fix: Handle exception when clearing previously removed two factor tokens

danxuliu · nickvergessen · commit 5ea5b2de84fe · 2024-11-05T11:14:05.000+01:00
If a token was already removed from the database but not from the
configuration clearing the tokens will try to remove it again from the
database, which caused a DoesNotExistException to be thrown.

Signed-off-by: Daniel Calviño Sánchez &lt;danxuliu@gmail.com&gt;
diff --git a/lib/private/Authentication/TwoFactorAuth/Manager.php b/lib/private/Authentication/TwoFactorAuth/Manager.php
@@ -12,6 +12,7 @@
 use Exception;
 use OC\Authentication\Token\IProvider as TokenProvider;
 use OCP\Activity\IManager;
+use OCP\AppFramework\Db\DoesNotExistException;
 use OCP\AppFramework\Utility\ITimeFactory;
 use OCP\Authentication\Exceptions\InvalidTokenException;
 use OCP\Authentication\TwoFactorAuth\IActivatableAtLogin;
@@ -368,7 +369,10 @@ public function clearTwoFactorPending(string $userId) {
 		foreach ($tokensNeeding2FA as $tokenId) {
 			$this->config->deleteUserValue($userId, 'login_token_2fa', $tokenId);
 
-			$this->tokenProvider->invalidateTokenById($userId, (int)$tokenId);
+			try {
+				$this->tokenProvider->invalidateTokenById($userId, (int)$tokenId);
+			} catch (DoesNotExistException $e) {
+			}
 		}
 	}
 }
diff --git a/tests/lib/Authentication/TwoFactorAuth/ManagerTest.php b/tests/lib/Authentication/TwoFactorAuth/ManagerTest.php
@@ -15,6 +15,7 @@
 use OC\Authentication\TwoFactorAuth\ProviderLoader;
 use OCP\Activity\IEvent;
 use OCP\Activity\IManager;
+use OCP\AppFramework\Db\DoesNotExistException;
 use OCP\AppFramework\Utility\ITimeFactory;
 use OCP\Authentication\TwoFactorAuth\IActivatableAtLogin;
 use OCP\Authentication\TwoFactorAuth\IProvider;
@@ -727,4 +728,35 @@ public function testClearTwoFactorPending() {
 
 		$this->manager->clearTwoFactorPending('theUserId');
 	}
+
+	public function testClearTwoFactorPendingTokenDoesNotExist() {
+		$this->config->method('getUserKeys')
+			->with('theUserId', 'login_token_2fa')
+			->willReturn([
+				'42', '43', '44'
+			]);
+
+		$this->config->expects($this->exactly(3))
+			->method('deleteUserValue')
+			->withConsecutive(
+				['theUserId', 'login_token_2fa', '42'],
+				['theUserId', 'login_token_2fa', '43'],
+				['theUserId', 'login_token_2fa', '44'],
+			);
+
+		$this->tokenProvider->expects($this->exactly(3))
+			->method('invalidateTokenById')
+			->withConsecutive(
+				['theUserId', 42],
+				['theUserId', 43],
+				['theUserId', 44],
+			)
+			->willReturnCallback(function ($user, $tokenId) {
+				if ($tokenId === 43) {
+					throw new DoesNotExistException('token does not exist');
+				}
+			});
+
+		$this->manager->clearTwoFactorPending('theUserId');
+	}
 }

Original file line number	Diff line number	Diff line change
`@@ -12,6 +12,7 @@`
`12`	`12`	`use Exception;`
`13`	`13`	`use OC\Authentication\Token\IProvider as TokenProvider;`
`14`	`14`	`use OCP\Activity\IManager;`
	`15`	`+use OCP\AppFramework\Db\DoesNotExistException;`
`15`	`16`	`use OCP\AppFramework\Utility\ITimeFactory;`
`16`	`17`	`use OCP\Authentication\Exceptions\InvalidTokenException;`
`17`	`18`	`use OCP\Authentication\TwoFactorAuth\IActivatableAtLogin;`
`@@ -368,7 +369,10 @@ public function clearTwoFactorPending(string $userId) {`
`368`	`369`	`foreach ($tokensNeeding2FA as $tokenId) {`
`369`	`370`	`$this->config->deleteUserValue($userId, 'login_token_2fa', $tokenId);`
`370`	`371`
`371`		`- $this->tokenProvider->invalidateTokenById($userId, (int)$tokenId);`
	`372`	`+ try {`
	`373`	`+ $this->tokenProvider->invalidateTokenById($userId, (int)$tokenId);`
	`374`	`+ } catch (DoesNotExistException $e) {`
	`375`	`+ }`
`372`	`376`	`}`
`373`	`377`	`}`
`374`	`378`	`}`