mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Allow SSO authentication to provide a user secret 

Allow Authentication\IApacheBackend to return a per-user secret. This
secret is used in lieu of a passwort to initialize the session.
This allows an SSO backend to support per-user encrypted files.

Signed-off-by: Peter Meier <admin@immerda.ch>
This commit is contained in:
Peter Meier 2020-12-24 10:40:33 +01:00
parent 5b61120491
commit 28b8902e2c
2 changed files with 12 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/private/legacy/OC_User.php
View File

@ -170,7 +170,9 @@ class OC_User {
$userSession = \OC::$server->getUserSession(); $userSession = \OC::$server->getUserSession();
$userSession->setLoginName($uid); $userSession->setLoginName($uid);
$request = OC::$server->getRequest(); $request = OC::$server->getRequest();
$userSession->createSessionToken($request, $uid, $uid); $secret = $backend->getCurrentUserSecret();
$userSession->createSessionToken($request, $uid, $uid, $secret);
$pw = $secret === null ? '' : $secret;
// setup the filesystem // setup the filesystem
OC_Util::setupFS($uid); OC_Util::setupFS($uid);
// first call the post_login hooks, the login-process needs to be // first call the post_login hooks, the login-process needs to be
@ -182,7 +184,7 @@ class OC_User {
'post_login', 'post_login',
[ [
'uid' => $uid, 'uid' => $uid,
'password' => '', 'password' => $pw,
'isTokenLogin' => false, 'isTokenLogin' => false,
] ]
); );

8
lib/public/Authentication/IApacheBackend.php
View File

@ -62,4 +62,12 @@ interface IApacheBackend {
* @since 6.0.0 * @since 6.0.0
*/ */
public function getCurrentUserId(); public function getCurrentUserId();
/**
* Optionally returns a stable per-user secret. This secret is for
* instance used to secure file encryption keys.
* @return string|null
* @since 21.0.0
*/
public function getCurrentUserSecret();
} }