diff options
-rw-r--r-- | apps/dav/appinfo/v1/publicwebdav.php | 3 | ||||
-rw-r--r-- | apps/dav/appinfo/v1/webdav.php | 10 | ||||
-rw-r--r-- | apps/dav/lib/Connector/Sabre/ServerFactory.php | 7 | ||||
-rw-r--r-- | apps/dav/tests/unit/Connector/Sabre/RequestTest/RequestTestCase.php | 3 | ||||
-rw-r--r-- | build/integration/features/auth.feature | 6 |
5 files changed, 22 insertions, 7 deletions
diff --git a/apps/dav/appinfo/v1/publicwebdav.php b/apps/dav/appinfo/v1/publicwebdav.php index 95fb71032d5..3ef1c2e62a5 100644 --- a/apps/dav/appinfo/v1/publicwebdav.php +++ b/apps/dav/appinfo/v1/publicwebdav.php @@ -42,6 +42,7 @@ $authBackend = new OCA\DAV\Connector\PublicAuth( \OC::$server->getShareManager(), \OC::$server->getSession() ); +$authPlugin = new \Sabre\DAV\Auth\Plugin($authBackend); $serverFactory = new OCA\DAV\Connector\Sabre\ServerFactory( \OC::$server->getConfig(), @@ -59,7 +60,7 @@ $requestUri = \OC::$server->getRequest()->getRequestUri(); $linkCheckPlugin = new \OCA\DAV\Files\Sharing\PublicLinkCheckPlugin(); $filesDropPlugin = new \OCA\DAV\Files\Sharing\FilesDropPlugin(); -$server = $serverFactory->createServer($baseuri, $requestUri, $authBackend, function (\Sabre\DAV\Server $server) use ($authBackend, $linkCheckPlugin, $filesDropPlugin) { +$server = $serverFactory->createServer($baseuri, $requestUri, $authPlugin, function (\Sabre\DAV\Server $server) use ($authBackend, $linkCheckPlugin, $filesDropPlugin) { $isAjax = (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] === 'XMLHttpRequest'); $federatedSharingApp = new \OCA\FederatedFileSharing\AppInfo\Application(); $federatedShareProvider = $federatedSharingApp->getFederatedShareProvider(); diff --git a/apps/dav/appinfo/v1/webdav.php b/apps/dav/appinfo/v1/webdav.php index 32f93b27760..a1ad4ab489d 100644 --- a/apps/dav/appinfo/v1/webdav.php +++ b/apps/dav/appinfo/v1/webdav.php @@ -52,9 +52,17 @@ $authBackend = new \OCA\DAV\Connector\Sabre\Auth( \OC::$server->getBruteForceThrottler(), 'principals/' ); +$authPlugin = new \Sabre\DAV\Auth\Plugin($authBackend); +$bearerAuthPlugin = new \OCA\DAV\Connector\Sabre\BearerAuth( + \OC::$server->getUserSession(), + \OC::$server->getSession(), + \OC::$server->getRequest() +); +$authPlugin->addBackend($bearerAuthPlugin); + $requestUri = \OC::$server->getRequest()->getRequestUri(); -$server = $serverFactory->createServer($baseuri, $requestUri, $authBackend, function() { +$server = $serverFactory->createServer($baseuri, $requestUri, $authPlugin, function() { // use the view for the logged in user return \OC\Files\Filesystem::getView(); }); diff --git a/apps/dav/lib/Connector/Sabre/ServerFactory.php b/apps/dav/lib/Connector/Sabre/ServerFactory.php index f04362dfc08..329aa335ea4 100644 --- a/apps/dav/lib/Connector/Sabre/ServerFactory.php +++ b/apps/dav/lib/Connector/Sabre/ServerFactory.php @@ -40,6 +40,7 @@ use OCP\IRequest; use OCP\ITagManager; use OCP\IUserSession; use Sabre\DAV\Auth\Backend\BackendInterface; +use Sabre\DAV\Auth\Plugin; class ServerFactory { /** @var IConfig */ @@ -92,13 +93,13 @@ class ServerFactory { /** * @param string $baseUri * @param string $requestUri - * @param BackendInterface $authBackend + * @param Plugin $authPlugin * @param callable $viewCallBack callback that should return the view for the dav endpoint * @return Server */ public function createServer($baseUri, $requestUri, - BackendInterface $authBackend, + Plugin $authPlugin, callable $viewCallBack) { // Fire up server $objectTree = new \OCA\DAV\Connector\Sabre\ObjectTree(); @@ -110,7 +111,7 @@ class ServerFactory { // Load plugins $server->addPlugin(new \OCA\DAV\Connector\Sabre\MaintenancePlugin($this->config)); $server->addPlugin(new \OCA\DAV\Connector\Sabre\BlockLegacyClientPlugin($this->config)); - $server->addPlugin(new \Sabre\DAV\Auth\Plugin($authBackend)); + $server->addPlugin($authPlugin); // FIXME: The following line is a workaround for legacy components relying on being able to send a GET to / $server->addPlugin(new \OCA\DAV\Connector\Sabre\DummyGetResponsePlugin()); $server->addPlugin(new \OCA\DAV\Connector\Sabre\ExceptionLoggerPlugin('webdav', $this->logger)); diff --git a/apps/dav/tests/unit/Connector/Sabre/RequestTest/RequestTestCase.php b/apps/dav/tests/unit/Connector/Sabre/RequestTest/RequestTestCase.php index 50e228b7e84..58a729e18ec 100644 --- a/apps/dav/tests/unit/Connector/Sabre/RequestTest/RequestTestCase.php +++ b/apps/dav/tests/unit/Connector/Sabre/RequestTest/RequestTestCase.php @@ -138,8 +138,9 @@ abstract class RequestTestCase extends TestCase { */ protected function getSabreServer(View $view, $user, $password, ExceptionPlugin $exceptionPlugin) { $authBackend = new Auth($user, $password); + $authPlugin = new \Sabre\DAV\Auth\Plugin($authBackend); - $server = $this->serverFactory->createServer('/', 'dummy', $authBackend, function () use ($view) { + $server = $this->serverFactory->createServer('/', 'dummy', $authPlugin, function () use ($view) { return $view; }); $server->addPlugin($exceptionPlugin); diff --git a/build/integration/features/auth.feature b/build/integration/features/auth.feature index edcca4bcd4e..679b2465659 100644 --- a/build/integration/features/auth.feature +++ b/build/integration/features/auth.feature @@ -53,10 +53,14 @@ Feature: auth When requesting "/remote.php/webdav" with "PROPFIND" using restricted basic token auth Then the HTTP status code should be "207" - Scenario: using WebDAV with restricted basic token auth + Scenario: using old WebDAV endpoint with unrestricted client token When requesting "/remote.php/webdav" with "PROPFIND" using an unrestricted client token Then the HTTP status code should be "207" + Scenario: using new WebDAV endpoint with unrestricted client token + When requesting "/remote.php/dav/" with "PROPFIND" using an unrestricted client token + Then the HTTP status code should be "207" + Scenario: using WebDAV with browser session Given a new browser session is started When requesting "/remote.php/webdav" with "PROPFIND" using browser session |