2011-07-20 18:36:36 +04:00
|
|
|
<?php
|
2015-02-26 13:37:37 +03:00
|
|
|
/**
|
2015-03-26 13:44:34 +03:00
|
|
|
* @author Arthur Schiwon <blizzz@owncloud.com>
|
|
|
|
* @author Bart Visscher <bartv@thisnet.nl>
|
|
|
|
* @author Christian Seiler <christian@iwakd.de>
|
|
|
|
* @author Jakob Sack <mail@jakobsack.de>
|
|
|
|
* @author Lukas Reschke <lukas@owncloud.com>
|
|
|
|
* @author Markus Goetz <markus@woboq.com>
|
|
|
|
* @author Michael Gapczynski <GapczynskiM@gmail.com>
|
|
|
|
* @author Morris Jobke <hey@morrisjobke.de>
|
|
|
|
* @author Thomas Müller <thomas.mueller@tmit.eu>
|
|
|
|
* @author Vincent Petry <pvince81@owncloud.com>
|
2015-02-26 13:37:37 +03:00
|
|
|
*
|
2015-03-26 13:44:34 +03:00
|
|
|
* @copyright Copyright (c) 2015, ownCloud, Inc.
|
|
|
|
* @license AGPL-3.0
|
2015-02-26 13:37:37 +03:00
|
|
|
*
|
2015-03-26 13:44:34 +03:00
|
|
|
* This code is free software: you can redistribute it and/or modify
|
|
|
|
* it under the terms of the GNU Affero General Public License, version 3,
|
|
|
|
* as published by the Free Software Foundation.
|
2015-02-26 13:37:37 +03:00
|
|
|
*
|
2015-03-26 13:44:34 +03:00
|
|
|
* This program is distributed in the hope that it will be useful,
|
2015-02-26 13:37:37 +03:00
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
2015-03-26 13:44:34 +03:00
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU Affero General Public License for more details.
|
2015-02-26 13:37:37 +03:00
|
|
|
*
|
2015-03-26 13:44:34 +03:00
|
|
|
* You should have received a copy of the GNU Affero General Public License, version 3,
|
|
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>
|
2015-02-26 13:37:37 +03:00
|
|
|
*
|
|
|
|
*/
|
2015-08-30 20:13:01 +03:00
|
|
|
namespace OCA\DAV\Connector\Sabre;
|
2015-02-12 14:29:01 +03:00
|
|
|
|
2015-06-29 13:04:41 +03:00
|
|
|
use Exception;
|
2015-10-23 18:26:54 +03:00
|
|
|
use OCP\ISession;
|
|
|
|
use OCP\IUserSession;
|
2015-06-29 13:04:41 +03:00
|
|
|
use Sabre\DAV\Auth\Backend\AbstractBasic;
|
|
|
|
use Sabre\DAV\Exception\NotAuthenticated;
|
|
|
|
use Sabre\DAV\Exception\ServiceUnavailable;
|
|
|
|
|
|
|
|
class Auth extends AbstractBasic {
|
2015-01-16 16:31:02 +03:00
|
|
|
const DAV_AUTHENTICATED = 'AUTHENTICATED_TO_DAV_BACKEND';
|
|
|
|
|
2015-10-23 18:26:54 +03:00
|
|
|
/** @var ISession */
|
|
|
|
private $session;
|
|
|
|
/** @var IUserSession */
|
|
|
|
private $userSession;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @param ISession $session
|
|
|
|
* @param IUserSession $userSession
|
|
|
|
*/
|
|
|
|
public function __construct(ISession $session,
|
|
|
|
IUserSession $userSession) {
|
|
|
|
$this->session = $session;
|
|
|
|
$this->userSession = $userSession;
|
|
|
|
}
|
|
|
|
|
2015-01-16 16:31:02 +03:00
|
|
|
/**
|
|
|
|
* Whether the user has initially authenticated via DAV
|
|
|
|
*
|
|
|
|
* This is required for WebDAV clients that resent the cookies even when the
|
|
|
|
* account was changed.
|
|
|
|
*
|
|
|
|
* @see https://github.com/owncloud/core/issues/13245
|
|
|
|
*
|
|
|
|
* @param string $username
|
|
|
|
* @return bool
|
|
|
|
*/
|
|
|
|
protected function isDavAuthenticated($username) {
|
2015-10-23 18:26:54 +03:00
|
|
|
return !is_null($this->session->get(self::DAV_AUTHENTICATED)) &&
|
|
|
|
$this->session->get(self::DAV_AUTHENTICATED) === $username;
|
2015-01-16 16:31:02 +03:00
|
|
|
}
|
|
|
|
|
2011-07-20 18:36:36 +04:00
|
|
|
/**
|
|
|
|
* Validates a username and password
|
|
|
|
*
|
|
|
|
* This method should return true or false depending on if login
|
|
|
|
* succeeded.
|
|
|
|
*
|
2015-01-16 16:31:02 +03:00
|
|
|
* @param string $username
|
|
|
|
* @param string $password
|
2011-07-20 18:36:36 +04:00
|
|
|
* @return bool
|
|
|
|
*/
|
2012-09-07 17:22:01 +04:00
|
|
|
protected function validateUserPass($username, $password) {
|
2015-10-23 18:26:54 +03:00
|
|
|
if ($this->userSession->isLoggedIn() &&
|
|
|
|
$this->isDavAuthenticated($this->userSession->getUser()->getUID())
|
2015-01-16 16:31:02 +03:00
|
|
|
) {
|
2015-10-23 18:26:54 +03:00
|
|
|
\OC_Util::setupFS($this->userSession->getUser()->getUID());
|
|
|
|
$this->session->close();
|
2011-07-20 18:36:36 +04:00
|
|
|
return true;
|
2012-07-15 23:17:27 +04:00
|
|
|
} else {
|
2015-02-12 14:29:01 +03:00
|
|
|
\OC_Util::setUpFS(); //login hooks may need early access to the filesystem
|
2015-10-23 18:26:54 +03:00
|
|
|
if($this->userSession->login($username, $password)) {
|
|
|
|
\OC_Util::setUpFS($this->userSession->getUser()->getUID());
|
|
|
|
$this->session->set(self::DAV_AUTHENTICATED, $this->userSession->getUser()->getUID());
|
|
|
|
$this->session->close();
|
2012-07-15 23:17:27 +04:00
|
|
|
return true;
|
2015-01-16 16:31:02 +03:00
|
|
|
} else {
|
2015-10-23 18:26:54 +03:00
|
|
|
$this->session->close();
|
2012-07-15 23:17:27 +04:00
|
|
|
return false;
|
|
|
|
}
|
2011-07-20 18:36:36 +04:00
|
|
|
}
|
|
|
|
}
|
2012-12-13 04:30:34 +04:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Returns information about the currently logged in username.
|
|
|
|
*
|
|
|
|
* If nobody is currently logged in, this method should return null.
|
|
|
|
*
|
|
|
|
* @return string|null
|
|
|
|
*/
|
|
|
|
public function getCurrentUser() {
|
2015-10-23 18:26:54 +03:00
|
|
|
$user = $this->userSession->getUser() ? $this->userSession->getUser()->getUID() : null;
|
|
|
|
if($user !== null && $this->isDavAuthenticated($user)) {
|
2015-01-16 16:31:02 +03:00
|
|
|
return $user;
|
2012-12-13 04:30:34 +04:00
|
|
|
}
|
2015-10-23 18:26:54 +03:00
|
|
|
|
|
|
|
if($user !== null && is_null($this->session->get(self::DAV_AUTHENTICATED))) {
|
|
|
|
return $user;
|
|
|
|
}
|
|
|
|
|
2015-01-16 16:31:02 +03:00
|
|
|
return null;
|
2012-12-13 04:30:34 +04:00
|
|
|
}
|
2013-07-12 15:42:01 +04:00
|
|
|
|
|
|
|
/**
|
2015-06-29 13:04:41 +03:00
|
|
|
* Override function here. We want to cache authentication cookies
|
|
|
|
* in the syncing client to avoid HTTP-401 roundtrips.
|
|
|
|
* If the sync client supplies the cookies, then OC_User::isLoggedIn()
|
|
|
|
* will return true and we can see this WebDAV request as already authenticated,
|
|
|
|
* even if there are no HTTP Basic Auth headers.
|
|
|
|
* In other case, just fallback to the parent implementation.
|
|
|
|
*
|
2015-06-30 16:07:48 +03:00
|
|
|
* @param \Sabre\DAV\Server $server
|
2015-06-29 13:04:41 +03:00
|
|
|
* @param string $realm
|
|
|
|
* @return bool
|
|
|
|
* @throws ServiceUnavailable
|
2015-10-23 18:26:54 +03:00
|
|
|
* @throws NotAuthenticated
|
2015-06-29 13:04:41 +03:00
|
|
|
*/
|
2015-06-30 16:07:48 +03:00
|
|
|
public function authenticate(\Sabre\DAV\Server $server, $realm) {
|
2015-06-29 13:04:41 +03:00
|
|
|
try {
|
|
|
|
$result = $this->auth($server, $realm);
|
|
|
|
return $result;
|
|
|
|
} catch (NotAuthenticated $e) {
|
|
|
|
throw $e;
|
|
|
|
} catch (Exception $e) {
|
|
|
|
$class = get_class($e);
|
|
|
|
$msg = $e->getMessage();
|
|
|
|
throw new ServiceUnavailable("$class: $msg");
|
|
|
|
}
|
2014-03-10 17:40:36 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2015-06-30 16:07:48 +03:00
|
|
|
* @param \Sabre\DAV\Server $server
|
2014-03-10 17:40:36 +04:00
|
|
|
* @param $realm
|
|
|
|
* @return bool
|
|
|
|
*/
|
2015-06-30 16:07:48 +03:00
|
|
|
private function auth(\Sabre\DAV\Server $server, $realm) {
|
2015-02-12 14:29:01 +03:00
|
|
|
if (\OC_User::handleApacheAuth() ||
|
2015-10-23 18:26:54 +03:00
|
|
|
($this->userSession->isLoggedIn() && is_null($this->session->get(self::DAV_AUTHENTICATED)))
|
2015-01-20 11:53:03 +03:00
|
|
|
) {
|
2015-10-23 18:26:54 +03:00
|
|
|
$user = $this->userSession->getUser()->getUID();
|
2015-02-12 14:29:01 +03:00
|
|
|
\OC_Util::setupFS($user);
|
2013-07-12 15:42:01 +04:00
|
|
|
$this->currentUser = $user;
|
2015-10-23 18:26:54 +03:00
|
|
|
$this->session->close();
|
2013-10-14 16:51:25 +04:00
|
|
|
return true;
|
2013-07-12 15:42:01 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
return parent::authenticate($server, $realm);
|
2014-03-10 17:40:36 +04:00
|
|
|
}
|
2012-08-29 10:38:33 +04:00
|
|
|
}
|