[PLUGIN][Pinboard] Change token to user user ID rather than nickname, to avoid complications with it possibly changing
This commit is contained in:
parent
94ab4ce8c4
commit
1664293cf7
@ -79,8 +79,8 @@ class APIv1 extends Controller
|
||||
if (!str_contains($input, ':')) {
|
||||
return null;
|
||||
}
|
||||
[$nickame, $token] = explode(':', $input);
|
||||
return Token::get($nickame, $token)?->getUser();
|
||||
[$id, $token] = explode(':', $input);
|
||||
return Token::get($id, $token)?->getUser();
|
||||
}
|
||||
|
||||
private function deleteNoteAndMaybePin(LocalUser $user, Note $note, ?Pin $pin): void
|
||||
|
@ -25,7 +25,7 @@ class Settings extends Controller
|
||||
public static function setup()
|
||||
{
|
||||
$user = Common::ensureLoggedIn();
|
||||
$token = Token::get(nickname: null, token: null, user: $user);
|
||||
$token = Token::get(id: null, token: null, user: $user);
|
||||
$enabled = ($token?->getEnabled() ?? false);
|
||||
$form = Form::create([
|
||||
['token', TextType::class, ['label' => _m('The token used to authenticate you via the Pinboard-compatible API'), 'data' => $token?->getUserTokenString(), 'disabled' => true]],
|
||||
@ -79,7 +79,7 @@ class Settings extends Controller
|
||||
} else {
|
||||
throw new ClientException(_m('Invalid form submission'));
|
||||
}
|
||||
Cache::set(Token::cacheKeys($user->getNickname())['user-token'], $token);
|
||||
Cache::set(Token::cacheKeys($user->getId())['user-token'], $token);
|
||||
DB::flush();
|
||||
return Form::forceRedirect($form, $request);
|
||||
}
|
||||
|
@ -67,10 +67,10 @@ class Token extends Entity
|
||||
// @codeCoverageIgnoreEnd
|
||||
// }}} Autocode
|
||||
|
||||
public static function cacheKeys(string $nickname): array
|
||||
public static function cacheKeys(int $id): array
|
||||
{
|
||||
return [
|
||||
'user-token' => "pinboard-token-{$nickname}",
|
||||
'user-token' => "pinboard-token-{$id}",
|
||||
];
|
||||
}
|
||||
|
||||
@ -80,31 +80,30 @@ class Token extends Entity
|
||||
}
|
||||
|
||||
/**
|
||||
* Get a token for a $nickname and $token pair, unless given a $user, in which case the token field is not validated
|
||||
* Get a token for a $id and $token pair, unless given a $user, in which case the token field is not validated
|
||||
*
|
||||
* XXX: may need to verify it's timing safe
|
||||
*/
|
||||
public static function get(?string $nickname, ?string $token, ?LocalUser $user = null): ?self
|
||||
public static function get(?int $id, ?string $token, ?LocalUser $user = null): ?self
|
||||
{
|
||||
if (!\is_null($user)) {
|
||||
return Cache::get(
|
||||
self::cacheKeys($user->getNickname())['user-token'],
|
||||
self::cacheKeys($user->getId())['user-token'],
|
||||
fn () => DB::dql(
|
||||
'select t from \Plugin\Pinboard\Entity\Token t where t.actor_id = :id',
|
||||
['id' => $user->getId()],
|
||||
options: ['limit' => 1],
|
||||
),
|
||||
);
|
||||
} elseif (!\is_null($nickname) && !\is_null($token)) {
|
||||
} elseif (!is_id($id) && !\is_null($token)) {
|
||||
return Cache::get(
|
||||
self::cacheKeys($nickname)['user-token'],
|
||||
self::cacheKeys($id)['user-token'],
|
||||
fn () => DB::dql(
|
||||
<<<'EOF'
|
||||
select lu from \App\Entity\LocalUser lu
|
||||
join \Plugin\Pinboard\Entity\Token t on t.actor_id = lu.actor_id
|
||||
where lu.nickname = :nickname and t.token = :token and t.enabled = true
|
||||
select t from \Plugin\Pinboard\Entity\Token t
|
||||
where t.actor_id = :id and t.token = :token and t.enabled = true
|
||||
EOF,
|
||||
['nickname' => $nickame, 'token' => $token],
|
||||
['id' => $id, 'token' => $token],
|
||||
options: ['limit' => 1],
|
||||
),
|
||||
);
|
||||
@ -113,7 +112,7 @@ class Token extends Entity
|
||||
|
||||
public function getUserTokenString()
|
||||
{
|
||||
return LocalUser::getById($this->getActorId())->getNickname() . ':' . $this->getToken();
|
||||
return $this->getActorId() . ':' . $this->getToken();
|
||||
}
|
||||
|
||||
public static function generateTokenString(): string
|
||||
|
@ -35,10 +35,7 @@ namespace Plugin\Pinboard;
|
||||
use App\Core\Event;
|
||||
use App\Core\Modules\Plugin;
|
||||
use App\Core\Router;
|
||||
use App\Entity\Actor;
|
||||
use App\Entity\LocalUser;
|
||||
use Plugin\Pinboard\Controller as C;
|
||||
use Plugin\Pinboard\Entity\Token;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
|
||||
class Pinboard extends Plugin
|
||||
@ -105,17 +102,4 @@ class Pinboard extends Plugin
|
||||
}
|
||||
return Event::next;
|
||||
}
|
||||
|
||||
public function onActorFormInvalidateRelated(Actor $actor, ?LocalUser $user)
|
||||
{
|
||||
$user ??= $actor->getLocal();
|
||||
if (!$user instanceof LocalUser) {
|
||||
return Event::next;
|
||||
}
|
||||
Cache::delete(Token::cacheKeys($user->getNickname())['user-token']);
|
||||
DB::remove(DB::refetch(Token::get(nickname: null, token: null, user: $user)));
|
||||
DB::flush();
|
||||
// TODO notify user that their token got invalidated
|
||||
return Event::next;
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user