2015-08-11 20:45:07 +03:00
|
|
|
<?php
|
|
|
|
|
/**
|
2016-07-21 17:49:16 +03:00
|
|
|
* @copyright Copyright (c) 2016, ownCloud, Inc.
|
|
|
|
|
*
|
2019-12-03 21:57:53 +03:00
|
|
|
* @author Arthur Schiwon <blizzz@arthur-schiwon.de>
|
2020-04-29 12:57:22 +03:00
|
|
|
* @author Christoph Wurst <christoph@winzerhof-wurst.at>
|
2016-01-12 17:02:16 +03:00
|
|
|
* @author Morris Jobke <hey@morrisjobke.de>
|
2019-12-19 15:16:31 +03:00
|
|
|
* @author Robin Appelman <robin@icewind.nl>
|
2016-01-12 17:02:16 +03:00
|
|
|
* @author Robin McCorkell <robin@mccorkell.me.uk>
|
2019-12-03 21:57:53 +03:00
|
|
|
* @author Roeland Jago Douma <roeland@famdouma.nl>
|
2015-08-11 20:45:07 +03:00
|
|
|
*
|
|
|
|
|
* @license AGPL-3.0
|
|
|
|
|
*
|
|
|
|
|
* This code is free software: you can redistribute it and/or modify
|
|
|
|
|
* it under the terms of the GNU Affero General Public License, version 3,
|
|
|
|
|
* as published by the Free Software Foundation.
|
|
|
|
|
*
|
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU Affero General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU Affero General Public License, version 3,
|
2019-12-03 21:57:53 +03:00
|
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>
|
2015-08-11 20:45:07 +03:00
|
|
|
*
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
namespace OCA\Files_External\Service;
|
|
|
|
|
|
2019-02-12 01:18:08 +03:00
|
|
|
use OCA\Files_External\Config\IConfigHandler;
|
2019-11-22 22:52:10 +03:00
|
|
|
use OCA\Files_External\Lib\Auth\AuthMechanism;
|
2015-08-11 20:45:07 +03:00
|
|
|
|
2019-11-22 22:52:10 +03:00
|
|
|
use OCA\Files_External\Lib\Backend\Backend;
|
|
|
|
|
use OCA\Files_External\Lib\Config\IAuthMechanismProvider;
|
|
|
|
|
use OCA\Files_External\Lib\Config\IBackendProvider;
|
2019-12-09 16:24:57 +03:00
|
|
|
use OCP\EventDispatcher\GenericEvent;
|
2019-11-22 22:52:10 +03:00
|
|
|
use OCP\IConfig;
|
2015-08-11 20:45:07 +03:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Service class to manage backend definitions
|
|
|
|
|
*/
|
|
|
|
|
class BackendService {
|
|
|
|
|
|
2015-09-17 12:24:19 +03:00
|
|
|
/** Visibility constants for VisibilityTrait */
|
2020-04-10 17:54:27 +03:00
|
|
|
public const VISIBILITY_NONE = 0;
|
|
|
|
|
public const VISIBILITY_PERSONAL = 1;
|
|
|
|
|
public const VISIBILITY_ADMIN = 2;
|
2015-09-17 12:24:19 +03:00
|
|
|
//const VISIBILITY_ALIENS = 4;
|
2015-08-11 20:45:07 +03:00
|
|
|
|
2020-04-10 17:54:27 +03:00
|
|
|
public const VISIBILITY_DEFAULT = 3; // PERSONAL | ADMIN
|
2015-08-11 20:45:07 +03:00
|
|
|
|
|
|
|
|
/** Priority constants for PriorityTrait */
|
2020-04-10 17:54:27 +03:00
|
|
|
public const PRIORITY_DEFAULT = 100;
|
2015-08-11 20:45:07 +03:00
|
|
|
|
|
|
|
|
/** @var IConfig */
|
|
|
|
|
protected $config;
|
|
|
|
|
|
|
|
|
|
/** @var bool */
|
|
|
|
|
private $userMountingAllowed = true;
|
|
|
|
|
|
|
|
|
|
/** @var string[] */
|
|
|
|
|
private $userMountingBackends = [];
|
|
|
|
|
|
|
|
|
|
/** @var Backend[] */
|
|
|
|
|
private $backends = [];
|
|
|
|
|
|
2016-05-11 21:29:10 +03:00
|
|
|
/** @var IBackendProvider[] */
|
|
|
|
|
private $backendProviders = [];
|
|
|
|
|
|
Authentication mechanisms for external storage backends
A backend can now specify generic authentication schemes that it
supports, instead of specifying the parameters for its authentication
method directly. This allows multiple authentication mechanisms to be
implemented for a single scheme, providing altered functionality.
This commit introduces the backend framework for this feature, and so at
this point the UI will be broken as the frontend does not specify the
required information.
Terminology:
- authentication scheme
Parameter interface for the authentication method. A backend
supporting the 'password' scheme accepts two parameters, 'user' and
'password'.
- authentication mechanism
Specific mechanism implementing a scheme. Basic mechanisms may
forward configuration options directly to the backend, more advanced
ones may lookup parameters or retrieve them from the session
New dropdown selector for external storage configurations to select the
authentication mechanism to be used.
Authentication mechanisms can have visibilities, just like backends.
The API was extended too to make it easier to add/remove visibilities.
In addition, the concept of 'allowed visibility' has been introduced, so
a backend/auth mechanism can force a maximum visibility level (e.g.
Local storage type) that cannot be overridden by configuration in the
web UI.
An authentication mechanism is a fully instantiated implementation. This
allows an implementation to have dependencies injected into it, e.g. an
\OCP\IDB for database operations.
When a StorageConfig is being prepared for mounting, the authentication
mechanism implementation has manipulateStorage() called,
which inserts the relevant authentication method options into the
storage ready for mounting.
2015-08-12 12:54:03 +03:00
|
|
|
/** @var AuthMechanism[] */
|
|
|
|
|
private $authMechanisms = [];
|
|
|
|
|
|
2016-05-11 21:29:10 +03:00
|
|
|
/** @var IAuthMechanismProvider[] */
|
|
|
|
|
private $authMechanismProviders = [];
|
|
|
|
|
|
2019-02-12 01:18:08 +03:00
|
|
|
/** @var callable[] */
|
|
|
|
|
private $configHandlerLoaders = [];
|
|
|
|
|
|
|
|
|
|
private $configHandlers = [];
|
|
|
|
|
|
2015-08-11 20:45:07 +03:00
|
|
|
/**
|
|
|
|
|
* @param IConfig $config
|
|
|
|
|
*/
|
|
|
|
|
public function __construct(
|
|
|
|
|
IConfig $config
|
|
|
|
|
) {
|
|
|
|
|
$this->config = $config;
|
|
|
|
|
|
|
|
|
|
// Load config values
|
|
|
|
|
if ($this->config->getAppValue('files_external', 'allow_user_mounting', 'yes') !== 'yes') {
|
|
|
|
|
$this->userMountingAllowed = false;
|
|
|
|
|
}
|
|
|
|
|
$this->userMountingBackends = explode(',',
|
|
|
|
|
$this->config->getAppValue('files_external', 'user_mounting_backends', '')
|
|
|
|
|
);
|
2015-11-04 17:47:03 +03:00
|
|
|
|
|
|
|
|
// if no backend is in the list an empty string is in the array and user mounting is disabled
|
|
|
|
|
if ($this->userMountingBackends === ['']) {
|
|
|
|
|
$this->userMountingAllowed = false;
|
|
|
|
|
}
|
2015-08-11 20:45:07 +03:00
|
|
|
}
|
|
|
|
|
|
2016-05-11 21:29:10 +03:00
|
|
|
/**
|
|
|
|
|
* Register a backend provider
|
|
|
|
|
*
|
|
|
|
|
* @since 9.1.0
|
|
|
|
|
* @param IBackendProvider $provider
|
|
|
|
|
*/
|
|
|
|
|
public function registerBackendProvider(IBackendProvider $provider) {
|
|
|
|
|
$this->backendProviders[] = $provider;
|
|
|
|
|
}
|
|
|
|
|
|
2019-08-02 14:17:55 +03:00
|
|
|
private function callForRegistrations() {
|
|
|
|
|
static $eventSent = false;
|
2020-04-10 15:19:56 +03:00
|
|
|
if (!$eventSent) {
|
2019-08-02 14:17:55 +03:00
|
|
|
\OC::$server->getEventDispatcher()->dispatch(
|
2019-12-09 16:24:57 +03:00
|
|
|
'OCA\\Files_External::loadAdditionalBackends',
|
|
|
|
|
new GenericEvent()
|
2019-08-02 14:17:55 +03:00
|
|
|
);
|
|
|
|
|
$eventSent = true;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-05-11 21:29:10 +03:00
|
|
|
private function loadBackendProviders() {
|
2019-08-02 14:17:55 +03:00
|
|
|
$this->callForRegistrations();
|
2016-05-11 21:29:10 +03:00
|
|
|
foreach ($this->backendProviders as $provider) {
|
|
|
|
|
$this->registerBackends($provider->getBackends());
|
|
|
|
|
}
|
|
|
|
|
$this->backendProviders = [];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Register an auth mechanism provider
|
|
|
|
|
*
|
|
|
|
|
* @since 9.1.0
|
|
|
|
|
* @param IAuthMechanismProvider $provider
|
|
|
|
|
*/
|
|
|
|
|
public function registerAuthMechanismProvider(IAuthMechanismProvider $provider) {
|
|
|
|
|
$this->authMechanismProviders[] = $provider;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private function loadAuthMechanismProviders() {
|
2019-08-02 14:17:55 +03:00
|
|
|
$this->callForRegistrations();
|
2016-05-11 21:29:10 +03:00
|
|
|
foreach ($this->authMechanismProviders as $provider) {
|
|
|
|
|
$this->registerAuthMechanisms($provider->getAuthMechanisms());
|
|
|
|
|
}
|
|
|
|
|
$this->authMechanismProviders = [];
|
|
|
|
|
}
|
|
|
|
|
|
2015-08-11 20:45:07 +03:00
|
|
|
/**
|
|
|
|
|
* Register a backend
|
|
|
|
|
*
|
2016-05-11 21:29:10 +03:00
|
|
|
* @deprecated 9.1.0 use registerBackendProvider()
|
2015-08-11 20:45:07 +03:00
|
|
|
* @param Backend $backend
|
|
|
|
|
*/
|
|
|
|
|
public function registerBackend(Backend $backend) {
|
|
|
|
|
if (!$this->isAllowedUserBackend($backend)) {
|
2015-09-17 12:24:19 +03:00
|
|
|
$backend->removeVisibility(BackendService::VISIBILITY_PERSONAL);
|
2015-08-11 20:45:07 +03:00
|
|
|
}
|
2015-08-12 22:03:11 +03:00
|
|
|
foreach ($backend->getIdentifierAliases() as $alias) {
|
|
|
|
|
$this->backends[$alias] = $backend;
|
|
|
|
|
}
|
2015-08-11 20:45:07 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
2016-05-11 21:29:10 +03:00
|
|
|
* @deprecated 9.1.0 use registerBackendProvider()
|
2015-08-11 20:45:07 +03:00
|
|
|
* @param Backend[] $backends
|
|
|
|
|
*/
|
|
|
|
|
public function registerBackends(array $backends) {
|
|
|
|
|
foreach ($backends as $backend) {
|
|
|
|
|
$this->registerBackend($backend);
|
|
|
|
|
}
|
|
|
|
|
}
|
Authentication mechanisms for external storage backends
A backend can now specify generic authentication schemes that it
supports, instead of specifying the parameters for its authentication
method directly. This allows multiple authentication mechanisms to be
implemented for a single scheme, providing altered functionality.
This commit introduces the backend framework for this feature, and so at
this point the UI will be broken as the frontend does not specify the
required information.
Terminology:
- authentication scheme
Parameter interface for the authentication method. A backend
supporting the 'password' scheme accepts two parameters, 'user' and
'password'.
- authentication mechanism
Specific mechanism implementing a scheme. Basic mechanisms may
forward configuration options directly to the backend, more advanced
ones may lookup parameters or retrieve them from the session
New dropdown selector for external storage configurations to select the
authentication mechanism to be used.
Authentication mechanisms can have visibilities, just like backends.
The API was extended too to make it easier to add/remove visibilities.
In addition, the concept of 'allowed visibility' has been introduced, so
a backend/auth mechanism can force a maximum visibility level (e.g.
Local storage type) that cannot be overridden by configuration in the
web UI.
An authentication mechanism is a fully instantiated implementation. This
allows an implementation to have dependencies injected into it, e.g. an
\OCP\IDB for database operations.
When a StorageConfig is being prepared for mounting, the authentication
mechanism implementation has manipulateStorage() called,
which inserts the relevant authentication method options into the
storage ready for mounting.
2015-08-12 12:54:03 +03:00
|
|
|
/**
|
|
|
|
|
* Register an authentication mechanism
|
|
|
|
|
*
|
2016-05-11 21:29:10 +03:00
|
|
|
* @deprecated 9.1.0 use registerAuthMechanismProvider()
|
Authentication mechanisms for external storage backends
A backend can now specify generic authentication schemes that it
supports, instead of specifying the parameters for its authentication
method directly. This allows multiple authentication mechanisms to be
implemented for a single scheme, providing altered functionality.
This commit introduces the backend framework for this feature, and so at
this point the UI will be broken as the frontend does not specify the
required information.
Terminology:
- authentication scheme
Parameter interface for the authentication method. A backend
supporting the 'password' scheme accepts two parameters, 'user' and
'password'.
- authentication mechanism
Specific mechanism implementing a scheme. Basic mechanisms may
forward configuration options directly to the backend, more advanced
ones may lookup parameters or retrieve them from the session
New dropdown selector for external storage configurations to select the
authentication mechanism to be used.
Authentication mechanisms can have visibilities, just like backends.
The API was extended too to make it easier to add/remove visibilities.
In addition, the concept of 'allowed visibility' has been introduced, so
a backend/auth mechanism can force a maximum visibility level (e.g.
Local storage type) that cannot be overridden by configuration in the
web UI.
An authentication mechanism is a fully instantiated implementation. This
allows an implementation to have dependencies injected into it, e.g. an
\OCP\IDB for database operations.
When a StorageConfig is being prepared for mounting, the authentication
mechanism implementation has manipulateStorage() called,
which inserts the relevant authentication method options into the
storage ready for mounting.
2015-08-12 12:54:03 +03:00
|
|
|
* @param AuthMechanism $authMech
|
|
|
|
|
*/
|
|
|
|
|
public function registerAuthMechanism(AuthMechanism $authMech) {
|
|
|
|
|
if (!$this->isAllowedAuthMechanism($authMech)) {
|
2015-09-17 12:24:19 +03:00
|
|
|
$authMech->removeVisibility(BackendService::VISIBILITY_PERSONAL);
|
Authentication mechanisms for external storage backends
A backend can now specify generic authentication schemes that it
supports, instead of specifying the parameters for its authentication
method directly. This allows multiple authentication mechanisms to be
implemented for a single scheme, providing altered functionality.
This commit introduces the backend framework for this feature, and so at
this point the UI will be broken as the frontend does not specify the
required information.
Terminology:
- authentication scheme
Parameter interface for the authentication method. A backend
supporting the 'password' scheme accepts two parameters, 'user' and
'password'.
- authentication mechanism
Specific mechanism implementing a scheme. Basic mechanisms may
forward configuration options directly to the backend, more advanced
ones may lookup parameters or retrieve them from the session
New dropdown selector for external storage configurations to select the
authentication mechanism to be used.
Authentication mechanisms can have visibilities, just like backends.
The API was extended too to make it easier to add/remove visibilities.
In addition, the concept of 'allowed visibility' has been introduced, so
a backend/auth mechanism can force a maximum visibility level (e.g.
Local storage type) that cannot be overridden by configuration in the
web UI.
An authentication mechanism is a fully instantiated implementation. This
allows an implementation to have dependencies injected into it, e.g. an
\OCP\IDB for database operations.
When a StorageConfig is being prepared for mounting, the authentication
mechanism implementation has manipulateStorage() called,
which inserts the relevant authentication method options into the
storage ready for mounting.
2015-08-12 12:54:03 +03:00
|
|
|
}
|
2015-08-12 22:03:11 +03:00
|
|
|
foreach ($authMech->getIdentifierAliases() as $alias) {
|
|
|
|
|
$this->authMechanisms[$alias] = $authMech;
|
|
|
|
|
}
|
Authentication mechanisms for external storage backends
A backend can now specify generic authentication schemes that it
supports, instead of specifying the parameters for its authentication
method directly. This allows multiple authentication mechanisms to be
implemented for a single scheme, providing altered functionality.
This commit introduces the backend framework for this feature, and so at
this point the UI will be broken as the frontend does not specify the
required information.
Terminology:
- authentication scheme
Parameter interface for the authentication method. A backend
supporting the 'password' scheme accepts two parameters, 'user' and
'password'.
- authentication mechanism
Specific mechanism implementing a scheme. Basic mechanisms may
forward configuration options directly to the backend, more advanced
ones may lookup parameters or retrieve them from the session
New dropdown selector for external storage configurations to select the
authentication mechanism to be used.
Authentication mechanisms can have visibilities, just like backends.
The API was extended too to make it easier to add/remove visibilities.
In addition, the concept of 'allowed visibility' has been introduced, so
a backend/auth mechanism can force a maximum visibility level (e.g.
Local storage type) that cannot be overridden by configuration in the
web UI.
An authentication mechanism is a fully instantiated implementation. This
allows an implementation to have dependencies injected into it, e.g. an
\OCP\IDB for database operations.
When a StorageConfig is being prepared for mounting, the authentication
mechanism implementation has manipulateStorage() called,
which inserts the relevant authentication method options into the
storage ready for mounting.
2015-08-12 12:54:03 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
2016-05-11 21:29:10 +03:00
|
|
|
* @deprecated 9.1.0 use registerAuthMechanismProvider()
|
Authentication mechanisms for external storage backends
A backend can now specify generic authentication schemes that it
supports, instead of specifying the parameters for its authentication
method directly. This allows multiple authentication mechanisms to be
implemented for a single scheme, providing altered functionality.
This commit introduces the backend framework for this feature, and so at
this point the UI will be broken as the frontend does not specify the
required information.
Terminology:
- authentication scheme
Parameter interface for the authentication method. A backend
supporting the 'password' scheme accepts two parameters, 'user' and
'password'.
- authentication mechanism
Specific mechanism implementing a scheme. Basic mechanisms may
forward configuration options directly to the backend, more advanced
ones may lookup parameters or retrieve them from the session
New dropdown selector for external storage configurations to select the
authentication mechanism to be used.
Authentication mechanisms can have visibilities, just like backends.
The API was extended too to make it easier to add/remove visibilities.
In addition, the concept of 'allowed visibility' has been introduced, so
a backend/auth mechanism can force a maximum visibility level (e.g.
Local storage type) that cannot be overridden by configuration in the
web UI.
An authentication mechanism is a fully instantiated implementation. This
allows an implementation to have dependencies injected into it, e.g. an
\OCP\IDB for database operations.
When a StorageConfig is being prepared for mounting, the authentication
mechanism implementation has manipulateStorage() called,
which inserts the relevant authentication method options into the
storage ready for mounting.
2015-08-12 12:54:03 +03:00
|
|
|
* @param AuthMechanism[] $mechanisms
|
|
|
|
|
*/
|
|
|
|
|
public function registerAuthMechanisms(array $mechanisms) {
|
|
|
|
|
foreach ($mechanisms as $mechanism) {
|
|
|
|
|
$this->registerAuthMechanism($mechanism);
|
|
|
|
|
}
|
|
|
|
|
}
|
2015-08-11 20:45:07 +03:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Get all backends
|
|
|
|
|
*
|
|
|
|
|
* @return Backend[]
|
|
|
|
|
*/
|
|
|
|
|
public function getBackends() {
|
2016-05-11 21:29:10 +03:00
|
|
|
$this->loadBackendProviders();
|
2015-08-12 22:03:11 +03:00
|
|
|
// only return real identifiers, no aliases
|
|
|
|
|
$backends = [];
|
|
|
|
|
foreach ($this->backends as $backend) {
|
|
|
|
|
$backends[$backend->getIdentifier()] = $backend;
|
|
|
|
|
}
|
|
|
|
|
return $backends;
|
2015-08-11 20:45:07 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Get all available backends
|
|
|
|
|
*
|
|
|
|
|
* @return Backend[]
|
|
|
|
|
*/
|
|
|
|
|
public function getAvailableBackends() {
|
2020-04-09 14:53:40 +03:00
|
|
|
return array_filter($this->getBackends(), function ($backend) {
|
2018-01-27 01:46:40 +03:00
|
|
|
return !$backend->checkDependencies();
|
2015-08-11 20:45:07 +03:00
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
2015-08-12 22:03:11 +03:00
|
|
|
* @param string $identifier
|
2015-08-11 20:45:07 +03:00
|
|
|
* @return Backend|null
|
|
|
|
|
*/
|
2015-08-12 22:03:11 +03:00
|
|
|
public function getBackend($identifier) {
|
2016-05-11 21:29:10 +03:00
|
|
|
$this->loadBackendProviders();
|
2015-08-12 22:03:11 +03:00
|
|
|
if (isset($this->backends[$identifier])) {
|
|
|
|
|
return $this->backends[$identifier];
|
2015-08-11 20:45:07 +03:00
|
|
|
}
|
|
|
|
|
return null;
|
|
|
|
|
}
|
|
|
|
|
|
Authentication mechanisms for external storage backends
A backend can now specify generic authentication schemes that it
supports, instead of specifying the parameters for its authentication
method directly. This allows multiple authentication mechanisms to be
implemented for a single scheme, providing altered functionality.
This commit introduces the backend framework for this feature, and so at
this point the UI will be broken as the frontend does not specify the
required information.
Terminology:
- authentication scheme
Parameter interface for the authentication method. A backend
supporting the 'password' scheme accepts two parameters, 'user' and
'password'.
- authentication mechanism
Specific mechanism implementing a scheme. Basic mechanisms may
forward configuration options directly to the backend, more advanced
ones may lookup parameters or retrieve them from the session
New dropdown selector for external storage configurations to select the
authentication mechanism to be used.
Authentication mechanisms can have visibilities, just like backends.
The API was extended too to make it easier to add/remove visibilities.
In addition, the concept of 'allowed visibility' has been introduced, so
a backend/auth mechanism can force a maximum visibility level (e.g.
Local storage type) that cannot be overridden by configuration in the
web UI.
An authentication mechanism is a fully instantiated implementation. This
allows an implementation to have dependencies injected into it, e.g. an
\OCP\IDB for database operations.
When a StorageConfig is being prepared for mounting, the authentication
mechanism implementation has manipulateStorage() called,
which inserts the relevant authentication method options into the
storage ready for mounting.
2015-08-12 12:54:03 +03:00
|
|
|
/**
|
|
|
|
|
* Get all authentication mechanisms
|
|
|
|
|
*
|
|
|
|
|
* @return AuthMechanism[]
|
|
|
|
|
*/
|
|
|
|
|
public function getAuthMechanisms() {
|
2016-05-11 21:29:10 +03:00
|
|
|
$this->loadAuthMechanismProviders();
|
2015-08-12 22:03:11 +03:00
|
|
|
// only return real identifiers, no aliases
|
|
|
|
|
$mechanisms = [];
|
|
|
|
|
foreach ($this->authMechanisms as $mechanism) {
|
|
|
|
|
$mechanisms[$mechanism->getIdentifier()] = $mechanism;
|
|
|
|
|
}
|
|
|
|
|
return $mechanisms;
|
Authentication mechanisms for external storage backends
A backend can now specify generic authentication schemes that it
supports, instead of specifying the parameters for its authentication
method directly. This allows multiple authentication mechanisms to be
implemented for a single scheme, providing altered functionality.
This commit introduces the backend framework for this feature, and so at
this point the UI will be broken as the frontend does not specify the
required information.
Terminology:
- authentication scheme
Parameter interface for the authentication method. A backend
supporting the 'password' scheme accepts two parameters, 'user' and
'password'.
- authentication mechanism
Specific mechanism implementing a scheme. Basic mechanisms may
forward configuration options directly to the backend, more advanced
ones may lookup parameters or retrieve them from the session
New dropdown selector for external storage configurations to select the
authentication mechanism to be used.
Authentication mechanisms can have visibilities, just like backends.
The API was extended too to make it easier to add/remove visibilities.
In addition, the concept of 'allowed visibility' has been introduced, so
a backend/auth mechanism can force a maximum visibility level (e.g.
Local storage type) that cannot be overridden by configuration in the
web UI.
An authentication mechanism is a fully instantiated implementation. This
allows an implementation to have dependencies injected into it, e.g. an
\OCP\IDB for database operations.
When a StorageConfig is being prepared for mounting, the authentication
mechanism implementation has manipulateStorage() called,
which inserts the relevant authentication method options into the
storage ready for mounting.
2015-08-12 12:54:03 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Get all authentication mechanisms for schemes
|
|
|
|
|
*
|
|
|
|
|
* @param string[] $schemes
|
|
|
|
|
* @return AuthMechanism[]
|
|
|
|
|
*/
|
|
|
|
|
public function getAuthMechanismsByScheme(array $schemes) {
|
2020-04-09 14:53:40 +03:00
|
|
|
return array_filter($this->getAuthMechanisms(), function ($authMech) use ($schemes) {
|
Authentication mechanisms for external storage backends
A backend can now specify generic authentication schemes that it
supports, instead of specifying the parameters for its authentication
method directly. This allows multiple authentication mechanisms to be
implemented for a single scheme, providing altered functionality.
This commit introduces the backend framework for this feature, and so at
this point the UI will be broken as the frontend does not specify the
required information.
Terminology:
- authentication scheme
Parameter interface for the authentication method. A backend
supporting the 'password' scheme accepts two parameters, 'user' and
'password'.
- authentication mechanism
Specific mechanism implementing a scheme. Basic mechanisms may
forward configuration options directly to the backend, more advanced
ones may lookup parameters or retrieve them from the session
New dropdown selector for external storage configurations to select the
authentication mechanism to be used.
Authentication mechanisms can have visibilities, just like backends.
The API was extended too to make it easier to add/remove visibilities.
In addition, the concept of 'allowed visibility' has been introduced, so
a backend/auth mechanism can force a maximum visibility level (e.g.
Local storage type) that cannot be overridden by configuration in the
web UI.
An authentication mechanism is a fully instantiated implementation. This
allows an implementation to have dependencies injected into it, e.g. an
\OCP\IDB for database operations.
When a StorageConfig is being prepared for mounting, the authentication
mechanism implementation has manipulateStorage() called,
which inserts the relevant authentication method options into the
storage ready for mounting.
2015-08-12 12:54:03 +03:00
|
|
|
return in_array($authMech->getScheme(), $schemes, true);
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
2015-08-12 22:03:11 +03:00
|
|
|
* @param string $identifier
|
Authentication mechanisms for external storage backends
A backend can now specify generic authentication schemes that it
supports, instead of specifying the parameters for its authentication
method directly. This allows multiple authentication mechanisms to be
implemented for a single scheme, providing altered functionality.
This commit introduces the backend framework for this feature, and so at
this point the UI will be broken as the frontend does not specify the
required information.
Terminology:
- authentication scheme
Parameter interface for the authentication method. A backend
supporting the 'password' scheme accepts two parameters, 'user' and
'password'.
- authentication mechanism
Specific mechanism implementing a scheme. Basic mechanisms may
forward configuration options directly to the backend, more advanced
ones may lookup parameters or retrieve them from the session
New dropdown selector for external storage configurations to select the
authentication mechanism to be used.
Authentication mechanisms can have visibilities, just like backends.
The API was extended too to make it easier to add/remove visibilities.
In addition, the concept of 'allowed visibility' has been introduced, so
a backend/auth mechanism can force a maximum visibility level (e.g.
Local storage type) that cannot be overridden by configuration in the
web UI.
An authentication mechanism is a fully instantiated implementation. This
allows an implementation to have dependencies injected into it, e.g. an
\OCP\IDB for database operations.
When a StorageConfig is being prepared for mounting, the authentication
mechanism implementation has manipulateStorage() called,
which inserts the relevant authentication method options into the
storage ready for mounting.
2015-08-12 12:54:03 +03:00
|
|
|
* @return AuthMechanism|null
|
|
|
|
|
*/
|
2015-08-12 22:03:11 +03:00
|
|
|
public function getAuthMechanism($identifier) {
|
2016-05-11 21:29:10 +03:00
|
|
|
$this->loadAuthMechanismProviders();
|
2015-08-12 22:03:11 +03:00
|
|
|
if (isset($this->authMechanisms[$identifier])) {
|
|
|
|
|
return $this->authMechanisms[$identifier];
|
Authentication mechanisms for external storage backends
A backend can now specify generic authentication schemes that it
supports, instead of specifying the parameters for its authentication
method directly. This allows multiple authentication mechanisms to be
implemented for a single scheme, providing altered functionality.
This commit introduces the backend framework for this feature, and so at
this point the UI will be broken as the frontend does not specify the
required information.
Terminology:
- authentication scheme
Parameter interface for the authentication method. A backend
supporting the 'password' scheme accepts two parameters, 'user' and
'password'.
- authentication mechanism
Specific mechanism implementing a scheme. Basic mechanisms may
forward configuration options directly to the backend, more advanced
ones may lookup parameters or retrieve them from the session
New dropdown selector for external storage configurations to select the
authentication mechanism to be used.
Authentication mechanisms can have visibilities, just like backends.
The API was extended too to make it easier to add/remove visibilities.
In addition, the concept of 'allowed visibility' has been introduced, so
a backend/auth mechanism can force a maximum visibility level (e.g.
Local storage type) that cannot be overridden by configuration in the
web UI.
An authentication mechanism is a fully instantiated implementation. This
allows an implementation to have dependencies injected into it, e.g. an
\OCP\IDB for database operations.
When a StorageConfig is being prepared for mounting, the authentication
mechanism implementation has manipulateStorage() called,
which inserts the relevant authentication method options into the
storage ready for mounting.
2015-08-12 12:54:03 +03:00
|
|
|
}
|
|
|
|
|
return null;
|
|
|
|
|
}
|
|
|
|
|
|
2015-08-11 20:45:07 +03:00
|
|
|
/**
|
|
|
|
|
* @return bool
|
|
|
|
|
*/
|
|
|
|
|
public function isUserMountingAllowed() {
|
|
|
|
|
return $this->userMountingAllowed;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Check a backend if a user is allowed to mount it
|
|
|
|
|
*
|
|
|
|
|
* @param Backend $backend
|
|
|
|
|
* @return bool
|
|
|
|
|
*/
|
|
|
|
|
protected function isAllowedUserBackend(Backend $backend) {
|
|
|
|
|
if ($this->userMountingAllowed &&
|
2015-08-20 03:03:45 +03:00
|
|
|
array_intersect($backend->getIdentifierAliases(), $this->userMountingBackends)
|
2015-08-11 20:45:07 +03:00
|
|
|
) {
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
return false;
|
|
|
|
|
}
|
Authentication mechanisms for external storage backends
A backend can now specify generic authentication schemes that it
supports, instead of specifying the parameters for its authentication
method directly. This allows multiple authentication mechanisms to be
implemented for a single scheme, providing altered functionality.
This commit introduces the backend framework for this feature, and so at
this point the UI will be broken as the frontend does not specify the
required information.
Terminology:
- authentication scheme
Parameter interface for the authentication method. A backend
supporting the 'password' scheme accepts two parameters, 'user' and
'password'.
- authentication mechanism
Specific mechanism implementing a scheme. Basic mechanisms may
forward configuration options directly to the backend, more advanced
ones may lookup parameters or retrieve them from the session
New dropdown selector for external storage configurations to select the
authentication mechanism to be used.
Authentication mechanisms can have visibilities, just like backends.
The API was extended too to make it easier to add/remove visibilities.
In addition, the concept of 'allowed visibility' has been introduced, so
a backend/auth mechanism can force a maximum visibility level (e.g.
Local storage type) that cannot be overridden by configuration in the
web UI.
An authentication mechanism is a fully instantiated implementation. This
allows an implementation to have dependencies injected into it, e.g. an
\OCP\IDB for database operations.
When a StorageConfig is being prepared for mounting, the authentication
mechanism implementation has manipulateStorage() called,
which inserts the relevant authentication method options into the
storage ready for mounting.
2015-08-12 12:54:03 +03:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Check an authentication mechanism if a user is allowed to use it
|
|
|
|
|
*
|
|
|
|
|
* @param AuthMechanism $authMechanism
|
|
|
|
|
* @return bool
|
|
|
|
|
*/
|
|
|
|
|
protected function isAllowedAuthMechanism(AuthMechanism $authMechanism) {
|
|
|
|
|
return true; // not implemented
|
|
|
|
|
}
|
2019-02-12 01:18:08 +03:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* registers a configuration handler
|
|
|
|
|
*
|
|
|
|
|
* The function of the provided $placeholder is mostly to act a sorting
|
|
|
|
|
* criteria, so longer placeholders are replaced first. This avoids
|
2019-02-16 00:41:29 +03:00
|
|
|
* "$user" overwriting parts of "$userMail" and "$userLang", for example.
|
|
|
|
|
* The provided value should not contain the $ prefix, only a-z0-9 are
|
2019-02-12 01:18:08 +03:00
|
|
|
* allowed. Upper case letters are lower cased, the replacement is case-
|
|
|
|
|
* insensitive.
|
|
|
|
|
*
|
|
|
|
|
* The configHandlerLoader should just instantiate the handler on demand.
|
|
|
|
|
* For now all handlers are instantiated when a mount is loaded, independent
|
|
|
|
|
* of whether the placeholder is present or not. This may change in future.
|
|
|
|
|
*
|
|
|
|
|
* @since 16.0.0
|
|
|
|
|
*/
|
|
|
|
|
public function registerConfigHandler(string $placeholder, callable $configHandlerLoader) {
|
|
|
|
|
$placeholder = trim(strtolower($placeholder));
|
2020-04-10 15:19:56 +03:00
|
|
|
if (!(bool)\preg_match('/^[a-z0-9]*$/', $placeholder)) {
|
2019-02-12 01:18:08 +03:00
|
|
|
throw new \RuntimeException(sprintf(
|
|
|
|
|
'Invalid placeholder %s, only [a-z0-9] are allowed', $placeholder
|
|
|
|
|
));
|
|
|
|
|
}
|
2020-04-10 15:19:56 +03:00
|
|
|
if ($placeholder === '') {
|
2019-02-12 01:18:08 +03:00
|
|
|
throw new \RuntimeException('Invalid empty placeholder');
|
|
|
|
|
}
|
2020-04-10 15:19:56 +03:00
|
|
|
if (isset($this->configHandlerLoaders[$placeholder]) || isset($this->configHandlers[$placeholder])) {
|
2019-02-12 01:18:08 +03:00
|
|
|
throw new \RuntimeException(sprintf('A handler is already registered for %s', $placeholder));
|
|
|
|
|
}
|
|
|
|
|
$this->configHandlerLoaders[$placeholder] = $configHandlerLoader;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
protected function loadConfigHandlers():void {
|
2019-08-02 14:17:55 +03:00
|
|
|
$this->callForRegistrations();
|
2019-02-12 01:18:08 +03:00
|
|
|
$newLoaded = false;
|
|
|
|
|
foreach ($this->configHandlerLoaders as $placeholder => $loader) {
|
|
|
|
|
$handler = $loader();
|
2020-04-10 15:19:56 +03:00
|
|
|
if (!$handler instanceof IConfigHandler) {
|
2019-02-12 01:18:08 +03:00
|
|
|
throw new \RuntimeException(sprintf(
|
|
|
|
|
'Handler for %s is not an instance of IConfigHandler', $placeholder
|
|
|
|
|
));
|
|
|
|
|
}
|
2019-02-13 02:14:56 +03:00
|
|
|
$this->configHandlers[$placeholder] = $handler;
|
2019-02-12 01:18:08 +03:00
|
|
|
$newLoaded = true;
|
|
|
|
|
}
|
|
|
|
|
$this->configHandlerLoaders = [];
|
2020-04-10 15:19:56 +03:00
|
|
|
if ($newLoaded) {
|
2019-02-12 01:18:08 +03:00
|
|
|
// ensure those with longest placeholders come first,
|
|
|
|
|
// to avoid substring matches
|
|
|
|
|
uksort($this->configHandlers, function ($phA, $phB) {
|
|
|
|
|
return strlen($phB) <=> strlen($phA);
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @since 16.0.0
|
|
|
|
|
*/
|
|
|
|
|
public function getConfigHandlers() {
|
|
|
|
|
$this->loadConfigHandlers();
|
|
|
|
|
return $this->configHandlers;
|
|
|
|
|
}
|
2015-08-11 20:45:07 +03:00
|
|
|
}
|
