Allow trusted servers to authenticate
This commit is contained in:
Thomas Müller
parent
4fc0fbe8d0
commit
cdc536c423
4 changed files with 85 additions and 3 deletions
55
apps/dav/lib/connector/fedauth.php
Normal file
55
apps/dav/lib/connector/fedauth.php
Normal file
|
|
@ -0,0 +1,55 @@
|
|||
<?php
|
||||
/**
|
||||
* @author Thomas Müller <thomas.mueller@tmit.eu>
|
||||
*
|
||||
* @copyright Copyright (c) 2015, ownCloud, Inc.
|
||||
* @license AGPL-3.0
|
||||
*
|
||||
* This code is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License, version 3,
|
||||
* as published by the Free Software Foundation.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License, version 3,
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>
|
||||
*
|
||||
*/
|
||||
namespace OCA\DAV\Connector;
|
||||
|
||||
use OCA\Federation\DbHandler;
|
||||
use OCP\IDBConnection;
|
||||
use Sabre\DAV\Auth\Backend\AbstractBasic;
|
||||
|
||||
class FedAuth extends AbstractBasic {
|
||||
|
||||
/**
|
||||
* FedAuth constructor.
|
||||
*
|
||||
* @param IDBConnection $db
|
||||
*/
|
||||
public function __construct(IDBConnection $db) {
|
||||
$this->db = $db;
|
||||
$this->principalPrefix = 'principals/system/';
|
||||
}
|
||||
|
||||
/**
|
||||
* Validates a username and password
|
||||
*
|
||||
* This method should return true or false depending on if login
|
||||
* succeeded.
|
||||
*
|
||||
* @param string $username
|
||||
* @param string $password
|
||||
* @return bool
|
||||
*/
|
||||
protected function validateUserPass($username, $password) {
|
||||
$h = new DbHandler($this->db,
|
||||
\OC::$server->getL10N('federation')
|
||||
);
|
||||
return $h->auth($username, $password);
|
||||
}
|
||||
}
|
||||
|
|
@ -3,6 +3,7 @@
|
|||
namespace OCA\DAV;
|
||||
|
||||
use OCA\DAV\CalDAV\Schedule\IMipPlugin;
|
||||
use OCA\DAV\Connector\FedAuth;
|
||||
use OCA\DAV\Connector\Sabre\Auth;
|
||||
use OCA\DAV\Connector\Sabre\BlockLegacyClientPlugin;
|
||||
use OCA\DAV\Files\CustomPropertiesBackend;
|
||||
|
|
@ -35,7 +36,9 @@ class Server {
|
|||
$this->server->setBaseUri($this->baseUri);
|
||||
|
||||
$this->server->addPlugin(new BlockLegacyClientPlugin(\OC::$server->getConfig()));
|
||||
$this->server->addPlugin(new Plugin($authBackend, 'ownCloud'));
|
||||
$authPlugin = new Plugin($authBackend, 'ownCloud');
|
||||
$authPlugin->addBackend(new FedAuth(\OC::$server->getDatabaseConnection()));
|
||||
$this->server->addPlugin($authPlugin);
|
||||
$this->server->addPlugin(new \OCA\DAV\Connector\Sabre\DummyGetResponsePlugin());
|
||||
$this->server->addPlugin(new \OCA\DAV\Connector\Sabre\ExceptionLoggerPlugin('webdav', $logger));
|
||||
$this->server->addPlugin(new \OCA\DAV\Connector\Sabre\LockPlugin());
|
||||
|
|
|
|||
|
|
@ -34,7 +34,7 @@
|
|||
<name>token</name>
|
||||
<type>text</type>
|
||||
<length>128</length>
|
||||
<comments>toke used to exchange the shared secret</comments>
|
||||
<comments>token used to exchange the shared secret</comments>
|
||||
</field>
|
||||
<field>
|
||||
<name>shared_secret</name>
|
||||
|
|
@ -50,6 +50,13 @@
|
|||
<default>2</default>
|
||||
<comments>current status of the connection</comments>
|
||||
</field>
|
||||
<field>
|
||||
<name>sync_token</name>
|
||||
<type>integer</type>
|
||||
<notnull>true</notnull>
|
||||
<default>0</default>
|
||||
<comments>cardDav sync token</comments>
|
||||
</field>
|
||||
<index>
|
||||
<name>url_hash</name>
|
||||
<unique>true</unique>
|
||||
|
|
|
|||
|
|
@ -111,7 +111,7 @@ class DbHandler {
|
|||
*/
|
||||
public function getAllServer() {
|
||||
$query = $this->connection->getQueryBuilder();
|
||||
$query->select(['url', 'id', 'status'])->from($this->dbTable);
|
||||
$query->select(['url', 'id', 'status', 'shared_secret', 'sync_token'])->from($this->dbTable);
|
||||
$result = $query->execute()->fetchAll();
|
||||
return $result;
|
||||
}
|
||||
|
|
@ -267,4 +267,21 @@ class DbHandler {
|
|||
return $normalized;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param $username
|
||||
* @param $password
|
||||
* @return bool
|
||||
*/
|
||||
public function auth($username, $password) {
|
||||
if ($username !== 'system') {
|
||||
return false;
|
||||
}
|
||||
$query = $this->connection->getQueryBuilder();
|
||||
$query->select('url')->from($this->dbTable)
|
||||
->where($query->expr()->eq('shared_secret', $query->createNamedParameter($password)));
|
||||
|
||||
$result = $query->execute()->fetch();
|
||||
return !empty($result);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue