Use Bearer backend for SabreDAV
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
This commit is contained in:
Lukas Reschke
parent
30552090bc
commit
df3909a7c3
|
|
@ -211,18 +211,6 @@ class Auth extends AbstractBasic {
|
|||
private function auth(RequestInterface $request, ResponseInterface $response) {
|
||||
$forcedLogout = false;
|
||||
|
||||
$authHeader = $request->getHeader('Authorization');
|
||||
if (strpos($authHeader, 'Bearer ') !== false) {
|
||||
if($this->userSession->tryTokenLogin($this->request)) {
|
||||
$this->session->set(self::DAV_AUTHENTICATED, $this->userSession->getUser()->getUID());
|
||||
$user = $this->userSession->getUser()->getUID();
|
||||
\OC_Util::setupFS($user);
|
||||
$this->currentUser = $user;
|
||||
$this->session->close();
|
||||
return [true, $this->principalPrefix . $user];
|
||||
}
|
||||
}
|
||||
|
||||
if(!$this->request->passesCSRFCheck() &&
|
||||
$this->requiresCSRFCheck()) {
|
||||
// In case of a fail with POST we need to recheck the credentials
|
||||
|
|
|
|||
|
|
@ -0,0 +1,76 @@
|
|||
<?php
|
||||
/**
|
||||
* @copyright Copyright (c) 2017 Lukas Reschke <lukas@statuscode.ch>
|
||||
*
|
||||
* @license GNU AGPL version 3 or any later version
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as
|
||||
* published by the Free Software Foundation, either version 3 of the
|
||||
* License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*
|
||||
*/
|
||||
|
||||
namespace OCA\DAV\Connector\Sabre;
|
||||
|
||||
use OCP\IRequest;
|
||||
use OCP\ISession;
|
||||
use OCP\IUserSession;
|
||||
use Sabre\DAV\Auth\Backend\AbstractBearer;
|
||||
|
||||
class BearerAuth extends AbstractBearer {
|
||||
/** @var IUserSession */
|
||||
private $userSession;
|
||||
/** @var ISession */
|
||||
private $session;
|
||||
/** @var IRequest */
|
||||
private $request;
|
||||
/** @var string */
|
||||
private $principalPrefix;
|
||||
|
||||
/**
|
||||
* @param IUserSession $userSession
|
||||
* @param ISession $session
|
||||
* @param string $principalPrefix
|
||||
* @param IRequest $request
|
||||
*/
|
||||
public function __construct(IUserSession $userSession,
|
||||
ISession $session,
|
||||
IRequest $request,
|
||||
$principalPrefix = 'principals/users/') {
|
||||
$this->userSession = $userSession;
|
||||
$this->session = $session;
|
||||
$this->request = $request;
|
||||
$this->principalPrefix = $principalPrefix;
|
||||
}
|
||||
|
||||
private function setupUserFs($userId) {
|
||||
\OC_Util::setupFS($userId);
|
||||
$this->session->close();
|
||||
return $this->principalPrefix . $userId;
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function validateBearerToken($bearerToken) {
|
||||
\OC_Util::setupFS();
|
||||
|
||||
if(!$this->userSession->isLoggedIn()) {
|
||||
$this->userSession->tryTokenLogin($this->request);
|
||||
}
|
||||
if($this->userSession->isLoggedIn()) {
|
||||
return $this->setupUserFs($this->userSession->getUser()->getUID());
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
|
@ -33,6 +33,7 @@ use OCA\DAV\CardDAV\ImageExportPlugin;
|
|||
use OCA\DAV\CardDAV\PhotoCache;
|
||||
use OCA\DAV\Comments\CommentsPlugin;
|
||||
use OCA\DAV\Connector\Sabre\Auth;
|
||||
use OCA\DAV\Connector\Sabre\BearerAuth;
|
||||
use OCA\DAV\Connector\Sabre\BlockLegacyClientPlugin;
|
||||
use OCA\DAV\Connector\Sabre\CommentPropertiesPlugin;
|
||||
use OCA\DAV\Connector\Sabre\CopyEtagHeaderPlugin;
|
||||
|
|
@ -52,6 +53,7 @@ use OCP\SabrePluginEvent;
|
|||
use Sabre\CardDAV\VCFExportPlugin;
|
||||
use Sabre\DAV\Auth\Plugin;
|
||||
use OCA\DAV\Connector\Sabre\TagsPlugin;
|
||||
use Sabre\HTTP\Auth\Bearer;
|
||||
use SearchDAV\DAV\SearchPlugin;
|
||||
|
||||
class Server {
|
||||
|
|
@ -100,6 +102,12 @@ class Server {
|
|||
$event = new SabrePluginEvent($this->server);
|
||||
$dispatcher->dispatch('OCA\DAV\Connector\Sabre::authInit', $event);
|
||||
|
||||
$bearerAuthBackend = new BearerAuth(
|
||||
\OC::$server->getUserSession(),
|
||||
\OC::$server->getSession(),
|
||||
\OC::$server->getRequest()
|
||||
);
|
||||
$authPlugin->addBackend($bearerAuthBackend);
|
||||
// because we are throwing exceptions this plugin has to be the last one
|
||||
$authPlugin->addBackend($authBackend);
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,88 @@
|
|||
<?php
|
||||
/**
|
||||
* @copyright Copyright (c) 2017 Lukas Reschke <lukas@statuscode.ch>
|
||||
*
|
||||
* @license GNU AGPL version 3 or any later version
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as
|
||||
* published by the Free Software Foundation, either version 3 of the
|
||||
* License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*
|
||||
*/
|
||||
|
||||
namespace OCA\DAV\Tests\unit\Connector\Sabre;
|
||||
|
||||
use OC\Authentication\TwoFactorAuth\Manager;
|
||||
use OC\Security\Bruteforce\Throttler;
|
||||
use OC\User\Session;
|
||||
use OCA\DAV\Connector\Sabre\BearerAuth;
|
||||
use OCP\IRequest;
|
||||
use OCP\ISession;
|
||||
use OCP\IUser;
|
||||
use OCP\IUserSession;
|
||||
use Sabre\HTTP\RequestInterface;
|
||||
use Sabre\HTTP\ResponseInterface;
|
||||
use Test\TestCase;
|
||||
|
||||
/**
|
||||
* @group DB
|
||||
*/
|
||||
class BearerAuthTest extends TestCase {
|
||||
/** @var IUserSession|\PHPUnit_Framework_MockObject_MockObject */
|
||||
private $userSession;
|
||||
/** @var ISession|\PHPUnit_Framework_MockObject_MockObject */
|
||||
private $session;
|
||||
/** @var IRequest|\PHPUnit_Framework_MockObject_MockObject */
|
||||
private $request;
|
||||
/** @var BearerAuth */
|
||||
private $bearerAuth;
|
||||
|
||||
public function setUp() {
|
||||
parent::setUp();
|
||||
|
||||
$this->userSession = $this->createMock(\OC\User\Session::class);
|
||||
$this->session = $this->createMock(ISession::class);
|
||||
$this->request = $this->createMock(IRequest::class);
|
||||
|
||||
$this->bearerAuth = new BearerAuth(
|
||||
$this->userSession,
|
||||
$this->session,
|
||||
$this->request
|
||||
);
|
||||
}
|
||||
|
||||
public function testValidateBearerTokenNotLoggedIn() {
|
||||
$this->assertFalse($this->bearerAuth->validateBearerToken('Token'));
|
||||
}
|
||||
|
||||
public function testValidateBearerToken() {
|
||||
$this->userSession
|
||||
->expects($this->at(0))
|
||||
->method('isLoggedIn')
|
||||
->willReturn(false);
|
||||
$this->userSession
|
||||
->expects($this->at(2))
|
||||
->method('isLoggedIn')
|
||||
->willReturn(true);
|
||||
$user = $this->createMock(IUser::class);
|
||||
$user
|
||||
->expects($this->once())
|
||||
->method('getUID')
|
||||
->willReturn('admin');
|
||||
$this->userSession
|
||||
->expects($this->once())
|
||||
->method('getUser')
|
||||
->willReturn($user);
|
||||
|
||||
$this->assertSame('principals/users/admin', $this->bearerAuth->validateBearerToken('Token'));
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,24 @@
|
|||
<?php
|
||||
/**
|
||||
* @copyright Copyright (c) 2017 Lukas Reschke <lukas@statuscode.ch>
|
||||
*
|
||||
* @license GNU AGPL version 3 or any later version
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as
|
||||
* published by the Free Software Foundation, either version 3 of the
|
||||
* License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*
|
||||
*/
|
||||
|
||||
namespace OCA\OAuth2\Exceptions;
|
||||
|
||||
class AccessTokenNotFoundException extends \Exception {}
|
||||
|
|
@ -0,0 +1,24 @@
|
|||
<?php
|
||||
/**
|
||||
* @copyright Copyright (c) 2017 Lukas Reschke <lukas@statuscode.ch>
|
||||
*
|
||||
* @license GNU AGPL version 3 or any later version
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as
|
||||
* published by the Free Software Foundation, either version 3 of the
|
||||
* License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*
|
||||
*/
|
||||
|
||||
namespace OCA\OAuth2\Exceptions;
|
||||
|
||||
class ClientNotFoundException extends \Exception {}
|
||||
Loading…
Reference in New Issue