diff options
| author | Morris Jobke <hey@morrisjobke.de> | 2018-05-23 16:42:22 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-05-23 16:42:22 +0300 |
| commit | 2f059d1caf006253ccfa9334702f86469cc3a3c8 (patch) | |
| tree | 44b0f33cf4c609e1280a71fd1ce543ea14582872 /core | |
| parent | 01d3586a0ff930fb8fe5d05d0be98d39c5ed2a35 (diff) | |
| parent | 3c002706a4d1e264518b1017f3a8d32576c9e9f8 (diff) | |
Merge pull request #9540 from nextcloud/backport/9517/stable13
[stable13] Improve OAuth
Diffstat (limited to 'core')
| -rw-r--r-- | core/Controller/ClientFlowLoginController.php | 2 | ||||
| -rw-r--r-- | core/Migrations/Version13000Date20180516101403.php | 56 |
2 files changed, 57 insertions, 1 deletions
diff --git a/core/Controller/ClientFlowLoginController.php b/core/Controller/ClientFlowLoginController.php index 0e7fbf892b6..3bd396a0b97 100644 --- a/core/Controller/ClientFlowLoginController.php +++ b/core/Controller/ClientFlowLoginController.php @@ -291,7 +291,7 @@ class ClientFlowLoginController extends Controller { ); if($client) { - $code = $this->random->generate(128); + $code = $this->random->generate(128, ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_DIGITS); $accessToken = new AccessToken(); $accessToken->setClientId($client->getId()); $accessToken->setEncryptedToken($this->crypto->encrypt($token, $code)); diff --git a/core/Migrations/Version13000Date20180516101403.php b/core/Migrations/Version13000Date20180516101403.php new file mode 100644 index 00000000000..62198d0bb37 --- /dev/null +++ b/core/Migrations/Version13000Date20180516101403.php @@ -0,0 +1,56 @@ +<?php +/** + * @copyright Copyright (c) 2018 Roeland Jago Douma <roeland@famdouma.nl> + * + * @author Roeland Jago Douma <roeland@famdouma.nl> + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ + +namespace OC\Core\Migrations; + +use OCP\DB\ISchemaWrapper; +use OCP\Migration\SimpleMigrationStep; +use OCP\Migration\IOutput; + +class Version13000Date20180516101403 extends SimpleMigrationStep { + + /** + * @param IOutput $output + * @param \Closure $schemaClosure The `\Closure` returns a `ISchemaWrapper` + * @param array $options + * @return null|ISchemaWrapper + */ + public function changeSchema(IOutput $output, \Closure $schemaClosure, array $options) { + /** @var ISchemaWrapper $schema */ + $schema = $schemaClosure(); + + $table = $schema->getTable('authtoken'); + + if (!$table->hasColumn('expires')) { + $table->addColumn('expires', 'integer', [ + 'notnull' => false, + 'length' => 4, + 'default' => null, + 'unsigned' => true, + ]); + + return $schema; + } + return null; + } +} |