Browse Source
Limit the length of app password names
Signed-off-by: Joas Schilling <coding@schilljs.com>
pull/31658/head
Joas Schilling
4 years ago
No known key found for this signature in database
GPG Key ID: 7076EA9751AACDDA
5 changed files with
23 additions and
0 deletions
-
apps/settings/lib/Controller/AuthSettingsController.php
-
core/Controller/AppPasswordController.php
-
core/Controller/ClientFlowLoginController.php
-
lib/private/Authentication/Token/Manager.php
-
lib/private/Authentication/Token/PublicKeyTokenProvider.php
|
|
|
@ -145,6 +145,10 @@ class AuthSettingsController extends Controller { |
|
|
|
return $this->getServiceNotAvailableResponse(); |
|
|
|
} |
|
|
|
|
|
|
|
if (mb_strlen($name) > 128) { |
|
|
|
$name = mb_substr($name, 0, 120) . '…'; |
|
|
|
} |
|
|
|
|
|
|
|
$token = $this->generateRandomDeviceToken(); |
|
|
|
$deviceToken = $this->tokenProvider->generateToken($token, $this->uid, $loginName, $password, $name, IToken::PERMANENT_TOKEN); |
|
|
|
$tokenData = $deviceToken->jsonSerialize(); |
|
|
|
@ -241,6 +245,10 @@ class AuthSettingsController extends Controller { |
|
|
|
$this->publishActivity($scope['filesystem'] ? Provider::APP_TOKEN_FILESYSTEM_GRANTED : Provider::APP_TOKEN_FILESYSTEM_REVOKED, $token->getId(), ['name' => $currentName]); |
|
|
|
} |
|
|
|
|
|
|
|
if (mb_strlen($name) > 128) { |
|
|
|
$name = mb_substr($name, 0, 120) . '…'; |
|
|
|
} |
|
|
|
|
|
|
|
if ($token instanceof INamedToken && $name !== $currentName) { |
|
|
|
$token->setName($name); |
|
|
|
$this->publishActivity(Provider::APP_TOKEN_RENAMED, $token->getId(), ['name' => $currentName, 'newName' => $name]); |
|
|
|
|
|
|
|
@ -99,6 +99,9 @@ class AppPasswordController extends \OCP\AppFramework\OCSController { |
|
|
|
} |
|
|
|
|
|
|
|
$userAgent = $this->request->getHeader('USER_AGENT'); |
|
|
|
if (mb_strlen($userAgent) > 128) { |
|
|
|
$userAgent = mb_substr($userAgent, 0, 120) . '…'; |
|
|
|
} |
|
|
|
|
|
|
|
$token = $this->random->generate(72, ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_DIGITS); |
|
|
|
|
|
|
|
|
|
|
|
@ -322,6 +322,10 @@ class ClientFlowLoginController extends Controller { |
|
|
|
$clientName = $client->getName(); |
|
|
|
} |
|
|
|
|
|
|
|
if (mb_strlen($clientName) > 128) { |
|
|
|
$clientName = mb_substr($clientName, 0, 120) . '…'; |
|
|
|
} |
|
|
|
|
|
|
|
$token = $this->random->generate(72, ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_DIGITS); |
|
|
|
$uid = $this->userSession->getUser()->getUID(); |
|
|
|
$generatedToken = $this->tokenProvider->generateToken( |
|
|
|
|
|
|
|
@ -61,6 +61,10 @@ class Manager implements IProvider { |
|
|
|
string $name, |
|
|
|
int $type = IToken::TEMPORARY_TOKEN, |
|
|
|
int $remember = IToken::DO_NOT_REMEMBER): IToken { |
|
|
|
if (mb_strlen($name) > 128) { |
|
|
|
throw new InvalidTokenException('The given name is too long'); |
|
|
|
} |
|
|
|
|
|
|
|
try { |
|
|
|
return $this->publicKeyTokenProvider->generateToken( |
|
|
|
$token, |
|
|
|
|
|
|
|
@ -84,6 +84,10 @@ class PublicKeyTokenProvider implements IProvider { |
|
|
|
string $name, |
|
|
|
int $type = IToken::TEMPORARY_TOKEN, |
|
|
|
int $remember = IToken::DO_NOT_REMEMBER): IToken { |
|
|
|
if (mb_strlen($name) > 128) { |
|
|
|
throw new InvalidTokenException('The given name is too long'); |
|
|
|
} |
|
|
|
|
|
|
|
$dbToken = $this->newToken($token, $uid, $loginName, $password, $name, $type, $remember); |
|
|
|
$this->mapper->insert($dbToken); |
|
|
|
|
|
|
|
|
