Clean up 2FA provider registry when a user is deleted

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
This commit is contained in:
Christoph Wurst 2020-01-08 10:51:44 +01:00 committed by Backportbot
parent 5fdac43d5b
commit 7768cbb19e
8 changed files with 95 additions and 0 deletions

View file

@ -36,6 +36,7 @@ use OC\Authentication\Events\RemoteWipeStarted;
use OC\Authentication\Listeners\RemoteWipeActivityListener; use OC\Authentication\Listeners\RemoteWipeActivityListener;
use OC\Authentication\Listeners\RemoteWipeEmailListener; use OC\Authentication\Listeners\RemoteWipeEmailListener;
use OC\Authentication\Listeners\RemoteWipeNotificationsListener; use OC\Authentication\Listeners\RemoteWipeNotificationsListener;
use OC\Authentication\Listeners\UserDeletedStoreCleanupListener;
use OC\Authentication\Notifications\Notifier as AuthenticationNotifier; use OC\Authentication\Notifications\Notifier as AuthenticationNotifier;
use OC\Core\Notification\RemoveLinkSharesNotifier; use OC\Core\Notification\RemoveLinkSharesNotifier;
use OC\DB\MissingIndexInformation; use OC\DB\MissingIndexInformation;
@ -44,6 +45,7 @@ use OCP\AppFramework\App;
use OCP\EventDispatcher\IEventDispatcher; use OCP\EventDispatcher\IEventDispatcher;
use OCP\IDBConnection; use OCP\IDBConnection;
use OCP\IServerContainer; use OCP\IServerContainer;
use OCP\User\Events\UserDeletedEvent;
use OCP\Util; use OCP\Util;
use Symfony\Component\EventDispatcher\GenericEvent; use Symfony\Component\EventDispatcher\GenericEvent;
@ -172,6 +174,7 @@ class Application extends App {
$eventDispatcher->addServiceListener(RemoteWipeFinished::class, RemoteWipeActivityListener::class); $eventDispatcher->addServiceListener(RemoteWipeFinished::class, RemoteWipeActivityListener::class);
$eventDispatcher->addServiceListener(RemoteWipeFinished::class, RemoteWipeNotificationsListener::class); $eventDispatcher->addServiceListener(RemoteWipeFinished::class, RemoteWipeNotificationsListener::class);
$eventDispatcher->addServiceListener(RemoteWipeFinished::class, RemoteWipeEmailListener::class); $eventDispatcher->addServiceListener(RemoteWipeFinished::class, RemoteWipeEmailListener::class);
$eventDispatcher->addServiceListener(UserDeletedEvent::class, UserDeletedStoreCleanupListener::class);
} }
} }

View file

@ -602,6 +602,7 @@ return array(
'OC\\Authentication\\Listeners\\RemoteWipeActivityListener' => $baseDir . '/lib/private/Authentication/Listeners/RemoteWipeActivityListener.php', 'OC\\Authentication\\Listeners\\RemoteWipeActivityListener' => $baseDir . '/lib/private/Authentication/Listeners/RemoteWipeActivityListener.php',
'OC\\Authentication\\Listeners\\RemoteWipeEmailListener' => $baseDir . '/lib/private/Authentication/Listeners/RemoteWipeEmailListener.php', 'OC\\Authentication\\Listeners\\RemoteWipeEmailListener' => $baseDir . '/lib/private/Authentication/Listeners/RemoteWipeEmailListener.php',
'OC\\Authentication\\Listeners\\RemoteWipeNotificationsListener' => $baseDir . '/lib/private/Authentication/Listeners/RemoteWipeNotificationsListener.php', 'OC\\Authentication\\Listeners\\RemoteWipeNotificationsListener' => $baseDir . '/lib/private/Authentication/Listeners/RemoteWipeNotificationsListener.php',
'OC\\Authentication\\Listeners\\UserDeletedStoreCleanupListener' => $baseDir . '/lib/private/Authentication/Listeners/UserDeletedStoreCleanupListener.php',
'OC\\Authentication\\LoginCredentials\\Credentials' => $baseDir . '/lib/private/Authentication/LoginCredentials/Credentials.php', 'OC\\Authentication\\LoginCredentials\\Credentials' => $baseDir . '/lib/private/Authentication/LoginCredentials/Credentials.php',
'OC\\Authentication\\LoginCredentials\\Store' => $baseDir . '/lib/private/Authentication/LoginCredentials/Store.php', 'OC\\Authentication\\LoginCredentials\\Store' => $baseDir . '/lib/private/Authentication/LoginCredentials/Store.php',
'OC\\Authentication\\Login\\ALoginCommand' => $baseDir . '/lib/private/Authentication/Login/ALoginCommand.php', 'OC\\Authentication\\Login\\ALoginCommand' => $baseDir . '/lib/private/Authentication/Login/ALoginCommand.php',

View file

@ -631,6 +631,7 @@ class ComposerStaticInit53792487c5a8370acc0b06b1a864ff4c
'OC\\Authentication\\Listeners\\RemoteWipeActivityListener' => __DIR__ . '/../../..' . '/lib/private/Authentication/Listeners/RemoteWipeActivityListener.php', 'OC\\Authentication\\Listeners\\RemoteWipeActivityListener' => __DIR__ . '/../../..' . '/lib/private/Authentication/Listeners/RemoteWipeActivityListener.php',
'OC\\Authentication\\Listeners\\RemoteWipeEmailListener' => __DIR__ . '/../../..' . '/lib/private/Authentication/Listeners/RemoteWipeEmailListener.php', 'OC\\Authentication\\Listeners\\RemoteWipeEmailListener' => __DIR__ . '/../../..' . '/lib/private/Authentication/Listeners/RemoteWipeEmailListener.php',
'OC\\Authentication\\Listeners\\RemoteWipeNotificationsListener' => __DIR__ . '/../../..' . '/lib/private/Authentication/Listeners/RemoteWipeNotificationsListener.php', 'OC\\Authentication\\Listeners\\RemoteWipeNotificationsListener' => __DIR__ . '/../../..' . '/lib/private/Authentication/Listeners/RemoteWipeNotificationsListener.php',
'OC\\Authentication\\Listeners\\UserDeletedStoreCleanupListener' => __DIR__ . '/../../..' . '/lib/private/Authentication/Listeners/UserDeletedStoreCleanupListener.php',
'OC\\Authentication\\LoginCredentials\\Credentials' => __DIR__ . '/../../..' . '/lib/private/Authentication/LoginCredentials/Credentials.php', 'OC\\Authentication\\LoginCredentials\\Credentials' => __DIR__ . '/../../..' . '/lib/private/Authentication/LoginCredentials/Credentials.php',
'OC\\Authentication\\LoginCredentials\\Store' => __DIR__ . '/../../..' . '/lib/private/Authentication/LoginCredentials/Store.php', 'OC\\Authentication\\LoginCredentials\\Store' => __DIR__ . '/../../..' . '/lib/private/Authentication/LoginCredentials/Store.php',
'OC\\Authentication\\Login\\ALoginCommand' => __DIR__ . '/../../..' . '/lib/private/Authentication/Login/ALoginCommand.php', 'OC\\Authentication\\Login\\ALoginCommand' => __DIR__ . '/../../..' . '/lib/private/Authentication/Login/ALoginCommand.php',

View file

@ -0,0 +1,50 @@
<?php
declare(strict_types=1);
/**
* @copyright 2020 Christoph Wurst <christoph@winzerhof-wurst.at>
*
* @author 2020 Christoph Wurst <christoph@winzerhof-wurst.at>
*
* @license GNU AGPL version 3 or any later version
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
namespace OC\Authentication\Listeners;
use OC\Authentication\TwoFactorAuth\Registry;
use OCP\EventDispatcher\Event;
use OCP\EventDispatcher\IEventListener;
use OCP\User\Events\UserDeletedEvent;
class UserDeletedStoreCleanupListener implements IEventListener {
/** @var Registry */
private $registry;
public function __construct(Registry $registry) {
$this->registry = $registry;
}
public function handle(Event $event): void {
if (!($event instanceof UserDeletedEvent)) {
return;
}
$this->registry->deleteUserData($event->getUser());
}
}

View file

@ -93,6 +93,15 @@ class ProviderUserAssignmentDao {
} }
public function deleteByUser(string $uid) {
$qb = $this->conn->getQueryBuilder();
$deleteQuery = $qb->delete(self::TABLE_NAME)
->where($qb->expr()->eq('uid', $qb->createNamedParameter($uid)));
$deleteQuery->execute();
}
public function deleteAll(string $providerId) { public function deleteAll(string $providerId) {
$qb = $this->conn->getQueryBuilder(); $qb = $this->conn->getQueryBuilder();

View file

@ -66,6 +66,13 @@ class Registry implements IRegistry {
$this->dispatcher->dispatch(self::EVENT_PROVIDER_DISABLED, $event); $this->dispatcher->dispatch(self::EVENT_PROVIDER_DISABLED, $event);
} }
/**
* @todo evaluate if we should emit RegistryEvents for each of the deleted rows -> needs documentation
*/
public function deleteUserData(IUser $user): void {
$this->assignmentDao->deleteByUser($user->getUID());
}
public function cleanUp(string $providerId) { public function cleanUp(string $providerId) {
$this->assignmentDao->deleteAll($providerId); $this->assignmentDao->deleteAll($providerId);
} }

View file

@ -131,6 +131,20 @@ class ProviderUserAssignmentDaoTest extends TestCase {
$this->assertCount(1, $data); $this->assertCount(1, $data);
} }
public function testDeleteByUser() {
$this->dao->persist('twofactor_fail', 'user1', 1);
$this->dao->persist('twofactor_u2f', 'user1', 1);
$this->dao->persist('twofactor_fail', 'user2', 0);
$this->dao->persist('twofactor_u2f', 'user1', 0);
$this->dao->deleteByUser('user1');
$statesUser1 = $this->dao->getState('user1');
$statesUser2 = $this->dao->getState('user2');
$this->assertCount(0, $statesUser1);
$this->assertCount(1, $statesUser2);
}
public function testDeleteAll() { public function testDeleteAll() {
$this->dao->persist('twofactor_fail', 'user1', 1); $this->dao->persist('twofactor_fail', 'user1', 1);
$this->dao->persist('twofactor_u2f', 'user1', 1); $this->dao->persist('twofactor_u2f', 'user1', 1);

View file

@ -108,6 +108,16 @@ class RegistryTest extends TestCase {
$this->registry->disableProviderFor($provider, $user); $this->registry->disableProviderFor($provider, $user);
} }
public function testDeleteUserData() {
$user = $this->createMock(IUser::class);
$user->expects($this->once())->method('getUID')->willReturn('user123');
$this->dao->expects($this->once())
->method('deleteByUser')
->with('user123');
$this->registry->deleteUserData($user);
}
public function testCleanUp() { public function testCleanUp() {
$this->dao->expects($this->once()) $this->dao->expects($this->once())
->method('deleteAll') ->method('deleteAll')