add login credential store

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
This commit is contained in:
Christoph Wurst 2016-11-08 09:15:02 +01:00 committed by Roeland Jago Douma
parent fab82e9780
commit a6dca9e7a0
No known key found for this signature in database
GPG key ID: F941078878347C0C
11 changed files with 496 additions and 0 deletions

View file

@ -54,7 +54,10 @@ return array(
'OCP\\App\\AppPathNotFoundException' => $baseDir . '/lib/public/App/AppPathNotFoundException.php',
'OCP\\App\\IAppManager' => $baseDir . '/lib/public/App/IAppManager.php',
'OCP\\App\\ManagerEvent' => $baseDir . '/lib/public/App/ManagerEvent.php',
'OCP\\Authentication\\Exceptions\\CredentialsUnavailableException' => $baseDir . '/lib/public/Authentication/Exceptions/CredentialsUnavailableException.php',
'OCP\\Authentication\\IApacheBackend' => $baseDir . '/lib/public/Authentication/IApacheBackend.php',
'OCP\\Authentication\\LoginCredentials\\ICredentials' => $baseDir . '/lib/public/Authentication/LoginCredentials/ICredentials.php',
'OCP\\Authentication\\LoginCredentials\\IStore' => $baseDir . '/lib/public/Authentication/LoginCredentials/IStore.php',
'OCP\\Authentication\\TwoFactorAuth\\IProvider' => $baseDir . '/lib/public/Authentication/TwoFactorAuth/IProvider.php',
'OCP\\Authentication\\TwoFactorAuth\\TwoFactorException' => $baseDir . '/lib/public/Authentication/TwoFactorAuth/TwoFactorException.php',
'OCP\\AutoloadNotAllowedException' => $baseDir . '/lib/public/AutoloadNotAllowedException.php',
@ -320,6 +323,8 @@ return array(
'OC\\Authentication\\Exceptions\\PasswordlessTokenException' => $baseDir . '/lib/private/Authentication/Exceptions/PasswordlessTokenException.php',
'OC\\Authentication\\Exceptions\\TwoFactorAuthRequiredException' => $baseDir . '/lib/private/Authentication/Exceptions/TwoFactorAuthRequiredException.php',
'OC\\Authentication\\Exceptions\\UserAlreadyLoggedInException' => $baseDir . '/lib/private/Authentication/Exceptions/UserAlreadyLoggedInException.php',
'OC\\Authentication\\LoginCredentials\\Credentials' => $baseDir . '/lib/private/Authentication/LoginCredentials/Credentials.php',
'OC\\Authentication\\LoginCredentials\\Store' => $baseDir . '/lib/private/Authentication/LoginCredentials/Store.php',
'OC\\Authentication\\Token\\DefaultToken' => $baseDir . '/lib/private/Authentication/Token/DefaultToken.php',
'OC\\Authentication\\Token\\DefaultTokenCleanupJob' => $baseDir . '/lib/private/Authentication/Token/DefaultTokenCleanupJob.php',
'OC\\Authentication\\Token\\DefaultTokenMapper' => $baseDir . '/lib/private/Authentication/Token/DefaultTokenMapper.php',

View file

@ -84,7 +84,10 @@ class ComposerStaticInit53792487c5a8370acc0b06b1a864ff4c
'OCP\\App\\AppPathNotFoundException' => __DIR__ . '/../../..' . '/lib/public/App/AppPathNotFoundException.php',
'OCP\\App\\IAppManager' => __DIR__ . '/../../..' . '/lib/public/App/IAppManager.php',
'OCP\\App\\ManagerEvent' => __DIR__ . '/../../..' . '/lib/public/App/ManagerEvent.php',
'OCP\\Authentication\\Exceptions\\CredentialsUnavailableException' => __DIR__ . '/../../..' . '/lib/public/Authentication/Exceptions/CredentialsUnavailableException.php',
'OCP\\Authentication\\IApacheBackend' => __DIR__ . '/../../..' . '/lib/public/Authentication/IApacheBackend.php',
'OCP\\Authentication\\LoginCredentials\\ICredentials' => __DIR__ . '/../../..' . '/lib/public/Authentication/LoginCredentials/ICredentials.php',
'OCP\\Authentication\\LoginCredentials\\IStore' => __DIR__ . '/../../..' . '/lib/public/Authentication/LoginCredentials/IStore.php',
'OCP\\Authentication\\TwoFactorAuth\\IProvider' => __DIR__ . '/../../..' . '/lib/public/Authentication/TwoFactorAuth/IProvider.php',
'OCP\\Authentication\\TwoFactorAuth\\TwoFactorException' => __DIR__ . '/../../..' . '/lib/public/Authentication/TwoFactorAuth/TwoFactorException.php',
'OCP\\AutoloadNotAllowedException' => __DIR__ . '/../../..' . '/lib/public/AutoloadNotAllowedException.php',
@ -350,6 +353,8 @@ class ComposerStaticInit53792487c5a8370acc0b06b1a864ff4c
'OC\\Authentication\\Exceptions\\PasswordlessTokenException' => __DIR__ . '/../../..' . '/lib/private/Authentication/Exceptions/PasswordlessTokenException.php',
'OC\\Authentication\\Exceptions\\TwoFactorAuthRequiredException' => __DIR__ . '/../../..' . '/lib/private/Authentication/Exceptions/TwoFactorAuthRequiredException.php',
'OC\\Authentication\\Exceptions\\UserAlreadyLoggedInException' => __DIR__ . '/../../..' . '/lib/private/Authentication/Exceptions/UserAlreadyLoggedInException.php',
'OC\\Authentication\\LoginCredentials\\Credentials' => __DIR__ . '/../../..' . '/lib/private/Authentication/LoginCredentials/Credentials.php',
'OC\\Authentication\\LoginCredentials\\Store' => __DIR__ . '/../../..' . '/lib/private/Authentication/LoginCredentials/Store.php',
'OC\\Authentication\\Token\\DefaultToken' => __DIR__ . '/../../..' . '/lib/private/Authentication/Token/DefaultToken.php',
'OC\\Authentication\\Token\\DefaultTokenCleanupJob' => __DIR__ . '/../../..' . '/lib/private/Authentication/Token/DefaultTokenCleanupJob.php',
'OC\\Authentication\\Token\\DefaultTokenMapper' => __DIR__ . '/../../..' . '/lib/private/Authentication/Token/DefaultTokenMapper.php',

View file

@ -91,6 +91,10 @@ class DIContainer extends SimpleContainer implements IAppContainer {
return new Output($this->getServer()->getWebRoot());
});
$this->registerService(\OCP\Authentication\LoginCredentials\IStore::class, function() {
return $this->getServer()->query(\OCP\Authentication\LoginCredentials\IStore::class);
});
$this->registerService('OCP\\IAvatarManager', function($c) {
return $this->getServer()->getAvatarManager();
});

View file

@ -0,0 +1,72 @@
<?php
/**
* @copyright 2016 Christoph Wurst <christoph@winzerhof-wurst.at>
*
* @author 2016 Christoph Wurst <christoph@winzerhof-wurst.at>
*
* @license GNU AGPL version 3 or any later version
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
namespace OC\Authentication\LoginCredentials;
use OCP\Authentication\LoginCredentials\ICredentials;
class Credentials implements ICredentials {
/** @var string */
private $uid;
/** @var string */
private $loginName;
/** @var string */
private $password;
/**
* @param string $uid
* @param string $loginName
* @param string $password
*/
public function __construct($uid, $loginName, $password) {
$this->uid = $uid;
$this->loginName = $loginName;
$this->password = $password;
}
/**
* @return string
*/
public function getUID() {
return $this->uid;
}
/**
* @return string
*/
public function getLoginName() {
return $this->loginName;
}
/**
* @return string
*/
public function getPassword() {
return $this->password;
}
}

View file

@ -0,0 +1,86 @@
<?php
/**
* @copyright 2016 Christoph Wurst <christoph@winzerhof-wurst.at>
*
* @author 2016 Christoph Wurst <christoph@winzerhof-wurst.at>
*
* @license GNU AGPL version 3 or any later version
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
namespace OC\Authentication\LoginCredentials;
use OC\Authentication\Exceptions\InvalidTokenException;
use OC\Authentication\Exceptions\PasswordlessTokenException;
use OC\Authentication\Token\IProvider;
use OCP\Authentication\Exceptions\CredentialsUnavailableException;
use OCP\Authentication\LoginCredentials\ICredentials;
use OCP\Authentication\LoginCredentials\IStore;
use OCP\ILogger;
use OCP\ISession;
use OCP\Session\Exceptions\SessionNotAvailableException;
class Store implements IStore {
/** @var ISession */
private $session;
/** @var IProvider */
private $tokenProvider;
/** @var ILogger */
private $logger;
/**
* @param ISession $session
* @param IProvider $tokenProvider
* @param ILogger $logger
*/
public function __construct(ISession $session, IProvider $tokenProvider, ILogger $logger) {
$this->session = $session;
$this->tokenProvider = $tokenProvider;
$this->logger = $logger;
}
/**
* @since 9.2
*
* @return ICredentials the login credentials of the current user
* @throws CredentialsUnavailableException
*/
public function getLoginCredentials() {
try {
$sessionId = $this->session->getId();
$token = $this->tokenProvider->getToken($sessionId);
$uid = $token->getUID();
$user = $token->getLoginName();
$password = $this->tokenProvider->getPassword($token, $sessionId);
return new Credentials($uid, $user, $password);
} catch (SessionNotAvailableException $ex) {
$this->logger->debug('could not get login credentials because session is unavailable', ['app' => 'core']);
} catch (InvalidTokenException $ex) {
$this->logger->debug('could not get login credentials because the token is invalid', ['app' => 'core']);
} catch (PasswordlessTokenException $ex) {
$this->logger->debug('could not get login credentials because the token has no password', ['app' => 'core']);
}
// If we reach this line, an exception was thrown.
throw new CredentialsUnavailableException();
}
}

View file

@ -46,6 +46,7 @@ use OC\App\AppStore\Fetcher\AppFetcher;
use OC\App\AppStore\Fetcher\CategoryFetcher;
use OC\AppFramework\Http\Request;
use OC\AppFramework\Utility\TimeFactory;
use OC\Authentication\LoginCredentials\Store;
use OC\Command\AsyncBus;
use OC\Diagnostics\EventLogger;
use OC\Diagnostics\NullEventLogger;
@ -89,6 +90,7 @@ use OC\Security\TrustedDomainHelper;
use OC\Session\CryptoWrapper;
use OC\Tagging\TagMapper;
use OCA\Theming\ThemingDefaults;
use OCP\Authentication\LoginCredentials\IStore;
use OCP\IL10N;
use OCP\IServerContainer;
use OCP\RichObjectStrings\IValidator;
@ -246,6 +248,13 @@ class Server extends ServerContainer implements IServerContainer {
});
return $groupManager;
});
$this->registerService(Store::class, function(Server $c) {
$session = $c->getSession();
$tokenProvider = $c->query('OC\Authentication\Token\DefaultTokenProvider');
$logger = $c->getLogger();
return new Store($session, $tokenProvider, $logger);
});
$this->registerAlias(IStore::class, Store::class);
$this->registerService('OC\Authentication\Token\DefaultTokenMapper', function (Server $c) {
$dbConnection = $c->getDatabaseConnection();
return new Authentication\Token\DefaultTokenMapper($dbConnection);

View file

@ -0,0 +1,34 @@
<?php
/**
* @copyright 2016 Christoph Wurst <christoph@winzerhof-wurst.at>
*
* @author 2016 Christoph Wurst <christoph@winzerhof-wurst.at>
*
* @license GNU AGPL version 3 or any later version
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
namespace OCP\Authentication\Exceptions;
use Exception;
/**
* @since 9.2
*/
class CredentialsUnavailableException extends Exception {
}

View file

@ -0,0 +1,46 @@
<?php
/**
* @copyright 2016 Christoph Wurst <christoph@winzerhof-wurst.at>
*
* @author 2016 Christoph Wurst <christoph@winzerhof-wurst.at>
*
* @license GNU AGPL version 3 or any later version
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
namespace OCP\Authentication\LoginCredentials;
/**
* @since 9.2
*/
interface ICredentials {
/**
* @return string
*/
public function getUID();
/**
* @return string
*/
public function getLoginName();
/**
* @return string
*/
public function getPassword();
}

View file

@ -0,0 +1,42 @@
<?php
/**
* @copyright 2016 Christoph Wurst <christoph@winzerhof-wurst.at>
*
* @author 2016 Christoph Wurst <christoph@winzerhof-wurst.at>
*
* @license GNU AGPL version 3 or any later version
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
namespace OCP\Authentication\LoginCredentials;
use OCP\Authentication\Exceptions\CredentialsUnavailableException;
/**
* @since 9.2
*/
interface IStore {
/**
* @since 9.2
*
* @throws CredentialsUnavailableException
* @return ICredentials the login credentials of the current user
*/
public function getLoginCredentials();
}

View file

@ -0,0 +1,66 @@
<?php
/**
* @copyright 2016 Christoph Wurst <christoph@winzerhof-wurst.at>
*
* @author 2016 Christoph Wurst <christoph@winzerhof-wurst.at>
*
* @license GNU AGPL version 3 or any later version
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
namespace Test\Authentication\LoginCredentials;
use OC\Authentication\LoginCredentials\Credentials;
use Test\TestCase;
class CredentialsTest extends TestCase {
/** @var string */
private $uid;
/** @var string */
private $user;
/** @var string */
private $password;
/** @var Credentials */
private $credentials;
protected function setUp() {
parent::setUp();
$this->uid = 'user123';
$this->user = 'User123';
$this->password = '123456';
$this->credentials = new Credentials($this->uid, $this->user, $this->password);
}
public function testGetUID() {
$this->assertEquals($this->uid, $this->credentials->getUID());
}
public function testGetUserName() {
$this->assertEquals($this->user, $this->credentials->getLoginName());
}
public function testGetPassword() {
$this->assertEquals($this->password, $this->credentials->getPassword());
}
}

View file

@ -0,0 +1,127 @@
<?php
/**
* @copyright 2016 Christoph Wurst <christoph@winzerhof-wurst.at>
*
* @author 2016 Christoph Wurst <christoph@winzerhof-wurst.at>
*
* @license GNU AGPL version 3 or any later version
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
namespace Test\Authentication\LoginCredentials;
use OC\Authentication\Exceptions\InvalidTokenException;
use OC\Authentication\Exceptions\PasswordlessTokenException;
use OC\Authentication\LoginCredentials\Credentials;
use OC\Authentication\LoginCredentials\Store;
use OC\Authentication\Token\IProvider;
use OC\Authentication\Token\IToken;
use OCP\Authentication\Exceptions\CredentialsUnavailableException;
use OCP\ILogger;
use OCP\ISession;
use OCP\Session\Exceptions\SessionNotAvailableException;
use Test\TestCase;
class StoreTest extends TestCase {
/** @var ISession|PHPUnit_Framework_MockObject_MockObject */
private $session;
/** @var IProvider|PHPUnit_Framework_MockObject_MockObject */
private $tokenProvider;
/** @var ILogger|PHPUnit_Framework_MockObject_MockObject */
private $logger;
/** @var Store */
private $store;
protected function setUp() {
parent::setUp();
$this->session = $this->createMock(ISession::class);
$this->tokenProvider = $this->createMock(IProvider::class);
$this->logger = $this->createMock(ILogger::class);
$this->store = new Store($this->session, $this->tokenProvider, $this->logger);
}
public function testGetLoginCredentials() {
$uid = 'uid';
$user = 'user123';
$password = 'passme';
$token = $this->createMock(IToken::class);
$this->session->expects($this->once())
->method('getId')
->will($this->returnValue('sess2233'));
$this->tokenProvider->expects($this->once())
->method('getToken')
->with('sess2233')
->will($this->returnValue($token));
$token->expects($this->once())
->method('getUID')
->will($this->returnValue($uid));
$token->expects($this->once())
->method('getLoginName')
->will($this->returnValue($user));
$this->tokenProvider->expects($this->once())
->method('getPassword')
->with($token, 'sess2233')
->will($this->returnValue($password));
$expected = new Credentials($uid, $user, $password);
$creds = $this->store->getLoginCredentials();
$this->assertEquals($expected, $creds);
}
public function testGetLoginCredentialsSessionNotAvailable() {
$this->session->expects($this->once())
->method('getId')
->will($this->throwException(new SessionNotAvailableException()));
$this->expectException(CredentialsUnavailableException::class);
$this->store->getLoginCredentials();
}
public function testGetLoginCredentialsInvalidToken() {
$this->session->expects($this->once())
->method('getId')
->will($this->returnValue('sess2233'));
$this->tokenProvider->expects($this->once())
->method('getToken')
->with('sess2233')
->will($this->throwException(new InvalidTokenException()));
$this->expectException(CredentialsUnavailableException::class);
$this->store->getLoginCredentials();
}
public function testGetLoginCredentialsPasswordlessToken() {
$this->session->expects($this->once())
->method('getId')
->will($this->returnValue('sess2233'));
$this->tokenProvider->expects($this->once())
->method('getToken')
->with('sess2233')
->will($this->throwException(new PasswordlessTokenException()));
$this->expectException(CredentialsUnavailableException::class);
$this->store->getLoginCredentials();
}
}