From 91b599ffe422f6026d0b8fae6df698071dce9cf8 Mon Sep 17 00:00:00 2001 From: Artur Neumann Date: Fri, 11 Nov 2022 13:16:14 +0545 Subject: [PATCH 01/10] invalidate existing tokens when deleting an oauth client Signed-off-by: Artur Neumann --- .../lib/Controller/SettingsController.php | 28 +++++++- .../Controller/SettingsControllerTest.php | 64 +++++++++++++++++-- 2 files changed, 86 insertions(+), 6 deletions(-) diff --git a/apps/oauth2/lib/Controller/SettingsController.php b/apps/oauth2/lib/Controller/SettingsController.php index d3c9239ba56c5..0cd0f87d8a12e 100644 --- a/apps/oauth2/lib/Controller/SettingsController.php +++ b/apps/oauth2/lib/Controller/SettingsController.php @@ -30,6 +30,7 @@ */ namespace OCA\OAuth2\Controller; +use OC\Authentication\Token\IProvider as IAuthTokenProvider; use OCA\OAuth2\Db\AccessTokenMapper; use OCA\OAuth2\Db\Client; use OCA\OAuth2\Db\ClientMapper; @@ -38,6 +39,8 @@ use OCP\AppFramework\Http\JSONResponse; use OCP\IL10N; use OCP\IRequest; +use OCP\IUser; +use OCP\IUserManager; use OCP\Security\ISecureRandom; use OCP\Security\ICrypto; @@ -50,9 +53,16 @@ class SettingsController extends Controller { private $accessTokenMapper; /** @var IL10N */ private $l; + /** @var ICrypto */ private $crypto; + /** @var IAuthTokenProvider */ + private $tokenProvider; + /** + * @var IUserManager + */ + private $userManager; public const validChars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'; public function __construct(string $appName, @@ -61,7 +71,9 @@ public function __construct(string $appName, ISecureRandom $secureRandom, AccessTokenMapper $accessTokenMapper, IL10N $l, - ICrypto $crypto + ICrypto $crypto, + IAuthTokenProvider $tokenProvider, + IUserManager $userManager ) { parent::__construct($appName, $request); $this->secureRandom = $secureRandom; @@ -69,6 +81,8 @@ public function __construct(string $appName, $this->accessTokenMapper = $accessTokenMapper; $this->l = $l; $this->crypto = $crypto; + $this->tokenProvider = $tokenProvider; + $this->userManager = $userManager; } public function addClient(string $name, @@ -99,6 +113,18 @@ public function addClient(string $name, public function deleteClient(int $id): JSONResponse { $client = $this->clientMapper->getByUid($id); + + $this->userManager->callForAllUsers(function (IUser $user) use ($client) { + $tokens = $this->tokenProvider->getTokenByUser($user->getUID()); + foreach ($tokens as $token) { + if ($token->getName() === $client->getName()) { + $this->tokenProvider->invalidateTokenById( + $user->getUID(), $token->getId() + ); + } + } + }); + $this->accessTokenMapper->deleteByClientId($id); $this->clientMapper->delete($client); return new JSONResponse([]); diff --git a/apps/oauth2/tests/Controller/SettingsControllerTest.php b/apps/oauth2/tests/Controller/SettingsControllerTest.php index 3c7083747fc57..76a3ae28a000f 100644 --- a/apps/oauth2/tests/Controller/SettingsControllerTest.php +++ b/apps/oauth2/tests/Controller/SettingsControllerTest.php @@ -26,6 +26,8 @@ */ namespace OCA\OAuth2\Tests\Controller; +use OC\Authentication\Token\IToken; +use OC\Authentication\Token\IProvider as IAuthTokenProvider; use OCA\OAuth2\Controller\SettingsController; use OCA\OAuth2\Db\AccessTokenMapper; use OCA\OAuth2\Db\Client; @@ -35,9 +37,14 @@ use OCP\IL10N; use OCP\IRequest; use OCP\Security\ICrypto; +use OCP\IUser; +use OCP\IUserManager; use OCP\Security\ISecureRandom; use Test\TestCase; +/** + * @group DB + */ class SettingsControllerTest extends TestCase { /** @var IRequest|\PHPUnit\Framework\MockObject\MockObject */ private $request; @@ -51,6 +58,8 @@ class SettingsControllerTest extends TestCase { private $settingsController; /** @var ICrypto|\PHPUnit\Framework\MockObject\MockObject */ private $crypto; + /** @var IL10N|\PHPUnit\Framework\MockObject\MockObject */ + private $l; protected function setUp(): void { parent::setUp(); @@ -59,8 +68,8 @@ protected function setUp(): void { $this->clientMapper = $this->createMock(ClientMapper::class); $this->secureRandom = $this->createMock(ISecureRandom::class); $this->accessTokenMapper = $this->createMock(AccessTokenMapper::class); - $l = $this->createMock(IL10N::class); - $l->method('t') + $this->l = $this->createMock(IL10N::class); + $this->l->method('t') ->willReturnArgument(0); $this->crypto = $this->createMock(ICrypto::class); @@ -70,9 +79,12 @@ protected function setUp(): void { $this->clientMapper, $this->secureRandom, $this->accessTokenMapper, - $l, - $this->crypto + $this->l, + $this->crypto, + $this->createMock(IAuthTokenProvider::class), + $this->createMock(IUserManager::class) ); + } public function testAddClient() { @@ -123,6 +135,34 @@ public function testAddClient() { } public function testDeleteClient() { + + $userManager = \OC::$server->getUserManager(); + // count other users in the db before adding our own + $count = 0; + $function = function (IUser $user) use (&$count) { + $count++; + }; + $userManager->callForAllUsers($function); + $user1 = $userManager->createUser('test101', 'test101'); + $tokenMocks[0] = $this->getMockBuilder(IToken::class)->getMock(); + $tokenMocks[0]->method('getName')->willReturn('Firefox session'); + $tokenMocks[0]->method('getId')->willReturn(1); + $tokenMocks[1] = $this->getMockBuilder(IToken::class)->getMock(); + $tokenMocks[1]->method('getName')->willReturn('My Client Name'); + $tokenMocks[1]->method('getId')->willReturn(2); + $tokenMocks[2] = $this->getMockBuilder(IToken::class)->getMock(); + $tokenMocks[2]->method('getName')->willReturn('mobile client'); + $tokenMocks[2]->method('getId')->willReturn(3); + + $tokenProviderMock = $this->getMockBuilder(IAuthTokenProvider::class)->getMock(); + $tokenProviderMock->method('getTokenByUser')->willReturn($tokenMocks); + + // expect one call per user and make sure the correct tokeId is selected + $tokenProviderMock + ->expects($this->exactly($count + 1)) + ->method('invalidateTokenById') + ->with($this->isType('string'), 2); + $client = new Client(); $client->setId(123); $client->setName('My Client Name'); @@ -142,9 +182,23 @@ public function testDeleteClient() { ->method('delete') ->with($client); - $result = $this->settingsController->deleteClient(123); + $settingsController = new SettingsController( + 'oauth2', + $this->request, + $this->clientMapper, + $this->secureRandom, + $this->accessTokenMapper, + $this->l, + $this->crypto, + $tokenProviderMock, + $userManager + ); + + $result = $settingsController->deleteClient(123); $this->assertInstanceOf(JSONResponse::class, $result); $this->assertEquals([], $result->getData()); + + $user1->delete(); } public function testInvalidRedirectUri() { From f0d182279f55d25c7a8ce6aa79be843500b56630 Mon Sep 17 00:00:00 2001 From: Artur Neumann Date: Mon, 21 Nov 2022 17:28:21 +0545 Subject: [PATCH 02/10] public interface to invalidate tokens of user Signed-off-by: Artur Neumann --- .../lib/Controller/SettingsController.php | 11 +----- lib/private/Authentication/Token/Manager.php | 13 ++++++- lib/private/Server.php | 3 +- lib/public/Authentication/Token/IProvider.php | 37 +++++++++++++++++++ 4 files changed, 52 insertions(+), 12 deletions(-) create mode 100644 lib/public/Authentication/Token/IProvider.php diff --git a/apps/oauth2/lib/Controller/SettingsController.php b/apps/oauth2/lib/Controller/SettingsController.php index 0cd0f87d8a12e..2991ba3853212 100644 --- a/apps/oauth2/lib/Controller/SettingsController.php +++ b/apps/oauth2/lib/Controller/SettingsController.php @@ -30,7 +30,7 @@ */ namespace OCA\OAuth2\Controller; -use OC\Authentication\Token\IProvider as IAuthTokenProvider; +use OCP\Authentication\Token\IProvider as IAuthTokenProvider; use OCA\OAuth2\Db\AccessTokenMapper; use OCA\OAuth2\Db\Client; use OCA\OAuth2\Db\ClientMapper; @@ -115,14 +115,7 @@ public function deleteClient(int $id): JSONResponse { $client = $this->clientMapper->getByUid($id); $this->userManager->callForAllUsers(function (IUser $user) use ($client) { - $tokens = $this->tokenProvider->getTokenByUser($user->getUID()); - foreach ($tokens as $token) { - if ($token->getName() === $client->getName()) { - $this->tokenProvider->invalidateTokenById( - $user->getUID(), $token->getId() - ); - } - } + $this->tokenProvider->invalidateTokensOfUser($user->getUID(), $client->getName()); }); $this->accessTokenMapper->deleteByClientId($id); diff --git a/lib/private/Authentication/Token/Manager.php b/lib/private/Authentication/Token/Manager.php index f8a0fb11c525b..761e799d29835 100644 --- a/lib/private/Authentication/Token/Manager.php +++ b/lib/private/Authentication/Token/Manager.php @@ -32,9 +32,9 @@ use OC\Authentication\Exceptions\InvalidTokenException; use OC\Authentication\Exceptions\PasswordlessTokenException; use OC\Authentication\Exceptions\WipeTokenException; +use OCP\Authentication\Token\IProvider as OCPIProvider; -class Manager implements IProvider { - +class Manager implements IProvider, OCPIProvider { /** @var PublicKeyTokenProvider */ private $publicKeyTokenProvider; @@ -240,4 +240,13 @@ public function markPasswordInvalid(IToken $token, string $tokenId) { public function updatePasswords(string $uid, string $password) { $this->publicKeyTokenProvider->updatePasswords($uid, $password); } + + public function invalidateTokensOfUser(string $uid, ?string $clientName) { + $tokens = $this->getTokenByUser($uid); + foreach ($tokens as $token) { + if ($clientName === null || ($token->getName() === $clientName)) { + $this->invalidateTokenById($uid, $token->getId()); + } + } + } } diff --git a/lib/private/Server.php b/lib/private/Server.php index 9e51d32cd56cb..9f5313444797c 100644 --- a/lib/private/Server.php +++ b/lib/private/Server.php @@ -161,6 +161,7 @@ use OCP\Accounts\IAccountManager; use OCP\App\IAppManager; use OCP\Authentication\LoginCredentials\IStore; +use OCP\Authentication\Token\IProvider as OCPIProvider; use OCP\BackgroundJob\IJobList; use OCP\Collaboration\AutoComplete\IManager; use OCP\Collaboration\Reference\IReferenceManager; @@ -278,7 +279,6 @@ * TODO: hookup all manager classes */ class Server extends ServerContainer implements IServerContainer { - /** @var string */ private $webRoot; @@ -547,6 +547,7 @@ public function __construct($webRoot, \OC\Config $config) { }); $this->registerAlias(IStore::class, Store::class); $this->registerAlias(IProvider::class, Authentication\Token\Manager::class); + $this->registerAlias(OCPIProvider::class, Authentication\Token\Manager::class); $this->registerService(\OC\User\Session::class, function (Server $c) { $manager = $c->get(IUserManager::class); diff --git a/lib/public/Authentication/Token/IProvider.php b/lib/public/Authentication/Token/IProvider.php new file mode 100644 index 0000000000000..9000868907e9f --- /dev/null +++ b/lib/public/Authentication/Token/IProvider.php @@ -0,0 +1,37 @@ + + * + * @author Artur Neumann + * + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see + * + */ +namespace OCP\Authentication\Token; + +interface IProvider { + /** + * invalidates all tokens of a specific user + * if a client name is given only tokens of that client will be invalidated + * + * @param string $uid + * @param string|null $clientName + * @return void + */ + public function invalidateTokensOfUser(string $uid, ?string $clientName); +} From fdfde4e6cc53fbf55cc7eed3d94f31b7dbac04c8 Mon Sep 17 00:00:00 2001 From: Artur Neumann Date: Tue, 22 Nov 2022 12:15:28 +0545 Subject: [PATCH 03/10] adjust SettingsController tests Signed-off-by: Artur Neumann --- .../Controller/SettingsControllerTest.php | 20 +++++-------------- 1 file changed, 5 insertions(+), 15 deletions(-) diff --git a/apps/oauth2/tests/Controller/SettingsControllerTest.php b/apps/oauth2/tests/Controller/SettingsControllerTest.php index 76a3ae28a000f..4692dd28830f4 100644 --- a/apps/oauth2/tests/Controller/SettingsControllerTest.php +++ b/apps/oauth2/tests/Controller/SettingsControllerTest.php @@ -27,7 +27,7 @@ namespace OCA\OAuth2\Tests\Controller; use OC\Authentication\Token\IToken; -use OC\Authentication\Token\IProvider as IAuthTokenProvider; +use OCP\Authentication\Token\IProvider as IAuthTokenProvider; use OCA\OAuth2\Controller\SettingsController; use OCA\OAuth2\Db\AccessTokenMapper; use OCA\OAuth2\Db\Client; @@ -144,24 +144,13 @@ public function testDeleteClient() { }; $userManager->callForAllUsers($function); $user1 = $userManager->createUser('test101', 'test101'); - $tokenMocks[0] = $this->getMockBuilder(IToken::class)->getMock(); - $tokenMocks[0]->method('getName')->willReturn('Firefox session'); - $tokenMocks[0]->method('getId')->willReturn(1); - $tokenMocks[1] = $this->getMockBuilder(IToken::class)->getMock(); - $tokenMocks[1]->method('getName')->willReturn('My Client Name'); - $tokenMocks[1]->method('getId')->willReturn(2); - $tokenMocks[2] = $this->getMockBuilder(IToken::class)->getMock(); - $tokenMocks[2]->method('getName')->willReturn('mobile client'); - $tokenMocks[2]->method('getId')->willReturn(3); - $tokenProviderMock = $this->getMockBuilder(IAuthTokenProvider::class)->getMock(); - $tokenProviderMock->method('getTokenByUser')->willReturn($tokenMocks); - // expect one call per user and make sure the correct tokeId is selected + // expect one call per user and ensure the correct client name $tokenProviderMock ->expects($this->exactly($count + 1)) - ->method('invalidateTokenById') - ->with($this->isType('string'), 2); + ->method('invalidateTokensOfUser') + ->with($this->isType('string'), 'My Client Name'); $client = new Client(); $client->setId(123); @@ -179,6 +168,7 @@ public function testDeleteClient() { ->method('deleteByClientId') ->with(123); $this->clientMapper + ->expects($this->once()) ->method('delete') ->with($client); From 37c017ccadd678fb2b88747c63bddac5926b7b48 Mon Sep 17 00:00:00 2001 From: Artur Neumann Date: Tue, 22 Nov 2022 12:28:35 +0545 Subject: [PATCH 04/10] unit tests for Manager::invalidateTokensOfUser Signed-off-by: Artur Neumann --- .../lib/Authentication/Token/ManagerTest.php | 44 +++++++++++++++++++ 1 file changed, 44 insertions(+) diff --git a/tests/lib/Authentication/Token/ManagerTest.php b/tests/lib/Authentication/Token/ManagerTest.php index 5f024bb1d43c0..de3e5e1c36202 100644 --- a/tests/lib/Authentication/Token/ManagerTest.php +++ b/tests/lib/Authentication/Token/ManagerTest.php @@ -355,4 +355,48 @@ public function testUpdatePasswords() { $this->manager->updatePasswords('uid', 'pass'); } + + public function testInvalidateTokensOfUserNoClientName() { + $t1 = new PublicKeyToken(); + $t2 = new PublicKeyToken(); + $t1->setId(123); + $t2->setId(456); + + $this->publicKeyTokenProvider + ->expects($this->once()) + ->method('getTokenByUser') + ->with('theUser') + ->willReturn([$t1, $t2]); + $this->publicKeyTokenProvider + ->expects($this->exactly(2)) + ->method('invalidateTokenById') + ->withConsecutive( + ['theUser', 123], + ['theUser', 456], + ); + $this->manager->invalidateTokensOfUser('theUser', null); + } + + public function testInvalidateTokensOfUserClientNameGiven() { + $t1 = new PublicKeyToken(); + $t2 = new PublicKeyToken(); + $t3 = new PublicKeyToken(); + $t1->setId(123); + $t1->setName('Firefox session'); + $t2->setId(456); + $t2->setName('My Client Name'); + $t3->setId(789); + $t3->setName('mobile client'); + + $this->publicKeyTokenProvider + ->expects($this->once()) + ->method('getTokenByUser') + ->with('theUser') + ->willReturn([$t1, $t2, $t3]); + $this->publicKeyTokenProvider + ->expects($this->once()) + ->method('invalidateTokenById') + ->with('theUser', 456); + $this->manager->invalidateTokensOfUser('theUser', 'My Client Name'); + } } From b44dfd0ca2916177f68d0d4de7ab58de5341ae0b Mon Sep 17 00:00:00 2001 From: Artur Neumann Date: Tue, 22 Nov 2022 12:52:29 +0545 Subject: [PATCH 05/10] added @since tag Signed-off-by: Artur Neumann --- lib/public/Authentication/Token/IProvider.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/public/Authentication/Token/IProvider.php b/lib/public/Authentication/Token/IProvider.php index 9000868907e9f..da2e400eb79ec 100644 --- a/lib/public/Authentication/Token/IProvider.php +++ b/lib/public/Authentication/Token/IProvider.php @@ -24,6 +24,9 @@ */ namespace OCP\Authentication\Token; +/** + * @since 24.0.8 + */ interface IProvider { /** * invalidates all tokens of a specific user @@ -31,6 +34,7 @@ interface IProvider { * * @param string $uid * @param string|null $clientName + * @since 24.0.8 * @return void */ public function invalidateTokensOfUser(string $uid, ?string $clientName); From 33512bbdbf9b199cdb940f8273ff407a4c007b1b Mon Sep 17 00:00:00 2001 From: Artur Neumann Date: Fri, 6 Jan 2023 16:58:51 +0545 Subject: [PATCH 06/10] autoloaderchecker Signed-off-by: Artur Neumann --- lib/composer/composer/autoload_classmap.php | 1 + lib/composer/composer/autoload_static.php | 1 + 2 files changed, 2 insertions(+) diff --git a/lib/composer/composer/autoload_classmap.php b/lib/composer/composer/autoload_classmap.php index b6b863705e7cd..7425b94fd817a 100644 --- a/lib/composer/composer/autoload_classmap.php +++ b/lib/composer/composer/autoload_classmap.php @@ -92,6 +92,7 @@ 'OCP\\Authentication\\IProvideUserSecretBackend' => $baseDir . '/lib/public/Authentication/IProvideUserSecretBackend.php', 'OCP\\Authentication\\LoginCredentials\\ICredentials' => $baseDir . '/lib/public/Authentication/LoginCredentials/ICredentials.php', 'OCP\\Authentication\\LoginCredentials\\IStore' => $baseDir . '/lib/public/Authentication/LoginCredentials/IStore.php', + 'OCP\\Authentication\\Token\\IProvider' => $baseDir . '/lib/public/Authentication/Token/IProvider.php', 'OCP\\Authentication\\TwoFactorAuth\\ALoginSetupController' => $baseDir . '/lib/public/Authentication/TwoFactorAuth/ALoginSetupController.php', 'OCP\\Authentication\\TwoFactorAuth\\IActivatableAtLogin' => $baseDir . '/lib/public/Authentication/TwoFactorAuth/IActivatableAtLogin.php', 'OCP\\Authentication\\TwoFactorAuth\\IActivatableByAdmin' => $baseDir . '/lib/public/Authentication/TwoFactorAuth/IActivatableByAdmin.php', diff --git a/lib/composer/composer/autoload_static.php b/lib/composer/composer/autoload_static.php index d62e9aa631f38..c4199a88d9ca2 100644 --- a/lib/composer/composer/autoload_static.php +++ b/lib/composer/composer/autoload_static.php @@ -125,6 +125,7 @@ class ComposerStaticInit749170dad3f5e7f9ca158f5a9f04f6a2 'OCP\\Authentication\\IProvideUserSecretBackend' => __DIR__ . '/../../..' . '/lib/public/Authentication/IProvideUserSecretBackend.php', 'OCP\\Authentication\\LoginCredentials\\ICredentials' => __DIR__ . '/../../..' . '/lib/public/Authentication/LoginCredentials/ICredentials.php', 'OCP\\Authentication\\LoginCredentials\\IStore' => __DIR__ . '/../../..' . '/lib/public/Authentication/LoginCredentials/IStore.php', + 'OCP\\Authentication\\Token\\IProvider' => __DIR__ . '/../../..' . '/lib/public/Authentication/Token/IProvider.php', 'OCP\\Authentication\\TwoFactorAuth\\ALoginSetupController' => __DIR__ . '/../../..' . '/lib/public/Authentication/TwoFactorAuth/ALoginSetupController.php', 'OCP\\Authentication\\TwoFactorAuth\\IActivatableAtLogin' => __DIR__ . '/../../..' . '/lib/public/Authentication/TwoFactorAuth/IActivatableAtLogin.php', 'OCP\\Authentication\\TwoFactorAuth\\IActivatableByAdmin' => __DIR__ . '/../../..' . '/lib/public/Authentication/TwoFactorAuth/IActivatableByAdmin.php', From f9227345c90621e804b5e588a7e7102263e1c029 Mon Sep 17 00:00:00 2001 From: Artur Neumann Date: Mon, 9 Jan 2023 12:46:10 +0545 Subject: [PATCH 07/10] move mocks into private variables Signed-off-by: Artur Neumann --- .../oauth2/tests/Controller/SettingsControllerTest.php | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/apps/oauth2/tests/Controller/SettingsControllerTest.php b/apps/oauth2/tests/Controller/SettingsControllerTest.php index 4692dd28830f4..af4745c5923a3 100644 --- a/apps/oauth2/tests/Controller/SettingsControllerTest.php +++ b/apps/oauth2/tests/Controller/SettingsControllerTest.php @@ -54,6 +54,10 @@ class SettingsControllerTest extends TestCase { private $secureRandom; /** @var AccessTokenMapper|\PHPUnit\Framework\MockObject\MockObject */ private $accessTokenMapper; + /** @var IAuthTokenProvider|\PHPUnit\Framework\MockObject\MockObject */ + private $authTokenProvider; + /** @var IUserManager|\PHPUnit\Framework\MockObject\MockObject */ + private $userManager; /** @var SettingsController */ private $settingsController; /** @var ICrypto|\PHPUnit\Framework\MockObject\MockObject */ @@ -68,6 +72,8 @@ protected function setUp(): void { $this->clientMapper = $this->createMock(ClientMapper::class); $this->secureRandom = $this->createMock(ISecureRandom::class); $this->accessTokenMapper = $this->createMock(AccessTokenMapper::class); + $this->authTokenProvider = $this->createMock(IAuthTokenProvider::class); + $this->userManager = $this->createMock(IUserManager::class); $this->l = $this->createMock(IL10N::class); $this->l->method('t') ->willReturnArgument(0); @@ -81,8 +87,8 @@ protected function setUp(): void { $this->accessTokenMapper, $this->l, $this->crypto, - $this->createMock(IAuthTokenProvider::class), - $this->createMock(IUserManager::class) + $this->authTokenProvider, + $this->userManager ); } From 183e1b94d91ba2b369313a8a9375799f74820863 Mon Sep 17 00:00:00 2001 From: Artur Neumann Date: Fri, 17 Mar 2023 14:02:35 +0545 Subject: [PATCH 08/10] invalidate oauth2 tokens only for seen users Signed-off-by: Artur Neumann --- apps/oauth2/lib/Controller/SettingsController.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/oauth2/lib/Controller/SettingsController.php b/apps/oauth2/lib/Controller/SettingsController.php index 2991ba3853212..97e2acaa2e17b 100644 --- a/apps/oauth2/lib/Controller/SettingsController.php +++ b/apps/oauth2/lib/Controller/SettingsController.php @@ -114,7 +114,7 @@ public function addClient(string $name, public function deleteClient(int $id): JSONResponse { $client = $this->clientMapper->getByUid($id); - $this->userManager->callForAllUsers(function (IUser $user) use ($client) { + $this->userManager->callForSeenUsers(function (IUser $user) use ($client) { $this->tokenProvider->invalidateTokensOfUser($user->getUID(), $client->getName()); }); From 0be74df6e689584e5c228c92c90f8d005a8960d7 Mon Sep 17 00:00:00 2001 From: Artur Neumann Date: Fri, 19 May 2023 12:27:20 +0545 Subject: [PATCH 09/10] expect invalidateTokensOfUser only be called for seen users Signed-off-by: Artur Neumann --- apps/oauth2/tests/Controller/SettingsControllerTest.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/apps/oauth2/tests/Controller/SettingsControllerTest.php b/apps/oauth2/tests/Controller/SettingsControllerTest.php index af4745c5923a3..18d1e1e5aae1a 100644 --- a/apps/oauth2/tests/Controller/SettingsControllerTest.php +++ b/apps/oauth2/tests/Controller/SettingsControllerTest.php @@ -146,10 +146,13 @@ public function testDeleteClient() { // count other users in the db before adding our own $count = 0; $function = function (IUser $user) use (&$count) { - $count++; + if ($user->getLastLogin() > 0) { + $count++; + } }; $userManager->callForAllUsers($function); $user1 = $userManager->createUser('test101', 'test101'); + $user1->updateLastLoginTimestamp(); $tokenProviderMock = $this->getMockBuilder(IAuthTokenProvider::class)->getMock(); // expect one call per user and ensure the correct client name From 28b9cfbd430191222d2497e354575910188b5758 Mon Sep 17 00:00:00 2001 From: Arthur Schiwon Date: Wed, 14 Jun 2023 23:05:08 +0200 Subject: [PATCH 10/10] Adjust @since annotation Signed-off-by: Arthur Schiwon --- lib/public/Authentication/Token/IProvider.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/public/Authentication/Token/IProvider.php b/lib/public/Authentication/Token/IProvider.php index da2e400eb79ec..ad8bb593e6344 100644 --- a/lib/public/Authentication/Token/IProvider.php +++ b/lib/public/Authentication/Token/IProvider.php @@ -25,7 +25,7 @@ namespace OCP\Authentication\Token; /** - * @since 24.0.8 + * @since 25.0.8 */ interface IProvider { /** @@ -34,7 +34,7 @@ interface IProvider { * * @param string $uid * @param string|null $clientName - * @since 24.0.8 + * @since 25.0.8 * @return void */ public function invalidateTokensOfUser(string $uid, ?string $clientName);