From e112e3a40594eb802ccb6549ad4329ae677f9e8d Mon Sep 17 00:00:00 2001
From: Christian Weiske <cweiske@cweiske.de>
Date: Thu, 2 Oct 2014 23:25:23 +0200
Subject: [PATCH 1/1] add DELETE /token/$username/$tokenKey API

---
 appinfo/application.php        | 10 ++++
 appinfo/routes.php             |  6 +++
 controller/tokencontroller.php | 88 ++++++++++++++++++++++++++++++++++
 lib/tokenstorage.php           | 25 ++++++++--
 4 files changed, 124 insertions(+), 5 deletions(-)
 create mode 100644 controller/tokencontroller.php

diff --git a/appinfo/application.php b/appinfo/application.php
index cc39ceb..20325de 100644
--- a/appinfo/application.php
+++ b/appinfo/application.php
@@ -56,6 +56,16 @@ class Application extends App
                 );
             }
         );
+        $container->registerService(
+            'TokenController',
+            function($c) {
+                return new \OCA\Grauphel\Controller\TokenController(
+                    $c->query('AppName'),
+                    $c->query('Request'),
+                    $c->query('Session')->getUser()
+                );
+            }
+        );
     }
 }
 ?>
diff --git a/appinfo/routes.php b/appinfo/routes.php
index a82db6b..a730583 100644
--- a/appinfo/routes.php
+++ b/appinfo/routes.php
@@ -73,6 +73,12 @@ $application->registerRoutes(
                 'name' => 'gui#tokens',
                 'verb' => 'GET',
             ),
+
+            array(
+                'url'  => '/tokens/{username}/{tokenKey}',
+                'name' => 'token#delete',
+                'verb' => 'DELETE',
+            ),
         )
     )
 );
diff --git a/controller/tokencontroller.php b/controller/tokencontroller.php
new file mode 100644
index 0000000..97d142a
--- /dev/null
+++ b/controller/tokencontroller.php
@@ -0,0 +1,88 @@
+<?php
+/**
+ * Part of grauphel
+ *
+ * PHP version 5
+ *
+ * @category  Tools
+ * @package   Grauphel
+ * @author    Christian Weiske <cweiske@cweiske.de>
+ * @copyright 2014 Christian Weiske
+ * @license   http://www.gnu.org/licenses/agpl.html GNU AGPL v3
+ * @link      http://cweiske.de/grauphel.htm
+ */
+namespace OCA\Grauphel\Controller;
+
+use \OCP\AppFramework\Controller;
+use \OCA\Grauphel\Lib\Dependencies;
+use \OCA\Grauphel\Lib\OAuthException;
+use \OCA\Grauphel\Lib\Response\ErrorResponse;
+use \OCA\Grauphel\Lib\TokenStorage;
+
+/**
+ * OAuth token management
+ *
+ * @category  Tools
+ * @package   Grauphel
+ * @author    Christian Weiske <cweiske@cweiske.de>
+ * @copyright 2014 Christian Weiske
+ * @license   http://www.gnu.org/licenses/agpl.html GNU AGPL v3
+ * @version   Release: @package_version@
+ * @link      http://cweiske.de/grauphel.htm
+ */
+class TokenController extends Controller
+{
+    /**
+     * constructor of the controller
+     *
+     * @param string   $appName Name of the app
+     * @param IRequest $request Instance of the request
+     */
+    public function __construct($appName, \OCP\IRequest $request, $user)
+    {
+        parent::__construct($appName, $request);
+        $this->user   = $user;
+
+        //default http header: we assume something is broken
+        header('HTTP/1.0 500 Internal Server Error');
+    }
+
+
+    /**
+     * Delete access tokens
+     * DELETE /tokens/$username/$tokenKey
+     *
+     * @NoAdminRequired
+     * @NoCSRFRequired
+     */
+    public function delete($username, $tokenKey)
+    {
+        if (false && ($this->user === null || $this->user->getUid() != $username)) {
+            $res = new ErrorResponse('You may only delete your own tokens.');
+            $res->setStatus(\OCP\AppFramework\Http::STATUS_FORBIDDEN);
+            return $res;
+        }
+
+        $deps = Dependencies::get();
+        try {
+            $token = $deps->tokens->load('access', $tokenKey);
+        } catch (OAuthException $e) {
+            $res = new ErrorResponse('Token not found.');
+            $res->setStatus(\OCP\AppFramework\Http::STATUS_NOT_FOUND);
+            return $res;
+        }
+
+        if ($username != $token->user) {
+            $res = new ErrorResponse('You may only delete your own tokens.');
+            $res->setStatus(\OCP\AppFramework\Http::STATUS_FORBIDDEN);
+            return $res;
+        }
+
+        $deps->tokens->delete('access', $tokenKey);
+
+        $res = new \OCP\AppFramework\Http\Response();
+        $res->setStatus(\OCP\AppFramework\Http::STATUS_NO_CONTENT);
+        return $res;
+    }
+}
+?>
diff --git a/lib/tokenstorage.php b/lib/tokenstorage.php
index cdbce11..92736cc 100644
--- a/lib/tokenstorage.php
+++ b/lib/tokenstorage.php
@@ -26,6 +26,25 @@ namespace OCA\Grauphel\Lib;
  */
 class TokenStorage
 {
+    /**
+     * Delete token
+     *
+     * @param string $type     Token type: temp, access, verify
+     * @param string $tokenKey Random token string to load
+     *
+     * @return void
+     *
+     * @throws OAuthException When token does not exist
+     */
+    public function delete($type, $tokenKey)
+    {
+        \OC_DB::executeAudited(
+            'DELETE FROM `*PREFIX*grauphel_oauth_tokens`'
+            . ' WHERE `token_key` = ? AND `token_type` = ?',
+            array($tokenKey, $type)
+        );
+    }
+
     /**
      * Store the given token
      *
@@ -66,11 +85,7 @@ class TokenStorage
     {
         try {
             $token = $this->load($type, $tokenKey);
-            \OC_DB::executeAudited(
-                'DELETE FROM `*PREFIX*grauphel_oauth_tokens`'
-                . ' WHERE `token_key` = ? AND `token_type` = ?',
-                array($tokenKey, $type)
-            );
+            $this->delete($type, $tokenKey);
             return $token;
         } catch (OAuthException $e) {
             throw $e;
-- 
2.30.2