Skip to content

Commit

Permalink
fix(Token): take over scope in token refresh with login by cookie
Browse files Browse the repository at this point in the history
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
  • Loading branch information
blizzz committed Jul 29, 2024
1 parent 7826984 commit c6d8aff
Show file tree
Hide file tree
Showing 3 changed files with 40 additions and 24 deletions.
17 changes: 10 additions & 7 deletions lib/private/Authentication/Token/IProvider.php
Original file line number Diff line number Diff line change
Expand Up @@ -48,13 +48,16 @@ interface IProvider {
* @return IToken
* @throws \RuntimeException when OpenSSL reports a problem
*/
public function generateToken(string $token,
string $uid,
string $loginName,
?string $password,
string $name,
int $type = IToken::TEMPORARY_TOKEN,
int $remember = IToken::DO_NOT_REMEMBER): IToken;
public function generateToken(
string $token,
string $uid,
string $loginName,
?string $password,
string $name,
int $type = IToken::TEMPORARY_TOKEN,
int $remember = IToken::DO_NOT_REMEMBER,
?array $scope = null,
): IToken;

/**
* Get a token by token id
Expand Down
20 changes: 12 additions & 8 deletions lib/private/Authentication/Token/Manager.php
Original file line number Diff line number Diff line change
Expand Up @@ -54,13 +54,16 @@ public function __construct(PublicKeyTokenProvider $publicKeyTokenProvider) {
* @param int $remember whether the session token should be used for remember-me
* @return IToken
*/
public function generateToken(string $token,
string $uid,
string $loginName,
$password,
string $name,
int $type = IToken::TEMPORARY_TOKEN,
int $remember = IToken::DO_NOT_REMEMBER): IToken {
public function generateToken(
string $token,
string $uid,
string $loginName,
$password,
string $name,
int $type = IToken::TEMPORARY_TOKEN,
int $remember = IToken::DO_NOT_REMEMBER,
?array $scope = null,
): IToken {
if (mb_strlen($name) > 128) {
$name = mb_substr($name, 0, 120) . '';
}
Expand All @@ -73,7 +76,8 @@ public function generateToken(string $token,
$password,
$name,
$type,
$remember
$remember,
$scope,
);
} catch (UniqueConstraintViolationException $e) {
// It's rare, but if two requests of the same session (e.g. env-based SAML)
Expand Down
27 changes: 18 additions & 9 deletions lib/private/Authentication/Token/PublicKeyTokenProvider.php
Original file line number Diff line number Diff line change
Expand Up @@ -93,13 +93,16 @@ public function __construct(PublicKeyTokenMapper $mapper,
/**
* {@inheritDoc}
*/
public function generateToken(string $token,
string $uid,
string $loginName,
?string $password,
string $name,
int $type = IToken::TEMPORARY_TOKEN,
int $remember = IToken::DO_NOT_REMEMBER): IToken {
public function generateToken(
string $token,
string $uid,
string $loginName,
?string $password,
string $name,
int $type = IToken::TEMPORARY_TOKEN,
int $remember = IToken::DO_NOT_REMEMBER,
?array $scope = null,
): IToken {
if (strlen($token) < self::TOKEN_MIN_LENGTH) {
$exception = new InvalidTokenException('Token is too short, minimum of ' . self::TOKEN_MIN_LENGTH . ' characters is required, ' . strlen($token) . ' characters given');
$this->logger->error('Invalid token provided when generating new token', ['exception' => $exception]);
Expand All @@ -121,6 +124,10 @@ public function generateToken(string $token,
$dbToken->setPasswordHash($randomOldToken->getPasswordHash());
}

if ($scope !== null) {
$dbToken->setScope($scope);
}

$this->mapper->insert($dbToken);

if (!$oldTokenMatches && $password !== null) {
Expand Down Expand Up @@ -233,16 +240,18 @@ public function renewSessionToken(string $oldSessionId, string $sessionId): ITok
$privateKey = $this->decrypt($token->getPrivateKey(), $oldSessionId);
$password = $this->decryptPassword($token->getPassword(), $privateKey);
}

$scope = $token->getScope() === '' ? null : $token->getScopeAsArray();
$newToken = $this->generateToken(
$sessionId,
$token->getUID(),
$token->getLoginName(),
$password,
$token->getName(),
IToken::TEMPORARY_TOKEN,
$token->getRemember()
$token->getRemember(),
$scope,
);
$newToken->setScope($token->getScopeAsArray());

$this->mapper->delete($token);

Expand Down

0 comments on commit c6d8aff

Please sign in to comment.