Only password::sessioncredentials is allowed for authentication and S…

…MBv2 can only be setup by admins

apps/files_external/js/settings.js

@@ -909,7 +909,7 @@ MountConfigListView.prototype = _.extend({
 		var selectAuthMechanism = $('<select class="selectAuthMechanism"></select>');
 		var neededVisibility = (this._isPersonal) ? StorageConfig.Visibility.PERSONAL : StorageConfig.Visibility.ADMIN;
 		$.each(this._allAuthMechanisms, function(authIdentifier, authMechanism) {
-			if (backend.authSchemes[authMechanism.scheme] && (authMechanism.visibility & neededVisibility)) {
+			if ((backend.authSchemes[authMechanism.scheme] || backend.authSchemes[authMechanism.identifier]) && (authMechanism.visibility & neededVisibility)) {
 				selectAuthMechanism.append(
 					$('<option value="'+authMechanism.identifier+'" data-scheme="'+authMechanism.scheme+'">'+authMechanism.name+'</option>')
 				);
@@ -1589,8 +1589,8 @@ OCA.External.Settings.OAuth2.verifyCode = function (backendUrl, data) {
 		}, function (result) {
 			if (result && result.status == 'success') {
 				$(token).val(result.data.token);
-				$(configured).val('true');	
-				
+				$(configured).val('true');
+
 				OCA.External.Settings.mountConfig.saveStorageConfig($tr, function(status) {
 					if (status) {
 						$tr.find('.configuration input.auth-param')

apps/files_external/lib/Lib/Backend/SMB2.php

@@ -26,6 +26,7 @@
 use OCP\Files\External\Backend\Backend as ExternalBackend;
 use OCP\Files\External\DefinitionParameter;
 use OCP\Files\External\IStorageConfig;
+use OCP\Files\External\IStoragesBackendService;
 use OCP\IL10N;
 use OCP\IUser;
 
@@ -48,7 +49,10 @@ public function __construct(IL10N $l) {
 				(new DefinitionParameter('service-account-password', $l->t('Service Account Password')))
 					->setType(DefinitionParameter::VALUE_PASSWORD),
 			])
-			->addAuthScheme(AuthMechanism::SCHEME_PASSWORD)
+			// only password::sessioncredentials is reasonable
+			->addAuthScheme('password::sessioncredentials')
+			->setVisibility(IStoragesBackendService::VISIBILITY_ADMIN)
+			->setAllowedVisibility(IStoragesBackendService::VISIBILITY_ADMIN)
 		;
 	}
 

lib/public/Files/External/Auth/AuthMechanism.php

@@ -54,13 +54,13 @@
 abstract class AuthMechanism implements \JsonSerializable {
 
 	/** Standard authentication schemes */
-	const SCHEME_NULL = 'null';
-	const SCHEME_BUILTIN = 'builtin';
-	const SCHEME_PASSWORD = 'password';
-	const SCHEME_OAUTH1 = 'oauth1';
-	const SCHEME_OAUTH2 = 'oauth2';
-	const SCHEME_PUBLICKEY = 'publickey';
-	const SCHEME_OPENSTACK = 'openstack';
+	public const SCHEME_NULL = 'null';
+	public const SCHEME_BUILTIN = 'builtin';
+	public const SCHEME_PASSWORD = 'password';
+	public const SCHEME_OAUTH1 = 'oauth1';
+	public const SCHEME_OAUTH2 = 'oauth2';
+	public const SCHEME_PUBLICKEY = 'publickey';
+	public const SCHEME_OPENSTACK = 'openstack';
 
 	use VisibilityTrait;
 	use FrontendDefinitionTrait;
@@ -117,7 +117,8 @@ public function jsonSerialize() {
 	public function validateStorage(IStorageConfig $storage) {
 		// does the backend actually support this scheme
 		$supportedSchemes = $storage->getBackend()->getAuthSchemes();
-		if (!isset($supportedSchemes[$this->getScheme()])) {
+		if (!isset($supportedSchemes[$this->getScheme()]) &&
+			!isset($supportedSchemes[$this->getIdentifier()])) {
 			return false;
 		}