Fix app password updating out of bounds
When your password changes out of bounds your Nextcloud tokens will become invalid. There is no real way around that. However we should make sure that if you successfully log in again your passwords are all updates * Added event listener to the PostLoggedInEvent so that we can act on it - Only if it is not a token login * Make sure that we actually reset the invalid state when we update a token. Else it keeps being marked invalid and thus not used. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This commit is contained in:
parent
468f1fc592
commit
ebd2b0d3dd
|
@ -613,6 +613,7 @@ return array(
|
||||||
'OC\\Authentication\\Listeners\\RemoteWipeNotificationsListener' => $baseDir . '/lib/private/Authentication/Listeners/RemoteWipeNotificationsListener.php',
|
'OC\\Authentication\\Listeners\\RemoteWipeNotificationsListener' => $baseDir . '/lib/private/Authentication/Listeners/RemoteWipeNotificationsListener.php',
|
||||||
'OC\\Authentication\\Listeners\\UserDeletedStoreCleanupListener' => $baseDir . '/lib/private/Authentication/Listeners/UserDeletedStoreCleanupListener.php',
|
'OC\\Authentication\\Listeners\\UserDeletedStoreCleanupListener' => $baseDir . '/lib/private/Authentication/Listeners/UserDeletedStoreCleanupListener.php',
|
||||||
'OC\\Authentication\\Listeners\\UserDeletedTokenCleanupListener' => $baseDir . '/lib/private/Authentication/Listeners/UserDeletedTokenCleanupListener.php',
|
'OC\\Authentication\\Listeners\\UserDeletedTokenCleanupListener' => $baseDir . '/lib/private/Authentication/Listeners/UserDeletedTokenCleanupListener.php',
|
||||||
|
'OC\\Authentication\\Listeners\\UserLoggedInListener' => $baseDir . '/lib/private/Authentication/Listeners/UserLoggedInListener.php',
|
||||||
'OC\\Authentication\\LoginCredentials\\Credentials' => $baseDir . '/lib/private/Authentication/LoginCredentials/Credentials.php',
|
'OC\\Authentication\\LoginCredentials\\Credentials' => $baseDir . '/lib/private/Authentication/LoginCredentials/Credentials.php',
|
||||||
'OC\\Authentication\\LoginCredentials\\Store' => $baseDir . '/lib/private/Authentication/LoginCredentials/Store.php',
|
'OC\\Authentication\\LoginCredentials\\Store' => $baseDir . '/lib/private/Authentication/LoginCredentials/Store.php',
|
||||||
'OC\\Authentication\\Login\\ALoginCommand' => $baseDir . '/lib/private/Authentication/Login/ALoginCommand.php',
|
'OC\\Authentication\\Login\\ALoginCommand' => $baseDir . '/lib/private/Authentication/Login/ALoginCommand.php',
|
||||||
|
|
|
@ -642,6 +642,7 @@ class ComposerStaticInit53792487c5a8370acc0b06b1a864ff4c
|
||||||
'OC\\Authentication\\Listeners\\RemoteWipeNotificationsListener' => __DIR__ . '/../../..' . '/lib/private/Authentication/Listeners/RemoteWipeNotificationsListener.php',
|
'OC\\Authentication\\Listeners\\RemoteWipeNotificationsListener' => __DIR__ . '/../../..' . '/lib/private/Authentication/Listeners/RemoteWipeNotificationsListener.php',
|
||||||
'OC\\Authentication\\Listeners\\UserDeletedStoreCleanupListener' => __DIR__ . '/../../..' . '/lib/private/Authentication/Listeners/UserDeletedStoreCleanupListener.php',
|
'OC\\Authentication\\Listeners\\UserDeletedStoreCleanupListener' => __DIR__ . '/../../..' . '/lib/private/Authentication/Listeners/UserDeletedStoreCleanupListener.php',
|
||||||
'OC\\Authentication\\Listeners\\UserDeletedTokenCleanupListener' => __DIR__ . '/../../..' . '/lib/private/Authentication/Listeners/UserDeletedTokenCleanupListener.php',
|
'OC\\Authentication\\Listeners\\UserDeletedTokenCleanupListener' => __DIR__ . '/../../..' . '/lib/private/Authentication/Listeners/UserDeletedTokenCleanupListener.php',
|
||||||
|
'OC\\Authentication\\Listeners\\UserLoggedInListener' => __DIR__ . '/../../..' . '/lib/private/Authentication/Listeners/UserLoggedInListener.php',
|
||||||
'OC\\Authentication\\LoginCredentials\\Credentials' => __DIR__ . '/../../..' . '/lib/private/Authentication/LoginCredentials/Credentials.php',
|
'OC\\Authentication\\LoginCredentials\\Credentials' => __DIR__ . '/../../..' . '/lib/private/Authentication/LoginCredentials/Credentials.php',
|
||||||
'OC\\Authentication\\LoginCredentials\\Store' => __DIR__ . '/../../..' . '/lib/private/Authentication/LoginCredentials/Store.php',
|
'OC\\Authentication\\LoginCredentials\\Store' => __DIR__ . '/../../..' . '/lib/private/Authentication/LoginCredentials/Store.php',
|
||||||
'OC\\Authentication\\Login\\ALoginCommand' => __DIR__ . '/../../..' . '/lib/private/Authentication/Login/ALoginCommand.php',
|
'OC\\Authentication\\Login\\ALoginCommand' => __DIR__ . '/../../..' . '/lib/private/Authentication/Login/ALoginCommand.php',
|
||||||
|
|
|
@ -0,0 +1,54 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
declare(strict_types=1);
|
||||||
|
/**
|
||||||
|
* @copyright Copyright (c) 2020, Roeland Jago Douma <roeland@famdouma.nl>
|
||||||
|
*
|
||||||
|
* @author Roeland Jago Douma <roeland@famdouma.nl>
|
||||||
|
*
|
||||||
|
* @license GNU AGPL version 3 or any later version
|
||||||
|
*
|
||||||
|
* This program is free software: you can redistribute it and/or modify
|
||||||
|
* it under the terms of the GNU Affero General Public License as
|
||||||
|
* published by the Free Software Foundation, either version 3 of the
|
||||||
|
* License, or (at your option) any later version.
|
||||||
|
*
|
||||||
|
* This program is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU Affero General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU Affero General Public License
|
||||||
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
namespace OC\Authentication\Listeners;
|
||||||
|
|
||||||
|
use OC\Authentication\Token\Manager;
|
||||||
|
use OCP\EventDispatcher\Event;
|
||||||
|
use OCP\EventDispatcher\IEventListener;
|
||||||
|
use OCP\User\Events\PostLoginEvent;
|
||||||
|
|
||||||
|
class UserLoggedInListener implements IEventListener {
|
||||||
|
|
||||||
|
/** @var Manager */
|
||||||
|
private $manager;
|
||||||
|
|
||||||
|
public function __construct(Manager $manager) {
|
||||||
|
$this->manager = $manager;
|
||||||
|
}
|
||||||
|
|
||||||
|
public function handle(Event $event): void {
|
||||||
|
if (!($event instanceof PostLoginEvent)) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
// If this is already a token login there is nothing to do
|
||||||
|
if ($event->isTokenLogin()) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
$this->manager->updatePasswords($event->getUser()->getUID(), $event->getPassword());
|
||||||
|
}
|
||||||
|
}
|
|
@ -419,6 +419,7 @@ class PublicKeyTokenProvider implements IProvider {
|
||||||
foreach ($tokens as $t) {
|
foreach ($tokens as $t) {
|
||||||
$publicKey = $t->getPublicKey();
|
$publicKey = $t->getPublicKey();
|
||||||
$t->setPassword($this->encryptPassword($password, $publicKey));
|
$t->setPassword($this->encryptPassword($password, $publicKey));
|
||||||
|
$t->setPasswordInvalid(false);
|
||||||
$this->updateToken($t);
|
$this->updateToken($t);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -65,6 +65,7 @@ use OC\AppFramework\Utility\SimpleContainer;
|
||||||
use OC\AppFramework\Utility\TimeFactory;
|
use OC\AppFramework\Utility\TimeFactory;
|
||||||
use OC\Authentication\Events\LoginFailed;
|
use OC\Authentication\Events\LoginFailed;
|
||||||
use OC\Authentication\Listeners\LoginFailedListener;
|
use OC\Authentication\Listeners\LoginFailedListener;
|
||||||
|
use OC\Authentication\Listeners\UserLoggedInListener;
|
||||||
use OC\Authentication\LoginCredentials\Store;
|
use OC\Authentication\LoginCredentials\Store;
|
||||||
use OC\Authentication\Token\IProvider;
|
use OC\Authentication\Token\IProvider;
|
||||||
use OC\Avatar\AvatarManager;
|
use OC\Avatar\AvatarManager;
|
||||||
|
@ -221,6 +222,7 @@ use OCP\User\Events\BeforeUserLoggedInEvent;
|
||||||
use OCP\User\Events\BeforeUserLoggedInWithCookieEvent;
|
use OCP\User\Events\BeforeUserLoggedInWithCookieEvent;
|
||||||
use OCP\User\Events\BeforeUserLoggedOutEvent;
|
use OCP\User\Events\BeforeUserLoggedOutEvent;
|
||||||
use OCP\User\Events\PasswordUpdatedEvent;
|
use OCP\User\Events\PasswordUpdatedEvent;
|
||||||
|
use OCP\User\Events\PostLoginEvent;
|
||||||
use OCP\User\Events\UserChangedEvent;
|
use OCP\User\Events\UserChangedEvent;
|
||||||
use OCP\User\Events\UserCreatedEvent;
|
use OCP\User\Events\UserCreatedEvent;
|
||||||
use OCP\User\Events\UserDeletedEvent;
|
use OCP\User\Events\UserDeletedEvent;
|
||||||
|
@ -1429,6 +1431,7 @@ class Server extends ServerContainer implements IServerContainer {
|
||||||
/** @var IEventDispatcher $eventDispatched */
|
/** @var IEventDispatcher $eventDispatched */
|
||||||
$eventDispatched = $this->query(IEventDispatcher::class);
|
$eventDispatched = $this->query(IEventDispatcher::class);
|
||||||
$eventDispatched->addServiceListener(LoginFailed::class, LoginFailedListener::class);
|
$eventDispatched->addServiceListener(LoginFailed::class, LoginFailedListener::class);
|
||||||
|
$eventDispatched->addServiceListener(PostLoginEvent::class, UserLoggedInListener::class);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
Loading…
Reference in New Issue