[PLUGIN][Pinboard] Change token to user user ID rather than nickname, to avoid complications with it possibly changing

This commit is contained in:
Hugo Sales 2022-03-31 22:06:37 +01:00
parent 94ab4ce8c4
commit 1664293cf7
No known key found for this signature in database
GPG Key ID: 7D0C7EAFC9D835A0
4 changed files with 15 additions and 32 deletions

View File

@ -79,8 +79,8 @@ class APIv1 extends Controller
if (!str_contains($input, ':')) {
return null;
}
[$nickame, $token] = explode(':', $input);
return Token::get($nickame, $token)?->getUser();
[$id, $token] = explode(':', $input);
return Token::get($id, $token)?->getUser();
}
private function deleteNoteAndMaybePin(LocalUser $user, Note $note, ?Pin $pin): void

View File

@ -25,7 +25,7 @@ class Settings extends Controller
public static function setup()
{
$user = Common::ensureLoggedIn();
$token = Token::get(nickname: null, token: null, user: $user);
$token = Token::get(id: null, token: null, user: $user);
$enabled = ($token?->getEnabled() ?? false);
$form = Form::create([
['token', TextType::class, ['label' => _m('The token used to authenticate you via the Pinboard-compatible API'), 'data' => $token?->getUserTokenString(), 'disabled' => true]],
@ -79,7 +79,7 @@ class Settings extends Controller
} else {
throw new ClientException(_m('Invalid form submission'));
}
Cache::set(Token::cacheKeys($user->getNickname())['user-token'], $token);
Cache::set(Token::cacheKeys($user->getId())['user-token'], $token);
DB::flush();
return Form::forceRedirect($form, $request);
}

View File

@ -67,10 +67,10 @@ class Token extends Entity
// @codeCoverageIgnoreEnd
// }}} Autocode
public static function cacheKeys(string $nickname): array
public static function cacheKeys(int $id): array
{
return [
'user-token' => "pinboard-token-{$nickname}",
'user-token' => "pinboard-token-{$id}",
];
}
@ -80,31 +80,30 @@ class Token extends Entity
}
/**
* Get a token for a $nickname and $token pair, unless given a $user, in which case the token field is not validated
* Get a token for a $id and $token pair, unless given a $user, in which case the token field is not validated
*
* XXX: may need to verify it's timing safe
*/
public static function get(?string $nickname, ?string $token, ?LocalUser $user = null): ?self
public static function get(?int $id, ?string $token, ?LocalUser $user = null): ?self
{
if (!\is_null($user)) {
return Cache::get(
self::cacheKeys($user->getNickname())['user-token'],
self::cacheKeys($user->getId())['user-token'],
fn () => DB::dql(
'select t from \Plugin\Pinboard\Entity\Token t where t.actor_id = :id',
['id' => $user->getId()],
options: ['limit' => 1],
),
);
} elseif (!\is_null($nickname) && !\is_null($token)) {
} elseif (!is_id($id) && !\is_null($token)) {
return Cache::get(
self::cacheKeys($nickname)['user-token'],
self::cacheKeys($id)['user-token'],
fn () => DB::dql(
<<<'EOF'
select lu from \App\Entity\LocalUser lu
join \Plugin\Pinboard\Entity\Token t on t.actor_id = lu.actor_id
where lu.nickname = :nickname and t.token = :token and t.enabled = true
select t from \Plugin\Pinboard\Entity\Token t
where t.actor_id = :id and t.token = :token and t.enabled = true
EOF,
['nickname' => $nickame, 'token' => $token],
['id' => $id, 'token' => $token],
options: ['limit' => 1],
),
);
@ -113,7 +112,7 @@ class Token extends Entity
public function getUserTokenString()
{
return LocalUser::getById($this->getActorId())->getNickname() . ':' . $this->getToken();
return $this->getActorId() . ':' . $this->getToken();
}
public static function generateTokenString(): string

View File

@ -35,10 +35,7 @@ namespace Plugin\Pinboard;
use App\Core\Event;
use App\Core\Modules\Plugin;
use App\Core\Router;
use App\Entity\Actor;
use App\Entity\LocalUser;
use Plugin\Pinboard\Controller as C;
use Plugin\Pinboard\Entity\Token;
use Symfony\Component\HttpFoundation\Request;
class Pinboard extends Plugin
@ -105,17 +102,4 @@ class Pinboard extends Plugin
}
return Event::next;
}
public function onActorFormInvalidateRelated(Actor $actor, ?LocalUser $user)
{
$user ??= $actor->getLocal();
if (!$user instanceof LocalUser) {
return Event::next;
}
Cache::delete(Token::cacheKeys($user->getNickname())['user-token']);
DB::remove(DB::refetch(Token::get(nickname: null, token: null, user: $user)));
DB::flush();
// TODO notify user that their token got invalidated
return Event::next;
}
}