mirror of
https://github.com/nextcloud/server.git
synced 2024-08-05 20:16:00 +02:00
Implement password authentication mechanisms
Introduces the basic password authentication mechanism, along with a mechanism based on ownCloud credentials stored in the user session. Change to lib/private is an extension of PermissionsMask, as isSharable() override was missing. Session credentials auth mechanism now disables sharing on applied storages, as credentials will not be available.
This commit is contained in:
parent
5fd36d017e
commit
3bb793b6a7
@ -75,6 +75,10 @@ class Application extends App {
|
||||
|
||||
// AuthMechanism::SCHEME_BUILTIN mechanism
|
||||
$container->query('OCA\Files_External\Lib\Auth\Builtin'),
|
||||
|
||||
// AuthMechanism::SCHEME_PASSWORD mechanisms
|
||||
$container->query('OCA\Files_External\Lib\Auth\Password\Password'),
|
||||
$container->query('OCA\Files_External\Lib\Auth\Password\SessionCredentials'),
|
||||
]);
|
||||
}
|
||||
|
||||
|
45
apps/files_external/lib/auth/password/password.php
Normal file
45
apps/files_external/lib/auth/password/password.php
Normal file
@ -0,0 +1,45 @@
|
||||
<?php
|
||||
/**
|
||||
* @author Robin McCorkell <rmccorkell@owncloud.com>
|
||||
*
|
||||
* @copyright Copyright (c) 2015, ownCloud, Inc.
|
||||
* @license AGPL-3.0
|
||||
*
|
||||
* This code is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License, version 3,
|
||||
* as published by the Free Software Foundation.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License, version 3,
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>
|
||||
*
|
||||
*/
|
||||
|
||||
namespace OCA\Files_External\Lib\Auth\Password;
|
||||
|
||||
use \OCP\IL10N;
|
||||
use \OCA\Files_External\Lib\DefinitionParameter;
|
||||
use \OCA\Files_External\Lib\Auth\AuthMechanism;
|
||||
|
||||
/**
|
||||
* Basic password authentication mechanism
|
||||
*/
|
||||
class Password extends AuthMechanism {
|
||||
|
||||
public function __construct(IL10N $l) {
|
||||
$this
|
||||
->setIdentifier('password::password')
|
||||
->setScheme(self::SCHEME_PASSWORD)
|
||||
->setText($l->t('Username and password'))
|
||||
->addParameters([
|
||||
(new DefinitionParameter('user', $l->t('Username'))),
|
||||
(new DefinitionParameter('password', $l->t('Password')))
|
||||
->setType(DefinitionParameter::VALUE_PASSWORD),
|
||||
]);
|
||||
}
|
||||
|
||||
}
|
84
apps/files_external/lib/auth/password/sessioncredentials.php
Normal file
84
apps/files_external/lib/auth/password/sessioncredentials.php
Normal file
@ -0,0 +1,84 @@
|
||||
<?php
|
||||
/**
|
||||
* @author Robin McCorkell <rmccorkell@owncloud.com>
|
||||
*
|
||||
* @copyright Copyright (c) 2015, ownCloud, Inc.
|
||||
* @license AGPL-3.0
|
||||
*
|
||||
* This code is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License, version 3,
|
||||
* as published by the Free Software Foundation.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License, version 3,
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>
|
||||
*
|
||||
*/
|
||||
|
||||
namespace OCA\Files_External\Lib\Auth\Password;
|
||||
|
||||
use \OCP\IL10N;
|
||||
use \OCA\Files_External\Lib\DefinitionParameter;
|
||||
use \OCA\Files_External\Lib\Auth\AuthMechanism;
|
||||
use \OCA\Files_External\Lib\StorageConfig;
|
||||
use \OCP\ISession;
|
||||
use \OCP\Security\ICrypto;
|
||||
use \OCP\Files\Storage;
|
||||
use \OCA\Files_External\Lib\SessionStorageWrapper;
|
||||
use \OCA\Files_External\Lib\InsufficientDataForMeaningfulAnswerException;
|
||||
|
||||
/**
|
||||
* Username and password from login credentials, saved in session
|
||||
*/
|
||||
class SessionCredentials extends AuthMechanism {
|
||||
|
||||
/** @var ISession */
|
||||
protected $session;
|
||||
|
||||
/** @var ICrypto */
|
||||
protected $crypto;
|
||||
|
||||
public function __construct(IL10N $l, ISession $session, ICrypto $crypto) {
|
||||
$this->session = $session;
|
||||
$this->crypto = $crypto;
|
||||
|
||||
$this
|
||||
->setIdentifier('password::sessioncredentials')
|
||||
->setScheme(self::SCHEME_PASSWORD)
|
||||
->setText($l->t('Session credentials'))
|
||||
->addParameters([
|
||||
])
|
||||
;
|
||||
|
||||
\OCP\Util::connectHook('OC_User', 'post_login', $this, 'authenticate');
|
||||
}
|
||||
|
||||
/**
|
||||
* Hook listener on post login
|
||||
*
|
||||
* @param array $params
|
||||
*/
|
||||
public function authenticate(array $params) {
|
||||
$this->session->set('password::sessioncredentials/credentials', $this->crypto->encrypt(json_encode($params)));
|
||||
}
|
||||
|
||||
public function manipulateStorageConfig(StorageConfig &$storage) {
|
||||
$encrypted = $this->session->get('password::sessioncredentials/credentials');
|
||||
if (!isset($encrypted)) {
|
||||
throw new InsufficientDataForMeaningfulAnswerException('No session credentials saved');
|
||||
}
|
||||
|
||||
$credentials = json_decode($this->crypto->decrypt($encrypted), true);
|
||||
$storage->setBackendOption('user', $this->session->get('loginname'));
|
||||
$storage->setBackendOption('password', $credentials['password']);
|
||||
}
|
||||
|
||||
public function wrapStorage(Storage $storage) {
|
||||
return new SessionStorageWrapper(['storage' => $storage]);
|
||||
}
|
||||
|
||||
}
|
43
apps/files_external/lib/sessionstoragewrapper.php
Normal file
43
apps/files_external/lib/sessionstoragewrapper.php
Normal file
@ -0,0 +1,43 @@
|
||||
<?php
|
||||
/**
|
||||
* @author Robin McCorkell <rmccorkell@owncloud.com>
|
||||
*
|
||||
* @copyright Copyright (c) 2015, ownCloud, Inc.
|
||||
* @license AGPL-3.0
|
||||
*
|
||||
* This code is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License, version 3,
|
||||
* as published by the Free Software Foundation.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License, version 3,
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>
|
||||
*
|
||||
*/
|
||||
|
||||
namespace OCA\Files_External\Lib;
|
||||
|
||||
use \OCP\Files\Storage;
|
||||
use \OC\Files\Storage\Wrapper\PermissionsMask;
|
||||
use \OCP\Constants;
|
||||
|
||||
/**
|
||||
* Wrap Storage in PermissionsMask for session ephemeral use
|
||||
*/
|
||||
class SessionStorageWrapper extends PermissionsMask {
|
||||
|
||||
/**
|
||||
* @param array $arguments ['storage' => $storage]
|
||||
*/
|
||||
public function __construct(array $arguments) {
|
||||
// disable sharing permission
|
||||
$arguments['mask'] = Constants::PERMISSION_ALL & ~Constants::PERMISSION_SHARE;
|
||||
parent::__construct($arguments);
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -65,6 +65,10 @@ class PermissionsMask extends Wrapper {
|
||||
return $this->checkMask(Constants::PERMISSION_DELETE) and parent::isDeletable($path);
|
||||
}
|
||||
|
||||
public function isSharable($path) {
|
||||
return $this->checkMask(Constants::PERMISSION_SHARE) and parent::isSharable($parm);
|
||||
}
|
||||
|
||||
public function getPermissions($path) {
|
||||
return $this->storage->getPermissions($path) & $this->mask;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user