diff options
| -rw-r--r-- | apps/files/js/file-upload.js | 20 | ||||
| -rw-r--r-- | apps/files/js/fileactions.js | 15 | ||||
| -rw-r--r-- | apps/files/js/filelist.js | 2 | ||||
| -rw-r--r-- | apps/files/js/files.js | 8 | ||||
| -rw-r--r-- | apps/files/templates/index.php | 2 | ||||
| -rw-r--r-- | core/js/oc-dialogs.js | 2 | ||||
| -rw-r--r-- | core/templates/layout.user.php | 2 | ||||
| -rw-r--r-- | core/templates/login.php | 6 | ||||
| -rw-r--r-- | lib/base.php | 31 | ||||
| -rw-r--r-- | lib/private/connector/sabre/auth.php | 5 | ||||
| -rw-r--r-- | lib/private/user.php | 81 | ||||
| -rw-r--r-- | lib/public/authentication/iapachebackend.php | 49 |
12 files changed, 177 insertions, 46 deletions
diff --git a/apps/files/js/file-upload.js b/apps/files/js/file-upload.js index b52221ac1fc..f1ef485fc3d 100644 --- a/apps/files/js/file-upload.js +++ b/apps/files/js/file-upload.js @@ -42,26 +42,6 @@ function supportAjaxUploadWithProgress() { OC.Upload = { _uploads: [], /** - * cancels a single upload, - * @deprecated because it was only used when a file currently beeing uploaded was deleted. Now they are added after - * they have been uploaded. - * @param {string} dir - * @param {string} filename - * @returns {unresolved} - */ - cancelUpload:function(dir, filename) { - var self = this; - var deleted = false; - //FIXME _selections - jQuery.each(this._uploads, function(i, jqXHR) { - if (selection.dir === dir && selection.uploads[filename]) { - deleted = self.deleteSelectionUpload(selection, filename); - return false; // end searching through selections - } - }); - return deleted; - }, - /** * deletes the jqHXR object from a data selection * @param {object} data */ diff --git a/apps/files/js/fileactions.js b/apps/files/js/fileactions.js index 67d3d5ead8d..e14e52eb6ca 100644 --- a/apps/files/js/fileactions.js +++ b/apps/files/js/fileactions.js @@ -177,20 +177,7 @@ $(document).ready(function () { FileActions.register('all', 'Delete', OC.PERMISSION_DELETE, function () { return OC.imagePath('core', 'actions/delete'); }, function (filename) { - if (OC.Upload.cancelUpload($('#dir').val(), filename)) { - if (filename.substr) { - filename = [filename]; - } - $.each(filename, function (index, file) { - var filename = $('tr').filterAttr('data-file', file); - filename.hide(); - filename.find('input[type="checkbox"]').removeAttr('checked'); - filename.removeClass('selected'); - }); - procesSelection(); - } else { - FileList.do_delete(filename); - } + FileList.do_delete(filename); $('.tipsy').remove(); }); diff --git a/apps/files/js/filelist.js b/apps/files/js/filelist.js index 3c99e3876c7..a9297996778 100644 --- a/apps/files/js/filelist.js +++ b/apps/files/js/filelist.js @@ -804,7 +804,7 @@ $(document).ready(function(){ data.context.attr('data-mime',file.mime).attr('data-id',file.id); var permissions = data.context.data('permissions'); - if(permissions != file.permissions) { + if(permissions !== file.permissions) { data.context.attr('data-permissions', file.permissions); data.context.data('permissions', file.permissions); } diff --git a/apps/files/js/files.js b/apps/files/js/files.js index 53858d65c65..37b66858840 100644 --- a/apps/files/js/files.js +++ b/apps/files/js/files.js @@ -369,7 +369,7 @@ $(document).ready(function() { } }); } - + //scroll to and highlight preselected file if (getURLParameter('scrollto')) { FileList.scrollTo(getURLParameter('scrollto')); @@ -647,7 +647,7 @@ function lazyLoadPreview(path, mime, ready, width, height) { // get mime icon url getMimeIcon(mime, function(iconURL) { ready(iconURL); // set mimeicon URL - + // now try getting a preview thumbnail URL if ( ! width ) { width = $('#filestable').data('preview-x'); @@ -656,9 +656,9 @@ function lazyLoadPreview(path, mime, ready, width, height) { height = $('#filestable').data('preview-y'); } if( $('#publicUploadButtonMock').length ) { - var previewURL = OC.Router.generate('core_ajax_public_preview', {file: encodeURIComponent(path), x:width, y:height, t:$('#dirToken').val()}); + var previewURL = OC.Router.generate('core_ajax_public_preview', {file: path, x:width, y:height, t:$('#dirToken').val()}); } else { - var previewURL = OC.Router.generate('core_ajax_preview', {file: encodeURIComponent(path), x:width, y:height}); + var previewURL = OC.Router.generate('core_ajax_preview', {file: path, x:width, y:height}); } $.get(previewURL, function() { previewURL = previewURL.replace('(', '%28'); diff --git a/apps/files/templates/index.php b/apps/files/templates/index.php index 245c7f142da..5e7ad41b0f0 100644 --- a/apps/files/templates/index.php +++ b/apps/files/templates/index.php @@ -19,8 +19,6 @@ <input type="hidden" name="MAX_FILE_SIZE" id="max_upload" value="<?php p($_['uploadMaxFilesize']) ?>"> <?php endif;?> - <!-- Send the requesttoken, this is needed for older IE versions - because they don't send the CSRF token via HTTP header in this case --> <input type="hidden" class="max_human_file_size" value="(max <?php p($_['uploadMaxHumanFilesize']); ?>)"> <input type="hidden" name="dir" value="<?php p($_['dir']) ?>" id="dir"> diff --git a/core/js/oc-dialogs.js b/core/js/oc-dialogs.js index ac37b109e76..e5e9f6dbb7d 100644 --- a/core/js/oc-dialogs.js +++ b/core/js/oc-dialogs.js @@ -294,7 +294,7 @@ var OCdialogs = { conflict.find('.replacement .mtime').text(formatDate(replacement.lastModifiedDate)); } var path = getPathForPreview(original.name); - lazyLoadPreview(path, original.type, function(previewpath){ + lazyLoadPreview(path, original.mime, function(previewpath){ conflict.find('.original .icon').css('background-image','url('+previewpath+')'); }, 96, 96); getCroppedPreview(replacement).then( diff --git a/core/templates/layout.user.php b/core/templates/layout.user.php index 71bec11d219..fcca43624fe 100644 --- a/core/templates/layout.user.php +++ b/core/templates/layout.user.php @@ -64,7 +64,7 @@ </li> <?php endforeach; ?> <li> - <a id="logout" href="<?php print_unescaped(link_to('', 'index.php')); ?>?logout=true"> + <a id="logout" <?php print_unescaped(OC_User::getLogoutAttribute()); ?>> <img class="svg" alt="" src="<?php print_unescaped(image_path('', 'actions/logout.svg')); ?>" /> <?php p($l->t('Log out'));?> </a> diff --git a/core/templates/login.php b/core/templates/login.php index 06f64d41e39..aca42c84387 100644 --- a/core/templates/login.php +++ b/core/templates/login.php @@ -12,6 +12,12 @@ <small><?php p($l->t('Please change your password to secure your account again.')); ?></small> </div> <?php endif; ?> + <?php if (isset($_['apacheauthfailed']) && ($_['apacheauthfailed'])): ?> + <div class="warning"> + <?php p($l->t('Server side authentication failed!')); ?><br> + <small><?php p($l->t('Please contact your administrator.')); ?></small> + </div> + <?php endif; ?> <p class="infield grouptop"> <input type="text" name="user" id="user" placeholder="" value="<?php p($_['username']); ?>"<?php p($_['user_autofocus'] ? ' autofocus' : ''); ?> diff --git a/lib/base.php b/lib/base.php index 42182c21fb0..b0b2dca502f 100644 --- a/lib/base.php +++ b/lib/base.php @@ -489,6 +489,11 @@ class OC { if (isset($_SERVER['PHP_AUTH_USER']) && self::$session->exists('user_id') && $_SERVER['PHP_AUTH_USER'] != self::$session->get('user_id')) { + $sessionUser = self::$session->get('user_id'); + $serverUser = $_SERVER['PHP_AUTH_USER']; + OC_Log::write('core', + "Session user-id ($sessionUser) doesn't match SERVER[PHP_AUTH_USER] ($serverUser).", + OC_Log::WARN); OC_User::logout(); } @@ -743,11 +748,17 @@ class OC { protected static function handleLogin() { OC_App::loadApps(array('prelogin')); $error = array(); + + // auth possible via apache module? + if (OC::tryApacheAuth()) { + $error[] = 'apacheauthfailed'; + } // remember was checked after last login - if (OC::tryRememberLogin()) { + elseif (OC::tryRememberLogin()) { $error[] = 'invalidcookie'; - // Someone wants to log in : - } elseif (OC::tryFormLogin()) { + } + // logon via web form + elseif (OC::tryFormLogin()) { $error[] = 'invalidpassword'; } @@ -765,6 +776,20 @@ class OC { } } + protected static function tryApacheAuth() { + $return = OC_User::handleApacheAuth(); + + // if return is true we are logged in -> redirect to the default page + if ($return === true) { + $_REQUEST['redirect_url'] = \OC_Request::requestUri(); + OC_Util::redirectToDefaultPage(); + exit; + } + + // in case $return is null apache based auth is not enabled + return is_null($return) ? false : true; + } + protected static function tryRememberLogin() { if (!isset($_COOKIE["oc_remember_login"]) || !isset($_COOKIE["oc_token"]) diff --git a/lib/private/connector/sabre/auth.php b/lib/private/connector/sabre/auth.php index bf3a49593cb..d2fd74c44f9 100644 --- a/lib/private/connector/sabre/auth.php +++ b/lib/private/connector/sabre/auth.php @@ -72,6 +72,11 @@ class OC_Connector_Sabre_Auth extends Sabre_DAV_Auth_Backend_AbstractBasic { * @return bool */ public function authenticate(Sabre_DAV_Server $server, $realm) { + + if (OC_User::handleApacheAuth()) { + return true; + } + if (OC_User::isLoggedIn()) { $user = OC_User::getUser(); OC_Util::setupFS($user); diff --git a/lib/private/user.php b/lib/private/user.php index 15e807088b4..04cd06b08bd 100644 --- a/lib/private/user.php +++ b/lib/private/user.php @@ -214,6 +214,55 @@ class OC_User { } /** + * @brief Try to login a user, assuming authentication + * has already happened (e.g. via Single Sign On). + * + * Log in a user and regenerate a new session. + * + * @param \OCP\Authentication\IApacheBackend $backend + * @return bool + */ + public static function loginWithApache(\OCP\Authentication\IApacheBackend $backend) { + + $uid = $backend->getCurrentUserId(); + $run = true; + OC_Hook::emit( "OC_User", "pre_login", array( "run" => &$run, "uid" => $uid )); + + if($uid) { + session_regenerate_id(true); + self::setUserId($uid); + self::setDisplayName($uid); + OC_Hook::emit( "OC_User", "post_login", array( "uid" => $uid, 'password'=>'' )); + return true; + } + return false; + } + + /** + * @brief Verify with Apache whether user is authenticated. + * + * @return boolean|null + * true: authenticated + * false: not authenticated + * null: not handled / no backend available + */ + public static function handleApacheAuth() { + $backend = self::findFirstActiveUsedBackend(); + if ($backend) { + OC_App::loadApps(); + + //setup extra user backends + self::setupBackends(); + self::unsetMagicInCookie(); + + return self::loginWithApache($backend); + } + + return null; + } + + + /** * @brief Sets user id for session and triggers emit */ public static function setUserId($uid) { @@ -260,6 +309,22 @@ class OC_User { } /** + * Supplies an attribute to the logout hyperlink. The default behaviour + * is to return an href with '?logout=true' appended. However, it can + * supply any attribute(s) which are valid for <a>. + * + * @return string with one or more HTML attributes. + */ + public static function getLogoutAttribute() { + $backend = self::findFirstActiveUsedBackend(); + if ($backend) { + return $backend->getLogoutAttribute(); + } + + return "href=" . link_to('', 'index.php') . "?logout=true"; + } + + /** * @brief Check if the user is an admin user * @param string $uid uid of the admin * @return bool @@ -497,4 +562,20 @@ class OC_User { public static function unsetMagicInCookie() { self::getUserSession()->unsetMagicInCookie(); } + + /** + * @brief Returns the first active backend from self::$_usedBackends. + * @return null if no backend active, otherwise OCP\Authentication\IApacheBackend + */ + private static function findFirstActiveUsedBackend() { + foreach (self::$_usedBackends as $backend) { + if ($backend instanceof OCP\Authentication\IApacheBackend) { + if ($backend->isSessionActive()) { + return $backend; + } + } + } + + return null; + } } diff --git a/lib/public/authentication/iapachebackend.php b/lib/public/authentication/iapachebackend.php new file mode 100644 index 00000000000..5376baf525c --- /dev/null +++ b/lib/public/authentication/iapachebackend.php @@ -0,0 +1,49 @@ +<?php + +/** + * ownCloud - Apache backend + * + * @author Karl Beecher + * @copyright 2013 Karl Beecher - karl@endocode.com + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE + * License as published by the Free Software Foundation; either + * version 3 of the License, or any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU AFFERO GENERAL PUBLIC LICENSE for more details. + * + * You should have received a copy of the GNU Affero General Public + * License along with this library. If not, see <http://www.gnu.org/licenses/>. + * + */ + +namespace OCP\Authentication; + +interface IApacheBackend { + + /** + * In case the user has been authenticated by Apache true is returned. + * + * @return boolean whether Apache reports a user as currently logged in. + */ + public function isSessionActive(); + + /** + * Creates an attribute which is added to the logout hyperlink. It can + * supply any attribute(s) which are valid for <a>. + * + * @return string with one or more HTML attributes. + */ + public function getLogoutAttribute(); + + /** + * Return the id of the current user + * @return string + */ + public function getCurrentUserId(); + +} |