token based auth
* Add InvalidTokenException * add DefaultTokenMapper and use it to check if a auth token exists * create new token for the browser session if none exists hash stored token; save user agent * encrypt login password when creating the token
This commit is contained in:
parent
f39e163d4a
commit
d8cde414bd
|
@ -1,6 +1,7 @@
|
|||
<?php
|
||||
/**
|
||||
* @author Bernhard Posselt <dev@bernhard-posselt.com>
|
||||
* @author Christoph Wurst <christoph@owncloud.com>
|
||||
* @author Lukas Reschke <lukas@owncloud.com>
|
||||
* @author Morris Jobke <hey@morrisjobke.de>
|
||||
* @author Roeland Jago Douma <rullzer@owncloud.com>
|
||||
|
@ -28,12 +29,13 @@ namespace OC\Core;
|
|||
|
||||
use OC\AppFramework\Utility\SimpleContainer;
|
||||
use OC\AppFramework\Utility\TimeFactory;
|
||||
use OC\Core\Controller\AvatarController;
|
||||
use OC\Core\Controller\LoginController;
|
||||
use \OCP\AppFramework\App;
|
||||
use OC\Core\Controller\LostController;
|
||||
use OC\Core\Controller\UserController;
|
||||
use OC\Core\Controller\AvatarController;
|
||||
use \OCP\Util;
|
||||
use OC_Defaults;
|
||||
use OCP\AppFramework\App;
|
||||
use OCP\Util;
|
||||
|
||||
/**
|
||||
* Class Application
|
||||
|
@ -132,6 +134,9 @@ class Application extends App {
|
|||
$container->registerService('UserSession', function(SimpleContainer $c) {
|
||||
return $c->query('ServerContainer')->getUserSession();
|
||||
});
|
||||
$container->registerService('Session', function(SimpleContainer $c) {
|
||||
return $c->query('ServerContainer')->getSession();
|
||||
});
|
||||
$container->registerService('Cache', function(SimpleContainer $c) {
|
||||
return $c->query('ServerContainer')->getCache();
|
||||
});
|
||||
|
@ -139,7 +144,7 @@ class Application extends App {
|
|||
return $c->query('ServerContainer')->getUserFolder();
|
||||
});
|
||||
$container->registerService('Defaults', function() {
|
||||
return new \OC_Defaults;
|
||||
return new OC_Defaults;
|
||||
});
|
||||
$container->registerService('Mailer', function(SimpleContainer $c) {
|
||||
return $c->query('ServerContainer')->getMailer();
|
||||
|
|
|
@ -1,5 +1,7 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* @author Christoph Wurst <christoph@owncloud.com>
|
||||
* @author Lukas Reschke <lukas@owncloud.com>
|
||||
*
|
||||
* @copyright Copyright (c) 2016, ownCloud, Inc.
|
||||
|
@ -21,7 +23,11 @@
|
|||
|
||||
namespace OC\Core\Controller;
|
||||
|
||||
use OC\Setup;
|
||||
use OC;
|
||||
use OC\User\Session;
|
||||
use OC_App;
|
||||
use OC_User;
|
||||
use OC_Util;
|
||||
use OCP\AppFramework\Controller;
|
||||
use OCP\AppFramework\Http\RedirectResponse;
|
||||
use OCP\AppFramework\Http\TemplateResponse;
|
||||
|
@ -31,17 +37,21 @@ use OCP\ISession;
|
|||
use OCP\IURLGenerator;
|
||||
use OCP\IUser;
|
||||
use OCP\IUserManager;
|
||||
use OCP\IUserSession;
|
||||
|
||||
class LoginController extends Controller {
|
||||
|
||||
/** @var IUserManager */
|
||||
private $userManager;
|
||||
|
||||
/** @var IConfig */
|
||||
private $config;
|
||||
|
||||
/** @var ISession */
|
||||
private $session;
|
||||
/** @var IUserSession */
|
||||
|
||||
/** @var Session */
|
||||
private $userSession;
|
||||
|
||||
/** @var IURLGenerator */
|
||||
private $urlGenerator;
|
||||
|
||||
|
@ -51,16 +61,12 @@ class LoginController extends Controller {
|
|||
* @param IUserManager $userManager
|
||||
* @param IConfig $config
|
||||
* @param ISession $session
|
||||
* @param IUserSession $userSession
|
||||
* @param Session $userSession
|
||||
* @param IURLGenerator $urlGenerator
|
||||
*/
|
||||
function __construct($appName,
|
||||
IRequest $request,
|
||||
IUserManager $userManager,
|
||||
IConfig $config,
|
||||
ISession $session,
|
||||
IUserSession $userSession,
|
||||
IURLGenerator $urlGenerator) {
|
||||
function __construct($appName, IRequest $request, IUserManager $userManager,
|
||||
IConfig $config, ISession $session, Session $userSession,
|
||||
IURLGenerator $urlGenerator) {
|
||||
parent::__construct($appName, $request);
|
||||
$this->userManager = $userManager;
|
||||
$this->config = $config;
|
||||
|
@ -96,18 +102,16 @@ class LoginController extends Controller {
|
|||
*
|
||||
* @return TemplateResponse
|
||||
*/
|
||||
public function showLoginForm($user,
|
||||
$redirect_url,
|
||||
$remember_login) {
|
||||
if($this->userSession->isLoggedIn()) {
|
||||
return new RedirectResponse(\OC_Util::getDefaultPageUrl());
|
||||
public function showLoginForm($user, $redirect_url, $remember_login) {
|
||||
if ($this->userSession->isLoggedIn()) {
|
||||
return new RedirectResponse(OC_Util::getDefaultPageUrl());
|
||||
}
|
||||
|
||||
$parameters = array();
|
||||
$loginMessages = $this->session->get('loginMessages');
|
||||
$errors = [];
|
||||
$messages = [];
|
||||
if(is_array($loginMessages)) {
|
||||
if (is_array($loginMessages)) {
|
||||
list($errors, $messages) = $loginMessages;
|
||||
}
|
||||
$this->session->remove('loginMessages');
|
||||
|
@ -137,8 +141,8 @@ class LoginController extends Controller {
|
|||
}
|
||||
}
|
||||
|
||||
$parameters['alt_login'] = \OC_App::getAlternativeLogIns();
|
||||
$parameters['rememberLoginAllowed'] = \OC_Util::rememberLoginAllowed();
|
||||
$parameters['alt_login'] = OC_App::getAlternativeLogIns();
|
||||
$parameters['rememberLoginAllowed'] = OC_Util::rememberLoginAllowed();
|
||||
$parameters['rememberLoginState'] = !empty($remember_login) ? $remember_login : 0;
|
||||
|
||||
if (!is_null($user) && $user !== '') {
|
||||
|
@ -150,11 +154,36 @@ class LoginController extends Controller {
|
|||
}
|
||||
|
||||
return new TemplateResponse(
|
||||
$this->appName,
|
||||
'login',
|
||||
$parameters,
|
||||
'guest'
|
||||
$this->appName, 'login', $parameters, 'guest'
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* @NoCSRFRequired
|
||||
* @PublicPage
|
||||
* @UseSession
|
||||
*
|
||||
* @param string $user
|
||||
* @param string $password
|
||||
* @param string $redirect_url
|
||||
* @return RedirectResponse
|
||||
*/
|
||||
public function tryLogin($user, $password, $redirect_url) {
|
||||
// TODO: Add all the insane error handling
|
||||
if ($this->userManager->checkPassword($user, $password) === false) {
|
||||
return new RedirectResponse($this->urlGenerator->linkToRoute('login#showLoginForm'));
|
||||
}
|
||||
$this->userSession->createSessionToken($user, $password);
|
||||
if (!is_null($redirect_url) && $this->userSession->isLoggedIn()) {
|
||||
$location = OC::$server->getURLGenerator()->getAbsoluteURL(urldecode($redirect_url));
|
||||
// Deny the redirect if the URL contains a @
|
||||
// This prevents unvalidated redirects like ?redirect_url=:user@domain.com
|
||||
if (strpos($location, '@') === false) {
|
||||
return new RedirectResponse($location);
|
||||
}
|
||||
}
|
||||
// TODO: Show invalid login warning
|
||||
return new RedirectResponse($this->urlGenerator->linkTo('files', 'index'));
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -42,9 +42,10 @@ $application->registerRoutes($this, [
|
|||
['name' => 'avatar#postCroppedAvatar', 'url' => '/avatar/cropped', 'verb' => 'POST'],
|
||||
['name' => 'avatar#getTmpAvatar', 'url' => '/avatar/tmp', 'verb' => 'GET'],
|
||||
['name' => 'avatar#postAvatar', 'url' => '/avatar/', 'verb' => 'POST'],
|
||||
['name' => 'login#tryLogin', 'url' => '/login', 'verb' => 'POST'],
|
||||
['name' => 'login#showLoginForm', 'url' => '/login', 'verb' => 'GET'],
|
||||
['name' => 'login#logout', 'url' => '/logout', 'verb' => 'GET'],
|
||||
]
|
||||
],
|
||||
]);
|
||||
|
||||
// Post installation check
|
||||
|
|
|
@ -9,7 +9,7 @@ script('core', [
|
|||
?>
|
||||
|
||||
<!--[if IE 8]><style>input[type="checkbox"]{padding:0;}</style><![endif]-->
|
||||
<form method="post" name="login" action="<?php p(OC::$WEBROOT) ?>/">
|
||||
<form method="post" name="login">
|
||||
<fieldset>
|
||||
<?php if (!empty($_['redirect_url'])) {
|
||||
print_unescaped('<input type="hidden" name="redirect_url" value="' . \OCP\Util::sanitizeHTML($_['redirect_url']) . '">');
|
||||
|
|
|
@ -1031,6 +1031,66 @@
|
|||
|
||||
</table>
|
||||
|
||||
<table>
|
||||
<name>*dbprefix*authtoken</name>
|
||||
|
||||
<declaration>
|
||||
|
||||
<field>
|
||||
<name>id</name>
|
||||
<type>integer</type>
|
||||
<default>0</default>
|
||||
<notnull>true</notnull>
|
||||
<autoincrement>1</autoincrement>
|
||||
<unsigned>true</unsigned>
|
||||
<length>4</length>
|
||||
</field>
|
||||
|
||||
<!-- Foreign Key users::uid -->
|
||||
<field>
|
||||
<name>uid</name>
|
||||
<type>text</type>
|
||||
<default></default>
|
||||
<notnull>true</notnull>
|
||||
<length>64</length>
|
||||
</field>
|
||||
|
||||
<field>
|
||||
<name>password</name>
|
||||
<type>text</type>
|
||||
<default></default>
|
||||
<notnull>true</notnull>
|
||||
<length>100</length>
|
||||
</field>
|
||||
|
||||
<field>
|
||||
<name>name</name>
|
||||
<type>text</type>
|
||||
<default></default>
|
||||
<notnull>true</notnull>
|
||||
<length>100</length>
|
||||
</field>
|
||||
|
||||
<field>
|
||||
<name>token</name>
|
||||
<type>text</type>
|
||||
<default></default>
|
||||
<notnull>true</notnull>
|
||||
<length>100</length>
|
||||
</field>
|
||||
|
||||
<index>
|
||||
<name>authtoken_token_index</name>
|
||||
<unique>true</unique>
|
||||
<field>
|
||||
<name>token</name>
|
||||
<sorting>ascending</sorting>
|
||||
</field>
|
||||
</index>
|
||||
|
||||
</declaration>
|
||||
</table>
|
||||
|
||||
<table>
|
||||
|
||||
<!--
|
||||
|
|
176
lib/base.php
176
lib/base.php
|
@ -856,7 +856,10 @@ class OC {
|
|||
} else {
|
||||
// For guests: Load only filesystem and logging
|
||||
OC_App::loadApps(array('filesystem', 'logging'));
|
||||
\OC_User::tryBasicAuthLogin();
|
||||
$userSession = self::$server->getUserSession();
|
||||
if (!$userSession->tryTokenLogin()) {
|
||||
$userSession->tryBasicAuthLogin();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -878,17 +881,6 @@ class OC {
|
|||
}
|
||||
}
|
||||
|
||||
// Handle redirect URL for logged in users
|
||||
if (isset($_REQUEST['redirect_url']) && OC_User::isLoggedIn()) {
|
||||
$location = \OC::$server->getURLGenerator()->getAbsoluteURL(urldecode($_REQUEST['redirect_url']));
|
||||
|
||||
// Deny the redirect if the URL contains a @
|
||||
// This prevents unvalidated redirects like ?redirect_url=:user@domain.com
|
||||
if (strpos($location, '@') === false) {
|
||||
header('Location: ' . $location);
|
||||
return;
|
||||
}
|
||||
}
|
||||
// Handle WebDAV
|
||||
if ($_SERVER['REQUEST_METHOD'] == 'PROPFIND') {
|
||||
// not allowed any more to prevent people
|
||||
|
@ -904,11 +896,12 @@ class OC {
|
|||
OC_App::loadApps();
|
||||
OC_User::setupBackends();
|
||||
OC_Util::setupFS();
|
||||
// FIXME
|
||||
// Redirect to default application
|
||||
OC_Util::redirectToDefaultPage();
|
||||
} else {
|
||||
// Not handled and not logged in
|
||||
self::handleLogin();
|
||||
header('Location: '.\OC::$server->getURLGenerator()->linkToRouteAbsolute('core.login.showLoginForm'));
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -932,163 +925,6 @@ class OC {
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
protected static function handleLogin() {
|
||||
OC_App::loadApps(array('prelogin'));
|
||||
$error = array();
|
||||
$messages = [];
|
||||
|
||||
try {
|
||||
// auth possible via apache module?
|
||||
if (OC::tryApacheAuth()) {
|
||||
$error[] = 'apacheauthfailed';
|
||||
} // remember was checked after last login
|
||||
elseif (OC::tryRememberLogin()) {
|
||||
$error[] = 'invalidcookie';
|
||||
} // logon via web form
|
||||
elseif (OC::tryFormLogin()) {
|
||||
$error[] = 'invalidpassword';
|
||||
}
|
||||
} catch (\OC\User\LoginException $e) {
|
||||
$messages[] = $e->getMessage();
|
||||
} catch (\Exception $ex) {
|
||||
\OCP\Util::logException('handleLogin', $ex);
|
||||
// do not disclose information. show generic error
|
||||
$error[] = 'internalexception';
|
||||
}
|
||||
|
||||
if(!\OC::$server->getUserSession()->isLoggedIn()) {
|
||||
$loginMessages = array(array_unique($error), $messages);
|
||||
\OC::$server->getSession()->set('loginMessages', $loginMessages);
|
||||
// Read current user and append if possible
|
||||
$args = [];
|
||||
if(isset($_POST['user'])) {
|
||||
$args['user'] = $_POST['user'];
|
||||
}
|
||||
|
||||
$redirectionTarget = \OC::$server->getURLGenerator()->linkToRoute('core.login.showLoginForm', $args);
|
||||
header('Location: ' . $redirectionTarget);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Remove outdated and therefore invalid tokens for a user
|
||||
* @param string $user
|
||||
*/
|
||||
protected static function cleanupLoginTokens($user) {
|
||||
$config = \OC::$server->getConfig();
|
||||
$cutoff = time() - $config->getSystemValue('remember_login_cookie_lifetime', 60 * 60 * 24 * 15);
|
||||
$tokens = $config->getUserKeys($user, 'login_token');
|
||||
foreach ($tokens as $token) {
|
||||
$time = $config->getUserValue($user, 'login_token', $token);
|
||||
if ($time < $cutoff) {
|
||||
$config->deleteUserValue($user, 'login_token', $token);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Try to login a user via HTTP authentication
|
||||
* @return bool|void
|
||||
*/
|
||||
protected static function tryApacheAuth() {
|
||||
$return = OC_User::handleApacheAuth();
|
||||
|
||||
// if return is true we are logged in -> redirect to the default page
|
||||
if ($return === true) {
|
||||
$_REQUEST['redirect_url'] = \OC::$server->getRequest()->getRequestUri();
|
||||
OC_Util::redirectToDefaultPage();
|
||||
exit;
|
||||
}
|
||||
|
||||
// in case $return is null apache based auth is not enabled
|
||||
return is_null($return) ? false : true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Try to login a user using the remember me cookie.
|
||||
* @return bool Whether the provided cookie was valid
|
||||
*/
|
||||
protected static function tryRememberLogin() {
|
||||
if (!isset($_COOKIE["oc_remember_login"])
|
||||
|| !isset($_COOKIE["oc_token"])
|
||||
|| !isset($_COOKIE["oc_username"])
|
||||
|| !$_COOKIE["oc_remember_login"]
|
||||
|| !OC_Util::rememberLoginAllowed()
|
||||
) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (\OC::$server->getConfig()->getSystemValue('debug', false)) {
|
||||
\OCP\Util::writeLog('core', 'Trying to login from cookie', \OCP\Util::DEBUG);
|
||||
}
|
||||
|
||||
if(OC_User::userExists($_COOKIE['oc_username'])) {
|
||||
self::cleanupLoginTokens($_COOKIE['oc_username']);
|
||||
// verify whether the supplied "remember me" token was valid
|
||||
$granted = OC_User::loginWithCookie(
|
||||
$_COOKIE['oc_username'], $_COOKIE['oc_token']);
|
||||
if($granted === true) {
|
||||
OC_Util::redirectToDefaultPage();
|
||||
// doesn't return
|
||||
}
|
||||
\OCP\Util::writeLog('core', 'Authentication cookie rejected for user ' .
|
||||
$_COOKIE['oc_username'], \OCP\Util::WARN);
|
||||
// if you reach this point you have changed your password
|
||||
// or you are an attacker
|
||||
// we can not delete tokens here because users may reach
|
||||
// this point multiple times after a password change
|
||||
}
|
||||
|
||||
OC_User::unsetMagicInCookie();
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Tries to login a user using the form based authentication
|
||||
* @return bool|void
|
||||
*/
|
||||
protected static function tryFormLogin() {
|
||||
if (!isset($_POST["user"]) || !isset($_POST['password'])) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if(!(\OC::$server->getRequest()->passesCSRFCheck())) {
|
||||
return false;
|
||||
}
|
||||
OC_App::loadApps();
|
||||
|
||||
//setup extra user backends
|
||||
OC_User::setupBackends();
|
||||
|
||||
if (OC_User::login((string)$_POST["user"], (string)$_POST["password"])) {
|
||||
$userId = OC_User::getUser();
|
||||
|
||||
// setting up the time zone
|
||||
if (isset($_POST['timezone-offset'])) {
|
||||
self::$server->getSession()->set('timezone', (string)$_POST['timezone-offset']);
|
||||
self::$server->getConfig()->setUserValue($userId, 'core', 'timezone', (string)$_POST['timezone']);
|
||||
}
|
||||
|
||||
self::cleanupLoginTokens($userId);
|
||||
if (!empty($_POST["remember_login"])) {
|
||||
$config = self::$server->getConfig();
|
||||
if ($config->getSystemValue('debug', false)) {
|
||||
self::$server->getLogger()->debug('Setting remember login to cookie', array('app' => 'core'));
|
||||
}
|
||||
$token = \OC::$server->getSecureRandom()->generate(32);
|
||||
$config->setUserValue($userId, 'login_token', $token, time());
|
||||
OC_User::setMagicInCookie($userId, $token);
|
||||
} else {
|
||||
OC_User::unsetMagicInCookie();
|
||||
}
|
||||
OC_Util::redirectToDefaultPage();
|
||||
exit();
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
OC::init();
|
||||
|
|
|
@ -0,0 +1,29 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* @author Christoph Wurst <christoph@owncloud.com>
|
||||
*
|
||||
* @copyright Copyright (c) 2016, ownCloud, Inc.
|
||||
* @license AGPL-3.0
|
||||
*
|
||||
* This code is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License, version 3,
|
||||
* as published by the Free Software Foundation.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License, version 3,
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>
|
||||
*
|
||||
*/
|
||||
|
||||
namespace OC\Authentication\Exceptions;
|
||||
|
||||
use Exception;
|
||||
|
||||
class InvalidTokenException extends Exception {
|
||||
|
||||
}
|
|
@ -0,0 +1,58 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* @author Christoph Wurst <christoph@owncloud.com>
|
||||
*
|
||||
* @copyright Copyright (c) 2016, ownCloud, Inc.
|
||||
* @license AGPL-3.0
|
||||
*
|
||||
* This code is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License, version 3,
|
||||
* as published by the Free Software Foundation.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License, version 3,
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>
|
||||
*
|
||||
*/
|
||||
|
||||
namespace OC\Authentication\Token;
|
||||
|
||||
use OCP\AppFramework\Db\Entity;
|
||||
|
||||
class DefaultToken extends Entity implements IToken {
|
||||
|
||||
/**
|
||||
* @var string user UID
|
||||
*/
|
||||
protected $uid;
|
||||
|
||||
/**
|
||||
* @var string encrypted user password
|
||||
*/
|
||||
protected $password;
|
||||
|
||||
/**
|
||||
* @var string token name (e.g. browser/OS)
|
||||
*/
|
||||
protected $name;
|
||||
|
||||
/**
|
||||
* @var string
|
||||
*/
|
||||
protected $token;
|
||||
|
||||
/**
|
||||
* Get the token ID
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
public function getId() {
|
||||
return $token;
|
||||
}
|
||||
|
||||
}
|
|
@ -0,0 +1,43 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* @author Christoph Wurst <christoph@owncloud.com>
|
||||
*
|
||||
* @copyright Copyright (c) 2016, ownCloud, Inc.
|
||||
* @license AGPL-3.0
|
||||
*
|
||||
* This code is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License, version 3,
|
||||
* as published by the Free Software Foundation.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License, version 3,
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>
|
||||
*
|
||||
*/
|
||||
|
||||
namespace OC\Authentication\Token;
|
||||
|
||||
use OCP\AppFramework\Db\Mapper;
|
||||
use OCP\IDBConnection;
|
||||
|
||||
class DefaultTokenMapper extends Mapper {
|
||||
|
||||
public function __construct(IDBConnection $db) {
|
||||
parent::__construct($db, 'authtoken');
|
||||
}
|
||||
|
||||
public function getTokenUser($token) {
|
||||
$sql = 'SELECT `uid` '
|
||||
. 'FROM `' . $this->getTableName() . '` '
|
||||
. 'WHERE `token` = ?';
|
||||
return $this->findEntity($sql, [
|
||||
$token
|
||||
]);
|
||||
}
|
||||
|
||||
}
|
|
@ -0,0 +1,91 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* @author Christoph Wurst <christoph@owncloud.com>
|
||||
*
|
||||
* @copyright Copyright (c) 2016, ownCloud, Inc.
|
||||
* @license AGPL-3.0
|
||||
*
|
||||
* This code is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License, version 3,
|
||||
* as published by the Free Software Foundation.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License, version 3,
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>
|
||||
*
|
||||
*/
|
||||
|
||||
namespace OC\Authentication\Token;
|
||||
|
||||
use OC\Authentication\Exceptions\InvalidTokenException;
|
||||
use OCP\AppFramework\Db\DoesNotExistException;
|
||||
use OCP\IConfig;
|
||||
use OCP\ILogger;
|
||||
use OCP\Security\ICrypto;
|
||||
|
||||
class DefaultTokenProvider implements IProvider {
|
||||
|
||||
/** @var DefaultTokenMapper */
|
||||
private $mapper;
|
||||
|
||||
/** @var ICrypto */
|
||||
private $crypto;
|
||||
|
||||
/** @var IConfig */
|
||||
private $config;
|
||||
|
||||
/** @var ILogger $logger */
|
||||
private $logger;
|
||||
|
||||
public function __construct(DefaultTokenMapper $mapper, ICrypto $crypto,
|
||||
IConfig $config, ILogger $logger) {
|
||||
$this->mapper = $mapper;
|
||||
$this->crypto = $crypto;
|
||||
$this->config = $config;
|
||||
$this->logger = $logger;
|
||||
}
|
||||
|
||||
/**
|
||||
* Create and persist a new token
|
||||
*
|
||||
* @param string $token
|
||||
* @param string $uid
|
||||
* @param string $password
|
||||
* @return DefaultToken
|
||||
*/
|
||||
public function generateToken($token, $uid, $password, $name) {
|
||||
$dbToken = new DefaultToken();
|
||||
$dbToken->setUid($uid);
|
||||
$secret = $this->config->getSystemValue('secret');
|
||||
$dbToken->setPassword($this->crypto->encrypt($password . $secret));
|
||||
$dbToken->setName($name);
|
||||
$dbToken->setToken(hash('sha512', $token));
|
||||
|
||||
$this->mapper->insert($dbToken);
|
||||
|
||||
return $dbToken;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string $token
|
||||
* @throws InvalidTokenException
|
||||
* @return string user UID
|
||||
*/
|
||||
public function validateToken($token) {
|
||||
$this->logger->debug('validating default token <' . $token . '>');
|
||||
try {
|
||||
$dbToken = $this->mapper->getTokenUser(hash('sha512', $token));
|
||||
$this->logger->debug('valid token for ' . $dbToken->getUid());
|
||||
return $dbToken->getUid();
|
||||
} catch (DoesNotExistException $ex) {
|
||||
$this->logger->warning('invalid token');
|
||||
throw new InvalidTokenException();
|
||||
}
|
||||
}
|
||||
|
||||
}
|
|
@ -0,0 +1,35 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* @author Christoph Wurst <christoph@owncloud.com>
|
||||
*
|
||||
* @copyright Copyright (c) 2016, ownCloud, Inc.
|
||||
* @license AGPL-3.0
|
||||
*
|
||||
* This code is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License, version 3,
|
||||
* as published by the Free Software Foundation.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License, version 3,
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>
|
||||
*
|
||||
*/
|
||||
|
||||
namespace OC\Authentication\Token;
|
||||
|
||||
use OC\Authentication\Exceptions\InvalidTokenException;
|
||||
|
||||
interface IProvider {
|
||||
|
||||
/**
|
||||
* @param string $token
|
||||
* @throws InvalidTokenException
|
||||
* @return string user UID
|
||||
*/
|
||||
public function validateToken($token);
|
||||
}
|
|
@ -0,0 +1,36 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* @author Christoph Wurst <christoph@owncloud.com>
|
||||
*
|
||||
* @copyright Copyright (c) 2016, ownCloud, Inc.
|
||||
* @license AGPL-3.0
|
||||
*
|
||||
* This code is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License, version 3,
|
||||
* as published by the Free Software Foundation.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License, version 3,
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>
|
||||
*
|
||||
*/
|
||||
|
||||
namespace OC\Authentication\Token;
|
||||
|
||||
/**
|
||||
* @since 9.1.0
|
||||
*/
|
||||
interface IToken {
|
||||
|
||||
/**
|
||||
* Get the token ID
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
public function getId();
|
||||
}
|
|
@ -5,6 +5,7 @@
|
|||
* @author Bernhard Posselt <dev@bernhard-posselt.com>
|
||||
* @author Bernhard Reiter <ockham@raz.or.at>
|
||||
* @author Björn Schießle <schiessle@owncloud.com>
|
||||
* @author Christoph Wurst <christoph@owncloud.com>
|
||||
* @author Christopher Schäpers <kondou@ts.unde.re>
|
||||
* @author Joas Schilling <nickvergessen@owncloud.com>
|
||||
* @author Jörn Friedrich Dreyer <jfd@butonic.de>
|
||||
|
@ -208,12 +209,26 @@ class Server extends ServerContainer implements IServerContainer {
|
|||
});
|
||||
return $groupManager;
|
||||
});
|
||||
$this->registerService('DefaultTokenMapper', function (Server $c) {
|
||||
$dbConnection = $c->getDatabaseConnection();
|
||||
return new Authentication\Token\DefaultTokenMapper($dbConnection);
|
||||
});
|
||||
$this->registerService('DefaultTokenProvider', function (Server $c) {
|
||||
$mapper = $c->query('DefaultTokenMapper');
|
||||
$crypto = $c->getCrypto();
|
||||
$config = $c->getConfig();
|
||||
$logger = $c->getLogger();
|
||||
return new \OC\Authentication\Token\DefaultTokenProvider($mapper, $crypto, $config, $logger);
|
||||
});
|
||||
$this->registerService('UserSession', function (Server $c) {
|
||||
$manager = $c->getUserManager();
|
||||
|
||||
$session = new \OC\Session\Memory('');
|
||||
$defaultTokenProvider = $c->query('DefaultTokenProvider');
|
||||
$tokenProviders = [
|
||||
$defaultTokenProvider,
|
||||
];
|
||||
|
||||
$userSession = new \OC\User\Session($manager, $session);
|
||||
$userSession = new \OC\User\Session($manager, $session, $defaultTokenProvider, $tokenProviders);
|
||||
$userSession->listen('\OC\User', 'preCreateUser', function ($uid, $password) {
|
||||
\OC_Hook::emit('OC_User', 'pre_createUser', array('run' => true, 'uid' => $uid, 'password' => $password));
|
||||
});
|
||||
|
|
|
@ -1,7 +1,9 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* @author Arthur Schiwon <blizzz@owncloud.com>
|
||||
* @author Bernhard Posselt <dev@bernhard-posselt.com>
|
||||
* @author Christoph Wurst <christoph@owncloud.com>
|
||||
* @author Joas Schilling <nickvergessen@owncloud.com>
|
||||
* @author Jörn Friedrich Dreyer <jfd@butonic.de>
|
||||
* @author Lukas Reschke <lukas@owncloud.com>
|
||||
|
@ -31,8 +33,17 @@
|
|||
|
||||
namespace OC\User;
|
||||
|
||||
use OC;
|
||||
use OC\Authentication\Exceptions\InvalidTokenException;
|
||||
use OC\Authentication\Token\DefaultTokenProvider;
|
||||
use OC\Authentication\Token\IProvider;
|
||||
use OC\Hooks\Emitter;
|
||||
use OC\Session\Session;
|
||||
use OC_User;
|
||||
use OCA\DAV\Connector\Sabre\Auth;
|
||||
use OCP\IRequest;
|
||||
use OCP\ISession;
|
||||
use OCP\IUser;
|
||||
use OCP\IUserManager;
|
||||
use OCP\IUserSession;
|
||||
|
||||
|
@ -55,22 +66,42 @@ use OCP\IUserSession;
|
|||
* @package OC\User
|
||||
*/
|
||||
class Session implements IUserSession, Emitter {
|
||||
/** @var \OC\User\Manager $manager */
|
||||
|
||||
/*
|
||||
* @var Manager $manager
|
||||
*/
|
||||
private $manager;
|
||||
|
||||
/** @var \OC\Session\Session $session */
|
||||
/*
|
||||
* @var Session $session
|
||||
*/
|
||||
private $session;
|
||||
|
||||
/** @var \OC\User\User $activeUser */
|
||||
/*
|
||||
* @var DefaultTokenProvider
|
||||
*/
|
||||
private $tokenProvider;
|
||||
|
||||
/**
|
||||
* @var IProvider[]
|
||||
*/
|
||||
private $tokenProviders;
|
||||
|
||||
/**
|
||||
* @var User $activeUser
|
||||
protected $activeUser;
|
||||
|
||||
/**
|
||||
* @param IUserManager $manager
|
||||
* @param ISession $session
|
||||
* @param IProvider[] $tokenProviders
|
||||
*/
|
||||
public function __construct(IUserManager $manager, ISession $session) {
|
||||
public function __construct(IUserManager $manager, ISession $session,
|
||||
DefaultTokenProvider $tokenProvider, array $tokenProviders = []) {
|
||||
$this->manager = $manager;
|
||||
$this->session = $session;
|
||||
$this->tokenProvider = $tokenProvider;
|
||||
$this->tokenProviders = $tokenProviders;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -87,14 +118,15 @@ class Session implements IUserSession, Emitter {
|
|||
* @param string $method optional
|
||||
* @param callable $callback optional
|
||||
*/
|
||||
public function removeListener($scope = null, $method = null, callable $callback = null) {
|
||||
public function removeListener($scope = null, $method = null,
|
||||
callable $callback = null) {
|
||||
$this->manager->removeListener($scope, $method, $callback);
|
||||
}
|
||||
|
||||
/**
|
||||
* get the manager object
|
||||
*
|
||||
* @return \OC\User\Manager
|
||||
* @return Manager
|
||||
*/
|
||||
public function getManager() {
|
||||
return $this->manager;
|
||||
|
@ -125,7 +157,7 @@ class Session implements IUserSession, Emitter {
|
|||
/**
|
||||
* set the currently active user
|
||||
*
|
||||
* @param \OC\User\User|null $user
|
||||
* @param User|null $user
|
||||
*/
|
||||
public function setUser($user) {
|
||||
if (is_null($user)) {
|
||||
|
@ -139,12 +171,12 @@ class Session implements IUserSession, Emitter {
|
|||
/**
|
||||
* get the current active user
|
||||
*
|
||||
* @return \OCP\IUser|null Current user, otherwise null
|
||||
* @return IUser|null Current user, otherwise null
|
||||
*/
|
||||
public function getUser() {
|
||||
// FIXME: This is a quick'n dirty work-around for the incognito mode as
|
||||
// described at https://github.com/owncloud/core/pull/12912#issuecomment-67391155
|
||||
if (\OC_User::isIncognitoMode()) {
|
||||
if (OC_User::isIncognitoMode()) {
|
||||
return null;
|
||||
}
|
||||
if ($this->activeUser) {
|
||||
|
@ -241,6 +273,101 @@ class Session implements IUserSession, Emitter {
|
|||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Tries to login the user with HTTP Basic Authentication
|
||||
*/
|
||||
public function tryBasicAuthLogin() {
|
||||
if (!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW'])) {
|
||||
$result = $this->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
|
||||
if ($result === true) {
|
||||
/**
|
||||
* Add DAV authenticated. This should in an ideal world not be
|
||||
* necessary but the iOS App reads cookies from anywhere instead
|
||||
* only the DAV endpoint.
|
||||
* This makes sure that the cookies will be valid for the whole scope
|
||||
* @see https://github.com/owncloud/core/issues/22893
|
||||
*/
|
||||
$this->session->set(
|
||||
Auth::DAV_AUTHENTICATED, $this->getUser()->getUID()
|
||||
);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
private function loginWithToken($uid) {
|
||||
//$this->manager->emit('\OC\User', 'preTokenLogin', array($uid));
|
||||
$user = $this->manager->get($uid);
|
||||
if (is_null($user)) {
|
||||
// user does not exist
|
||||
return false;
|
||||
}
|
||||
|
||||
//login
|
||||
$this->setUser($user);
|
||||
//$this->manager->emit('\OC\User', 'postTokenLogin', array($user));
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Create a new session token for the given user credentials
|
||||
*
|
||||
* @param string $uid user UID
|
||||
* @param string $password
|
||||
* @return boolean
|
||||
*/
|
||||
public function createSessionToken($uid, $password) {
|
||||
if (is_null($this->manager->get($uid))) {
|
||||
// User does not exist
|
||||
return false;
|
||||
}
|
||||
$name = isset($request->server['HTTP_USER_AGENT']) ? $request->server['HTTP_USER_AGENT'] : 'unknown device';
|
||||
$token = $this->tokenProvider->generateToken($token, $uid, $password, $name);
|
||||
return $this->loginWithToken($uid);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string $token
|
||||
* @return boolean
|
||||
*/
|
||||
private function validateToken(IRequest $request, $token) {
|
||||
// TODO: hash token
|
||||
foreach ($this->tokenProviders as $provider) {
|
||||
try {
|
||||
$user = $provider->validateToken($token);
|
||||
if (!is_null($user)) {
|
||||
$result = $this->loginWithToken($user);
|
||||
if ($result) {
|
||||
// Login success
|
||||
return true;
|
||||
}
|
||||
}
|
||||
} catch (InvalidTokenException $ex) {
|
||||
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Tries to login the user with auth token header
|
||||
*
|
||||
* @todo check remember me cookie
|
||||
*/
|
||||
public function tryTokenLogin() {
|
||||
// TODO: resolve cyclic dependency and inject IRequest somehow
|
||||
$request = \OC::$server->getRequest();
|
||||
$authHeader = $request->getHeader('Authorization');
|
||||
if (strpos($authHeader, 'token ') === false) {
|
||||
// No auth header, let's try session id
|
||||
// TODO: use ISession::getId(), https://github.com/owncloud/core/pull/24229
|
||||
$sessionId = session_id();
|
||||
return $this->validateToken($request, $sessionId);
|
||||
} else {
|
||||
$token = substr($authHeader, 6);
|
||||
return $this->validateToken($request, $token);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* perform login using the magic cookie (remember login)
|
||||
*
|
||||
|
@ -258,15 +385,15 @@ class Session implements IUserSession, Emitter {
|
|||
}
|
||||
|
||||
// get stored tokens
|
||||
$tokens = \OC::$server->getConfig()->getUserKeys($uid, 'login_token');
|
||||
$tokens = OC::$server->getConfig()->getUserKeys($uid, 'login_token');
|
||||
// test cookies token against stored tokens
|
||||
if (!in_array($currentToken, $tokens, true)) {
|
||||
return false;
|
||||
}
|
||||
// replace successfully used token with a new one
|
||||
\OC::$server->getConfig()->deleteUserValue($uid, 'login_token', $currentToken);
|
||||
$newToken = \OC::$server->getSecureRandom()->generate(32);
|
||||
\OC::$server->getConfig()->setUserValue($uid, 'login_token', $newToken, time());
|
||||
OC::$server->getConfig()->deleteUserValue($uid, 'login_token', $currentToken);
|
||||
$newToken = OC::$server->getSecureRandom()->generate(32);
|
||||
OC::$server->getConfig()->setUserValue($uid, 'login_token', $newToken, time());
|
||||
$this->setMagicInCookie($user->getUID(), $newToken);
|
||||
|
||||
//login
|
||||
|
@ -293,11 +420,11 @@ class Session implements IUserSession, Emitter {
|
|||
* @param string $token
|
||||
*/
|
||||
public function setMagicInCookie($username, $token) {
|
||||
$secureCookie = \OC::$server->getRequest()->getServerProtocol() === 'https';
|
||||
$expires = time() + \OC::$server->getConfig()->getSystemValue('remember_login_cookie_lifetime', 60 * 60 * 24 * 15);
|
||||
setcookie("oc_username", $username, $expires, \OC::$WEBROOT, '', $secureCookie, true);
|
||||
setcookie("oc_token", $token, $expires, \OC::$WEBROOT, '', $secureCookie, true);
|
||||
setcookie("oc_remember_login", "1", $expires, \OC::$WEBROOT, '', $secureCookie, true);
|
||||
$secureCookie = OC::$server->getRequest()->getServerProtocol() === 'https';
|
||||
$expires = time() + OC::$server->getConfig()->getSystemValue('remember_login_cookie_lifetime', 60 * 60 * 24 * 15);
|
||||
setcookie("oc_username", $username, $expires, OC::$WEBROOT, '', $secureCookie, true);
|
||||
setcookie("oc_token", $token, $expires, OC::$WEBROOT, '', $secureCookie, true);
|
||||
setcookie("oc_remember_login", "1", $expires, OC::$WEBROOT, '', $secureCookie, true);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -305,18 +432,19 @@ class Session implements IUserSession, Emitter {
|
|||
*/
|
||||
public function unsetMagicInCookie() {
|
||||
//TODO: DI for cookies and IRequest
|
||||
$secureCookie = \OC::$server->getRequest()->getServerProtocol() === 'https';
|
||||
$secureCookie = OC::$server->getRequest()->getServerProtocol() === 'https';
|
||||
|
||||
unset($_COOKIE["oc_username"]); //TODO: DI
|
||||
unset($_COOKIE["oc_token"]);
|
||||
unset($_COOKIE["oc_remember_login"]);
|
||||
setcookie('oc_username', '', time() - 3600, \OC::$WEBROOT, '',$secureCookie, true);
|
||||
setcookie('oc_token', '', time() - 3600, \OC::$WEBROOT, '', $secureCookie, true);
|
||||
setcookie('oc_remember_login', '', time() - 3600, \OC::$WEBROOT, '', $secureCookie, true);
|
||||
setcookie('oc_username', '', time() - 3600, OC::$WEBROOT, '', $secureCookie, true);
|
||||
setcookie('oc_token', '', time() - 3600, OC::$WEBROOT, '', $secureCookie, true);
|
||||
setcookie('oc_remember_login', '', time() - 3600, OC::$WEBROOT, '', $secureCookie, true);
|
||||
// old cookies might be stored under /webroot/ instead of /webroot
|
||||
// and Firefox doesn't like it!
|
||||
setcookie('oc_username', '', time() - 3600, \OC::$WEBROOT . '/', '', $secureCookie, true);
|
||||
setcookie('oc_token', '', time() - 3600, \OC::$WEBROOT . '/', '', $secureCookie, true);
|
||||
setcookie('oc_remember_login', '', time() - 3600, \OC::$WEBROOT . '/', '', $secureCookie, true);
|
||||
setcookie('oc_username', '', time() - 3600, OC::$WEBROOT . '/', '', $secureCookie, true);
|
||||
setcookie('oc_token', '', time() - 3600, OC::$WEBROOT . '/', '', $secureCookie, true);
|
||||
setcookie('oc_remember_login', '', time() - 3600, OC::$WEBROOT . '/', '', $secureCookie, true);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -6,6 +6,7 @@
|
|||
* @author Bart Visscher <bartv@thisnet.nl>
|
||||
* @author Bartek Przybylski <bart.p.pl@gmail.com>
|
||||
* @author Björn Schießle <schiessle@owncloud.com>
|
||||
* @author Christoph Wurst <christoph@owncloud.com>
|
||||
* @author Florian Preinstorfer <nblock@archlinux.us>
|
||||
* @author Georg Ehrke <georg@owncloud.com>
|
||||
* @author Jakob Sack <mail@jakobsack.de>
|
||||
|
@ -155,6 +156,8 @@ class OC_User {
|
|||
* @return boolean|null
|
||||
*
|
||||
* Log in a user and regenerate a new session - if the password is ok
|
||||
*
|
||||
* @deprecated Use \OCP\IUserSession::login
|
||||
*/
|
||||
public static function login($loginName, $password) {
|
||||
|
||||
|
@ -283,28 +286,6 @@ class OC_User {
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Tries to login the user with HTTP Basic Authentication
|
||||
*/
|
||||
public static function tryBasicAuthLogin() {
|
||||
if (!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW'])) {
|
||||
$result = \OC_User::login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
|
||||
if($result === true) {
|
||||
/**
|
||||
* Add DAV authenticated. This should in an ideal world not be
|
||||
* necessary but the iOS App reads cookies from anywhere instead
|
||||
* only the DAV endpoint.
|
||||
* This makes sure that the cookies will be valid for the whole scope
|
||||
* @see https://github.com/owncloud/core/issues/22893
|
||||
*/
|
||||
\OC::$server->getSession()->set(
|
||||
\OCA\DAV\Connector\Sabre\Auth::DAV_AUTHENTICATED,
|
||||
\OC::$server->getUserSession()->getUser()->getUID()
|
||||
);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if the user is logged in, considers also the HTTP basic credentials
|
||||
*
|
||||
|
|
|
@ -957,8 +957,7 @@ class OC_Util {
|
|||
public static function checkLoggedIn() {
|
||||
// Check if we are a user
|
||||
if (!OC_User::isLoggedIn()) {
|
||||
header('Location: ' . \OC::$server->getURLGenerator()->linkToRoute(
|
||||
'core.login.showLoginForm',
|
||||
header('Location: ' . \OCP\Util::linkToAbsolute('', 'index.php',
|
||||
[
|
||||
'redirect_url' => \OC::$server->getRequest()->getRequestUri()
|
||||
]
|
||||
|
|
Loading…
Reference in New Issue