Make legacy DAV backend use the BearerAuth backend as well

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
This commit is contained in:
Lukas Reschke 2017-05-18 21:19:39 +02:00
parent ba7b6bd973
commit f93db724d7
No known key found for this signature in database
GPG Key ID: B9F6980CF6E759B1
5 changed files with 22 additions and 7 deletions

View File

@ -42,6 +42,7 @@ $authBackend = new OCA\DAV\Connector\PublicAuth(
\OC::$server->getShareManager(),
\OC::$server->getSession()
);
$authPlugin = new \Sabre\DAV\Auth\Plugin($authBackend);
$serverFactory = new OCA\DAV\Connector\Sabre\ServerFactory(
\OC::$server->getConfig(),
@ -59,7 +60,7 @@ $requestUri = \OC::$server->getRequest()->getRequestUri();
$linkCheckPlugin = new \OCA\DAV\Files\Sharing\PublicLinkCheckPlugin();
$filesDropPlugin = new \OCA\DAV\Files\Sharing\FilesDropPlugin();
$server = $serverFactory->createServer($baseuri, $requestUri, $authBackend, function (\Sabre\DAV\Server $server) use ($authBackend, $linkCheckPlugin, $filesDropPlugin) {
$server = $serverFactory->createServer($baseuri, $requestUri, $authPlugin, function (\Sabre\DAV\Server $server) use ($authBackend, $linkCheckPlugin, $filesDropPlugin) {
$isAjax = (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] === 'XMLHttpRequest');
$federatedSharingApp = new \OCA\FederatedFileSharing\AppInfo\Application();
$federatedShareProvider = $federatedSharingApp->getFederatedShareProvider();

View File

@ -52,9 +52,17 @@ $authBackend = new \OCA\DAV\Connector\Sabre\Auth(
\OC::$server->getBruteForceThrottler(),
'principals/'
);
$authPlugin = new \Sabre\DAV\Auth\Plugin($authBackend);
$bearerAuthPlugin = new \OCA\DAV\Connector\Sabre\BearerAuth(
\OC::$server->getUserSession(),
\OC::$server->getSession(),
\OC::$server->getRequest()
);
$authPlugin->addBackend($bearerAuthPlugin);
$requestUri = \OC::$server->getRequest()->getRequestUri();
$server = $serverFactory->createServer($baseuri, $requestUri, $authBackend, function() {
$server = $serverFactory->createServer($baseuri, $requestUri, $authPlugin, function() {
// use the view for the logged in user
return \OC\Files\Filesystem::getView();
});

View File

@ -40,6 +40,7 @@ use OCP\IRequest;
use OCP\ITagManager;
use OCP\IUserSession;
use Sabre\DAV\Auth\Backend\BackendInterface;
use Sabre\DAV\Auth\Plugin;
class ServerFactory {
/** @var IConfig */
@ -92,13 +93,13 @@ class ServerFactory {
/**
* @param string $baseUri
* @param string $requestUri
* @param BackendInterface $authBackend
* @param Plugin $authPlugin
* @param callable $viewCallBack callback that should return the view for the dav endpoint
* @return Server
*/
public function createServer($baseUri,
$requestUri,
BackendInterface $authBackend,
Plugin $authPlugin,
callable $viewCallBack) {
// Fire up server
$objectTree = new \OCA\DAV\Connector\Sabre\ObjectTree();
@ -110,7 +111,7 @@ class ServerFactory {
// Load plugins
$server->addPlugin(new \OCA\DAV\Connector\Sabre\MaintenancePlugin($this->config));
$server->addPlugin(new \OCA\DAV\Connector\Sabre\BlockLegacyClientPlugin($this->config));
$server->addPlugin(new \Sabre\DAV\Auth\Plugin($authBackend));
$server->addPlugin($authPlugin);
// FIXME: The following line is a workaround for legacy components relying on being able to send a GET to /
$server->addPlugin(new \OCA\DAV\Connector\Sabre\DummyGetResponsePlugin());
$server->addPlugin(new \OCA\DAV\Connector\Sabre\ExceptionLoggerPlugin('webdav', $this->logger));

View File

@ -138,8 +138,9 @@ abstract class RequestTestCase extends TestCase {
*/
protected function getSabreServer(View $view, $user, $password, ExceptionPlugin $exceptionPlugin) {
$authBackend = new Auth($user, $password);
$authPlugin = new \Sabre\DAV\Auth\Plugin($authBackend);
$server = $this->serverFactory->createServer('/', 'dummy', $authBackend, function () use ($view) {
$server = $this->serverFactory->createServer('/', 'dummy', $authPlugin, function () use ($view) {
return $view;
});
$server->addPlugin($exceptionPlugin);

View File

@ -53,10 +53,14 @@ Feature: auth
When requesting "/remote.php/webdav" with "PROPFIND" using restricted basic token auth
Then the HTTP status code should be "207"
Scenario: using WebDAV with restricted basic token auth
Scenario: using old WebDAV endpoint with unrestricted client token
When requesting "/remote.php/webdav" with "PROPFIND" using an unrestricted client token
Then the HTTP status code should be "207"
Scenario: using new WebDAV endpoint with unrestricted client token
When requesting "/remote.php/dav/" with "PROPFIND" using an unrestricted client token
Then the HTTP status code should be "207"
Scenario: using WebDAV with browser session
Given a new browser session is started
When requesting "/remote.php/webdav" with "PROPFIND" using browser session