public interface to invalidate tokens of user

Signed-off-by: Artur Neumann <artur@jankaritech.com>

Author: individual-it

apps/oauth2/lib/Controller/SettingsController.php

@@ -30,7 +30,7 @@
  */
 namespace OCA\OAuth2\Controller;
 
-use OC\Authentication\Token\IProvider as IAuthTokenProvider;
+use OCP\Authentication\Token\IProvider as IAuthTokenProvider;
 use OCA\OAuth2\Db\AccessTokenMapper;
 use OCA\OAuth2\Db\Client;
 use OCA\OAuth2\Db\ClientMapper;
@@ -115,14 +115,7 @@ public function deleteClient(int $id): JSONResponse {
 		$client = $this->clientMapper->getByUid($id);
 
 		$this->userManager->callForAllUsers(function (IUser $user) use ($client) {
-			$tokens = $this->tokenProvider->getTokenByUser($user->getUID());
-			foreach ($tokens as $token) {
-				if ($token->getName() === $client->getName()) {
-					$this->tokenProvider->invalidateTokenById(
-						$user->getUID(), $token->getId()
-					);
-				}
-			}
+			$this->tokenProvider->invalidateTokensOfUser($user->getUID(), $client->getName());
 		});
 
 		$this->accessTokenMapper->deleteByClientId($id);

lib/private/Authentication/Token/Manager.php

@@ -32,9 +32,9 @@
 use OC\Authentication\Exceptions\InvalidTokenException;
 use OC\Authentication\Exceptions\PasswordlessTokenException;
 use OC\Authentication\Exceptions\WipeTokenException;
+use OCP\Authentication\Token\IProvider as OCPIProvider;
 
-class Manager implements IProvider {
-
+class Manager implements IProvider, OCPIProvider {
 	/** @var PublicKeyTokenProvider */
 	private $publicKeyTokenProvider;
 
@@ -240,4 +240,13 @@ public function markPasswordInvalid(IToken $token, string $tokenId) {
 	public function updatePasswords(string $uid, string $password) {
 		$this->publicKeyTokenProvider->updatePasswords($uid, $password);
 	}
+
+	public function invalidateTokensOfUser(string $uid, ?string $clientName) {
+		$tokens = $this->getTokenByUser($uid);
+		foreach ($tokens as $token) {
+			if ($clientName === null || ($token->getName() === $clientName)) {
+				$this->invalidateTokenById($uid, $token->getId());
+			}
+		}
+	}
 }

lib/private/Server.php

@@ -161,6 +161,7 @@
 use OCP\Accounts\IAccountManager;
 use OCP\App\IAppManager;
 use OCP\Authentication\LoginCredentials\IStore;
+use OCP\Authentication\Token\IProvider as OCPIProvider;
 use OCP\BackgroundJob\IJobList;
 use OCP\Collaboration\AutoComplete\IManager;
 use OCP\Collaboration\Reference\IReferenceManager;
@@ -278,7 +279,6 @@
  * TODO: hookup all manager classes
  */
 class Server extends ServerContainer implements IServerContainer {
-
 	/** @var string */
 	private $webRoot;
 
@@ -547,6 +547,7 @@ public function __construct($webRoot, \OC\Config $config) {
 		});
 		$this->registerAlias(IStore::class, Store::class);
 		$this->registerAlias(IProvider::class, Authentication\Token\Manager::class);
+		$this->registerAlias(OCPIProvider::class, Authentication\Token\Manager::class);
 
 		$this->registerService(\OC\User\Session::class, function (Server $c) {
 			$manager = $c->get(IUserManager::class);

lib/public/Authentication/Token/IProvider.php

@@ -0,0 +1,37 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * @copyright Copyright (c) 2022 Artur Neumann <artur@jankaritech.com>
+ *
+ * @author Artur Neumann <artur@jankaritech.com>
+ *
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+namespace OCP\Authentication\Token;
+
+interface IProvider {
+	/**
+	 * invalidates all tokens of a specific user
+	 * if a client name is given only tokens of that client will be invalidated
+	 *
+	 * @param string $uid
+	 * @param string|null $clientName
+	 * @return void
+	 */
+	public function invalidateTokensOfUser(string $uid, ?string $clientName);
+}