open-dsi
/
nextcloud-server
mirror of https://github.com/nextcloud/server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Don't use special chars to avoid confusion

Browse Source 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
pull/9517/head
Roeland Jago Douma 7 years ago
parent f7ecec855b
commit 5a97148863
No known key found for this signature in database
GPG Key ID: F941078878347C0C
2 changed files with 8 additions and 1 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 7
      apps/oauth2/lib/Controller/OauthApiController.php
  2. 2
      core/Controller/ClientFlowLoginController.php

7
apps/oauth2/lib/Controller/OauthApiController.php
Unescape View File

@ -90,6 +90,7 @@ class OauthApiController extends Controller {
*/
public function getToken($grant_type, $code, $refresh_token, $client_id, $client_secret) {
// We only handle two types
if ($grant_type !== 'authorization_code' && $grant_type !== 'refresh_token') {
return new JSONResponse([
'error' => 'invalid_grant',
@ -117,6 +118,7 @@ class OauthApiController extends Controller {
], Http::STATUS_BAD_REQUEST);
}
// The client id and secret must match. Else we don't provide an access token!
if ($client->getClientIdentifier() !== $client_id || $client->getSecret() !== $client_secret) {
return new JSONResponse([
'error' => 'invalid_client',
@ -125,6 +127,7 @@ class OauthApiController extends Controller {
$decryptedToken = $this->crypto->decrypt($accessToken->getEncryptedToken(), $code);
// Obtain the appToken assoicated
try {
$appToken = $this->tokenProvider->getTokenById($accessToken->getTokenId());
} catch (ExpiredTokenException $e) {
@ -137,6 +140,7 @@ class OauthApiController extends Controller {
], Http::STATUS_BAD_REQUEST);
}
// Rotate the apptoken (so the old one becomes invalid basically)
$newToken = $this->secureRandom->generate(72, ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_DIGITS);
$appToken = $this->tokenProvider->rotate(
@ -144,9 +148,12 @@ class OauthApiController extends Controller {
$decryptedToken,
$newToken
);
// Expiration is in 1 hour again
$appToken->setExpires($this->time->getTime() + 3600);
$this->tokenProvider->updateToken($appToken);
// Generate a new refresh token and encrypt the new apptoken in the DB
$newCode = $this->secureRandom->generate(128, ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_DIGITS);
$accessToken->setHashedCode(hash('sha512', $newCode));
$accessToken->setEncryptedToken($this->crypto->encrypt($newToken, $newCode));

2
core/Controller/ClientFlowLoginController.php
Unescape View File

@ -329,7 +329,7 @@ class ClientFlowLoginController extends Controller {
);
if($client) {
$code = $this->random->generate(128);
$code = $this->random->generate(128, ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_DIGITS);
$accessToken = new AccessToken();
$accessToken->setClientId($client->getId());
$accessToken->setEncryptedToken($this->crypto->encrypt($token, $code));

Write Preview
Loading…
Cancel
Save