-
-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add new public key token provider (tokens survive password change) #9485
Changes from all commits
3dd5f3d
8eec3a9
02e0af1
1f17010
4c0d710
4bbc21c
d03d16a
f168ecf
1999f7c
9e7a95f
df34571
970dea9
82959ca
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
<?php | ||
declare(strict_types=1); | ||
/** | ||
* @copyright Copyright (c) 2018 Roeland Jago Douma <roeland@famdouma.nl> | ||
* | ||
* @author Roeland Jago Douma <roeland@famdouma.nl> | ||
* | ||
* @license GNU AGPL version 3 or any later version | ||
* | ||
* This program is free software: you can redistribute it and/or modify | ||
* it under the terms of the GNU Affero General Public License as | ||
* published by the Free Software Foundation, either version 3 of the | ||
* License, or (at your option) any later version. | ||
* | ||
* This program is distributed in the hope that it will be useful, | ||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
* GNU Affero General Public License for more details. | ||
* | ||
* You should have received a copy of the GNU Affero General Public License | ||
* along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
* | ||
*/ | ||
|
||
namespace OC\Core\Migrations; | ||
|
||
use OCP\DB\ISchemaWrapper; | ||
use OCP\Migration\SimpleMigrationStep; | ||
use OCP\Migration\IOutput; | ||
|
||
class Version14000Date20180518120534 extends SimpleMigrationStep { | ||
|
||
public function changeSchema(IOutput $output, \Closure $schemaClosure, array $options) { | ||
/** @var ISchemaWrapper $schema */ | ||
$schema = $schemaClosure(); | ||
|
||
$table = $schema->getTable('authtoken'); | ||
$table->addColumn('private_key', 'text', [ | ||
'notnull' => false, | ||
]); | ||
$table->addColumn('public_key', 'text', [ | ||
'notnull' => false, | ||
]); | ||
$table->addColumn('version', 'smallint', [ | ||
'notnull' => true, | ||
'default' => 1, | ||
'unsigned' => true, | ||
]); | ||
$table->addIndex(['uid'], 'authtoken_uid_index'); | ||
$table->addIndex(['version'], 'authtoken_version_index'); | ||
|
||
return $schema; | ||
} | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -28,7 +28,6 @@ | |
|
||
use OC\Authentication\Exceptions\InvalidTokenException; | ||
use OC\Authentication\Exceptions\PasswordlessTokenException; | ||
use OCP\IUser; | ||
|
||
interface IProvider { | ||
|
||
|
@@ -92,10 +91,10 @@ public function invalidateToken(string $token); | |
/** | ||
* Invalidate (delete) the given token | ||
* | ||
* @param IUser $user | ||
* @param string $uid | ||
* @param int $id | ||
*/ | ||
public function invalidateTokenById(IUser $user, int $id); | ||
public function invalidateTokenById(string $uid, int $id); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I usually prefer to work with There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Yes. Because we want to update all other tokens when we cdhange a password. I would need to inject the user manager to get the user object. Because the Tokens only have the uid. |
||
|
||
/** | ||
* Invalidate (delete) old session tokens | ||
|
@@ -122,10 +121,10 @@ public function updateTokenActivity(IToken $token); | |
* The provider may limit the number of result rows in case of an abuse | ||
* where a high number of (session) tokens is generated | ||
* | ||
* @param IUser $user | ||
* @param string $uid | ||
* @return IToken[] | ||
*/ | ||
public function getTokenByUser(IUser $user): array; | ||
public function getTokenByUser(string $uid): array; | ||
|
||
/** | ||
* Get the (unencrypted) password of the given token | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
also remove \OCP\IUser use statement