CredentialsManager.php 3.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125
  1. <?php
  2. /**
  3. * @copyright Copyright (c) 2016, ownCloud, Inc.
  4. *
  5. * @author Robin McCorkell <robin@mccorkell.me.uk>
  6. *
  7. * @license AGPL-3.0
  8. *
  9. * This code is free software: you can redistribute it and/or modify
  10. * it under the terms of the GNU Affero General Public License, version 3,
  11. * as published by the Free Software Foundation.
  12. *
  13. * This program is distributed in the hope that it will be useful,
  14. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  15. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  16. * GNU Affero General Public License for more details.
  17. *
  18. * You should have received a copy of the GNU Affero General Public License, version 3,
  19. * along with this program. If not, see <http://www.gnu.org/licenses/>
  20. *
  21. */
  22. namespace OC\Security;
  23. use OCP\Security\ICrypto;
  24. use OCP\IDBConnection;
  25. use OCP\Security\ICredentialsManager;
  26. /**
  27. * Store and retrieve credentials for external services
  28. *
  29. * @package OC\Security
  30. */
  31. class CredentialsManager implements ICredentialsManager {
  32. const DB_TABLE = 'credentials';
  33. /** @var ICrypto */
  34. protected $crypto;
  35. /** @var IDBConnection */
  36. protected $dbConnection;
  37. /**
  38. * @param ICrypto $crypto
  39. * @param IDBConnection $dbConnection
  40. */
  41. public function __construct(ICrypto $crypto, IDBConnection $dbConnection) {
  42. $this->crypto = $crypto;
  43. $this->dbConnection = $dbConnection;
  44. }
  45. /**
  46. * Store a set of credentials
  47. *
  48. * @param string|null $userId Null for system-wide credentials
  49. * @param string $identifier
  50. * @param mixed $credentials
  51. */
  52. public function store($userId, $identifier, $credentials) {
  53. $value = $this->crypto->encrypt(json_encode($credentials));
  54. $this->dbConnection->setValues(self::DB_TABLE, [
  55. 'user' => $userId,
  56. 'identifier' => $identifier,
  57. ], [
  58. 'credentials' => $value,
  59. ]);
  60. }
  61. /**
  62. * Retrieve a set of credentials
  63. *
  64. * @param string|null $userId Null for system-wide credentials
  65. * @param string $identifier
  66. * @return mixed
  67. */
  68. public function retrieve($userId, $identifier) {
  69. $qb = $this->dbConnection->getQueryBuilder();
  70. $qb->select('credentials')
  71. ->from(self::DB_TABLE)
  72. ->where($qb->expr()->eq('user', $qb->createNamedParameter($userId)))
  73. ->andWhere($qb->expr()->eq('identifier', $qb->createNamedParameter($identifier)))
  74. ;
  75. $result = $qb->execute()->fetch();
  76. if (!$result) {
  77. return null;
  78. }
  79. $value = $result['credentials'];
  80. return json_decode($this->crypto->decrypt($value), true);
  81. }
  82. /**
  83. * Delete a set of credentials
  84. *
  85. * @param string|null $userId Null for system-wide credentials
  86. * @param string $identifier
  87. * @return int rows removed
  88. */
  89. public function delete($userId, $identifier) {
  90. $qb = $this->dbConnection->getQueryBuilder();
  91. $qb->delete(self::DB_TABLE)
  92. ->where($qb->expr()->eq('user', $qb->createNamedParameter($userId)))
  93. ->andWhere($qb->expr()->eq('identifier', $qb->createNamedParameter($identifier)))
  94. ;
  95. return $qb->execute();
  96. }
  97. /**
  98. * Erase all credentials stored for a user
  99. *
  100. * @param string $userId
  101. * @return int rows removed
  102. */
  103. public function erase($userId) {
  104. $qb = $this->dbConnection->getQueryBuilder();
  105. $qb->delete(self::DB_TABLE)
  106. ->where($qb->expr()->eq('user', $qb->createNamedParameter($userId)))
  107. ;
  108. return $qb->execute();
  109. }
  110. }