RemoteWipe.php 3.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134
  1. <?php
  2. declare(strict_types=1);
  3. /**
  4. * SPDX-FileCopyrightText: 2019 Nextcloud GmbH and Nextcloud contributors
  5. * SPDX-License-Identifier: AGPL-3.0-or-later
  6. */
  7. namespace OC\Authentication\Token;
  8. use OC\Authentication\Events\RemoteWipeFinished;
  9. use OC\Authentication\Events\RemoteWipeStarted;
  10. use OCP\Authentication\Exceptions\InvalidTokenException;
  11. use OCP\Authentication\Exceptions\WipeTokenException;
  12. use OCP\EventDispatcher\IEventDispatcher;
  13. use OCP\IUser;
  14. use Psr\Log\LoggerInterface;
  15. use function array_filter;
  16. class RemoteWipe {
  17. /** @var IProvider */
  18. private $tokenProvider;
  19. /** @var IEventDispatcher */
  20. private $eventDispatcher;
  21. /** @var LoggerInterface */
  22. private $logger;
  23. public function __construct(IProvider $tokenProvider,
  24. IEventDispatcher $eventDispatcher,
  25. LoggerInterface $logger) {
  26. $this->tokenProvider = $tokenProvider;
  27. $this->eventDispatcher = $eventDispatcher;
  28. $this->logger = $logger;
  29. }
  30. /**
  31. * @param IToken $token
  32. * @return bool
  33. *
  34. * @throws InvalidTokenException
  35. * @throws WipeTokenException
  36. */
  37. public function markTokenForWipe(IToken $token): bool {
  38. if (!$token instanceof IWipeableToken) {
  39. return false;
  40. }
  41. $token->wipe();
  42. $this->tokenProvider->updateToken($token);
  43. return true;
  44. }
  45. /**
  46. * @param IUser $user
  47. *
  48. * @return bool true if any tokens have been marked for remote wipe
  49. */
  50. public function markAllTokensForWipe(IUser $user): bool {
  51. $tokens = $this->tokenProvider->getTokenByUser($user->getUID());
  52. /** @var IWipeableToken[] $wipeable */
  53. $wipeable = array_filter($tokens, function (IToken $token) {
  54. return $token instanceof IWipeableToken;
  55. });
  56. if (empty($wipeable)) {
  57. return false;
  58. }
  59. foreach ($wipeable as $token) {
  60. $token->wipe();
  61. $this->tokenProvider->updateToken($token);
  62. }
  63. return true;
  64. }
  65. /**
  66. * @param string $token
  67. *
  68. * @return bool whether wiping was started
  69. * @throws InvalidTokenException
  70. *
  71. */
  72. public function start(string $token): bool {
  73. try {
  74. $this->tokenProvider->getToken($token);
  75. // We expect a WipedTokenException here. If we reach this point this
  76. // is an ordinary token
  77. return false;
  78. } catch (WipeTokenException $e) {
  79. // Expected -> continue below
  80. }
  81. $dbToken = $e->getToken();
  82. $this->logger->info('user ' . $dbToken->getUID() . ' started a remote wipe');
  83. $this->eventDispatcher->dispatch(RemoteWipeStarted::class, new RemoteWipeStarted($dbToken));
  84. return true;
  85. }
  86. /**
  87. * @param string $token
  88. *
  89. * @return bool whether wiping could be finished
  90. * @throws InvalidTokenException
  91. */
  92. public function finish(string $token): bool {
  93. try {
  94. $this->tokenProvider->getToken($token);
  95. // We expect a WipedTokenException here. If we reach this point this
  96. // is an ordinary token
  97. return false;
  98. } catch (WipeTokenException $e) {
  99. // Expected -> continue below
  100. }
  101. $dbToken = $e->getToken();
  102. $this->tokenProvider->invalidateToken($token);
  103. $this->logger->info('user ' . $dbToken->getUID() . ' finished a remote wipe');
  104. $this->eventDispatcher->dispatch(RemoteWipeFinished::class, new RemoteWipeFinished($dbToken));
  105. return true;
  106. }
  107. }