PublicKeyTokenMapper.php 8.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259
  1. <?php
  2. declare(strict_types=1);
  3. /**
  4. * @copyright Copyright (c) 2018 Roeland Jago Douma <roeland@famdouma.nl>
  5. *
  6. * @author Christoph Wurst <christoph@winzerhof-wurst.at>
  7. * @author Daniel Kesselberg <mail@danielkesselberg.de>
  8. * @author Roeland Jago Douma <roeland@famdouma.nl>
  9. *
  10. * @license GNU AGPL version 3 or any later version
  11. *
  12. * This program is free software: you can redistribute it and/or modify
  13. * it under the terms of the GNU Affero General Public License as
  14. * published by the Free Software Foundation, either version 3 of the
  15. * License, or (at your option) any later version.
  16. *
  17. * This program is distributed in the hope that it will be useful,
  18. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  19. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  20. * GNU Affero General Public License for more details.
  21. *
  22. * You should have received a copy of the GNU Affero General Public License
  23. * along with this program. If not, see <http://www.gnu.org/licenses/>.
  24. *
  25. */
  26. namespace OC\Authentication\Token;
  27. use OCP\AppFramework\Db\DoesNotExistException;
  28. use OCP\AppFramework\Db\QBMapper;
  29. use OCP\DB\QueryBuilder\IQueryBuilder;
  30. use OCP\IDBConnection;
  31. /**
  32. * @template-extends QBMapper<PublicKeyToken>
  33. */
  34. class PublicKeyTokenMapper extends QBMapper {
  35. public function __construct(IDBConnection $db) {
  36. parent::__construct($db, 'authtoken');
  37. }
  38. /**
  39. * Invalidate (delete) a given token
  40. *
  41. * @param string $token
  42. */
  43. public function invalidate(string $token) {
  44. /* @var $qb IQueryBuilder */
  45. $qb = $this->db->getQueryBuilder();
  46. $qb->delete($this->tableName)
  47. ->where($qb->expr()->eq('token', $qb->createNamedParameter($token)))
  48. ->andWhere($qb->expr()->eq('version', $qb->createNamedParameter(PublicKeyToken::VERSION, IQueryBuilder::PARAM_INT)))
  49. ->execute();
  50. }
  51. /**
  52. * @param int $olderThan
  53. * @param int $remember
  54. */
  55. public function invalidateOld(int $olderThan, int $remember = IToken::DO_NOT_REMEMBER) {
  56. /* @var $qb IQueryBuilder */
  57. $qb = $this->db->getQueryBuilder();
  58. $qb->delete($this->tableName)
  59. ->where($qb->expr()->lt('last_activity', $qb->createNamedParameter($olderThan, IQueryBuilder::PARAM_INT)))
  60. ->andWhere($qb->expr()->eq('type', $qb->createNamedParameter(IToken::TEMPORARY_TOKEN, IQueryBuilder::PARAM_INT)))
  61. ->andWhere($qb->expr()->eq('remember', $qb->createNamedParameter($remember, IQueryBuilder::PARAM_INT)))
  62. ->andWhere($qb->expr()->eq('version', $qb->createNamedParameter(PublicKeyToken::VERSION, IQueryBuilder::PARAM_INT)))
  63. ->execute();
  64. }
  65. /**
  66. * Get the user UID for the given token
  67. *
  68. * @throws DoesNotExistException
  69. */
  70. public function getToken(string $token): PublicKeyToken {
  71. /* @var $qb IQueryBuilder */
  72. $qb = $this->db->getQueryBuilder();
  73. $result = $qb->select('*')
  74. ->from($this->tableName)
  75. ->where($qb->expr()->eq('token', $qb->createNamedParameter($token)))
  76. ->andWhere($qb->expr()->eq('version', $qb->createNamedParameter(PublicKeyToken::VERSION, IQueryBuilder::PARAM_INT)))
  77. ->execute();
  78. $data = $result->fetch();
  79. $result->closeCursor();
  80. if ($data === false) {
  81. throw new DoesNotExistException('token does not exist');
  82. }
  83. return PublicKeyToken::fromRow($data);
  84. }
  85. /**
  86. * Get the token for $id
  87. *
  88. * @throws DoesNotExistException
  89. */
  90. public function getTokenById(int $id): PublicKeyToken {
  91. /* @var $qb IQueryBuilder */
  92. $qb = $this->db->getQueryBuilder();
  93. $result = $qb->select('*')
  94. ->from($this->tableName)
  95. ->where($qb->expr()->eq('id', $qb->createNamedParameter($id)))
  96. ->andWhere($qb->expr()->eq('version', $qb->createNamedParameter(PublicKeyToken::VERSION, IQueryBuilder::PARAM_INT)))
  97. ->execute();
  98. $data = $result->fetch();
  99. $result->closeCursor();
  100. if ($data === false) {
  101. throw new DoesNotExistException('token does not exist');
  102. }
  103. return PublicKeyToken::fromRow($data);
  104. }
  105. /**
  106. * Get all tokens of a user
  107. *
  108. * The provider may limit the number of result rows in case of an abuse
  109. * where a high number of (session) tokens is generated
  110. *
  111. * @param string $uid
  112. * @return PublicKeyToken[]
  113. */
  114. public function getTokenByUser(string $uid): array {
  115. /* @var $qb IQueryBuilder */
  116. $qb = $this->db->getQueryBuilder();
  117. $qb->select('*')
  118. ->from($this->tableName)
  119. ->where($qb->expr()->eq('uid', $qb->createNamedParameter($uid)))
  120. ->andWhere($qb->expr()->eq('version', $qb->createNamedParameter(PublicKeyToken::VERSION, IQueryBuilder::PARAM_INT)))
  121. ->setMaxResults(1000);
  122. $result = $qb->execute();
  123. $data = $result->fetchAll();
  124. $result->closeCursor();
  125. $entities = array_map(function ($row) {
  126. return PublicKeyToken::fromRow($row);
  127. }, $data);
  128. return $entities;
  129. }
  130. public function deleteById(string $uid, int $id) {
  131. /* @var $qb IQueryBuilder */
  132. $qb = $this->db->getQueryBuilder();
  133. $qb->delete($this->tableName)
  134. ->where($qb->expr()->eq('id', $qb->createNamedParameter($id)))
  135. ->andWhere($qb->expr()->eq('uid', $qb->createNamedParameter($uid)))
  136. ->andWhere($qb->expr()->eq('version', $qb->createNamedParameter(PublicKeyToken::VERSION, IQueryBuilder::PARAM_INT)));
  137. $qb->execute();
  138. }
  139. /**
  140. * delete all auth token which belong to a specific client if the client was deleted
  141. *
  142. * @param string $name
  143. */
  144. public function deleteByName(string $name) {
  145. $qb = $this->db->getQueryBuilder();
  146. $qb->delete($this->tableName)
  147. ->where($qb->expr()->eq('name', $qb->createNamedParameter($name), IQueryBuilder::PARAM_STR))
  148. ->andWhere($qb->expr()->eq('version', $qb->createNamedParameter(PublicKeyToken::VERSION, IQueryBuilder::PARAM_INT)));
  149. $qb->execute();
  150. }
  151. public function deleteTempToken(PublicKeyToken $except) {
  152. $qb = $this->db->getQueryBuilder();
  153. $qb->delete($this->tableName)
  154. ->where($qb->expr()->eq('uid', $qb->createNamedParameter($except->getUID())))
  155. ->andWhere($qb->expr()->eq('type', $qb->createNamedParameter(IToken::TEMPORARY_TOKEN)))
  156. ->andWhere($qb->expr()->neq('id', $qb->createNamedParameter($except->getId())))
  157. ->andWhere($qb->expr()->eq('version', $qb->createNamedParameter(PublicKeyToken::VERSION, IQueryBuilder::PARAM_INT)));
  158. $qb->execute();
  159. }
  160. public function hasExpiredTokens(string $uid): bool {
  161. $qb = $this->db->getQueryBuilder();
  162. $qb->select('*')
  163. ->from($this->tableName)
  164. ->where($qb->expr()->eq('uid', $qb->createNamedParameter($uid)))
  165. ->andWhere($qb->expr()->eq('password_invalid', $qb->createNamedParameter(true), IQueryBuilder::PARAM_BOOL))
  166. ->setMaxResults(1);
  167. $cursor = $qb->execute();
  168. $data = $cursor->fetchAll();
  169. $cursor->closeCursor();
  170. return count($data) === 1;
  171. }
  172. /**
  173. * Update the last activity timestamp
  174. *
  175. * In highly concurrent setups it can happen that two parallel processes
  176. * trigger the update at (nearly) the same time. In that special case it's
  177. * not necessary to hit the database with two actual updates. Therefore the
  178. * target last activity is included in the WHERE clause with a few seconds
  179. * of tolerance.
  180. *
  181. * Example:
  182. * - process 1 (P1) reads the token at timestamp 1500
  183. * - process 1 (P2) reads the token at timestamp 1501
  184. * - activity update interval is 100
  185. *
  186. * This means
  187. *
  188. * - P1 will see a last_activity smaller than the current time and update
  189. * the token row
  190. * - If P2 reads after P1 had written, it will see 1600 as last activity
  191. * and the comparison on last_activity won't be truthy. This means no rows
  192. * need to be updated a second time
  193. * - If P2 reads before P1 had written, it will see 1501 as last activity,
  194. * but the comparison on last_activity will still not be truthy and the
  195. * token row is not updated a second time
  196. *
  197. * @param IToken $token
  198. * @param int $now
  199. */
  200. public function updateActivity(IToken $token, int $now): void {
  201. $qb = $this->db->getQueryBuilder();
  202. $update = $qb->update($this->getTableName())
  203. ->set('last_activity', $qb->createNamedParameter($now, IQueryBuilder::PARAM_INT))
  204. ->where(
  205. $qb->expr()->eq('id', $qb->createNamedParameter($token->getId(), IQueryBuilder::PARAM_INT), IQueryBuilder::PARAM_INT),
  206. $qb->expr()->lt('last_activity', $qb->createNamedParameter($now - 15, IQueryBuilder::PARAM_INT), IQueryBuilder::PARAM_INT)
  207. );
  208. $update->executeStatement();
  209. }
  210. public function updateHashesForUser(string $userId, string $passwordHash): void {
  211. $qb = $this->db->getQueryBuilder();
  212. $update = $qb->update($this->getTableName())
  213. ->set('password_hash', $qb->createNamedParameter($passwordHash))
  214. ->where(
  215. $qb->expr()->eq('uid', $qb->createNamedParameter($userId))
  216. );
  217. $update->executeStatement();
  218. }
  219. public function getFirstTokenForUser(string $userId): ?PublicKeyToken {
  220. $qb = $this->db->getQueryBuilder();
  221. $qb->select('*')
  222. ->from($this->getTableName())
  223. ->where($qb->expr()->eq('uid', $qb->createNamedParameter($userId)))
  224. ->setMaxResults(1)
  225. ->orderBy('id');
  226. $result = $qb->executeQuery();
  227. $data = $result->fetch();
  228. $result->closeCursor();
  229. if ($data === false) {
  230. return null;
  231. }
  232. return PublicKeyToken::fromRow($data);
  233. }
  234. }