Allow SSO authentication to provide a user secret

Allow Authentication\IApacheBackend to return a per-user secret. This
secret is used in lieu of a passwort to initialize the session.
This allows an SSO backend to support per-user encrypted files.

Signed-off-by: Peter Meier <admin@immerda.ch>
This commit is contained in:
Peter Meier 2020-12-24 10:40:33 +01:00
parent 5b61120491
commit 28b8902e2c
2 changed files with 12 additions and 2 deletions

View File

@ -170,7 +170,9 @@ class OC_User {
$userSession = \OC::$server->getUserSession();
$userSession->setLoginName($uid);
$request = OC::$server->getRequest();
$userSession->createSessionToken($request, $uid, $uid);
$secret = $backend->getCurrentUserSecret();
$userSession->createSessionToken($request, $uid, $uid, $secret);
$pw = $secret === null ? '' : $secret;
// setup the filesystem
OC_Util::setupFS($uid);
// first call the post_login hooks, the login-process needs to be
@ -182,7 +184,7 @@ class OC_User {
'post_login',
[
'uid' => $uid,
'password' => '',
'password' => $pw,
'isTokenLogin' => false,
]
);

View File

@ -62,4 +62,12 @@ interface IApacheBackend {
* @since 6.0.0
*/
public function getCurrentUserId();
/**
* Optionally returns a stable per-user secret. This secret is for
* instance used to secure file encryption keys.
* @return string|null
* @since 21.0.0
*/
public function getCurrentUserSecret();
}