nextcloud/apps/dav/lib/connector/sabre/auth.php

176 lines
5.5 KiB
PHP
Raw Normal View History

2011-07-20 18:36:36 +04:00
<?php
/**
2015-03-26 13:44:34 +03:00
* @author Arthur Schiwon <blizzz@owncloud.com>
* @author Bart Visscher <bartv@thisnet.nl>
* @author Jakob Sack <mail@jakobsack.de>
* @author Lukas Reschke <lukas@owncloud.com>
* @author Markus Goetz <markus@woboq.com>
* @author Michael Gapczynski <GapczynskiM@gmail.com>
* @author Morris Jobke <hey@morrisjobke.de>
2016-01-12 17:02:16 +03:00
* @author Roeland Jago Douma <rullzer@owncloud.com>
2015-03-26 13:44:34 +03:00
* @author Thomas Müller <thomas.mueller@tmit.eu>
* @author Vincent Petry <pvince81@owncloud.com>
*
2016-01-12 17:02:16 +03:00
* @copyright Copyright (c) 2016, ownCloud, Inc.
2015-03-26 13:44:34 +03:00
* @license AGPL-3.0
*
2015-03-26 13:44:34 +03:00
* This code is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License, version 3,
* as published by the Free Software Foundation.
*
2015-03-26 13:44:34 +03:00
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
2015-03-26 13:44:34 +03:00
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
2015-03-26 13:44:34 +03:00
* You should have received a copy of the GNU Affero General Public License, version 3,
* along with this program. If not, see <http://www.gnu.org/licenses/>
*
*/
namespace OCA\DAV\Connector\Sabre;
use Exception;
use OCP\ISession;
use OCP\IUserSession;
use Sabre\DAV\Auth\Backend\AbstractBasic;
use Sabre\DAV\Exception\NotAuthenticated;
use Sabre\DAV\Exception\ServiceUnavailable;
2015-11-20 15:35:23 +03:00
use Sabre\HTTP\RequestInterface;
use Sabre\HTTP\ResponseInterface;
class Auth extends AbstractBasic {
const DAV_AUTHENTICATED = 'AUTHENTICATED_TO_DAV_BACKEND';
/** @var ISession */
private $session;
/** @var IUserSession */
private $userSession;
/**
* @param ISession $session
* @param IUserSession $userSession
*/
public function __construct(ISession $session,
IUserSession $userSession) {
$this->session = $session;
$this->userSession = $userSession;
$this->principalPrefix = 'principals/users/';
}
/**
* Whether the user has initially authenticated via DAV
*
* This is required for WebDAV clients that resent the cookies even when the
* account was changed.
*
* @see https://github.com/owncloud/core/issues/13245
*
* @param string $username
* @return bool
*/
2015-11-10 09:54:35 +03:00
public function isDavAuthenticated($username) {
return !is_null($this->session->get(self::DAV_AUTHENTICATED)) &&
$this->session->get(self::DAV_AUTHENTICATED) === $username;
}
2011-07-20 18:36:36 +04:00
/**
* Validates a username and password
*
* This method should return true or false depending on if login
* succeeded.
*
* @param string $username
* @param string $password
2011-07-20 18:36:36 +04:00
* @return bool
*/
2012-09-07 17:22:01 +04:00
protected function validateUserPass($username, $password) {
if ($this->userSession->isLoggedIn() &&
$this->isDavAuthenticated($this->userSession->getUser()->getUID())
) {
\OC_Util::setupFS($this->userSession->getUser()->getUID());
$this->session->close();
2011-07-20 18:36:36 +04:00
return true;
} else {
\OC_Util::setUpFS(); //login hooks may need early access to the filesystem
if($this->userSession->login($username, $password)) {
\OC_Util::setUpFS($this->userSession->getUser()->getUID());
$this->session->set(self::DAV_AUTHENTICATED, $this->userSession->getUser()->getUID());
$this->session->close();
return true;
} else {
$this->session->close();
return false;
}
2011-07-20 18:36:36 +04:00
}
}
/**
* Returns information about the currently logged in username.
*
* If nobody is currently logged in, this method should return null.
*
* @return string|null
*/
public function getCurrentUser() {
$user = $this->userSession->getUser() ? $this->userSession->getUser()->getUID() : null;
if($user !== null && $this->isDavAuthenticated($user)) {
return $user;
}
if($user !== null && is_null($this->session->get(self::DAV_AUTHENTICATED))) {
return $user;
}
return null;
}
/**
2015-11-20 15:35:23 +03:00
* @param RequestInterface $request
* @param ResponseInterface $response
* @return array
* @throws NotAuthenticated
2015-11-20 15:35:23 +03:00
* @throws ServiceUnavailable
*/
2015-11-20 15:35:23 +03:00
function check(RequestInterface $request, ResponseInterface $response) {
try {
2015-11-20 15:35:23 +03:00
$result = $this->auth($request, $response);
return $result;
} catch (NotAuthenticated $e) {
throw $e;
} catch (Exception $e) {
$class = get_class($e);
$msg = $e->getMessage();
throw new ServiceUnavailable("$class: $msg");
}
}
/**
2015-11-20 15:35:23 +03:00
* @param RequestInterface $request
* @param ResponseInterface $response
* @return array
*/
2015-11-20 15:35:23 +03:00
private function auth(RequestInterface $request, ResponseInterface $response) {
if (\OC_User::handleApacheAuth() ||
2016-01-06 22:48:33 +03:00
//Fix for broken webdav clients
($this->userSession->isLoggedIn() && is_null($this->session->get(self::DAV_AUTHENTICATED))) ||
//Well behaved clients that only send the cookie are allowed
($this->userSession->isLoggedIn() && $this->session->get(self::DAV_AUTHENTICATED) === $this->userSession->getUser()->getUID() && $request->getHeader('Authorization') === null)
) {
$user = $this->userSession->getUser()->getUID();
\OC_Util::setupFS($user);
$this->currentUser = $user;
$this->session->close();
2015-11-20 15:35:23 +03:00
return [true, $this->principalPrefix . $user];
}
if (!$this->userSession->isLoggedIn() && in_array('XMLHttpRequest', explode(',', $request->getHeader('X-Requested-With')))) {
// do not re-authenticate over ajax, use dummy auth name to prevent browser popup
2015-11-20 15:35:23 +03:00
$response->addHeader('WWW-Authenticate','DummyBasic realm="' . $this->realm . '"');
$response->setStatus(401);
throw new \Sabre\DAV\Exception\NotAuthenticated('Cannot authenticate over ajax calls');
}
2015-11-20 15:35:23 +03:00
return parent::check($request, $response);
}
2012-08-29 10:38:33 +04:00
}