From d683e0d3d1448111d8de1ffaa480dcb203f61143 Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Wed, 23 Mar 2022 21:38:53 +0100 Subject: [PATCH 1/2] Automatically cut the token name on the first level Signed-off-by: Joas Schilling --- .../Authentication/Token/IProvider.php | 2 +- lib/private/Authentication/Token/Manager.php | 4 +-- .../lib/Authentication/Token/ManagerTest.php | 31 +++++++++++++++++++ 3 files changed, 34 insertions(+), 3 deletions(-) diff --git a/lib/private/Authentication/Token/IProvider.php b/lib/private/Authentication/Token/IProvider.php index e604ac715c24c..0a145bfd7e63d 100644 --- a/lib/private/Authentication/Token/IProvider.php +++ b/lib/private/Authentication/Token/IProvider.php @@ -44,7 +44,7 @@ interface IProvider { * @param string $uid * @param string $loginName * @param string|null $password - * @param string $name + * @param string $name Name will be trimmed to 120 chars when longer * @param int $type token type * @param int $remember whether the session token should be used for remember-me * @return IToken diff --git a/lib/private/Authentication/Token/Manager.php b/lib/private/Authentication/Token/Manager.php index ae0874733f8b1..f8a0fb11c525b 100644 --- a/lib/private/Authentication/Token/Manager.php +++ b/lib/private/Authentication/Token/Manager.php @@ -49,7 +49,7 @@ public function __construct(PublicKeyTokenProvider $publicKeyTokenProvider) { * @param string $uid * @param string $loginName * @param string|null $password - * @param string $name + * @param string $name Name will be trimmed to 120 chars when longer * @param int $type token type * @param int $remember whether the session token should be used for remember-me * @return IToken @@ -62,7 +62,7 @@ public function generateToken(string $token, int $type = IToken::TEMPORARY_TOKEN, int $remember = IToken::DO_NOT_REMEMBER): IToken { if (mb_strlen($name) > 128) { - throw new InvalidTokenException('The given name is too long'); + $name = mb_substr($name, 0, 120) . '…'; } try { diff --git a/tests/lib/Authentication/Token/ManagerTest.php b/tests/lib/Authentication/Token/ManagerTest.php index 8b40fb9b66932..5f024bb1d43c0 100644 --- a/tests/lib/Authentication/Token/ManagerTest.php +++ b/tests/lib/Authentication/Token/ManagerTest.php @@ -114,6 +114,37 @@ public function testGenerateConflictingToken() { $this->assertSame($token, $actual); } + public function testGenerateTokenTooLongName() { + $token = $this->createMock(IToken::class); + $token->method('getName') + ->willReturn(str_repeat('a', 120) . '…'); + + + $this->publicKeyTokenProvider->expects($this->once()) + ->method('generateToken') + ->with( + 'token', + 'uid', + 'loginName', + 'password', + str_repeat('a', 120) . '…', + IToken::TEMPORARY_TOKEN, + IToken::REMEMBER + )->willReturn($token); + + $actual = $this->manager->generateToken( + 'token', + 'uid', + 'loginName', + 'password', + str_repeat('a', 200), + IToken::TEMPORARY_TOKEN, + IToken::REMEMBER + ); + + $this->assertSame(121, mb_strlen($actual->getName())); + } + public function tokenData(): array { return [ [new PublicKeyToken()], From 5f75d2e1044335cd5404d836b7ce3b3f4cf4008b Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Wed, 23 Mar 2022 21:42:29 +0100 Subject: [PATCH 2/2] Remove old shortening Signed-off-by: Joas Schilling --- core/Controller/AppPasswordController.php | 3 --- core/Controller/ClientFlowLoginController.php | 4 ---- 2 files changed, 7 deletions(-) diff --git a/core/Controller/AppPasswordController.php b/core/Controller/AppPasswordController.php index 7cc0310746d5e..41f0f6e4f273e 100644 --- a/core/Controller/AppPasswordController.php +++ b/core/Controller/AppPasswordController.php @@ -99,9 +99,6 @@ public function getAppPassword(): DataResponse { } $userAgent = $this->request->getHeader('USER_AGENT'); - if (mb_strlen($userAgent) > 128) { - $userAgent = mb_substr($userAgent, 0, 120) . '…'; - } $token = $this->random->generate(72, ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_DIGITS); diff --git a/core/Controller/ClientFlowLoginController.php b/core/Controller/ClientFlowLoginController.php index ff6b888888478..e067f0ff6b5f5 100644 --- a/core/Controller/ClientFlowLoginController.php +++ b/core/Controller/ClientFlowLoginController.php @@ -322,10 +322,6 @@ public function generateAppPassword($stateToken, $clientName = $client->getName(); } - if (mb_strlen($clientName) > 128) { - $clientName = mb_substr($clientName, 0, 120) . '…'; - } - $token = $this->random->generate(72, ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_DIGITS); $uid = $this->userSession->getUser()->getUID(); $generatedToken = $this->tokenProvider->generateToken(