diff options
| author | Michiel de Jong <michiel@unhosted.org> | 2012-05-11 11:05:44 +0200 |
|---|---|---|
| committer | Michiel de Jong <michiel@unhosted.org> | 2012-05-11 11:05:44 +0200 |
| commit | 61d535984df81d5531350cd7895769793722d69e (patch) | |
| tree | a66d213e59d302451dc06514f656b521ebef2bf1 /apps | |
| parent | 2e309aae9786f1dffd1e7aeed969833c2db7f00b (diff) | |
| download | nextcloud-server-61d535984df81d5531350cd7895769793722d69e.tar.gz nextcloud-server-61d535984df81d5531350cd7895769793722d69e.zip | |
clean up auth dialog
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/remoteStorage/appinfo/webfinger.php | 2 | ||||
| -rwxr-xr-x | apps/remoteStorage/auth.php | 78 |
2 files changed, 28 insertions, 52 deletions
diff --git a/apps/remoteStorage/appinfo/webfinger.php b/apps/remoteStorage/appinfo/webfinger.php index 9173ed54c9e..1cb2d45ee7a 100644 --- a/apps/remoteStorage/appinfo/webfinger.php +++ b/apps/remoteStorage/appinfo/webfinger.php @@ -3,6 +3,6 @@ rel="remoteStorage" template="<?php echo WF_BASEURL; ?>/apps/remoteStorage/WebDAV.php/<?php echo WF_USER; ?>/remoteStorage/{category}/" api="WebDAV" - auth="<?php echo WF_BASEURL; ?>/?app=remoteStorage&getfile=auth.php/<?php echo WF_USER; ?>"> + auth="<?php echo WF_BASEURL; ?>/?app=remoteStorage&getfile=auth.php&userid=<?php echo WF_USER; ?>"> </Link> <?php } ?> diff --git a/apps/remoteStorage/auth.php b/apps/remoteStorage/auth.php index 502bfc0b33b..2fd5011d9f4 100755 --- a/apps/remoteStorage/auth.php +++ b/apps/remoteStorage/auth.php @@ -29,19 +29,8 @@ // Do not load FS ... $RUNTIME_NOSETUPFS = true; -require_once('../../lib/base.php'); - -require_once('../../lib/user.php'); -require_once('../../lib/public/user.php'); - -require_once('../../lib/app.php'); -require_once('../../lib/public/app.php'); - -require_once('../../3rdparty/Sabre/DAV/Auth/IBackend.php'); -require_once('../../3rdparty/Sabre/DAV/Auth/Backend/AbstractBasic.php'); -require_once('../../lib/connector/sabre/auth.php'); - OCP\App::checkAppEnabled('remoteStorage'); +require_once('Sabre/autoload.php'); require_once('lib_remoteStorage.php'); require_once('oauth_ro_auth.php'); @@ -49,32 +38,27 @@ ini_set('default_charset', 'UTF-8'); #ini_set('error_reporting', ''); @ob_clean(); -$path = substr($_SERVER["REQUEST_URI"], strlen($_SERVER["SCRIPT_NAME"])); -$pathParts = explode('/', $path); - -if(count($pathParts) == 2 && $pathParts[0] == '') { - //TODO: input checking. these explodes may fail to produces the desired arrays: - $subPathParts = explode('?', $pathParts[1]); - $ownCloudUser = $subPathParts[0]; - foreach($_GET as $k => $v) { - if($k=='user_address'){ - $userAddress=$v; - } else if($k=='redirect_uri'){ - $appUrlParts=explode('/', $v); - $appUrl = $appUrlParts[2];//bit dodgy i guess - } else if($k=='scope'){ - $categories=$v; - } - } - $currUser = OCP\USER::getUser(); - if($currUser == $ownCloudUser) { - if(isset($_POST['allow'])) { - //TODO: check if this can be faked by editing the cookie in firebug! - $token=OC_remoteStorage::createCategories($appUrl, $categories); - header('Location: '.$_GET['redirect_uri'].'#access_token='.$token.'&token_type=bearer'); - } else if($existingToken = OC_remoteStorage::getTokenFor($appUrl, $categories)) { - header('Location: '.$_GET['redirect_uri'].'#access_token='.$existingToken.'&token_type=bearer'); - } else { +foreach($_GET as $k => $v) { + if($k=='userid'){ + $userId=$v; + } else if($k=='redirect_uri'){ + $appUrlParts=explode('/', $v); + $appUrl = $appUrlParts[2];//bit dodgy i guess + } else if($k=='scope'){ + $categories=$v; + } +} +$currUser = OCP\USER::getUser(); +if($userId && $appUrl && $categories) { + if($currUser == $userId) { + if(isset($_POST['allow'])) { + //TODO: check if this can be faked by editing the cookie in firebug! + $token=OC_remoteStorage::createCategories($appUrl, $categories); + header('Location: '.$_GET['redirect_uri'].'#access_token='.$token.'&token_type=bearer'); + } else if($existingToken = OC_remoteStorage::getTokenFor($appUrl, $categories)) { + header('Location: '.$_GET['redirect_uri'].'#access_token='.$existingToken.'&token_type=bearer'); + } else { + //params ok, logged in ok, but need to click Allow still: ?> <!DOCTYPE html> <html> @@ -125,22 +109,14 @@ if(count($pathParts) == 2 && $pathParts[0] == '') { </body> </html> <?php - } - } else { - if((isset($_SERVER['HTTPS'])) && ($_SERVER['HTTPS'])) { - $url = "https://"; - } else { - $url = "http://"; - } - $url .= $_SERVER['SERVER_NAME']; - $url .= substr($_SERVER['SCRIPT_NAME'], 0, -strlen('apps/remoteStorage/compat.php')); + }//end 'need to click Allow still' + } else {//login not ok if($currUser) { - die('You are logged in as '.$currUser.' instead of '.$ownCloudUser); + die('You are logged in as '.$currUser.' instead of '.$userId); } else { header('Location: /?redirect_url='.urlencode('/apps/remoteStorage/auth.php'.$_SERVER['PATH_INFO'].'?'.$_SERVER['QUERY_STRING'])); } } -} else { - //die('please use auth.php/username?params. '.var_export($pathParts, true)); - die('please use auth.php/username?params.'); +} else {//params not ok + die('please use e.g. /?app=remoteStorage&getfile=auth.php&userid=admin'); } |