Skip to content

[stable12] Improve OAuth #9546

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
MorrisJobke merged 9 commits into from
May 23, 2018
Merged

[stable12] Improve OAuth #9546

MorrisJobke merged 9 commits into from
May 23, 2018

Conversation

@rullzer
Copy link
Member

@rullzer rullzer commented May 22, 2018

@rullzer rullzer added enhancement 3. to review Waiting for reviews labels May 23, 2018
@rullzer rullzer added this to the Nextcloud 14 milestone May 23, 2018
@rullzer
Copy link
Member Author

rullzer commented May 23, 2018

I have no idea why the test fail it seems unrelated.

ChristophWurst
ChristophWurst approved these changes May 23, 2018
View reviewed changes
Copy link
Member

@ChristophWurst ChristophWurst left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, I just found one spot where it could make sense to add some logging 👍

apps/oauth2/lib/Migration/SetTokenExpiration.php
$appToken->setExpires($this->time->getTime() + 3600);
$this->tokenProvider->updateToken($appToken);
} catch (InvalidTokenException $e) {
//Skip this token
Copy link
Member

@ChristophWurst ChristophWurst May 23, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Didn't see this in the original PR, but wouldn't it make sense to at least have a debug log statement for this in case we have to trace bugs in this code?

@MorrisJobke
Copy link
Member

MorrisJobke commented May 23, 2018

With this there is an endless login loop on the first authorization of an app.

cc @rullzer as discussed

@MorrisJobke MorrisJobke added 2. developing Work in progress and removed 3. to review Waiting for reviews labels May 23, 2018
rullzer added 9 commits May 23, 2018 17:02
@rullzer
Allow the rotation of tokens
0885bd4 
This for example will allow rotating the apptoken for oauth

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
@rullzer
Certain tokens can expire
f2a3115 
However due to the nature of what we store in the token (encrypted
passwords etc). We can't just delete the tokens because that would make
the oauth refresh useless.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
@rullzer
Set OAuth token expiration
1525cc2 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
@rullzer
Fail if the response type is not properly set
aa78c30 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
@rullzer
Authenticate the clients on requesting a token
c2a21ea 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
@rullzer
Rotate token
335f4ef 
On a refresh token request:
* rorate
* reset expire

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
@rullzer
Don't use special chars to avoid confusion
44735de 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
@rullzer
Add tests
c2f09e4 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
@rullzer
Properly set expires to NULL when creating a token
3e57666 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
@rullzer rullzer force-pushed the backport/9517/stable12 branch from 884d76f to 3e57666 Compare May 23, 2018 15:02
@codecov
Copy link

codecov bot commented May 23, 2018

Codecov Report

Merging #9546 into stable12 will increase coverage by 0.05%.
The diff coverage is 70.27%.

@@              Coverage Diff               @@
##             stable12    #9546      +/-   ##
==============================================
+ Coverage       53.91%   53.96%   +0.05%     
- Complexity      22786    22815      +29     
==============================================
  Files            1387     1389       +2     
  Lines           87302    87437     +135     
  Branches         1331     1331              
==============================================
+ Hits            47066    47185     +119     
- Misses          40236    40252      +16
Impacted Files Coverage Δ Complexity Δ
apps/oauth2/lib/Migration/SetTokenExpiration.php 0% <0%> (ø) 5 <5> (?)
version.php 0% <0%> (ø) 0 <0> (ø) ⬇️
...rivate/Authentication/Token/DefaultTokenMapper.php 100% <100%> (ø) 11 <0> (ø) ⬇️
core/Controller/ClientFlowLoginController.php 78.87% <100%> (ø) 20 <0> (ø) ⬇️
...uthentication/Exceptions/ExpiredTokenException.php 100% <100%> (ø) 2 <2> (?)
...vate/Authentication/Token/DefaultTokenProvider.php 98.01% <100%> (+3.7%) 32 <2> (+6) ⬆️
lib/private/Authentication/Token/DefaultToken.php 89.58% <100%> (+2.74%) 17 <4> (+4) ⬆️
...auth2/lib/Controller/LoginRedirectorController.php 71.42% <60%> (+0.84%) 3 <0> (+1) ⬆️
apps/oauth2/lib/Controller/OauthApiController.php 81.53% <82%> (+2.37%) 11 <10> (+9) ⬆️
... and 4 more

@MorrisJobke MorrisJobke added 3. to review Waiting for reviews and removed 2. developing Work in progress labels May 23, 2018
MorrisJobke
MorrisJobke approved these changes May 23, 2018
View reviewed changes
Copy link
Member

@MorrisJobke MorrisJobke left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested and works now 👍

@MorrisJobke MorrisJobke added 4. to release Ready to be released and/or waiting for tests to finish and removed 3. to review Waiting for reviews labels May 23, 2018
@MorrisJobke MorrisJobke merged commit 6b5fea4 into stable12 May 23, 2018
@MorrisJobke MorrisJobke deleted the backport/9517/stable12 branch May 23, 2018 17:03
@MorrisJobke MorrisJobke mentioned this pull request May 31, 2018
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@MorrisJobke MorrisJobke MorrisJobke approved these changes

@ChristophWurst ChristophWurst ChristophWurst approved these changes

@blizzz blizzz Awaiting requested review from blizzz

Assignees

No one assigned

Labels

4. to release Ready to be released and/or waiting for tests to finish enhancement

Projects

None yet

Milestone

Nextcloud 14

Development

Successfully merging this pull request may close these issues.

4 participants

@rullzer @MorrisJobke @ChristophWurst