Merge remote-tracking branch 'upstream/master' into master-sync-upstream

8 files changed, 176 insertions, 86 deletions

diff --git a/apps/dav/appinfo/info.xml b/apps/dav/appinfo/info.xml
index 26e37e6bb86..df147a032fe 100644
--- a/apps/dav/appinfo/info.xml
+++ b/apps/dav/appinfo/info.xml
@@ -24,5 +24,8 @@
 		<post-migration>
 			<job>OCA\DAV\Migration\Classification</job>
 		</post-migration>
+		<live-migration>
+			<job>OCA\DAV\Migration\GenerateBirthdays</job>
+		</live-migration>
 	</repair-steps>
 </info>
diff --git a/apps/dav/appinfo/install.php b/apps/dav/appinfo/install.php
deleted file mode 100644
index d2ee06cc9fe..00000000000
--- a/apps/dav/appinfo/install.php
+++ /dev/null
@@ -1,26 +0,0 @@
-<?php
-/**
- * @author Joas Schilling <nickvergessen@owncloud.com>
- * @author Thomas Müller <thomas.mueller@tmit.eu>
- *
- * @copyright Copyright (c) 2016, ownCloud, Inc.
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program.  If not, see <http://www.gnu.org/licenses/>
- *
- */
-
-use OCA\DAV\AppInfo\Application;
-
-$app = new Application();
-$app->generateBirthdays();
diff --git a/apps/dav/appinfo/update.php b/apps/dav/appinfo/update.php
deleted file mode 100644
index d2ee06cc9fe..00000000000
--- a/apps/dav/appinfo/update.php
+++ /dev/null
@@ -1,26 +0,0 @@
-<?php
-/**
- * @author Joas Schilling <nickvergessen@owncloud.com>
- * @author Thomas Müller <thomas.mueller@tmit.eu>
- *
- * @copyright Copyright (c) 2016, ownCloud, Inc.
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program.  If not, see <http://www.gnu.org/licenses/>
- *
- */
-
-use OCA\DAV\AppInfo\Application;
-
-$app = new Application();
-$app->generateBirthdays();
diff --git a/apps/dav/lib/AppInfo/Application.php b/apps/dav/lib/AppInfo/Application.php
index 9e0d2da4e17..de2056ebc35 100644
--- a/apps/dav/lib/AppInfo/Application.php
+++ b/apps/dav/lib/AppInfo/Application.php
@@ -32,6 +32,7 @@ use OCA\DAV\Connector\Sabre\Principal;
 use OCA\DAV\DAV\GroupPrincipalBackend;
 use OCA\DAV\HookManager;
 use OCA\DAV\Migration\Classification;
+use OCA\DAV\Migration\GenerateBirthdays;
 use \OCP\AppFramework\App;
 use OCP\AppFramework\IAppContainer;
 use OCP\Contacts\IManager;
@@ -116,6 +117,16 @@ class Application extends App {
 				$c->getServer()->getUserManager()
 			);
 		});
+
+		$container->registerService('OCA\DAV\Migration\GenerateBirthdays', function ($c) {
+			/** @var IAppContainer $c */
+			/** @var BirthdayService $b */
+			$b = $c->query('BirthdayService');
+			return new GenerateBirthdays(
+				$b,
+				$c->getServer()->getUserManager()
+			);
+		});
 	}
 
 	/**
@@ -164,18 +175,4 @@ class Application extends App {
 		return $this->getContainer()->query('SyncService');
 	}
 
-	public function generateBirthdays() {
-		try {
-			/** @var BirthdayService $migration */
-			$migration = $this->getContainer()->query('BirthdayService');
-			$userManager = $this->getContainer()->getServer()->getUserManager();
-
-			$userManager->callForAllUsers(function($user) use($migration) {
-				/** @var IUser $user */
-				$migration->syncUser($user->getUID());
-			});
-		} catch (\Exception $ex) {
-			$this->getContainer()->getServer()->getLogger()->logException($ex);
-		}
-	}
 }
diff --git a/apps/dav/lib/Connector/Sabre/Auth.php b/apps/dav/lib/Connector/Sabre/Auth.php
index 653da10bc3c..82c2711b560 100644
--- a/apps/dav/lib/Connector/Sabre/Auth.php
+++ b/apps/dav/lib/Connector/Sabre/Auth.php
@@ -31,8 +31,10 @@ namespace OCA\DAV\Connector\Sabre;
 
 use Exception;
 use OC\AppFramework\Http\Request;
+use OC\Authentication\Exceptions\PasswordLoginForbiddenException;
 use OC\Authentication\TwoFactorAuth\Manager;
 use OC\User\Session;
+use OCA\DAV\Connector\Sabre\Exception\PasswordLoginForbidden;
 use OCP\IRequest;
 use OCP\ISession;
 use Sabre\DAV\Auth\Backend\AbstractBasic;
@@ -115,15 +117,19 @@ class Auth extends AbstractBasic {
 			return true;
 		} else {
 			\OC_Util::setupFS(); //login hooks may need early access to the filesystem
-			if($this->userSession->logClientIn($username, $password)) {
-				$this->userSession->createSessionToken($this->request, $this->userSession->getUser()->getUID(), $username, $password);
-				\OC_Util::setupFS($this->userSession->getUser()->getUID());
-				$this->session->set(self::DAV_AUTHENTICATED, $this->userSession->getUser()->getUID());
+			try {
+				if ($this->userSession->logClientIn($username, $password, $this->request)) {
+					\OC_Util::setupFS($this->userSession->getUser()->getUID());
+					$this->session->set(self::DAV_AUTHENTICATED, $this->userSession->getUser()->getUID());
+					$this->session->close();
+					return true;
+				} else {
+					$this->session->close();
+					return false;
+				}
+			} catch (PasswordLoginForbiddenException $ex) {
 				$this->session->close();
-				return true;
-			} else {
-				$this->session->close();
-				return false;
+				throw new PasswordLoginForbidden();
 			}
 		}
 	}
diff --git a/apps/dav/lib/Connector/Sabre/Exception/PasswordLoginForbidden.php b/apps/dav/lib/Connector/Sabre/Exception/PasswordLoginForbidden.php
new file mode 100644
index 00000000000..6537da3d56d
--- /dev/null
+++ b/apps/dav/lib/Connector/Sabre/Exception/PasswordLoginForbidden.php
@@ -0,0 +1,54 @@
+<?php
+
+/**
+ * @author Christoph Wurst <christoph@owncloud.com>
+ *
+ * @copyright Copyright (c) 2016, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+namespace OCA\DAV\Connector\Sabre\Exception;
+
+use DOMElement;
+use Sabre\DAV\Server;
+use Sabre\DAV\Exception\NotAuthenticated;
+
+class PasswordLoginForbidden extends NotAuthenticated {
+
+	const NS_OWNCLOUD = 'http://owncloud.org/ns';
+
+	public function getHTTPCode() {
+		return 401;
+	}
+
+	/**
+	 * This method allows the exception to include additional information
+	 * into the WebDAV error response
+	 *
+	 * @param Server $server
+	 * @param DOMElement $errorNode
+	 * @return void
+	 */
+	public function serialize(Server $server, DOMElement $errorNode) {
+
+		// set ownCloud namespace
+		$errorNode->setAttribute('xmlns:o', self::NS_OWNCLOUD);
+
+		$error = $errorNode->ownerDocument->createElementNS('o:', 'o:hint', 'password login forbidden');
+		$errorNode->appendChild($error);
+	}
+
+}
diff --git a/apps/dav/lib/Migration/GenerateBirthdays.php b/apps/dav/lib/Migration/GenerateBirthdays.php
new file mode 100644
index 00000000000..dfc8838bcbb
--- /dev/null
+++ b/apps/dav/lib/Migration/GenerateBirthdays.php
@@ -0,0 +1,70 @@
+<?php
+/**
+ * @author Thomas Müller <thomas.mueller@tmit.eu>
+ *
+ * @copyright Copyright (c) 2016, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+
+namespace OCA\DAV\Migration;
+
+use OCA\DAV\CalDAV\BirthdayService;
+use OCP\IUser;
+use OCP\IUserManager;
+use OCP\Migration\IOutput;
+use OCP\Migration\IRepairStep;
+
+class GenerateBirthdays implements IRepairStep {
+
+	/** @var BirthdayService */
+	private $birthdayService;
+
+	/** @var IUserManager */
+	private $userManager;
+
+	/**
+	 * GenerateBirthdays constructor.
+	 *
+	 * @param BirthdayService $birthdayService
+	 * @param IUserManager $userManager
+	 */
+	public function __construct(BirthdayService $birthdayService, IUserManager $userManager) {
+		$this->birthdayService = $birthdayService;
+		$this->userManager = $userManager;
+	}
+
+	/**
+	 * @inheritdoc
+	 */
+	public function getName() {
+		return 'Regenerate birthday calendar for all users';
+	}
+
+	/**
+	 * @inheritdoc
+	 */
+	public function run(IOutput $output) {
+
+		$output->startProgress();
+		$this->userManager->callForAllUsers(function($user) use ($output) {
+			/** @var IUser $user */
+			$output->advance(1, $user->getDisplayName());
+			$this->birthdayService->syncUser($user->getUID());
+		});
+		$output->finishProgress();
+	}
+}
diff --git a/apps/dav/tests/unit/Connector/Sabre/AuthTest.php b/apps/dav/tests/unit/Connector/Sabre/AuthTest.php
index b3ab49a027e..9564298f23a 100644
--- a/apps/dav/tests/unit/Connector/Sabre/AuthTest.php
+++ b/apps/dav/tests/unit/Connector/Sabre/AuthTest.php
@@ -159,7 +159,7 @@ class AuthTest extends TestCase {
 		$user = $this->getMockBuilder('\OCP\IUser')
 			->disableOriginalConstructor()
 			->getMock();
-		$user->expects($this->exactly(4))
+		$user->expects($this->exactly(3))
 			->method('getUID')
 			->will($this->returnValue('MyTestUser'));
 		$this->userSession
@@ -167,7 +167,7 @@ class AuthTest extends TestCase {
 			->method('isLoggedIn')
 			->will($this->returnValue(true));
 		$this->userSession
-			->expects($this->exactly(4))
+			->expects($this->exactly(3))
 			->method('getUser')
 			->will($this->returnValue($user));
 		$this->session
@@ -178,12 +178,8 @@ class AuthTest extends TestCase {
 		$this->userSession
 			->expects($this->once())
 			->method('logClientIn')
-			->with('MyTestUser', 'MyTestPassword')
+			->with('MyTestUser', 'MyTestPassword', $this->request)
 			->will($this->returnValue(true));
-		$this->userSession
-			->expects($this->once())
-			->method('createSessionToken')
-			->with($this->request, 'MyTestUser', 'MyTestUser', 'MyTestPassword');
 		$this->session
 			->expects($this->once())
 			->method('set')
@@ -212,6 +208,25 @@ class AuthTest extends TestCase {
 		$this->assertFalse($this->invokePrivate($this->auth, 'validateUserPass', ['MyTestUser', 'MyTestPassword']));
 	}
 
+	/**
+	 * @expectedException \OCA\DAV\Connector\Sabre\Exception\PasswordLoginForbidden
+	 */
+	public function testValidateUserPassWithPasswordLoginForbidden() {
+		$this->userSession
+			->expects($this->once())
+			->method('isLoggedIn')
+			->will($this->returnValue(false));
+		$this->userSession
+			->expects($this->once())
+			->method('logClientIn')
+			->with('MyTestUser', 'MyTestPassword')
+			->will($this->throwException(new \OC\Authentication\Exceptions\PasswordLoginForbiddenException()));
+		$this->session
+			->expects($this->once())
+			->method('close');
+
+		$this->invokePrivate($this->auth, 'validateUserPass', ['MyTestUser', 'MyTestPassword']);
+	}
 
 	public function testAuthenticateAlreadyLoggedInWithoutCsrfTokenForNonGet() {
 		$request = $this->getMockBuilder('Sabre\HTTP\RequestInterface')
@@ -626,17 +641,14 @@ class AuthTest extends TestCase {
 			->method('logClientIn')
 			->with('username', 'password')
 			->will($this->returnValue(true));
-		$this->userSession
-			->expects($this->once())
-			->method('createSessionToken');
 		$user = $this->getMockBuilder('\OCP\IUser')
 			->disableOriginalConstructor()
 			->getMock();
-		$user->expects($this->exactly(4))
+		$user->expects($this->exactly(3))
 			->method('getUID')
 			->will($this->returnValue('MyTestUser'));
 		$this->userSession
-			->expects($this->exactly(4))
+			->expects($this->exactly(3))
 			->method('getUser')
 			->will($this->returnValue($user));
 		$response = $this->auth->check($server->httpRequest, $server->httpResponse);