diff options
| author | Christoph Wurst <christoph@owncloud.com> | 2016-06-01 10:42:38 +0200 |
|---|---|---|
| committer | Christoph Wurst <christoph@owncloud.com> | 2016-06-01 10:42:38 +0200 |
| commit | da03a85c3c60adbcdd4f85d041263d4d5cee5ca5 (patch) | |
| tree | a7736fae6ce4a3346795d89cc3a090731b6f8bbe /apps/dav/lib/Connector/Sabre/Auth.php | |
| parent | 0f2017c7da6332f66f05e93dd34ea1bf1c134148 (diff) | |
| download | nextcloud-server-da03a85c3c60adbcdd4f85d041263d4d5cee5ca5.tar.gz nextcloud-server-da03a85c3c60adbcdd4f85d041263d4d5cee5ca5.zip | |
block DAV if 2FA challenge needs to be solved first
Diffstat (limited to 'apps/dav/lib/Connector/Sabre/Auth.php')
| -rw-r--r-- | apps/dav/lib/Connector/Sabre/Auth.php | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/apps/dav/lib/Connector/Sabre/Auth.php b/apps/dav/lib/Connector/Sabre/Auth.php index 8b9f86af1e7..7b959a0d899 100644 --- a/apps/dav/lib/Connector/Sabre/Auth.php +++ b/apps/dav/lib/Connector/Sabre/Auth.php @@ -31,9 +31,10 @@ namespace OCA\DAV\Connector\Sabre; use Exception; use OC\AppFramework\Http\Request; +use OC\Authentication\TwoFactorAuth\Manager; +use OC\User\Session; use OCP\IRequest; use OCP\ISession; -use OC\User\Session; use Sabre\DAV\Auth\Backend\AbstractBasic; use Sabre\DAV\Exception\NotAuthenticated; use Sabre\DAV\Exception\ServiceUnavailable; @@ -41,6 +42,8 @@ use Sabre\HTTP\RequestInterface; use Sabre\HTTP\ResponseInterface; class Auth extends AbstractBasic { + + const DAV_AUTHENTICATED = 'AUTHENTICATED_TO_DAV_BACKEND'; /** @var ISession */ @@ -51,19 +54,24 @@ class Auth extends AbstractBasic { private $request; /** @var string */ private $currentUser; + /** @var Manager */ + private $twoFactorManager; /** * @param ISession $session * @param Session $userSession * @param IRequest $request + * @param Manager $twoFactorManager * @param string $principalPrefix */ public function __construct(ISession $session, Session $userSession, IRequest $request, + Manager $twoFactorManager, $principalPrefix = 'principals/users/') { $this->session = $session; $this->userSession = $userSession; + $this->twoFactorManager = $twoFactorManager; $this->request = $request; $this->principalPrefix = $principalPrefix; } @@ -197,6 +205,9 @@ class Auth extends AbstractBasic { if($forcedLogout) { $this->userSession->logout(); } else { + if ($this->twoFactorManager->needsSecondFactor()) { + throw new \Sabre\DAV\Exception\NotAuthenticated('2FA challenge not passed.'); + } if (\OC_User::handleApacheAuth() || //Fix for broken webdav clients ($this->userSession->isLoggedIn() && is_null($this->session->get(self::DAV_AUTHENTICATED))) || |