Skip to content

Commit a0c7798

Browse files
committed
Limit the length of app password names
Signed-off-by: Joas Schilling <coding@schilljs.com>
1 parent 0fa17f8 commit a0c7798

5 files changed

Lines changed: 23 additions & 0 deletions

File tree

apps/settings/lib/Controller/AuthSettingsController.php

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -145,6 +145,10 @@ public function create($name) {
145145
return $this->getServiceNotAvailableResponse();
146146
}
147147

148+
if (mb_strlen($name) > 128) {
149+
$name = mb_substr($name, 0, 120) . '';
150+
}
151+
148152
$token = $this->generateRandomDeviceToken();
149153
$deviceToken = $this->tokenProvider->generateToken($token, $this->uid, $loginName, $password, $name, IToken::PERMANENT_TOKEN);
150154
$tokenData = $deviceToken->jsonSerialize();
@@ -241,6 +245,10 @@ public function update($id, array $scope, string $name) {
241245
$this->publishActivity($scope['filesystem'] ? Provider::APP_TOKEN_FILESYSTEM_GRANTED : Provider::APP_TOKEN_FILESYSTEM_REVOKED, $token->getId(), ['name' => $currentName]);
242246
}
243247

248+
if (mb_strlen($name) > 128) {
249+
$name = mb_substr($name, 0, 120) . '';
250+
}
251+
244252
if ($token instanceof INamedToken && $name !== $currentName) {
245253
$token->setName($name);
246254
$this->publishActivity(Provider::APP_TOKEN_RENAMED, $token->getId(), ['name' => $currentName, 'newName' => $name]);

core/Controller/AppPasswordController.php

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -99,6 +99,9 @@ public function getAppPassword(): DataResponse {
9999
}
100100

101101
$userAgent = $this->request->getHeader('USER_AGENT');
102+
if (mb_strlen($userAgent) > 128) {
103+
$userAgent = mb_substr($userAgent, 0, 120) . '';
104+
}
102105

103106
$token = $this->random->generate(72, ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_DIGITS);
104107

core/Controller/ClientFlowLoginController.php

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -322,6 +322,10 @@ public function generateAppPassword($stateToken,
322322
$clientName = $client->getName();
323323
}
324324

325+
if (mb_strlen($clientName) > 128) {
326+
$clientName = mb_substr($clientName, 0, 120) . '';
327+
}
328+
325329
$token = $this->random->generate(72, ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_DIGITS);
326330
$uid = $this->userSession->getUser()->getUID();
327331
$generatedToken = $this->tokenProvider->generateToken(

lib/private/Authentication/Token/Manager.php

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -61,6 +61,10 @@ public function generateToken(string $token,
6161
string $name,
6262
int $type = IToken::TEMPORARY_TOKEN,
6363
int $remember = IToken::DO_NOT_REMEMBER): IToken {
64+
if (mb_strlen($name) > 128) {
65+
throw new InvalidTokenException('The given name is too long');
66+
}
67+
6468
try {
6569
return $this->publicKeyTokenProvider->generateToken(
6670
$token,

lib/private/Authentication/Token/PublicKeyTokenProvider.php

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -84,6 +84,10 @@ public function generateToken(string $token,
8484
string $name,
8585
int $type = IToken::TEMPORARY_TOKEN,
8686
int $remember = IToken::DO_NOT_REMEMBER): IToken {
87+
if (mb_strlen($name) > 128) {
88+
throw new InvalidTokenException('The given name is too long');
89+
}
90+
8791
$dbToken = $this->newToken($token, $uid, $loginName, $password, $name, $type, $remember);
8892
$this->mapper->insert($dbToken);
8993

0 commit comments

Comments
 (0)