Make legacy DAV backend use the BearerAuth backend as well

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
This commit is contained in:
Lukas Reschke 2017-05-18 21:19:39 +02:00
parent ba7b6bd973
commit f93db724d7
No known key found for this signature in database
GPG Key ID: B9F6980CF6E759B1
5 changed files with 22 additions and 7 deletions

View File

@ -42,6 +42,7 @@ $authBackend = new OCA\DAV\Connector\PublicAuth(
\OC::$server->getShareManager(), \OC::$server->getShareManager(),
\OC::$server->getSession() \OC::$server->getSession()
); );
$authPlugin = new \Sabre\DAV\Auth\Plugin($authBackend);
$serverFactory = new OCA\DAV\Connector\Sabre\ServerFactory( $serverFactory = new OCA\DAV\Connector\Sabre\ServerFactory(
\OC::$server->getConfig(), \OC::$server->getConfig(),
@ -59,7 +60,7 @@ $requestUri = \OC::$server->getRequest()->getRequestUri();
$linkCheckPlugin = new \OCA\DAV\Files\Sharing\PublicLinkCheckPlugin(); $linkCheckPlugin = new \OCA\DAV\Files\Sharing\PublicLinkCheckPlugin();
$filesDropPlugin = new \OCA\DAV\Files\Sharing\FilesDropPlugin(); $filesDropPlugin = new \OCA\DAV\Files\Sharing\FilesDropPlugin();
$server = $serverFactory->createServer($baseuri, $requestUri, $authBackend, function (\Sabre\DAV\Server $server) use ($authBackend, $linkCheckPlugin, $filesDropPlugin) { $server = $serverFactory->createServer($baseuri, $requestUri, $authPlugin, function (\Sabre\DAV\Server $server) use ($authBackend, $linkCheckPlugin, $filesDropPlugin) {
$isAjax = (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] === 'XMLHttpRequest'); $isAjax = (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] === 'XMLHttpRequest');
$federatedSharingApp = new \OCA\FederatedFileSharing\AppInfo\Application(); $federatedSharingApp = new \OCA\FederatedFileSharing\AppInfo\Application();
$federatedShareProvider = $federatedSharingApp->getFederatedShareProvider(); $federatedShareProvider = $federatedSharingApp->getFederatedShareProvider();

View File

@ -52,9 +52,17 @@ $authBackend = new \OCA\DAV\Connector\Sabre\Auth(
\OC::$server->getBruteForceThrottler(), \OC::$server->getBruteForceThrottler(),
'principals/' 'principals/'
); );
$authPlugin = new \Sabre\DAV\Auth\Plugin($authBackend);
$bearerAuthPlugin = new \OCA\DAV\Connector\Sabre\BearerAuth(
\OC::$server->getUserSession(),
\OC::$server->getSession(),
\OC::$server->getRequest()
);
$authPlugin->addBackend($bearerAuthPlugin);
$requestUri = \OC::$server->getRequest()->getRequestUri(); $requestUri = \OC::$server->getRequest()->getRequestUri();
$server = $serverFactory->createServer($baseuri, $requestUri, $authBackend, function() { $server = $serverFactory->createServer($baseuri, $requestUri, $authPlugin, function() {
// use the view for the logged in user // use the view for the logged in user
return \OC\Files\Filesystem::getView(); return \OC\Files\Filesystem::getView();
}); });

View File

@ -40,6 +40,7 @@ use OCP\IRequest;
use OCP\ITagManager; use OCP\ITagManager;
use OCP\IUserSession; use OCP\IUserSession;
use Sabre\DAV\Auth\Backend\BackendInterface; use Sabre\DAV\Auth\Backend\BackendInterface;
use Sabre\DAV\Auth\Plugin;
class ServerFactory { class ServerFactory {
/** @var IConfig */ /** @var IConfig */
@ -92,13 +93,13 @@ class ServerFactory {
/** /**
* @param string $baseUri * @param string $baseUri
* @param string $requestUri * @param string $requestUri
* @param BackendInterface $authBackend * @param Plugin $authPlugin
* @param callable $viewCallBack callback that should return the view for the dav endpoint * @param callable $viewCallBack callback that should return the view for the dav endpoint
* @return Server * @return Server
*/ */
public function createServer($baseUri, public function createServer($baseUri,
$requestUri, $requestUri,
BackendInterface $authBackend, Plugin $authPlugin,
callable $viewCallBack) { callable $viewCallBack) {
// Fire up server // Fire up server
$objectTree = new \OCA\DAV\Connector\Sabre\ObjectTree(); $objectTree = new \OCA\DAV\Connector\Sabre\ObjectTree();
@ -110,7 +111,7 @@ class ServerFactory {
// Load plugins // Load plugins
$server->addPlugin(new \OCA\DAV\Connector\Sabre\MaintenancePlugin($this->config)); $server->addPlugin(new \OCA\DAV\Connector\Sabre\MaintenancePlugin($this->config));
$server->addPlugin(new \OCA\DAV\Connector\Sabre\BlockLegacyClientPlugin($this->config)); $server->addPlugin(new \OCA\DAV\Connector\Sabre\BlockLegacyClientPlugin($this->config));
$server->addPlugin(new \Sabre\DAV\Auth\Plugin($authBackend)); $server->addPlugin($authPlugin);
// FIXME: The following line is a workaround for legacy components relying on being able to send a GET to / // FIXME: The following line is a workaround for legacy components relying on being able to send a GET to /
$server->addPlugin(new \OCA\DAV\Connector\Sabre\DummyGetResponsePlugin()); $server->addPlugin(new \OCA\DAV\Connector\Sabre\DummyGetResponsePlugin());
$server->addPlugin(new \OCA\DAV\Connector\Sabre\ExceptionLoggerPlugin('webdav', $this->logger)); $server->addPlugin(new \OCA\DAV\Connector\Sabre\ExceptionLoggerPlugin('webdav', $this->logger));

View File

@ -138,8 +138,9 @@ abstract class RequestTestCase extends TestCase {
*/ */
protected function getSabreServer(View $view, $user, $password, ExceptionPlugin $exceptionPlugin) { protected function getSabreServer(View $view, $user, $password, ExceptionPlugin $exceptionPlugin) {
$authBackend = new Auth($user, $password); $authBackend = new Auth($user, $password);
$authPlugin = new \Sabre\DAV\Auth\Plugin($authBackend);
$server = $this->serverFactory->createServer('/', 'dummy', $authBackend, function () use ($view) { $server = $this->serverFactory->createServer('/', 'dummy', $authPlugin, function () use ($view) {
return $view; return $view;
}); });
$server->addPlugin($exceptionPlugin); $server->addPlugin($exceptionPlugin);

View File

@ -53,10 +53,14 @@ Feature: auth
When requesting "/remote.php/webdav" with "PROPFIND" using restricted basic token auth When requesting "/remote.php/webdav" with "PROPFIND" using restricted basic token auth
Then the HTTP status code should be "207" Then the HTTP status code should be "207"
Scenario: using WebDAV with restricted basic token auth Scenario: using old WebDAV endpoint with unrestricted client token
When requesting "/remote.php/webdav" with "PROPFIND" using an unrestricted client token When requesting "/remote.php/webdav" with "PROPFIND" using an unrestricted client token
Then the HTTP status code should be "207" Then the HTTP status code should be "207"
Scenario: using new WebDAV endpoint with unrestricted client token
When requesting "/remote.php/dav/" with "PROPFIND" using an unrestricted client token
Then the HTTP status code should be "207"
Scenario: using WebDAV with browser session Scenario: using WebDAV with browser session
Given a new browser session is started Given a new browser session is started
When requesting "/remote.php/webdav" with "PROPFIND" using browser session When requesting "/remote.php/webdav" with "PROPFIND" using browser session