blob: 1b85a9715534c547e8ae5e6750900fd5d40102c3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
<?php
/**
* SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors
* SPDX-License-Identifier: AGPL-3.0-or-later
*/
namespace OCA\DAV\Connector\Sabre;
use OCP\Defaults;
use OCP\IRequest;
use OCP\ISession;
use OCP\IUserSession;
use Sabre\DAV\Auth\Backend\AbstractBearer;
use Sabre\HTTP\RequestInterface;
use Sabre\HTTP\ResponseInterface;
class BearerAuth extends AbstractBearer {
public function __construct(
private IUserSession $userSession,
private ISession $session,
private IRequest $request,
private string $principalPrefix = 'principals/users/',
) {
// setup realm
$defaults = new Defaults();
$this->realm = $defaults->getName() ?: 'Nextcloud';
}
private function setupUserFs($userId) {
\OC_Util::setupFS($userId);
$this->session->close();
return $this->principalPrefix . $userId;
}
/**
* {@inheritdoc}
*/
public function validateBearerToken($bearerToken) {
\OC_Util::setupFS();
if (!$this->userSession->isLoggedIn()) {
$this->userSession->tryTokenLogin($this->request);
}
if ($this->userSession->isLoggedIn()) {
return $this->setupUserFs($this->userSession->getUser()->getUID());
}
return false;
}
/**
* \Sabre\DAV\Auth\Backend\AbstractBearer::challenge sets an WWW-Authenticate
* header which some DAV clients can't handle. Thus we override this function
* and make it simply return a 401.
*
* @param RequestInterface $request
* @param ResponseInterface $response
*/
public function challenge(RequestInterface $request, ResponseInterface $response): void {
$response->setStatus(401);
}
}
|
