From fb2cd3309a8fd0f60a1fdf11bdfda70378a57fcc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20M=C3=BCller?= Date: Thu, 20 Jul 2017 11:21:20 +0200 Subject: [PATCH 1/2] allow creation of multiple access tokens per client id --- lib/Controller/PageController.php | 4 ---- 1 file changed, 4 deletions(-) diff --git a/lib/Controller/PageController.php b/lib/Controller/PageController.php index 4662ac17..599fa9cd 100755 --- a/lib/Controller/PageController.php +++ b/lib/Controller/PageController.php @@ -201,10 +201,6 @@ public function generateAuthorizationCode($response_type, $client_id, $redirect_ return new RedirectResponse(OC_Util::getDefaultPageUrl()); } - $this->authorizationCodeMapper->deleteByClientUser($client->getId(), $this->userId); - $this->accessTokenMapper->deleteByClientUser($client->getId(), $this->userId); - $this->refreshTokenMapper->deleteByClientUser($client->getId(), $this->userId); - $code = Utilities::generateRandom(); $authorizationCode = new AuthorizationCode(); $authorizationCode->setCode($code); From 9e73eac31f8b7aecb6876dbe0f214cebe446c696 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20M=C3=BCller?= Date: Mon, 24 Jul 2017 15:45:11 +0200 Subject: [PATCH 2/2] Add relation between refresh token and access token .... --- appinfo/Migrations/Version20170724162518.php | 15 +++++++++++ appinfo/info.xml | 2 +- lib/Controller/OAuthApiController.php | 11 +++++--- lib/Db/RefreshToken.php | 4 +++ .../Controller/OAuthApiControllerTest.php | 7 +++-- .../Controller/SettingsControllerTest.php | 1 + tests/Unit/Db/RefreshTokenMapperTest.php | 26 ++++++++++++++++--- 7 files changed, 56 insertions(+), 10 deletions(-) create mode 100644 appinfo/Migrations/Version20170724162518.php diff --git a/appinfo/Migrations/Version20170724162518.php b/appinfo/Migrations/Version20170724162518.php new file mode 100644 index 00000000..4a90612a --- /dev/null +++ b/appinfo/Migrations/Version20170724162518.php @@ -0,0 +1,15 @@ +getTable("{$prefix}oauth2_refresh_tokens"); + $table->addColumn('access_token_id', Type::INTEGER, ['notNull' => false]); + } +} diff --git a/appinfo/info.xml b/appinfo/info.xml index 76fc61ca..1cd5b3ae 100755 --- a/appinfo/info.xml +++ b/appinfo/info.xml @@ -4,7 +4,7 @@ OAuth 2.0 Application for using OAuth 2.0 in ownCloud AGPL - Project Seminar "sciebo@Learnweb" of the University of Münster + Project Seminar "sciebo@Learnweb" of the University of Münster, Thomas Müller 0.1.1 OAuth2 integration diff --git a/lib/Controller/OAuthApiController.php b/lib/Controller/OAuthApiController.php index 8f96d092..b7da2121 100644 --- a/lib/Controller/OAuthApiController.php +++ b/lib/Controller/OAuthApiController.php @@ -148,6 +148,8 @@ public function generateToken($grant_type, $code = null, $this->logger->info('An authorization code has been used by the client "' . $client->getName() . '" to request an access token.', ['app' => $this->appName]); $userId = $authorizationCode->getUserId(); + $this->authorizationCodeMapper->delete($authorizationCode); + break; case 'refresh_token': if (!is_string($refresh_token)) { @@ -168,15 +170,15 @@ public function generateToken($grant_type, $code = null, $this->logger->info('A refresh token has been used by the client "' . $client->getName() . '" to request an access token.', ['app' => $this->appName]); $userId = $refreshToken->getUserId(); + $relatedAccessToken = new AccessToken(); + $relatedAccessToken->setId($refreshToken->getAccessTokenId()); + $this->accessTokenMapper->delete($relatedAccessToken); + $this->refreshTokenMapper->delete($refreshToken); break; default: return new JSONResponse(['error' => 'invalid_grant'], Http::STATUS_BAD_REQUEST); } - $this->authorizationCodeMapper->deleteByClientUser($client->getId(), $userId); - $this->accessTokenMapper->deleteByClientUser($client->getId(), $userId); - $this->refreshTokenMapper->deleteByClientUser($client->getId(), $userId); - $token = Utilities::generateRandom(); $accessToken = new AccessToken(); $accessToken->setToken($token); @@ -190,6 +192,7 @@ public function generateToken($grant_type, $code = null, $refreshToken->setToken($token); $refreshToken->setClientId($client->getId()); $refreshToken->setUserId($userId); + $refreshToken->setAccessTokenId($accessToken->getId()); $this->refreshTokenMapper->insert($refreshToken); return new JSONResponse( diff --git a/lib/Db/RefreshToken.php b/lib/Db/RefreshToken.php index 11408c39..490ca1d5 100644 --- a/lib/Db/RefreshToken.php +++ b/lib/Db/RefreshToken.php @@ -28,18 +28,22 @@ * @method void setClientId(int $clientId) * @method string getUserId() * @method void setUserId(string $userId) + * @method int getAccessTokenId() + * @method void setAccessTokenId(int $accessTokenId) */ class RefreshToken extends Entity { protected $token; protected $clientId; protected $userId; + protected $accessTokenId; public function __construct() { $this->addType('id', 'int'); $this->addType('token', 'string'); $this->addType('client_id', 'int'); $this->addType('user_id', 'string'); + $this->addType('access_token_id', 'int'); } } diff --git a/tests/Unit/Controller/OAuthApiControllerTest.php b/tests/Unit/Controller/OAuthApiControllerTest.php index cb43a8ef..39cdb07d 100755 --- a/tests/Unit/Controller/OAuthApiControllerTest.php +++ b/tests/Unit/Controller/OAuthApiControllerTest.php @@ -30,6 +30,7 @@ use OCA\OAuth2\Db\RefreshToken; use OCA\OAuth2\Db\RefreshTokenMapper; use OCP\AppFramework\Http\JSONResponse; +use OCP\IURLGenerator; use PHPUnit_Framework_TestCase; class OAuthApiControllerTest extends PHPUnit_Framework_TestCase { @@ -133,8 +134,10 @@ public function setUp() { $refreshToken->setToken('GF62kYz7us4yr4Uf1v2IzvsFZaNQZyUZuMIkAJVJaCfz6FM9pecVZXCy3M3amqVV'); $refreshToken->setClientId($this->client1->getId()); $refreshToken->setUserId($this->userId); + $refreshToken->setAccessTokenId($accessToken->getId()); $this->refreshToken = $this->refreshTokenMapper->insert($refreshToken); + /** @var IURLGenerator $urlGenerator */ $urlGenerator = $container->query('ServerContainer')->getURLGenerator(); $this->authorizationSuccessfulMessageUrl = $urlGenerator->linkToRouteAbsolute( $container->query('AppName') . '.page.authorizationSuccessful' @@ -273,8 +276,8 @@ public function testGenerateTokenWithAuthorizationCode() { $this->assertEquals($this->authorizationSuccessfulMessageUrl, $json->message_url); $this->assertEquals(200, $result->getStatus()); $this->assertEquals(0, count($this->authorizationCodeMapper->findAll())); - $this->assertEquals(1, count($this->accessTokenMapper->findAll())); - $this->assertEquals(1, count($this->refreshTokenMapper->findAll())); + $this->assertEquals(2, count($this->accessTokenMapper->findAll())); + $this->assertEquals(2, count($this->refreshTokenMapper->findAll())); } public function testGenerateTokenWithRefreshToken() { diff --git a/tests/Unit/Controller/SettingsControllerTest.php b/tests/Unit/Controller/SettingsControllerTest.php index adb2e5a6..0dce7713 100755 --- a/tests/Unit/Controller/SettingsControllerTest.php +++ b/tests/Unit/Controller/SettingsControllerTest.php @@ -113,6 +113,7 @@ public function setUp() { $refreshToken->setToken('3M3amqVGF62kYz7us4yr4QZyUZuMIAZUf1v2IzvsFJVJaCfz6FM9pecVkVZaNXCy'); $refreshToken->setClientId($this->client->getId()); $refreshToken->setUserId($this->userId); + $refreshToken->setAccessTokenId($accessToken->getId()); $this->refreshTokenMapper->insert($refreshToken); $this->urlGenerator = $this->getMockBuilder(IURLGenerator::class)->getMock(); diff --git a/tests/Unit/Db/RefreshTokenMapperTest.php b/tests/Unit/Db/RefreshTokenMapperTest.php index 05660fde..0a1cddc1 100644 --- a/tests/Unit/Db/RefreshTokenMapperTest.php +++ b/tests/Unit/Db/RefreshTokenMapperTest.php @@ -19,7 +19,10 @@ namespace OCA\OAuth2\Tests\Unit\Db; +use Doctrine\DBAL\Platforms\SqlitePlatform; use OCA\OAuth2\AppInfo\Application; +use OCA\OAuth2\Db\AccessToken; +use OCA\OAuth2\Db\AccessTokenMapper; use OCA\OAuth2\Db\RefreshToken; use OCA\OAuth2\Db\RefreshTokenMapper; use PHPUnit_Framework_TestCase; @@ -38,9 +41,6 @@ class RefreshTokenMapperTest extends PHPUnit_Framework_TestCase { /** @var int $clientId */ private $clientId = 1; - /** @var int $expires */ - private $expires = 12; - /** @var RefreshToken $refreshToken1 */ private $refreshToken1; @@ -49,6 +49,8 @@ class RefreshTokenMapperTest extends PHPUnit_Framework_TestCase { /** @var RefreshToken $refreshToken2 */ private $refreshToken2; + /** @var AccessTokenMapper */ + private $accessTokenMapper; public function setUp() { parent::setUp(); @@ -59,18 +61,36 @@ public function setUp() { $this->refreshTokenMapper = $container->query('OCA\OAuth2\Db\RefreshTokenMapper'); $this->refreshTokenMapper->deleteAll(); + $this->accessTokenMapper = $container->query(AccessTokenMapper::class); + + $accessToken = new AccessToken(); + $accessToken->setToken('3M3amqVGF62kYz7us4yr4QZyUZuMIAZUf1v2IzvsFJVJaCfz6FM9pecVkVZaNXCy'); + $accessToken->setClientId($this->clientId); + $accessToken->setUserId($this->userId); + $accessToken->resetExpires(); + $this->accessTokenMapper->insert($accessToken); + $refreshToken = new RefreshToken(); $refreshToken->setToken($this->token); $refreshToken->setClientId($this->clientId); $refreshToken->setUserId($this->userId); + $refreshToken->setAccessTokenId($accessToken->getId()); $this->refreshToken1 = $this->refreshTokenMapper->insert($refreshToken); $this->id = $this->refreshToken1->getId(); + $accessToken = new AccessToken(); + $accessToken->setToken('3M3amqVGF62kYz7us4yr4QZyUZuMIAZUf1v2IzvsFJVJaCfz6FM9pecVkVZaNXCy'); + $accessToken->setClientId($this->clientId); + $accessToken->setUserId($this->userId); + $accessToken->resetExpires(); + $this->accessTokenMapper->insert($accessToken); + $refreshToken = new RefreshToken(); $refreshToken->setToken('XCy4QZI7s4yr3MmkcVv2IzvkVZUf1asFZaYzuGF6uyUZ6FM9pef2AqVzMJ3VJaCN'); $refreshToken->setClientId(1); $refreshToken->setUserId('max'); + $refreshToken->setAccessTokenId($accessToken->getId()); $this->refreshToken2 = $this->refreshTokenMapper->insert($refreshToken); }