Merge pull request #24189 from owncloud/pluggable-auth

Pluggable auth

3 files changed, 20 insertions, 82 deletions

diff --git a/lib/private/legacy/api.php b/lib/private/legacy/api.php
index 702b9df1927..60300c88b57 100644
--- a/lib/private/legacy/api.php
+++ b/lib/private/legacy/api.php
@@ -337,7 +337,7 @@ class OC_API {
 		}
 
 		// reuse existing login
-		$loggedIn = OC_User::isLoggedIn();
+		$loggedIn = \OC::$server->getUserSession()->isLoggedIn();
 		if ($loggedIn === true) {
 			$ocsApiRequest = isset($_SERVER['HTTP_OCS_APIREQUEST']) ? $_SERVER['HTTP_OCS_APIREQUEST'] === 'true' : false;
 			if ($ocsApiRequest) {
@@ -353,35 +353,25 @@ class OC_API {
 
 		// basic auth - because OC_User::login will create a new session we shall only try to login
 		// if user and pass are set
-		if(isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW']) ) {
-			$authUser = $_SERVER['PHP_AUTH_USER'];
-			$authPw = $_SERVER['PHP_AUTH_PW'];
-			try {
-				$return = OC_User::login($authUser, $authPw);
-			} catch (\OC\User\LoginException $e) {
-				return false;
+		$userSession = \OC::$server->getUserSession();
+		$request = \OC::$server->getRequest();
+		try {
+			$loginSuccess = $userSession->tryTokenLogin($request);
+			if (!$loginSuccess) {
+				$loginSuccess = $userSession->tryBasicAuthLogin($request);
 			}
-			if ($return === true) {
-				self::$logoutRequired = true;
-
-				// initialize the user's filesystem
-				\OC_Util::setUpFS(\OC_User::getUser());
-				self::$isLoggedIn = true;
+		} catch (\OC\User\LoginException $e) {
+			return false;
+		}
+	
+		if ($loginSuccess === true) {
+			self::$logoutRequired = true;
 
-				/**
-				 * Add DAV authenticated. This should in an ideal world not be
-				 * necessary but the iOS App reads cookies from anywhere instead
-				 * only the DAV endpoint.
-				 * This makes sure that the cookies will be valid for the whole scope
-				 * @see https://github.com/owncloud/core/issues/22893
-				 */
-				\OC::$server->getSession()->set(
-					\OCA\DAV\Connector\Sabre\Auth::DAV_AUTHENTICATED,
-					\OC::$server->getUserSession()->getUser()->getUID()
-				);
+			// initialize the user's filesystem
+			\OC_Util::setUpFS(\OC_User::getUser());
+			self::$isLoggedIn = true;
 
-				return \OC_User::getUser();
-			}
+			return \OC_User::getUser();
 		}
 
 		return false;
diff --git a/lib/private/legacy/user.php b/lib/private/legacy/user.php
index 7855b5e7059..499e916994a 100644
--- a/lib/private/legacy/user.php
+++ b/lib/private/legacy/user.php
@@ -6,6 +6,7 @@
  * @author Bart Visscher <bartv@thisnet.nl>
  * @author Bartek Przybylski <bart.p.pl@gmail.com>
  * @author Björn Schießle <schiessle@owncloud.com>
+ * @author Christoph Wurst <christoph@owncloud.com>
  * @author Florian Preinstorfer <nblock@archlinux.us>
  * @author Georg Ehrke <georg@owncloud.com>
  * @author Jakob Sack <mail@jakobsack.de>
@@ -67,7 +68,7 @@ class OC_User {
 
 	private static $_setupedBackends = array();
 
-	// bool, stores if a user want to access a resource anonymously, e.g if he opens a public link
+	// bool, stores if a user want to access a resource anonymously, e.g if they open a public link
 	private static $incognitoMode = false;
 
 	/**
@@ -148,37 +149,7 @@ class OC_User {
 	}
 
 	/**
-	 * Try to login a user
-	 *
-	 * @param string $loginName The login name of the user to log in
-	 * @param string $password The password of the user
-	 * @return boolean|null
-	 *
-	 * Log in a user and regenerate a new session - if the password is ok
-	 */
-	public static function login($loginName, $password) {
 
-		$result = self::getUserSession()->login($loginName, $password);
-		if (!$result) {
-			$users = \OC::$server->getUserManager()->getByEmail($loginName);
-			// we only allow login by email if unique
-			if (count($users) === 1) {
-				$result = self::getUserSession()->login($users[0]->getUID(), $password);
-			}
-		}
-		if ($result) {
-			// Refresh the token
-			\OC::$server->getCsrfTokenManager()->refreshToken();
-			//we need to pass the user name, which may differ from login name
-			$user = self::getUserSession()->getUser()->getUID();
-			OC_Util::setupFS($user);
-			//trigger creation of user home and /files folder
-			\OC::$server->getUserFolder($user);
-		}
-		return $result;
-	}
-
-	/**
 	 * Try to login a user using the magic cookie (remember login)
 	 *
 	 * @deprecated use \OCP\IUserSession::loginWithCookie()
@@ -284,28 +255,6 @@ class OC_User {
 	}
 
 	/**
-	 * Tries to login the user with HTTP Basic Authentication
-	 */
-	public static function tryBasicAuthLogin() {
-		if (!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW'])) {
-			$result = \OC_User::login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
-			if($result === true) {
-				/**
-				 * Add DAV authenticated. This should in an ideal world not be
-				 * necessary but the iOS App reads cookies from anywhere instead
-				 * only the DAV endpoint.
-				 * This makes sure that the cookies will be valid for the whole scope
-				 * @see https://github.com/owncloud/core/issues/22893
-				 */
-				\OC::$server->getSession()->set(
-					\OCA\DAV\Connector\Sabre\Auth::DAV_AUTHENTICATED,
-					\OC::$server->getUserSession()->getUser()->getUID()
-				);
-			}
-		}
-	}
-
-	/**
 	 * Check if the user is logged in, considers also the HTTP basic credentials
 	 *
 	 * @deprecated use \OC::$server->getUserSession()->isLoggedIn()
diff --git a/lib/private/legacy/util.php b/lib/private/legacy/util.php
index b3432470f03..4f7a8668dfc 100644
--- a/lib/private/legacy/util.php
+++ b/lib/private/legacy/util.php
@@ -957,8 +957,7 @@ class OC_Util {
 	public static function checkLoggedIn() {
 		// Check if we are a user
 		if (!OC_User::isLoggedIn()) {
-			header('Location: ' . \OC::$server->getURLGenerator()->linkToRoute(
-					'core.login.showLoginForm',
+			header('Location: ' . \OCP\Util::linkToAbsolute('', 'index.php',
 					[
 						'redirect_url' => \OC::$server->getRequest()->getRequestUri()
 					]