Update all the publickey tokens if needed on web login

* On weblogin check if we have invalid public key tokens * If so update them all with the new token This ensures that your marked as invalid tokens work again if you once login on the web. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
7 years ago · d9febae5b2
7 changed files with 53 additions and 1 deletions
--- a/core/Controller/LoginController.php
+++ b/core/Controller/LoginController.php
@ -320,6 +320,7 @@ class LoginController extends Controller {
 		// requires https://github.com/owncloud/core/pull/24616
 		$this->userSession->completeLogin($loginResult, ['loginName' => $user, 'password' => $password]);
 		$this->userSession->createSessionToken($this->request, $loginResult->getUID(), $user, $password, IToken::REMEMBER);
+		$this->userSession->updateTokens($loginResult->getUID(), $password);

 		// User has successfully logged in, now remove the password reset link, when it is available
 		$this->config->deleteUserValue($loginResult->getUID(), 'core', 'lostpassword');
--- a/lib/private/Authentication/Token/DefaultTokenProvider.php
+++ b/lib/private/Authentication/Token/DefaultTokenProvider.php
@ -347,5 +347,7 @@ class DefaultTokenProvider implements IProvider {
 		$this->invalidateToken($tokenId);
 	}

-
+	public function updatePasswords(string $uid, string $password) {
+		// Nothing to do here
+	}
 }
--- a/lib/private/Authentication/Token/IProvider.php
+++ b/lib/private/Authentication/Token/IProvider.php
@ -164,4 +164,12 @@ interface IProvider {
 	 * @param string $tokenId
 	 */
 	public function markPasswordInvalid(IToken $token, string $tokenId);
+
+	/**
+	 * Update all the passwords of $uid if required
+	 *
+	 * @param string $uid
+	 * @param string $password
+	 */
+	public function updatePasswords(string $uid, string $password);
 }
--- a/lib/private/Authentication/Token/Manager.php
+++ b/lib/private/Authentication/Token/Manager.php
@ -232,4 +232,11 @@ class Manager implements IProvider {
 	public function markPasswordInvalid(IToken $token, string $tokenId) {
 		$this->getProvider($token)->markPasswordInvalid($token, $tokenId);
 	}
+
+	public function updatePasswords(string $uid, string $password) {
+		$this->defaultTokenProvider->updatePasswords($uid, $password);
+		$this->publicKeyTokenProvider->updatePasswords($uid, $password);
+	}
+
+
 }
--- a/lib/private/Authentication/Token/PublicKeyTokenMapper.php
+++ b/lib/private/Authentication/Token/PublicKeyTokenMapper.php
@ -169,4 +169,19 @@ class PublicKeyTokenMapper extends QBMapper {

 		$qb->execute();
 	}
+
+	public function hasExpiredTokens(string $uid): bool {
+		$qb = $this->db->getQueryBuilder();
+		$qb->select('*')
+			->from('authtoken')
+			->where($qb->expr()->eq('uid', $qb->createNamedParameter($uid)))
+			->andWhere($qb->expr()->eq('password_invalid', $qb->createNamedParameter(true), IQueryBuilder::PARAM_BOOL))
+			->setMaxResults(1);
+
+		$cursor = $qb->execute();
+		$data = $cursor->fetchAll();
+		$cursor->closeCursor();
+
+		return count($data) === 1;
+	}
 }
--- a/lib/private/Authentication/Token/PublicKeyTokenProvider.php
+++ b/lib/private/Authentication/Token/PublicKeyTokenProvider.php
@ -327,5 +327,20 @@ class PublicKeyTokenProvider implements IProvider {
 		$this->mapper->update($token);
 	}

+	public function updatePasswords(string $uid, string $password) {
+		if (!$this->mapper->hasExpiredTokens($uid)) {
+			// Nothing to do here
+			return;
+		}
+
+		// Update the password for all tokens
+		$tokens = $this->mapper->getTokenByUser($uid);
+		foreach ($tokens as $t) {
+			$publicKey = $t->getPublicKey();
+			$t->setPassword($this->encryptPassword($password, $publicKey));
+			$this->updateToken($t);
+		}
+	}
+

 }
--- a/lib/private/User/Session.php
+++ b/lib/private/User/Session.php
@ -950,5 +950,9 @@ class Session implements IUserSession, Emitter {
 		}
 	}

+	public function updateTokens(string $uid, string $password) {
+		$this->tokenProvider->updatePasswords($uid, $password);
+	}
+

 }