Clean up 2FA provider registry when a user is deleted
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
This commit is contained in:
parent
5fdac43d5b
commit
7768cbb19e
8 changed files with 95 additions and 0 deletions
|
@ -36,6 +36,7 @@ use OC\Authentication\Events\RemoteWipeStarted;
|
||||||
use OC\Authentication\Listeners\RemoteWipeActivityListener;
|
use OC\Authentication\Listeners\RemoteWipeActivityListener;
|
||||||
use OC\Authentication\Listeners\RemoteWipeEmailListener;
|
use OC\Authentication\Listeners\RemoteWipeEmailListener;
|
||||||
use OC\Authentication\Listeners\RemoteWipeNotificationsListener;
|
use OC\Authentication\Listeners\RemoteWipeNotificationsListener;
|
||||||
|
use OC\Authentication\Listeners\UserDeletedStoreCleanupListener;
|
||||||
use OC\Authentication\Notifications\Notifier as AuthenticationNotifier;
|
use OC\Authentication\Notifications\Notifier as AuthenticationNotifier;
|
||||||
use OC\Core\Notification\RemoveLinkSharesNotifier;
|
use OC\Core\Notification\RemoveLinkSharesNotifier;
|
||||||
use OC\DB\MissingIndexInformation;
|
use OC\DB\MissingIndexInformation;
|
||||||
|
@ -44,6 +45,7 @@ use OCP\AppFramework\App;
|
||||||
use OCP\EventDispatcher\IEventDispatcher;
|
use OCP\EventDispatcher\IEventDispatcher;
|
||||||
use OCP\IDBConnection;
|
use OCP\IDBConnection;
|
||||||
use OCP\IServerContainer;
|
use OCP\IServerContainer;
|
||||||
|
use OCP\User\Events\UserDeletedEvent;
|
||||||
use OCP\Util;
|
use OCP\Util;
|
||||||
use Symfony\Component\EventDispatcher\GenericEvent;
|
use Symfony\Component\EventDispatcher\GenericEvent;
|
||||||
|
|
||||||
|
@ -172,6 +174,7 @@ class Application extends App {
|
||||||
$eventDispatcher->addServiceListener(RemoteWipeFinished::class, RemoteWipeActivityListener::class);
|
$eventDispatcher->addServiceListener(RemoteWipeFinished::class, RemoteWipeActivityListener::class);
|
||||||
$eventDispatcher->addServiceListener(RemoteWipeFinished::class, RemoteWipeNotificationsListener::class);
|
$eventDispatcher->addServiceListener(RemoteWipeFinished::class, RemoteWipeNotificationsListener::class);
|
||||||
$eventDispatcher->addServiceListener(RemoteWipeFinished::class, RemoteWipeEmailListener::class);
|
$eventDispatcher->addServiceListener(RemoteWipeFinished::class, RemoteWipeEmailListener::class);
|
||||||
|
$eventDispatcher->addServiceListener(UserDeletedEvent::class, UserDeletedStoreCleanupListener::class);
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -602,6 +602,7 @@ return array(
|
||||||
'OC\\Authentication\\Listeners\\RemoteWipeActivityListener' => $baseDir . '/lib/private/Authentication/Listeners/RemoteWipeActivityListener.php',
|
'OC\\Authentication\\Listeners\\RemoteWipeActivityListener' => $baseDir . '/lib/private/Authentication/Listeners/RemoteWipeActivityListener.php',
|
||||||
'OC\\Authentication\\Listeners\\RemoteWipeEmailListener' => $baseDir . '/lib/private/Authentication/Listeners/RemoteWipeEmailListener.php',
|
'OC\\Authentication\\Listeners\\RemoteWipeEmailListener' => $baseDir . '/lib/private/Authentication/Listeners/RemoteWipeEmailListener.php',
|
||||||
'OC\\Authentication\\Listeners\\RemoteWipeNotificationsListener' => $baseDir . '/lib/private/Authentication/Listeners/RemoteWipeNotificationsListener.php',
|
'OC\\Authentication\\Listeners\\RemoteWipeNotificationsListener' => $baseDir . '/lib/private/Authentication/Listeners/RemoteWipeNotificationsListener.php',
|
||||||
|
'OC\\Authentication\\Listeners\\UserDeletedStoreCleanupListener' => $baseDir . '/lib/private/Authentication/Listeners/UserDeletedStoreCleanupListener.php',
|
||||||
'OC\\Authentication\\LoginCredentials\\Credentials' => $baseDir . '/lib/private/Authentication/LoginCredentials/Credentials.php',
|
'OC\\Authentication\\LoginCredentials\\Credentials' => $baseDir . '/lib/private/Authentication/LoginCredentials/Credentials.php',
|
||||||
'OC\\Authentication\\LoginCredentials\\Store' => $baseDir . '/lib/private/Authentication/LoginCredentials/Store.php',
|
'OC\\Authentication\\LoginCredentials\\Store' => $baseDir . '/lib/private/Authentication/LoginCredentials/Store.php',
|
||||||
'OC\\Authentication\\Login\\ALoginCommand' => $baseDir . '/lib/private/Authentication/Login/ALoginCommand.php',
|
'OC\\Authentication\\Login\\ALoginCommand' => $baseDir . '/lib/private/Authentication/Login/ALoginCommand.php',
|
||||||
|
|
|
@ -631,6 +631,7 @@ class ComposerStaticInit53792487c5a8370acc0b06b1a864ff4c
|
||||||
'OC\\Authentication\\Listeners\\RemoteWipeActivityListener' => __DIR__ . '/../../..' . '/lib/private/Authentication/Listeners/RemoteWipeActivityListener.php',
|
'OC\\Authentication\\Listeners\\RemoteWipeActivityListener' => __DIR__ . '/../../..' . '/lib/private/Authentication/Listeners/RemoteWipeActivityListener.php',
|
||||||
'OC\\Authentication\\Listeners\\RemoteWipeEmailListener' => __DIR__ . '/../../..' . '/lib/private/Authentication/Listeners/RemoteWipeEmailListener.php',
|
'OC\\Authentication\\Listeners\\RemoteWipeEmailListener' => __DIR__ . '/../../..' . '/lib/private/Authentication/Listeners/RemoteWipeEmailListener.php',
|
||||||
'OC\\Authentication\\Listeners\\RemoteWipeNotificationsListener' => __DIR__ . '/../../..' . '/lib/private/Authentication/Listeners/RemoteWipeNotificationsListener.php',
|
'OC\\Authentication\\Listeners\\RemoteWipeNotificationsListener' => __DIR__ . '/../../..' . '/lib/private/Authentication/Listeners/RemoteWipeNotificationsListener.php',
|
||||||
|
'OC\\Authentication\\Listeners\\UserDeletedStoreCleanupListener' => __DIR__ . '/../../..' . '/lib/private/Authentication/Listeners/UserDeletedStoreCleanupListener.php',
|
||||||
'OC\\Authentication\\LoginCredentials\\Credentials' => __DIR__ . '/../../..' . '/lib/private/Authentication/LoginCredentials/Credentials.php',
|
'OC\\Authentication\\LoginCredentials\\Credentials' => __DIR__ . '/../../..' . '/lib/private/Authentication/LoginCredentials/Credentials.php',
|
||||||
'OC\\Authentication\\LoginCredentials\\Store' => __DIR__ . '/../../..' . '/lib/private/Authentication/LoginCredentials/Store.php',
|
'OC\\Authentication\\LoginCredentials\\Store' => __DIR__ . '/../../..' . '/lib/private/Authentication/LoginCredentials/Store.php',
|
||||||
'OC\\Authentication\\Login\\ALoginCommand' => __DIR__ . '/../../..' . '/lib/private/Authentication/Login/ALoginCommand.php',
|
'OC\\Authentication\\Login\\ALoginCommand' => __DIR__ . '/../../..' . '/lib/private/Authentication/Login/ALoginCommand.php',
|
||||||
|
|
|
@ -0,0 +1,50 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
declare(strict_types=1);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @copyright 2020 Christoph Wurst <christoph@winzerhof-wurst.at>
|
||||||
|
*
|
||||||
|
* @author 2020 Christoph Wurst <christoph@winzerhof-wurst.at>
|
||||||
|
*
|
||||||
|
* @license GNU AGPL version 3 or any later version
|
||||||
|
*
|
||||||
|
* This program is free software: you can redistribute it and/or modify
|
||||||
|
* it under the terms of the GNU Affero General Public License as
|
||||||
|
* published by the Free Software Foundation, either version 3 of the
|
||||||
|
* License, or (at your option) any later version.
|
||||||
|
*
|
||||||
|
* This program is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU Affero General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU Affero General Public License
|
||||||
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
|
||||||
|
namespace OC\Authentication\Listeners;
|
||||||
|
|
||||||
|
use OC\Authentication\TwoFactorAuth\Registry;
|
||||||
|
use OCP\EventDispatcher\Event;
|
||||||
|
use OCP\EventDispatcher\IEventListener;
|
||||||
|
use OCP\User\Events\UserDeletedEvent;
|
||||||
|
|
||||||
|
class UserDeletedStoreCleanupListener implements IEventListener {
|
||||||
|
|
||||||
|
/** @var Registry */
|
||||||
|
private $registry;
|
||||||
|
|
||||||
|
public function __construct(Registry $registry) {
|
||||||
|
$this->registry = $registry;
|
||||||
|
}
|
||||||
|
|
||||||
|
public function handle(Event $event): void {
|
||||||
|
if (!($event instanceof UserDeletedEvent)) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
$this->registry->deleteUserData($event->getUser());
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -93,6 +93,15 @@ class ProviderUserAssignmentDao {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function deleteByUser(string $uid) {
|
||||||
|
$qb = $this->conn->getQueryBuilder();
|
||||||
|
|
||||||
|
$deleteQuery = $qb->delete(self::TABLE_NAME)
|
||||||
|
->where($qb->expr()->eq('uid', $qb->createNamedParameter($uid)));
|
||||||
|
|
||||||
|
$deleteQuery->execute();
|
||||||
|
}
|
||||||
|
|
||||||
public function deleteAll(string $providerId) {
|
public function deleteAll(string $providerId) {
|
||||||
$qb = $this->conn->getQueryBuilder();
|
$qb = $this->conn->getQueryBuilder();
|
||||||
|
|
||||||
|
|
|
@ -66,6 +66,13 @@ class Registry implements IRegistry {
|
||||||
$this->dispatcher->dispatch(self::EVENT_PROVIDER_DISABLED, $event);
|
$this->dispatcher->dispatch(self::EVENT_PROVIDER_DISABLED, $event);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @todo evaluate if we should emit RegistryEvents for each of the deleted rows -> needs documentation
|
||||||
|
*/
|
||||||
|
public function deleteUserData(IUser $user): void {
|
||||||
|
$this->assignmentDao->deleteByUser($user->getUID());
|
||||||
|
}
|
||||||
|
|
||||||
public function cleanUp(string $providerId) {
|
public function cleanUp(string $providerId) {
|
||||||
$this->assignmentDao->deleteAll($providerId);
|
$this->assignmentDao->deleteAll($providerId);
|
||||||
}
|
}
|
||||||
|
|
|
@ -131,6 +131,20 @@ class ProviderUserAssignmentDaoTest extends TestCase {
|
||||||
$this->assertCount(1, $data);
|
$this->assertCount(1, $data);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function testDeleteByUser() {
|
||||||
|
$this->dao->persist('twofactor_fail', 'user1', 1);
|
||||||
|
$this->dao->persist('twofactor_u2f', 'user1', 1);
|
||||||
|
$this->dao->persist('twofactor_fail', 'user2', 0);
|
||||||
|
$this->dao->persist('twofactor_u2f', 'user1', 0);
|
||||||
|
|
||||||
|
$this->dao->deleteByUser('user1');
|
||||||
|
|
||||||
|
$statesUser1 = $this->dao->getState('user1');
|
||||||
|
$statesUser2 = $this->dao->getState('user2');
|
||||||
|
$this->assertCount(0, $statesUser1);
|
||||||
|
$this->assertCount(1, $statesUser2);
|
||||||
|
}
|
||||||
|
|
||||||
public function testDeleteAll() {
|
public function testDeleteAll() {
|
||||||
$this->dao->persist('twofactor_fail', 'user1', 1);
|
$this->dao->persist('twofactor_fail', 'user1', 1);
|
||||||
$this->dao->persist('twofactor_u2f', 'user1', 1);
|
$this->dao->persist('twofactor_u2f', 'user1', 1);
|
||||||
|
|
|
@ -108,6 +108,16 @@ class RegistryTest extends TestCase {
|
||||||
$this->registry->disableProviderFor($provider, $user);
|
$this->registry->disableProviderFor($provider, $user);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function testDeleteUserData() {
|
||||||
|
$user = $this->createMock(IUser::class);
|
||||||
|
$user->expects($this->once())->method('getUID')->willReturn('user123');
|
||||||
|
$this->dao->expects($this->once())
|
||||||
|
->method('deleteByUser')
|
||||||
|
->with('user123');
|
||||||
|
|
||||||
|
$this->registry->deleteUserData($user);
|
||||||
|
}
|
||||||
|
|
||||||
public function testCleanUp() {
|
public function testCleanUp() {
|
||||||
$this->dao->expects($this->once())
|
$this->dao->expects($this->once())
|
||||||
->method('deleteAll')
|
->method('deleteAll')
|
||||||
|
|
Loading…
Reference in a new issue