Sfoglia il codice sorgente
use login hook credentials as fallback
If no session token is available, we can use the credentials provided by the login hook. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>tags/v12.0.0beta1
Christoph Wurst
7 anni fa
3 ha cambiato i file con 77 aggiunte e 19 eliminazioni
+ 1
- 11
apps/files_external/lib/Lib/Auth/Password/SessionCredentials.php
Vedi File
| @@ -32,27 +32,17 @@ use OCP\Authentication\Exceptions\CredentialsUnavailableException; | |||
| use OCP\Authentication\LoginCredentials\IStore as CredentialsStore; | |||
| use OCP\Files\Storage; | |||
| use OCP\IL10N; | |||
| use OCP\ISession; | |||
| use OCP\IUser; | |||
| use OCP\Security\ICrypto; | |||
| /** | |||
| * Username and password from login credentials, saved in session | |||
| */ | |||
| class SessionCredentials extends AuthMechanism { | |||
| /** @var ISession */ | |||
| protected $session; | |||
| /** @var ICrypto */ | |||
| protected $crypto; | |||
| /** @var CredentialsStore */ | |||
| private $credentialsStore; | |||
| public function __construct(IL10N $l, ISession $session, ICrypto $crypto, CredentialsStore $credentialsStore) { | |||
| $this->session = $session; | |||
| $this->crypto = $crypto; | |||
| public function __construct(IL10N $l, CredentialsStore $credentialsStore) { | |||
| $this->credentialsStore = $credentialsStore; | |||
| $this->setIdentifier('password::sessioncredentials') | |||
+ 21
- 0
lib/private/Authentication/LoginCredentials/Store.php
Vedi File
| @@ -33,6 +33,7 @@ use OCP\Authentication\LoginCredentials\IStore; | |||
| use OCP\ILogger; | |||
| use OCP\ISession; | |||
| use OCP\Session\Exceptions\SessionNotAvailableException; | |||
| use OCP\Util; | |||
| class Store implements IStore { | |||
| @@ -54,6 +55,17 @@ class Store implements IStore { | |||
| $this->session = $session; | |||
| $this->tokenProvider = $tokenProvider; | |||
| $this->logger = $logger; | |||
| Util::connectHook('OC_User', 'post_login', $this, 'authenticate'); | |||
| } | |||
| /** | |||
| * Hook listener on post login | |||
| * | |||
| * @param array $params | |||
| */ | |||
| public function authenticate(array $params) { | |||
| $this->session->set('login_credentials', json_encode($params)); | |||
| } | |||
| /** | |||
| @@ -72,6 +84,7 @@ class Store implements IStore { | |||
| * @throws CredentialsUnavailableException | |||
| */ | |||
| public function getLoginCredentials() { | |||
| $trySession = false; | |||
| try { | |||
| $sessionId = $this->session->getId(); | |||
| $token = $this->tokenProvider->getToken($sessionId); | |||
| @@ -85,9 +98,17 @@ class Store implements IStore { | |||
| $this->logger->debug('could not get login credentials because session is unavailable', ['app' => 'core']); | |||
| } catch (InvalidTokenException $ex) { | |||
| $this->logger->debug('could not get login credentials because the token is invalid', ['app' => 'core']); | |||
| $trySession = true; | |||
| } catch (PasswordlessTokenException $ex) { | |||
| $this->logger->debug('could not get login credentials because the token has no password', ['app' => 'core']); | |||
| $trySession = true; | |||
| } | |||
| if ($trySession && $this->session->exists('login_credentials')) { | |||
| $creds = json_decode($this->session->get('login_credentials')); | |||
| return new Credentials($creds->uid, $creds->uid, $creds->password); | |||
| } | |||
| // If we reach this line, an exception was thrown. | |||
| throw new CredentialsUnavailableException(); | |||
| } | |||
+ 55
- 8
tests/lib/Authentication/LoginCredentials/StoreTest.php
Vedi File
| @@ -34,6 +34,7 @@ use OCP\Authentication\Exceptions\CredentialsUnavailableException; | |||
| use OCP\ILogger; | |||
| use OCP\ISession; | |||
| use OCP\Session\Exceptions\SessionNotAvailableException; | |||
| use PHPUnit_Framework_MockObject_MockObject; | |||
| use Test\TestCase; | |||
| class StoreTest extends TestCase { | |||
| @@ -60,6 +61,26 @@ class StoreTest extends TestCase { | |||
| $this->store = new Store($this->session, $this->tokenProvider, $this->logger); | |||
| } | |||
| public function testAuthenticate() { | |||
| $params = [ | |||
| 'run' => true, | |||
| 'uid' => 'user123', | |||
| 'password' => 123456, | |||
| ]; | |||
| $this->session->expects($this->once()) | |||
| ->method('set') | |||
| ->with($this->equalTo('login_credentials'), $this->equalTo(json_encode($params))); | |||
| $this->store->authenticate($params); | |||
| } | |||
| public function testSetSession() { | |||
| $session = $this->createMock(ISession::class); | |||
| $this->store->setSession($session); | |||
| } | |||
| public function testGetLoginCredentials() { | |||
| $uid = 'uid'; | |||
| $user = 'user123'; | |||
| @@ -67,21 +88,21 @@ class StoreTest extends TestCase { | |||
| $token = $this->createMock(IToken::class); | |||
| $this->session->expects($this->once()) | |||
| ->method('getId') | |||
| ->will($this->returnValue('sess2233')); | |||
| ->willReturn('sess2233'); | |||
| $this->tokenProvider->expects($this->once()) | |||
| ->method('getToken') | |||
| ->with('sess2233') | |||
| ->will($this->returnValue($token)); | |||
| ->willReturn($token); | |||
| $token->expects($this->once()) | |||
| ->method('getUID') | |||
| ->will($this->returnValue($uid)); | |||
| ->willReturn($uid); | |||
| $token->expects($this->once()) | |||
| ->method('getLoginName') | |||
| ->will($this->returnValue($user)); | |||
| ->willReturn($user); | |||
| $this->tokenProvider->expects($this->once()) | |||
| ->method('getPassword') | |||
| ->with($token, 'sess2233') | |||
| ->will($this->returnValue($password)); | |||
| ->willReturn($password); | |||
| $expected = new Credentials($uid, $user, $password); | |||
| $creds = $this->store->getLoginCredentials(); | |||
| @@ -101,7 +122,7 @@ class StoreTest extends TestCase { | |||
| public function testGetLoginCredentialsInvalidToken() { | |||
| $this->session->expects($this->once()) | |||
| ->method('getId') | |||
| ->will($this->returnValue('sess2233')); | |||
| ->willReturn('sess2233'); | |||
| $this->tokenProvider->expects($this->once()) | |||
| ->method('getToken') | |||
| ->with('sess2233') | |||
| @@ -110,11 +131,37 @@ class StoreTest extends TestCase { | |||
| $this->store->getLoginCredentials(); | |||
| } | |||
| public function testGetLoginCredentialsInvalidTokenLoginCredentials() { | |||
| $uid = 'user987'; | |||
| $password = '7389374'; | |||
| $this->session->expects($this->once()) | |||
| ->method('getId') | |||
| ->willReturn('sess2233'); | |||
| $this->tokenProvider->expects($this->once()) | |||
| ->method('getToken') | |||
| ->with('sess2233') | |||
| ->will($this->throwException(new InvalidTokenException())); | |||
| $this->session->expects($this->once()) | |||
| ->method('exists') | |||
| ->with($this->equalTo('login_credentials')) | |||
| ->willReturn(true); | |||
| $this->session->expects($this->once()) | |||
| ->method('get') | |||
| ->with($this->equalTo('login_credentials')) | |||
| ->willReturn('{"run":true,"uid":"user987","password":"7389374"}'); | |||
| $expected = new Credentials('user987', 'user987', '7389374'); | |||
| $actual = $this->store->getLoginCredentials(); | |||
| $this->assertEquals($expected, $actual); | |||
| } | |||
| public function testGetLoginCredentialsPasswordlessToken() { | |||
| $this->session->expects($this->once()) | |||
| ->method('getId') | |||
| ->will($this->returnValue('sess2233')); | |||
| ->willReturn('sess2233'); | |||
| $this->tokenProvider->expects($this->once()) | |||
| ->method('getToken') | |||
| ->with('sess2233') | |||
Loading…