2011-07-20 14:36:36 +00:00
|
|
|
<?php
|
2012-05-05 16:13:40 +00:00
|
|
|
|
2011-07-20 14:36:36 +00:00
|
|
|
/**
|
2012-05-05 16:13:40 +00:00
|
|
|
* ownCloud
|
2011-07-20 14:36:36 +00:00
|
|
|
*
|
2012-05-05 16:13:40 +00:00
|
|
|
* @author Jakob Sack
|
|
|
|
* @copyright 2011 Jakob Sack kde@jakobsack.de
|
|
|
|
*
|
|
|
|
* This library is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
|
|
|
|
* License as published by the Free Software Foundation; either
|
|
|
|
* version 3 of the License, or any later version.
|
|
|
|
*
|
|
|
|
* This library is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU Affero General Public
|
|
|
|
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
|
2011-07-20 14:36:36 +00:00
|
|
|
*
|
|
|
|
*/
|
2012-05-05 16:13:40 +00:00
|
|
|
|
2014-01-09 13:25:48 +00:00
|
|
|
class OC_Connector_Sabre_Auth extends \Sabre\DAV\Auth\Backend\AbstractBasic {
|
2015-01-16 13:31:02 +00:00
|
|
|
const DAV_AUTHENTICATED = 'AUTHENTICATED_TO_DAV_BACKEND';
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Whether the user has initially authenticated via DAV
|
|
|
|
*
|
|
|
|
* This is required for WebDAV clients that resent the cookies even when the
|
|
|
|
* account was changed.
|
|
|
|
*
|
|
|
|
* @see https://github.com/owncloud/core/issues/13245
|
|
|
|
*
|
|
|
|
* @param string $username
|
|
|
|
* @return bool
|
|
|
|
*/
|
|
|
|
protected function isDavAuthenticated($username) {
|
|
|
|
return !is_null(\OC::$server->getSession()->get(self::DAV_AUTHENTICATED)) &&
|
|
|
|
\OC::$server->getSession()->get(self::DAV_AUTHENTICATED) === $username;
|
|
|
|
}
|
|
|
|
|
2011-07-20 14:36:36 +00:00
|
|
|
/**
|
|
|
|
* Validates a username and password
|
|
|
|
*
|
|
|
|
* This method should return true or false depending on if login
|
|
|
|
* succeeded.
|
|
|
|
*
|
2015-01-16 13:31:02 +00:00
|
|
|
* @param string $username
|
|
|
|
* @param string $password
|
2011-07-20 14:36:36 +00:00
|
|
|
* @return bool
|
|
|
|
*/
|
2012-09-07 13:22:01 +00:00
|
|
|
protected function validateUserPass($username, $password) {
|
2015-01-16 13:31:02 +00:00
|
|
|
if (OC_User::isLoggedIn() &&
|
|
|
|
$this->isDavAuthenticated($username)
|
|
|
|
) {
|
2012-12-13 00:30:25 +00:00
|
|
|
OC_Util::setupFS(OC_User::getUser());
|
2015-01-19 15:25:44 +00:00
|
|
|
\OC::$server->getSession()->close();
|
2011-07-20 14:36:36 +00:00
|
|
|
return true;
|
2012-07-15 19:17:27 +00:00
|
|
|
} else {
|
2015-01-16 13:31:02 +00:00
|
|
|
OC_Util::setUpFS(); //login hooks may need early access to the filesystem
|
2012-09-10 09:29:35 +00:00
|
|
|
if(OC_User::login($username, $password)) {
|
2015-02-16 22:34:49 +00:00
|
|
|
// make sure we use owncloud's internal username here
|
|
|
|
// and not the HTTP auth supplied one, see issue #14048
|
|
|
|
$ocUser = OC_User::getUser();
|
|
|
|
OC_Util::setUpFS($ocUser);
|
|
|
|
\OC::$server->getSession()->set(self::DAV_AUTHENTICATED, $ocUser);
|
2015-01-16 13:31:02 +00:00
|
|
|
\OC::$server->getSession()->close();
|
2012-07-15 19:17:27 +00:00
|
|
|
return true;
|
2015-01-16 13:31:02 +00:00
|
|
|
} else {
|
|
|
|
\OC::$server->getSession()->close();
|
2012-07-15 19:17:27 +00:00
|
|
|
return false;
|
|
|
|
}
|
2011-07-20 14:36:36 +00:00
|
|
|
}
|
|
|
|
}
|
2012-12-13 00:30:34 +00:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Returns information about the currently logged in username.
|
|
|
|
*
|
|
|
|
* If nobody is currently logged in, this method should return null.
|
|
|
|
*
|
|
|
|
* @return string|null
|
|
|
|
*/
|
|
|
|
public function getCurrentUser() {
|
|
|
|
$user = OC_User::getUser();
|
2015-01-16 13:31:02 +00:00
|
|
|
if($user && $this->isDavAuthenticated($user)) {
|
|
|
|
return $user;
|
2012-12-13 00:30:34 +00:00
|
|
|
}
|
2015-01-16 13:31:02 +00:00
|
|
|
return null;
|
2012-12-13 00:30:34 +00:00
|
|
|
}
|
2013-07-12 11:42:01 +00:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Override function here. We want to cache authentication cookies
|
|
|
|
* in the syncing client to avoid HTTP-401 roundtrips.
|
|
|
|
* If the sync client supplies the cookies, then OC_User::isLoggedIn()
|
|
|
|
* will return true and we can see this WebDAV request as already authenticated,
|
|
|
|
* even if there are no HTTP Basic Auth headers.
|
|
|
|
* In other case, just fallback to the parent implementation.
|
|
|
|
*
|
2014-01-09 13:25:48 +00:00
|
|
|
* @param \Sabre\DAV\Server $server
|
2014-05-11 20:51:30 +00:00
|
|
|
* @param $realm
|
2013-07-12 11:42:01 +00:00
|
|
|
* @return bool
|
|
|
|
*/
|
2014-01-09 13:25:48 +00:00
|
|
|
public function authenticate(\Sabre\DAV\Server $server, $realm) {
|
2013-10-01 22:55:35 +00:00
|
|
|
|
2014-03-10 13:40:36 +00:00
|
|
|
$result = $this->auth($server, $realm);
|
|
|
|
return $result;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2014-01-09 13:25:48 +00:00
|
|
|
* @param \Sabre\DAV\Server $server
|
2014-03-10 13:40:36 +00:00
|
|
|
* @param $realm
|
|
|
|
* @return bool
|
|
|
|
*/
|
2014-01-09 13:25:48 +00:00
|
|
|
private function auth(\Sabre\DAV\Server $server, $realm) {
|
2015-01-20 08:53:03 +00:00
|
|
|
if (OC_User::handleApacheAuth() ||
|
|
|
|
(OC_User::isLoggedIn() && is_null(\OC::$server->getSession()->get(self::DAV_AUTHENTICATED)))
|
|
|
|
) {
|
2013-07-12 11:42:01 +00:00
|
|
|
$user = OC_User::getUser();
|
|
|
|
OC_Util::setupFS($user);
|
|
|
|
$this->currentUser = $user;
|
2015-01-20 08:53:03 +00:00
|
|
|
\OC::$server->getSession()->close();
|
2013-10-14 12:51:25 +00:00
|
|
|
return true;
|
2013-07-12 11:42:01 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
return parent::authenticate($server, $realm);
|
2014-03-10 13:40:36 +00:00
|
|
|
}
|
2012-08-29 06:38:33 +00:00
|
|
|
}
|