You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

155 lines
3.9 KiB

3 years ago
  1. <?php
  2. declare(strict_types=1);
  3. /**
  4. * @copyright 2019 Christoph Wurst <christoph@winzerhof-wurst.at>
  5. *
  6. * @author Christoph Wurst <christoph@winzerhof-wurst.at>
  7. * @author Joas Schilling <coding@schilljs.com>
  8. * @author Roeland Jago Douma <roeland@famdouma.nl>
  9. *
  10. * @license GNU AGPL version 3 or any later version
  11. *
  12. * This program is free software: you can redistribute it and/or modify
  13. * it under the terms of the GNU Affero General Public License as
  14. * published by the Free Software Foundation, either version 3 of the
  15. * License, or (at your option) any later version.
  16. *
  17. * This program is distributed in the hope that it will be useful,
  18. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  19. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  20. * GNU Affero General Public License for more details.
  21. *
  22. * You should have received a copy of the GNU Affero General Public License
  23. * along with this program. If not, see <http://www.gnu.org/licenses/>.
  24. *
  25. */
  26. namespace OC\Authentication\Token;
  27. use function array_filter;
  28. use OC\Authentication\Events\RemoteWipeFinished;
  29. use OC\Authentication\Events\RemoteWipeStarted;
  30. use OC\Authentication\Exceptions\InvalidTokenException;
  31. use OC\Authentication\Exceptions\WipeTokenException;
  32. use OCP\EventDispatcher\IEventDispatcher;
  33. use OCP\ILogger;
  34. use OCP\IUser;
  35. class RemoteWipe {
  36. /** @var IProvider */
  37. private $tokenProvider;
  38. /** @var IEventDispatcher */
  39. private $eventDispatcher;
  40. /** @var ILogger */
  41. private $logger;
  42. public function __construct(IProvider $tokenProvider,
  43. IEventDispatcher $eventDispatcher,
  44. ILogger $logger) {
  45. $this->tokenProvider = $tokenProvider;
  46. $this->eventDispatcher = $eventDispatcher;
  47. $this->logger = $logger;
  48. }
  49. /**
  50. * @param IToken $token
  51. * @return bool
  52. *
  53. * @throws InvalidTokenException
  54. * @throws WipeTokenException
  55. */
  56. public function markTokenForWipe(IToken $token): bool {
  57. if (!$token instanceof IWipeableToken) {
  58. return false;
  59. }
  60. $token->wipe();
  61. $this->tokenProvider->updateToken($token);
  62. return true;
  63. }
  64. /**
  65. * @param IUser $user
  66. *
  67. * @return bool true if any tokens have been marked for remote wipe
  68. */
  69. public function markAllTokensForWipe(IUser $user): bool {
  70. $tokens = $this->tokenProvider->getTokenByUser($user->getUID());
  71. /** @var IWipeableToken[] $wipeable */
  72. $wipeable = array_filter($tokens, function (IToken $token) {
  73. return $token instanceof IWipeableToken;
  74. });
  75. if (empty($wipeable)) {
  76. return false;
  77. }
  78. foreach ($wipeable as $token) {
  79. $token->wipe();
  80. $this->tokenProvider->updateToken($token);
  81. }
  82. return true;
  83. }
  84. /**
  85. * @param string $token
  86. *
  87. * @return bool whether wiping was started
  88. * @throws InvalidTokenException
  89. *
  90. */
  91. public function start(string $token): bool {
  92. try {
  93. $this->tokenProvider->getToken($token);
  94. // We expect a WipedTokenException here. If we reach this point this
  95. // is an ordinary token
  96. return false;
  97. } catch (WipeTokenException $e) {
  98. // Expected -> continue below
  99. }
  100. $dbToken = $e->getToken();
  101. $this->logger->info("user " . $dbToken->getUID() . " started a remote wipe");
  102. $this->eventDispatcher->dispatch(RemoteWipeStarted::class, new RemoteWipeStarted($dbToken));
  103. return true;
  104. }
  105. /**
  106. * @param string $token
  107. *
  108. * @return bool whether wiping could be finished
  109. * @throws InvalidTokenException
  110. */
  111. public function finish(string $token): bool {
  112. try {
  113. $this->tokenProvider->getToken($token);
  114. // We expect a WipedTokenException here. If we reach this point this
  115. // is an ordinary token
  116. return false;
  117. } catch (WipeTokenException $e) {
  118. // Expected -> continue below
  119. }
  120. $dbToken = $e->getToken();
  121. $this->tokenProvider->invalidateToken($token);
  122. $this->logger->info("user " . $dbToken->getUID() . " finished a remote wipe");
  123. $this->eventDispatcher->dispatch(RemoteWipeFinished::class, new RemoteWipeFinished($dbToken));
  124. return true;
  125. }
  126. }