123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125 |
- <?php
- declare(strict_types=1);
- /**
- * @copyright Copyright (c) 2017 Lukas Reschke <lukas@statuscode.ch>
- *
- * @author Bjoern Schiessle <bjoern@schiessle.org>
- * @author Christoph Wurst <christoph@winzerhof-wurst.at>
- * @author Lukas Reschke <lukas@statuscode.ch>
- * @author Patrik Kernstock <info@pkern.at>
- * @author rakekniven <mark.ziegler@rakekniven.de>
- * @author Roeland Jago Douma <roeland@famdouma.nl>
- *
- * @license GNU AGPL version 3 or any later version
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
- */
- namespace OCA\OAuth2\Controller;
- use OCP\Authentication\Token\IProvider as IAuthTokenProvider;
- use OCA\OAuth2\Db\AccessTokenMapper;
- use OCA\OAuth2\Db\Client;
- use OCA\OAuth2\Db\ClientMapper;
- use OCP\AppFramework\Controller;
- use OCP\AppFramework\Http;
- use OCP\AppFramework\Http\JSONResponse;
- use OCP\IL10N;
- use OCP\IRequest;
- use OCP\IUser;
- use OCP\IUserManager;
- use OCP\Security\ISecureRandom;
- use OCP\Security\ICrypto;
- class SettingsController extends Controller {
- /** @var ClientMapper */
- private $clientMapper;
- /** @var ISecureRandom */
- private $secureRandom;
- /** @var AccessTokenMapper */
- private $accessTokenMapper;
- /** @var IL10N */
- private $l;
- /** @var ICrypto */
- private $crypto;
- /** @var IAuthTokenProvider */
- private $tokenProvider;
- /**
- * @var IUserManager
- */
- private $userManager;
- public const validChars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
- public function __construct(string $appName,
- IRequest $request,
- ClientMapper $clientMapper,
- ISecureRandom $secureRandom,
- AccessTokenMapper $accessTokenMapper,
- IL10N $l,
- ICrypto $crypto,
- IAuthTokenProvider $tokenProvider,
- IUserManager $userManager
- ) {
- parent::__construct($appName, $request);
- $this->secureRandom = $secureRandom;
- $this->clientMapper = $clientMapper;
- $this->accessTokenMapper = $accessTokenMapper;
- $this->l = $l;
- $this->crypto = $crypto;
- $this->tokenProvider = $tokenProvider;
- $this->userManager = $userManager;
- }
- public function addClient(string $name,
- string $redirectUri): JSONResponse {
- if (filter_var($redirectUri, FILTER_VALIDATE_URL) === false) {
- return new JSONResponse(['message' => $this->l->t('Your redirect URL needs to be a full URL for example: https://yourdomain.com/path')], Http::STATUS_BAD_REQUEST);
- }
- $client = new Client();
- $client->setName($name);
- $client->setRedirectUri($redirectUri);
- $secret = $this->secureRandom->generate(64, self::validChars);
- $encryptedSecret = $this->crypto->encrypt($secret);
- $client->setSecret($encryptedSecret);
- $client->setClientIdentifier($this->secureRandom->generate(64, self::validChars));
- $client = $this->clientMapper->insert($client);
- $result = [
- 'id' => $client->getId(),
- 'name' => $client->getName(),
- 'redirectUri' => $client->getRedirectUri(),
- 'clientId' => $client->getClientIdentifier(),
- 'clientSecret' => $secret,
- ];
- return new JSONResponse($result);
- }
- public function deleteClient(int $id): JSONResponse {
- $client = $this->clientMapper->getByUid($id);
- $this->userManager->callForSeenUsers(function (IUser $user) use ($client) {
- $this->tokenProvider->invalidateTokensOfUser($user->getUID(), $client->getName());
- });
- $this->accessTokenMapper->deleteByClientId($id);
- $this->clientMapper->delete($client);
- return new JSONResponse([]);
- }
- }
|