diff options
author | Georg Ehrke <dev@georgswebsite.de> | 2012-04-21 23:24:39 +0200 |
---|---|---|
committer | Georg Ehrke <dev@georgswebsite.de> | 2012-04-21 23:24:39 +0200 |
commit | e2f64394f3ba3ec7a1e653a654982dbfe9c4370b (patch) | |
tree | 9c46b30c8da19f6cef3d4e328d3ccb897525aec0 /3rdparty/Sabre/DAV/Auth | |
parent | a0a80e74c2b7ba32cd6e8a57dcfba6bcadab3053 (diff) | |
download | nextcloud-server-e2f64394f3ba3ec7a1e653a654982dbfe9c4370b.tar.gz nextcloud-server-e2f64394f3ba3ec7a1e653a654982dbfe9c4370b.zip |
update to SabreDav 1.6.2
Diffstat (limited to '3rdparty/Sabre/DAV/Auth')
-rwxr-xr-x | 3rdparty/Sabre/DAV/Auth/Backend/AbstractBasic.php | 83 | ||||
-rwxr-xr-x | 3rdparty/Sabre/DAV/Auth/Backend/AbstractDigest.php | 98 | ||||
-rwxr-xr-x | 3rdparty/Sabre/DAV/Auth/Backend/Apache.php | 62 | ||||
-rwxr-xr-x | 3rdparty/Sabre/DAV/Auth/Backend/File.php | 75 | ||||
-rwxr-xr-x | 3rdparty/Sabre/DAV/Auth/Backend/PDO.php | 65 | ||||
-rwxr-xr-x | 3rdparty/Sabre/DAV/Auth/IBackend.php | 36 | ||||
-rwxr-xr-x | 3rdparty/Sabre/DAV/Auth/Plugin.php | 111 |
7 files changed, 530 insertions, 0 deletions
diff --git a/3rdparty/Sabre/DAV/Auth/Backend/AbstractBasic.php b/3rdparty/Sabre/DAV/Auth/Backend/AbstractBasic.php new file mode 100755 index 00000000000..1e89b84f9a1 --- /dev/null +++ b/3rdparty/Sabre/DAV/Auth/Backend/AbstractBasic.php @@ -0,0 +1,83 @@ +<?php +/** + * HTTP Basic authentication backend class + * + * This class can be used by authentication objects wishing to use HTTP Basic + * Most of the digest logic is handled, implementors just need to worry about + * the validateUserPass method. + * + * @package Sabre + * @subpackage DAV + * @copyright Copyright (C) 2007-2012 Rooftop Solutions. All rights reserved. + * @author James David Low (http://jameslow.com/) + * @author Evert Pot (http://www.rooftopsolutions.nl/) + * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License + */ +abstract class Sabre_DAV_Auth_Backend_AbstractBasic implements Sabre_DAV_Auth_IBackend { + + /** + * This variable holds the currently logged in username. + * + * @var string|null + */ + protected $currentUser; + + /** + * Validates a username and password + * + * This method should return true or false depending on if login + * succeeded. + * + * @param string $username + * @param string $password + * @return bool + */ + abstract protected function validateUserPass($username, $password); + + /** + * Returns information about the currently logged in username. + * + * If nobody is currently logged in, this method should return null. + * + * @return string|null + */ + public function getCurrentUser() { + return $this->currentUser; + } + + + /** + * Authenticates the user based on the current request. + * + * If authentication is successful, true must be returned. + * If authentication fails, an exception must be thrown. + * + * @param Sabre_DAV_Server $server + * @param string $realm + * @throws Sabre_DAV_Exception_NotAuthenticated + * @return bool + */ + public function authenticate(Sabre_DAV_Server $server, $realm) { + + $auth = new Sabre_HTTP_BasicAuth(); + $auth->setHTTPRequest($server->httpRequest); + $auth->setHTTPResponse($server->httpResponse); + $auth->setRealm($realm); + $userpass = $auth->getUserPass(); + if (!$userpass) { + $auth->requireLogin(); + throw new Sabre_DAV_Exception_NotAuthenticated('No basic authentication headers were found'); + } + + // Authenticates the user + if (!$this->validateUserPass($userpass[0],$userpass[1])) { + $auth->requireLogin(); + throw new Sabre_DAV_Exception_NotAuthenticated('Username or password does not match'); + } + $this->currentUser = $userpass[0]; + return true; + } + + +} + diff --git a/3rdparty/Sabre/DAV/Auth/Backend/AbstractDigest.php b/3rdparty/Sabre/DAV/Auth/Backend/AbstractDigest.php new file mode 100755 index 00000000000..9833928b976 --- /dev/null +++ b/3rdparty/Sabre/DAV/Auth/Backend/AbstractDigest.php @@ -0,0 +1,98 @@ +<?php + +/** + * HTTP Digest authentication backend class + * + * This class can be used by authentication objects wishing to use HTTP Digest + * Most of the digest logic is handled, implementors just need to worry about + * the getDigestHash method + * + * @package Sabre + * @subpackage DAV + * @copyright Copyright (C) 2007-2012 Rooftop Solutions. All rights reserved. + * @author Evert Pot (http://www.rooftopsolutions.nl/) + * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License + */ +abstract class Sabre_DAV_Auth_Backend_AbstractDigest implements Sabre_DAV_Auth_IBackend { + + /** + * This variable holds the currently logged in username. + * + * @var array|null + */ + protected $currentUser; + + /** + * Returns a users digest hash based on the username and realm. + * + * If the user was not known, null must be returned. + * + * @param string $realm + * @param string $username + * @return string|null + */ + abstract public function getDigestHash($realm, $username); + + /** + * Authenticates the user based on the current request. + * + * If authentication is successful, true must be returned. + * If authentication fails, an exception must be thrown. + * + * @param Sabre_DAV_Server $server + * @param string $realm + * @throws Sabre_DAV_Exception_NotAuthenticated + * @return bool + */ + public function authenticate(Sabre_DAV_Server $server, $realm) { + + $digest = new Sabre_HTTP_DigestAuth(); + + // Hooking up request and response objects + $digest->setHTTPRequest($server->httpRequest); + $digest->setHTTPResponse($server->httpResponse); + + $digest->setRealm($realm); + $digest->init(); + + $username = $digest->getUsername(); + + // No username was given + if (!$username) { + $digest->requireLogin(); + throw new Sabre_DAV_Exception_NotAuthenticated('No digest authentication headers were found'); + } + + $hash = $this->getDigestHash($realm, $username); + // If this was false, the user account didn't exist + if ($hash===false || is_null($hash)) { + $digest->requireLogin(); + throw new Sabre_DAV_Exception_NotAuthenticated('The supplied username was not on file'); + } + if (!is_string($hash)) { + throw new Sabre_DAV_Exception('The returned value from getDigestHash must be a string or null'); + } + + // If this was false, the password or part of the hash was incorrect. + if (!$digest->validateA1($hash)) { + $digest->requireLogin(); + throw new Sabre_DAV_Exception_NotAuthenticated('Incorrect username'); + } + + $this->currentUser = $username; + return true; + + } + + /** + * Returns the currently logged in username. + * + * @return string|null + */ + public function getCurrentUser() { + + return $this->currentUser; + + } + +} diff --git a/3rdparty/Sabre/DAV/Auth/Backend/Apache.php b/3rdparty/Sabre/DAV/Auth/Backend/Apache.php new file mode 100755 index 00000000000..d4294ea4d86 --- /dev/null +++ b/3rdparty/Sabre/DAV/Auth/Backend/Apache.php @@ -0,0 +1,62 @@ +<?php + +/** + * Apache authenticator + * + * This authentication backend assumes that authentication has been + * configured in apache, rather than within SabreDAV. + * + * Make sure apache is properly configured for this to work. + * + * @package Sabre + * @subpackage DAV + * @copyright Copyright (C) 2007-2012 Rooftop Solutions. All rights reserved. + * @author Evert Pot (http://www.rooftopsolutions.nl/) + * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License + */ +class Sabre_DAV_Auth_Backend_Apache implements Sabre_DAV_Auth_IBackend { + + /** + * Current apache user + * + * @var string + */ + protected $remoteUser; + + /** + * Authenticates the user based on the current request. + * + * If authentication is successful, true must be returned. + * If authentication fails, an exception must be thrown. + * + * @param Sabre_DAV_Server $server + * @param string $realm + * @return bool + */ + public function authenticate(Sabre_DAV_Server $server, $realm) { + + $remoteUser = $server->httpRequest->getRawServerValue('REMOTE_USER'); + if (is_null($remoteUser)) { + throw new Sabre_DAV_Exception('We did not receive the $_SERVER[REMOTE_USER] property. This means that apache might have been misconfigured'); + } + + $this->remoteUser = $remoteUser; + return true; + + } + + /** + * Returns information about the currently logged in user. + * + * If nobody is currently logged in, this method should return null. + * + * @return array|null + */ + public function getCurrentUser() { + + return $this->remoteUser; + + } + +} + diff --git a/3rdparty/Sabre/DAV/Auth/Backend/File.php b/3rdparty/Sabre/DAV/Auth/Backend/File.php new file mode 100755 index 00000000000..de308d64a67 --- /dev/null +++ b/3rdparty/Sabre/DAV/Auth/Backend/File.php @@ -0,0 +1,75 @@ +<?php + +/** + * This is an authentication backend that uses a file to manage passwords. + * + * The backend file must conform to Apache's htdigest format + * + * @package Sabre + * @subpackage DAV + * @copyright Copyright (C) 2007-2012 Rooftop Solutions. All rights reserved. + * @author Evert Pot (http://www.rooftopsolutions.nl/) + * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License + */ +class Sabre_DAV_Auth_Backend_File extends Sabre_DAV_Auth_Backend_AbstractDigest { + + /** + * List of users + * + * @var array + */ + protected $users = array(); + + /** + * Creates the backend object. + * + * If the filename argument is passed in, it will parse out the specified file fist. + * + * @param string|null $filename + */ + public function __construct($filename=null) { + + if (!is_null($filename)) + $this->loadFile($filename); + + } + + /** + * Loads an htdigest-formatted file. This method can be called multiple times if + * more than 1 file is used. + * + * @param string $filename + * @return void + */ + public function loadFile($filename) { + + foreach(file($filename,FILE_IGNORE_NEW_LINES) as $line) { + + if (substr_count($line, ":") !== 2) + throw new Sabre_DAV_Exception('Malformed htdigest file. Every line should contain 2 colons'); + + list($username,$realm,$A1) = explode(':',$line); + + if (!preg_match('/^[a-zA-Z0-9]{32}$/', $A1)) + throw new Sabre_DAV_Exception('Malformed htdigest file. Invalid md5 hash'); + + $this->users[$realm . ':' . $username] = $A1; + + } + + } + + /** + * Returns a users' information + * + * @param string $realm + * @param string $username + * @return string + */ + public function getDigestHash($realm, $username) { + + return isset($this->users[$realm . ':' . $username])?$this->users[$realm . ':' . $username]:false; + + } + +} diff --git a/3rdparty/Sabre/DAV/Auth/Backend/PDO.php b/3rdparty/Sabre/DAV/Auth/Backend/PDO.php new file mode 100755 index 00000000000..eac18a23fbb --- /dev/null +++ b/3rdparty/Sabre/DAV/Auth/Backend/PDO.php @@ -0,0 +1,65 @@ +<?php + +/** + * This is an authentication backend that uses a file to manage passwords. + * + * The backend file must conform to Apache's htdigest format + * + * @package Sabre + * @subpackage DAV + * @copyright Copyright (C) 2007-2012 Rooftop Solutions. All rights reserved. + * @author Evert Pot (http://www.rooftopsolutions.nl/) + * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License + */ +class Sabre_DAV_Auth_Backend_PDO extends Sabre_DAV_Auth_Backend_AbstractDigest { + + /** + * Reference to PDO connection + * + * @var PDO + */ + protected $pdo; + + /** + * PDO table name we'll be using + * + * @var string + */ + protected $tableName; + + + /** + * Creates the backend object. + * + * If the filename argument is passed in, it will parse out the specified file fist. + * + * @param PDO $pdo + * @param string $tableName The PDO table name to use + */ + public function __construct(PDO $pdo, $tableName = 'users') { + + $this->pdo = $pdo; + $this->tableName = $tableName; + + } + + /** + * Returns the digest hash for a user. + * + * @param string $realm + * @param string $username + * @return string|null + */ + public function getDigestHash($realm,$username) { + + $stmt = $this->pdo->prepare('SELECT username, digesta1 FROM '.$this->tableName.' WHERE username = ?'); + $stmt->execute(array($username)); + $result = $stmt->fetchAll(); + + if (!count($result)) return; + + return $result[0]['digesta1']; + + } + +} diff --git a/3rdparty/Sabre/DAV/Auth/IBackend.php b/3rdparty/Sabre/DAV/Auth/IBackend.php new file mode 100755 index 00000000000..5be5d1bc93d --- /dev/null +++ b/3rdparty/Sabre/DAV/Auth/IBackend.php @@ -0,0 +1,36 @@ +<?php + +/** + * This is the base class for any authentication object. + * + * @package Sabre + * @subpackage DAV + * @copyright Copyright (C) 2007-2012 Rooftop Solutions. All rights reserved. + * @author Evert Pot (http://www.rooftopsolutions.nl/) + * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License + */ +interface Sabre_DAV_Auth_IBackend { + + /** + * Authenticates the user based on the current request. + * + * If authentication is successful, true must be returned. + * If authentication fails, an exception must be thrown. + * + * @param Sabre_DAV_Server $server + * @param string $realm + * @return bool + */ + function authenticate(Sabre_DAV_Server $server,$realm); + + /** + * Returns information about the currently logged in username. + * + * If nobody is currently logged in, this method should return null. + * + * @return string|null + */ + function getCurrentUser(); + +} + diff --git a/3rdparty/Sabre/DAV/Auth/Plugin.php b/3rdparty/Sabre/DAV/Auth/Plugin.php new file mode 100755 index 00000000000..55a4e391674 --- /dev/null +++ b/3rdparty/Sabre/DAV/Auth/Plugin.php @@ -0,0 +1,111 @@ +<?php + +/** + * This plugin provides Authentication for a WebDAV server. + * + * It relies on a Backend object, which provides user information. + * + * Additionally, it provides support for: + * * {DAV:}current-user-principal property from RFC5397 + * * {DAV:}principal-collection-set property from RFC3744 + * + * @package Sabre + * @subpackage DAV + * @copyright Copyright (C) 2007-2012 Rooftop Solutions. All rights reserved. + * @author Evert Pot (http://www.rooftopsolutions.nl/) + * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License + */ +class Sabre_DAV_Auth_Plugin extends Sabre_DAV_ServerPlugin { + + /** + * Reference to main server object + * + * @var Sabre_DAV_Server + */ + private $server; + + /** + * Authentication backend + * + * @var Sabre_DAV_Auth_IBackend + */ + private $authBackend; + + /** + * The authentication realm. + * + * @var string + */ + private $realm; + + /** + * __construct + * + * @param Sabre_DAV_Auth_IBackend $authBackend + * @param string $realm + */ + public function __construct(Sabre_DAV_Auth_IBackend $authBackend, $realm) { + + $this->authBackend = $authBackend; + $this->realm = $realm; + + } + + /** + * Initializes the plugin. This function is automatically called by the server + * + * @param Sabre_DAV_Server $server + * @return void + */ + public function initialize(Sabre_DAV_Server $server) { + + $this->server = $server; + $this->server->subscribeEvent('beforeMethod',array($this,'beforeMethod'),10); + + } + + /** + * Returns a plugin name. + * + * Using this name other plugins will be able to access other plugins + * using Sabre_DAV_Server::getPlugin + * + * @return string + */ + public function getPluginName() { + + return 'auth'; + + } + + /** + * Returns the current users' principal uri. + * + * If nobody is logged in, this will return null. + * + * @return string|null + */ + public function getCurrentUser() { + + $userInfo = $this->authBackend->getCurrentUser(); + if (!$userInfo) return null; + + return $userInfo; + + } + + /** + * This method is called before any HTTP method and forces users to be authenticated + * + * @param string $method + * @param string $uri + * @throws Sabre_DAV_Exception_NotAuthenticated + * @return bool + */ + public function beforeMethod($method, $uri) { + + $this->authBackend->authenticate($this->server,$this->realm); + + } + +} |