diff options
| author | Vincent Petry <pvince81@owncloud.com> | 2016-06-02 15:31:18 +0200 |
|---|---|---|
| committer | Vincent Petry <pvince81@owncloud.com> | 2016-06-02 15:31:18 +0200 |
| commit | 3ff2bec5faaeddf47e95b4e4b395be7c709649b1 (patch) | |
| tree | 9f326a1727f367e894af6c2431e1e2fc37298464 /apps/dav/lib | |
| parent | 1ab7ee5e231b85ffdb24c284e57cebdd030b8a3d (diff) | |
| parent | da03a85c3c60adbcdd4f85d041263d4d5cee5ca5 (diff) | |
| download | nextcloud-server-3ff2bec5faaeddf47e95b4e4b395be7c709649b1.tar.gz nextcloud-server-3ff2bec5faaeddf47e95b4e4b395be7c709649b1.zip | |
Merge pull request #24935 from owncloud/2fa-block-dav
block DAV if 2FA challenge needs to be solved first
Diffstat (limited to 'apps/dav/lib')
| -rw-r--r-- | apps/dav/lib/Connector/Sabre/Auth.php | 13 | ||||
| -rw-r--r-- | apps/dav/lib/Server.php | 4 |
2 files changed, 14 insertions, 3 deletions
diff --git a/apps/dav/lib/Connector/Sabre/Auth.php b/apps/dav/lib/Connector/Sabre/Auth.php index 8b9f86af1e7..7b959a0d899 100644 --- a/apps/dav/lib/Connector/Sabre/Auth.php +++ b/apps/dav/lib/Connector/Sabre/Auth.php @@ -31,9 +31,10 @@ namespace OCA\DAV\Connector\Sabre; use Exception; use OC\AppFramework\Http\Request; +use OC\Authentication\TwoFactorAuth\Manager; +use OC\User\Session; use OCP\IRequest; use OCP\ISession; -use OC\User\Session; use Sabre\DAV\Auth\Backend\AbstractBasic; use Sabre\DAV\Exception\NotAuthenticated; use Sabre\DAV\Exception\ServiceUnavailable; @@ -41,6 +42,8 @@ use Sabre\HTTP\RequestInterface; use Sabre\HTTP\ResponseInterface; class Auth extends AbstractBasic { + + const DAV_AUTHENTICATED = 'AUTHENTICATED_TO_DAV_BACKEND'; /** @var ISession */ @@ -51,19 +54,24 @@ class Auth extends AbstractBasic { private $request; /** @var string */ private $currentUser; + /** @var Manager */ + private $twoFactorManager; /** * @param ISession $session * @param Session $userSession * @param IRequest $request + * @param Manager $twoFactorManager * @param string $principalPrefix */ public function __construct(ISession $session, Session $userSession, IRequest $request, + Manager $twoFactorManager, $principalPrefix = 'principals/users/') { $this->session = $session; $this->userSession = $userSession; + $this->twoFactorManager = $twoFactorManager; $this->request = $request; $this->principalPrefix = $principalPrefix; } @@ -197,6 +205,9 @@ class Auth extends AbstractBasic { if($forcedLogout) { $this->userSession->logout(); } else { + if ($this->twoFactorManager->needsSecondFactor()) { + throw new \Sabre\DAV\Exception\NotAuthenticated('2FA challenge not passed.'); + } if (\OC_User::handleApacheAuth() || //Fix for broken webdav clients ($this->userSession->isLoggedIn() && is_null($this->session->get(self::DAV_AUTHENTICATED))) || diff --git a/apps/dav/lib/Server.php b/apps/dav/lib/Server.php index 2a9c36698b1..179558e97ae 100644 --- a/apps/dav/lib/Server.php +++ b/apps/dav/lib/Server.php @@ -25,7 +25,6 @@ namespace OCA\DAV; use OCA\DAV\CalDAV\Schedule\IMipPlugin; -use OCA\DAV\Connector\FedAuth; use OCA\DAV\Connector\Sabre\Auth; use OCA\DAV\Connector\Sabre\BlockLegacyClientPlugin; use OCA\DAV\Connector\Sabre\DavAclPlugin; @@ -57,7 +56,8 @@ class Server { $authBackend = new Auth( \OC::$server->getSession(), \OC::$server->getUserSession(), - \OC::$server->getRequest() + \OC::$server->getRequest(), + \OC::$server->getTwoFactorAuthManager() ); // Set URL explicitly due to reverse-proxy situations |