aboutsummaryrefslogtreecommitdiffstats
path: root/apps
diff options
context:
space:
mode:
authorRobin McCorkell <rmccorkell@owncloud.com>2015-08-12 22:05:17 +0100
committerRobin McCorkell <rmccorkell@owncloud.com>2015-08-19 14:20:09 +0100
commit3bb793b6a711c6dcba266982b8aea4c6d3fe4bc5 (patch)
tree4724f5dcf407a4a7c3f0205f0220ead9b7af2e31 /apps
parent5fd36d017ecdbce61dcf1c67ae04c8c0be81a4bf (diff)
downloadnextcloud-server-3bb793b6a711c6dcba266982b8aea4c6d3fe4bc5.tar.gz
nextcloud-server-3bb793b6a711c6dcba266982b8aea4c6d3fe4bc5.zip
Implement password authentication mechanisms
Introduces the basic password authentication mechanism, along with a mechanism based on ownCloud credentials stored in the user session. Change to lib/private is an extension of PermissionsMask, as isSharable() override was missing. Session credentials auth mechanism now disables sharing on applied storages, as credentials will not be available.
Diffstat (limited to 'apps')
-rw-r--r--apps/files_external/appinfo/application.php4
-rw-r--r--apps/files_external/lib/auth/password/password.php45
-rw-r--r--apps/files_external/lib/auth/password/sessioncredentials.php84
-rw-r--r--apps/files_external/lib/sessionstoragewrapper.php43
4 files changed, 176 insertions, 0 deletions
diff --git a/apps/files_external/appinfo/application.php b/apps/files_external/appinfo/application.php
index 38b9e9b7c36..d9c877a54d1 100644
--- a/apps/files_external/appinfo/application.php
+++ b/apps/files_external/appinfo/application.php
@@ -75,6 +75,10 @@ class Application extends App {
// AuthMechanism::SCHEME_BUILTIN mechanism
$container->query('OCA\Files_External\Lib\Auth\Builtin'),
+
+ // AuthMechanism::SCHEME_PASSWORD mechanisms
+ $container->query('OCA\Files_External\Lib\Auth\Password\Password'),
+ $container->query('OCA\Files_External\Lib\Auth\Password\SessionCredentials'),
]);
}
diff --git a/apps/files_external/lib/auth/password/password.php b/apps/files_external/lib/auth/password/password.php
new file mode 100644
index 00000000000..96ad4b496d4
--- /dev/null
+++ b/apps/files_external/lib/auth/password/password.php
@@ -0,0 +1,45 @@
+<?php
+/**
+ * @author Robin McCorkell <rmccorkell@owncloud.com>
+ *
+ * @copyright Copyright (c) 2015, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+namespace OCA\Files_External\Lib\Auth\Password;
+
+use \OCP\IL10N;
+use \OCA\Files_External\Lib\DefinitionParameter;
+use \OCA\Files_External\Lib\Auth\AuthMechanism;
+
+/**
+ * Basic password authentication mechanism
+ */
+class Password extends AuthMechanism {
+
+ public function __construct(IL10N $l) {
+ $this
+ ->setIdentifier('password::password')
+ ->setScheme(self::SCHEME_PASSWORD)
+ ->setText($l->t('Username and password'))
+ ->addParameters([
+ (new DefinitionParameter('user', $l->t('Username'))),
+ (new DefinitionParameter('password', $l->t('Password')))
+ ->setType(DefinitionParameter::VALUE_PASSWORD),
+ ]);
+ }
+
+}
diff --git a/apps/files_external/lib/auth/password/sessioncredentials.php b/apps/files_external/lib/auth/password/sessioncredentials.php
new file mode 100644
index 00000000000..37cfd97a176
--- /dev/null
+++ b/apps/files_external/lib/auth/password/sessioncredentials.php
@@ -0,0 +1,84 @@
+<?php
+/**
+ * @author Robin McCorkell <rmccorkell@owncloud.com>
+ *
+ * @copyright Copyright (c) 2015, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+namespace OCA\Files_External\Lib\Auth\Password;
+
+use \OCP\IL10N;
+use \OCA\Files_External\Lib\DefinitionParameter;
+use \OCA\Files_External\Lib\Auth\AuthMechanism;
+use \OCA\Files_External\Lib\StorageConfig;
+use \OCP\ISession;
+use \OCP\Security\ICrypto;
+use \OCP\Files\Storage;
+use \OCA\Files_External\Lib\SessionStorageWrapper;
+use \OCA\Files_External\Lib\InsufficientDataForMeaningfulAnswerException;
+
+/**
+ * Username and password from login credentials, saved in session
+ */
+class SessionCredentials extends AuthMechanism {
+
+ /** @var ISession */
+ protected $session;
+
+ /** @var ICrypto */
+ protected $crypto;
+
+ public function __construct(IL10N $l, ISession $session, ICrypto $crypto) {
+ $this->session = $session;
+ $this->crypto = $crypto;
+
+ $this
+ ->setIdentifier('password::sessioncredentials')
+ ->setScheme(self::SCHEME_PASSWORD)
+ ->setText($l->t('Session credentials'))
+ ->addParameters([
+ ])
+ ;
+
+ \OCP\Util::connectHook('OC_User', 'post_login', $this, 'authenticate');
+ }
+
+ /**
+ * Hook listener on post login
+ *
+ * @param array $params
+ */
+ public function authenticate(array $params) {
+ $this->session->set('password::sessioncredentials/credentials', $this->crypto->encrypt(json_encode($params)));
+ }
+
+ public function manipulateStorageConfig(StorageConfig &$storage) {
+ $encrypted = $this->session->get('password::sessioncredentials/credentials');
+ if (!isset($encrypted)) {
+ throw new InsufficientDataForMeaningfulAnswerException('No session credentials saved');
+ }
+
+ $credentials = json_decode($this->crypto->decrypt($encrypted), true);
+ $storage->setBackendOption('user', $this->session->get('loginname'));
+ $storage->setBackendOption('password', $credentials['password']);
+ }
+
+ public function wrapStorage(Storage $storage) {
+ return new SessionStorageWrapper(['storage' => $storage]);
+ }
+
+}
diff --git a/apps/files_external/lib/sessionstoragewrapper.php b/apps/files_external/lib/sessionstoragewrapper.php
new file mode 100644
index 00000000000..91be7eb1903
--- /dev/null
+++ b/apps/files_external/lib/sessionstoragewrapper.php
@@ -0,0 +1,43 @@
+<?php
+/**
+ * @author Robin McCorkell <rmccorkell@owncloud.com>
+ *
+ * @copyright Copyright (c) 2015, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+namespace OCA\Files_External\Lib;
+
+use \OCP\Files\Storage;
+use \OC\Files\Storage\Wrapper\PermissionsMask;
+use \OCP\Constants;
+
+/**
+ * Wrap Storage in PermissionsMask for session ephemeral use
+ */
+class SessionStorageWrapper extends PermissionsMask {
+
+ /**
+ * @param array $arguments ['storage' => $storage]
+ */
+ public function __construct(array $arguments) {
+ // disable sharing permission
+ $arguments['mask'] = Constants::PERMISSION_ALL & ~Constants::PERMISSION_SHARE;
+ parent::__construct($arguments);
+ }
+
+}
+