToken = $this->tokenProvider->getToken($sessionId);

14
settings/Settings/Personal/Security.php
View File

@ -46,6 +46,9 @@ use OCP\IConfig;
class Security implements ISettings { class Security implements ISettings {
/** @var IInitialStateService */
private $initialStateService;
/** @var IUserManager */ /** @var IUserManager */
private $userManager; private $userManager;
@ -61,11 +64,13 @@ class Security implements ISettings {
/** @var IConfig */ /** @var IConfig */
private $config; private $config;
public function __construct(IUserManager $userManager, public function __construct(IInitialStateService $initialStateService,
IUserManager $userManager,
ProviderLoader $providerLoader, ProviderLoader $providerLoader,
IUserSession $userSession, IUserSession $userSession,
IConfig $config, IConfig $config,
?string $UserId) { ?string $UserId) {
$this->initialStateService = $initialStateService;
$this->userManager = $userManager; $this->userManager = $userManager;
$this->providerLoader = $providerLoader; $this->providerLoader = $providerLoader;
$this->userSession = $userSession; $this->userSession = $userSession;
@ -80,11 +85,18 @@ class Security implements ISettings {
$passwordChangeSupported = $user->canChangePassword(); $passwordChangeSupported = $user->canChangePassword();
} }
$this->initialStateService->provideInitialState(
'settings',
'can_create_app_token',
$this->userSession->getImpersonatingUserID() !== null
);
return new TemplateResponse('settings', 'settings/personal/security', [ return new TemplateResponse('settings', 'settings/personal/security', [
'passwordChangeSupported' => $passwordChangeSupported, 'passwordChangeSupported' => $passwordChangeSupported,
'twoFactorProviderData' => $this->getTwoFactorProviderData(), 'twoFactorProviderData' => $this->getTwoFactorProviderData(),
'themedark' => $this->config->getUserValue($this->uid, 'accessibility', 'theme', false) 'themedark' => $this->config->getUserValue($this->uid, 'accessibility', 'theme', false)
]); ]);
} }
public function getSection(): string { public function getSection(): string {

6
settings/js/vue-settings-personal-security.js
View File

File diff suppressed because one or more lines are too long

2
settings/js/vue-settings-personal-security.js.map
View File

File diff suppressed because one or more lines are too long

4
settings/src/components/AuthTokenSection.vue
View File

@ -28,7 +28,7 @@
@rename="rename" @rename="rename"
@delete="deleteToken" @delete="deleteToken"
@wipe="wipeToken" /> @wipe="wipeToken" />
<AuthTokenSetupDialogue :add="addNewToken" /> <AuthTokenSetupDialogue v-if="canCreateToken" :add="addNewToken" />
</div> </div>
</template> </template>
@ -63,7 +63,7 @@
props: { props: {
tokens: { tokens: {
type: Array, type: Array,
requried: true, required: true,
}, },
}, },
components: { components: {

1
settings/src/main-personal-security.js
View File

@ -35,5 +35,6 @@ const View = Vue.extend(AuthTokenSection);
new View({ new View({
propsData: { propsData: {
tokens: OCP.InitialState.loadState('settings', 'app_tokens'), tokens: OCP.InitialState.loadState('settings', 'app_tokens'),
canCreateToken: OCP.InitialState.loadState('settings', 'can_create_app_token'),
} }
}).$mount('#security-authtokens'); }).$mount('#security-authtokens');

5
tests/Settings/Controller/AuthSettingsControllerTest.php
View File

@ -34,6 +34,7 @@ use OCP\AppFramework\Http\JSONResponse;
use OCP\ILogger; use OCP\ILogger;
use OCP\IRequest; use OCP\IRequest;
use OCP\ISession; use OCP\ISession;
use OCP\IUserSession;
use OCP\Security\ISecureRandom; use OCP\Security\ISecureRandom;
use OCP\Session\Exceptions\SessionNotAvailableException; use OCP\Session\Exceptions\SessionNotAvailableException;
use PHPUnit\Framework\MockObject\MockObject; use PHPUnit\Framework\MockObject\MockObject;
@ -49,6 +50,8 @@ class AuthSettingsControllerTest extends TestCase {
private $tokenProvider; private $tokenProvider;
/** @var ISession|MockObject */ /** @var ISession|MockObject */
private $session; private $session;
/**@var IUserSession|MockObject */
private $userSession;
/** @var ISecureRandom|MockObject */ /** @var ISecureRandom|MockObject */
private $secureRandom; private $secureRandom;
/** @var IManager|MockObject */ /** @var IManager|MockObject */
@ -63,6 +66,7 @@ class AuthSettingsControllerTest extends TestCase {
$this->request = $this->createMock(IRequest::class); $this->request = $this->createMock(IRequest::class);
$this->tokenProvider = $this->createMock(IProvider::class); $this->tokenProvider = $this->createMock(IProvider::class);
$this->session = $this->createMock(ISession::class); $this->session = $this->createMock(ISession::class);
$this->userSession = $this->createMock(IUserSession::class);
$this->secureRandom = $this->createMock(ISecureRandom::class); $this->secureRandom = $this->createMock(ISecureRandom::class);
$this->activityManager = $this->createMock(IManager::class); $this->activityManager = $this->createMock(IManager::class);
$this->remoteWipe = $this->createMock(RemoteWipe::class); $this->remoteWipe = $this->createMock(RemoteWipe::class);
@ -76,6 +80,7 @@ class AuthSettingsControllerTest extends TestCase {
$this->session, $this->session,
$this->secureRandom, $this->secureRandom,
$this->uid, $this->uid,
$this->userSession,
$this->activityManager, $this->activityManager,
$this->remoteWipe, $this->remoteWipe,
$logger $logger

7
tests/lib/Settings/Personal/SecurityTest.php
View File

@ -25,6 +25,8 @@ declare(strict_types=1);
namespace Test\Settings\Personal; namespace Test\Settings\Personal;
use OC\Authentication\TwoFactorAuth\ProviderLoader; use OC\Authentication\TwoFactorAuth\ProviderLoader;
use OCP\IInitialStateService;
use OCP\InitialStateService;
use OC\Settings\Personal\Security; use OC\Settings\Personal\Security;
use OCP\AppFramework\Http\TemplateResponse; use OCP\AppFramework\Http\TemplateResponse;
use OCP\IConfig; use OCP\IConfig;
@ -36,6 +38,9 @@ use Test\TestCase;
class SecurityTest extends TestCase { class SecurityTest extends TestCase {
/** @var InitialStateService|MockObject */
private $initialStateService;
/** @var IUserManager|MockObject */ /** @var IUserManager|MockObject */
private $userManager; private $userManager;
@ -57,6 +62,7 @@ class SecurityTest extends TestCase {
public function setUp() { public function setUp() {
parent::setUp(); parent::setUp();
$this->initialStateService = $this->createMock(IInitialStateService::class);
$this->userManager = $this->createMock(IUserManager::class); $this->userManager = $this->createMock(IUserManager::class);
$this->providerLoader = $this->createMock(ProviderLoader::class); $this->providerLoader = $this->createMock(ProviderLoader::class);
$this->userSession = $this->createMock(IUserSession::class); $this->userSession = $this->createMock(IUserSession::class);
@ -64,6 +70,7 @@ class SecurityTest extends TestCase {
$this->uid = 'test123'; $this->uid = 'test123';
$this->section = new Security( $this->section = new Security(
$this->initialStateService,
$this->userManager, $this->userManager,
$this->providerLoader, $this->providerLoader,
$this->userSession, $this->userSession,