From 176fb191b7ec1c742b70295ca2a315d8cc1f1ea0 Mon Sep 17 00:00:00 2001 From: Robin Appelman Date: Tue, 16 Feb 2016 15:22:23 +0100 Subject: [PATCH] remove login credentails and user provided backends --- apps/files_external/appinfo/application.php | 2 - .../lib/auth/password/logincredentials.php | 92 ------------------- .../lib/auth/password/userprovided.php | 88 ------------------ .../tests/command/listcommandtest.php | 7 +- 4 files changed, 4 insertions(+), 185 deletions(-) delete mode 100644 apps/files_external/lib/auth/password/logincredentials.php delete mode 100644 apps/files_external/lib/auth/password/userprovided.php diff --git a/apps/files_external/appinfo/application.php b/apps/files_external/appinfo/application.php index d6552fa680..df7ba35748 100644 --- a/apps/files_external/appinfo/application.php +++ b/apps/files_external/appinfo/application.php @@ -108,8 +108,6 @@ class Application extends App { // AuthMechanism::SCHEME_PASSWORD mechanisms $container->query('OCA\Files_External\Lib\Auth\Password\Password'), $container->query('OCA\Files_External\Lib\Auth\Password\SessionCredentials'), - $container->query('OCA\Files_External\Lib\Auth\Password\LoginCredentials'), - $container->query('OCA\Files_External\Lib\Auth\Password\UserProvided'), $container->query('OCA\Files_External\Lib\Auth\Password\GlobalAuth'), // AuthMechanism::SCHEME_OAUTH1 mechanisms diff --git a/apps/files_external/lib/auth/password/logincredentials.php b/apps/files_external/lib/auth/password/logincredentials.php deleted file mode 100644 index 25bd66fb41..0000000000 --- a/apps/files_external/lib/auth/password/logincredentials.php +++ /dev/null @@ -1,92 +0,0 @@ - - * - * @copyright Copyright (c) 2015, ownCloud, Inc. - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see - * - */ - -namespace OCA\Files_External\Lib\Auth\Password; - -use \OCP\IL10N; -use \OCP\IUser; -use \OCA\Files_External\Lib\DefinitionParameter; -use \OCA\Files_External\Lib\Auth\AuthMechanism; -use \OCA\Files_External\Lib\StorageConfig; -use \OCP\ISession; -use \OCP\Security\ICredentialsManager; -use \OCP\Files\Storage; -use \OCA\Files_External\Lib\SessionStorageWrapper; -use \OCA\Files_External\Lib\InsufficientDataForMeaningfulAnswerException; - -/** - * Username and password from login credentials, saved in DB - */ -class LoginCredentials extends AuthMechanism { - - const CREDENTIALS_IDENTIFIER = 'password::logincredentials/credentials'; - - /** @var ISession */ - protected $session; - - /** @var ICredentialsManager */ - protected $credentialsManager; - - public function __construct(IL10N $l, ISession $session, ICredentialsManager $credentialsManager) { - $this->session = $session; - $this->credentialsManager = $credentialsManager; - - $this - ->setIdentifier('password::logincredentials') - ->setScheme(self::SCHEME_PASSWORD) - ->setText($l->t('Log-in credentials, save in database')) - ->addParameters([ - ]) - ; - - \OCP\Util::connectHook('OC_User', 'post_login', $this, 'authenticate'); - } - - /** - * Hook listener on post login - * - * @param array $params - */ - public function authenticate(array $params) { - $userId = $params['uid']; - $credentials = [ - 'user' => $this->session->get('loginname'), - 'password' => $params['password'] - ]; - $this->credentialsManager->store($userId, self::CREDENTIALS_IDENTIFIER, $credentials); - } - - public function manipulateStorageConfig(StorageConfig &$storage, IUser $user = null) { - if (!isset($user)) { - throw new InsufficientDataForMeaningfulAnswerException('No login credentials saved'); - } - $uid = $user->getUID(); - $credentials = $this->credentialsManager->retrieve($uid, self::CREDENTIALS_IDENTIFIER); - - if (!isset($credentials)) { - throw new InsufficientDataForMeaningfulAnswerException('No login credentials saved'); - } - - $storage->setBackendOption('user', $credentials['user']); - $storage->setBackendOption('password', $credentials['password']); - } - -} diff --git a/apps/files_external/lib/auth/password/userprovided.php b/apps/files_external/lib/auth/password/userprovided.php deleted file mode 100644 index 2f27716318..0000000000 --- a/apps/files_external/lib/auth/password/userprovided.php +++ /dev/null @@ -1,88 +0,0 @@ - - * - * @copyright Copyright (c) 2015, ownCloud, Inc. - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see - * - */ - -namespace OCA\Files_External\Lib\Auth\Password; - -use OCA\Files_External\Lib\Auth\IUserProvided; -use OCA\Files_External\Lib\DefinitionParameter; -use OCA\Files_External\Service\BackendService; -use OCP\IL10N; -use OCP\IUser; -use OCA\Files_External\Lib\Auth\AuthMechanism; -use OCA\Files_External\Lib\StorageConfig; -use OCP\Security\ICredentialsManager; -use OCP\Files\Storage; -use OCA\Files_External\Lib\InsufficientDataForMeaningfulAnswerException; - -/** - * User provided Username and Password - */ -class UserProvided extends AuthMechanism implements IUserProvided { - - const CREDENTIALS_IDENTIFIER_PREFIX = 'password::userprovided/'; - - /** @var ICredentialsManager */ - protected $credentialsManager; - - public function __construct(IL10N $l, ICredentialsManager $credentialsManager) { - $this->credentialsManager = $credentialsManager; - - $this - ->setIdentifier('password::userprovided') - ->setVisibility(BackendService::VISIBILITY_ADMIN) - ->setScheme(self::SCHEME_PASSWORD) - ->setText($l->t('User entered, store in database')) - ->addParameters([ - (new DefinitionParameter('user', $l->t('Username'))) - ->setFlag(DefinitionParameter::FLAG_USER_PROVIDED), - (new DefinitionParameter('password', $l->t('Password'))) - ->setType(DefinitionParameter::VALUE_PASSWORD) - ->setFlag(DefinitionParameter::FLAG_USER_PROVIDED), - ]); - } - - private function getCredentialsIdentifier($storageId) { - return self::CREDENTIALS_IDENTIFIER_PREFIX . $storageId; - } - - public function saveBackendOptions(IUser $user, $id, array $options) { - $this->credentialsManager->store($user->getUID(), $this->getCredentialsIdentifier($id), [ - 'user' => $options['user'], // explicitly copy the fields we want instead of just passing the entire $options array - 'password' => $options['password'] // this way we prevent users from being able to modify any other field - ]); - } - - public function manipulateStorageConfig(StorageConfig &$storage, IUser $user = null) { - if (!isset($user)) { - throw new InsufficientDataForMeaningfulAnswerException('No credentials saved'); - } - $uid = $user->getUID(); - $credentials = $this->credentialsManager->retrieve($uid, $this->getCredentialsIdentifier($storage->getId())); - - if (!isset($credentials)) { - throw new InsufficientDataForMeaningfulAnswerException('No credentials saved'); - } - - $storage->setBackendOption('user', $credentials['user']); - $storage->setBackendOption('password', $credentials['password']); - } - -} diff --git a/apps/files_external/tests/command/listcommandtest.php b/apps/files_external/tests/command/listcommandtest.php index 338ddb7593..3098906bcc 100644 --- a/apps/files_external/tests/command/listcommandtest.php +++ b/apps/files_external/tests/command/listcommandtest.php @@ -24,7 +24,7 @@ namespace OCA\Files_External\Tests\Command; use OCA\Files_External\Command\ListCommand; use OCA\Files_External\Lib\Auth\NullMechanism; use OCA\Files_External\Lib\Auth\Password\Password; -use OCA\Files_External\Lib\Auth\Password\UserProvided; +use OCA\Files_External\Lib\Auth\Password\SessionCredentials; use OCA\Files_External\Lib\Backend\Local; use OCA\Files_external\Lib\StorageConfig; use Symfony\Component\Console\Output\BufferedOutput; @@ -48,13 +48,14 @@ class ListCommandTest extends CommandTest { public function testListAuthIdentifier() { $l10n = $this->getMock('\OC_L10N', null, [], '', false); - $credentialsManager = $this->getMock('\OCP\Security\ICredentialsManager'); + $session = $this->getMock('\OCP\ISession'); + $crypto = $this->getMock('\OCP\Security\ICrypto'); $instance = $this->getInstance(); $mount1 = new StorageConfig(); $mount1->setAuthMechanism(new Password($l10n)); $mount1->setBackend(new Local($l10n, new NullMechanism($l10n))); $mount2 = new StorageConfig(); - $mount2->setAuthMechanism(new UserProvided($l10n, $credentialsManager)); + $mount2->setAuthMechanism(new SessionCredentials($l10n, $session, $crypto)); $mount2->setBackend(new Local($l10n, new NullMechanism($l10n))); $input = $this->getInput($instance, [], [ 'output' => 'json'