diff --git a/lib/Entity/DataSetColumn.php b/lib/Entity/DataSetColumn.php index 9d797d89d6..d05c933b90 100644 --- a/lib/Entity/DataSetColumn.php +++ b/lib/Entity/DataSetColumn.php @@ -252,11 +252,13 @@ public function validate() // We can check this is valid by building up a NOT IN sql statement, if we get results.. we know its not good $select = ''; - $dbh = $this->getStore()->getConnection(); + $dbh = $this->getStore()->getConnection('isolated'); for ($i=0; $i < count($list); $i++) { - $list_val = $dbh->quote($list[$i]); - $select .= $list_val . ','; + if (!empty($list[$i])) { + $list_val = $dbh->quote($list[$i]); + $select .= $list_val . ','; + } } $select = rtrim($select, ','); @@ -279,7 +281,7 @@ public function validate() $formula = str_replace('[DisplayId]', 0, $this->formula); // replace DisplayGeoLocation with default CMS location, just to validate here. $formula = str_replace('[DisplayGeoLocation]', "GEOMFROMTEXT('POINT(51.504 -0.104)')", $formula); - $this->getStore()->select('SELECT * FROM (SELECT `id`, ' . $formula . ' AS `' . $this->heading . '` FROM `dataset_' . $this->dataSetId . '`) dataset WHERE 1 = 1 ', []); + $this->getStore()->select('SELECT * FROM (SELECT `id`, ' . $formula . ' AS `' . $this->heading . '` FROM `dataset_' . $this->dataSetId . '`) dataset WHERE 1 = 1 ', [], 'isolated'); } catch (\Exception $e) { $this->getLog()->debug('Formula validation failed with following message ' . $e->getMessage()); throw new InvalidArgumentException(__('Provided formula is invalid'), 'formula'); diff --git a/lib/OAuth/AccessTokenRepository.php b/lib/OAuth/AccessTokenRepository.php index a38827adbb..535c0db4f6 100644 --- a/lib/OAuth/AccessTokenRepository.php +++ b/lib/OAuth/AccessTokenRepository.php @@ -130,27 +130,38 @@ public function isAccessTokenRevoked($tokenId) /** @inheritDoc */ public function persistNewAccessToken(AccessTokenEntityInterface $accessTokenEntity) { + $date = clone $accessTokenEntity->getExpiryDateTime(); + // since stash cache sets expiresAt at up to provided date + // with up to 15% less than the provided date + // add more time to normal token expire, to ensure cache does not expire before the token. + $date = $date->add(new \DateInterval('PT30M')); + // cache with token identifier $cache = $this->pool->getItem('C_' . $accessTokenEntity->getIdentifier()); + $cache->set( [ 'userIdentifier' => $accessTokenEntity->getUserIdentifier(), 'client' => $accessTokenEntity->getClient()->getIdentifier() ] ); - $cache->expiresAt($accessTokenEntity->getExpiryDateTime()); + $cache->expiresAt($date); $this->pool->saveDeferred($cache); // double cache with client identifier and user identifier // this will allow us to revoke access to client or for specific client/user combination in the backend - $cache2 = $this->pool->getItem('C_' . $accessTokenEntity->getClient()->getIdentifier() . '/' . $accessTokenEntity->getUserIdentifier()); + $cache2 = $this->pool->getItem( + 'C_' . $accessTokenEntity->getClient()->getIdentifier() . '/' . $accessTokenEntity->getUserIdentifier() + ); + $cache2->set( [ 'userIdentifier' => $accessTokenEntity->getUserIdentifier(), 'client' => $accessTokenEntity->getClient()->getIdentifier() ] ); - $cache2->expiresAt($accessTokenEntity->getExpiryDateTime()); + + $cache2->expiresAt($date); $this->pool->saveDeferred($cache2); } diff --git a/lib/OAuth/RefreshTokenRepository.php b/lib/OAuth/RefreshTokenRepository.php index ccb3f87baa..3fef59ace6 100644 --- a/lib/OAuth/RefreshTokenRepository.php +++ b/lib/OAuth/RefreshTokenRepository.php @@ -1,8 +1,8 @@ getExpiryDateTime(); + // since stash cache sets expiresAt at up to provided date + // with up to 15% less than the provided date + // add more time to normal refresh token expire, to ensure cache does not expire before the token. + $date = $date->add(new \DateInterval('P15D')); + // cache with refresh token identifier $cache = $this->pool->getItem('R_' . $refreshTokenEntity->getIdentifier()); $cache->set( @@ -59,7 +65,7 @@ public function persistNewRefreshToken(RefreshTokenEntityInterface $refreshToken 'accessToken' => $refreshTokenEntity->getAccessToken()->getIdentifier(), ] ); - $cache->expiresAt($refreshTokenEntity->getExpiryDateTime()); + $cache->expiresAt($date); $this->pool->saveDeferred($cache); } @@ -88,13 +94,18 @@ public function isRefreshTokenRevoked($tokenId) $tokenCache = $this->pool->getItem('C_' . $refreshTokenData['accessToken']); $tokenCacheData = $tokenCache->get(); - // check access token cache by client and user identifiers - // (see if application got changed secret/revoked access) - $cache2 = $this->pool->getItem('C_' . $tokenCacheData['client'] . '/' . $tokenCacheData['userIdentifier']); - $data2 = $cache2->get(); + // if the token itself not expired yet + // check if it was unauthorised by the specific user + // we cannot always check this as it would revoke refresh token if the access token already expired. + if (!$tokenCache->isMiss() && !empty($tokenCacheData)) { + // check access token cache by client and user identifiers + // (see if application got changed secret/revoked access) + $cache2 = $this->pool->getItem('C_' . $tokenCacheData['client'] . '/' . $tokenCacheData['userIdentifier']); + $data2 = $cache2->get(); - if ($cache2->isMiss() || empty($data2)) { - return true; + if ($cache2->isMiss() || empty($data2)) { + return true; + } } return false; // The refresh token has not been revoked diff --git a/lib/Widget/Image.php b/lib/Widget/Image.php index 6c484da246..d3aa443cea 100644 --- a/lib/Widget/Image.php +++ b/lib/Widget/Image.php @@ -1,8 +1,8 @@ aspectRatio(); } + $constraint->upsize(); }); } }