Authentication mechanisms for external storage backends

A backend can now specify generic authentication schemes that it supports, instead of specifying the parameters for its authentication method directly. This allows multiple authentication mechanisms to be implemented for a single scheme, providing altered functionality. This commit introduces the backend framework for this feature, and so at this point the UI will be broken as the frontend does not specify the required information. Terminology: - authentication scheme Parameter interface for the authentication method. A backend supporting the 'password' scheme accepts two parameters, 'user' and 'password'. - authentication mechanism Specific mechanism implementing a scheme. Basic mechanisms may forward configuration options directly to the backend, more advanced ones may lookup parameters or retrieve them from the session New dropdown selector for external storage configurations to select the authentication mechanism to be used. Authentication mechanisms can have visibilities, just like backends. The API was extended too to make it easier to add/remove visibilities. In addition, the concept of 'allowed visibility' has been introduced, so a backend/auth mechanism can force a maximum visibility level (e.g. Local storage type) that cannot be overridden by configuration in the web UI. An authentication mechanism is a fully instantiated implementation. This allows an implementation to have dependencies injected into it, e.g. an \OCP\IDB for database operations. When a StorageConfig is being prepared for mounting, the authentication mechanism implementation has manipulateStorage() called, which inserts the relevant authentication method options into the storage ready for mounting.
author: Robin McCorkell <rmccorkell@owncloud.com> 2015-08-12 10:54:03 +0100
committer: Robin McCorkell <rmccorkell@owncloud.com> 2015-08-19 10:05:11 +0100
commit: 272a46ebe1a5e195a078dde74f5f2ad941923d9e (patch)
tree: 58ea576ad6362e465526c65e7a7cae14e5df7013 /apps/files_external/controller
parent: a6a69ef1dfe1545e1362953803219ed6f28f71a5 (diff)
download: nextcloud-server-272a46ebe1a5e195a078dde74f5f2ad941923d9e.tar.gz
nextcloud-server-272a46ebe1a5e195a078dde74f5f2ad941923d9e.zip
3 files changed, 31 insertions, 1 deletions
diff --git a/apps/files_external/controller/globalstoragescontroller.php b/apps/files_external/controller/globalstoragescontroller.php
index 11f7fd6afa5..2c7b6af4192 100644
--- a/apps/files_external/controller/globalstoragescontroller.php
+++ b/apps/files_external/controller/globalstoragescontroller.php
@@ -64,6 +64,7 @@ class GlobalStoragesController extends StoragesController {
 	 *
 	 * @param string $mountPoint storage mount point
 	 * @param string $backendClass backend class name
+	 * @param string $authMechanismClass authentication mechanism class
 	 * @param array $backendOptions backend-specific options
 	 * @param array $mountOptions mount-specific options
 	 * @param array $applicableUsers users for which to mount the storage
@@ -75,6 +76,7 @@ class GlobalStoragesController extends StoragesController {
 	public function create(
 		$mountPoint,
 		$backendClass,
+		$authMechanismClass,
 		$backendOptions,
 		$mountOptions,
 		$applicableUsers,
@@ -84,6 +86,7 @@ class GlobalStoragesController extends StoragesController {
 		$newStorage = $this->createStorage(
 			$mountPoint,
 			$backendClass,
+			$authMechanismClass,
 			$backendOptions,
 			$mountOptions,
 			$applicableUsers,
@@ -115,6 +118,7 @@ class GlobalStoragesController extends StoragesController {
 	 * @param int $id storage id
 	 * @param string $mountPoint storage mount point
 	 * @param string $backendClass backend class name
+	 * @param string $authMechanismClass authentication mechansim class
 	 * @param array $backendOptions backend-specific options
 	 * @param array $mountOptions mount-specific options
 	 * @param array $applicableUsers users for which to mount the storage
@@ -127,6 +131,7 @@ class GlobalStoragesController extends StoragesController {
 		$id,
 		$mountPoint,
 		$backendClass,
+		$authMechanismClass,
 		$backendOptions,
 		$mountOptions,
 		$applicableUsers,
@@ -136,6 +141,7 @@ class GlobalStoragesController extends StoragesController {
 		$storage = $this->createStorage(
 			$mountPoint,
 			$backendClass,
+			$authMechanismClass,
 			$backendOptions,
 			$mountOptions,
 			$applicableUsers,
diff --git a/apps/files_external/controller/storagescontroller.php b/apps/files_external/controller/storagescontroller.php
index c653b51bf89..5f3779dc8b9 100644
--- a/apps/files_external/controller/storagescontroller.php
+++ b/apps/files_external/controller/storagescontroller.php
@@ -33,6 +33,7 @@ use \OCA\Files_external\Service\StoragesService;
 use \OCA\Files_external\NotFoundException;
 use \OCA\Files_external\Lib\StorageConfig;
 use \OCA\Files_External\Lib\Backend\Backend;
+use \OCA\Files_External\Lib\Auth\AuthMechanism;
 
 /**
  * Base class for storages controllers
@@ -77,6 +78,7 @@ abstract class StoragesController extends Controller {
 	 *
 	 * @param string $mountPoint storage mount point
 	 * @param string $backendClass backend class name
+	 * @param string $authMechanismClass authentication mechanism class name
 	 * @param array $backendOptions backend-specific options
 	 * @param array|null $mountOptions mount-specific options
 	 * @param array|null $applicableUsers users for which to mount the storage
@@ -88,6 +90,7 @@ abstract class StoragesController extends Controller {
 	protected function createStorage(
 		$mountPoint,
 		$backendClass,
+		$authMechanismClass,
 		$backendOptions,
 		$mountOptions = null,
 		$applicableUsers = null,
@@ -98,6 +101,7 @@ abstract class StoragesController extends Controller {
 			return $this->service->createStorage(
 				$mountPoint,
 				$backendClass,
+				$authMechanismClass,
 				$backendOptions,
 				$mountOptions,
 				$applicableUsers,
@@ -107,7 +111,7 @@ abstract class StoragesController extends Controller {
 		} catch (\InvalidArgumentException $e) {
 			return new DataResponse(
 				[
-					'message' => (string)$this->l10n->t('Invalid backend class "%s"', [$backendClass])
+					'message' => (string)$this->l10n->t('Invalid backend or authentication mechanism class')
 				],
 				Http::STATUS_UNPROCESSABLE_ENTITY
 			);
@@ -134,6 +138,8 @@ abstract class StoragesController extends Controller {
 
 		/** @var Backend */
 		$backend = $storage->getBackend();
+		/** @var AuthMechanism */
+		$authMechanism = $storage->getAuthMechanism();
 		if (!$backend || $backend->checkDependencies()) {
 			// invalid backend
 			return new DataResponse(
@@ -154,6 +160,15 @@ abstract class StoragesController extends Controller {
 				Http::STATUS_UNPROCESSABLE_ENTITY
 			);
 		}
+		if (!$authMechanism->validateStorage($storage)) {
+			// unsatisfied parameters
+			return new DataResponse(
+				[
+					'message' => (string)$this->l10n->t('Unsatisfied authentication mechanism parameters')
+				],
+				Http::STATUS_UNPROCESSABLE_ENTITY
+			);
+		}
 
 		return null;
 	}
@@ -167,6 +182,9 @@ abstract class StoragesController extends Controller {
 	 * @param StorageConfig $storage storage configuration
 	 */
 	protected function updateStorageStatus(StorageConfig &$storage) {
+		/** @var AuthMechanism */
+		$authMechanism = $storage->getAuthMechanism();
+		$authMechanism->manipulateStorageConfig($storage);
 		/** @var Backend */
 		$backend = $storage->getBackend();
 		$backend->manipulateStorageConfig($storage);
diff --git a/apps/files_external/controller/userstoragescontroller.php b/apps/files_external/controller/userstoragescontroller.php
index 5a5bff7ba70..e72b51ff653 100644
--- a/apps/files_external/controller/userstoragescontroller.php
+++ b/apps/files_external/controller/userstoragescontroller.php
@@ -109,6 +109,7 @@ class UserStoragesController extends StoragesController {
 	 *
 	 * @param string $mountPoint storage mount point
 	 * @param string $backendClass backend class name
+	 * @param string $authMechanismClass authentication mechanism class
 	 * @param array $backendOptions backend-specific options
 	 * @param array $mountOptions backend-specific mount options
 	 *
@@ -119,12 +120,14 @@ class UserStoragesController extends StoragesController {
 	public function create(
 		$mountPoint,
 		$backendClass,
+		$authMechanismClass,
 		$backendOptions,
 		$mountOptions
 	) {
 		$newStorage = $this->createStorage(
 			$mountPoint,
 			$backendClass,
+			$authMechanismClass,
 			$backendOptions,
 			$mountOptions
 		);
@@ -152,6 +155,7 @@ class UserStoragesController extends StoragesController {
 	 * @param int $id storage id
 	 * @param string $mountPoint storage mount point
 	 * @param string $backendClass backend class name
+	 * @param string $authMechanismClass authentication mechanism class
 	 * @param array $backendOptions backend-specific options
 	 * @param array $mountOptions backend-specific mount options
 	 *
@@ -163,12 +167,14 @@ class UserStoragesController extends StoragesController {
 		$id,
 		$mountPoint,
 		$backendClass,
+		$authMechanismClass,
 		$backendOptions,
 		$mountOptions
 	) {
 		$storage = $this->createStorage(
 			$mountPoint,
 			$backendClass,
+			$authMechanismClass,
 			$backendOptions,
 			$mountOptions
 		);
author	Robin McCorkell <rmccorkell@owncloud.com>	2015-08-12 10:54:03 +0100
committer	Robin McCorkell <rmccorkell@owncloud.com>	2015-08-19 10:05:11 +0100
commit	272a46ebe1a5e195a078dde74f5f2ad941923d9e (patch)
tree	58ea576ad6362e465526c65e7a7cae14e5df7013 /apps/files_external/controller
parent	a6a69ef1dfe1545e1362953803219ed6f28f71a5 (diff)
download	nextcloud-server-272a46ebe1a5e195a078dde74f5f2ad941923d9e.tar.gz nextcloud-server-272a46ebe1a5e195a078dde74f5f2ad941923d9e.zip