diff --git a/apps/settings/lib/Controller/AuthSettingsController.php b/apps/settings/lib/Controller/AuthSettingsController.php
index 38db7be1e9187..305908e5e0a74 100644
--- a/apps/settings/lib/Controller/AuthSettingsController.php
+++ b/apps/settings/lib/Controller/AuthSettingsController.php
@@ -53,14 +53,13 @@
use Psr\Log\LoggerInterface;
class AuthSettingsController extends Controller {
-
/** @var IProvider */
private $tokenProvider;
/** @var ISession */
private $session;
- /** IUserSession */
+ /** @var IUserSession */
private $userSession;
/** @var string */
diff --git a/build/psalm-baseline.xml b/build/psalm-baseline.xml
index b54f19b8ee31c..8a2c728ab5b4b 100644
--- a/build/psalm-baseline.xml
+++ b/build/psalm-baseline.xml
@@ -2080,7 +2080,7 @@
$trySession
-
+
DO_NOT_REMEMBER
PERMANENT_TOKEN
diff --git a/lib/composer/composer/autoload_classmap.php b/lib/composer/composer/autoload_classmap.php
index 401d240da0638..548d930e75815 100644
--- a/lib/composer/composer/autoload_classmap.php
+++ b/lib/composer/composer/autoload_classmap.php
@@ -106,13 +106,17 @@
'OCP\\Authentication\\Events\\AnyLoginFailedEvent' => $baseDir . '/lib/public/Authentication/Events/AnyLoginFailedEvent.php',
'OCP\\Authentication\\Events\\LoginFailedEvent' => $baseDir . '/lib/public/Authentication/Events/LoginFailedEvent.php',
'OCP\\Authentication\\Exceptions\\CredentialsUnavailableException' => $baseDir . '/lib/public/Authentication/Exceptions/CredentialsUnavailableException.php',
+ 'OCP\\Authentication\\Exceptions\\ExpiredTokenException' => $baseDir . '/lib/public/Authentication/Exceptions/ExpiredTokenException.php',
+ 'OCP\\Authentication\\Exceptions\\InvalidTokenException' => $baseDir . '/lib/public/Authentication/Exceptions/InvalidTokenException.php',
'OCP\\Authentication\\Exceptions\\PasswordUnavailableException' => $baseDir . '/lib/public/Authentication/Exceptions/PasswordUnavailableException.php',
+ 'OCP\\Authentication\\Exceptions\\WipeTokenException' => $baseDir . '/lib/public/Authentication/Exceptions/WipeTokenException.php',
'OCP\\Authentication\\IAlternativeLogin' => $baseDir . '/lib/public/Authentication/IAlternativeLogin.php',
'OCP\\Authentication\\IApacheBackend' => $baseDir . '/lib/public/Authentication/IApacheBackend.php',
'OCP\\Authentication\\IProvideUserSecretBackend' => $baseDir . '/lib/public/Authentication/IProvideUserSecretBackend.php',
'OCP\\Authentication\\LoginCredentials\\ICredentials' => $baseDir . '/lib/public/Authentication/LoginCredentials/ICredentials.php',
'OCP\\Authentication\\LoginCredentials\\IStore' => $baseDir . '/lib/public/Authentication/LoginCredentials/IStore.php',
'OCP\\Authentication\\Token\\IProvider' => $baseDir . '/lib/public/Authentication/Token/IProvider.php',
+ 'OCP\\Authentication\\Token\\IToken' => $baseDir . '/lib/public/Authentication/Token/IToken.php',
'OCP\\Authentication\\TwoFactorAuth\\ALoginSetupController' => $baseDir . '/lib/public/Authentication/TwoFactorAuth/ALoginSetupController.php',
'OCP\\Authentication\\TwoFactorAuth\\IActivatableAtLogin' => $baseDir . '/lib/public/Authentication/TwoFactorAuth/IActivatableAtLogin.php',
'OCP\\Authentication\\TwoFactorAuth\\IActivatableByAdmin' => $baseDir . '/lib/public/Authentication/TwoFactorAuth/IActivatableByAdmin.php',
diff --git a/lib/composer/composer/autoload_static.php b/lib/composer/composer/autoload_static.php
index 7be62a3cf62cd..4af4beb486738 100644
--- a/lib/composer/composer/autoload_static.php
+++ b/lib/composer/composer/autoload_static.php
@@ -139,13 +139,17 @@ class ComposerStaticInit749170dad3f5e7f9ca158f5a9f04f6a2
'OCP\\Authentication\\Events\\AnyLoginFailedEvent' => __DIR__ . '/../../..' . '/lib/public/Authentication/Events/AnyLoginFailedEvent.php',
'OCP\\Authentication\\Events\\LoginFailedEvent' => __DIR__ . '/../../..' . '/lib/public/Authentication/Events/LoginFailedEvent.php',
'OCP\\Authentication\\Exceptions\\CredentialsUnavailableException' => __DIR__ . '/../../..' . '/lib/public/Authentication/Exceptions/CredentialsUnavailableException.php',
+ 'OCP\\Authentication\\Exceptions\\ExpiredTokenException' => __DIR__ . '/../../..' . '/lib/public/Authentication/Exceptions/ExpiredTokenException.php',
+ 'OCP\\Authentication\\Exceptions\\InvalidTokenException' => __DIR__ . '/../../..' . '/lib/public/Authentication/Exceptions/InvalidTokenException.php',
'OCP\\Authentication\\Exceptions\\PasswordUnavailableException' => __DIR__ . '/../../..' . '/lib/public/Authentication/Exceptions/PasswordUnavailableException.php',
+ 'OCP\\Authentication\\Exceptions\\WipeTokenException' => __DIR__ . '/../../..' . '/lib/public/Authentication/Exceptions/WipeTokenException.php',
'OCP\\Authentication\\IAlternativeLogin' => __DIR__ . '/../../..' . '/lib/public/Authentication/IAlternativeLogin.php',
'OCP\\Authentication\\IApacheBackend' => __DIR__ . '/../../..' . '/lib/public/Authentication/IApacheBackend.php',
'OCP\\Authentication\\IProvideUserSecretBackend' => __DIR__ . '/../../..' . '/lib/public/Authentication/IProvideUserSecretBackend.php',
'OCP\\Authentication\\LoginCredentials\\ICredentials' => __DIR__ . '/../../..' . '/lib/public/Authentication/LoginCredentials/ICredentials.php',
'OCP\\Authentication\\LoginCredentials\\IStore' => __DIR__ . '/../../..' . '/lib/public/Authentication/LoginCredentials/IStore.php',
'OCP\\Authentication\\Token\\IProvider' => __DIR__ . '/../../..' . '/lib/public/Authentication/Token/IProvider.php',
+ 'OCP\\Authentication\\Token\\IToken' => __DIR__ . '/../../..' . '/lib/public/Authentication/Token/IToken.php',
'OCP\\Authentication\\TwoFactorAuth\\ALoginSetupController' => __DIR__ . '/../../..' . '/lib/public/Authentication/TwoFactorAuth/ALoginSetupController.php',
'OCP\\Authentication\\TwoFactorAuth\\IActivatableAtLogin' => __DIR__ . '/../../..' . '/lib/public/Authentication/TwoFactorAuth/IActivatableAtLogin.php',
'OCP\\Authentication\\TwoFactorAuth\\IActivatableByAdmin' => __DIR__ . '/../../..' . '/lib/public/Authentication/TwoFactorAuth/IActivatableByAdmin.php',
diff --git a/lib/private/Authentication/Exceptions/ExpiredTokenException.php b/lib/private/Authentication/Exceptions/ExpiredTokenException.php
index 0dc92b4592051..15069313712e2 100644
--- a/lib/private/Authentication/Exceptions/ExpiredTokenException.php
+++ b/lib/private/Authentication/Exceptions/ExpiredTokenException.php
@@ -27,17 +27,19 @@
use OC\Authentication\Token\IToken;
-class ExpiredTokenException extends InvalidTokenException {
- /** @var IToken */
- private $token;
-
- public function __construct(IToken $token) {
- parent::__construct();
-
- $this->token = $token;
+/**
+ * @deprecated 28.0.0 use {@see \OCP\Authentication\Exceptions\ExpiredTokenException} instead
+ */
+class ExpiredTokenException extends \OCP\Authentication\Exceptions\ExpiredTokenException {
+ public function __construct(
+ IToken $token,
+ ) {
+ parent::__construct($token);
}
public function getToken(): IToken {
- return $this->token;
+ $token = parent::getToken();
+ /** @var IToken $token We know that we passed OC interface from constructor */
+ return $token;
}
}
diff --git a/lib/private/Authentication/Exceptions/InvalidTokenException.php b/lib/private/Authentication/Exceptions/InvalidTokenException.php
index acaabff6b88a7..7de6e1522fac5 100644
--- a/lib/private/Authentication/Exceptions/InvalidTokenException.php
+++ b/lib/private/Authentication/Exceptions/InvalidTokenException.php
@@ -24,7 +24,8 @@
*/
namespace OC\Authentication\Exceptions;
-use Exception;
-
-class InvalidTokenException extends Exception {
+/**
+ * @deprecated 28.0.0 use OCP version instead
+ */
+class InvalidTokenException extends \OCP\Authentication\Exceptions\InvalidTokenException {
}
diff --git a/lib/private/Authentication/Exceptions/WipeTokenException.php b/lib/private/Authentication/Exceptions/WipeTokenException.php
index 1c60ab9da78ee..25b7cb74359c2 100644
--- a/lib/private/Authentication/Exceptions/WipeTokenException.php
+++ b/lib/private/Authentication/Exceptions/WipeTokenException.php
@@ -27,17 +27,19 @@
use OC\Authentication\Token\IToken;
-class WipeTokenException extends InvalidTokenException {
- /** @var IToken */
- private $token;
-
- public function __construct(IToken $token) {
- parent::__construct();
-
- $this->token = $token;
+/**
+ * @deprecated 28.0.0 use {@see \OCP\Authentication\Exceptions\WipeTokenException} instead
+ */
+class WipeTokenException extends \OCP\Authentication\Exceptions\WipeTokenException {
+ public function __construct(
+ IToken $token,
+ ) {
+ parent::__construct($token);
}
public function getToken(): IToken {
- return $this->token;
+ $token = parent::getToken();
+ /** @var IToken $token We know that we passed OC interface from constructor */
+ return $token;
}
}
diff --git a/lib/private/Authentication/Token/IToken.php b/lib/private/Authentication/Token/IToken.php
index 5ca4eaea84372..eb172f3339602 100644
--- a/lib/private/Authentication/Token/IToken.php
+++ b/lib/private/Authentication/Token/IToken.php
@@ -26,109 +26,10 @@
*/
namespace OC\Authentication\Token;
-use JsonSerializable;
+use OCP\Authentication\Token\IToken as OCPIToken;
-interface IToken extends JsonSerializable {
- public const TEMPORARY_TOKEN = 0;
- public const PERMANENT_TOKEN = 1;
- public const WIPE_TOKEN = 2;
- public const DO_NOT_REMEMBER = 0;
- public const REMEMBER = 1;
-
- /**
- * Get the token ID
- *
- * @return int
- */
- public function getId(): int;
-
- /**
- * Get the user UID
- *
- * @return string
- */
- public function getUID(): string;
-
- /**
- * Get the login name used when generating the token
- *
- * @return string
- */
- public function getLoginName(): string;
-
- /**
- * Get the (encrypted) login password
- *
- * @return string|null
- */
- public function getPassword();
-
- /**
- * Get the timestamp of the last password check
- *
- * @return int
- */
- public function getLastCheck(): int;
-
- /**
- * Set the timestamp of the last password check
- *
- * @param int $time
- */
- public function setLastCheck(int $time);
-
- /**
- * Get the authentication scope for this token
- *
- * @return string
- */
- public function getScope(): string;
-
- /**
- * Get the authentication scope for this token
- *
- * @return array
- */
- public function getScopeAsArray(): array;
-
- /**
- * Set the authentication scope for this token
- *
- * @param array $scope
- */
- public function setScope($scope);
-
- /**
- * Get the name of the token
- * @return string
- */
- public function getName(): string;
-
- /**
- * Get the remember state of the token
- *
- * @return int
- */
- public function getRemember(): int;
-
- /**
- * Set the token
- *
- * @param string $token
- */
- public function setToken(string $token);
-
- /**
- * Set the password
- *
- * @param string $password
- */
- public function setPassword(string $password);
-
- /**
- * Set the expiration time of the token
- *
- * @param int|null $expires
- */
- public function setExpires($expires);
+/**
+ * @deprecated 28.0.0 use {@see \OCP\Authentication\Token\IToken} instead
+ */
+interface IToken extends OCPIToken {
}
diff --git a/lib/private/Authentication/Token/PublicKeyToken.php b/lib/private/Authentication/Token/PublicKeyToken.php
index 45335e17c3161..b77a856589de8 100644
--- a/lib/private/Authentication/Token/PublicKeyToken.php
+++ b/lib/private/Authentication/Token/PublicKeyToken.php
@@ -137,10 +137,8 @@ public function getLoginName(): string {
/**
* Get the (encrypted) login password
- *
- * @return string|null
*/
- public function getPassword() {
+ public function getPassword(): ?string {
return parent::getPassword();
}
@@ -165,10 +163,8 @@ public function getLastCheck(): int {
/**
* Get the timestamp of the last password check
- *
- * @param int $time
*/
- public function setLastCheck(int $time) {
+ public function setLastCheck(int $time): void {
parent::setLastCheck($time);
}
@@ -191,7 +187,7 @@ public function getScopeAsArray(): array {
return $scope;
}
- public function setScope($scope) {
+ public function setScope(array|string|null $scope): void {
if (is_array($scope)) {
parent::setScope(json_encode($scope));
} else {
@@ -211,15 +207,15 @@ public function getRemember(): int {
return parent::getRemember();
}
- public function setToken(string $token) {
+ public function setToken(string $token): void {
parent::setToken($token);
}
- public function setPassword(string $password = null) {
+ public function setPassword(string $password = null): void {
parent::setPassword($password);
}
- public function setExpires($expires) {
+ public function setExpires($expires): void {
parent::setExpires($expires);
}
diff --git a/lib/public/Authentication/Exceptions/ExpiredTokenException.php b/lib/public/Authentication/Exceptions/ExpiredTokenException.php
new file mode 100644
index 0000000000000..5c1f4a30541ca
--- /dev/null
+++ b/lib/public/Authentication/Exceptions/ExpiredTokenException.php
@@ -0,0 +1,49 @@
+
+ *
+ * @author Roeland Jago Douma
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see .
+ *
+ */
+namespace OCP\Authentication\Exceptions;
+
+use OCP\Authentication\Token\IToken;
+
+/**
+ * @since 28.0.0
+ */
+class ExpiredTokenException extends InvalidTokenException {
+ /**
+ * @since 28.0.0
+ */
+ public function __construct(
+ private IToken $token,
+ ) {
+ parent::__construct();
+ }
+
+ /**
+ * @since 28.0.0
+ */
+ public function getToken(): IToken {
+ return $this->token;
+ }
+}
diff --git a/lib/public/Authentication/Exceptions/InvalidTokenException.php b/lib/public/Authentication/Exceptions/InvalidTokenException.php
new file mode 100644
index 0000000000000..4869cbd64659f
--- /dev/null
+++ b/lib/public/Authentication/Exceptions/InvalidTokenException.php
@@ -0,0 +1,33 @@
+
+ *
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program. If not, see
+ *
+ */
+namespace OCP\Authentication\Exceptions;
+
+use Exception;
+
+/**
+ * @since 28.0.0
+ */
+class InvalidTokenException extends Exception {
+}
diff --git a/lib/public/Authentication/Exceptions/WipeTokenException.php b/lib/public/Authentication/Exceptions/WipeTokenException.php
new file mode 100644
index 0000000000000..81ea2dc57ad7d
--- /dev/null
+++ b/lib/public/Authentication/Exceptions/WipeTokenException.php
@@ -0,0 +1,49 @@
+
+ *
+ * @author Roeland Jago Douma
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see .
+ *
+ */
+namespace OCP\Authentication\Exceptions;
+
+use OCP\Authentication\Token\IToken;
+
+/**
+ * @since 28.0.0
+ */
+class WipeTokenException extends InvalidTokenException {
+ /**
+ * @since 28.0.0
+ */
+ public function __construct(
+ private IToken $token,
+ ) {
+ parent::__construct();
+ }
+
+ /**
+ * @since 28.0.0
+ */
+ public function getToken(): IToken {
+ return $this->token;
+ }
+}
diff --git a/lib/public/Authentication/Token/IProvider.php b/lib/public/Authentication/Token/IProvider.php
index da2e400eb79ec..59d2b8f3649ce 100644
--- a/lib/public/Authentication/Token/IProvider.php
+++ b/lib/public/Authentication/Token/IProvider.php
@@ -24,6 +24,10 @@
*/
namespace OCP\Authentication\Token;
+use OCP\Authentication\Exceptions\ExpiredTokenException;
+use OCP\Authentication\Exceptions\InvalidTokenException;
+use OCP\Authentication\Exceptions\WipeTokenException;
+
/**
* @since 24.0.8
*/
@@ -38,4 +42,15 @@ interface IProvider {
* @return void
*/
public function invalidateTokensOfUser(string $uid, ?string $clientName);
+
+ /**
+ * Get a token by token string id
+ *
+ * @since 28.0.0
+ * @throws InvalidTokenException
+ * @throws ExpiredTokenException
+ * @throws WipeTokenException
+ * @return IToken
+ */
+ public function getToken(string $tokenId): IToken;
}
diff --git a/lib/public/Authentication/Token/IToken.php b/lib/public/Authentication/Token/IToken.php
new file mode 100644
index 0000000000000..7b6ce8327c60b
--- /dev/null
+++ b/lib/public/Authentication/Token/IToken.php
@@ -0,0 +1,139 @@
+
+ * @author Robin Appelman
+ * @author Roeland Jago Douma
+ *
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program. If not, see
+ *
+ */
+namespace OCP\Authentication\Token;
+
+use JsonSerializable;
+
+/**
+ * @since 28.0.0
+ */
+interface IToken extends JsonSerializable {
+ /**
+ * @since 28.0.0
+ */
+ public const TEMPORARY_TOKEN = 0;
+ /**
+ * @since 28.0.0
+ */
+ public const PERMANENT_TOKEN = 1;
+ /**
+ * @since 28.0.0
+ */
+ public const WIPE_TOKEN = 2;
+ /**
+ * @since 28.0.0
+ */
+ public const DO_NOT_REMEMBER = 0;
+ /**
+ * @since 28.0.0
+ */
+ public const REMEMBER = 1;
+
+ /**
+ * Get the token ID
+ * @since 28.0.0
+ */
+ public function getId(): int;
+
+ /**
+ * Get the user UID
+ * @since 28.0.0
+ */
+ public function getUID(): string;
+
+ /**
+ * Get the login name used when generating the token
+ * @since 28.0.0
+ */
+ public function getLoginName(): string;
+
+ /**
+ * Get the (encrypted) login password
+ * @since 28.0.0
+ */
+ public function getPassword(): ?string;
+
+ /**
+ * Get the timestamp of the last password check
+ * @since 28.0.0
+ */
+ public function getLastCheck(): int;
+
+ /**
+ * Set the timestamp of the last password check
+ * @since 28.0.0
+ */
+ public function setLastCheck(int $time): void;
+
+ /**
+ * Get the authentication scope for this token
+ * @since 28.0.0
+ */
+ public function getScope(): string;
+
+ /**
+ * Get the authentication scope for this token
+ * @since 28.0.0
+ */
+ public function getScopeAsArray(): array;
+
+ /**
+ * Set the authentication scope for this token
+ * @since 28.0.0
+ */
+ public function setScope(array $scope): void;
+
+ /**
+ * Get the name of the token
+ * @since 28.0.0
+ */
+ public function getName(): string;
+
+ /**
+ * Get the remember state of the token
+ * @since 28.0.0
+ */
+ public function getRemember(): int;
+
+ /**
+ * Set the token
+ * @since 28.0.0
+ */
+ public function setToken(string $token): void;
+
+ /**
+ * Set the password
+ * @since 28.0.0
+ */
+ public function setPassword(string $password): void;
+
+ /**
+ * Set the expiration time of the token
+ * @since 28.0.0
+ */
+ public function setExpires(?int $expires): void;
+}