\OC::$server->getSession(),
\OC::$server->getUserSession(),
\OC::$server->getRequest(),
+ \OC::$server->getTwoFactorAuthManager(),
'principals/'
);
$principalBackend = new Principal(
\OC::$server->getSession(),
\OC::$server->getUserSession(),
\OC::$server->getRequest(),
+ \OC::$server->getTwoFactorAuthManager(),
'principals/'
);
$principalBackend = new Principal(
\OC::$server->getSession(),
\OC::$server->getUserSession(),
\OC::$server->getRequest(),
+ \OC::$server->getTwoFactorAuthManager(),
'principals/'
);
$requestUri = \OC::$server->getRequest()->getRequestUri();
use Exception;
use OC\AppFramework\Http\Request;
+use OC\Authentication\TwoFactorAuth\Manager;
+use OC\User\Session;
use OCP\IRequest;
use OCP\ISession;
-use OC\User\Session;
use Sabre\DAV\Auth\Backend\AbstractBasic;
use Sabre\DAV\Exception\NotAuthenticated;
use Sabre\DAV\Exception\ServiceUnavailable;
use Sabre\HTTP\ResponseInterface;
class Auth extends AbstractBasic {
+
+
const DAV_AUTHENTICATED = 'AUTHENTICATED_TO_DAV_BACKEND';
/** @var ISession */
private $request;
/** @var string */
private $currentUser;
+ /** @var Manager */
+ private $twoFactorManager;
/**
* @param ISession $session
* @param Session $userSession
* @param IRequest $request
+ * @param Manager $twoFactorManager
* @param string $principalPrefix
*/
public function __construct(ISession $session,
Session $userSession,
IRequest $request,
+ Manager $twoFactorManager,
$principalPrefix = 'principals/users/') {
$this->session = $session;
$this->userSession = $userSession;
+ $this->twoFactorManager = $twoFactorManager;
$this->request = $request;
$this->principalPrefix = $principalPrefix;
}
if($forcedLogout) {
$this->userSession->logout();
} else {
+ if ($this->twoFactorManager->needsSecondFactor()) {
+ throw new \Sabre\DAV\Exception\NotAuthenticated('2FA challenge not passed.');
+ }
if (\OC_User::handleApacheAuth() ||
//Fix for broken webdav clients
($this->userSession->isLoggedIn() && is_null($this->session->get(self::DAV_AUTHENTICATED))) ||
namespace OCA\DAV;
use OCA\DAV\CalDAV\Schedule\IMipPlugin;
-use OCA\DAV\Connector\FedAuth;
use OCA\DAV\Connector\Sabre\Auth;
use OCA\DAV\Connector\Sabre\BlockLegacyClientPlugin;
use OCA\DAV\Connector\Sabre\DavAclPlugin;
$authBackend = new Auth(
\OC::$server->getSession(),
\OC::$server->getUserSession(),
- \OC::$server->getRequest()
+ \OC::$server->getRequest(),
+ \OC::$server->getTwoFactorAuthManager()
);
// Set URL explicitly due to reverse-proxy situations
namespace OCA\DAV\Tests\unit\Connector\Sabre;
+use OC\Authentication\TwoFactorAuth\Manager;
+use OC\User\Session;
use OCP\IRequest;
+use OCP\ISession;
use OCP\IUser;
use Test\TestCase;
-use OCP\ISession;
-use OC\User\Session;
/**
* Class AuthTest
private $userSession;
/** @var IRequest */
private $request;
+ /** @var Manager */
+ private $twoFactorManager;
public function setUp() {
parent::setUp();
->disableOriginalConstructor()->getMock();
$this->request = $this->getMockBuilder('\OCP\IRequest')
->disableOriginalConstructor()->getMock();
+ $this->twoFactorManager = $this->getMockBuilder('\OC\Authentication\TwoFactorAuth\Manager')
+ ->disableOriginalConstructor()
+ ->getMock();
$this->auth = new \OCA\DAV\Connector\Sabre\Auth(
$this->session,
$this->userSession,
- $this->request
+ $this->request,
+ $this->twoFactorManager
);
}
$this->auth->check($request, $response);
}
+ /**
+ * @expectedException \Sabre\DAV\Exception\NotAuthenticated
+ * @expectedExceptionMessage 2FA challenge not passed.
+ */
+ public function testAuthenticateAlreadyLoggedInWithoutTwoFactorChallengePassed() {
+ $request = $this->getMockBuilder('Sabre\HTTP\RequestInterface')
+ ->disableOriginalConstructor()
+ ->getMock();
+ $response = $this->getMockBuilder('Sabre\HTTP\ResponseInterface')
+ ->disableOriginalConstructor()
+ ->getMock();
+ $this->userSession
+ ->expects($this->any())
+ ->method('isLoggedIn')
+ ->willReturn(true);
+ $this->request
+ ->expects($this->any())
+ ->method('getMethod')
+ ->willReturn('PROPFIND');
+ $this->request
+ ->expects($this->any())
+ ->method('isUserAgent')
+ ->with([
+ '/^Mozilla\/5\.0 \([A-Za-z ]+\) (mirall|csyncoC)\/.*$/',
+ '/^Mozilla\/5\.0 \(Android\) ownCloud\-android.*$/',
+ '/^Mozilla\/5\.0 \(iOS\) ownCloud\-iOS.*$/',
+ ])
+ ->willReturn(false);
+ $this->session
+ ->expects($this->any())
+ ->method('get')
+ ->with('AUTHENTICATED_TO_DAV_BACKEND')
+ ->will($this->returnValue('LoggedInUser'));
+ $user = $this->getMockBuilder('\OCP\IUser')
+ ->disableOriginalConstructor()
+ ->getMock();
+ $user->expects($this->any())
+ ->method('getUID')
+ ->will($this->returnValue('LoggedInUser'));
+ $this->userSession
+ ->expects($this->any())
+ ->method('getUser')
+ ->will($this->returnValue($user));
+ $this->request
+ ->expects($this->once())
+ ->method('passesCSRFCheck')
+ ->willReturn(true);
+ $this->twoFactorManager->expects($this->once())
+ ->method('needsSecondFactor')
+ ->will($this->returnValue(true));
+ $this->auth->check($request, $response);
+ }
+
/**
* @expectedException \Sabre\DAV\Exception\NotAuthenticated
* @expectedExceptionMessage CSRF check not passed.
projects / nextcloud-server.git / commitdiff