-
-
Notifications
You must be signed in to change notification settings - Fork 4k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #40026 from lhsazevedo/auth-token-commands
feat: Add auth token list and delete commands
- Loading branch information
Showing
14 changed files
with
471 additions
and
12 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,120 @@ | ||
<?php | ||
/** | ||
* @copyright Copyright (c) 2023 Lucas Azevedo <lhs_azevedo@hotmail.com> | ||
* | ||
* @author Lucas Azevedo <lhs_azevedo@hotmail.com> | ||
* | ||
* @license GNU AGPL version 3 or any later version | ||
* | ||
* This program is free software: you can redistribute it and/or modify | ||
* it under the terms of the GNU Affero General Public License as | ||
* published by the Free Software Foundation, either version 3 of the | ||
* License, or (at your option) any later version. | ||
* | ||
* This program is distributed in the hope that it will be useful, | ||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
* GNU Affero General Public License for more details. | ||
* | ||
* You should have received a copy of the GNU Affero General Public License | ||
* along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
* | ||
*/ | ||
namespace OC\Core\Command\User\AuthTokens; | ||
|
||
use DateTimeImmutable; | ||
use OC\Core\Command\Base; | ||
use OC\Authentication\Token\IProvider; | ||
use Symfony\Component\Console\Command\Command; | ||
use Symfony\Component\Console\Exception\RuntimeException; | ||
use Symfony\Component\Console\Input\InputArgument; | ||
use Symfony\Component\Console\Input\InputInterface; | ||
use Symfony\Component\Console\Input\InputOption; | ||
use Symfony\Component\Console\Output\OutputInterface; | ||
|
||
class Delete extends Base { | ||
public function __construct( | ||
protected IProvider $tokenProvider, | ||
) { | ||
parent::__construct(); | ||
} | ||
|
||
protected function configure(): void { | ||
$this | ||
->setName('user:auth-tokens:delete') | ||
->setDescription('Deletes an authentication token') | ||
->addArgument( | ||
'uid', | ||
InputArgument::REQUIRED, | ||
'ID of the user to delete tokens for' | ||
) | ||
->addArgument( | ||
'id', | ||
InputArgument::OPTIONAL, | ||
'ID of the auth token to delete' | ||
) | ||
->addOption( | ||
'last-used-before', | ||
null, | ||
InputOption::VALUE_REQUIRED, | ||
'Delete tokens last used before a given date.' | ||
); | ||
} | ||
|
||
protected function execute(InputInterface $input, OutputInterface $output): int { | ||
$uid = $input->getArgument('uid'); | ||
$id = (int) $input->getArgument('id'); | ||
$before = $input->getOption('last-used-before'); | ||
|
||
if ($before) { | ||
if ($id) { | ||
throw new RuntimeException('Option --last-used-before cannot be used with [<id>]'); | ||
} | ||
|
||
return $this->deleteLastUsedBefore($uid, $before); | ||
} | ||
|
||
if (!$id) { | ||
throw new RuntimeException('Not enough arguments. Specify the token <id> or use the --last-used-before option.'); | ||
} | ||
return $this->deleteById($uid, $id); | ||
} | ||
|
||
protected function deleteById(string $uid, int $id): int { | ||
$this->tokenProvider->invalidateTokenById($uid, $id); | ||
|
||
return Command::SUCCESS; | ||
} | ||
|
||
protected function deleteLastUsedBefore(string $uid, string $before): int { | ||
$date = $this->parseDateOption($before); | ||
if (!$date) { | ||
throw new RuntimeException('Invalid date format. Acceptable formats are: ISO8601 (w/o fractions), "YYYY-MM-DD" and Unix time in seconds.'); | ||
} | ||
|
||
$this->tokenProvider->invalidateLastUsedBefore($uid, $date->getTimestamp()); | ||
|
||
return Command::SUCCESS; | ||
} | ||
|
||
/** | ||
* @return \DateTimeImmutable|false | ||
*/ | ||
protected function parseDateOption(string $input) { | ||
$date = false; | ||
|
||
// Handle Unix timestamp | ||
if (filter_var($input, FILTER_VALIDATE_INT)) { | ||
return new DateTimeImmutable('@' . $input); | ||
} | ||
|
||
// ISO8601 | ||
$date = DateTimeImmutable::createFromFormat(DateTimeImmutable::ATOM, $input); | ||
if ($date) { | ||
return $date; | ||
} | ||
|
||
// YYYY-MM-DD | ||
return DateTimeImmutable::createFromFormat('!Y-m-d', $input); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,100 @@ | ||
<?php | ||
/** | ||
* @copyright Copyright (c) 2023 Lucas Azevedo <lhs_azevedo@hotmail.com> | ||
* | ||
* @author Lucas Azevedo <lhs_azevedo@hotmail.com> | ||
* | ||
* @license GNU AGPL version 3 or any later version | ||
* | ||
* This program is free software: you can redistribute it and/or modify | ||
* it under the terms of the GNU Affero General Public License as | ||
* published by the Free Software Foundation, either version 3 of the | ||
* License, or (at your option) any later version. | ||
* | ||
* This program is distributed in the hope that it will be useful, | ||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
* GNU Affero General Public License for more details. | ||
* | ||
* You should have received a copy of the GNU Affero General Public License | ||
* along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
* | ||
*/ | ||
namespace OC\Core\Command\User\AuthTokens; | ||
|
||
use OC\Core\Command\Base; | ||
use OC\Authentication\Token\IProvider; | ||
use OC\Authentication\Token\IToken; | ||
use OCP\IUserManager; | ||
use Symfony\Component\Console\Input\InputArgument; | ||
use Symfony\Component\Console\Input\InputInterface; | ||
use Symfony\Component\Console\Output\OutputInterface; | ||
|
||
class ListCommand extends Base { | ||
public function __construct( | ||
protected IUserManager $userManager, | ||
protected IProvider $tokenProvider, | ||
) { | ||
parent::__construct(); | ||
} | ||
|
||
protected function configure(): void { | ||
parent::configure(); | ||
|
||
$this | ||
->setName('user:auth-tokens:list') | ||
->setDescription('List authentication tokens of an user') | ||
->addArgument( | ||
'user', | ||
InputArgument::REQUIRED, | ||
'User to list auth tokens for' | ||
); | ||
} | ||
|
||
protected function execute(InputInterface $input, OutputInterface $output): int { | ||
$user = $this->userManager->get($input->getArgument('user')); | ||
|
||
if (is_null($user)) { | ||
$output->writeln('<error>user not found</error>'); | ||
return 1; | ||
} | ||
|
||
$tokens = $this->tokenProvider->getTokenByUser($user->getUID()); | ||
|
||
$tokens = array_map(function (IToken $token) use ($input): mixed { | ||
$sensitive = [ | ||
'password', | ||
'password_hash', | ||
'token', | ||
'public_key', | ||
'private_key', | ||
]; | ||
$data = array_diff_key($token->jsonSerialize(), array_flip($sensitive)); | ||
|
||
if ($input->getOption('output') === self::OUTPUT_FORMAT_PLAIN) { | ||
$data = $this->formatTokenForPlainOutput($data); | ||
} | ||
|
||
return $data; | ||
}, $tokens); | ||
|
||
$this->writeTableInOutputFormat($input, $output, $tokens); | ||
|
||
return 0; | ||
} | ||
|
||
public function formatTokenForPlainOutput(array $token): array { | ||
$token['scope'] = implode(', ', array_keys(array_filter($token['scope'] ?? []))); | ||
|
||
$token['lastActivity'] = date(DATE_ATOM, $token['lastActivity']); | ||
|
||
$token['type'] = match ($token['type']) { | ||
IToken::TEMPORARY_TOKEN => 'temporary', | ||
IToken::PERMANENT_TOKEN => 'permanent', | ||
IToken::WIPE_TOKEN => 'wipe', | ||
default => $token['type'], | ||
}; | ||
|
||
return $token; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.