Merge pull request #5072 from owncloud/apache-auth-master

OC6 Apache Authentication

2 files changed, 86 insertions, 0 deletions

diff --git a/lib/private/connector/sabre/auth.php b/lib/private/connector/sabre/auth.php
index bf3a49593cb..d2fd74c44f9 100644
--- a/lib/private/connector/sabre/auth.php
+++ b/lib/private/connector/sabre/auth.php
@@ -72,6 +72,11 @@ class OC_Connector_Sabre_Auth extends Sabre_DAV_Auth_Backend_AbstractBasic {
 	  * @return bool
 	  */
 	public function authenticate(Sabre_DAV_Server $server, $realm) {
+
+		if (OC_User::handleApacheAuth()) {
+		    return true;
+		}
+
 		if (OC_User::isLoggedIn()) {
 			$user = OC_User::getUser();
 			OC_Util::setupFS($user);
diff --git a/lib/private/user.php b/lib/private/user.php
index 15e807088b4..04cd06b08bd 100644
--- a/lib/private/user.php
+++ b/lib/private/user.php
@@ -214,6 +214,55 @@ class OC_User {
 	}
 
 	/**
+	 * @brief Try to login a user, assuming authentication
+	 * has already happened (e.g. via Single Sign On).
+	 *
+	 * Log in a user and regenerate a new session.
+	 *
+	 * @param \OCP\Authentication\IApacheBackend $backend
+	 * @return bool
+	 */
+	public static function loginWithApache(\OCP\Authentication\IApacheBackend $backend) {
+
+		$uid = $backend->getCurrentUserId();
+		$run = true;
+		OC_Hook::emit( "OC_User", "pre_login", array( "run" => &$run, "uid" => $uid ));
+
+		if($uid) {
+			session_regenerate_id(true);
+			self::setUserId($uid);
+			self::setDisplayName($uid);
+			OC_Hook::emit( "OC_User", "post_login", array( "uid" => $uid, 'password'=>'' ));
+			return true;
+		}
+		return false;
+	}
+
+	/**
+	 * @brief Verify with Apache whether user is authenticated.
+	 *
+	 * @return boolean|null
+	 *          true: authenticated
+	 *          false: not authenticated
+	 *          null: not handled / no backend available
+	 */
+	public static function handleApacheAuth() {
+		$backend = self::findFirstActiveUsedBackend();
+		if ($backend) {
+			OC_App::loadApps();
+
+			//setup extra user backends
+			self::setupBackends();
+			self::unsetMagicInCookie();
+
+			return self::loginWithApache($backend);
+		}
+
+		return null;
+	}
+
+
+	/**
 	 * @brief Sets user id for session and triggers emit
 	 */
 	public static function setUserId($uid) {
@@ -260,6 +309,22 @@ class OC_User {
 	}
 
 	/**
+	 * Supplies an attribute to the logout hyperlink. The default behaviour
+	 * is to return an href with '?logout=true' appended. However, it can
+	 * supply any attribute(s) which are valid for <a>.
+	 *
+	 * @return string with one or more HTML attributes.
+	 */
+	public static function getLogoutAttribute() {
+		$backend = self::findFirstActiveUsedBackend();
+		if ($backend) {
+			return $backend->getLogoutAttribute();
+		}
+
+		return "href=" . link_to('', 'index.php') . "?logout=true";
+	}
+
+	/**
 	 * @brief Check if the user is an admin user
 	 * @param string $uid uid of the admin
 	 * @return bool
@@ -497,4 +562,20 @@ class OC_User {
 	public static function unsetMagicInCookie() {
 		self::getUserSession()->unsetMagicInCookie();
 	}
+
+	/**
+	 * @brief Returns the first active backend from self::$_usedBackends.
+	 * @return null if no backend active, otherwise OCP\Authentication\IApacheBackend
+	 */
+	private static function findFirstActiveUsedBackend() {
+		foreach (self::$_usedBackends as $backend) {
+			if ($backend instanceof OCP\Authentication\IApacheBackend) {
+				if ($backend->isSessionActive()) {
+					return $backend;
+				}
+			}
+		}
+
+		return null;
+	}
 }