New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow restricting of app password permissions #719
Changes from all commits
b56f2c9
2389e0f
b4e27d3
1afccde
da63af8
7e9e5db
c5df58e
bb65d3b
a4ea20a
4c3d18a
4837904
91851c3
e5bc80b
59d6003
311531e
9157f80
e774327
e633f2f
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -72,17 +72,40 @@ public function invalidateOld($olderThan, $remember = IToken::DO_NOT_REMEMBER) { | |
public function getToken($token) { | ||
/* @var $qb IQueryBuilder */ | ||
$qb = $this->db->getQueryBuilder(); | ||
$result = $qb->select('id', 'uid', 'login_name', 'password', 'name', 'type', 'remember', 'token', 'last_activity', 'last_check') | ||
$result = $qb->select('id', 'uid', 'login_name', 'password', 'name', 'type', 'remember', 'token', 'last_activity', 'last_check', 'scope') | ||
->from('authtoken') | ||
->where($qb->expr()->eq('token', $qb->createParameter('token'))) | ||
->setParameter('token', $token) | ||
->where($qb->expr()->eq('token', $qb->createNamedParameter($token))) | ||
->execute(); | ||
|
||
$data = $result->fetch(); | ||
$result->closeCursor(); | ||
if ($data === false) { | ||
throw new DoesNotExistException('token does not exist'); | ||
} | ||
; | ||
return DefaultToken::fromRow($data); | ||
} | ||
|
||
/** | ||
* Get the token for $id | ||
* | ||
* @param string $id | ||
* @throws DoesNotExistException | ||
* @return DefaultToken | ||
*/ | ||
public function getTokenById($id) { | ||
/* @var $qb IQueryBuilder */ | ||
$qb = $this->db->getQueryBuilder(); | ||
$result = $qb->select('id', 'uid', 'login_name', 'password', 'name', 'type', 'token', 'last_activity', 'last_check', 'scope') | ||
->from('authtoken') | ||
->where($qb->expr()->eq('id', $qb->createNamedParameter($id))) | ||
->execute(); | ||
|
||
$data = $result->fetch(); | ||
$result->closeCursor(); | ||
if ($data === false) { | ||
throw new DoesNotExistException('token does not exist'); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Line is not tested. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I can add tests later. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. added test |
||
}; | ||
return DefaultToken::fromRow($data); | ||
} | ||
|
||
|
@@ -98,7 +121,7 @@ public function getToken($token) { | |
public function getTokenByUser(IUser $user) { | ||
/* @var $qb IQueryBuilder */ | ||
$qb = $this->db->getQueryBuilder(); | ||
$qb->select('id', 'uid', 'login_name', 'password', 'name', 'type', 'remember', 'token', 'last_activity', 'last_check') | ||
$qb->select('id', 'uid', 'login_name', 'password', 'name', 'type', 'remember', 'token', 'last_activity', 'last_check', 'scope') | ||
->from('authtoken') | ||
->where($qb->expr()->eq('uid', $qb->createNamedParameter($user->getUID()))) | ||
->setMaxResults(1000); | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -67,9 +67,30 @@ public function getPassword(); | |
public function getLastCheck(); | ||
|
||
/** | ||
* Get the timestamp of the last password check | ||
* Set the timestamp of the last password check | ||
* | ||
* @param int $time | ||
*/ | ||
public function setLastCheck($time); | ||
|
||
/** | ||
* Get the authentication scope for this token | ||
* | ||
* @return string | ||
*/ | ||
public function getScope(); | ||
|
||
/** | ||
* Get the authentication scope for this token | ||
* | ||
* @return array | ||
*/ | ||
public function getScopeAsArray(); | ||
|
||
/** | ||
* Set the authentication scope for this token | ||
* | ||
* @param array $scope | ||
*/ | ||
public function setScope($scope); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Typehint here |
||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -62,6 +62,7 @@ | |
use OC\Files\Config\MountProviderCollection; | ||
use OC\Files\Mount\MountPoint; | ||
use OC\Files\Storage\StorageFactory; | ||
use OC\Lockdown\Filesystem\NullStorage; | ||
use OCP\Files\Config\IMountProvider; | ||
use OCP\Files\Mount\IMountPoint; | ||
use OCP\Files\NotFoundException; | ||
|
@@ -216,7 +217,7 @@ class Filesystem { | |
* @internal | ||
*/ | ||
public static function logWarningWhenAddingStorageWrapper($shouldLog) { | ||
self::$logWarningWhenAddingStorageWrapper = (bool) $shouldLog; | ||
self::$logWarningWhenAddingStorageWrapper = (bool)$shouldLog; | ||
} | ||
|
||
/** | ||
|
@@ -426,25 +427,36 @@ public static function initMountPoints($user = '') { | |
self::$usersSetup[$user] = true; | ||
} | ||
|
||
/** @var \OC\Files\Config\MountProviderCollection $mountConfigManager */ | ||
$mountConfigManager = \OC::$server->getMountProviderCollection(); | ||
if (\OC::$server->getLockdownManager()->canAccessFilesystem()) { | ||
/** @var \OC\Files\Config\MountProviderCollection $mountConfigManager */ | ||
$mountConfigManager = \OC::$server->getMountProviderCollection(); | ||
|
||
// home mounts are handled seperate since we need to ensure this is mounted before we call the other mount providers | ||
$homeMount = $mountConfigManager->getHomeMountForUser($userObject); | ||
// home mounts are handled seperate since we need to ensure this is mounted before we call the other mount providers | ||
$homeMount = $mountConfigManager->getHomeMountForUser($userObject); | ||
|
||
self::getMountManager()->addMount($homeMount); | ||
self::getMountManager()->addMount($homeMount); | ||
|
||
\OC\Files\Filesystem::getStorage($user); | ||
\OC\Files\Filesystem::getStorage($user); | ||
|
||
// Chance to mount for other storages | ||
if ($userObject) { | ||
$mounts = $mountConfigManager->getMountsForUser($userObject); | ||
array_walk($mounts, array(self::$mounts, 'addMount')); | ||
$mounts[] = $homeMount; | ||
$mountConfigManager->registerMounts($userObject, $mounts); | ||
} | ||
// Chance to mount for other storages | ||
if ($userObject) { | ||
$mounts = $mountConfigManager->getMountsForUser($userObject); | ||
array_walk($mounts, array(self::$mounts, 'addMount')); | ||
$mounts[] = $homeMount; | ||
$mountConfigManager->registerMounts($userObject, $mounts); | ||
} | ||
|
||
self::listenForNewMountProviders($mountConfigManager, $userManager); | ||
self::listenForNewMountProviders($mountConfigManager, $userManager); | ||
} else { | ||
self::$mounts->addMount(new MountPoint( | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This else statement is not covered by tests. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. :sadpandaface: There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. done |
||
new NullStorage([]), | ||
'/' . $user | ||
)); | ||
self::$mounts->addMount(new MountPoint( | ||
new NullStorage([]), | ||
'/' . $user . '/files' | ||
)); | ||
} | ||
\OC_Hook::emit('OC_Filesystem', 'post_initMountPoints', array('user' => $user)); | ||
} | ||
|
||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a little redundant right.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
required to implement the interface