Merge pull request #874 from nextcloud/fix/refactor-credential-mapper

fix: refactor credential mapper

Author: st3iny

lib/Db/PublicKeyCredentialEntityMapper.php

@@ -15,7 +15,6 @@
 use OCP\DB\Exception;
 use OCP\DB\QueryBuilder\IQueryBuilder;
 use OCP\IDBConnection;
-use OCP\IUser;
 
 /**
  * @template-extends QBMapper<PublicKeyCredentialEntity>
@@ -104,17 +103,21 @@ public function findById(int $id, string $userId): ?PublicKeyCredentialEntity {
 		}
 	}
 
-	/**
-	 * @param IUser $user
-	 * @param int $id
-	 */
-	public function findPublicKeyCredential($publicKeyCredentialId): ?PublicKeyCredentialEntity {
-		/* @var $qb IQueryBuilder */
+	public function findPublicKeyCredential(string $publicKeyCredentialId, string $userId): ?PublicKeyCredentialEntity {
 		$qb = $this->db->getQueryBuilder();
 
 		$qb->select('id', 'name', 'public_key_credential_id', 'type', 'transports', 'attestation_type', 'trust_path', 'aaguid', 'credential_public_key', 'user_handle', 'counter', 'active', 'created_at')
 			->from('twofactor_webauthn_regs')
-			->where($qb->expr()->eq('public_key_credential_id', $qb->createNamedParameter($publicKeyCredentialId)));
+			->where($qb->expr()->eq(
+				'public_key_credential_id',
+				$qb->createNamedParameter($publicKeyCredentialId, IQueryBuilder::PARAM_STR),
+				IQueryBuilder::PARAM_STR,
+			))
+			->andWhere($qb->expr()->eq(
+				'user_handle',
+				$qb->createNamedParameter($userId, IQueryBuilder::PARAM_STR),
+				IQueryBuilder::PARAM_STR,
+			));
 		try {
 			return $this->findEntity($qb);
 		} catch (\Exception $exception) {
@@ -136,7 +139,7 @@ public function findPublicKeyCredentials(string $uid): array {
 	}
 
 	public function insertOrUpdate(Entity $entity): Entity {
-		$publicKeyCredentialEntity = $this->findPublicKeyCredential($entity->getPublicKeyCredentialId());
+		$publicKeyCredentialEntity = $this->findPublicKeyCredential($entity->getPublicKeyCredentialId(), $entity->getUserHandle());
 		if ($publicKeyCredentialEntity !== null) {
 			$entity->setId($publicKeyCredentialEntity->getId());
 			return parent::update($entity);

lib/Repository/WebauthnPublicKeyCredentialSourceRepository.php

@@ -28,13 +28,17 @@ class WebauthnPublicKeyCredentialSourceRepository implements PublicKeyCredential
 	/** @var ITimeFactory */
 	private $time;
 
+	private ?string $userId;
+
 	/**
 	 * @param PublicKeyCredentialEntityMapper $publicKeyCredentialEntityMapper
 	 */
 	public function __construct(PublicKeyCredentialEntityMapper $publicKeyCredentialEntityMapper,
-		ITimeFactory $time) {
+		ITimeFactory $time,
+		?string $userId) {
 		$this->publicKeyCredentialEntityMapper = $publicKeyCredentialEntityMapper;
 		$this->time = $time;
+		$this->userId = $userId;
 	}
 
 	public function has(string $credentialId): bool {
@@ -58,7 +62,11 @@ public function updateCounterFor(string $credentialId, int $newCounter): void {
 	}
 
 	public function findOneByCredentialId(string $publicKeyCredentialId): ?PublicKeyCredentialSource {
-		$entity = $this->publicKeyCredentialEntityMapper->findPublicKeyCredential(base64_encode($publicKeyCredentialId));
+		if ($this->userId === null) {
+			return null;
+		}
+
+		$entity = $this->publicKeyCredentialEntityMapper->findPublicKeyCredential(base64_encode($publicKeyCredentialId), $this->userId);
 		return $entity === null ? null : $entity->toPublicKeyCredentialSource();
 	}
 
@@ -88,7 +96,7 @@ private function getName(PublicKeyCredentialSource $publicKeyCredentialSource, ?
 			return $name;
 		}
 
-		$entity = $this->publicKeyCredentialEntityMapper->findPublicKeyCredential(base64_encode($publicKeyCredentialSource->getPublicKeyCredentialId()));
+		$entity = $this->publicKeyCredentialEntityMapper->findPublicKeyCredential(base64_encode($publicKeyCredentialSource->publicKeyCredentialId), $publicKeyCredentialSource->userHandle);
 		return $entity === null ? 'default' : $entity->getName();
 	}
 }