|
|
|
|
@ -23,7 +23,10 @@ namespace OCA\OAuth2\Controller; |
|
|
|
|
|
|
|
|
|
use OC\Authentication\Token\DefaultTokenMapper; |
|
|
|
|
use OCA\OAuth2\Db\AccessTokenMapper; |
|
|
|
|
use OCA\OAuth2\Db\ClientMapper; |
|
|
|
|
use OCA\OAuth2\Exceptions\AccessTokenNotFoundException; |
|
|
|
|
use OCP\AppFramework\Controller; |
|
|
|
|
use OCP\AppFramework\Http; |
|
|
|
|
use OCP\AppFramework\Http\JSONResponse; |
|
|
|
|
use OCP\IRequest; |
|
|
|
|
use OCP\Security\ICrypto; |
|
|
|
|
@ -32,6 +35,8 @@ use OCP\Security\ISecureRandom; |
|
|
|
|
class OauthApiController extends Controller { |
|
|
|
|
/** @var AccessTokenMapper */ |
|
|
|
|
private $accessTokenMapper; |
|
|
|
|
/** @var ClientMapper */ |
|
|
|
|
private $clientMapper; |
|
|
|
|
/** @var ICrypto */ |
|
|
|
|
private $crypto; |
|
|
|
|
/** @var DefaultTokenMapper */ |
|
|
|
|
@ -44,6 +49,7 @@ class OauthApiController extends Controller { |
|
|
|
|
* @param IRequest $request |
|
|
|
|
* @param ICrypto $crypto |
|
|
|
|
* @param AccessTokenMapper $accessTokenMapper |
|
|
|
|
* @param ClientMapper $clientMapper |
|
|
|
|
* @param DefaultTokenMapper $defaultTokenMapper |
|
|
|
|
* @param ISecureRandom $secureRandom |
|
|
|
|
*/ |
|
|
|
|
@ -51,11 +57,13 @@ class OauthApiController extends Controller { |
|
|
|
|
IRequest $request, |
|
|
|
|
ICrypto $crypto, |
|
|
|
|
AccessTokenMapper $accessTokenMapper, |
|
|
|
|
ClientMapper $clientMapper, |
|
|
|
|
DefaultTokenMapper $defaultTokenMapper, |
|
|
|
|
ISecureRandom $secureRandom) { |
|
|
|
|
parent::__construct($appName, $request); |
|
|
|
|
$this->crypto = $crypto; |
|
|
|
|
$this->accessTokenMapper = $accessTokenMapper; |
|
|
|
|
$this->clientMapper = $clientMapper; |
|
|
|
|
$this->defaultTokenMapper = $defaultTokenMapper; |
|
|
|
|
$this->secureRandom = $secureRandom; |
|
|
|
|
} |
|
|
|
|
@ -64,13 +72,48 @@ class OauthApiController extends Controller { |
|
|
|
|
* @PublicPage |
|
|
|
|
* @NoCSRFRequired |
|
|
|
|
* |
|
|
|
|
* @param string $grant_type |
|
|
|
|
* @param string $code |
|
|
|
|
* @param string $refresh_token |
|
|
|
|
* @param string $client_id |
|
|
|
|
* @param string $client_secret |
|
|
|
|
* @return JSONResponse |
|
|
|
|
*/ |
|
|
|
|
public function getToken($code, $client_id, $client_secret) { |
|
|
|
|
$accessToken = $this->accessTokenMapper->getByCode($code); |
|
|
|
|
public function getToken($grant_type, $code, $refresh_token, $client_id, $client_secret) { |
|
|
|
|
|
|
|
|
|
if ($grant_type !== 'authorization_code' && $grant_type !== 'refresh_token') { |
|
|
|
|
return new JSONResponse([ |
|
|
|
|
'error' => 'invalid_grant', |
|
|
|
|
], Http::STATUS_BAD_REQUEST); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
// We handle the initial and refresh tokens the same way |
|
|
|
|
if ($grant_type === 'refresh_token' ) { |
|
|
|
|
$code = $refresh_token; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
try { |
|
|
|
|
$accessToken = $this->accessTokenMapper->getByCode($code); |
|
|
|
|
} catch (AccessTokenNotFoundException $e) { |
|
|
|
|
return new JSONResponse([ |
|
|
|
|
'error' => 'invalid_request', |
|
|
|
|
], Http::STATUS_BAD_REQUEST); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
try { |
|
|
|
|
$client = $this->clientMapper->getByUid($accessToken->getClientId()); |
|
|
|
|
} catch (ClientNotFoundException $e) { |
|
|
|
|
return new JSONResponse([ |
|
|
|
|
'error' => 'invalid_request', |
|
|
|
|
], Http::STATUS_BAD_REQUEST); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
if ($client->getClientIdentifier() !== $client_id || $client->getSecret() !== $client_secret) { |
|
|
|
|
return new JSONResponse([ |
|
|
|
|
'error' => 'invalid_client', |
|
|
|
|
], Http::STATUS_BAD_REQUEST); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
$decryptedToken = $this->crypto->decrypt($accessToken->getEncryptedToken(), $code); |
|
|
|
|
$newCode = $this->secureRandom->generate(128); |
|
|
|
|
$accessToken->setHashedCode(hash('sha512', $newCode)); |
|
|
|
|
|
Roeland Jago Douma
7 years ago