BearerAuth and multiple tokens support in remoteStorage app
This commit is contained in:
parent
6c6b570ff1
commit
9850820b42
|
@ -0,0 +1,61 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* HTTP Bearer Authentication handler
|
||||
*
|
||||
* Use this class for easy http authentication setup
|
||||
*
|
||||
* @package Sabre
|
||||
* @subpackage HTTP
|
||||
* @copyright Copyright (C) 2007-2011 Rooftop Solutions. All rights reserved.
|
||||
* @author Evert Pot (http://www.rooftopsolutions.nl/)
|
||||
* @license http://code.google.com/p/sabredav/wiki/License Modified BSD License
|
||||
*/
|
||||
class Sabre_HTTP_BearerAuth extends Sabre_HTTP_AbstractAuth {
|
||||
|
||||
/**
|
||||
* Returns the supplied username and password.
|
||||
*
|
||||
* The returned array has two values:
|
||||
* * 0 - username
|
||||
* * 1 - password
|
||||
*
|
||||
* If nothing was supplied, 'false' will be returned
|
||||
*
|
||||
* @return mixed
|
||||
*/
|
||||
public function getUserPass() {
|
||||
|
||||
// Apache and mod_php
|
||||
if (($user = $this->httpRequest->getRawServerValue('PHP_AUTH_USER')) && ($pass = $this->httpRequest->getRawServerValue('PHP_AUTH_PW'))) {
|
||||
|
||||
return array($user,$pass);
|
||||
|
||||
}
|
||||
|
||||
// Most other webservers
|
||||
$auth = $this->httpRequest->getHeader('Authorization');
|
||||
|
||||
if (!$auth) return false;
|
||||
|
||||
if (strpos(strtolower($auth),'bearer')!==0) return false;
|
||||
|
||||
return explode(':', base64_decode(substr($auth, 7)));
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns an HTTP 401 header, forcing login
|
||||
*
|
||||
* This should be called when username and password are incorrect, or not supplied at all
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
public function requireLogin() {
|
||||
|
||||
$this->httpResponse->setHeader('WWW-Authenticate','Basic realm="' . $this->realm . '"');
|
||||
$this->httpResponse->sendStatus(401);
|
||||
|
||||
}
|
||||
|
||||
}
|
|
@ -33,6 +33,7 @@ require_once('../../lib/base.php');
|
|||
OC_Util::checkAppEnabled('remoteStorage');
|
||||
require_once('Sabre/autoload.php');
|
||||
require_once('lib_remoteStorage.php');
|
||||
require_once('BearerAuth.php');
|
||||
require_once('oauth_ro_auth.php');
|
||||
|
||||
ini_set('default_charset', 'UTF-8');
|
||||
|
|
|
@ -68,14 +68,14 @@ if(count($pathParts) == 2 && $pathParts[0] == '') {
|
|||
} else if($k=='redirect_uri'){
|
||||
$appUrl=$v;
|
||||
} else if($k=='scope'){
|
||||
$category=$v;
|
||||
$categories=$v;
|
||||
}
|
||||
}
|
||||
$currUser = OC_User::getUser();
|
||||
if($currUser == $ownCloudUser) {
|
||||
if(isset($_POST['allow'])) {
|
||||
//TODO: check if this can be faked by editing the cookie in firebug!
|
||||
$token=OC_remoteStorage::createCategory($appUrl, $category);
|
||||
$token=OC_remoteStorage::createCategories($appUrl, $categories);
|
||||
header('Location: '.$_GET['redirect_uri'].'#access_token='.$token.'&token_type=bearer');
|
||||
} else {
|
||||
echo '<form method="POST"><input name="allow" type="submit" value="Allow this web app to store stuff on your owncloud."></form>';
|
||||
|
|
|
@ -2,11 +2,13 @@
|
|||
|
||||
class OC_remoteStorage {
|
||||
public static function getValidTokens($ownCloudUser, $category) {
|
||||
$query=OC_DB::prepare("SELECT token,appUrl FROM *PREFIX*authtoken WHERE user=? AND category=? LIMIT 100");
|
||||
$result=$query->execute(array($ownCloudUser,$category));
|
||||
$query=OC_DB::prepare("SELECT token,appUrl,category FROM *PREFIX*authtoken WHERE user=? LIMIT 100");
|
||||
$result=$query->execute(array($ownCloudUser));
|
||||
$ret = array();
|
||||
while($row=$result->fetchRow()){
|
||||
$ret[$row['token']]=true;
|
||||
if(in_array($category, explode(',', $row['category']))) {
|
||||
$ret[$row['token']]=true;
|
||||
}
|
||||
}
|
||||
return $ret;
|
||||
}
|
||||
|
@ -19,7 +21,7 @@ class OC_remoteStorage {
|
|||
while($row=$result->fetchRow()){
|
||||
$ret[$row['token']] = array(
|
||||
'appUrl' => $row['appurl'],
|
||||
'category' => $row['category'],
|
||||
'categories' => $row['category'],
|
||||
);
|
||||
}
|
||||
return $ret;
|
||||
|
@ -30,21 +32,23 @@ class OC_remoteStorage {
|
|||
$query=OC_DB::prepare("DELETE FROM *PREFIX*authtoken WHERE token=? AND user=?");
|
||||
$result=$query->execute(array($token,$user));
|
||||
}
|
||||
private static function addToken($token, $appUrl, $category){
|
||||
private static function addToken($token, $appUrl, $categories){
|
||||
$user=OC_User::getUser();
|
||||
$query=OC_DB::prepare("INSERT INTO *PREFIX*authtoken (`token`,`appUrl`,`user`,`category`) VALUES(?,?,?,?)");
|
||||
$result=$query->execute(array($token,$appUrl,$user,$category));
|
||||
$result=$query->execute(array($token,$appUrl,$user,$categories));
|
||||
}
|
||||
public static function createCategory($appUrl, $category) {
|
||||
public static function createCategories($appUrl, $categories) {
|
||||
$token=uniqid();
|
||||
self::addToken($token, $appUrl, $category);
|
||||
//TODO: input checking on $category
|
||||
OC_Util::setupFS(OC_User::getUser());
|
||||
$scopePathParts = array('remoteStorage', $category);
|
||||
for($i=0;$i<=count($scopePathParts);$i++){
|
||||
$thisPath = '/'.implode('/', array_slice($scopePathParts, 0, $i));
|
||||
if(!OC_Filesystem::file_exists($thisPath)) {
|
||||
OC_Filesystem::mkdir($thisPath);
|
||||
self::addToken($token, $appUrl, $categories);
|
||||
foreach($categories as $category) {
|
||||
//TODO: input checking on $category
|
||||
$scopePathParts = array('remoteStorage', $category);
|
||||
for($i=0;$i<=count($scopePathParts);$i++){
|
||||
$thisPath = '/'.implode('/', array_slice($scopePathParts, 0, $i));
|
||||
if(!OC_Filesystem::file_exists($thisPath)) {
|
||||
OC_Filesystem::mkdir($thisPath);
|
||||
}
|
||||
}
|
||||
}
|
||||
return base64_encode('remoteStorage:'.$token);
|
||||
|
|
|
@ -34,7 +34,7 @@ class OC_Connector_Sabre_Auth_ro_oauth extends Sabre_DAV_Auth_Backend_AbstractBa
|
|||
if(in_array($_SERVER['REQUEST_METHOD'], array('GET', 'HEAD', 'OPTIONS'))) {
|
||||
OC_Util::setUpFS();
|
||||
return true;
|
||||
} else if(isset($this->validTokens[$password]) && $this->validTokens[$password] == $username) {
|
||||
} else if(isset($this->validTokens[$password])) {
|
||||
OC_Util::setUpFS();
|
||||
return true;
|
||||
} else {
|
||||
|
@ -47,7 +47,7 @@ die('not getting in with "'.$username.'"/"'.$password.'"!');
|
|||
|
||||
//overwriting this to make it not automatically fail if no auth header is found:
|
||||
public function authenticate(Sabre_DAV_Server $server,$realm) {
|
||||
$auth = new Sabre_HTTP_BasicAuth();
|
||||
$auth = new Sabre_HTTP_BearerAuth();
|
||||
$auth->setHTTPRequest($server->httpRequest);
|
||||
$auth->setHTTPResponse($server->httpResponse);
|
||||
$auth->setRealm($realm);
|
||||
|
|
Loading…
Reference in New Issue