From 28b8902e2c130ca3105153dd01a49d3a693913dc Mon Sep 17 00:00:00 2001 From: Peter Meier Date: Thu, 24 Dec 2020 10:40:33 +0100 Subject: [PATCH] Allow SSO authentication to provide a user secret Allow Authentication\IApacheBackend to return a per-user secret. This secret is used in lieu of a passwort to initialize the session. This allows an SSO backend to support per-user encrypted files. Signed-off-by: Peter Meier --- lib/private/legacy/OC_User.php | 6 ++++-- lib/public/Authentication/IApacheBackend.php | 8 ++++++++ 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/lib/private/legacy/OC_User.php b/lib/private/legacy/OC_User.php index c8d9b51eab..fa8a4d4bcd 100644 --- a/lib/private/legacy/OC_User.php +++ b/lib/private/legacy/OC_User.php @@ -170,7 +170,9 @@ class OC_User { $userSession = \OC::$server->getUserSession(); $userSession->setLoginName($uid); $request = OC::$server->getRequest(); - $userSession->createSessionToken($request, $uid, $uid); + $secret = $backend->getCurrentUserSecret(); + $userSession->createSessionToken($request, $uid, $uid, $secret); + $pw = $secret === null ? '' : $secret; // setup the filesystem OC_Util::setupFS($uid); // first call the post_login hooks, the login-process needs to be @@ -182,7 +184,7 @@ class OC_User { 'post_login', [ 'uid' => $uid, - 'password' => '', + 'password' => $pw, 'isTokenLogin' => false, ] ); diff --git a/lib/public/Authentication/IApacheBackend.php b/lib/public/Authentication/IApacheBackend.php index 806c71835a..e133d7c569 100644 --- a/lib/public/Authentication/IApacheBackend.php +++ b/lib/public/Authentication/IApacheBackend.php @@ -62,4 +62,12 @@ interface IApacheBackend { * @since 6.0.0 */ public function getCurrentUserId(); + + /** + * Optionally returns a stable per-user secret. This secret is for + * instance used to secure file encryption keys. + * @return string|null + * @since 21.0.0 + */ + public function getCurrentUserSecret(); }