mirror of
https://github.com/nextcloud/server.git
synced 2026-03-27 04:43:20 -04:00
refactor(Token): introduce scope constants
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
This commit is contained in:
Arthur Schiwon
parent
340939e688
commit
f6d6efef3a
13 changed files with 44 additions and 27 deletions
|
|
@ -241,8 +241,8 @@ class AuthSettingsController extends Controller {
|
|||
$currentName = $token->getName();
|
||||
|
||||
if ($scope !== $token->getScopeAsArray()) {
|
||||
$token->setScope(['filesystem' => $scope['filesystem']]);
|
||||
$this->publishActivity($scope['filesystem'] ? Provider::APP_TOKEN_FILESYSTEM_GRANTED : Provider::APP_TOKEN_FILESYSTEM_REVOKED, $token->getId(), ['name' => $currentName]);
|
||||
$token->setScope([IToken::SCOPE_FILESYSTEM => $scope[IToken::SCOPE_FILESYSTEM]]);
|
||||
$this->publishActivity($scope[IToken::SCOPE_FILESYSTEM] ? Provider::APP_TOKEN_FILESYSTEM_GRANTED : Provider::APP_TOKEN_FILESYSTEM_REVOKED, $token->getId(), ['name' => $currentName]);
|
||||
}
|
||||
|
||||
if (mb_strlen($name) > 128) {
|
||||
|
|
|
|||
|
|
@ -267,7 +267,7 @@ class AuthSettingsControllerTest extends TestCase {
|
|||
|
||||
$token->expects($this->once())
|
||||
->method('getScopeAsArray')
|
||||
->willReturn(['filesystem' => true]);
|
||||
->willReturn([IToken::SCOPE_FILESYSTEM => true]);
|
||||
|
||||
$token->expects($this->once())
|
||||
->method('setName')
|
||||
|
|
@ -277,7 +277,7 @@ class AuthSettingsControllerTest extends TestCase {
|
|||
->method('updateToken')
|
||||
->with($this->equalTo($token));
|
||||
|
||||
$this->assertSame([], $this->controller->update($tokenId, ['filesystem' => true], $newName));
|
||||
$this->assertSame([], $this->controller->update($tokenId, [IToken::SCOPE_FILESYSTEM => true], $newName));
|
||||
}
|
||||
|
||||
public function dataUpdateFilesystemScope(): array {
|
||||
|
|
@ -310,17 +310,17 @@ class AuthSettingsControllerTest extends TestCase {
|
|||
|
||||
$token->expects($this->once())
|
||||
->method('getScopeAsArray')
|
||||
->willReturn(['filesystem' => $filesystem]);
|
||||
->willReturn([IToken::SCOPE_FILESYSTEM => $filesystem]);
|
||||
|
||||
$token->expects($this->once())
|
||||
->method('setScope')
|
||||
->with($this->equalTo(['filesystem' => $newFilesystem]));
|
||||
->with($this->equalTo([IToken::SCOPE_FILESYSTEM => $newFilesystem]));
|
||||
|
||||
$this->tokenProvider->expects($this->once())
|
||||
->method('updateToken')
|
||||
->with($this->equalTo($token));
|
||||
|
||||
$this->assertSame([], $this->controller->update($tokenId, ['filesystem' => $newFilesystem], 'App password'));
|
||||
$this->assertSame([], $this->controller->update($tokenId, [IToken::SCOPE_FILESYSTEM => $newFilesystem], 'App password'));
|
||||
}
|
||||
|
||||
public function testUpdateNoChange(): void {
|
||||
|
|
@ -339,7 +339,7 @@ class AuthSettingsControllerTest extends TestCase {
|
|||
|
||||
$token->expects($this->once())
|
||||
->method('getScopeAsArray')
|
||||
->willReturn(['filesystem' => true]);
|
||||
->willReturn([IToken::SCOPE_FILESYSTEM => true]);
|
||||
|
||||
$token->expects($this->never())
|
||||
->method('setName');
|
||||
|
|
@ -351,7 +351,7 @@ class AuthSettingsControllerTest extends TestCase {
|
|||
->method('updateToken')
|
||||
->with($this->equalTo($token));
|
||||
|
||||
$this->assertSame([], $this->controller->update($tokenId, ['filesystem' => true], 'App password'));
|
||||
$this->assertSame([], $this->controller->update($tokenId, [IToken::SCOPE_FILESYSTEM => true], 'App password'));
|
||||
}
|
||||
|
||||
public function testUpdateExpired() {
|
||||
|
|
@ -371,7 +371,7 @@ class AuthSettingsControllerTest extends TestCase {
|
|||
->method('updateToken')
|
||||
->with($this->equalTo($token));
|
||||
|
||||
$this->assertSame([], $this->controller->update($tokenId, ['filesystem' => true], 'App password'));
|
||||
$this->assertSame([], $this->controller->update($tokenId, [IToken::SCOPE_FILESYSTEM => true], 'App password'));
|
||||
}
|
||||
|
||||
public function testUpdateTokenWrongUser() {
|
||||
|
|
@ -389,7 +389,7 @@ class AuthSettingsControllerTest extends TestCase {
|
|||
$this->tokenProvider->expects($this->never())
|
||||
->method('updateToken');
|
||||
|
||||
$response = $this->controller->update($tokenId, ['filesystem' => true], 'App password');
|
||||
$response = $this->controller->update($tokenId, [IToken::SCOPE_FILESYSTEM => true], 'App password');
|
||||
$this->assertSame([], $response->getData());
|
||||
$this->assertSame(\OCP\AppFramework\Http::STATUS_NOT_FOUND, $response->getStatus());
|
||||
}
|
||||
|
|
@ -403,7 +403,7 @@ class AuthSettingsControllerTest extends TestCase {
|
|||
$this->tokenProvider->expects($this->never())
|
||||
->method('updateToken');
|
||||
|
||||
$response = $this->controller->update(42, ['filesystem' => true], 'App password');
|
||||
$response = $this->controller->update(42, [IToken::SCOPE_FILESYSTEM => true], 'App password');
|
||||
$this->assertSame([], $response->getData());
|
||||
$this->assertSame(\OCP\AppFramework\Http::STATUS_NOT_FOUND, $response->getStatus());
|
||||
}
|
||||
|
|
|
|||
|
|
@ -30,6 +30,7 @@ use OC\Authentication\Token\PublicKeyToken;
|
|||
use OCA\Settings\Settings\Personal\Security\Authtokens;
|
||||
use OCP\AppFramework\Http\TemplateResponse;
|
||||
use OCP\AppFramework\Services\IInitialState;
|
||||
use OCP\Authentication\Token\IToken;
|
||||
use OCP\ISession;
|
||||
use OCP\IUserSession;
|
||||
use PHPUnit\Framework\MockObject\MockObject;
|
||||
|
|
@ -108,7 +109,7 @@ class AuthtokensTest extends TestCase {
|
|||
'type' => 0,
|
||||
'canDelete' => false,
|
||||
'current' => true,
|
||||
'scope' => ['filesystem' => true],
|
||||
'scope' => [IToken::SCOPE_FILESYSTEM => true],
|
||||
'canRename' => false,
|
||||
],
|
||||
[
|
||||
|
|
@ -117,7 +118,7 @@ class AuthtokensTest extends TestCase {
|
|||
'lastActivity' => 0,
|
||||
'type' => 0,
|
||||
'canDelete' => true,
|
||||
'scope' => ['filesystem' => true],
|
||||
'scope' => [IToken::SCOPE_FILESYSTEM => true],
|
||||
'canRename' => true,
|
||||
],
|
||||
]
|
||||
|
|
|
|||
|
|
@ -15,6 +15,7 @@ use OCP\AppFramework\Utility\ITimeFactory;
|
|||
use OCP\Authentication\Exceptions\ExpiredTokenException;
|
||||
use OCP\Authentication\Exceptions\InvalidTokenException;
|
||||
use OCP\Authentication\Exceptions\WipeTokenException;
|
||||
use OCP\Authentication\Token\IToken;
|
||||
use OCP\ISession;
|
||||
use OCP\IUserSession;
|
||||
use OCP\Session\Exceptions\SessionNotAvailableException;
|
||||
|
|
@ -85,7 +86,7 @@ class PasswordConfirmationMiddleware extends Middleware {
|
|||
return;
|
||||
}
|
||||
$scope = $token->getScopeAsArray();
|
||||
if (isset($scope['sso-based-login']) && $scope['sso-based-login'] === true) {
|
||||
if (isset($scope[IToken::SCOPE_SKIP_PASSWORD_VALIDATION]) && $scope[IToken::SCOPE_SKIP_PASSWORD_VALIDATION] === true) {
|
||||
// Users logging in from SSO backends cannot confirm their password by design
|
||||
return;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ declare(strict_types=1);
|
|||
namespace OC\Authentication\Token;
|
||||
|
||||
use OCP\AppFramework\Db\Entity;
|
||||
use OCP\Authentication\Token\IToken;
|
||||
|
||||
/**
|
||||
* @method void setId(int $id)
|
||||
|
|
@ -162,7 +163,7 @@ class PublicKeyToken extends Entity implements INamedToken, IWipeableToken {
|
|||
$scope = json_decode($this->getScope(), true);
|
||||
if (!$scope) {
|
||||
return [
|
||||
'filesystem' => true
|
||||
IToken::SCOPE_FILESYSTEM => true
|
||||
];
|
||||
}
|
||||
return $scope;
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
*/
|
||||
namespace OC\Lockdown;
|
||||
|
||||
use OC\Authentication\Token\IToken;
|
||||
use OCP\Authentication\Token\IToken;
|
||||
use OCP\ISession;
|
||||
use OCP\Lockdown\ILockdownManager;
|
||||
|
||||
|
|
@ -60,6 +60,6 @@ class LockdownManager implements ILockdownManager {
|
|||
|
||||
public function canAccessFilesystem() {
|
||||
$scope = $this->getScopeAsArray();
|
||||
return !$scope || $scope['filesystem'];
|
||||
return !$scope || $scope[IToken::SCOPE_FILESYSTEM];
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -16,6 +16,7 @@ use OCP\App\IAppManager;
|
|||
use OCP\Authentication\Exceptions\ExpiredTokenException;
|
||||
use OCP\Authentication\Exceptions\InvalidTokenException;
|
||||
use OCP\Authentication\Exceptions\WipeTokenException;
|
||||
use OCP\Authentication\Token\IToken;
|
||||
use OCP\Constants;
|
||||
use OCP\Defaults;
|
||||
use OCP\Files\FileInfo;
|
||||
|
|
@ -286,6 +287,6 @@ class JSConfigHelper {
|
|||
return true;
|
||||
}
|
||||
$scope = $token->getScopeAsArray();
|
||||
return !isset($scope['sso-based-login']) || $scope['sso-based-login'] === false;
|
||||
return !isset($scope[IToken::SCOPE_SKIP_PASSWORD_VALIDATION]) || $scope[IToken::SCOPE_SKIP_PASSWORD_VALIDATION] === false;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@
|
|||
*/
|
||||
use OC\Authentication\Token\IProvider;
|
||||
use OC\User\LoginException;
|
||||
use OCP\Authentication\Token\IToken;
|
||||
use OCP\EventDispatcher\IEventDispatcher;
|
||||
use OCP\IGroupManager;
|
||||
use OCP\ISession;
|
||||
|
|
@ -171,7 +172,7 @@ class OC_User {
|
|||
if (empty($password)) {
|
||||
$tokenProvider = \OC::$server->get(IProvider::class);
|
||||
$token = $tokenProvider->getToken($userSession->getSession()->getId());
|
||||
$token->setScope(['sso-based-login' => true]);
|
||||
$token->setScope([IToken::SCOPE_SKIP_PASSWORD_VALIDATION => true]);
|
||||
$tokenProvider->updateToken($token);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -34,6 +34,15 @@ interface IToken extends JsonSerializable {
|
|||
*/
|
||||
public const REMEMBER = 1;
|
||||
|
||||
/**
|
||||
* @since 30.0.0
|
||||
*/
|
||||
public const SCOPE_FILESYSTEM = 'filesystem';
|
||||
/**
|
||||
* @since 30.0.0
|
||||
*/
|
||||
public const SCOPE_SKIP_PASSWORD_VALIDATION = 'password-unconfirmable';
|
||||
|
||||
/**
|
||||
* Get the token ID
|
||||
* @since 28.0.0
|
||||
|
|
|
|||
|
|
@ -181,7 +181,7 @@ class PasswordConfirmationMiddlewareTest extends TestCase {
|
|||
|
||||
$token = $this->createMock(IToken::class);
|
||||
$token->method('getScopeAsArray')
|
||||
->willReturn(['sso-based-login' => true]);
|
||||
->willReturn([IToken::SCOPE_SKIP_PASSWORD_VALIDATION => true]);
|
||||
$this->tokenProvider->expects($this->once())
|
||||
->method('getToken')
|
||||
->with($sessionId)
|
||||
|
|
|
|||
|
|
@ -9,11 +9,12 @@ declare(strict_types=1);
|
|||
namespace Test\Authentication\Token;
|
||||
|
||||
use OC\Authentication\Token\PublicKeyToken;
|
||||
use OCP\Authentication\Token\IToken;
|
||||
use Test\TestCase;
|
||||
|
||||
class PublicKeyTokenTest extends TestCase {
|
||||
public function testSetScopeAsArray() {
|
||||
$scope = ['filesystem' => false];
|
||||
$scope = [IToken::SCOPE_FILESYSTEM => false];
|
||||
$token = new PublicKeyToken();
|
||||
$token->setScope($scope);
|
||||
$this->assertEquals(json_encode($scope), $token->getScope());
|
||||
|
|
@ -21,7 +22,7 @@ class PublicKeyTokenTest extends TestCase {
|
|||
}
|
||||
|
||||
public function testDefaultScope() {
|
||||
$scope = ['filesystem' => true];
|
||||
$scope = [IToken::SCOPE_FILESYSTEM => true];
|
||||
$token = new PublicKeyToken();
|
||||
$this->assertEquals($scope, $token->getScopeAsArray());
|
||||
}
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ namespace Test\Lockdown\Filesystem;
|
|||
use OC\Authentication\Token\PublicKeyToken;
|
||||
use OC\Files\Filesystem;
|
||||
use OC\Lockdown\Filesystem\NullStorage;
|
||||
use OCP\Authentication\Token\IToken;
|
||||
use Test\Traits\UserTrait;
|
||||
|
||||
/**
|
||||
|
|
@ -20,7 +21,7 @@ class NoFSTest extends \Test\TestCase {
|
|||
protected function tearDown(): void {
|
||||
$token = new PublicKeyToken();
|
||||
$token->setScope([
|
||||
'filesystem' => true
|
||||
IToken::SCOPE_FILESYSTEM => true
|
||||
]);
|
||||
\OC::$server->get('LockdownManager')->setToken($token);
|
||||
parent::tearDown();
|
||||
|
|
@ -30,7 +31,7 @@ class NoFSTest extends \Test\TestCase {
|
|||
parent::setUp();
|
||||
$token = new PublicKeyToken();
|
||||
$token->setScope([
|
||||
'filesystem' => false
|
||||
IToken::SCOPE_FILESYSTEM => false
|
||||
]);
|
||||
|
||||
\OC::$server->get('LockdownManager')->setToken($token);
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@ namespace Test\Lockdown;
|
|||
|
||||
use OC\Authentication\Token\PublicKeyToken;
|
||||
use OC\Lockdown\LockdownManager;
|
||||
use OCP\Authentication\Token\IToken;
|
||||
use OCP\ISession;
|
||||
use Test\TestCase;
|
||||
|
||||
|
|
@ -29,7 +30,7 @@ class LockdownManagerTest extends TestCase {
|
|||
|
||||
public function testCanAccessFilesystemAllowed() {
|
||||
$token = new PublicKeyToken();
|
||||
$token->setScope(['filesystem' => true]);
|
||||
$token->setScope([IToken::SCOPE_FILESYSTEM => true]);
|
||||
$manager = new LockdownManager($this->sessionCallback);
|
||||
$manager->setToken($token);
|
||||
$this->assertTrue($manager->canAccessFilesystem());
|
||||
|
|
@ -37,7 +38,7 @@ class LockdownManagerTest extends TestCase {
|
|||
|
||||
public function testCanAccessFilesystemNotAllowed() {
|
||||
$token = new PublicKeyToken();
|
||||
$token->setScope(['filesystem' => false]);
|
||||
$token->setScope([IToken::SCOPE_FILESYSTEM => false]);
|
||||
$manager = new LockdownManager($this->sessionCallback);
|
||||
$manager->setToken($token);
|
||||
$this->assertFalse($manager->canAccessFilesystem());
|
||||
|
|
|
|||
Loading…
Reference in a new issue