open-dsi
/
nextcloud-server
mirror of https://github.com/nextcloud/server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

rename oauth2_access_token's created_at to code_created_at

Browse Source 
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
pull/40766/head
Julien Veyssier 2 years ago
parent e944980eb6
commit c6da99474e
No known key found for this signature in database
GPG Key ID: 4141FEE162030638
6 changed files with 21 additions and 21 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 6
      apps/oauth2/lib/Controller/OauthApiController.php
  2. 8
      apps/oauth2/lib/Db/AccessToken.php
  3. 2
      apps/oauth2/lib/Db/AccessTokenMapper.php
  4. 6
      apps/oauth2/lib/Migration/Version011603Date20230620111039.php
  5. 18
      apps/oauth2/tests/Controller/OauthApiControllerTest.php
  6. 2
      core/Controller/ClientFlowLoginController.php

6
apps/oauth2/lib/Controller/OauthApiController.php
Unescape View File

@ -126,15 +126,15 @@ class OauthApiController extends Controller {
// check authorization code expiration
$now = $this->timeFactory->now()->getTimestamp();
$tokenCreatedAt = $accessToken->getCreatedAt();
if ($tokenCreatedAt < $now - self::AUTHORIZATION_CODE_EXPIRES_AFTER) {
$codeCreatedAt = $accessToken->getCodeCreatedAt();
if ($codeCreatedAt < $now - self::AUTHORIZATION_CODE_EXPIRES_AFTER) {
// we know this token is not useful anymore
$this->accessTokenMapper->delete($accessToken);
$response = new JSONResponse([
'error' => 'invalid_request',
], Http::STATUS_BAD_REQUEST);
$expiredSince = $now - self::AUTHORIZATION_CODE_EXPIRES_AFTER - $tokenCreatedAt;
$expiredSince = $now - self::AUTHORIZATION_CODE_EXPIRES_AFTER - $codeCreatedAt;
$response->throttle(['invalid_request' => 'authorization_code_expired', 'expired_since' => $expiredSince]);
return $response;
}

8
apps/oauth2/lib/Db/AccessToken.php
Unescape View File

@ -34,8 +34,8 @@ use OCP\AppFramework\Db\Entity;
* @method void setEncryptedToken(string $token)
* @method string getHashedCode()
* @method void setHashedCode(string $token)
* @method int getCreatedAt()
* @method void setCreatedAt(int $createdAt)
* @method int getCodeCreatedAt()
* @method void setCodeCreatedAt(int $createdAt)
* @method int getTokenCount()
* @method void setTokenCount(int $tokenCount)
*/
@ -49,7 +49,7 @@ class AccessToken extends Entity {
/** @var string */
protected $encryptedToken;
/** @var int */
protected $createdAt;
protected $codeCreatedAt;
/** @var int */
protected $tokenCount;
@ -59,7 +59,7 @@ class AccessToken extends Entity {
$this->addType('clientId', 'int');
$this->addType('hashedCode', 'string');
$this->addType('encryptedToken', 'string');
$this->addType('created_at', 'int');
$this->addType('code_created_at', 'int');
$this->addType('token_count', 'int');
}
}

2
apps/oauth2/lib/Db/AccessTokenMapper.php
Unescape View File

@ -99,7 +99,7 @@ class AccessTokenMapper extends QBMapper {
$qb
->delete($this->tableName)
->where($qb->expr()->eq('token_count', $qb->createNamedParameter(0, IQueryBuilder::PARAM_INT)))
->andWhere($qb->expr()->lt('created_at', $qb->createNamedParameter($maxTokenCreationTs, IQueryBuilder::PARAM_INT)));
->andWhere($qb->expr()->lt('code_created_at', $qb->createNamedParameter($maxTokenCreationTs, IQueryBuilder::PARAM_INT)));
$qb->executeStatement();
}
}

6
apps/oauth2/lib/Migration/Version011603Date20230620111039.php
Unescape View File

@ -47,8 +47,8 @@ class Version011603Date20230620111039 extends SimpleMigrationStep {
if ($schema->hasTable('oauth2_access_tokens')) {
$table = $schema->getTable('oauth2_access_tokens');
$dbChanged = false;
if (!$table->hasColumn('created_at')) {
$table->addColumn('created_at', Types::BIGINT, [
if (!$table->hasColumn('code_created_at')) {
$table->addColumn('code_created_at', Types::BIGINT, [
'notnull' => true,
'default' => 0,
]);
@ -62,7 +62,7 @@ class Version011603Date20230620111039 extends SimpleMigrationStep {
$dbChanged = true;
}
if (!$table->hasIndex('oauth2_tk_c_created_idx')) {
$table->addIndex(['token_count', 'created_at'], 'oauth2_tk_c_created_idx');
$table->addIndex(['token_count', 'code_created_at'], 'oauth2_tk_c_created_idx');
$dbChanged = true;
}
if ($dbChanged) {

18
apps/oauth2/tests/Controller/OauthApiControllerTest.php
Unescape View File

@ -127,7 +127,7 @@ class OauthApiControllerTest extends TestCase {
}
public function testGetTokenExpiredCode() {
$tokenCreatedAt = 100;
$codeCreatedAt = 100;
$expiredSince = 123;
$expected = new JSONResponse([
@ -137,13 +137,13 @@ class OauthApiControllerTest extends TestCase {
$accessToken = new AccessToken();
$accessToken->setClientId(42);
$accessToken->setCreatedAt($tokenCreatedAt);
$accessToken->setCodeCreatedAt($codeCreatedAt);
$this->accessTokenMapper->method('getByCode')
->with('validcode')
->willReturn($accessToken);
$tsNow = $tokenCreatedAt + OauthApiController::AUTHORIZATION_CODE_EXPIRES_AFTER + $expiredSince;
$tsNow = $codeCreatedAt + OauthApiController::AUTHORIZATION_CODE_EXPIRES_AFTER + $expiredSince;
$dateNow = (new \DateTimeImmutable())->setTimestamp($tsNow);
$this->timeFactory->method('now')
->willReturn($dateNow);
@ -154,7 +154,7 @@ class OauthApiControllerTest extends TestCase {
public function testGetTokenWithCodeForActiveToken() {
// if a token has already delivered oauth tokens,
// it should not be possible to get a new oauth token from a valid authorization code
$tokenCreatedAt = 100;
$codeCreatedAt = 100;
$expected = new JSONResponse([
'error' => 'invalid_request',
@ -163,14 +163,14 @@ class OauthApiControllerTest extends TestCase {
$accessToken = new AccessToken();
$accessToken->setClientId(42);
$accessToken->setCreatedAt($tokenCreatedAt);
$accessToken->setCodeCreatedAt($codeCreatedAt);
$accessToken->setTokenCount(1);
$this->accessTokenMapper->method('getByCode')
->with('validcode')
->willReturn($accessToken);
$tsNow = $tokenCreatedAt + 1;
$tsNow = $codeCreatedAt + 1;
$dateNow = (new \DateTimeImmutable())->setTimestamp($tsNow);
$this->timeFactory->method('now')
->willReturn($dateNow);
@ -181,7 +181,7 @@ class OauthApiControllerTest extends TestCase {
public function testGetTokenClientDoesNotExist() {
// In this test, the token's authorization code is valid and has not expired
// and we check what happens when the associated Oauth client does not exist
$tokenCreatedAt = 100;
$codeCreatedAt = 100;
$expected = new JSONResponse([
'error' => 'invalid_request',
@ -190,14 +190,14 @@ class OauthApiControllerTest extends TestCase {
$accessToken = new AccessToken();
$accessToken->setClientId(42);
$accessToken->setCreatedAt($tokenCreatedAt);
$accessToken->setCodeCreatedAt($codeCreatedAt);
$this->accessTokenMapper->method('getByCode')
->with('validcode')
->willReturn($accessToken);
// 'now' is before the token's authorization code expiration
$tsNow = $tokenCreatedAt + OauthApiController::AUTHORIZATION_CODE_EXPIRES_AFTER - 1;
$tsNow = $codeCreatedAt + OauthApiController::AUTHORIZATION_CODE_EXPIRES_AFTER - 1;
$dateNow = (new \DateTimeImmutable())->setTimestamp($tsNow);
$this->timeFactory->method('now')
->willReturn($dateNow);

2
core/Controller/ClientFlowLoginController.php
Unescape View File

@ -289,7 +289,7 @@ class ClientFlowLoginController extends Controller {
$accessToken->setEncryptedToken($this->crypto->encrypt($token, $code));
$accessToken->setHashedCode(hash('sha512', $code));
$accessToken->setTokenId($generatedToken->getId());
$accessToken->setCreatedAt($this->timeFactory->now()->getTimestamp());
$accessToken->setCodeCreatedAt($this->timeFactory->now()->getTimestamp());
$this->accessTokenMapper->insert($accessToken);
$redirectUri = $client->getRedirectUri();

Write Preview
Loading…
Cancel
Save