mirrors
/
nextcloud
mirror of https://github.com/nextcloud/server.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 987 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
73733 Commits
413 Branches
Tree: ec5133b739
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'ec5133b739'
${ noResults }
nextcloud/apps/files_external/lib/Lib/Auth/Password/LoginCredentials.php

LoginCredentials.php 5.0KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142 
  1. <?php

  2. /**

  3.  * @copyright Copyright (c) 2015, ownCloud, Inc.

  4.  *

  5.  * @author blizzz <blizzz@arthur-schiwon.de>

  6.  * @author Christoph Wurst <christoph@winzerhof-wurst.at>

  7.  * @author Joas Schilling <coding@schilljs.com>

  8.  * @author Lukas Reschke <lukas@statuscode.ch>

  9.  * @author Morris Jobke <hey@morrisjobke.de>

  10.  * @author Robin Appelman <robin@icewind.nl>

  11.  * @author Roeland Jago Douma <roeland@famdouma.nl>

  12.  *

  13.  * @license AGPL-3.0

  14.  *

  15.  * This code is free software: you can redistribute it and/or modify

  16.  * it under the terms of the GNU Affero General Public License, version 3,

  17.  * as published by the Free Software Foundation.

  18.  *

  19.  * This program is distributed in the hope that it will be useful,

  20.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  21.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

  22.  * GNU Affero General Public License for more details.

  23.  *

  24.  * You should have received a copy of the GNU Affero General Public License, version 3,

  25.  * along with this program. If not, see <http://www.gnu.org/licenses/>

  26.  *

  27.  */

  28. namespace OCA\Files_External\Lib\Auth\Password;

  29. 

  30. use OCA\Files_External\Lib\Auth\AuthMechanism;

  31. use OCA\Files_External\Lib\InsufficientDataForMeaningfulAnswerException;

  32. use OCA\Files_External\Lib\StorageConfig;

  33. use OCA\Files_External\Listener\StorePasswordListener;

  34. use OCP\Authentication\Exceptions\CredentialsUnavailableException;

  35. use OCP\Authentication\LoginCredentials\IStore as CredentialsStore;

  36. use OCP\EventDispatcher\IEventDispatcher;

  37. use OCP\IL10N;

  38. use OCP\ISession;

  39. use OCP\IUser;

  40. use OCP\IUserBackend;

  41. use OCP\LDAP\ILDAPProviderFactory;

  42. use OCP\Security\ICredentialsManager;

  43. use OCP\User\Events\PasswordUpdatedEvent;

  44. use OCP\User\Events\UserLoggedInEvent;

  45. 

  46. /**

  47.  * Username and password from login credentials, saved in DB

  48.  */

  49. class LoginCredentials extends AuthMechanism {

  50. 	public const CREDENTIALS_IDENTIFIER = 'password::logincredentials/credentials';

  51. 

  52. 	/** @var ISession */

  53. 	protected $session;

  54. 

  55. 	/** @var ICredentialsManager */

  56. 	protected $credentialsManager;

  57. 

  58. 	/** @var CredentialsStore */

  59. 	private $credentialsStore;

  60. 

  61. 	/** @var ILDAPProviderFactory */

  62. 	private $ldapFactory;

  63. 

  64. 	public function __construct(

  65. 		IL10N $l,

  66. 		ISession $session,

  67. 		ICredentialsManager $credentialsManager,

  68. 		CredentialsStore $credentialsStore,

  69. 		IEventDispatcher $eventDispatcher,

  70. 		ILDAPProviderFactory $ldapFactory

  71. 	) {

  72. 		$this->session = $session;

  73. 		$this->credentialsManager = $credentialsManager;

  74. 		$this->credentialsStore = $credentialsStore;

  75. 		$this->ldapFactory = $ldapFactory;

  76. 

  77. 		$this

  78. 			->setIdentifier('password::logincredentials')

  79. 			->setScheme(self::SCHEME_PASSWORD)

  80. 			->setText($l->t('Log-in credentials, save in database'))

  81. 			->addParameters([

  82. 			]);

  83. 

  84. 		$eventDispatcher->addServiceListener(UserLoggedInEvent::class, StorePasswordListener::class);

  85. 		$eventDispatcher->addServiceListener(PasswordUpdatedEvent::class, StorePasswordListener::class);

  86. 	}

  87. 

  88. 	private function getCredentials(IUser $user): array {

  89. 		$credentials = $this->credentialsManager->retrieve($user->getUID(), self::CREDENTIALS_IDENTIFIER);

  90. 

  91. 		if (is_null($credentials)) {

  92. 			// nothing saved in db, try to get it from the session and save it

  93. 			try {

  94. 				$sessionCredentials = $this->credentialsStore->getLoginCredentials();

  95. 

  96. 				if ($sessionCredentials->getUID() !== $user->getUID()) {

  97. 					// Can't take the credentials from the session as they are not the same user

  98. 					throw new CredentialsUnavailableException();

  99. 				}

  100. 

  101. 				$credentials = [

  102. 					'user' => $sessionCredentials->getLoginName(),

  103. 					'password' => $sessionCredentials->getPassword(),

  104. 				];

  105. 

  106. 				$this->credentialsManager->store($user->getUID(), self::CREDENTIALS_IDENTIFIER, $credentials);

  107. 			} catch (CredentialsUnavailableException $e) {

  108. 				throw new InsufficientDataForMeaningfulAnswerException('No login credentials saved');

  109. 			}

  110. 		}

  111. 

  112. 		return $credentials;

  113. 	}

  114. 

  115. 	public function manipulateStorageConfig(StorageConfig &$storage, ?IUser $user = null) {

  116. 		if (!isset($user)) {

  117. 			throw new InsufficientDataForMeaningfulAnswerException('No login credentials saved');

  118. 		}

  119. 		$credentials = $this->getCredentials($user);

  120. 

  121. 		$loginKey = $storage->getBackendOption("login_ldap_attr");

  122. 		if ($loginKey) {

  123. 			$backend = $user->getBackend();

  124. 			if ($backend instanceof IUserBackend && $backend->getBackendName() === 'LDAP') {

  125. 				$value = $this->getLdapPropertyForUser($user, $loginKey);

  126. 				if ($value === null) {

  127. 					throw new InsufficientDataForMeaningfulAnswerException('Custom ldap attribute not set for user ' . $user->getUID());

  128. 				}

  129. 				$storage->setBackendOption('user', $value);

  130. 			} else {

  131. 				throw new InsufficientDataForMeaningfulAnswerException('Custom ldap attribute configured but user ' . $user->getUID() . ' is not an ldap user');

  132. 			}

  133. 		} else {

  134. 			$storage->setBackendOption('user', $credentials['user']);

  135. 		}

  136. 		$storage->setBackendOption('password', $credentials['password']);

  137. 	}

  138. 

  139. 	private function getLdapPropertyForUser(IUser $user, string $property): ?string {

  140. 		return $this->ldapFactory->getLDAPProvider()->getUserAttribute($user->getUID(), $property);

  141. 	}

  142. }