From a0bd1800e89f4a0b426cced00e571d5157e6f707 Mon Sep 17 00:00:00 2001 From: Morris Jobke Date: Wed, 16 Jun 2021 17:03:33 +0200 Subject: [PATCH 1/3] Properly cleanup entries of WebAuthn on user deletion Signed-off-by: Morris Jobke --- core/Application.php | 2 + lib/composer/composer/autoload_classmap.php | 1 + lib/composer/composer/autoload_static.php | 1 + .../UserDeletedWebAuthnCleanupListener.php | 50 +++++++++++++++++++ .../WebAuthn/Db/PublicKeyCredentialMapper.php | 13 +++++ 5 files changed, 67 insertions(+) create mode 100644 lib/private/Authentication/Listeners/UserDeletedWebAuthnCleanupListener.php diff --git a/core/Application.php b/core/Application.php index 6aec7fd2305f6..0a87e69859789 100644 --- a/core/Application.php +++ b/core/Application.php @@ -38,6 +38,7 @@ use OC\Authentication\Listeners\RemoteWipeNotificationsListener; use OC\Authentication\Listeners\UserDeletedStoreCleanupListener; use OC\Authentication\Listeners\UserDeletedTokenCleanupListener; +use OC\Authentication\Listeners\UserDeletedWebAuthnCleanupListener; use OC\Authentication\Notifications\Notifier as AuthenticationNotifier; use OC\Core\Notification\CoreNotifier; use OC\DB\MissingColumnInformation; @@ -264,5 +265,6 @@ function (GenericEvent $event) use ($container) { $eventDispatcher->addServiceListener(RemoteWipeFinished::class, RemoteWipeEmailListener::class); $eventDispatcher->addServiceListener(UserDeletedEvent::class, UserDeletedStoreCleanupListener::class); $eventDispatcher->addServiceListener(UserDeletedEvent::class, UserDeletedTokenCleanupListener::class); + $eventDispatcher->addServiceListener(UserDeletedEvent::class, UserDeletedWebAuthnCleanupListener::class); } } diff --git a/lib/composer/composer/autoload_classmap.php b/lib/composer/composer/autoload_classmap.php index c829d4fde0e2b..b2dbe7f9f22aa 100644 --- a/lib/composer/composer/autoload_classmap.php +++ b/lib/composer/composer/autoload_classmap.php @@ -667,6 +667,7 @@ 'OC\\Authentication\\Listeners\\RemoteWipeNotificationsListener' => $baseDir . '/lib/private/Authentication/Listeners/RemoteWipeNotificationsListener.php', 'OC\\Authentication\\Listeners\\UserDeletedStoreCleanupListener' => $baseDir . '/lib/private/Authentication/Listeners/UserDeletedStoreCleanupListener.php', 'OC\\Authentication\\Listeners\\UserDeletedTokenCleanupListener' => $baseDir . '/lib/private/Authentication/Listeners/UserDeletedTokenCleanupListener.php', + 'OC\\Authentication\\Listeners\\UserDeletedWebAuthnCleanupListener' => $baseDir . '/lib/private/Authentication/Listeners/UserDeletedWebAuthnCleanupListener.php', 'OC\\Authentication\\Listeners\\UserLoggedInListener' => $baseDir . '/lib/private/Authentication/Listeners/UserLoggedInListener.php', 'OC\\Authentication\\LoginCredentials\\Credentials' => $baseDir . '/lib/private/Authentication/LoginCredentials/Credentials.php', 'OC\\Authentication\\LoginCredentials\\Store' => $baseDir . '/lib/private/Authentication/LoginCredentials/Store.php', diff --git a/lib/composer/composer/autoload_static.php b/lib/composer/composer/autoload_static.php index 2f2d28c2503bc..dffe16150e9e3 100644 --- a/lib/composer/composer/autoload_static.php +++ b/lib/composer/composer/autoload_static.php @@ -696,6 +696,7 @@ class ComposerStaticInit53792487c5a8370acc0b06b1a864ff4c 'OC\\Authentication\\Listeners\\RemoteWipeNotificationsListener' => __DIR__ . '/../../..' . '/lib/private/Authentication/Listeners/RemoteWipeNotificationsListener.php', 'OC\\Authentication\\Listeners\\UserDeletedStoreCleanupListener' => __DIR__ . '/../../..' . '/lib/private/Authentication/Listeners/UserDeletedStoreCleanupListener.php', 'OC\\Authentication\\Listeners\\UserDeletedTokenCleanupListener' => __DIR__ . '/../../..' . '/lib/private/Authentication/Listeners/UserDeletedTokenCleanupListener.php', + 'OC\\Authentication\\Listeners\\UserDeletedWebAuthnCleanupListener' => __DIR__ . '/../../..' . '/lib/private/Authentication/Listeners/UserDeletedWebAuthnCleanupListener.php', 'OC\\Authentication\\Listeners\\UserLoggedInListener' => __DIR__ . '/../../..' . '/lib/private/Authentication/Listeners/UserLoggedInListener.php', 'OC\\Authentication\\LoginCredentials\\Credentials' => __DIR__ . '/../../..' . '/lib/private/Authentication/LoginCredentials/Credentials.php', 'OC\\Authentication\\LoginCredentials\\Store' => __DIR__ . '/../../..' . '/lib/private/Authentication/LoginCredentials/Store.php', diff --git a/lib/private/Authentication/Listeners/UserDeletedWebAuthnCleanupListener.php b/lib/private/Authentication/Listeners/UserDeletedWebAuthnCleanupListener.php new file mode 100644 index 0000000000000..a56ac3bd54ebb --- /dev/null +++ b/lib/private/Authentication/Listeners/UserDeletedWebAuthnCleanupListener.php @@ -0,0 +1,50 @@ + + * + * @author Morris Jobke + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + * + */ + +namespace OC\Authentication\Listeners; + +use OC\Authentication\WebAuthn\Db\PublicKeyCredentialMapper; +use OCP\EventDispatcher\Event; +use OCP\EventDispatcher\IEventListener; +use OCP\User\Events\UserDeletedEvent; + +class UserDeletedWebAuthnCleanupListener implements IEventListener { + + /** @var PublicKeyCredentialMapper */ + private $credentialMapper; + + public function __construct(PublicKeyCredentialMapper $credentialMapper) { + $this->credentialMapper = $credentialMapper; + } + + public function handle(Event $event): void { + if (!($event instanceof UserDeletedEvent)) { + return; + } + + $this->credentialMapper->deleteByUid($event->getUser()->getUID()); + } +} diff --git a/lib/private/Authentication/WebAuthn/Db/PublicKeyCredentialMapper.php b/lib/private/Authentication/WebAuthn/Db/PublicKeyCredentialMapper.php index 9c436b38b5d40..7ff60b08a24e8 100644 --- a/lib/private/Authentication/WebAuthn/Db/PublicKeyCredentialMapper.php +++ b/lib/private/Authentication/WebAuthn/Db/PublicKeyCredentialMapper.php @@ -81,4 +81,17 @@ public function findById(string $uid, int $id): PublicKeyCredentialEntity { return $this->findEntity($qb); } + + /** + * @throws \OCP\DB\Exception + */ + public function deleteByUid(string $uid) { + $qb = $this->db->getQueryBuilder(); + + $qb->delete($this->getTableName()) + ->where( + $qb->expr()->eq('uid', $qb->createNamedParameter($uid)) + ); + $qb->executeStatement(); + } } From 481715c8f8eed48a54f9035aae784720b7e28ba8 Mon Sep 17 00:00:00 2001 From: Lukas Reschke Date: Tue, 22 Jun 2021 13:54:03 +0200 Subject: [PATCH 2/3] Use execute instead of executeStatement Signed-off-by: Lukas Reschke --- .../Authentication/WebAuthn/Db/PublicKeyCredentialMapper.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/private/Authentication/WebAuthn/Db/PublicKeyCredentialMapper.php b/lib/private/Authentication/WebAuthn/Db/PublicKeyCredentialMapper.php index 7ff60b08a24e8..b2dd4e310d1db 100644 --- a/lib/private/Authentication/WebAuthn/Db/PublicKeyCredentialMapper.php +++ b/lib/private/Authentication/WebAuthn/Db/PublicKeyCredentialMapper.php @@ -92,6 +92,6 @@ public function deleteByUid(string $uid) { ->where( $qb->expr()->eq('uid', $qb->createNamedParameter($uid)) ); - $qb->executeStatement(); + $qb->execute(); } } From 5a1faab1677d82d2b3fcd348bd6a8622b9a86da9 Mon Sep 17 00:00:00 2001 From: Lukas Reschke Date: Tue, 22 Jun 2021 13:55:49 +0200 Subject: [PATCH 3/3] Remove throwing annotation This class was just introduced in Nc 21. Signed-off-by: Lukas Reschke --- .../Authentication/WebAuthn/Db/PublicKeyCredentialMapper.php | 3 --- 1 file changed, 3 deletions(-) diff --git a/lib/private/Authentication/WebAuthn/Db/PublicKeyCredentialMapper.php b/lib/private/Authentication/WebAuthn/Db/PublicKeyCredentialMapper.php index b2dd4e310d1db..f15d35a84babf 100644 --- a/lib/private/Authentication/WebAuthn/Db/PublicKeyCredentialMapper.php +++ b/lib/private/Authentication/WebAuthn/Db/PublicKeyCredentialMapper.php @@ -82,9 +82,6 @@ public function findById(string $uid, int $id): PublicKeyCredentialEntity { return $this->findEntity($qb); } - /** - * @throws \OCP\DB\Exception - */ public function deleteByUid(string $uid) { $qb = $this->db->getQueryBuilder();