Allow rotation of apppasswords

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
author: Roeland Jago Douma <roeland@famdouma.nl> 2019-08-27 14:46:06 +0300
committer: Roeland Jago Douma <roeland@famdouma.nl> 2019-08-27 14:46:06 +0300
commit: cd1f44380461774f58127c19e92815cfa4a8957d (patch)
tree: dc3c1b8cc208cc3ee9dde2f26290fc049d20ae68 /core/Controller
parent: b7577b6401cb68a6a1f4dc9090facb79a6438753 (diff)
1 files changed, 24 insertions, 0 deletions
diff --git a/core/Controller/AppPasswordController.php b/core/Controller/AppPasswordController.php
index 01ca1e2597b..a66acb3c5f3 100644
--- a/core/Controller/AppPasswordController.php
+++ b/core/Controller/AppPasswordController.php
@@ -138,4 +138,28 @@ class AppPasswordController extends \OCP\AppFramework\OCSController {
 		$this->tokenProvider->invalidateTokenById($token->getUID(), $token->getId());
 		return new DataResponse();
 	}
+
+	/**
+	 * @NoAdminRequired
+	 */
+	public function rotateAppPassword(): DataResponse {
+		if (!$this->session->exists('app_password')) {
+			throw new OCSForbiddenException('no app password in use');
+		}
+
+		$appPassword = $this->session->get('app_password');
+
+		try {
+			$token = $this->tokenProvider->getToken($appPassword);
+		} catch (InvalidTokenException $e) {
+			throw new OCSForbiddenException('could not rotate apptoken');
+		}
+
+		$newToken = $this->random->generate(72, ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_DIGITS);
+		$this->tokenProvider->rotate($token, $appPassword, $newToken);
+
+		return new DataResponse([
+			'apppassword' => $newToken,
+		]);
+	}
 }
author	Roeland Jago Douma <roeland@famdouma.nl>	2019-08-27 14:46:06 +0300
committer	Roeland Jago Douma <roeland@famdouma.nl>	2019-08-27 14:46:06 +0300
commit	cd1f44380461774f58127c19e92815cfa4a8957d (patch)
tree	dc3c1b8cc208cc3ee9dde2f26290fc049d20ae68 /core/Controller
parent	b7577b6401cb68a6a1f4dc9090facb79a6438753 (diff)