* * @author Bjoern Schiessle * @author Christoph Wurst * @author Lukas Reschke * @author Patrik Kernstock * @author rakekniven * @author Roeland Jago Douma * * @license GNU AGPL version 3 or any later version * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU Affero General Public License as * published by the Free Software Foundation, either version 3 of the * License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Affero General Public License for more details. * * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . * */ namespace OCA\OAuth2\Controller; use OCP\Authentication\Token\IProvider as IAuthTokenProvider; use OCA\OAuth2\Db\AccessTokenMapper; use OCA\OAuth2\Db\Client; use OCA\OAuth2\Db\ClientMapper; use OCP\AppFramework\Controller; use OCP\AppFramework\Http; use OCP\AppFramework\Http\JSONResponse; use OCP\IL10N; use OCP\IRequest; use OCP\IUser; use OCP\IUserManager; use OCP\Security\ISecureRandom; use OCP\Security\ICrypto; class SettingsController extends Controller { /** @var ClientMapper */ private $clientMapper; /** @var ISecureRandom */ private $secureRandom; /** @var AccessTokenMapper */ private $accessTokenMapper; /** @var IL10N */ private $l; /** @var ICrypto */ private $crypto; /** @var IAuthTokenProvider */ private $tokenProvider; /** * @var IUserManager */ private $userManager; public const validChars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'; public function __construct(string $appName, IRequest $request, ClientMapper $clientMapper, ISecureRandom $secureRandom, AccessTokenMapper $accessTokenMapper, IL10N $l, ICrypto $crypto, IAuthTokenProvider $tokenProvider, IUserManager $userManager ) { parent::__construct($appName, $request); $this->secureRandom = $secureRandom; $this->clientMapper = $clientMapper; $this->accessTokenMapper = $accessTokenMapper; $this->l = $l; $this->crypto = $crypto; $this->tokenProvider = $tokenProvider; $this->userManager = $userManager; } public function addClient(string $name, string $redirectUri): JSONResponse { if (filter_var($redirectUri, FILTER_VALIDATE_URL) === false) { return new JSONResponse(['message' => $this->l->t('Your redirect URL needs to be a full URL for example: https://yourdomain.com/path')], Http::STATUS_BAD_REQUEST); } $client = new Client(); $client->setName($name); $client->setRedirectUri($redirectUri); $secret = $this->secureRandom->generate(64, self::validChars); $encryptedSecret = $this->crypto->encrypt($secret); $client->setSecret($encryptedSecret); $client->setClientIdentifier($this->secureRandom->generate(64, self::validChars)); $client = $this->clientMapper->insert($client); $result = [ 'id' => $client->getId(), 'name' => $client->getName(), 'redirectUri' => $client->getRedirectUri(), 'clientId' => $client->getClientIdentifier(), 'clientSecret' => $secret, ]; return new JSONResponse($result); } public function deleteClient(int $id): JSONResponse { $client = $this->clientMapper->getByUid($id); $this->userManager->callForSeenUsers(function (IUser $user) use ($client) { $this->tokenProvider->invalidateTokensOfUser($user->getUID(), $client->getName()); }); $this->accessTokenMapper->deleteByClientId($id); $this->clientMapper->delete($client); return new JSONResponse([]); } }