feat(auth): dispatch new TokenInvalidatedEvent when PublicKeyTokenProvider::invalidateTokenById is called

Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
2 months ago · 8ffd30bbf9
parent d5417d63e0
commit 8ffd30bbf9
4 changed files with 58 additions and 2 deletions
--- a/lib/composer/composer/autoload_classmap.php
+++ b/lib/composer/composer/autoload_classmap.php
@ -157,6 +157,7 @@ return array(
    'OCP\\App\\ManagerEvent' => $baseDir . '/lib/public/App/ManagerEvent.php',
    'OCP\\Authentication\\Events\\AnyLoginFailedEvent' => $baseDir . '/lib/public/Authentication/Events/AnyLoginFailedEvent.php',
    'OCP\\Authentication\\Events\\LoginFailedEvent' => $baseDir . '/lib/public/Authentication/Events/LoginFailedEvent.php',
+    'OCP\\Authentication\\Events\\TokenInvalidatedEvent' => $baseDir . '/lib/public/Authentication/Events/TokenInvalidatedEvent.php',
    'OCP\\Authentication\\Exceptions\\CredentialsUnavailableException' => $baseDir . '/lib/public/Authentication/Exceptions/CredentialsUnavailableException.php',
    'OCP\\Authentication\\Exceptions\\ExpiredTokenException' => $baseDir . '/lib/public/Authentication/Exceptions/ExpiredTokenException.php',
    'OCP\\Authentication\\Exceptions\\InvalidTokenException' => $baseDir . '/lib/public/Authentication/Exceptions/InvalidTokenException.php',
--- a/lib/composer/composer/autoload_static.php
+++ b/lib/composer/composer/autoload_static.php
@ -198,6 +198,7 @@ class ComposerStaticInit749170dad3f5e7f9ca158f5a9f04f6a2
        'OCP\\App\\ManagerEvent' => __DIR__ . '/../../..' . '/lib/public/App/ManagerEvent.php',
        'OCP\\Authentication\\Events\\AnyLoginFailedEvent' => __DIR__ . '/../../..' . '/lib/public/Authentication/Events/AnyLoginFailedEvent.php',
        'OCP\\Authentication\\Events\\LoginFailedEvent' => __DIR__ . '/../../..' . '/lib/public/Authentication/Events/LoginFailedEvent.php',
+        'OCP\\Authentication\\Events\\TokenInvalidatedEvent' => __DIR__ . '/../../..' . '/lib/public/Authentication/Events/TokenInvalidatedEvent.php',
        'OCP\\Authentication\\Exceptions\\CredentialsUnavailableException' => __DIR__ . '/../../..' . '/lib/public/Authentication/Exceptions/CredentialsUnavailableException.php',
        'OCP\\Authentication\\Exceptions\\ExpiredTokenException' => __DIR__ . '/../../..' . '/lib/public/Authentication/Exceptions/ExpiredTokenException.php',
        'OCP\\Authentication\\Exceptions\\InvalidTokenException' => __DIR__ . '/../../..' . '/lib/public/Authentication/Exceptions/InvalidTokenException.php',
--- a/lib/private/Authentication/Token/PublicKeyTokenProvider.php
+++ b/lib/private/Authentication/Token/PublicKeyTokenProvider.php
@ -15,7 +15,9 @@ use OC\Authentication\Exceptions\WipeTokenException;
 use OCP\AppFramework\Db\DoesNotExistException;
 use OCP\AppFramework\Db\TTransactional;
 use OCP\AppFramework\Utility\ITimeFactory;
+use OCP\Authentication\Events\TokenInvalidatedEvent;
 use OCP\Authentication\Token\IToken as OCPIToken;
+use OCP\EventDispatcher\IEventDispatcher;
 use OCP\ICache;
 use OCP\ICacheFactory;
 use OCP\IConfig;
@ -55,6 +57,8 @@ class PublicKeyTokenProvider implements IProvider {
 	/** @var IHasher */
 	private $hasher;

+	private IEventDispatcher $eventDispatcher;
+
 	public function __construct(PublicKeyTokenMapper $mapper,
 		ICrypto $crypto,
 		IConfig $config,
@ -62,7 +66,9 @@ class PublicKeyTokenProvider implements IProvider {
 		LoggerInterface $logger,
 		ITimeFactory $time,
 		IHasher $hasher,
-		ICacheFactory $cacheFactory) {
+		ICacheFactory $cacheFactory,
+		IEventDispatcher $eventDispatcher,
+	) {
 		$this->mapper = $mapper;
 		$this->crypto = $crypto;
 		$this->config = $config;
@ -74,6 +80,7 @@ class PublicKeyTokenProvider implements IProvider {
 			? $cacheFactory->createLocal('authtoken_')
 			: $cacheFactory->createInMemory();
 		$this->hasher = $hasher;
+		$this->eventDispatcher = $eventDispatcher;
 	}

 	/**
@ -275,7 +282,7 @@ class PublicKeyTokenProvider implements IProvider {
 		}
 		$this->mapper->invalidate($token->getToken());
 		$this->cacheInvalidHash($token->getToken());
-
+		$this->eventDispatcher->dispatchTyped(new TokenInvalidatedEvent($uid, $id));
 	}

 	public function invalidateOldTokens() {
--- a/lib/public/Authentication/Events/TokenInvalidatedEvent.php
+++ b/lib/public/Authentication/Events/TokenInvalidatedEvent.php
@ -0,0 +1,47 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+namespace OCP\Authentication\Events;
+
+use OCP\EventDispatcher\Event;
+
+/**
+ * Emitted when an authentication token is invalidated
+ *
+ * @since 32.0.0
+ */
+class TokenInvalidatedEvent extends Event {
+
+	/**
+	 * @since 32.0.0
+	 */
+	public function __construct(
+		private string $userId,
+		private int $tokenId,
+	) {
+		parent::__construct();
+	}
+
+	/**
+	 * returns the uid of the user associated with the invalidated token
+	 *
+	 * @since 32.0.0
+	 */
+	public function getUserId(): string {
+		return $this->userId;
+	}
+
+	/**
+	 * returns the ID of the token that is being invalidated
+	 *
+	 * @since 32.0.0
+	 */
+	public function getTokenId(): int {
+		return $this->tokenId;
+	}
+}