From 5a8cfab68f147aa094a0e96ac03c6b41937c40e0 Mon Sep 17 00:00:00 2001 From: Christoph Wurst Date: Fri, 17 Jun 2016 11:18:27 +0200 Subject: [PATCH] throw PasswordLoginForbidden on DAV --- apps/dav/lib/Connector/Sabre/Auth.php | 4 +- .../Exception/PasswordLoginForbidden.php | 54 +++++++++++++++++++ .../tests/unit/Connector/Sabre/AuthTest.php | 5 +- 3 files changed, 60 insertions(+), 3 deletions(-) create mode 100644 apps/dav/lib/Connector/Sabre/Exception/PasswordLoginForbidden.php diff --git a/apps/dav/lib/Connector/Sabre/Auth.php b/apps/dav/lib/Connector/Sabre/Auth.php index a37ef787ba..82c2711b56 100644 --- a/apps/dav/lib/Connector/Sabre/Auth.php +++ b/apps/dav/lib/Connector/Sabre/Auth.php @@ -34,6 +34,7 @@ use OC\AppFramework\Http\Request; use OC\Authentication\Exceptions\PasswordLoginForbiddenException; use OC\Authentication\TwoFactorAuth\Manager; use OC\User\Session; +use OCA\DAV\Connector\Sabre\Exception\PasswordLoginForbidden; use OCP\IRequest; use OCP\ISession; use Sabre\DAV\Auth\Backend\AbstractBasic; @@ -127,9 +128,8 @@ class Auth extends AbstractBasic { return false; } } catch (PasswordLoginForbiddenException $ex) { - // TODO: throw sabre exception $this->session->close(); - return false; + throw new PasswordLoginForbidden(); } } } diff --git a/apps/dav/lib/Connector/Sabre/Exception/PasswordLoginForbidden.php b/apps/dav/lib/Connector/Sabre/Exception/PasswordLoginForbidden.php new file mode 100644 index 0000000000..78b27d0544 --- /dev/null +++ b/apps/dav/lib/Connector/Sabre/Exception/PasswordLoginForbidden.php @@ -0,0 +1,54 @@ + + * + * @copyright Copyright (c) 2016, ownCloud, Inc. + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see + * + */ + +namespace OCA\DAV\Connector\Sabre\Exception; + +use DOMElement; +use Sabre\DAV\Exception; +use Sabre\DAV\Server; + +class PasswordLoginForbidden extends Exception { + + const NS_OWNCLOUD = 'http://owncloud.org/ns'; + + public function getHTTPCode() { + return 401; + } + + /** + * This method allows the exception to include additional information + * into the WebDAV error response + * + * @param Server $server + * @param DOMElement $errorNode + * @return void + */ + public function serialize(Server $server, DOMElement $errorNode) { + + // set ownCloud namespace + $errorNode->setAttribute('xmlns:o', self::NS_OWNCLOUD); + + $error = $errorNode->ownerDocument->createElementNS('o:', 'o:hint', 'password login forbidden'); + $errorNode->appendChild($error); + } + +} diff --git a/apps/dav/tests/unit/Connector/Sabre/AuthTest.php b/apps/dav/tests/unit/Connector/Sabre/AuthTest.php index 60dbe6e722..9564298f23 100644 --- a/apps/dav/tests/unit/Connector/Sabre/AuthTest.php +++ b/apps/dav/tests/unit/Connector/Sabre/AuthTest.php @@ -208,6 +208,9 @@ class AuthTest extends TestCase { $this->assertFalse($this->invokePrivate($this->auth, 'validateUserPass', ['MyTestUser', 'MyTestPassword'])); } + /** + * @expectedException \OCA\DAV\Connector\Sabre\Exception\PasswordLoginForbidden + */ public function testValidateUserPassWithPasswordLoginForbidden() { $this->userSession ->expects($this->once()) @@ -222,7 +225,7 @@ class AuthTest extends TestCase { ->expects($this->once()) ->method('close'); - $this->assertFalse($this->invokePrivate($this->auth, 'validateUserPass', ['MyTestUser', 'MyTestPassword'])); + $this->invokePrivate($this->auth, 'validateUserPass', ['MyTestUser', 'MyTestPassword']); } public function testAuthenticateAlreadyLoggedInWithoutCsrfTokenForNonGet() {