Remove default token which is deprecated since Nextcloud 13

Signed-off-by: Joas Schilling <coding@schilljs.com>

lib/composer/composer/autoload_classmap.php

@@ -728,10 +728,6 @@ return array(
     'OC\\Authentication\\Login\\WebAuthnChain' => $baseDir . '/lib/private/Authentication/Login/WebAuthnChain.php',
     'OC\\Authentication\\Login\\WebAuthnLoginCommand' => $baseDir . '/lib/private/Authentication/Login/WebAuthnLoginCommand.php',
     'OC\\Authentication\\Notifications\\Notifier' => $baseDir . '/lib/private/Authentication/Notifications/Notifier.php',
-    'OC\\Authentication\\Token\\DefaultToken' => $baseDir . '/lib/private/Authentication/Token/DefaultToken.php',
-    'OC\\Authentication\\Token\\DefaultTokenCleanupJob' => $baseDir . '/lib/private/Authentication/Token/DefaultTokenCleanupJob.php',
-    'OC\\Authentication\\Token\\DefaultTokenMapper' => $baseDir . '/lib/private/Authentication/Token/DefaultTokenMapper.php',
-    'OC\\Authentication\\Token\\DefaultTokenProvider' => $baseDir . '/lib/private/Authentication/Token/DefaultTokenProvider.php',
     'OC\\Authentication\\Token\\INamedToken' => $baseDir . '/lib/private/Authentication/Token/INamedToken.php',
     'OC\\Authentication\\Token\\IProvider' => $baseDir . '/lib/private/Authentication/Token/IProvider.php',
     'OC\\Authentication\\Token\\IToken' => $baseDir . '/lib/private/Authentication/Token/IToken.php',

lib/composer/composer/autoload_static.php

@@ -757,10 +757,6 @@ class ComposerStaticInit53792487c5a8370acc0b06b1a864ff4c
         'OC\\Authentication\\Login\\WebAuthnChain' => __DIR__ . '/../../..' . '/lib/private/Authentication/Login/WebAuthnChain.php',
         'OC\\Authentication\\Login\\WebAuthnLoginCommand' => __DIR__ . '/../../..' . '/lib/private/Authentication/Login/WebAuthnLoginCommand.php',
         'OC\\Authentication\\Notifications\\Notifier' => __DIR__ . '/../../..' . '/lib/private/Authentication/Notifications/Notifier.php',
-        'OC\\Authentication\\Token\\DefaultToken' => __DIR__ . '/../../..' . '/lib/private/Authentication/Token/DefaultToken.php',
-        'OC\\Authentication\\Token\\DefaultTokenCleanupJob' => __DIR__ . '/../../..' . '/lib/private/Authentication/Token/DefaultTokenCleanupJob.php',
-        'OC\\Authentication\\Token\\DefaultTokenMapper' => __DIR__ . '/../../..' . '/lib/private/Authentication/Token/DefaultTokenMapper.php',
-        'OC\\Authentication\\Token\\DefaultTokenProvider' => __DIR__ . '/../../..' . '/lib/private/Authentication/Token/DefaultTokenProvider.php',
         'OC\\Authentication\\Token\\INamedToken' => __DIR__ . '/../../..' . '/lib/private/Authentication/Token/INamedToken.php',
         'OC\\Authentication\\Token\\IProvider' => __DIR__ . '/../../..' . '/lib/private/Authentication/Token/IProvider.php',
         'OC\\Authentication\\Token\\IToken' => __DIR__ . '/../../..' . '/lib/private/Authentication/Token/IToken.php',

lib/private/Authentication/Token/DefaultToken.php

@@ -1,209 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-/**
- * @copyright Copyright (c) 2016, ownCloud, Inc.
- *
- * @author Christoph Wurst <christoph@winzerhof-wurst.at>
- * @author Daniel Kesselberg <mail@danielkesselberg.de>
- * @author Robin Appelman <robin@icewind.nl>
- * @author Roeland Jago Douma <roeland@famdouma.nl>
- *
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
- */
-namespace OC\Authentication\Token;
-
-use OCP\AppFramework\Db\Entity;
-
-/**
- * @method void setId(int $id)
- * @method void setUid(string $uid);
- * @method void setLoginName(string $loginname)
- * @method string getToken()
- * @method void setType(int $type)
- * @method int getType()
- * @method void setRemember(int $remember)
- * @method void setLastActivity(int $lastactivity)
- * @method int getLastActivity()
- * @method void setVersion(int $version)
- */
-class DefaultToken extends Entity implements INamedToken {
-	public const VERSION = 1;
-
-	/** @var string user UID */
-	protected $uid;
-
-	/** @var string login name used for generating the token */
-	protected $loginName;
-
-	/** @var string encrypted user password */
-	protected $password;
-
-	/** @var string token name (e.g. browser/OS) */
-	protected $name;
-
-	/** @var string */
-	protected $token;
-
-	/** @var int */
-	protected $type;
-
-	/** @var int */
-	protected $remember;
-
-	/** @var int */
-	protected $lastActivity;
-
-	/** @var int */
-	protected $lastCheck;
-
-	/** @var string */
-	protected $scope;
-
-	/** @var int */
-	protected $expires;
-
-	/** @var int */
-	protected $version;
-
-	public function __construct() {
-		$this->addType('uid', 'string');
-		$this->addType('loginName', 'string');
-		$this->addType('password', 'string');
-		$this->addType('name', 'string');
-		$this->addType('token', 'string');
-		$this->addType('type', 'int');
-		$this->addType('remember', 'int');
-		$this->addType('lastActivity', 'int');
-		$this->addType('lastCheck', 'int');
-		$this->addType('scope', 'string');
-		$this->addType('expires', 'int');
-		$this->addType('version', 'int');
-	}
-
-	public function getId(): int {
-		return $this->id;
-	}
-
-	public function getUID(): string {
-		return $this->uid;
-	}
-
-	/**
-	 * Get the login name used when generating the token
-	 *
-	 * @return string
-	 */
-	public function getLoginName(): string {
-		return parent::getLoginName();
-	}
-
-	/**
-	 * Get the (encrypted) login password
-	 *
-	 * @return string|null
-	 */
-	public function getPassword() {
-		return parent::getPassword();
-	}
-
-	public function jsonSerialize(): array {
-		return [
-			'id' => $this->id,
-			'name' => $this->name,
-			'lastActivity' => $this->lastActivity,
-			'type' => $this->type,
-			'scope' => $this->getScopeAsArray()
-		];
-	}
-
-	/**
-	 * Get the timestamp of the last password check
-	 *
-	 * @return int
-	 */
-	public function getLastCheck(): int {
-		return parent::getLastCheck();
-	}
-
-	/**
-	 * Get the timestamp of the last password check
-	 *
-	 * @param int $time
-	 */
-	public function setLastCheck(int $time) {
-		parent::setLastCheck($time);
-	}
-
-	public function getScope(): string {
-		$scope = parent::getScope();
-		if ($scope === null) {
-			return '';
-		}
-
-		return $scope;
-	}
-
-	public function getScopeAsArray(): array {
-		$scope = json_decode($this->getScope(), true);
-		if (!$scope) {
-			return [
-				'filesystem' => true
-			];
-		}
-		return $scope;
-	}
-
-	public function setScope($scope) {
-		if (\is_array($scope)) {
-			parent::setScope(json_encode($scope));
-		} else {
-			parent::setScope((string)$scope);
-		}
-	}
-
-	public function getName(): string {
-		return parent::getName();
-	}
-
-	public function setName(string $name): void {
-		parent::setName($name);
-	}
-
-	public function getRemember(): int {
-		return parent::getRemember();
-	}
-
-	public function setToken(string $token) {
-		parent::setToken($token);
-	}
-
-	public function setPassword(string $password = null) {
-		parent::setPassword($password);
-	}
-
-	public function setExpires($expires) {
-		parent::setExpires($expires);
-	}
-
-	/**
-	 * @return int|null
-	 */
-	public function getExpires() {
-		return parent::getExpires();
-	}
-}

lib/private/Authentication/Token/DefaultTokenCleanupJob.php

@@ -1,34 +0,0 @@
-<?php
-/**
- * @copyright Copyright (c) 2016, ownCloud, Inc.
- *
- * @author Christoph Wurst <christoph@winzerhof-wurst.at>
- * @author Morris Jobke <hey@morrisjobke.de>
- *
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
- */
-namespace OC\Authentication\Token;
-
-use OC;
-use OC\BackgroundJob\Job;
-
-class DefaultTokenCleanupJob extends Job {
-	protected function run($argument) {
-		/* @var $provider IProvider */
-		$provider = OC::$server->query(IProvider::class);
-		$provider->invalidateOldTokens();
-	}
-}

lib/private/Authentication/Token/DefaultTokenMapper.php

@@ -1,172 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-/**
- * @copyright Copyright (c) 2016, ownCloud, Inc.
- *
- * @author Bjoern Schiessle <bjoern@schiessle.org>
- * @author Christoph Wurst <christoph@winzerhof-wurst.at>
- * @author Lukas Reschke <lukas@statuscode.ch>
- * @author Marcel Waldvogel <marcel.waldvogel@uni-konstanz.de>
- * @author Robin Appelman <robin@icewind.nl>
- * @author Roeland Jago Douma <roeland@famdouma.nl>
- *
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
- */
-namespace OC\Authentication\Token;
-
-use OCP\AppFramework\Db\DoesNotExistException;
-use OCP\AppFramework\Db\QBMapper;
-use OCP\DB\QueryBuilder\IQueryBuilder;
-use OCP\IDBConnection;
-
-/**
- * @template-extends QBMapper<DefaultToken>
- */
-class DefaultTokenMapper extends QBMapper {
-	public function __construct(IDBConnection $db) {
-		parent::__construct($db, 'authtoken');
-	}
-
-	/**
-	 * Invalidate (delete) a given token
-	 *
-	 * @param string $token
-	 */
-	public function invalidate(string $token) {
-		/* @var $qb IQueryBuilder */
-		$qb = $this->db->getQueryBuilder();
-		$qb->delete('authtoken')
-			->where($qb->expr()->eq('token', $qb->createNamedParameter($token, IQueryBuilder::PARAM_STR)))
-			->andWhere($qb->expr()->eq('version', $qb->createNamedParameter(DefaultToken::VERSION, IQueryBuilder::PARAM_INT)))
-			->execute();
-	}
-
-	/**
-	 * @param int $olderThan
-	 * @param int $remember
-	 */
-	public function invalidateOld(int $olderThan, int $remember = IToken::DO_NOT_REMEMBER) {
-		/* @var $qb IQueryBuilder */
-		$qb = $this->db->getQueryBuilder();
-		$qb->delete('authtoken')
-			->where($qb->expr()->lt('last_activity', $qb->createNamedParameter($olderThan, IQueryBuilder::PARAM_INT)))
-			->andWhere($qb->expr()->eq('type', $qb->createNamedParameter(IToken::TEMPORARY_TOKEN, IQueryBuilder::PARAM_INT)))
-			->andWhere($qb->expr()->eq('remember', $qb->createNamedParameter($remember, IQueryBuilder::PARAM_INT)))
-			->andWhere($qb->expr()->eq('version', $qb->createNamedParameter(DefaultToken::VERSION, IQueryBuilder::PARAM_INT)))
-			->execute();
-	}
-
-	/**
-	 * Get the user UID for the given token
-	 *
-	 * @param string $token
-	 * @throws DoesNotExistException
-	 * @return DefaultToken
-	 */
-	public function getToken(string $token): DefaultToken {
-		/* @var $qb IQueryBuilder */
-		$qb = $this->db->getQueryBuilder();
-		$result = $qb->select('id', 'uid', 'login_name', 'password', 'name', 'token', 'type', 'remember', 'last_activity', 'last_check', 'scope', 'expires', 'version')
-			->from('authtoken')
-			->where($qb->expr()->eq('token', $qb->createNamedParameter($token)))
-			->andWhere($qb->expr()->eq('version', $qb->createNamedParameter(DefaultToken::VERSION, IQueryBuilder::PARAM_INT)))
-			->execute();
-
-		$data = $result->fetch();
-		$result->closeCursor();
-		if ($data === false) {
-			throw new DoesNotExistException('token does not exist');
-		}
-		return DefaultToken::fromRow($data);
-	}
-
-	/**
-	 * Get the token for $id
-	 *
-	 * @param int $id
-	 * @throws DoesNotExistException
-	 * @return DefaultToken
-	 */
-	public function getTokenById(int $id): DefaultToken {
-		/* @var $qb IQueryBuilder */
-		$qb = $this->db->getQueryBuilder();
-		$result = $qb->select('id', 'uid', 'login_name', 'password', 'name', 'token', 'type', 'remember', 'last_activity', 'last_check', 'scope', 'expires', 'version')
-			->from('authtoken')
-			->where($qb->expr()->eq('id', $qb->createNamedParameter($id)))
-			->andWhere($qb->expr()->eq('version', $qb->createNamedParameter(DefaultToken::VERSION, IQueryBuilder::PARAM_INT)))
-			->execute();
-
-		$data = $result->fetch();
-		$result->closeCursor();
-		if ($data === false) {
-			throw new DoesNotExistException('token does not exist');
-		}
-		return DefaultToken::fromRow($data);
-	}
-
-	/**
-	 * Get all tokens of a user
-	 *
-	 * The provider may limit the number of result rows in case of an abuse
-	 * where a high number of (session) tokens is generated
-	 *
-	 * @param string $uid
-	 * @return DefaultToken[]
-	 */
-	public function getTokenByUser(string $uid): array {
-		/* @var $qb IQueryBuilder */
-		$qb = $this->db->getQueryBuilder();
-		$qb->select('id', 'uid', 'login_name', 'password', 'name', 'token', 'type', 'remember', 'last_activity', 'last_check', 'scope', 'expires', 'version')
-			->from('authtoken')
-			->where($qb->expr()->eq('uid', $qb->createNamedParameter($uid)))
-			->andWhere($qb->expr()->eq('version', $qb->createNamedParameter(DefaultToken::VERSION, IQueryBuilder::PARAM_INT)))
-			->setMaxResults(1000);
-		$result = $qb->execute();
-		$data = $result->fetchAll();
-		$result->closeCursor();
-
-		$entities = array_map(function ($row) {
-			return DefaultToken::fromRow($row);
-		}, $data);
-
-		return $entities;
-	}
-
-	public function deleteById(string $uid, int $id) {
-		/* @var $qb IQueryBuilder */
-		$qb = $this->db->getQueryBuilder();
-		$qb->delete('authtoken')
-			->where($qb->expr()->eq('id', $qb->createNamedParameter($id)))
-			->andWhere($qb->expr()->eq('uid', $qb->createNamedParameter($uid)))
-			->andWhere($qb->expr()->eq('version', $qb->createNamedParameter(DefaultToken::VERSION, IQueryBuilder::PARAM_INT)));
-		$qb->execute();
-	}
-
-	/**
-	 * delete all auth token which belong to a specific client if the client was deleted
-	 *
-	 * @param string $name
-	 */
-	public function deleteByName(string $name) {
-		$qb = $this->db->getQueryBuilder();
-		$qb->delete('authtoken')
-			->where($qb->expr()->eq('name', $qb->createNamedParameter($name), IQueryBuilder::PARAM_STR))
-			->andWhere($qb->expr()->eq('version', $qb->createNamedParameter(DefaultToken::VERSION, IQueryBuilder::PARAM_INT)));
-		$qb->execute();
-	}
-}

lib/private/Authentication/Token/DefaultTokenProvider.php

@@ -1,343 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-/**
- * @copyright Copyright (c) 2016, ownCloud, Inc.
- * @copyright Copyright (c) 2016, Christoph Wurst <christoph@winzerhof-wurst.at>
- *
- * @author Christoph Wurst <christoph@winzerhof-wurst.at>
- * @author Flávio Gomes da Silva Lisboa <flavio.lisboa@serpro.gov.br>
- * @author Joas Schilling <coding@schilljs.com>
- * @author Lukas Reschke <lukas@statuscode.ch>
- * @author Martin <github@diemattels.at>
- * @author Robin Appelman <robin@icewind.nl>
- * @author Roeland Jago Douma <roeland@famdouma.nl>
- *
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
- */
-namespace OC\Authentication\Token;
-
-use Exception;
-use OC\Authentication\Exceptions\ExpiredTokenException;
-use OC\Authentication\Exceptions\InvalidTokenException;
-use OC\Authentication\Exceptions\PasswordlessTokenException;
-use OCP\AppFramework\Db\DoesNotExistException;
-use OCP\AppFramework\Utility\ITimeFactory;
-use OCP\IConfig;
-use OCP\Security\ICrypto;
-use Psr\Log\LoggerInterface;
-
-class DefaultTokenProvider implements IProvider {
-
-	/** @var DefaultTokenMapper */
-	private $mapper;
-
-	/** @var ICrypto */
-	private $crypto;
-
-	/** @var IConfig */
-	private $config;
-
-	/** @var LoggerInterface */
-	private $logger;
-
-	/** @var ITimeFactory */
-	private $time;
-
-	public function __construct(DefaultTokenMapper $mapper,
-								ICrypto $crypto,
-								IConfig $config,
-								LoggerInterface $logger,
-								ITimeFactory $time) {
-		$this->mapper = $mapper;
-		$this->crypto = $crypto;
-		$this->config = $config;
-		$this->logger = $logger;
-		$this->time = $time;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public function generateToken(string $token,
-								  string $uid,
-								  string $loginName,
-								  ?string $password,
-								  string $name,
-								  int $type = IToken::TEMPORARY_TOKEN,
-								  int $remember = IToken::DO_NOT_REMEMBER): IToken {
-		$dbToken = new DefaultToken();
-		$dbToken->setUid($uid);
-		$dbToken->setLoginName($loginName);
-		if (!is_null($password)) {
-			$dbToken->setPassword($this->encryptPassword($password, $token));
-		}
-		$dbToken->setName($name);
-		$dbToken->setToken($this->hashToken($token));
-		$dbToken->setType($type);
-		$dbToken->setRemember($remember);
-		$dbToken->setLastActivity($this->time->getTime());
-		$dbToken->setLastCheck($this->time->getTime());
-		$dbToken->setVersion(DefaultToken::VERSION);
-
-		$this->mapper->insert($dbToken);
-
-		return $dbToken;
-	}
-
-	/**
-	 * Save the updated token
-	 *
-	 * @param IToken $token
-	 * @throws InvalidTokenException
-	 */
-	public function updateToken(IToken $token) {
-		if (!($token instanceof DefaultToken)) {
-			throw new InvalidTokenException("Invalid token type");
-		}
-		$this->mapper->update($token);
-	}
-
-	/**
-	 * Update token activity timestamp
-	 *
-	 * @throws InvalidTokenException
-	 * @param IToken $token
-	 */
-	public function updateTokenActivity(IToken $token) {
-		if (!($token instanceof DefaultToken)) {
-			throw new InvalidTokenException("Invalid token type");
-		}
-		/** @var DefaultToken $token */
-		$now = $this->time->getTime();
-		if ($token->getLastActivity() < ($now - 60)) {
-			// Update token only once per minute
-			$token->setLastActivity($now);
-			$this->mapper->update($token);
-		}
-	}
-
-	public function getTokenByUser(string $uid): array {
-		return $this->mapper->getTokenByUser($uid);
-	}
-
-	/**
-	 * Get a token by token
-	 *
-	 * @param string $tokenId
-	 * @throws InvalidTokenException
-	 * @throws ExpiredTokenException
-	 * @return IToken
-	 */
-	public function getToken(string $tokenId): IToken {
-		try {
-			$token = $this->mapper->getToken($this->hashToken($tokenId));
-		} catch (DoesNotExistException $ex) {
-			throw new InvalidTokenException("Token does not exist", 0, $ex);
-		}
-
-		if ((int)$token->getExpires() !== 0 && $token->getExpires() < $this->time->getTime()) {
-			throw new ExpiredTokenException($token);
-		}
-
-		return $token;
-	}
-
-	/**
-	 * Get a token by token id
-	 *
-	 * @param int $tokenId
-	 * @throws InvalidTokenException
-	 * @throws ExpiredTokenException
-	 * @return IToken
-	 */
-	public function getTokenById(int $tokenId): IToken {
-		try {
-			$token = $this->mapper->getTokenById($tokenId);
-		} catch (DoesNotExistException $ex) {
-			throw new InvalidTokenException("Token with ID $tokenId does not exist", 0, $ex);
-		}
-
-		if ((int)$token->getExpires() !== 0 && $token->getExpires() < $this->time->getTime()) {
-			throw new ExpiredTokenException($token);
-		}
-
-		return $token;
-	}
-
-	/**
-	 * @param string $oldSessionId
-	 * @param string $sessionId
-	 * @throws InvalidTokenException
-	 * @return IToken
-	 */
-	public function renewSessionToken(string $oldSessionId, string $sessionId): IToken {
-		$token = $this->getToken($oldSessionId);
-
-		$newToken = new DefaultToken();
-		$newToken->setUid($token->getUID());
-		$newToken->setLoginName($token->getLoginName());
-		if (!is_null($token->getPassword())) {
-			$password = $this->decryptPassword($token->getPassword(), $oldSessionId);
-			$newToken->setPassword($this->encryptPassword($password, $sessionId));
-		}
-		$newToken->setName($token->getName());
-		$newToken->setToken($this->hashToken($sessionId));
-		$newToken->setType(IToken::TEMPORARY_TOKEN);
-		$newToken->setRemember($token->getRemember());
-		$newToken->setLastActivity($this->time->getTime());
-		$this->mapper->insert($newToken);
-		$this->mapper->delete($token);
-
-		return $newToken;
-	}
-
-	/**
-	 * @param IToken $savedToken
-	 * @param string $tokenId session token
-	 * @throws InvalidTokenException
-	 * @throws PasswordlessTokenException
-	 * @return string
-	 */
-	public function getPassword(IToken $savedToken, string $tokenId): string {
-		$password = $savedToken->getPassword();
-		if ($password === null || $password === '') {
-			throw new PasswordlessTokenException();
-		}
-		return $this->decryptPassword($password, $tokenId);
-	}
-
-	/**
-	 * Encrypt and set the password of the given token
-	 *
-	 * @param IToken $token
-	 * @param string $tokenId
-	 * @param string $password
-	 * @throws InvalidTokenException
-	 */
-	public function setPassword(IToken $token, string $tokenId, string $password) {
-		if (!($token instanceof DefaultToken)) {
-			throw new InvalidTokenException("Invalid token type");
-		}
-		/** @var DefaultToken $token */
-		$token->setPassword($this->encryptPassword($password, $tokenId));
-		$this->mapper->update($token);
-	}
-
-	/**
-	 * Invalidate (delete) the given session token
-	 *
-	 * @param string $token
-	 */
-	public function invalidateToken(string $token) {
-		$this->mapper->invalidate($this->hashToken($token));
-	}
-
-	public function invalidateTokenById(string $uid, int $id) {
-		$this->mapper->deleteById($uid, $id);
-	}
-
-	/**
-	 * Invalidate (delete) old session tokens
-	 */
-	public function invalidateOldTokens() {
-		$olderThan = $this->time->getTime() - (int) $this->config->getSystemValue('session_lifetime', 60 * 60 * 24);
-		$this->logger->debug('Invalidating session tokens older than ' . date('c', $olderThan), ['app' => 'cron']);
-		$this->mapper->invalidateOld($olderThan, IToken::DO_NOT_REMEMBER);
-		$rememberThreshold = $this->time->getTime() - (int) $this->config->getSystemValue('remember_login_cookie_lifetime', 60 * 60 * 24 * 15);
-		$this->logger->debug('Invalidating remembered session tokens older than ' . date('c', $rememberThreshold), ['app' => 'cron']);
-		$this->mapper->invalidateOld($rememberThreshold, IToken::REMEMBER);
-	}
-
-	/**
-	 * Rotate the token. Usefull for for example oauth tokens
-	 *
-	 * @param IToken $token
-	 * @param string $oldTokenId
-	 * @param string $newTokenId
-	 * @return IToken
-	 */
-	public function rotate(IToken $token, string $oldTokenId, string $newTokenId): IToken {
-		try {
-			$password = $this->getPassword($token, $oldTokenId);
-			$token->setPassword($this->encryptPassword($password, $newTokenId));
-		} catch (PasswordlessTokenException $e) {
-		}
-
-		$token->setToken($this->hashToken($newTokenId));
-		$this->updateToken($token);
-
-		return $token;
-	}
-
-	/**
-	 * @param string $token
-	 * @return string
-	 */
-	private function hashToken(string $token): string {
-		$secret = $this->config->getSystemValue('secret');
-		return hash('sha512', $token . $secret);
-	}
-
-	/**
-	 * Encrypt the given password
-	 *
-	 * The token is used as key
-	 *
-	 * @param string $password
-	 * @param string $token
-	 * @return string encrypted password
-	 */
-	private function encryptPassword(string $password, string $token): string {
-		$secret = $this->config->getSystemValue('secret');
-		return $this->crypto->encrypt($password, $token . $secret);
-	}
-
-	/**
-	 * Decrypt the given password
-	 *
-	 * The token is used as key
-	 *
-	 * @param string $password
-	 * @param string $token
-	 * @throws InvalidTokenException
-	 * @return string the decrypted key
-	 */
-	private function decryptPassword(string $password, string $token): string {
-		$secret = $this->config->getSystemValue('secret');
-		try {
-			return $this->crypto->decrypt($password, $token . $secret);
-		} catch (Exception $ex) {
-			// Delete the invalid token
-			$this->invalidateToken($token);
-			throw new InvalidTokenException("Can not decrypt token password: " . $ex->getMessage(), 0, $ex);
-		}
-	}
-
-	public function markPasswordInvalid(IToken $token, string $tokenId) {
-		if (!($token instanceof DefaultToken)) {
-			throw new InvalidTokenException("Invalid token type");
-		}
-
-		//No need to mark as invalid. We just invalide default tokens
-		$this->invalidateToken($tokenId);
-	}
-
-	public function updatePasswords(string $uid, string $password) {
-		// Nothing to do here
-	}
-}

lib/private/Authentication/Token/Manager.php

@@ -35,14 +35,10 @@ use OC\Authentication\Exceptions\WipeTokenException;
 
 class Manager implements IProvider {
 
-	/** @var DefaultTokenProvider */
-	private $defaultTokenProvider;
-
 	/** @var PublicKeyTokenProvider */
 	private $publicKeyTokenProvider;
 
-	public function __construct(DefaultTokenProvider $defaultTokenProvider, PublicKeyTokenProvider $publicKeyTokenProvider) {
-		$this->defaultTokenProvider = $defaultTokenProvider;
+	public function __construct(PublicKeyTokenProvider $publicKeyTokenProvider) {
 		$this->publicKeyTokenProvider = $publicKeyTokenProvider;
 	}
 
@@ -117,10 +113,7 @@ class Manager implements IProvider {
 	 * @return IToken[]
 	 */
 	public function getTokenByUser(string $uid): array {
-		$old = $this->defaultTokenProvider->getTokenByUser($uid);
-		$new = $this->publicKeyTokenProvider->getTokenByUser($uid);
-
-		return array_merge($old, $new);
+		return $this->publicKeyTokenProvider->getTokenByUser($uid);
 	}
 
 	/**
@@ -139,19 +132,8 @@ class Manager implements IProvider {
 		} catch (ExpiredTokenException $e) {
 			throw $e;
 		} catch (InvalidTokenException $e) {
-			// No worries we try to convert it to a PublicKey Token
-		}
-
-		//Convert!
-		$token = $this->defaultTokenProvider->getToken($tokenId);
-
-		try {
-			$password = $this->defaultTokenProvider->getPassword($token, $tokenId);
-		} catch (PasswordlessTokenException $e) {
-			$password = null;
+			throw $e;
 		}
-
-		return $this->publicKeyTokenProvider->convertToken($token, $tokenId, $password);
 	}
 
 	/**
@@ -169,7 +151,7 @@ class Manager implements IProvider {
 		} catch (WipeTokenException $e) {
 			throw $e;
 		} catch (InvalidTokenException $e) {
-			return $this->defaultTokenProvider->getTokenById($tokenId);
+			throw $e;
 		}
 	}
 
@@ -185,7 +167,7 @@ class Manager implements IProvider {
 		} catch (ExpiredTokenException $e) {
 			throw $e;
 		} catch (InvalidTokenException $e) {
-			return $this->defaultTokenProvider->renewSessionToken($oldSessionId, $sessionId);
+			throw $e;
 		}
 	}
 
@@ -207,17 +189,14 @@ class Manager implements IProvider {
 	}
 
 	public function invalidateToken(string $token) {
-		$this->defaultTokenProvider->invalidateToken($token);
 		$this->publicKeyTokenProvider->invalidateToken($token);
 	}
 
 	public function invalidateTokenById(string $uid, int $id) {
-		$this->defaultTokenProvider->invalidateTokenById($uid, $id);
 		$this->publicKeyTokenProvider->invalidateTokenById($uid, $id);
 	}
 
 	public function invalidateOldTokens() {
-		$this->defaultTokenProvider->invalidateOldTokens();
 		$this->publicKeyTokenProvider->invalidateOldTokens();
 	}
 
@@ -230,16 +209,6 @@ class Manager implements IProvider {
 	 * @throws \RuntimeException when OpenSSL reports a problem
 	 */
 	public function rotate(IToken $token, string $oldTokenId, string $newTokenId): IToken {
-		if ($token instanceof DefaultToken) {
-			try {
-				$password = $this->defaultTokenProvider->getPassword($token, $oldTokenId);
-			} catch (PasswordlessTokenException $e) {
-				$password = null;
-			}
-
-			return $this->publicKeyTokenProvider->convertToken($token, $newTokenId, $password);
-		}
-
 		if ($token instanceof PublicKeyToken) {
 			return $this->publicKeyTokenProvider->rotate($token, $oldTokenId, $newTokenId);
 		}
@@ -253,9 +222,6 @@ class Manager implements IProvider {
 	 * @throws InvalidTokenException
 	 */
 	private function getProvider(IToken $token): IProvider {
-		if ($token instanceof DefaultToken) {
-			return $this->defaultTokenProvider;
-		}
 		if ($token instanceof PublicKeyToken) {
 			return $this->publicKeyTokenProvider;
 		}
@@ -268,7 +234,6 @@ class Manager implements IProvider {
 	}
 
 	public function updatePasswords(string $uid, string $password) {
-		$this->defaultTokenProvider->updatePasswords($uid, $password);
 		$this->publicKeyTokenProvider->updatePasswords($uid, $password);
 	}
 }

lib/private/Authentication/Token/PublicKeyTokenMapper.php

@@ -48,7 +48,7 @@ class PublicKeyTokenMapper extends QBMapper {
 	public function invalidate(string $token) {
 		/* @var $qb IQueryBuilder */
 		$qb = $this->db->getQueryBuilder();
-		$qb->delete('authtoken')
+		$qb->delete($this->tableName)
 			->where($qb->expr()->eq('token', $qb->createNamedParameter($token)))
 			->andWhere($qb->expr()->eq('version', $qb->createNamedParameter(PublicKeyToken::VERSION, IQueryBuilder::PARAM_INT)))
 			->execute();
@@ -61,7 +61,7 @@ class PublicKeyTokenMapper extends QBMapper {
 	public function invalidateOld(int $olderThan, int $remember = IToken::DO_NOT_REMEMBER) {
 		/* @var $qb IQueryBuilder */
 		$qb = $this->db->getQueryBuilder();
-		$qb->delete('authtoken')
+		$qb->delete($this->tableName)
 			->where($qb->expr()->lt('last_activity', $qb->createNamedParameter($olderThan, IQueryBuilder::PARAM_INT)))
 			->andWhere($qb->expr()->eq('type', $qb->createNamedParameter(IToken::TEMPORARY_TOKEN, IQueryBuilder::PARAM_INT)))
 			->andWhere($qb->expr()->eq('remember', $qb->createNamedParameter($remember, IQueryBuilder::PARAM_INT)))
@@ -78,7 +78,7 @@ class PublicKeyTokenMapper extends QBMapper {
 		/* @var $qb IQueryBuilder */
 		$qb = $this->db->getQueryBuilder();
 		$result = $qb->select('*')
-			->from('authtoken')
+			->from($this->tableName)
 			->where($qb->expr()->eq('token', $qb->createNamedParameter($token)))
 			->andWhere($qb->expr()->eq('version', $qb->createNamedParameter(PublicKeyToken::VERSION, IQueryBuilder::PARAM_INT)))
 			->execute();
@@ -100,7 +100,7 @@ class PublicKeyTokenMapper extends QBMapper {
 		/* @var $qb IQueryBuilder */
 		$qb = $this->db->getQueryBuilder();
 		$result = $qb->select('*')
-			->from('authtoken')
+			->from($this->tableName)
 			->where($qb->expr()->eq('id', $qb->createNamedParameter($id)))
 			->andWhere($qb->expr()->eq('version', $qb->createNamedParameter(PublicKeyToken::VERSION, IQueryBuilder::PARAM_INT)))
 			->execute();
@@ -126,7 +126,7 @@ class PublicKeyTokenMapper extends QBMapper {
 		/* @var $qb IQueryBuilder */
 		$qb = $this->db->getQueryBuilder();
 		$qb->select('*')
-			->from('authtoken')
+			->from($this->tableName)
 			->where($qb->expr()->eq('uid', $qb->createNamedParameter($uid)))
 			->andWhere($qb->expr()->eq('version', $qb->createNamedParameter(PublicKeyToken::VERSION, IQueryBuilder::PARAM_INT)))
 			->setMaxResults(1000);
@@ -144,7 +144,7 @@ class PublicKeyTokenMapper extends QBMapper {
 	public function deleteById(string $uid, int $id) {
 		/* @var $qb IQueryBuilder */
 		$qb = $this->db->getQueryBuilder();
-		$qb->delete('authtoken')
+		$qb->delete($this->tableName)
 			->where($qb->expr()->eq('id', $qb->createNamedParameter($id)))
 			->andWhere($qb->expr()->eq('uid', $qb->createNamedParameter($uid)))
 			->andWhere($qb->expr()->eq('version', $qb->createNamedParameter(PublicKeyToken::VERSION, IQueryBuilder::PARAM_INT)));
@@ -158,7 +158,7 @@ class PublicKeyTokenMapper extends QBMapper {
 	 */
 	public function deleteByName(string $name) {
 		$qb = $this->db->getQueryBuilder();
-		$qb->delete('authtoken')
+		$qb->delete($this->tableName)
 			->where($qb->expr()->eq('name', $qb->createNamedParameter($name), IQueryBuilder::PARAM_STR))
 			->andWhere($qb->expr()->eq('version', $qb->createNamedParameter(PublicKeyToken::VERSION, IQueryBuilder::PARAM_INT)));
 		$qb->execute();
@@ -167,7 +167,7 @@ class PublicKeyTokenMapper extends QBMapper {
 	public function deleteTempToken(PublicKeyToken $except) {
 		$qb = $this->db->getQueryBuilder();
 
-		$qb->delete('authtoken')
+		$qb->delete($this->tableName)
 			->where($qb->expr()->eq('uid', $qb->createNamedParameter($except->getUID())))
 			->andWhere($qb->expr()->eq('type', $qb->createNamedParameter(IToken::TEMPORARY_TOKEN)))
 			->andWhere($qb->expr()->neq('id', $qb->createNamedParameter($except->getId())))
@@ -179,7 +179,7 @@ class PublicKeyTokenMapper extends QBMapper {
 	public function hasExpiredTokens(string $uid): bool {
 		$qb = $this->db->getQueryBuilder();
 		$qb->select('*')
-			->from('authtoken')
+			->from($this->tableName)
 			->where($qb->expr()->eq('uid', $qb->createNamedParameter($uid)))
 			->andWhere($qb->expr()->eq('password_invalid', $qb->createNamedParameter(true), IQueryBuilder::PARAM_BOOL))
 			->setMaxResults(1);

lib/private/Authentication/Token/PublicKeyTokenProvider.php

@@ -321,30 +321,6 @@ class PublicKeyTokenProvider implements IProvider {
 		return hash('sha512', $token . $secret);
 	}
 
-	/**
-	 * Convert a DefaultToken to a publicKeyToken
-	 * This will also be updated directly in the Database
-	 * @throws \RuntimeException when OpenSSL reports a problem
-	 */
-	public function convertToken(DefaultToken $defaultToken, string $token, $password): PublicKeyToken {
-		$this->cache->clear();
-
-		$pkToken = $this->newToken(
-			$token,
-			$defaultToken->getUID(),
-			$defaultToken->getLoginName(),
-			$password,
-			$defaultToken->getName(),
-			$defaultToken->getType(),
-			$defaultToken->getRemember()
-		);
-
-		$pkToken->setExpires($defaultToken->getExpires());
-		$pkToken->setId($defaultToken->getId());
-
-		return $this->mapper->update($pkToken);
-	}
-
 	/**
 	 * @throws \RuntimeException when OpenSSL reports a problem
 	 */

lib/private/Server.php

@@ -522,11 +522,11 @@ class Server extends ServerContainer implements IServerContainer {
 			$session = new \OC\Session\Memory('');
 			$timeFactory = new TimeFactory();
 			// Token providers might require a working database. This code
-			// might however be called when ownCloud is not yet setup.
+			// might however be called when Nextcloud is not yet setup.
 			if (\OC::$server->get(SystemConfig::class)->getValue('installed', false)) {
-				$defaultTokenProvider = $c->get(IProvider::class);
+				$provider = $c->get(IProvider::class);
 			} else {
-				$defaultTokenProvider = null;
+				$provider = null;
 			}
 
 			$legacyDispatcher = $c->get(SymfonyAdapter::class);
@@ -535,7 +535,7 @@ class Server extends ServerContainer implements IServerContainer {
 				$manager,
 				$session,
 				$timeFactory,
-				$defaultTokenProvider,
+				$provider,
 				$c->get(\OCP\IConfig::class),
 				$c->get(ISecureRandom::class),
 				$c->getLockdownManager(),

lib/private/Setup.php

@@ -52,8 +52,7 @@ use bantu\IniGetWrapper\IniGetWrapper;
 use Exception;
 use InvalidArgumentException;
 use OC\App\AppStore\Bundles\BundleFetcher;
-use OC\Authentication\Token\DefaultTokenCleanupJob;
-use OC\Authentication\Token\DefaultTokenProvider;
+use OC\Authentication\Token\PublicKeyTokenProvider;
 use OC\Log\Rotate;
 use OC\Preview\BackgroundCleanupJob;
 use OCP\AppFramework\Utility\ITimeFactory;
@@ -432,8 +431,8 @@ class Setup {
 			// The token provider requires a working db, so it's not injected on setup
 			/* @var $userSession User\Session */
 			$userSession = \OC::$server->getUserSession();
-			$defaultTokenProvider = \OC::$server->query(DefaultTokenProvider::class);
-			$userSession->setTokenProvider($defaultTokenProvider);
+			$provider = \OC::$server->query(PublicKeyTokenProvider::class);
+			$userSession->setTokenProvider($provider);
 			$userSession->login($username, $password);
 			$userSession->createSessionToken($request, $userSession->getUser()->getUID(), $username, $password);
 
@@ -451,7 +450,6 @@ class Setup {
 
 	public static function installBackgroundJobs() {
 		$jobList = \OC::$server->getJobList();
-		$jobList->add(DefaultTokenCleanupJob::class);
 		$jobList->add(Rotate::class);
 		$jobList->add(BackgroundCleanupJob::class);
 	}

lib/private/User/Session.php

@@ -123,7 +123,7 @@ class Session implements IUserSession, Emitter {
 	 * @param Manager $manager
 	 * @param ISession $session
 	 * @param ITimeFactory $timeFactory
-	 * @param IProvider $tokenProvider
+	 * @param IProvider|null $tokenProvider
 	 * @param IConfig $config
 	 * @param ISecureRandom $random
 	 * @param ILockdownManager $lockdownManager
@@ -132,7 +132,7 @@ class Session implements IUserSession, Emitter {
 	public function __construct(Manager $manager,
 								ISession $session,
 								ITimeFactory $timeFactory,
-								$tokenProvider,
+								?IProvider $tokenProvider,
 								IConfig $config,
 								ISecureRandom $random,
 								ILockdownManager $lockdownManager,