archive
/
nextcloud
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Always catch OCP versions of authentication exceptions

Browse Source 
And always throw OC versions for BC

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
pull/42640/head
Côme Chilliet 5 months ago committed by Côme Chilliet
parent 67fba0a574
commit eee9f1eec4
15 changed files with 34 additions and 29 deletions
Show Stats Download Patch File Download Diff File

4
apps/oauth2/lib/Controller/OauthApiController.php
Unescape Escape View File

@ -28,8 +28,6 @@ declare(strict_types=1);
*/ */
namespace OCA\OAuth2\Controller; namespace OCA\OAuth2\Controller;
use OC\Authentication\Exceptions\ExpiredTokenException;
use OC\Authentication\Exceptions\InvalidTokenException;
use OC\Authentication\Token\IProvider as TokenProvider; use OC\Authentication\Token\IProvider as TokenProvider;
use OCA\OAuth2\Db\AccessTokenMapper; use OCA\OAuth2\Db\AccessTokenMapper;
use OCA\OAuth2\Db\ClientMapper; use OCA\OAuth2\Db\ClientMapper;
@ -39,6 +37,8 @@ use OCP\AppFramework\Controller;
use OCP\AppFramework\Http; use OCP\AppFramework\Http;
use OCP\AppFramework\Http\JSONResponse; use OCP\AppFramework\Http\JSONResponse;
use OCP\AppFramework\Utility\ITimeFactory; use OCP\AppFramework\Utility\ITimeFactory;
use OCP\Authentication\Exceptions\ExpiredTokenException;
use OCP\Authentication\Exceptions\InvalidTokenException;
use OCP\DB\Exception; use OCP\DB\Exception;
use OCP\IRequest; use OCP\IRequest;
use OCP\Security\Bruteforce\IThrottler; use OCP\Security\Bruteforce\IThrottler;

2
apps/oauth2/lib/Migration/SetTokenExpiration.php
Unescape Escape View File

@ -26,10 +26,10 @@ declare(strict_types=1);
*/ */
namespace OCA\OAuth2\Migration; namespace OCA\OAuth2\Migration;
use OC\Authentication\Exceptions\InvalidTokenException;
use OC\Authentication\Token\IProvider as TokenProvider; use OC\Authentication\Token\IProvider as TokenProvider;
use OCA\OAuth2\Db\AccessToken; use OCA\OAuth2\Db\AccessToken;
use OCP\AppFramework\Utility\ITimeFactory; use OCP\AppFramework\Utility\ITimeFactory;
use OCP\Authentication\Exceptions\InvalidTokenException;
use OCP\IDBConnection; use OCP\IDBConnection;
use OCP\Migration\IOutput; use OCP\Migration\IOutput;
use OCP\Migration\IRepairStep; use OCP\Migration\IRepairStep;

12
apps/settings/lib/Controller/AuthSettingsController.php
Unescape Escape View File

@ -32,10 +32,8 @@
namespace OCA\Settings\Controller; namespace OCA\Settings\Controller;
use BadMethodCallException; use BadMethodCallException;
use OC\Authentication\Exceptions\ExpiredTokenException; use OC\Authentication\Exceptions\InvalidTokenException as OcInvalidTokenException;
use OC\Authentication\Exceptions\InvalidTokenException;
use OC\Authentication\Exceptions\PasswordlessTokenException; use OC\Authentication\Exceptions\PasswordlessTokenException;
use OC\Authentication\Exceptions\WipeTokenException;
use OC\Authentication\Token\INamedToken; use OC\Authentication\Token\INamedToken;
use OC\Authentication\Token\IProvider; use OC\Authentication\Token\IProvider;
use OC\Authentication\Token\IToken; use OC\Authentication\Token\IToken;
@ -45,6 +43,9 @@ use OCP\Activity\IManager;
use OCP\AppFramework\Controller; use OCP\AppFramework\Controller;
use OCP\AppFramework\Http; use OCP\AppFramework\Http;
use OCP\AppFramework\Http\JSONResponse; use OCP\AppFramework\Http\JSONResponse;
use OCP\Authentication\Exceptions\ExpiredTokenException;
use OCP\Authentication\Exceptions\InvalidTokenException;
use OCP\Authentication\Exceptions\WipeTokenException;
use OCP\IRequest; use OCP\IRequest;
use OCP\ISession; use OCP\ISession;
use OCP\IUserSession; use OCP\IUserSession;
@ -292,7 +293,8 @@ class AuthSettingsController extends Controller {
$token = $e->getToken(); $token = $e->getToken();
} }
if ($token->getUID() !== $this->uid) { if ($token->getUID() !== $this->uid) {
throw new InvalidTokenException('This token does not belong to you!'); /* We have to throw the OC version so both OC and OCP catches catch it */
throw new OcInvalidTokenException('This token does not belong to you!');
} }
return $token; return $token;
} }
@ -305,7 +307,7 @@ class AuthSettingsController extends Controller {
* @param int $id * @param int $id
* @return JSONResponse * @return JSONResponse
* @throws InvalidTokenException * @throws InvalidTokenException
* @throws \OC\Authentication\Exceptions\ExpiredTokenException * @throws ExpiredTokenException
*/ */
public function wipe(int $id): JSONResponse { public function wipe(int $id): JSONResponse {
if ($this->checkAppToken()) { if ($this->checkAppToken()) {

2
apps/settings/lib/Settings/Personal/Security/Authtokens.php
Unescape Escape View File

@ -25,12 +25,12 @@ declare(strict_types=1);
*/ */
namespace OCA\Settings\Settings\Personal\Security; namespace OCA\Settings\Settings\Personal\Security;
use OC\Authentication\Exceptions\InvalidTokenException;
use OC\Authentication\Token\INamedToken; use OC\Authentication\Token\INamedToken;
use OC\Authentication\Token\IProvider as IAuthTokenProvider; use OC\Authentication\Token\IProvider as IAuthTokenProvider;
use OC\Authentication\Token\IToken; use OC\Authentication\Token\IToken;
use OCP\AppFramework\Http\TemplateResponse; use OCP\AppFramework\Http\TemplateResponse;
use OCP\AppFramework\Services\IInitialState; use OCP\AppFramework\Services\IInitialState;
use OCP\Authentication\Exceptions\InvalidTokenException;
use OCP\ISession; use OCP\ISession;
use OCP\IUserSession; use OCP\IUserSession;
use OCP\Session\Exceptions\SessionNotAvailableException; use OCP\Session\Exceptions\SessionNotAvailableException;

2
core/Controller/AppPasswordController.php
Unescape Escape View File

@ -29,13 +29,13 @@ declare(strict_types=1);
namespace OC\Core\Controller; namespace OC\Core\Controller;
use OC\Authentication\Events\AppPasswordCreatedEvent; use OC\Authentication\Events\AppPasswordCreatedEvent;
use OC\Authentication\Exceptions\InvalidTokenException;
use OC\Authentication\Token\IProvider; use OC\Authentication\Token\IProvider;
use OC\Authentication\Token\IToken; use OC\Authentication\Token\IToken;
use OCP\AppFramework\Http; use OCP\AppFramework\Http;
use OCP\AppFramework\Http\DataResponse; use OCP\AppFramework\Http\DataResponse;
use OCP\AppFramework\OCS\OCSForbiddenException; use OCP\AppFramework\OCS\OCSForbiddenException;
use OCP\Authentication\Exceptions\CredentialsUnavailableException; use OCP\Authentication\Exceptions\CredentialsUnavailableException;
use OCP\Authentication\Exceptions\InvalidTokenException;
use OCP\Authentication\Exceptions\PasswordUnavailableException; use OCP\Authentication\Exceptions\PasswordUnavailableException;
use OCP\Authentication\LoginCredentials\IStore; use OCP\Authentication\LoginCredentials\IStore;
use OCP\EventDispatcher\IEventDispatcher; use OCP\EventDispatcher\IEventDispatcher;

5
core/Controller/ClientFlowLoginController.php
Unescape Escape View File

@ -33,7 +33,7 @@
namespace OC\Core\Controller; namespace OC\Core\Controller;
use OC\Authentication\Events\AppPasswordCreatedEvent; use OC\Authentication\Events\AppPasswordCreatedEvent;
use OC\Authentication\Exceptions\InvalidTokenException; use OC\Authentication\Exceptions\InvalidTokenException as OcInvalidTokenException;
use OC\Authentication\Exceptions\PasswordlessTokenException; use OC\Authentication\Exceptions\PasswordlessTokenException;
use OC\Authentication\Token\IProvider; use OC\Authentication\Token\IProvider;
use OC\Authentication\Token\IToken; use OC\Authentication\Token\IToken;
@ -47,6 +47,7 @@ use OCP\AppFramework\Http\Attribute\UseSession;
use OCP\AppFramework\Http\Response; use OCP\AppFramework\Http\Response;
use OCP\AppFramework\Http\StandaloneTemplateResponse; use OCP\AppFramework\Http\StandaloneTemplateResponse;
use OCP\AppFramework\Utility\ITimeFactory; use OCP\AppFramework\Utility\ITimeFactory;
use OCP\Authentication\Exceptions\InvalidTokenException;
use OCP\Defaults; use OCP\Defaults;
use OCP\EventDispatcher\IEventDispatcher; use OCP\EventDispatcher\IEventDispatcher;
use OCP\IL10N; use OCP\IL10N;
@ -331,7 +332,7 @@ class ClientFlowLoginController extends Controller {
try { try {
$token = $this->tokenProvider->getToken($password); $token = $this->tokenProvider->getToken($password);
if ($token->getLoginName() !== $user) { if ($token->getLoginName() !== $user) {
throw new InvalidTokenException('login name does not match'); throw new OcInvalidTokenException('login name does not match');
} }
} catch (InvalidTokenException $e) { } catch (InvalidTokenException $e) {
$response = new StandaloneTemplateResponse( $response = new StandaloneTemplateResponse(

5
core/Controller/ClientFlowLoginV2Controller.php
Unescape Escape View File

@ -27,7 +27,7 @@ declare(strict_types=1);
*/ */
namespace OC\Core\Controller; namespace OC\Core\Controller;
use OC\Authentication\Exceptions\InvalidTokenException; use OC\Authentication\Exceptions\InvalidTokenException as OcInvalidTokenException;
use OC\Core\Db\LoginFlowV2; use OC\Core\Db\LoginFlowV2;
use OC\Core\Exception\LoginFlowV2NotFoundException; use OC\Core\Exception\LoginFlowV2NotFoundException;
use OC\Core\Service\LoginFlowV2Service; use OC\Core\Service\LoginFlowV2Service;
@ -40,6 +40,7 @@ use OCP\AppFramework\Http\JSONResponse;
use OCP\AppFramework\Http\RedirectResponse; use OCP\AppFramework\Http\RedirectResponse;
use OCP\AppFramework\Http\Response; use OCP\AppFramework\Http\Response;
use OCP\AppFramework\Http\StandaloneTemplateResponse; use OCP\AppFramework\Http\StandaloneTemplateResponse;
use OCP\Authentication\Exceptions\InvalidTokenException;
use OCP\Defaults; use OCP\Defaults;
use OCP\IL10N; use OCP\IL10N;
use OCP\IRequest; use OCP\IRequest;
@ -211,7 +212,7 @@ class ClientFlowLoginV2Controller extends Controller {
try { try {
$token = \OC::$server->get(\OC\Authentication\Token\IProvider::class)->getToken($password); $token = \OC::$server->get(\OC\Authentication\Token\IProvider::class)->getToken($password);
if ($token->getLoginName() !== $user) { if ($token->getLoginName() !== $user) {
throw new InvalidTokenException('login name does not match'); throw new OcInvalidTokenException('login name does not match');
} }
} catch (InvalidTokenException $e) { } catch (InvalidTokenException $e) {
$response = new StandaloneTemplateResponse( $response = new StandaloneTemplateResponse(

2
core/Controller/WipeController.php
Unescape Escape View File

@ -26,11 +26,11 @@ declare(strict_types=1);
*/ */
namespace OC\Core\Controller; namespace OC\Core\Controller;
use OC\Authentication\Exceptions\InvalidTokenException;
use OC\Authentication\Token\RemoteWipe; use OC\Authentication\Token\RemoteWipe;
use OCP\AppFramework\Controller; use OCP\AppFramework\Controller;
use OCP\AppFramework\Http; use OCP\AppFramework\Http;
use OCP\AppFramework\Http\JSONResponse; use OCP\AppFramework\Http\JSONResponse;
use OCP\Authentication\Exceptions\InvalidTokenException;
use OCP\IRequest; use OCP\IRequest;
class WipeController extends Controller { class WipeController extends Controller {

2
core/Service/LoginFlowV2Service.php
Unescape Escape View File

@ -26,7 +26,6 @@ declare(strict_types=1);
*/ */
namespace OC\Core\Service; namespace OC\Core\Service;
use OC\Authentication\Exceptions\InvalidTokenException;
use OC\Authentication\Exceptions\PasswordlessTokenException; use OC\Authentication\Exceptions\PasswordlessTokenException;
use OC\Authentication\Token\IProvider; use OC\Authentication\Token\IProvider;
use OC\Authentication\Token\IToken; use OC\Authentication\Token\IToken;
@ -37,6 +36,7 @@ use OC\Core\Db\LoginFlowV2Mapper;
use OC\Core\Exception\LoginFlowV2NotFoundException; use OC\Core\Exception\LoginFlowV2NotFoundException;
use OCP\AppFramework\Db\DoesNotExistException; use OCP\AppFramework\Db\DoesNotExistException;
use OCP\AppFramework\Utility\ITimeFactory; use OCP\AppFramework\Utility\ITimeFactory;
use OCP\Authentication\Exceptions\InvalidTokenException;
use OCP\IConfig; use OCP\IConfig;
use OCP\Security\ICrypto; use OCP\Security\ICrypto;
use OCP\Security\ISecureRandom; use OCP\Security\ISecureRandom;

2
lib/private/Authentication/LoginCredentials/Store.php
Unescape Escape View File

@ -26,10 +26,10 @@ declare(strict_types=1);
*/ */
namespace OC\Authentication\LoginCredentials; namespace OC\Authentication\LoginCredentials;
use OC\Authentication\Exceptions\InvalidTokenException;
use OC\Authentication\Exceptions\PasswordlessTokenException; use OC\Authentication\Exceptions\PasswordlessTokenException;
use OC\Authentication\Token\IProvider; use OC\Authentication\Token\IProvider;
use OCP\Authentication\Exceptions\CredentialsUnavailableException; use OCP\Authentication\Exceptions\CredentialsUnavailableException;
use OCP\Authentication\Exceptions\InvalidTokenException;
use OCP\Authentication\LoginCredentials\ICredentials; use OCP\Authentication\LoginCredentials\ICredentials;
use OCP\Authentication\LoginCredentials\IStore; use OCP\Authentication\LoginCredentials\IStore;
use OCP\ISession; use OCP\ISession;

13
lib/private/Authentication/Token/Manager.php
Unescape Escape View File

@ -28,10 +28,11 @@ declare(strict_types=1);
namespace OC\Authentication\Token; namespace OC\Authentication\Token;
use Doctrine\DBAL\Exception\UniqueConstraintViolationException; use Doctrine\DBAL\Exception\UniqueConstraintViolationException;
use OC\Authentication\Exceptions\ExpiredTokenException; use OC\Authentication\Exceptions\InvalidTokenException as OcInvalidTokenException;
use OC\Authentication\Exceptions\InvalidTokenException; use OCP\Authentication\Exceptions\ExpiredTokenException;
use OC\Authentication\Exceptions\PasswordlessTokenException; use OCP\Authentication\Exceptions\InvalidTokenException;
use OC\Authentication\Exceptions\WipeTokenException; use OCP\Authentication\Exceptions\PasswordlessTokenException;
use OCP\Authentication\Exceptions\WipeTokenException;
use OCP\Authentication\Token\IProvider as OCPIProvider; use OCP\Authentication\Token\IProvider as OCPIProvider;
class Manager implements IProvider, OCPIProvider { class Manager implements IProvider, OCPIProvider {
@ -221,7 +222,7 @@ class Manager implements IProvider, OCPIProvider {
return $this->publicKeyTokenProvider->rotate($token, $oldTokenId, $newTokenId); return $this->publicKeyTokenProvider->rotate($token, $oldTokenId, $newTokenId);
} }
throw new InvalidTokenException(); throw new OcInvalidTokenException();
} }
/** /**
@ -233,7 +234,7 @@ class Manager implements IProvider, OCPIProvider {
if ($token instanceof PublicKeyToken) { if ($token instanceof PublicKeyToken) {
return $this->publicKeyTokenProvider; return $this->publicKeyTokenProvider;
} }
throw new InvalidTokenException(); throw new OcInvalidTokenException();
} }

4
lib/private/Authentication/Token/RemoteWipe.php
Unescape Escape View File

@ -29,8 +29,8 @@ namespace OC\Authentication\Token;
use OC\Authentication\Events\RemoteWipeFinished; use OC\Authentication\Events\RemoteWipeFinished;
use OC\Authentication\Events\RemoteWipeStarted; use OC\Authentication\Events\RemoteWipeStarted;
use OC\Authentication\Exceptions\InvalidTokenException; use OCP\Authentication\Exceptions\InvalidTokenException;
use OC\Authentication\Exceptions\WipeTokenException; use OCP\Authentication\Exceptions\WipeTokenException;
use OCP\EventDispatcher\IEventDispatcher; use OCP\EventDispatcher\IEventDispatcher;
use OCP\IUser; use OCP\IUser;
use Psr\Log\LoggerInterface; use Psr\Log\LoggerInterface;

2
lib/private/Authentication/TwoFactorAuth/Manager.php
Unescape Escape View File

@ -29,10 +29,10 @@ namespace OC\Authentication\TwoFactorAuth;
use BadMethodCallException; use BadMethodCallException;
use Exception; use Exception;
use OC\Authentication\Exceptions\InvalidTokenException;
use OC\Authentication\Token\IProvider as TokenProvider; use OC\Authentication\Token\IProvider as TokenProvider;
use OCP\Activity\IManager; use OCP\Activity\IManager;
use OCP\AppFramework\Utility\ITimeFactory; use OCP\AppFramework\Utility\ITimeFactory;
use OCP\Authentication\Exceptions\InvalidTokenException;
use OCP\Authentication\TwoFactorAuth\IActivatableAtLogin; use OCP\Authentication\TwoFactorAuth\IActivatableAtLogin;
use OCP\Authentication\TwoFactorAuth\IProvider; use OCP\Authentication\TwoFactorAuth\IProvider;
use OCP\Authentication\TwoFactorAuth\IRegistry; use OCP\Authentication\TwoFactorAuth\IRegistry;

2
lib/private/Session/Internal.php
Unescape Escape View File

@ -33,8 +33,8 @@ declare(strict_types=1);
*/ */
namespace OC\Session; namespace OC\Session;
use OC\Authentication\Exceptions\InvalidTokenException;
use OC\Authentication\Token\IProvider; use OC\Authentication\Token\IProvider;
use OCP\Authentication\Exceptions\InvalidTokenException;
use OCP\Session\Exceptions\SessionNotAvailableException; use OCP\Session\Exceptions\SessionNotAvailableException;
/** /**

4
lib/private/User/Session.php
Unescape Escape View File

@ -39,8 +39,6 @@
namespace OC\User; namespace OC\User;
use OC; use OC;
use OC\Authentication\Exceptions\ExpiredTokenException;
use OC\Authentication\Exceptions\InvalidTokenException;
use OC\Authentication\Exceptions\PasswordlessTokenException; use OC\Authentication\Exceptions\PasswordlessTokenException;
use OC\Authentication\Exceptions\PasswordLoginForbiddenException; use OC\Authentication\Exceptions\PasswordLoginForbiddenException;
use OC\Authentication\Token\IProvider; use OC\Authentication\Token\IProvider;
@ -51,6 +49,8 @@ use OC_User;
use OC_Util; use OC_Util;
use OCA\DAV\Connector\Sabre\Auth; use OCA\DAV\Connector\Sabre\Auth;
use OCP\AppFramework\Utility\ITimeFactory; use OCP\AppFramework\Utility\ITimeFactory;
use OCP\Authentication\Exceptions\ExpiredTokenException;
use OCP\Authentication\Exceptions\InvalidTokenException;
use OCP\EventDispatcher\GenericEvent; use OCP\EventDispatcher\GenericEvent;
use OCP\EventDispatcher\IEventDispatcher; use OCP\EventDispatcher\IEventDispatcher;
use OCP\Files\NotPermittedException; use OCP\Files\NotPermittedException;

Write Preview
Loading…
Cancel
Save