diff options
Diffstat (limited to 'apps/files_external/lib/Lib/Auth')
20 files changed, 90 insertions, 106 deletions
diff --git a/apps/files_external/lib/Lib/Auth/AmazonS3/AccessKey.php b/apps/files_external/lib/Lib/Auth/AmazonS3/AccessKey.php index 04019404a90..c86c88a13d7 100644 --- a/apps/files_external/lib/Lib/Auth/AmazonS3/AccessKey.php +++ b/apps/files_external/lib/Lib/Auth/AmazonS3/AccessKey.php @@ -1,4 +1,5 @@ <?php + /** * SPDX-FileCopyrightText: 2018-2024 Nextcloud GmbH and Nextcloud contributors * SPDX-FileCopyrightText: 2016 ownCloud, Inc. diff --git a/apps/files_external/lib/Lib/Auth/AuthMechanism.php b/apps/files_external/lib/Lib/Auth/AuthMechanism.php index ebdf768cda3..7b0544100fb 100644 --- a/apps/files_external/lib/Lib/Auth/AuthMechanism.php +++ b/apps/files_external/lib/Lib/Auth/AuthMechanism.php @@ -1,4 +1,5 @@ <?php + /** * SPDX-FileCopyrightText: 2017-2024 Nextcloud GmbH and Nextcloud contributors * SPDX-FileCopyrightText: 2016 ownCloud, Inc. @@ -39,7 +40,6 @@ class AuthMechanism implements \JsonSerializable, IIdentifier, IFrontendDefiniti public const SCHEME_NULL = 'null'; public const SCHEME_BUILTIN = 'builtin'; public const SCHEME_PASSWORD = 'password'; - public const SCHEME_OAUTH1 = 'oauth1'; public const SCHEME_OAUTH2 = 'oauth2'; public const SCHEME_PUBLICKEY = 'publickey'; public const SCHEME_OPENSTACK = 'openstack'; diff --git a/apps/files_external/lib/Lib/Auth/Builtin.php b/apps/files_external/lib/Lib/Auth/Builtin.php index cd4b8a22af4..8e12a6daca6 100644 --- a/apps/files_external/lib/Lib/Auth/Builtin.php +++ b/apps/files_external/lib/Lib/Auth/Builtin.php @@ -1,4 +1,5 @@ <?php + /** * SPDX-FileCopyrightText: 2019-2024 Nextcloud GmbH and Nextcloud contributors * SPDX-FileCopyrightText: 2016 ownCloud, Inc. diff --git a/apps/files_external/lib/Lib/Auth/IUserProvided.php b/apps/files_external/lib/Lib/Auth/IUserProvided.php index 60f978f673d..2350d7f6db4 100644 --- a/apps/files_external/lib/Lib/Auth/IUserProvided.php +++ b/apps/files_external/lib/Lib/Auth/IUserProvided.php @@ -1,4 +1,5 @@ <?php + /** * SPDX-FileCopyrightText: 2016 ownCloud, Inc. * SPDX-License-Identifier: AGPL-3.0-only diff --git a/apps/files_external/lib/Lib/Auth/InvalidAuth.php b/apps/files_external/lib/Lib/Auth/InvalidAuth.php index d5a6fdcbe5d..2af24f1ea07 100644 --- a/apps/files_external/lib/Lib/Auth/InvalidAuth.php +++ b/apps/files_external/lib/Lib/Auth/InvalidAuth.php @@ -1,4 +1,5 @@ <?php + /** * SPDX-FileCopyrightText: 2017-2024 Nextcloud GmbH and Nextcloud contributors * SPDX-FileCopyrightText: 2016 ownCloud GmbH. diff --git a/apps/files_external/lib/Lib/Auth/NullMechanism.php b/apps/files_external/lib/Lib/Auth/NullMechanism.php index 7847c111415..8e2e5b656b2 100644 --- a/apps/files_external/lib/Lib/Auth/NullMechanism.php +++ b/apps/files_external/lib/Lib/Auth/NullMechanism.php @@ -1,4 +1,5 @@ <?php + /** * SPDX-FileCopyrightText: 2019-2024 Nextcloud GmbH and Nextcloud contributors * SPDX-FileCopyrightText: 2016 ownCloud, Inc. diff --git a/apps/files_external/lib/Lib/Auth/OAuth1/OAuth1.php b/apps/files_external/lib/Lib/Auth/OAuth1/OAuth1.php deleted file mode 100644 index b215201b4f4..00000000000 --- a/apps/files_external/lib/Lib/Auth/OAuth1/OAuth1.php +++ /dev/null @@ -1,36 +0,0 @@ -<?php -/** - * SPDX-FileCopyrightText: 2018-2024 Nextcloud GmbH and Nextcloud contributors - * SPDX-FileCopyrightText: 2016 ownCloud, Inc. - * SPDX-License-Identifier: AGPL-3.0-only - */ -namespace OCA\Files_External\Lib\Auth\OAuth1; - -use OCA\Files_External\Lib\Auth\AuthMechanism; -use OCA\Files_External\Lib\DefinitionParameter; -use OCP\IL10N; - -/** - * OAuth1 authentication - */ -class OAuth1 extends AuthMechanism { - public function __construct(IL10N $l) { - $this - ->setIdentifier('oauth1::oauth1') - ->setScheme(self::SCHEME_OAUTH1) - ->setText($l->t('OAuth1')) - ->addParameters([ - (new DefinitionParameter('configured', 'configured')) - ->setType(DefinitionParameter::VALUE_HIDDEN), - new DefinitionParameter('app_key', $l->t('App key')), - (new DefinitionParameter('app_secret', $l->t('App secret'))) - ->setType(DefinitionParameter::VALUE_PASSWORD), - (new DefinitionParameter('token', 'token')) - ->setType(DefinitionParameter::VALUE_HIDDEN), - (new DefinitionParameter('token_secret', 'token_secret')) - ->setType(DefinitionParameter::VALUE_HIDDEN), - ]) - ->addCustomJs('oauth1') - ; - } -} diff --git a/apps/files_external/lib/Lib/Auth/OAuth2/OAuth2.php b/apps/files_external/lib/Lib/Auth/OAuth2/OAuth2.php index 6b41fef90d5..beaf73c2344 100644 --- a/apps/files_external/lib/Lib/Auth/OAuth2/OAuth2.php +++ b/apps/files_external/lib/Lib/Auth/OAuth2/OAuth2.php @@ -1,4 +1,5 @@ <?php + /** * SPDX-FileCopyrightText: 2018-2024 Nextcloud GmbH and Nextcloud contributors * SPDX-FileCopyrightText: 2016 ownCloud, Inc. @@ -21,12 +22,14 @@ class OAuth2 extends AuthMechanism { ->setText($l->t('OAuth2')) ->addParameters([ (new DefinitionParameter('configured', 'configured')) - ->setType(DefinitionParameter::VALUE_HIDDEN), + ->setType(DefinitionParameter::VALUE_TEXT) + ->setFlag(DefinitionParameter::FLAG_HIDDEN), new DefinitionParameter('client_id', $l->t('Client ID')), (new DefinitionParameter('client_secret', $l->t('Client secret'))) ->setType(DefinitionParameter::VALUE_PASSWORD), (new DefinitionParameter('token', 'token')) - ->setType(DefinitionParameter::VALUE_HIDDEN), + ->setType(DefinitionParameter::VALUE_PASSWORD) + ->setFlag(DefinitionParameter::FLAG_HIDDEN), ]) ->addCustomJs('oauth2') ; diff --git a/apps/files_external/lib/Lib/Auth/OpenStack/OpenStackV2.php b/apps/files_external/lib/Lib/Auth/OpenStack/OpenStackV2.php index 3be4169831b..3b1c9f123af 100644 --- a/apps/files_external/lib/Lib/Auth/OpenStack/OpenStackV2.php +++ b/apps/files_external/lib/Lib/Auth/OpenStack/OpenStackV2.php @@ -1,4 +1,5 @@ <?php + /** * SPDX-FileCopyrightText: 2019-2024 Nextcloud GmbH and Nextcloud contributors * SPDX-FileCopyrightText: 2016 ownCloud, Inc. diff --git a/apps/files_external/lib/Lib/Auth/OpenStack/Rackspace.php b/apps/files_external/lib/Lib/Auth/OpenStack/Rackspace.php index a47d2ea0ca8..b1d1068e586 100644 --- a/apps/files_external/lib/Lib/Auth/OpenStack/Rackspace.php +++ b/apps/files_external/lib/Lib/Auth/OpenStack/Rackspace.php @@ -1,4 +1,5 @@ <?php + /** * SPDX-FileCopyrightText: 2018-2024 Nextcloud GmbH and Nextcloud contributors * SPDX-FileCopyrightText: 2016 ownCloud, Inc. diff --git a/apps/files_external/lib/Lib/Auth/Password/GlobalAuth.php b/apps/files_external/lib/Lib/Auth/Password/GlobalAuth.php index ca1c9ca2bee..916b496b506 100644 --- a/apps/files_external/lib/Lib/Auth/Password/GlobalAuth.php +++ b/apps/files_external/lib/Lib/Auth/Password/GlobalAuth.php @@ -1,4 +1,5 @@ <?php + /** * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors * SPDX-FileCopyrightText: 2015 ownCloud, Inc. @@ -19,13 +20,12 @@ use OCP\Security\ICredentialsManager; */ class GlobalAuth extends AuthMechanism { public const CREDENTIALS_IDENTIFIER = 'password::global'; + private const PWD_PLACEHOLDER = '************************'; - /** @var ICredentialsManager */ - protected $credentialsManager; - - public function __construct(IL10N $l, ICredentialsManager $credentialsManager) { - $this->credentialsManager = $credentialsManager; - + public function __construct( + IL10N $l, + protected ICredentialsManager $credentialsManager, + ) { $this ->setIdentifier('password::global') ->setVisibility(BackendService::VISIBILITY_DEFAULT) @@ -41,11 +41,18 @@ class GlobalAuth extends AuthMechanism { 'password' => '' ]; } else { + $auth['password'] = self::PWD_PLACEHOLDER; return $auth; } } public function saveAuth($uid, $user, $password) { + // Use old password if it has not changed. + if ($password === self::PWD_PLACEHOLDER) { + $auth = $this->credentialsManager->retrieve($uid, self::CREDENTIALS_IDENTIFIER); + $password = $auth['password']; + } + $this->credentialsManager->store($uid, self::CREDENTIALS_IDENTIFIER, [ 'user' => $user, 'password' => $password diff --git a/apps/files_external/lib/Lib/Auth/Password/LoginCredentials.php b/apps/files_external/lib/Lib/Auth/Password/LoginCredentials.php index 6fdd1a0e4ba..ce38140b6ee 100644 --- a/apps/files_external/lib/Lib/Auth/Password/LoginCredentials.php +++ b/apps/files_external/lib/Lib/Auth/Password/LoginCredentials.php @@ -1,4 +1,5 @@ <?php + /** * SPDX-FileCopyrightText: 2018-2024 Nextcloud GmbH and Nextcloud contributors * SPDX-FileCopyrightText: 2015 ownCloud, Inc. @@ -7,6 +8,7 @@ namespace OCA\Files_External\Lib\Auth\Password; use OCA\Files_External\Lib\Auth\AuthMechanism; +use OCA\Files_External\Lib\DefinitionParameter; use OCA\Files_External\Lib\InsufficientDataForMeaningfulAnswerException; use OCA\Files_External\Lib\StorageConfig; use OCA\Files_External\Listener\StorePasswordListener; @@ -28,36 +30,23 @@ use OCP\User\Events\UserLoggedInEvent; class LoginCredentials extends AuthMechanism { public const CREDENTIALS_IDENTIFIER = 'password::logincredentials/credentials'; - /** @var ISession */ - protected $session; - - /** @var ICredentialsManager */ - protected $credentialsManager; - - /** @var CredentialsStore */ - private $credentialsStore; - - /** @var ILDAPProviderFactory */ - private $ldapFactory; - public function __construct( IL10N $l, - ISession $session, - ICredentialsManager $credentialsManager, - CredentialsStore $credentialsStore, + protected ISession $session, + protected ICredentialsManager $credentialsManager, + private CredentialsStore $credentialsStore, IEventDispatcher $eventDispatcher, - ILDAPProviderFactory $ldapFactory + private ILDAPProviderFactory $ldapFactory, ) { - $this->session = $session; - $this->credentialsManager = $credentialsManager; - $this->credentialsStore = $credentialsStore; - $this->ldapFactory = $ldapFactory; - $this ->setIdentifier('password::logincredentials') ->setScheme(self::SCHEME_PASSWORD) ->setText($l->t('Log-in credentials, save in database')) ->addParameters([ + (new DefinitionParameter('password', $l->t('Password'))) + ->setType(DefinitionParameter::VALUE_PASSWORD) + ->setFlag(DefinitionParameter::FLAG_HIDDEN) + ->setFlag(DefinitionParameter::FLAG_OPTIONAL), ]); $eventDispatcher->addServiceListener(UserLoggedInEvent::class, StorePasswordListener::class); @@ -100,7 +89,7 @@ class LoginCredentials extends AuthMechanism { } $credentials = $this->getCredentials($user); - $loginKey = $storage->getBackendOption("login_ldap_attr"); + $loginKey = $storage->getBackendOption('login_ldap_attr'); if ($loginKey) { $backend = $user->getBackend(); if ($backend instanceof IUserBackend && $backend->getBackendName() === 'LDAP') { diff --git a/apps/files_external/lib/Lib/Auth/Password/Password.php b/apps/files_external/lib/Lib/Auth/Password/Password.php index e3393233840..d4291148e3e 100644 --- a/apps/files_external/lib/Lib/Auth/Password/Password.php +++ b/apps/files_external/lib/Lib/Auth/Password/Password.php @@ -1,4 +1,5 @@ <?php + /** * SPDX-FileCopyrightText: 2018-2024 Nextcloud GmbH and Nextcloud contributors * SPDX-FileCopyrightText: 2016 ownCloud, Inc. diff --git a/apps/files_external/lib/Lib/Auth/Password/SessionCredentials.php b/apps/files_external/lib/Lib/Auth/Password/SessionCredentials.php index d81c73ca13f..8f161073771 100644 --- a/apps/files_external/lib/Lib/Auth/Password/SessionCredentials.php +++ b/apps/files_external/lib/Lib/Auth/Password/SessionCredentials.php @@ -1,4 +1,5 @@ <?php + /** * SPDX-FileCopyrightText: 2017-2024 Nextcloud GmbH and Nextcloud contributors * SPDX-FileCopyrightText: 2016 ownCloud, Inc. @@ -7,12 +8,13 @@ namespace OCA\Files_External\Lib\Auth\Password; use OCA\Files_External\Lib\Auth\AuthMechanism; +use OCA\Files_External\Lib\DefinitionParameter; use OCA\Files_External\Lib\InsufficientDataForMeaningfulAnswerException; use OCA\Files_External\Lib\SessionStorageWrapper; use OCA\Files_External\Lib\StorageConfig; use OCP\Authentication\Exceptions\CredentialsUnavailableException; use OCP\Authentication\LoginCredentials\IStore as CredentialsStore; -use OCP\Files\Storage; +use OCP\Files\Storage\IStorage; use OCP\Files\StorageAuthException; use OCP\IL10N; use OCP\IUser; @@ -22,16 +24,19 @@ use OCP\IUser; */ class SessionCredentials extends AuthMechanism { - /** @var CredentialsStore */ - private $credentialsStore; - - public function __construct(IL10N $l, CredentialsStore $credentialsStore) { - $this->credentialsStore = $credentialsStore; - + public function __construct( + IL10N $l, + private CredentialsStore $credentialsStore, + ) { $this->setIdentifier('password::sessioncredentials') ->setScheme(self::SCHEME_PASSWORD) ->setText($l->t('Log-in credentials, save in session')) - ->addParameters([]); + ->addParameters([ + (new DefinitionParameter('password', $l->t('Password'))) + ->setType(DefinitionParameter::VALUE_PASSWORD) + ->setFlag(DefinitionParameter::FLAG_HIDDEN) + ->setFlag(DefinitionParameter::FLAG_OPTIONAL), + ]); } /** @@ -56,7 +61,7 @@ class SessionCredentials extends AuthMechanism { $storage->setBackendOption('password', $credentials->getPassword()); } - public function wrapStorage(Storage $storage) { + public function wrapStorage(IStorage $storage): IStorage { return new SessionStorageWrapper(['storage' => $storage]); } } diff --git a/apps/files_external/lib/Lib/Auth/Password/UserGlobalAuth.php b/apps/files_external/lib/Lib/Auth/Password/UserGlobalAuth.php index 4c277405b18..cb7165261ac 100644 --- a/apps/files_external/lib/Lib/Auth/Password/UserGlobalAuth.php +++ b/apps/files_external/lib/Lib/Auth/Password/UserGlobalAuth.php @@ -9,6 +9,7 @@ declare(strict_types=1); namespace OCA\Files_External\Lib\Auth\Password; use OCA\Files_External\Lib\Auth\AuthMechanism; +use OCA\Files_External\Lib\DefinitionParameter; use OCA\Files_External\Lib\InsufficientDataForMeaningfulAnswerException; use OCA\Files_External\Lib\StorageConfig; use OCA\Files_External\Service\BackendService; @@ -22,12 +23,10 @@ use OCP\Security\ICredentialsManager; class UserGlobalAuth extends AuthMechanism { private const CREDENTIALS_IDENTIFIER = 'password::global'; - /** @var ICredentialsManager */ - protected $credentialsManager; - - public function __construct(IL10N $l, ICredentialsManager $credentialsManager) { - $this->credentialsManager = $credentialsManager; - + public function __construct( + IL10N $l, + protected ICredentialsManager $credentialsManager, + ) { $this ->setIdentifier('password::global::user') ->setVisibility(BackendService::VISIBILITY_DEFAULT) @@ -41,6 +40,12 @@ class UserGlobalAuth extends AuthMechanism { if (!isset($backendOptions['user']) && !isset($backendOptions['password'])) { return; } + + if ($backendOptions['password'] === DefinitionParameter::UNMODIFIED_PLACEHOLDER) { + $oldCredentials = $this->credentialsManager->retrieve($user->getUID(), self::CREDENTIALS_IDENTIFIER); + $backendOptions['password'] = $oldCredentials['password']; + } + // make sure we're not setting any unexpected keys $credentials = [ 'user' => $backendOptions['user'], diff --git a/apps/files_external/lib/Lib/Auth/Password/UserProvided.php b/apps/files_external/lib/Lib/Auth/Password/UserProvided.php index fe9fd357b89..b158392f6eb 100644 --- a/apps/files_external/lib/Lib/Auth/Password/UserProvided.php +++ b/apps/files_external/lib/Lib/Auth/Password/UserProvided.php @@ -1,4 +1,5 @@ <?php + /** * SPDX-FileCopyrightText: 2018-2024 Nextcloud GmbH and Nextcloud contributors * SPDX-FileCopyrightText: 2015 ownCloud, Inc. @@ -22,12 +23,10 @@ use OCP\Security\ICredentialsManager; class UserProvided extends AuthMechanism implements IUserProvided { public const CREDENTIALS_IDENTIFIER_PREFIX = 'password::userprovided/'; - /** @var ICredentialsManager */ - protected $credentialsManager; - - public function __construct(IL10N $l, ICredentialsManager $credentialsManager) { - $this->credentialsManager = $credentialsManager; - + public function __construct( + IL10N $l, + protected ICredentialsManager $credentialsManager, + ) { $this ->setIdentifier('password::userprovided') ->setVisibility(BackendService::VISIBILITY_ADMIN) @@ -47,6 +46,11 @@ class UserProvided extends AuthMechanism implements IUserProvided { } public function saveBackendOptions(IUser $user, $mountId, array $options) { + if ($options['password'] === DefinitionParameter::UNMODIFIED_PLACEHOLDER) { + $oldCredentials = $this->credentialsManager->retrieve($user->getUID(), $this->getCredentialsIdentifier($mountId)); + $options['password'] = $oldCredentials['password']; + } + $this->credentialsManager->store($user->getUID(), $this->getCredentialsIdentifier($mountId), [ 'user' => $options['user'], // explicitly copy the fields we want instead of just passing the entire $options array 'password' => $options['password'] // this way we prevent users from being able to modify any other field diff --git a/apps/files_external/lib/Lib/Auth/PublicKey/RSA.php b/apps/files_external/lib/Lib/Auth/PublicKey/RSA.php index 9b47cf72bb7..ad95c743d2d 100644 --- a/apps/files_external/lib/Lib/Auth/PublicKey/RSA.php +++ b/apps/files_external/lib/Lib/Auth/PublicKey/RSA.php @@ -1,4 +1,5 @@ <?php + /** * SPDX-FileCopyrightText: 2017-2024 Nextcloud GmbH and Nextcloud contributors * SPDX-FileCopyrightText: 2016 ownCloud, Inc. @@ -19,12 +20,10 @@ use phpseclib\Crypt\RSA as RSACrypt; */ class RSA extends AuthMechanism { - /** @var IConfig */ - private $config; - - public function __construct(IL10N $l, IConfig $config) { - $this->config = $config; - + public function __construct( + IL10N $l, + private IConfig $config, + ) { $this ->setIdentifier('publickey::rsa') ->setScheme(self::SCHEME_PUBLICKEY) @@ -33,7 +32,8 @@ class RSA extends AuthMechanism { new DefinitionParameter('user', $l->t('Login')), new DefinitionParameter('public_key', $l->t('Public key')), (new DefinitionParameter('private_key', 'private_key')) - ->setType(DefinitionParameter::VALUE_HIDDEN), + ->setType(DefinitionParameter::VALUE_PASSWORD) + ->setFlag(DefinitionParameter::FLAG_HIDDEN), ]) ->addCustomJs('public_key') ; diff --git a/apps/files_external/lib/Lib/Auth/PublicKey/RSAPrivateKey.php b/apps/files_external/lib/Lib/Auth/PublicKey/RSAPrivateKey.php index ab770d25d09..8f58b71d5ac 100644 --- a/apps/files_external/lib/Lib/Auth/PublicKey/RSAPrivateKey.php +++ b/apps/files_external/lib/Lib/Auth/PublicKey/RSAPrivateKey.php @@ -1,4 +1,5 @@ <?php + /** * SPDX-FileCopyrightText: 2018 Nextcloud GmbH and Nextcloud contributors * SPDX-License-Identifier: AGPL-3.0-or-later @@ -18,12 +19,10 @@ use phpseclib\Crypt\RSA as RSACrypt; */ class RSAPrivateKey extends AuthMechanism { - /** @var IConfig */ - private $config; - - public function __construct(IL10N $l, IConfig $config) { - $this->config = $config; - + public function __construct( + IL10N $l, + private IConfig $config, + ) { $this ->setIdentifier('publickey::rsa_private') ->setScheme(self::SCHEME_PUBLICKEY) diff --git a/apps/files_external/lib/Lib/Auth/SMB/KerberosApacheAuth.php b/apps/files_external/lib/Lib/Auth/SMB/KerberosApacheAuth.php index 7a6ecb08ae5..26671110294 100644 --- a/apps/files_external/lib/Lib/Auth/SMB/KerberosApacheAuth.php +++ b/apps/files_external/lib/Lib/Auth/SMB/KerberosApacheAuth.php @@ -13,10 +13,10 @@ use OCP\Authentication\LoginCredentials\IStore; use OCP\IL10N; class KerberosApacheAuth extends AuthMechanism { - /** @var IStore */ - private $credentialsStore; - - public function __construct(IL10N $l, IStore $credentialsStore) { + public function __construct( + IL10N $l, + private IStore $credentialsStore, + ) { $realm = new DefinitionParameter('default_realm', 'Default realm'); $realm ->setType(DefinitionParameter::VALUE_TEXT) @@ -27,7 +27,6 @@ class KerberosApacheAuth extends AuthMechanism { ->setScheme(self::SCHEME_SMB) ->setText($l->t('Kerberos ticket Apache mode')) ->addParameter($realm); - $this->credentialsStore = $credentialsStore; } public function getCredentialsStore(): IStore { diff --git a/apps/files_external/lib/Lib/Auth/SMB/KerberosAuth.php b/apps/files_external/lib/Lib/Auth/SMB/KerberosAuth.php index e7a0884d1bd..9210209192a 100644 --- a/apps/files_external/lib/Lib/Auth/SMB/KerberosAuth.php +++ b/apps/files_external/lib/Lib/Auth/SMB/KerberosAuth.php @@ -1,4 +1,5 @@ <?php + /** * SPDX-FileCopyrightText: 2018 Nextcloud GmbH and Nextcloud contributors * SPDX-License-Identifier: AGPL-3.0-or-later |