2014-10-31 13:41:07 +03:00
|
|
|
<?php
|
|
|
|
/**
|
2015-10-06 10:52:19 +03:00
|
|
|
* @author Robin McCorkell <rmccorkell@karoshi.org.uk>
|
2015-03-26 13:44:34 +03:00
|
|
|
* @author Vincent Petry <pvince81@owncloud.com>
|
|
|
|
*
|
|
|
|
* @copyright Copyright (c) 2015, ownCloud, Inc.
|
|
|
|
* @license AGPL-3.0
|
|
|
|
*
|
|
|
|
* This code is free software: you can redistribute it and/or modify
|
|
|
|
* it under the terms of the GNU Affero General Public License, version 3,
|
|
|
|
* as published by the Free Software Foundation.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU Affero General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU Affero General Public License, version 3,
|
|
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>
|
|
|
|
*
|
2014-10-31 13:41:07 +03:00
|
|
|
*/
|
|
|
|
|
|
|
|
namespace OCA\Files_external\Lib;
|
|
|
|
|
2015-08-11 20:45:07 +03:00
|
|
|
use \OCA\Files_External\Lib\Backend\Backend;
|
Authentication mechanisms for external storage backends
A backend can now specify generic authentication schemes that it
supports, instead of specifying the parameters for its authentication
method directly. This allows multiple authentication mechanisms to be
implemented for a single scheme, providing altered functionality.
This commit introduces the backend framework for this feature, and so at
this point the UI will be broken as the frontend does not specify the
required information.
Terminology:
- authentication scheme
Parameter interface for the authentication method. A backend
supporting the 'password' scheme accepts two parameters, 'user' and
'password'.
- authentication mechanism
Specific mechanism implementing a scheme. Basic mechanisms may
forward configuration options directly to the backend, more advanced
ones may lookup parameters or retrieve them from the session
New dropdown selector for external storage configurations to select the
authentication mechanism to be used.
Authentication mechanisms can have visibilities, just like backends.
The API was extended too to make it easier to add/remove visibilities.
In addition, the concept of 'allowed visibility' has been introduced, so
a backend/auth mechanism can force a maximum visibility level (e.g.
Local storage type) that cannot be overridden by configuration in the
web UI.
An authentication mechanism is a fully instantiated implementation. This
allows an implementation to have dependencies injected into it, e.g. an
\OCP\IDB for database operations.
When a StorageConfig is being prepared for mounting, the authentication
mechanism implementation has manipulateStorage() called,
which inserts the relevant authentication method options into the
storage ready for mounting.
2015-08-12 12:54:03 +03:00
|
|
|
use \OCA\Files_External\Lib\Auth\AuthMechanism;
|
2015-08-11 20:45:07 +03:00
|
|
|
|
2014-10-31 13:41:07 +03:00
|
|
|
/**
|
|
|
|
* External storage configuration
|
|
|
|
*/
|
|
|
|
class StorageConfig implements \JsonSerializable {
|
|
|
|
|
|
|
|
/**
|
2015-03-17 13:42:52 +03:00
|
|
|
* Storage config id
|
|
|
|
*
|
2014-10-31 13:41:07 +03:00
|
|
|
* @var int
|
|
|
|
*/
|
|
|
|
private $id;
|
|
|
|
|
|
|
|
/**
|
2015-08-11 20:45:07 +03:00
|
|
|
* Backend
|
2015-03-17 13:42:52 +03:00
|
|
|
*
|
2015-08-11 20:45:07 +03:00
|
|
|
* @var Backend
|
2014-10-31 13:41:07 +03:00
|
|
|
*/
|
2015-08-11 20:45:07 +03:00
|
|
|
private $backend;
|
2014-10-31 13:41:07 +03:00
|
|
|
|
Authentication mechanisms for external storage backends
A backend can now specify generic authentication schemes that it
supports, instead of specifying the parameters for its authentication
method directly. This allows multiple authentication mechanisms to be
implemented for a single scheme, providing altered functionality.
This commit introduces the backend framework for this feature, and so at
this point the UI will be broken as the frontend does not specify the
required information.
Terminology:
- authentication scheme
Parameter interface for the authentication method. A backend
supporting the 'password' scheme accepts two parameters, 'user' and
'password'.
- authentication mechanism
Specific mechanism implementing a scheme. Basic mechanisms may
forward configuration options directly to the backend, more advanced
ones may lookup parameters or retrieve them from the session
New dropdown selector for external storage configurations to select the
authentication mechanism to be used.
Authentication mechanisms can have visibilities, just like backends.
The API was extended too to make it easier to add/remove visibilities.
In addition, the concept of 'allowed visibility' has been introduced, so
a backend/auth mechanism can force a maximum visibility level (e.g.
Local storage type) that cannot be overridden by configuration in the
web UI.
An authentication mechanism is a fully instantiated implementation. This
allows an implementation to have dependencies injected into it, e.g. an
\OCP\IDB for database operations.
When a StorageConfig is being prepared for mounting, the authentication
mechanism implementation has manipulateStorage() called,
which inserts the relevant authentication method options into the
storage ready for mounting.
2015-08-12 12:54:03 +03:00
|
|
|
/**
|
|
|
|
* Authentication mechanism
|
|
|
|
*
|
|
|
|
* @var AuthMechanism
|
|
|
|
*/
|
|
|
|
private $authMechanism;
|
|
|
|
|
2014-10-31 13:41:07 +03:00
|
|
|
/**
|
2015-03-17 13:42:52 +03:00
|
|
|
* Backend options
|
|
|
|
*
|
2014-10-31 13:41:07 +03:00
|
|
|
* @var array
|
|
|
|
*/
|
|
|
|
private $backendOptions = [];
|
|
|
|
|
|
|
|
/**
|
2015-03-17 13:42:52 +03:00
|
|
|
* Mount point path, relative to the user's "files" folder
|
|
|
|
*
|
2014-10-31 13:41:07 +03:00
|
|
|
* @var string
|
|
|
|
*/
|
|
|
|
private $mountPoint;
|
|
|
|
|
|
|
|
/**
|
2015-03-17 13:42:52 +03:00
|
|
|
* Storage status
|
|
|
|
*
|
2014-10-31 13:41:07 +03:00
|
|
|
* @var int
|
|
|
|
*/
|
|
|
|
private $status;
|
|
|
|
|
2015-09-16 18:58:26 +03:00
|
|
|
/**
|
|
|
|
* Status message
|
|
|
|
*
|
|
|
|
* @var string
|
|
|
|
*/
|
|
|
|
private $statusMessage;
|
|
|
|
|
2014-10-31 13:41:07 +03:00
|
|
|
/**
|
2015-03-17 13:42:52 +03:00
|
|
|
* Priority
|
|
|
|
*
|
2014-10-31 13:41:07 +03:00
|
|
|
* @var int
|
|
|
|
*/
|
|
|
|
private $priority;
|
|
|
|
|
|
|
|
/**
|
2015-03-17 13:42:52 +03:00
|
|
|
* List of users who have access to this storage
|
|
|
|
*
|
2014-10-31 13:41:07 +03:00
|
|
|
* @var array
|
|
|
|
*/
|
|
|
|
private $applicableUsers = [];
|
|
|
|
|
|
|
|
/**
|
2015-03-17 13:42:52 +03:00
|
|
|
* List of groups that have access to this storage
|
|
|
|
*
|
2014-10-31 13:41:07 +03:00
|
|
|
* @var array
|
|
|
|
*/
|
|
|
|
private $applicableGroups = [];
|
|
|
|
|
2015-03-13 14:49:11 +03:00
|
|
|
/**
|
2015-03-17 13:42:52 +03:00
|
|
|
* Mount-specific options
|
|
|
|
*
|
2015-03-13 14:49:11 +03:00
|
|
|
* @var array
|
|
|
|
*/
|
|
|
|
private $mountOptions = [];
|
|
|
|
|
2014-10-31 13:41:07 +03:00
|
|
|
/**
|
2015-03-17 13:42:52 +03:00
|
|
|
* Creates a storage config
|
|
|
|
*
|
2014-10-31 13:41:07 +03:00
|
|
|
* @param int|null $id config id or null for a new config
|
|
|
|
*/
|
|
|
|
public function __construct($id = null) {
|
|
|
|
$this->id = $id;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Returns the configuration id
|
|
|
|
*
|
|
|
|
* @return int
|
|
|
|
*/
|
|
|
|
public function getId() {
|
|
|
|
return $this->id;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Sets the configuration id
|
|
|
|
*
|
2015-03-17 13:42:52 +03:00
|
|
|
* @param int $id configuration id
|
2014-10-31 13:41:07 +03:00
|
|
|
*/
|
|
|
|
public function setId($id) {
|
|
|
|
$this->id = $id;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Returns mount point path relative to the user's
|
|
|
|
* "files" folder.
|
|
|
|
*
|
|
|
|
* @return string path
|
|
|
|
*/
|
|
|
|
public function getMountPoint() {
|
|
|
|
return $this->mountPoint;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Sets mount point path relative to the user's
|
|
|
|
* "files" folder.
|
|
|
|
* The path will be normalized.
|
|
|
|
*
|
2015-03-17 13:42:52 +03:00
|
|
|
* @param string $mountPoint path
|
2014-10-31 13:41:07 +03:00
|
|
|
*/
|
|
|
|
public function setMountPoint($mountPoint) {
|
|
|
|
$this->mountPoint = \OC\Files\Filesystem::normalizePath($mountPoint);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2015-08-11 20:45:07 +03:00
|
|
|
* @return Backend
|
2014-10-31 13:41:07 +03:00
|
|
|
*/
|
2015-08-11 20:45:07 +03:00
|
|
|
public function getBackend() {
|
|
|
|
return $this->backend;
|
2014-10-31 13:41:07 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2015-08-11 20:45:07 +03:00
|
|
|
* @param Backend
|
2014-10-31 13:41:07 +03:00
|
|
|
*/
|
2015-08-11 20:45:07 +03:00
|
|
|
public function setBackend(Backend $backend) {
|
|
|
|
$this->backend= $backend;
|
2014-10-31 13:41:07 +03:00
|
|
|
}
|
|
|
|
|
Authentication mechanisms for external storage backends
A backend can now specify generic authentication schemes that it
supports, instead of specifying the parameters for its authentication
method directly. This allows multiple authentication mechanisms to be
implemented for a single scheme, providing altered functionality.
This commit introduces the backend framework for this feature, and so at
this point the UI will be broken as the frontend does not specify the
required information.
Terminology:
- authentication scheme
Parameter interface for the authentication method. A backend
supporting the 'password' scheme accepts two parameters, 'user' and
'password'.
- authentication mechanism
Specific mechanism implementing a scheme. Basic mechanisms may
forward configuration options directly to the backend, more advanced
ones may lookup parameters or retrieve them from the session
New dropdown selector for external storage configurations to select the
authentication mechanism to be used.
Authentication mechanisms can have visibilities, just like backends.
The API was extended too to make it easier to add/remove visibilities.
In addition, the concept of 'allowed visibility' has been introduced, so
a backend/auth mechanism can force a maximum visibility level (e.g.
Local storage type) that cannot be overridden by configuration in the
web UI.
An authentication mechanism is a fully instantiated implementation. This
allows an implementation to have dependencies injected into it, e.g. an
\OCP\IDB for database operations.
When a StorageConfig is being prepared for mounting, the authentication
mechanism implementation has manipulateStorage() called,
which inserts the relevant authentication method options into the
storage ready for mounting.
2015-08-12 12:54:03 +03:00
|
|
|
/**
|
|
|
|
* @return AuthMechanism
|
|
|
|
*/
|
|
|
|
public function getAuthMechanism() {
|
|
|
|
return $this->authMechanism;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @param AuthMechanism
|
|
|
|
*/
|
|
|
|
public function setAuthMechanism(AuthMechanism $authMechanism) {
|
|
|
|
$this->authMechanism = $authMechanism;
|
|
|
|
}
|
|
|
|
|
2014-10-31 13:41:07 +03:00
|
|
|
/**
|
|
|
|
* Returns the external storage backend-specific options
|
|
|
|
*
|
|
|
|
* @return array backend options
|
|
|
|
*/
|
|
|
|
public function getBackendOptions() {
|
|
|
|
return $this->backendOptions;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Sets the external storage backend-specific options
|
|
|
|
*
|
2015-03-17 13:42:52 +03:00
|
|
|
* @param array $backendOptions backend options
|
2014-10-31 13:41:07 +03:00
|
|
|
*/
|
|
|
|
public function setBackendOptions($backendOptions) {
|
|
|
|
$this->backendOptions = $backendOptions;
|
|
|
|
}
|
|
|
|
|
2015-08-11 20:45:07 +03:00
|
|
|
/**
|
|
|
|
* @param string $key
|
|
|
|
* @return mixed
|
|
|
|
*/
|
|
|
|
public function getBackendOption($key) {
|
|
|
|
if (isset($this->backendOptions[$key])) {
|
|
|
|
return $this->backendOptions[$key];
|
|
|
|
}
|
|
|
|
return null;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @param string $key
|
|
|
|
* @param mixed $value
|
|
|
|
*/
|
|
|
|
public function setBackendOption($key, $value) {
|
|
|
|
$this->backendOptions[$key] = $value;
|
|
|
|
}
|
|
|
|
|
2014-10-31 13:41:07 +03:00
|
|
|
/**
|
|
|
|
* Returns the mount priority
|
|
|
|
*
|
|
|
|
* @return int priority
|
|
|
|
*/
|
|
|
|
public function getPriority() {
|
|
|
|
return $this->priority;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Sets the mount priotity
|
|
|
|
*
|
2015-03-17 13:42:52 +03:00
|
|
|
* @param int $priority priority
|
2014-10-31 13:41:07 +03:00
|
|
|
*/
|
|
|
|
public function setPriority($priority) {
|
|
|
|
$this->priority = $priority;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Returns the users for which to mount this storage
|
|
|
|
*
|
|
|
|
* @return array applicable users
|
|
|
|
*/
|
|
|
|
public function getApplicableUsers() {
|
|
|
|
return $this->applicableUsers;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Sets the users for which to mount this storage
|
|
|
|
*
|
2015-03-17 13:42:52 +03:00
|
|
|
* @param array|null $applicableUsers applicable users
|
2014-10-31 13:41:07 +03:00
|
|
|
*/
|
|
|
|
public function setApplicableUsers($applicableUsers) {
|
|
|
|
if (is_null($applicableUsers)) {
|
|
|
|
$applicableUsers = [];
|
|
|
|
}
|
|
|
|
$this->applicableUsers = $applicableUsers;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Returns the groups for which to mount this storage
|
|
|
|
*
|
|
|
|
* @return array applicable groups
|
|
|
|
*/
|
|
|
|
public function getApplicableGroups() {
|
|
|
|
return $this->applicableGroups;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Sets the groups for which to mount this storage
|
|
|
|
*
|
2015-03-17 13:42:52 +03:00
|
|
|
* @param array|null $applicableGroups applicable groups
|
2014-10-31 13:41:07 +03:00
|
|
|
*/
|
|
|
|
public function setApplicableGroups($applicableGroups) {
|
|
|
|
if (is_null($applicableGroups)) {
|
|
|
|
$applicableGroups = [];
|
|
|
|
}
|
|
|
|
$this->applicableGroups = $applicableGroups;
|
|
|
|
}
|
|
|
|
|
2015-03-13 14:49:11 +03:00
|
|
|
/**
|
|
|
|
* Returns the mount-specific options
|
|
|
|
*
|
|
|
|
* @return array mount specific options
|
|
|
|
*/
|
|
|
|
public function getMountOptions() {
|
|
|
|
return $this->mountOptions;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Sets the mount-specific options
|
|
|
|
*
|
2015-03-17 13:42:52 +03:00
|
|
|
* @param array $mountOptions applicable groups
|
2015-03-13 14:49:11 +03:00
|
|
|
*/
|
|
|
|
public function setMountOptions($mountOptions) {
|
|
|
|
if (is_null($mountOptions)) {
|
|
|
|
$mountOptions = [];
|
|
|
|
}
|
|
|
|
$this->mountOptions = $mountOptions;
|
|
|
|
}
|
|
|
|
|
2014-10-31 13:41:07 +03:00
|
|
|
/**
|
2015-09-16 18:58:26 +03:00
|
|
|
* Gets the storage status, whether the config worked last time
|
2014-10-31 13:41:07 +03:00
|
|
|
*
|
|
|
|
* @return int $status status
|
|
|
|
*/
|
|
|
|
public function getStatus() {
|
|
|
|
return $this->status;
|
|
|
|
}
|
|
|
|
|
2015-09-16 18:58:26 +03:00
|
|
|
/**
|
|
|
|
* Gets the message describing the storage status
|
|
|
|
*
|
|
|
|
* @return string|null
|
|
|
|
*/
|
|
|
|
public function getStatusMessage() {
|
|
|
|
return $this->statusMessage;
|
|
|
|
}
|
|
|
|
|
2014-10-31 13:41:07 +03:00
|
|
|
/**
|
|
|
|
* Sets the storage status, whether the config worked last time
|
|
|
|
*
|
|
|
|
* @param int $status status
|
2015-09-16 18:58:26 +03:00
|
|
|
* @param string|null $message optional message
|
2014-10-31 13:41:07 +03:00
|
|
|
*/
|
2015-09-16 18:58:26 +03:00
|
|
|
public function setStatus($status, $message = null) {
|
2014-10-31 13:41:07 +03:00
|
|
|
$this->status = $status;
|
2015-09-16 18:58:26 +03:00
|
|
|
$this->statusMessage = $message;
|
2014-10-31 13:41:07 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Serialize config to JSON
|
|
|
|
*
|
|
|
|
* @return array
|
|
|
|
*/
|
|
|
|
public function jsonSerialize() {
|
|
|
|
$result = [];
|
|
|
|
if (!is_null($this->id)) {
|
|
|
|
$result['id'] = $this->id;
|
|
|
|
}
|
|
|
|
$result['mountPoint'] = $this->mountPoint;
|
2015-08-12 22:03:11 +03:00
|
|
|
$result['backend'] = $this->backend->getIdentifier();
|
|
|
|
$result['authMechanism'] = $this->authMechanism->getIdentifier();
|
2014-10-31 13:41:07 +03:00
|
|
|
$result['backendOptions'] = $this->backendOptions;
|
|
|
|
if (!is_null($this->priority)) {
|
|
|
|
$result['priority'] = $this->priority;
|
|
|
|
}
|
|
|
|
if (!empty($this->applicableUsers)) {
|
|
|
|
$result['applicableUsers'] = $this->applicableUsers;
|
|
|
|
}
|
|
|
|
if (!empty($this->applicableGroups)) {
|
|
|
|
$result['applicableGroups'] = $this->applicableGroups;
|
|
|
|
}
|
2015-03-13 14:49:11 +03:00
|
|
|
if (!empty($this->mountOptions)) {
|
|
|
|
$result['mountOptions'] = $this->mountOptions;
|
|
|
|
}
|
2014-10-31 13:41:07 +03:00
|
|
|
if (!is_null($this->status)) {
|
|
|
|
$result['status'] = $this->status;
|
|
|
|
}
|
2015-09-16 18:58:26 +03:00
|
|
|
if (!is_null($this->statusMessage)) {
|
|
|
|
$result['statusMessage'] = $this->statusMessage;
|
|
|
|
}
|
2014-10-31 13:41:07 +03:00
|
|
|
return $result;
|
|
|
|
}
|
|
|
|
}
|