feat: add tokens in the webhook call data

Signed-off-by: Jana Peper <[email protected]>

Author: janepie

apps/webhook_listeners/lib/BackgroundJobs/WebhookCall.php

@@ -42,6 +42,9 @@ protected function run($argument): void {
 		[$data, $webhookId] = $argument;
 		$webhookListener = $this->mapper->getById($webhookId);
 		$client = $this->clientService->newClient();
+
+		// adding temporary auth tokens to the call
+		$data["tokens"] = $this->getTokens($webhookListener, $data["user"]["uid"]);
 		$options = [
 			'verify' => $this->certificateManager->getAbsoluteBundlePath(),
 			'headers' => $webhookListener->getHeaders() ?? [],
@@ -92,4 +95,31 @@ protected function run($argument): void {
 			$this->logger->error('Webhook(' . $webhookId . ') call failed: ' . $e->getMessage(), ['exception' => $e]);
 		}
 	}
+
+	private function getTokens($webhookListener, $triggerUserId): array {
+		$tokens = [];
+		$tokenNeeded = $webhookListener->getTokenNeeded();
+		if(isset($tokenNeeded["users"])){
+			foreach ($tokenNeeded["users"] as $userId) {
+				$tokens["users"][$userId] = $webhookListener->createTemporaryToken($userId);
+			}
+		}
+		if(isset($tokenNeeded["users"])){
+			foreach ($tokenNeeded["functions"] as $function) {
+				switch ($function) {
+					case "owner":
+						// token for the person who created the flow
+						$functionId = $webhookListener->getUserId();
+						$tokens["functions"]["owner"][$functionId] = $webhookListener->createTemporaryToken($functionId);
+						break;
+					case "trigger":
+						// token for the person who triggered the webhook
+						$tokens["functions"]["trigger"][$triggerUserId] = $webhookListener->createTemporaryToken($triggerUserId);
+						break;
+				}
+			}
+		}
+		
+		return $tokens;
+	}
 }

apps/webhook_listeners/lib/Controller/WebhooksController.php

@@ -112,7 +112,9 @@ public function show(int $id): DataResponse {
 	 * @param ?array<string,string> $headers Array of headers to send
 	 * @param "none"|"header"|null $authMethod Authentication method to use
 	 * @param ?array<string,mixed> $authData Array of data for authentication
-	 * @param ?array<string,mixed> $tokenNeeded List of user ids for which to include auth tokens in the event
+	 * @param ?array<string,mixed> $tokenNeeded List of user ids for which to include auth tokens in the event. 
+	 * 											Has to fields: "users" lists uids of users for which tokens are needed, "functions" lists functions for which tokens can be included. 
+	 * 											Possible functions: "owner" for the user creating the webhook, "trigger" for the user triggering the webhook call
 	 *
 	 * @return DataResponse<Http::STATUS_OK, WebhookListenersWebhookInfo, array{}>
 	 *
@@ -183,7 +185,9 @@ public function create(
 	 * @param ?array<string,string> $headers Array of headers to send
 	 * @param "none"|"header"|null $authMethod Authentication method to use
 	 * @param ?array<string,mixed> $authData Array of data for authentication
-	 * @param ?array<string,mixed> $tokenNeeded List of user ids for which to include auth tokens in the event
+	 * @param ?array<string,mixed> $tokenNeeded List of user ids for which to include auth tokens in the event. 
+	 * 											Has to fields: "users" lists uids of users for which tokens are needed, "functions" lists functions for which tokens can be included. 
+	 * 											Possible functions: "owner" for the user creating the webhook, "trigger" for the user triggering the webhook call
 	 *
 	 * @return DataResponse<Http::STATUS_OK, WebhookListenersWebhookInfo, array{}>
 	 *

apps/webhook_listeners/lib/Db/WebhookListener.php

@@ -9,8 +9,11 @@
 
 namespace OCA\WebhookListeners\Db;
 
+use OC\Authentication\Token\IProvider;
 use OCP\AppFramework\Db\Entity;
+use OCP\Authentication\Token\IToken;
 use OCP\Security\ICrypto;
+use OCP\Security\ISecureRandom;
 use OCP\Server;
 
 /**
@@ -23,6 +26,7 @@
  * @method ?string getAuthData()
  * @method void setAuthData(?string $data)
  * @method string getAuthMethod()
+ * @method ?array getTokenNeeded()
  * @psalm-suppress PropertyNotSetInConstructor
  */
 class WebhookListener extends Entity implements \JsonSerializable {
@@ -92,13 +96,24 @@ class WebhookListener extends Entity implements \JsonSerializable {
 
 	private ICrypto $crypto;
 
+	private IProvider $tokenProvider;
 	public function __construct(
 		?ICrypto $crypto = null,
+		?IProvider $tokenProvider = null,
+		private ?ISecureRandom $random = null,
 	) {
 		if ($crypto === null) {
 			$crypto = Server::get(ICrypto::class);
 		}
 		$this->crypto = $crypto;
+		if ($tokenProvider === null) {
+			$tokenProvider = Server::get(IProvider::class);
+		}
+		$this->tokenProvider = $tokenProvider;
+		if ($random === null) {
+			$random = Server::get(ISecureRandom::class);
+		}
+		$this->random = $random;
 		$this->addType('appId', 'string');
 		$this->addType('userId', 'string');
 		$this->addType('httpMethod', 'string');
@@ -152,4 +167,21 @@ public function jsonSerialize(): array {
 	public function getAppId(): ?string {
 		return $this->appId;
 	}
+
+
+	public function createTemporaryToken($userId) {
+		$token = $this->generateRandomDeviceToken();
+		$name = 'Authentication for Webhook';
+		$password = null;
+		$deviceToken = $this->tokenProvider->generateToken($token, $userId, $userId, $password, $name, IToken::PERMANENT_TOKEN);
+		return $token;
+	}
+
+	private function generateRandomDeviceToken() {
+		$groups = [];
+		for ($i = 0; $i < 5; $i++) {
+			$groups[] = $this->random->generate(5, ISecureRandom::CHAR_HUMAN_READABLE);
+		}
+		return implode('-', $groups);
+	}
 }