New Middleware WorkspaceAuthRequired catches specific exception, send…

…s JS prompt message and re-initialize request when form is submitted.
pydio · Nov 7, 2016 · 8ce3909 · 8ce3909
1 parent 0510045
commit 8ce3909
Show file tree

Hide file tree

Showing 7 changed files with 104 additions and 34 deletions.
diff --git a/core/src/core/src/pydio/Core/Exception/PydioPromptException.php b/core/src/core/src/pydio/Core/Exception/PydioPromptException.php
@@ -74,36 +74,42 @@ public function __construct($promptType, $data, $messageString, $messageId = fal
         parent::__construct($messageString, $messageId);
     }
 
+
     /**
      * Prompt user for credentials
-     * @param $sessionVariable
-     * @param $switchToRepositoryId
+     * @param array $parameters
+     * @param string $passFieldName
+     * @param string $postSubmitCallback
      * @throws PydioPromptException
      */
-    public static function testOrPromptForCredentials($sessionVariable, $switchToRepositoryId){
-        if(isSet($_GET["prompt_passed_data"]) && isSet($_GET["variable_name"]) && $_GET["variable_name"] == $sessionVariable){
-            $_SESSION[$sessionVariable] = true;
+    public static function promptForWorkspaceCredentials($parameters, $passFieldName, $postSubmitCallback = ""){
+        $hiddens = [];
+        $getFields = [$passFieldName];
+        foreach($parameters as $key => $value){
+            $hiddens[] = "<input type='hidden' name='$key' value='$value'>";
+            $getFields[] = $key;
         }
-        if(!isSet($_SESSION[$sessionVariable])){
-            throw new PydioPromptException(
-                "confirm",
-                array(
-                    "DIALOG" => "Please enter your credentials for this workspace
-                                <input type='hidden' name='get_action' value='switch_repository'>
-                                <input type='hidden' name='repository_id' value='".$switchToRepositoryId."'>
-                                <input type='hidden' name='prompt_passed_data' value='true'>
-                                <input type='hidden' name='variable_name' value='".$sessionVariable."'>
-                                ",
-                    "OK"        => array(
-                        "GET_FIELDS" => array("get_action", "repository_id", "prompt_passed_data", "variable_name"),
-                        "EVAL" => "ajaxplorer.loadXmlRegistry();"
-                    ),
-                    "CANCEL"    => array(
-                        "EVAL" => "ajaxplorer.loadXmlRegistry();"
-                    )
+        throw new PydioPromptException(
+            "confirm",
+            array(
+                "DIALOG" => "<div>
+                                <h3>Credentials Required</h3>
+                                <div class='dialogLegend'>Please provide a password to enter this workspace. You may have to manually redo the action you were currently trying to achieve.</div>
+                                <form autocomplete='off'>
+                                    ".implode("\n", $hiddens)."
+                                    <input style='width: 200px;' type='password' autocomplete='off' name='$passFieldName' value='' placeholder='Password'>
+                                </form>
+                            </div>
+                            ",
+                "OK"        => array(
+                    "GET_FIELDS" => $getFields,
+                    "EVAL" => $postSubmitCallback
                 ),
-                "Credentials Needed");
-        }
+                "CANCEL"    => array(
+                    "EVAL" => ""
+                )
+            ),
+            "Credentials Needed");
 
     }
 

diff --git a/core/src/core/src/pydio/Core/Exception/WorkspaceAuthRequired.php b/core/src/core/src/pydio/Core/Exception/WorkspaceAuthRequired.php
@@ -0,0 +1,65 @@
+<?php
+/*
+ * Copyright 2007-2016 Abstrium <contact (at) pydio.com>
+ * This file is part of Pydio.
+ *
+ * Pydio is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Pydio is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with Pydio.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * The latest code can be found at <https://pydio.com/>.
+ */
+namespace Pydio\Core\Exception;
+
+use Pydio\Access\Core\Model\Repository;
+use Pydio\Auth\Core\MemorySafe;
+use Pydio\Core\Model\Context;
+use Pydio\Core\Model\UserInterface;
+
+defined('AJXP_EXEC') or die('Access not allowed');
+
+/**
+ * Class WorkspaceAuthRequired - Extend exception to trigger an authentication error
+ * if workspace requires a specific authentication and it cannot be found.
+ * @package Pydio\Core\Exception
+ */
+class WorkspaceAuthRequired extends PydioException {
+
+    private $repositoryId;
+
+    /**
+     * WorkspaceAuthRequired constructor.
+     * @param string $repositoryId
+     * @param string $message
+     */
+    public function __construct($repositoryId, $message = "Authentication required for this workspace")
+    {
+        $this->repositoryId = $repositoryId;
+        parent::__construct($message, false, null);
+    }
+
+    /**
+     * @param Repository $workspaceObject
+     * @param UserInterface $userObject
+     * @throws WorkspaceAuthRequired
+     */
+    public static function testWorkspace($workspaceObject, $userObject){
+        if($workspaceObject->getContextOption(Context::contextWithObjects($userObject, $workspaceObject), "USE_SESSION_CREDENTIALS") !== true){
+            return;
+        }
+        if(MemorySafe::loadCredentials() !== false){
+            return;
+        }
+        throw new WorkspaceAuthRequired($workspaceObject->getId());
+    }
+
+}
diff --git a/core/src/core/src/pydio/Core/Http/Server.php b/core/src/core/src/pydio/Core/Http/Server.php
@@ -95,6 +95,7 @@ protected function stackMiddleWares(){
 
         $this->middleWares->push(array("Pydio\\Core\\Controller\\Controller", "registryActionMiddleware"));
         $this->middleWares->push(array("Pydio\\Core\\Http\\Middleware\\SessionRepositoryMiddleware", "handleRequest"));
+        $this->middleWares->push(array("Pydio\\Core\\Http\\Middleware\\WorkspaceAuthMiddleware", "handleRequest"));
         $this->middleWares->push(array("Pydio\\Core\\Http\\Middleware\\AuthMiddleware", "handleRequest"));
         $this->middleWares->push(array("Pydio\\Core\\Http\\Middleware\\SecureTokenMiddleware", "handleRequest"));
         $this->middleWares->push(array("Pydio\\Core\\Http\\Middleware\\SessionMiddleware", "handleRequest"));

diff --git a/core/src/core/src/pydio/Core/Services/SessionService.php b/core/src/core/src/pydio/Core/Services/SessionService.php
@@ -178,7 +178,7 @@ public static function saveRepositoryId($repoId){
     /**
      * @param $repoId
      */
-    public static function switchSessionRepositoriId($repoId){
+    public static function switchSessionRepositoryId($repoId){
         if(self::has(self::CTX_REPOSITORY_ID)) {
             self::save(self::PREVIOUS_REPOSITORY, self::fetch(self::CTX_REPOSITORY_ID));
         }

diff --git a/core/src/core/src/pydio/Core/Services/UsersService.php b/core/src/core/src/pydio/Core/Services/UsersService.php
@@ -23,6 +23,7 @@
 use Pydio\Conf\Core\AbstractUser;
 use Pydio\Core\Controller\Controller;
 use Pydio\Core\Exception\UserNotFoundException;
+use Pydio\Core\Exception\WorkspaceAuthRequired;
 use Pydio\Core\Exception\WorkspaceForbiddenException;
 use Pydio\Core\Exception\WorkspaceNotFoundException;
 use Pydio\Core\Http\Message\ReloadRepoListMessage;
@@ -145,6 +146,7 @@ public static function getRepositoryWithPermission($user, $repositoryId){
         if(!RepositoryService::repositoryIsAccessible($repo, $user)){
             throw new WorkspaceForbiddenException($repositoryId);
         }
+        WorkspaceAuthRequired::testWorkspace($repo, $user);
         return $repo;
     }
 

diff --git a/core/src/core/src/pydio/Core/Utils/Vars/UrlUtils.php b/core/src/core/src/pydio/Core/Utils/Vars/UrlUtils.php
@@ -31,8 +31,9 @@ class UrlUtils
 {
     /**
      * UTF8 support for parseUrl
-     * @param $url
-     * @return mixed
+     * @param string $url
+     * @param int $part one of PHP_URL_** variable
+     * @return array|string
      */
     public static function mbParseUrl($url, $part = -1){
         $enc_url = preg_replace_callback(

diff --git a/core/src/plugins/core.conf/AbstractConfDriver.php b/core/src/plugins/core.conf/AbstractConfDriver.php
@@ -611,13 +611,8 @@ public function switchAction(ServerRequestInterface $requestInterface, ResponseI
                 if (!isSet($repository_id)) {
                     break;
                 }
-                $dirList = UsersService::getRepositoriesForUser($ctx->getUser());
-                /** @var $repository_id string */
-                if (!isSet($dirList[$repository_id])) {
-                    throw new PydioException("Trying to switch to an unkown repository!");
-                }
-                //ConfService::switchRootDir($repository_id);
-                SessionService::switchSessionRepositoriId($repository_id);
+                UsersService::getRepositoryWithPermission($ctx->getUser(), $repository_id);
+                SessionService::switchSessionRepositoryId($repository_id);
                 PluginsService::getInstance($ctx->withRepositoryId($repository_id));
                 if (UsersService::usersEnabled() && $loggedUser !== null) {
                     $loggedUser->setArrayPref("repository_last_connected", $repository_id, time());