AuthSettingsController.php 5.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203
  1. <?php
  2. /**
  3. * @copyright Copyright (c) 2016, ownCloud, Inc.
  4. *
  5. * @author Christoph Wurst <christoph@owncloud.com>
  6. * @author Robin Appelman <robin@icewind.nl>
  7. *
  8. * @license AGPL-3.0
  9. *
  10. * This code is free software: you can redistribute it and/or modify
  11. * it under the terms of the GNU Affero General Public License, version 3,
  12. * as published by the Free Software Foundation.
  13. *
  14. * This program is distributed in the hope that it will be useful,
  15. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  16. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  17. * GNU Affero General Public License for more details.
  18. *
  19. * You should have received a copy of the GNU Affero General Public License, version 3,
  20. * along with this program. If not, see <http://www.gnu.org/licenses/>
  21. *
  22. */
  23. namespace OC\Settings\Controller;
  24. use OC\AppFramework\Http;
  25. use OC\Authentication\Exceptions\InvalidTokenException;
  26. use OC\Authentication\Exceptions\PasswordlessTokenException;
  27. use OC\Authentication\Token\IProvider;
  28. use OC\Authentication\Token\IToken;
  29. use OCP\AppFramework\Controller;
  30. use OCP\AppFramework\Http\JSONResponse;
  31. use OCP\IRequest;
  32. use OCP\ISession;
  33. use OCP\IUserManager;
  34. use OCP\Security\ISecureRandom;
  35. use OCP\Session\Exceptions\SessionNotAvailableException;
  36. class AuthSettingsController extends Controller {
  37. /** @var IProvider */
  38. private $tokenProvider;
  39. /** @var IUserManager */
  40. private $userManager;
  41. /** @var ISession */
  42. private $session;
  43. /** @var string */
  44. private $uid;
  45. /** @var ISecureRandom */
  46. private $random;
  47. /**
  48. * @param string $appName
  49. * @param IRequest $request
  50. * @param IProvider $tokenProvider
  51. * @param IUserManager $userManager
  52. * @param ISession $session
  53. * @param ISecureRandom $random
  54. * @param string $userId
  55. */
  56. public function __construct($appName, IRequest $request, IProvider $tokenProvider, IUserManager $userManager,
  57. ISession $session, ISecureRandom $random, $userId) {
  58. parent::__construct($appName, $request);
  59. $this->tokenProvider = $tokenProvider;
  60. $this->userManager = $userManager;
  61. $this->uid = $userId;
  62. $this->session = $session;
  63. $this->random = $random;
  64. }
  65. /**
  66. * @NoAdminRequired
  67. * @NoSubadminRequired
  68. *
  69. * @return JSONResponse
  70. */
  71. public function index() {
  72. $user = $this->userManager->get($this->uid);
  73. if (is_null($user)) {
  74. return [];
  75. }
  76. $tokens = $this->tokenProvider->getTokenByUser($user);
  77. try {
  78. $sessionId = $this->session->getId();
  79. } catch (SessionNotAvailableException $ex) {
  80. return $this->getServiceNotAvailableResponse();
  81. }
  82. try {
  83. $sessionToken = $this->tokenProvider->getToken($sessionId);
  84. } catch (InvalidTokenException $ex) {
  85. return $this->getServiceNotAvailableResponse();
  86. }
  87. return array_map(function(IToken $token) use ($sessionToken) {
  88. $data = $token->jsonSerialize();
  89. if ($sessionToken->getId() === $token->getId()) {
  90. $data['canDelete'] = false;
  91. $data['current'] = true;
  92. } else {
  93. $data['canDelete'] = true;
  94. }
  95. return $data;
  96. }, $tokens);
  97. }
  98. /**
  99. * @NoAdminRequired
  100. * @NoSubadminRequired
  101. * @PasswordConfirmationRequired
  102. *
  103. * @param string $name
  104. * @return JSONResponse
  105. */
  106. public function create($name) {
  107. try {
  108. $sessionId = $this->session->getId();
  109. } catch (SessionNotAvailableException $ex) {
  110. return $this->getServiceNotAvailableResponse();
  111. }
  112. try {
  113. $sessionToken = $this->tokenProvider->getToken($sessionId);
  114. $loginName = $sessionToken->getLoginName();
  115. try {
  116. $password = $this->tokenProvider->getPassword($sessionToken, $sessionId);
  117. } catch (PasswordlessTokenException $ex) {
  118. $password = null;
  119. }
  120. } catch (InvalidTokenException $ex) {
  121. return $this->getServiceNotAvailableResponse();
  122. }
  123. $token = $this->generateRandomDeviceToken();
  124. $deviceToken = $this->tokenProvider->generateToken($token, $this->uid, $loginName, $password, $name, IToken::PERMANENT_TOKEN);
  125. $tokenData = $deviceToken->jsonSerialize();
  126. $tokenData['canDelete'] = true;
  127. return new JSONResponse([
  128. 'token' => $token,
  129. 'loginName' => $loginName,
  130. 'deviceToken' => $tokenData,
  131. ]);
  132. }
  133. private function getServiceNotAvailableResponse() {
  134. $resp = new JSONResponse();
  135. $resp->setStatus(Http::STATUS_SERVICE_UNAVAILABLE);
  136. return $resp;
  137. }
  138. /**
  139. * Return a 20 digit device password
  140. *
  141. * Example: ABCDE-FGHIJ-KLMNO-PQRST
  142. *
  143. * @return string
  144. */
  145. private function generateRandomDeviceToken() {
  146. $groups = [];
  147. for ($i = 0; $i < 4; $i++) {
  148. $groups[] = $this->random->generate(5, implode('', range('A', 'Z')));
  149. }
  150. return implode('-', $groups);
  151. }
  152. /**
  153. * @NoAdminRequired
  154. * @NoSubadminRequired
  155. *
  156. * @return JSONResponse
  157. */
  158. public function destroy($id) {
  159. $user = $this->userManager->get($this->uid);
  160. if (is_null($user)) {
  161. return [];
  162. }
  163. $this->tokenProvider->invalidateTokenById($user, $id);
  164. return [];
  165. }
  166. /**
  167. * @NoAdminRequired
  168. * @NoSubadminRequired
  169. *
  170. * @param int $id
  171. * @param array $scope
  172. */
  173. public function update($id, array $scope) {
  174. $token = $this->tokenProvider->getTokenById($id);
  175. $token->setScope([
  176. 'filesystem' => $scope['filesystem']
  177. ]);
  178. $this->tokenProvider->updateToken($token);
  179. return [];
  180. }
  181. }