BearerAuth and multiple tokens support in remoteStorage app

author Michiel de Jong <michiel@unhosted.org>

Wed, 22 Feb 2012 18:05:52 +0000 (18:05 +0000)

committer Michiel de Jong <michiel@unhosted.org>

Wed, 22 Feb 2012 18:05:52 +0000 (18:05 +0000)
author Michiel de Jong <michiel@unhosted.org>
Wed, 22 Feb 2012 18:05:52 +0000 (18:05 +0000)
committer Michiel de Jong <michiel@unhosted.org>
Wed, 22 Feb 2012 18:05:52 +0000 (18:05 +0000)
diff --git a/apps/remoteStorage/BearerAuth.php b/apps/remoteStorage/BearerAuth.php

new file mode 100644 (file)

index 0000000..ebcf189
--- /dev/null
+++ b/apps/remoteStorage/BearerAuth.php
@@ -0,0 +1,61 @@
+<?php
+
+/**
+ * HTTP Bearer Authentication handler
+ *
+ * Use this class for easy http authentication setup
+ * 
+ * @package Sabre
+ * @subpackage HTTP 
+ * @copyright Copyright (C) 2007-2011 Rooftop Solutions. All rights reserved.
+ * @author Evert Pot (http://www.rooftopsolutions.nl/) 
+ * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License
+ */
+class Sabre_HTTP_BearerAuth extends Sabre_HTTP_AbstractAuth {
+
+    /**
+     * Returns the supplied username and password.
+     *
+     * The returned array has two values:
+     *   * 0 - username
+     *   * 1 - password
+     *
+     * If nothing was supplied, 'false' will be returned
+     *
+     * @return mixed 
+     */
+    public function getUserPass() {
+
+        // Apache and mod_php
+        if (($user = $this->httpRequest->getRawServerValue('PHP_AUTH_USER')) && ($pass = $this->httpRequest->getRawServerValue('PHP_AUTH_PW'))) {
+
+            return array($user,$pass);
+
+        }
+
+        // Most other webservers 
+        $auth = $this->httpRequest->getHeader('Authorization');
+
+        if (!$auth) return false;
+
+        if (strpos(strtolower($auth),'bearer')!==0) return false; 
+
+        return explode(':', base64_decode(substr($auth, 7)));
+
+    }
+
+    /**
+     * Returns an HTTP 401 header, forcing login
+     *
+     * This should be called when username and password are incorrect, or not supplied at all
+     *
+     * @return void
+     */
+    public function requireLogin() {
+
+        $this->httpResponse->setHeader('WWW-Authenticate','Basic realm="' . $this->realm . '"');
+        $this->httpResponse->sendStatus(401);
+
+    }
+
+}
diff --git a/apps/remoteStorage/WebDAV.php b/apps/remoteStorage/WebDAV.php

index e048d19e8f2f8f665bf21951369a8579512ff7cd..06520b4021bf265429074aa1d7c6839eae2783fe 100644 (file)
--- a/apps/remoteStorage/WebDAV.php
+++ b/apps/remoteStorage/WebDAV.php
@@ -33,6 +33,7 @@ require_once('../../lib/base.php');
  OC_Util::checkAppEnabled('remoteStorage');
  require_once('Sabre/autoload.php');
  require_once('lib_remoteStorage.php');
+require_once('BearerAuth.php');
  require_once('oauth_ro_auth.php');
  
  ini_set('default_charset', 'UTF-8');
diff --git a/apps/remoteStorage/auth.php b/apps/remoteStorage/auth.php

index 85421ba3d888f92c3e4d0e6b49fd4a184f436efc..75e0aac419db964b04ced58339c1c8b366646813 100644 (file)
--- a/apps/remoteStorage/auth.php
+++ b/apps/remoteStorage/auth.php
@@ -68,14 +68,14 @@ if(count($pathParts) == 2 && $pathParts[0] == '') {
                 } else if($k=='redirect_uri'){
                         $appUrl=$v;
                 } else if($k=='scope'){
-                       $category=$v;
+                       $categories=$v;
                 }
         }
         $currUser = OC_User::getUser();
         if($currUser == $ownCloudUser) {
                 if(isset($_POST['allow'])) {
                         //TODO: check if this can be faked by editing the cookie in firebug!
-                       $token=OC_remoteStorage::createCategory($appUrl, $category);
+                       $token=OC_remoteStorage::createCategories($appUrl, $categories);
                         header('Location: '.$_GET['redirect_uri'].'#access_token='.$token.'&token_type=bearer');
                 } else {
                         echo '<form method="POST"><input name="allow" type="submit" value="Allow this web app to store stuff on your owncloud."></form>';
diff --git a/apps/remoteStorage/lib_remoteStorage.php b/apps/remoteStorage/lib_remoteStorage.php

index 4f19310904eaf8a613c52136ac898a9959e6f1ae..4f5c96645095a543e4d6c1b70095a0432ad10749 100644 (file)
--- a/apps/remoteStorage/lib_remoteStorage.php
+++ b/apps/remoteStorage/lib_remoteStorage.php
@@ -2,11 +2,13 @@
  
  class OC_remoteStorage {
         public static function getValidTokens($ownCloudUser, $category) {
-               $query=OC_DB::prepare("SELECT token,appUrl FROM *PREFIX*authtoken WHERE user=? AND category=? LIMIT 100");
-               $result=$query->execute(array($ownCloudUser,$category));
+               $query=OC_DB::prepare("SELECT token,appUrl,category FROM *PREFIX*authtoken WHERE user=? LIMIT 100");
+               $result=$query->execute(array($ownCloudUser));
                 $ret = array();
                 while($row=$result->fetchRow()){
-                       $ret[$row['token']]=true;
+                       if(in_array($category, explode(',', $row['category']))) {
+                               $ret[$row['token']]=true;
+                       }
                 }
                 return $ret;
         }
@@ -19,7 +21,7 @@ class OC_remoteStorage {
                 while($row=$result->fetchRow()){
                         $ret[$row['token']] = array(
                                 'appUrl' => $row['appurl'],
-                               'category' => $row['category'],
+                               'categories' => $row['category'],
                         );
                 }
                 return $ret;
@@ -30,21 +32,23 @@ class OC_remoteStorage {
                 $query=OC_DB::prepare("DELETE FROM *PREFIX*authtoken WHERE token=? AND user=?");
                 $result=$query->execute(array($token,$user));
         }
-       private static function addToken($token, $appUrl, $category){
+       private static function addToken($token, $appUrl, $categories){
                 $user=OC_User::getUser();
                 $query=OC_DB::prepare("INSERT INTO *PREFIX*authtoken (`token`,`appUrl`,`user`,`category`) VALUES(?,?,?,?)");
-               $result=$query->execute(array($token,$appUrl,$user,$category));
+               $result=$query->execute(array($token,$appUrl,$user,$categories));
         }
-       public static function createCategory($appUrl, $category) {
+       public static function createCategories($appUrl, $categories) {
                 $token=uniqid();
-               self::addToken($token, $appUrl, $category);
-               //TODO: input checking on $category
                 OC_Util::setupFS(OC_User::getUser());
-               $scopePathParts = array('remoteStorage', $category);
-               for($i=0;$i<=count($scopePathParts);$i++){
-                       $thisPath = '/'.implode('/', array_slice($scopePathParts, 0, $i));
-                       if(!OC_Filesystem::file_exists($thisPath)) {
-                               OC_Filesystem::mkdir($thisPath);
+               self::addToken($token, $appUrl, $categories);
+               foreach($categories as $category) {
+                       //TODO: input checking on $category
+                       $scopePathParts = array('remoteStorage', $category);
+                       for($i=0;$i<=count($scopePathParts);$i++){
+                               $thisPath = '/'.implode('/', array_slice($scopePathParts, 0, $i));
+                               if(!OC_Filesystem::file_exists($thisPath)) {
+                                       OC_Filesystem::mkdir($thisPath);
+                               }
                         }
                 }
                 return base64_encode('remoteStorage:'.$token);
diff --git a/apps/remoteStorage/oauth_ro_auth.php b/apps/remoteStorage/oauth_ro_auth.php

index 5403fbe20c9b530d76f16e5273551db5cc70c1c6..d4a55061492f0dade389d8cc5c5f8b0e72e602d3 100644 (file)
--- a/apps/remoteStorage/oauth_ro_auth.php
+++ b/apps/remoteStorage/oauth_ro_auth.php
@@ -34,7 +34,7 @@ class OC_Connector_Sabre_Auth_ro_oauth extends Sabre_DAV_Auth_Backend_AbstractBa
                 if(in_array($_SERVER['REQUEST_METHOD'], array('GET', 'HEAD', 'OPTIONS'))) {
                         OC_Util::setUpFS();
                         return true;
-               } else if(isset($this->validTokens[$password]) && $this->validTokens[$password] == $username) {
+               } else if(isset($this->validTokens[$password])) {
                         OC_Util::setUpFS();
                         return true;
                 } else {
@@ -47,7 +47,7 @@ die('not getting in with "'.$username.'"/"'.$password.'"!');
  
         //overwriting this to make it not automatically fail if no auth header is found:
         public function authenticate(Sabre_DAV_Server $server,$realm) {
-               $auth = new Sabre_HTTP_BasicAuth();
+               $auth = new Sabre_HTTP_BearerAuth();
                 $auth->setHTTPRequest($server->httpRequest);
                 $auth->setHTTPResponse($server->httpResponse);
                 $auth->setRealm($realm);
author	Michiel de Jong <michiel@unhosted.org>
	Wed, 22 Feb 2012 18:05:52 +0000 (18:05 +0000)
committer	Michiel de Jong <michiel@unhosted.org>
	Wed, 22 Feb 2012 18:05:52 +0000 (18:05 +0000)
apps/remoteStorage/BearerAuth.php	[new file with mode: 0644]	patch \| blob
apps/remoteStorage/WebDAV.php		patch \| blob \| history
apps/remoteStorage/auth.php		patch \| blob \| history
apps/remoteStorage/lib_remoteStorage.php		patch \| blob \| history
apps/remoteStorage/oauth_ro_auth.php		patch \| blob \| history