Merge pull request #108 from owncloud/bugfix/86+106

Fixes #86 and #106 - properly handle token expiry in the sabre dav au…
owncloud · Oct 15, 2020 · 55fd4f7 · 55fd4f7
2 parents fee4bce + 20a004f
commit 55fd4f7
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 9 deletions.
diff --git a/lib/Sabre/OpenIdSabreAuthBackend.php b/lib/Sabre/OpenIdSabreAuthBackend.php
@@ -110,18 +110,23 @@ private function isDavAuthenticated($username) {
 	protected function validateBearerToken($bearerToken) {
 		if ($this->userSession->isLoggedIn() &&
 			$this->isDavAuthenticated($this->userSession->getUser()->getUID())) {
+			try {
 
-			// verify the bearer token
-			$tokenUser = $this->authModule->authToken($bearerToken);
-			if ($tokenUser === null) {
+				// verify the bearer token
+				$tokenUser = $this->authModule->authToken($bearerToken);
+				if ($tokenUser === null) {
+					return false;
+				}
+
+				// setup the user
+				$userId = $this->userSession->getUser()->getUID();
+				$this->setupFilesystem($userId);
+				$this->session->close();
+				return $this->principalPrefix . $userId;
+			} catch (\Exception $ex) {
+				$this->session->close();
 				return false;
 			}
-
-			// setup the user
-			$userId = $this->userSession->getUser()->getUID();
-			$this->setupFilesystem($userId);
-			$this->session->close();
-			return $this->principalPrefix . $userId;
 		}
 
 		$this->setupFilesystem();

diff --git a/tests/unit/Sabre/OpenIdSabreAuthBackendTest.php b/tests/unit/Sabre/OpenIdSabreAuthBackendTest.php
@@ -23,6 +23,7 @@
 namespace OCA\OpenIdConnect\Tests\Unit\Sabre;
 
 use OC\HintException;
+use OC\User\LoginException;
 use OC\User\Session;
 use OCA\OpenIdConnect\OpenIdConnectAuthModule;
 use OCA\OpenIdConnect\Sabre\OpenIdSabreAuthBackend;
@@ -152,4 +153,17 @@ public function testNotLoggedInWithValidToken(): void {
 		$return = $this->backend->check($this->sabreRequest, $this->sabreResponse);
 		self::assertEquals([true, 'principals/users/alice'], $return);
 	}
+
+	public function testTokenExpiry(): void {
+		$this->userSession->method('isLoggedIn')->willReturn(true);
+		$user = $this->createMock(IUser::class);
+		$user->method('getUID')->willReturn('alice');
+		$this->userSession->method('getUser')->willReturn($user);
+		$this->session->method('get')->with(OpenIdSabreAuthBackend::DAV_AUTHENTICATED)->willReturn('alice');
+
+		$this->authModule->expects(self::once())->method('authToken')->with('1234567890')->willThrowException(new LoginException(':zzz:'));
+
+		$return = $this->backend->check($this->sabreRequest, $this->sabreResponse);
+		self::assertEquals([false, 'Bearer token was incorrect'], $return);
+	}
 }