Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[stable25] invalidate existing tokens when deleting an oauth client #37231

Merged
merged 10 commits into from
Jun 15, 2023
Merged

[stable25] invalidate existing tokens when deleting an oauth client #37231

merged 10 commits into from
Jun 15, 2023

Conversation

backportbot-nextcloud[bot]
Copy link

@backportbot-nextcloud backportbot-nextcloud bot commented Mar 15, 2023
edited by come-nc
Loading

  • ⚠️ This backport had conflicts that were resolved with the 'ours' merge strategy and is likely incomplete

backport of #36033

@backportbot-nextcloud backportbot-nextcloud bot added this to the Nextcloud 25.0.5 milestone Mar 15, 2023
@blizzz blizzz mentioned this pull request Mar 15, 2023
Merged
@come-nc come-nc changed the title [stable25] [master] invalidate existing tokens when deleting an oauth client [stable25] invalidate existing tokens when deleting an oauth client Mar 15, 2023
@come-nc come-nc force-pushed the backport/36033/stable25 branch from fae11df to 58fb023 Compare March 15, 2023 13:07
@come-nc come-nc marked this pull request as ready for review March 15, 2023 13:10
blizzz
blizzz requested changes Mar 15, 2023
View reviewed changes
apps/oauth2/lib/Controller/SettingsController.php Outdated
@@ -92,6 +104,11 @@ public function addClient(string $name,

public function deleteClient(int $id): JSONResponse {
$client = $this->clientMapper->getByUid($id);

$this->userManager->callForAllUsers(function (IUser $user) use ($client) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do not run against all users, but only against known ones (callForSeenUsers).

Also, this should not run in a user request context, only on the background, as it may take ages.

@skjnldsv skjnldsv mentioned this pull request Apr 13, 2023
Merged
11 tasks
@individual-it individual-it force-pushed the backport/36033/stable25 branch from 58fb023 to d905b41 Compare April 17, 2023 09:02
This was referenced Apr 17, 2023
Merged
Merged
@skjnldsv skjnldsv mentioned this pull request Apr 18, 2023
Merged
7 tasks
@blizzz blizzz mentioned this pull request May 16, 2023
Merged
@blizzz
Copy link
Member

blizzz commented May 17, 2023

moving to 25.0.8. What is the state with this PR?

@individual-it
Copy link
Contributor

all done from my point of view, see discussion in #37230

@individual-it individual-it force-pushed the backport/36033/stable25 branch from d905b41 to c2f71bf Compare May 19, 2023 07:09
@blizzz blizzz added the 3. to review Waiting for reviews label May 23, 2023
@blizzz blizzz mentioned this pull request Jun 12, 2023
Merged
@blizzz
Copy link
Member

blizzz commented Jun 14, 2023

@individual-it conflicts 😩

individual-it and others added 10 commits June 15, 2023 13:19
@individual-it
invalidate existing tokens when deleting an oauth client
91b599f 
Signed-off-by: Artur Neumann <artur@jankaritech.com>
@individual-it
public interface to invalidate tokens of user
f0d1822 
Signed-off-by: Artur Neumann <artur@jankaritech.com>
@individual-it
adjust SettingsController tests
fdfde4e 
Signed-off-by: Artur Neumann <artur@jankaritech.com>
@individual-it
unit tests for Manager::invalidateTokensOfUser
37c017c 
Signed-off-by: Artur Neumann <artur@jankaritech.com>
@individual-it
added @SInCE tag
b44dfd0 
Signed-off-by: Artur Neumann <artur@jankaritech.com>
@individual-it
autoloaderchecker
33512bb 
Signed-off-by: Artur Neumann <artur@jankaritech.com>
@individual-it
move mocks into private variables
f922734 
Signed-off-by: Artur Neumann <artur@jankaritech.com>
@individual-it
invalidate oauth2 tokens only for seen users
183e1b9 
Signed-off-by: Artur Neumann <artur@jankaritech.com>
@individual-it
expect invalidateTokensOfUser only be called for seen users
0be74df 
Signed-off-by: Artur Neumann <artur@jankaritech.com>
@blizzz @individual-it
Adjust @SInCE annotation
28b9cfb 
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
@individual-it individual-it force-pushed the backport/36033/stable25 branch from 9922fee to 28b9cfb Compare June 15, 2023 07:36
hopklaas35

This comment was marked as spam.

Sign in to view

@individual-it individual-it enabled auto-merge June 15, 2023 07:47
@individual-it
Copy link
Contributor

@blizzz fixed

@blizzz blizzz disabled auto-merge June 15, 2023 09:02
@blizzz blizzz merged commit 60bb6da into stable25 Jun 15, 2023
@blizzz blizzz deleted the backport/36033/stable25 branch June 15, 2023 09:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hopklaas35 hopklaas35 hopklaas35 left review comments

@come-nc come-nc come-nc approved these changes

@blizzz blizzz blizzz approved these changes

@individual-it individual-it Awaiting requested review from individual-it

@julien-nc julien-nc Awaiting requested review from julien-nc

Assignees
No one assigned
Labels
3. to review Waiting for reviews
Projects
None yet
Milestone
Nextcloud 25.0.8
Development

Successfully merging this pull request may close these issues.
5 participants
@blizzz @individual-it @come-nc @hopklaas35 @skjnldsv