GNUsocial/gnu-social
4
0
Fork 1
Code Issues Releases Wiki Activity

[PLUGIN][Pinboard] Change token to user user ID rather than nickname, to avoid complications with it possibly changing

Browse Source
This commit is contained in:
Hugo Sales 2022-03-31 22:06:37 +01:00
parent 94ab4ce8c4
commit 1664293cf7
Signed by: someonewithpc
GPG Key ID: 7D0C7EAFC9D835A0
4 changed files with 15 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
plugins/Pinboard/Controller/APIv1.php
View File

@ -79,8 +79,8 @@ class APIv1 extends Controller
if (!str_contains($input, ':')) { if (!str_contains($input, ':')) {
return null; return null;
} }
[$nickame, $token] = explode(':', $input); [$id, $token] = explode(':', $input);
return Token::get($nickame, $token)?->getUser(); return Token::get($id, $token)?->getUser();
} }
private function deleteNoteAndMaybePin(LocalUser $user, Note $note, ?Pin $pin): void private function deleteNoteAndMaybePin(LocalUser $user, Note $note, ?Pin $pin): void

4
plugins/Pinboard/Controller/Settings.php
View File

@ -25,7 +25,7 @@ class Settings extends Controller
public static function setup() public static function setup()
{ {
$user = Common::ensureLoggedIn(); $user = Common::ensureLoggedIn();
$token = Token::get(nickname: null, token: null, user: $user); $token = Token::get(id: null, token: null, user: $user);
$enabled = ($token?->getEnabled() ?? false); $enabled = ($token?->getEnabled() ?? false);
$form = Form::create([ $form = Form::create([
['token', TextType::class, ['label' => _m('The token used to authenticate you via the Pinboard-compatible API'), 'data' => $token?->getUserTokenString(), 'disabled' => true]], ['token', TextType::class, ['label' => _m('The token used to authenticate you via the Pinboard-compatible API'), 'data' => $token?->getUserTokenString(), 'disabled' => true]],
@ -79,7 +79,7 @@ class Settings extends Controller
} else { } else {
throw new ClientException(_m('Invalid form submission')); throw new ClientException(_m('Invalid form submission'));
} }
Cache::set(Token::cacheKeys($user->getNickname())['user-token'], $token); Cache::set(Token::cacheKeys($user->getId())['user-token'], $token);
DB::flush(); DB::flush();
return Form::forceRedirect($form, $request); return Form::forceRedirect($form, $request);
} }

23
plugins/Pinboard/Entity/Token.php
View File

@ -67,10 +67,10 @@ class Token extends Entity
// @codeCoverageIgnoreEnd // @codeCoverageIgnoreEnd
// }}} Autocode // }}} Autocode
public static function cacheKeys(string $nickname): array public static function cacheKeys(int $id): array
{ {
return [ return [
'user-token' => "pinboard-token-{$nickname}", 'user-token' => "pinboard-token-{$id}",
]; ];
} }
@ -80,31 +80,30 @@ class Token extends Entity
} }
/** /**
* Get a token for a $nickname and $token pair, unless given a $user, in which case the token field is not validated * Get a token for a $id and $token pair, unless given a $user, in which case the token field is not validated
* *
* XXX: may need to verify it's timing safe * XXX: may need to verify it's timing safe
*/ */
public static function get(?string $nickname, ?string $token, ?LocalUser $user = null): ?self public static function get(?int $id, ?string $token, ?LocalUser $user = null): ?self
{ {
if (!\is_null($user)) { if (!\is_null($user)) {
return Cache::get( return Cache::get(
self::cacheKeys($user->getNickname())['user-token'], self::cacheKeys($user->getId())['user-token'],
fn () => DB::dql( fn () => DB::dql(
'select t from \Plugin\Pinboard\Entity\Token t where t.actor_id = :id', 'select t from \Plugin\Pinboard\Entity\Token t where t.actor_id = :id',
['id' => $user->getId()], ['id' => $user->getId()],
options: ['limit' => 1], options: ['limit' => 1],
), ),
); );
} elseif (!\is_null($nickname) && !\is_null($token)) { } elseif (!is_id($id) && !\is_null($token)) {
return Cache::get( return Cache::get(
self::cacheKeys($nickname)['user-token'], self::cacheKeys($id)['user-token'],
fn () => DB::dql( fn () => DB::dql(
<<<'EOF' <<<'EOF'
select lu from \App\Entity\LocalUser lu select t from \Plugin\Pinboard\Entity\Token t
join \Plugin\Pinboard\Entity\Token t on t.actor_id = lu.actor_id where t.actor_id = :id and t.token = :token and t.enabled = true
where lu.nickname = :nickname and t.token = :token and t.enabled = true
EOF, EOF,
['nickname' => $nickame, 'token' => $token], ['id' => $id, 'token' => $token],
options: ['limit' => 1], options: ['limit' => 1],
), ),
); );
@ -113,7 +112,7 @@ class Token extends Entity
public function getUserTokenString() public function getUserTokenString()
{ {
return LocalUser::getById($this->getActorId())->getNickname() . ':' . $this->getToken(); return $this->getActorId() . ':' . $this->getToken();
} }
public static function generateTokenString(): string public static function generateTokenString(): string

16
plugins/Pinboard/Pinboard.php
View File

@ -35,10 +35,7 @@ namespace Plugin\Pinboard;
use App\Core\Event; use App\Core\Event;
use App\Core\Modules\Plugin; use App\Core\Modules\Plugin;
use App\Core\Router; use App\Core\Router;
use App\Entity\Actor;
use App\Entity\LocalUser;
use Plugin\Pinboard\Controller as C; use Plugin\Pinboard\Controller as C;
use Plugin\Pinboard\Entity\Token;
use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Request;
class Pinboard extends Plugin class Pinboard extends Plugin
@ -105,17 +102,4 @@ class Pinboard extends Plugin
} }
return Event::next; return Event::next;
} }
public function onActorFormInvalidateRelated(Actor $actor, ?LocalUser $user)
{
$user ??= $actor->getLocal();
if (!$user instanceof LocalUser) {
return Event::next;
}
Cache::delete(Token::cacheKeys($user->getNickname())['user-token']);
DB::remove(DB::refetch(Token::get(nickname: null, token: null, user: $user)));
DB::flush();
// TODO notify user that their token got invalidated
return Event::next;
}
} }