[stable26] invalidate existing tokens when deleting an oauth client #37230

backportbot-nextcloud · 2023-03-15T10:42:00Z

backport of #36033

blizzz · 2023-03-15T13:46:22Z

apps/oauth2/lib/Controller/SettingsController.php

@@ -92,6 +104,11 @@ public function addClient(string $name,

 	public function deleteClient(int $id): JSONResponse {
 		$client = $this->clientMapper->getByUid($id);
+
+		$this->userManager->callForAllUsers(function (IUser $user) use ($client) {


should be run for known users, not all users, and not in user facing requests as it may take ages

The same thing was merged in master and stable24 already :-/
Why would it take ages?

because it will ask all connected backends to all users. not an issue on small local instance, but a factor on big setups.

@blizzz do you mean using callForSeenUsers() instead of callForAllUsers()?

@blizzz do you mean using callForSeenUsers() instead of callForAllUsers()?

yes, and ideally it runs through background jobs only

@blizzz I've changed it to callForSeenUsers() in e25b640

But I think I would not put it into background jobs, because as admin I would expect the connections to be deleted immediately after I delete the oauth client and not only after a cron job eventually runs.

Depending on the instance size it may cycle over x thousands of users.

blizzz · 2023-03-16T11:18:22Z

moving to 26.0.1 (as final RC3 is due)

come-nc · 2023-04-05T09:54:55Z

This will need to be backported to stable25, and the callForSeenUser change needs to be ported to master as well in a smaller PR

individual-it · 2023-04-17T09:03:35Z

backport to stable25 already exists and I've added the last commit to it too: #37231
port to master of the last commit is in: #37761

blizzz · 2023-05-17T11:35:56Z

CI is failing, at least PHPUnit / phpunit-oci (8.2) might be related

blizzz · 2023-05-17T17:41:24Z

→ 26.0.3

Signed-off-by: Artur Neumann <artur@jankaritech.com>

individual-it · 2023-05-19T07:58:29Z

@blizzz unit tests fixed, also for the other repos

lib/public/Authentication/Token/IProvider.php

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>

backportbot-nextcloud bot added this to the Nextcloud 26 milestone Mar 15, 2023

backportbot-nextcloud bot requested review from come-nc, individual-it and julien-nc March 15, 2023 10:42

blizzz mentioned this pull request Mar 15, 2023

26.0.0 RC3 #37202

Merged

come-nc changed the title ~~[stable26] [master] invalidate existing tokens when deleting an oauth client~~ [stable26] invalidate existing tokens when deleting an oauth client Mar 15, 2023

come-nc approved these changes Mar 15, 2023

View reviewed changes

blizzz requested changes Mar 15, 2023

View reviewed changes

blizzz modified the milestones: Nextcloud 26, Nextcloud 26.0.1 Mar 16, 2023

individual-it force-pushed the backport/36033/stable26 branch from 55e0975 to e25b640 Compare March 17, 2023 08:18

blizzz mentioned this pull request Mar 20, 2023

26.0.0 #37312

Merged

come-nc requested a review from blizzz April 5, 2023 09:54

skjnldsv mentioned this pull request Apr 13, 2023

26.0.1 RC1 #37698

Merged

8 tasks

individual-it mentioned this pull request Apr 17, 2023

invalidate oauth2 tokens only for seen users #37761

Merged

4 tasks

skjnldsv mentioned this pull request Apr 18, 2023

26.0.1 #37782

Merged

9 tasks

skjnldsv modified the milestones: Nextcloud 26.0.1, Nextcloud 26.0.2 Apr 18, 2023

blizzz mentioned this pull request May 16, 2023

26.0.2 RC1 #38314

Merged

individual-it mentioned this pull request May 17, 2023

[stable25] invalidate existing tokens when deleting an oauth client #37231

Merged

1 task

blizzz modified the milestones: Nextcloud 26.0.2, Nextcloud 26.0.3 May 17, 2023

individual-it added 3 commits May 19, 2023 12:02

invalidate existing tokens when deleting an oauth client

9f8f2d2

Signed-off-by: Artur Neumann <artur@jankaritech.com>

public interface to invalidate tokens of user

19bb66a

Signed-off-by: Artur Neumann <artur@jankaritech.com>

adjust SettingsController tests

aae3ff6

Signed-off-by: Artur Neumann <artur@jankaritech.com>

individual-it added 5 commits May 19, 2023 12:02

unit tests for Manager::invalidateTokensOfUser

774cdf5

Signed-off-by: Artur Neumann <artur@jankaritech.com>

added @SInCE tag

3e1e6f1

Signed-off-by: Artur Neumann <artur@jankaritech.com>

autoloaderchecker

57c7b73

Signed-off-by: Artur Neumann <artur@jankaritech.com>

move mocks into private variables

dcab216

Signed-off-by: Artur Neumann <artur@jankaritech.com>

invalidate oauth2 tokens only for seen users

cb005f6

Signed-off-by: Artur Neumann <artur@jankaritech.com>

individual-it force-pushed the backport/36033/stable26 branch from e25b640 to cb005f6 Compare May 19, 2023 06:17

expect invalidateTokensOfUser only be called for seen users

67bba35

Signed-off-by: Artur Neumann <artur@jankaritech.com>

blizzz mentioned this pull request Jun 12, 2023

26.0.3 RC1 #38755

Merged

blizzz reviewed Jun 13, 2023

View reviewed changes

lib/public/Authentication/Token/IProvider.php Outdated Show resolved Hide resolved

blizzz reviewed Jun 13, 2023

View reviewed changes

lib/public/Authentication/Token/IProvider.php Outdated Show resolved Hide resolved

adjust @SInCE annotation

40dcc08

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>

blizzz approved these changes Jun 14, 2023

View reviewed changes

blizzz enabled auto-merge June 14, 2023 21:27

blizzz disabled auto-merge June 15, 2023 09:54

blizzz merged commit 00afe49 into stable26 Jun 15, 2023

blizzz deleted the backport/36033/stable26 branch June 15, 2023 09:54

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[stable26] invalidate existing tokens when deleting an oauth client #37230

[stable26] invalidate existing tokens when deleting an oauth client #37230

backportbot-nextcloud bot commented Mar 15, 2023

blizzz Mar 15, 2023

come-nc Mar 15, 2023

blizzz Mar 16, 2023

individual-it Mar 16, 2023

blizzz Mar 16, 2023

individual-it Mar 17, 2023

blizzz May 23, 2023

blizzz commented Mar 16, 2023

come-nc commented Apr 5, 2023

individual-it commented Apr 17, 2023

blizzz commented May 17, 2023

blizzz commented May 17, 2023 •

edited

Loading

individual-it commented May 19, 2023

[stable26] invalidate existing tokens when deleting an oauth client #37230

[stable26] invalidate existing tokens when deleting an oauth client #37230

Conversation

backportbot-nextcloud bot commented Mar 15, 2023

blizzz Mar 15, 2023

Choose a reason for hiding this comment

come-nc Mar 15, 2023

Choose a reason for hiding this comment

blizzz Mar 16, 2023

Choose a reason for hiding this comment

individual-it Mar 16, 2023

Choose a reason for hiding this comment

blizzz Mar 16, 2023

Choose a reason for hiding this comment

individual-it Mar 17, 2023

Choose a reason for hiding this comment

blizzz May 23, 2023

Choose a reason for hiding this comment

blizzz commented Mar 16, 2023

come-nc commented Apr 5, 2023

individual-it commented Apr 17, 2023

blizzz commented May 17, 2023

blizzz commented May 17, 2023 • edited Loading

individual-it commented May 19, 2023

blizzz commented May 17, 2023 •

edited

Loading