Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve OAuth handling #9517

Merged
merged 6 commits into from
May 22, 2018
Merged

Improve OAuth handling #9517

merged 6 commits into from
May 22, 2018

Conversation

rullzer
Copy link
Member

@rullzer rullzer commented May 18, 2018

No description provided.

@rullzer rullzer added enhancement 3. to review Waiting for reviews labels May 18, 2018
@rullzer rullzer added this to the Nextcloud 14 milestone May 18, 2018
blizzz
blizzz reviewed May 18, 2018
View reviewed changes
Copy link
Member

@blizzz blizzz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cannot say much about it… but at least some bikeshedding

apps/oauth2/lib/Controller/LoginRedirectorController.php
* @return RedirectResponse
*/
public function authorize($client_id,
$state) {
$state,
$response_type) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

camelCase?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No I can't change those as they are post variables and defined in the OAuth spec

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

okay then

apps/oauth2/lib/Controller/OauthApiController.php
* @return JSONResponse
*/
public function getToken($code) {
$accessToken = $this->accessTokenMapper->getByCode($code);
public function getToken($grant_type, $code, $refresh_token, $client_id, $client_secret) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cases

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No I can't change those as they are post variables and defined in the OAuth spec

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

okay then

blizzz
blizzz reviewed May 18, 2018
View reviewed changes
apps/oauth2/lib/Migration/SetTokenExpiration.php Outdated
// Set the 3600 second timeout on all tokens
foreach ($tokens as $token) {
try {
$appToken = $this->tokenProvider->getTokenById($token->getTokenId());
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

would it have a better memory footprint if we deal with that inside the while-loop above?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes fair enough let me fix that...

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

@rullzer rullzer force-pushed the feature/noid/improve_oauth_handling branch from 3580a75 to a7568bc Compare May 18, 2018 11:05
@codecov
Copy link

codecov bot commented May 18, 2018
edited
Loading

Codecov Report

❗ No coverage uploaded for pull request base (master@bbcb36c). Click here to learn what that means.
The diff coverage is 59.49%.

@@           Coverage Diff            @@
##             master   #9517   +/-   ##
========================================
  Coverage          ?   51.7%           
  Complexity        ?   25757           
========================================
  Files             ?    1644           
  Lines             ?   96569           
  Branches          ?    1393           
========================================
  Hits              ?   49932           
  Misses            ?   46637           
  Partials          ?       0
Impacted Files Coverage Δ Complexity Δ
apps/oauth2/composer/composer/autoload_static.php 0% <ø> (ø) 1 <0> (?)
apps/oauth2/lib/Migration/SetTokenExpiration.php 0% <0%> (ø) 5 <5> (?)
...pps/oauth2/composer/composer/autoload_classmap.php 0% <0%> (ø) 0 <0> (?)
core/Controller/ClientFlowLoginController.php 72.72% <100%> (ø) 28 <0> (?)
...auth2/lib/Controller/LoginRedirectorController.php 71.42% <60%> (ø) 3 <0> (?)
apps/oauth2/lib/Controller/OauthApiController.php 84.61% <86%> (ø) 11 <10> (?)

blizzz
blizzz reviewed May 18, 2018
View reviewed changes
apps/oauth2/lib/Controller/OauthApiController.php
}

// The client id and secret must match. Else we don't provide an access token!
if ($client->getClientIdentifier() !== $client_id || $client->getSecret() !== $client_secret) {
Copy link
Member

@blizzz blizzz May 18, 2018
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

with grant_type = 'refresh_token' client_id and and secret are not provided. Unless I oversaw a thing? yes, i did, all right

blizzz
blizzz approved these changes May 18, 2018
View reviewed changes
Copy link
Member

@blizzz blizzz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good to me

ChristophWurst
ChristophWurst previously requested changes May 22, 2018
View reviewed changes
Copy link
Member

@ChristophWurst ChristophWurst left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code looks good

Found one unused variable

apps/oauth2/lib/Migration/SetTokenExpiration.php Outdated

$cursor = $qb->execute();

$tokens = [];
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

unused

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed

rullzer added 6 commits May 22, 2018 09:24
@rullzer
Set OAuth token expiration
49795d2 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
@rullzer
Fail if the response type is not properly set
4e3aef2 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
@rullzer
Authenticate the clients on requesting a token
c28b25c 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
@rullzer
Rotate token
f7ecec8 
On a refresh token request:
* rorate
* reset expire

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
@rullzer
Don't use special chars to avoid confusion
5a97148 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
@rullzer
Add tests
461998d 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
@rullzer rullzer force-pushed the feature/noid/improve_oauth_handling branch from a7568bc to 461998d Compare May 22, 2018 07:24
@blizzz blizzz added 4. to release Ready to be released and/or waiting for tests to finish and removed 3. to review Waiting for reviews labels May 22, 2018
@rullzer rullzer merged commit 57d4a16 into master May 22, 2018
@rullzer rullzer deleted the feature/noid/improve_oauth_handling branch May 22, 2018 08:16
This was referenced May 22, 2018
Merged
Merged
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ChristophWurst ChristophWurst ChristophWurst approved these changes

@blizzz blizzz blizzz approved these changes

@MorrisJobke MorrisJobke Awaiting requested review from MorrisJobke

Assignees
No one assigned
Labels
4. to release Ready to be released and/or waiting for tests to finish enhancement
Projects
None yet
Milestone
Nextcloud 14
Development

Successfully merging this pull request may close these issues.
3 participants
@rullzer @ChristophWurst @blizzz