mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

BearerAuth and multiple tokens support in remoteStorage app

This commit is contained in:
Michiel de Jong 2012-02-22 18:05:52 +00:00
parent 6c6b570ff1
commit 9850820b42
5 changed files with 84 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
apps/remoteStorage/BearerAuth.php Normal file
View File

@ -0,0 +1,61 @@
<?php
/**
* HTTP Bearer Authentication handler
*
* Use this class for easy http authentication setup
*
* @package Sabre
* @subpackage HTTP
* @copyright Copyright (C) 2007-2011 Rooftop Solutions. All rights reserved.
* @author Evert Pot (http://www.rooftopsolutions.nl/)
* @license http://code.google.com/p/sabredav/wiki/License Modified BSD License
*/
class Sabre_HTTP_BearerAuth extends Sabre_HTTP_AbstractAuth {
/**
* Returns the supplied username and password.
*
* The returned array has two values:
* * 0 - username
* * 1 - password
*
* If nothing was supplied, 'false' will be returned
*
* @return mixed
*/
public function getUserPass() {
// Apache and mod_php
if (($user = $this->httpRequest->getRawServerValue('PHP_AUTH_USER')) && ($pass = $this->httpRequest->getRawServerValue('PHP_AUTH_PW'))) {
return array($user,$pass);
}
// Most other webservers
$auth = $this->httpRequest->getHeader('Authorization');
if (!$auth) return false;
if (strpos(strtolower($auth),'bearer')!==0) return false;
return explode(':', base64_decode(substr($auth, 7)));
}
/**
* Returns an HTTP 401 header, forcing login
*
* This should be called when username and password are incorrect, or not supplied at all
*
* @return void
*/
public function requireLogin() {
$this->httpResponse->setHeader('WWW-Authenticate','Basic realm="' . $this->realm . '"');
$this->httpResponse->sendStatus(401);
}
}

1
apps/remoteStorage/WebDAV.php
View File

@ -33,6 +33,7 @@ require_once('../../lib/base.php');
OC_Util::checkAppEnabled('remoteStorage');
require_once('Sabre/autoload.php');
require_once('lib_remoteStorage.php');
require_once('BearerAuth.php');
require_once('oauth_ro_auth.php');
ini_set('default_charset', 'UTF-8');

4
apps/remoteStorage/auth.php
View File

@ -68,14 +68,14 @@ if(count($pathParts) == 2 && $pathParts[0] == '') {
} else if($k=='redirect_uri'){
$appUrl=$v;
} else if($k=='scope'){
$category=$v;
$categories=$v;
}
}
$currUser = OC_User::getUser();
if($currUser == $ownCloudUser) {
if(isset($_POST['allow'])) {
//TODO: check if this can be faked by editing the cookie in firebug!
$token=OC_remoteStorage::createCategory($appUrl, $category);
$token=OC_remoteStorage::createCategories($appUrl, $categories);
header('Location: '.$_GET['redirect_uri'].'#access_token='.$token.'&token_type=bearer');
} else {
echo '<form method="POST"><input name="allow" type="submit" value="Allow this web app to store stuff on your owncloud."></form>';

32
apps/remoteStorage/lib_remoteStorage.php
View File

@ -2,11 +2,13 @@
class OC_remoteStorage {
public static function getValidTokens($ownCloudUser, $category) {
$query=OC_DB::prepare("SELECT token,appUrl FROM *PREFIX*authtoken WHERE user=? AND category=? LIMIT 100");
$result=$query->execute(array($ownCloudUser,$category));
$query=OC_DB::prepare("SELECT token,appUrl,category FROM *PREFIX*authtoken WHERE user=? LIMIT 100");
$result=$query->execute(array($ownCloudUser));
$ret = array();
while($row=$result->fetchRow()){
$ret[$row['token']]=true;
if(in_array($category, explode(',', $row['category']))) {
$ret[$row['token']]=true;
}
}
return $ret;
}
@ -19,7 +21,7 @@ class OC_remoteStorage {
while($row=$result->fetchRow()){
$ret[$row['token']] = array(
'appUrl' => $row['appurl'],
'category' => $row['category'],
'categories' => $row['category'],
);
}
return $ret;
@ -30,21 +32,23 @@ class OC_remoteStorage {
$query=OC_DB::prepare("DELETE FROM *PREFIX*authtoken WHERE token=? AND user=?");
$result=$query->execute(array($token,$user));
}
private static function addToken($token, $appUrl, $category){
private static function addToken($token, $appUrl, $categories){
$user=OC_User::getUser();
$query=OC_DB::prepare("INSERT INTO *PREFIX*authtoken (`token`,`appUrl`,`user`,`category`) VALUES(?,?,?,?)");
$result=$query->execute(array($token,$appUrl,$user,$category));
$result=$query->execute(array($token,$appUrl,$user,$categories));
}
public static function createCategory($appUrl, $category) {
public static function createCategories($appUrl, $categories) {
$token=uniqid();
self::addToken($token, $appUrl, $category);
//TODO: input checking on $category
OC_Util::setupFS(OC_User::getUser());
$scopePathParts = array('remoteStorage', $category);
for($i=0;$i<=count($scopePathParts);$i++){
$thisPath = '/'.implode('/', array_slice($scopePathParts, 0, $i));
if(!OC_Filesystem::file_exists($thisPath)) {
OC_Filesystem::mkdir($thisPath);
self::addToken($token, $appUrl, $categories);
foreach($categories as $category) {
//TODO: input checking on $category
$scopePathParts = array('remoteStorage', $category);
for($i=0;$i<=count($scopePathParts);$i++){
$thisPath = '/'.implode('/', array_slice($scopePathParts, 0, $i));
if(!OC_Filesystem::file_exists($thisPath)) {
OC_Filesystem::mkdir($thisPath);
}
}
}
return base64_encode('remoteStorage:'.$token);

4
apps/remoteStorage/oauth_ro_auth.php
View File

@ -34,7 +34,7 @@ class OC_Connector_Sabre_Auth_ro_oauth extends Sabre_DAV_Auth_Backend_AbstractBa
if(in_array($_SERVER['REQUEST_METHOD'], array('GET', 'HEAD', 'OPTIONS'))) {
OC_Util::setUpFS();
return true;
} else if(isset($this->validTokens[$password]) && $this->validTokens[$password] == $username) {
} else if(isset($this->validTokens[$password])) {
OC_Util::setUpFS();
return true;
} else {
@ -47,7 +47,7 @@ die('not getting in with "'.$username.'"/"'.$password.'"!');
//overwriting this to make it not automatically fail if no auth header is found:
public function authenticate(Sabre_DAV_Server $server,$realm) {
$auth = new Sabre_HTTP_BasicAuth();
$auth = new Sabre_HTTP_BearerAuth();
$auth->setHTTPRequest($server->httpRequest);
$auth->setHTTPResponse($server->httpResponse);
$auth->setRealm($realm);