Squashed commit of the following:
commit ae1f68ac54cf2878d265b2bbce13bd600d2d0719 Author: Thomas Müller <thomas.mueller@tmit.eu> Date: Thu Aug 22 11:45:27 2013 +0200 fixing undefined variable commit 982f327ca10eea0a2222eae3e74210648591fd8a Author: Thomas Müller <thomas.mueller@tmit.eu> Date: Wed Aug 7 12:00:14 2013 +0200 adding login.php as alternative for index.php/login commit da0d7e1d096fb80789524b01f0f96fe08d147943 Author: Thomas Müller <thomas.mueller@tmit.eu> Date: Wed Aug 7 11:36:12 2013 +0200 adding a route for web login commit 8e2a01160485cf7e9a2eb8bf46f06fae73956e8e Author: Karl Beecher <karl@endocode.com> Date: Tue Aug 6 17:00:28 2013 +0200 Login attempt returns true instead of exiting immediately commit fd89d55de9e71e986e03a0de9aad9407b632e22f Author: Karl Beecher <karl@endocode.com> Date: Mon Aug 5 15:31:30 2013 +0200 Further abstraction. This change introduces the ApacheBackend interface for backends that depend on Apache authentication and session management. There are no longer references to specific backends in OC_User. commit 469cfd98aea5a37985722cf5f9e00ece0ce38178 Author: Karl Beecher <karl@endocode.com> Date: Thu Aug 1 15:46:36 2013 +0200 Make login attempt function protected. commit d803515f19ff086e2028fcaa51afae579685e596 Author: Karl Beecher <karl@endocode.com> Date: Wed Jul 31 16:00:22 2013 +0200 Amends the login link When using a Shibboleth login, clicking logout displays a message to the user instead of ending the session. commit aa8c1fcea05c8268f26a10b21c4e0bc547c3414f Author: Karl Beecher <karl@endocode.com> Date: Tue Jul 30 13:15:59 2013 +0200 Abstract Shibboleth authentication into an Apache authentication method commit 69082f2ebcab267f6e8eceb1a252f84c52236546 Author: Karl Beecher <karl@endocode.com> Date: Tue Jul 30 11:22:26 2013 +0200 Convert spaces -> tabs commit 5a80861d86855eec5906fd5e235ac4ff12efb0f2 Author: Karl Beecher <karl@endocode.com> Date: Mon Jul 29 17:40:48 2013 +0200 Separate the authentication methods SABRE authentication and base authentication have slightly different workings right now. They should be refactored into a common method later, but time pressure requires us to reinvent the wheel slightly. commit dc20a9f8764b103b7d8c5b713f2bcdae18708b65 Author: Karl Beecher <karl@endocode.com> Date: Mon Jul 29 17:07:07 2013 +0200 Authenicate calls to WebDAV against Shibboleth. When using WebDAV, the OC_Connector_Sabre_Auth::authenticate method is normally called without trying the Shibboleth authentication... thus the session is not established. The method now tries Shib authentication, setting up a session if the user has already authenticated. commit 091e4861b2246c4084c9b30e232289fde4ba1abf Author: Karl Beecher <karl@endocode.com> Date: Mon Jul 29 14:04:54 2013 +0200 Sets up the Shibboleth login attempt. commit bae710ec0579ef99b23022cc12f6876c5fe6b0d5 Author: Karl Beecher <karl@endocode.com> Date: Mon Jul 29 12:36:44 2013 +0200 Add a method for attempting shibboleth login. If the PHP_AUTH_USER and EPPN environment variables are set, attempt a Shibboleth (passwordless) login. commit 667d0710a7854e58fb109201d9cee6ec064e793a Author: Karl Beecher <karl@endocode.com> Date: Mon Jul 29 11:38:04 2013 +0200 Revert "Adds the apps2 folder with user_shibboleth backend." This reverts commit 7abbdb64676d667b0c69aca37becdc47e56dc7ef. commit 7abbdb64676d667b0c69aca37becdc47e56dc7ef Author: Karl Beecher <karl@endocode.com> Date: Mon Jul 29 11:28:06 2013 +0200 Adds the apps2 folder with user_shibboleth backend. Conflicts: core/templates/layout.user.php lib/base.php
This commit is contained in:
parent
b58a464b86
commit
d8ada370d7
|
@ -6,6 +6,8 @@
|
|||
<!--[if gt IE 9]><html class="ng-csp ie"><![endif]-->
|
||||
<!--[if !IE]><!--><html class="ng-csp"><!--<![endif]-->
|
||||
|
||||
<?php $defaults = new OC_Defaults(); // initialize themable default strings and urls ?>
|
||||
|
||||
<head data-user="<?php p($_['user_uid']); ?>" data-requesttoken="<?php p($_['requesttoken']); ?>">
|
||||
<title>
|
||||
<?php p(!empty($_['application'])?$_['application'].' | ':'');
|
||||
|
@ -64,7 +66,7 @@
|
|||
</li>
|
||||
<?php endforeach; ?>
|
||||
<li>
|
||||
<a id="logout" href="<?php print_unescaped(link_to('', 'index.php')); ?>?logout=true">
|
||||
<a id="logout" <?php print OC_User::getLogoutAttribute(); ?>>
|
||||
<img class="svg" alt="" src="<?php print_unescaped(image_path('', 'actions/logout.svg')); ?>" />
|
||||
<?php p($l->t('Log out'));?>
|
||||
</a>
|
||||
|
|
22
lib/base.php
22
lib/base.php
|
@ -489,6 +489,11 @@ class OC {
|
|||
|
||||
if (isset($_SERVER['PHP_AUTH_USER']) && self::$session->exists('user_id')
|
||||
&& $_SERVER['PHP_AUTH_USER'] != self::$session->get('user_id')) {
|
||||
$sessionUser = self::$session->get('user_id');
|
||||
$serverUser = $_SERVER['PHP_AUTH_USER'];
|
||||
OC_Log::write('core',
|
||||
"Session user-id doesn't match PHP_AUTH_USER. SESSION[user_id]: $sessionUser; SERVER[PHP_AUTH_USER]: $serverUser.",
|
||||
OC_Log::WARN);
|
||||
OC_User::logout();
|
||||
}
|
||||
|
||||
|
@ -740,11 +745,22 @@ class OC {
|
|||
}
|
||||
}
|
||||
|
||||
public static function login($params) {
|
||||
if (OC_User::isLoggedIn()) {
|
||||
header("Location: " . OC::$WEBROOT . '/');
|
||||
exit();
|
||||
}
|
||||
self::handleLogin();
|
||||
}
|
||||
|
||||
protected static function handleLogin() {
|
||||
OC_App::loadApps(array('prelogin'));
|
||||
$error = array();
|
||||
if (OC::tryApacheAuth()) {
|
||||
|
||||
}
|
||||
// remember was checked after last login
|
||||
if (OC::tryRememberLogin()) {
|
||||
elseif (OC::tryRememberLogin()) {
|
||||
$error[] = 'invalidcookie';
|
||||
// Someone wants to log in :
|
||||
} elseif (OC::tryFormLogin()) {
|
||||
|
@ -765,6 +781,10 @@ class OC {
|
|||
}
|
||||
}
|
||||
|
||||
protected static function tryApacheAuth() {
|
||||
return OC_User::handleApacheAuth(false);
|
||||
}
|
||||
|
||||
protected static function tryRememberLogin() {
|
||||
if (!isset($_COOKIE["oc_remember_login"])
|
||||
|| !isset($_COOKIE["oc_token"])
|
||||
|
|
|
@ -72,6 +72,10 @@ class OC_Connector_Sabre_Auth extends Sabre_DAV_Auth_Backend_AbstractBasic {
|
|||
* @return bool
|
||||
*/
|
||||
public function authenticate(Sabre_DAV_Server $server, $realm) {
|
||||
if (OC_User::handleApacheAuth(true)) {
|
||||
return true;
|
||||
}
|
||||
|
||||
if (OC_User::isLoggedIn()) {
|
||||
$user = OC_User::getUser();
|
||||
OC_Util::setupFS($user);
|
||||
|
|
|
@ -0,0 +1,41 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* ownCloud - Apache backend
|
||||
*
|
||||
* @author Karl Beecher
|
||||
* @copyright 2013 Karl Beecher - karl@endocode.com
|
||||
*
|
||||
* This library is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
|
||||
* License as published by the Free Software Foundation; either
|
||||
* version 3 of the License, or any later version.
|
||||
*
|
||||
* This library is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public
|
||||
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
|
||||
*
|
||||
*/
|
||||
|
||||
namespace OCP;
|
||||
|
||||
interface ApacheBackend {
|
||||
|
||||
/**
|
||||
* @return Returns whether Apache reports a user is currently logged in.
|
||||
*/
|
||||
public function isSessionActive();
|
||||
|
||||
/**
|
||||
* Creates an attribute which is added to the logout hyperlink. It can
|
||||
* supply any attribute(s) which are valid for <a>.
|
||||
*
|
||||
* @return String with one or more HTML attributes.
|
||||
*/
|
||||
public function getLogoutAttribute();
|
||||
|
||||
}
|
77
lib/user.php
77
lib/user.php
|
@ -213,6 +213,64 @@ class OC_User {
|
|||
return self::getUserSession()->login($uid, $password);
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief Try to login a user, assuming authentication
|
||||
* has already happened (e.g. via SSO).
|
||||
*
|
||||
* Log in a user and regenerate a new session.
|
||||
*/
|
||||
public static function loginWithApache() {
|
||||
|
||||
$uid = $_SERVER["PHP_AUTH_USER"];
|
||||
$run = true;
|
||||
OC_Hook::emit( "OC_User", "pre_login", array( "run" => &$run, "uid" => $uid ));
|
||||
|
||||
$enabled = self::isEnabled($uid);
|
||||
if($uid && $enabled) {
|
||||
session_regenerate_id(true);
|
||||
self::setUserId($uid);
|
||||
self::setDisplayName($uid);
|
||||
OC_Hook::emit( "OC_User", "post_login", array( "uid" => $uid, 'password'=>'' ));
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief Verify with Apache whether user is authenticated.
|
||||
* @note Currently supports only Shibboleth.
|
||||
*
|
||||
* @param $isWebdav Is this request done using webdav.
|
||||
* @return true: authenticated - false: not authenticated
|
||||
*/
|
||||
public static function handleApacheAuth($isWebdav = false) {
|
||||
foreach (self::$_usedBackends as $backend) {
|
||||
if ($backend instanceof OCP\ApacheBackend) {
|
||||
if ($backend->isSessionActive()) {
|
||||
OC_App::loadApps();
|
||||
|
||||
//setup extra user backends
|
||||
self::setupBackends();
|
||||
self::unsetMagicInCookie();
|
||||
|
||||
if (self::loginWithApache()) {
|
||||
if (! $isWebdav) {
|
||||
$_REQUEST['redirect_url'] = \OC_Request::requestUri();
|
||||
OC_Util::redirectToDefaultPage();
|
||||
return true;
|
||||
}
|
||||
else {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* @brief Sets user id for session and triggers emit
|
||||
*/
|
||||
|
@ -259,6 +317,25 @@ class OC_User {
|
|||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Supplies an attribute to the logout hyperlink. The default behaviuour
|
||||
* is to return an href with '?logout=true' appended. However, it can
|
||||
* supply any attribute(s) which are valid for <a>.
|
||||
*
|
||||
* @return String with one or more HTML attributes.
|
||||
*/
|
||||
public static function getLogoutAttribute() {
|
||||
foreach (self::$_usedBackends as $backend) {
|
||||
if ($backend instanceof OCP\ApacheBackend) {
|
||||
if ($backend->isSessionActive()) {
|
||||
return $backend->getLogoutAttribute();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return print_unescaped("href=".link_to('', 'index.php'))."?logout=true";
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief Check if the user is an admin user
|
||||
* @param string $uid uid of the admin
|
||||
|
|
Loading…
Reference in New Issue