New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Custom Authentication Mechanisms for WebDAV and APIs #26742
Merged
Merged
Changes from 30 commits
Commits
Show all changes
32 commits
Select commit
Hold shift + click to select a range
be3bcba
Add if-statement for switching auth backends
joneug e23a570
Implement determineUsername function
joneug 45983f1
Update PHPDoc
joneug 76a37fa
Update code for changes in OAuth 2.0 app
joneug 14cabab
Replace own AbstractBearer implementation with that of sabre/dav
joneug c1833bb
Add OAuth 2.0 App as submodule
joneug 43f12b0
Update comment in webdav.php
joneug 38b2062
Improve if-statement for the auth backend
joneug b9cd079
Update code for changes in OAuth 2.0 app
joneug 253c827
Add OAuth2Test
joneug 3d6dc7e
Update OAuth2Test
joneug ae46539
Merge branch 'master' of https://github.com/owncloud/core into dav-oauth
joneug 7f5fe29
Add OAuth 2.0 login mechanism to Session.php for use in api.php
joneug 190ebab
Update loginWithOAuth2 function
joneug 0962285
Update OAuth 2.0 App
joneug 58949f6
Improve tearDown function in OAuth2Test
joneug bfa9c04
Refactor OAuth2Test
joneug 1259886
Refactor OAuth2Test
joneug 2142bb3
Remove submodule oauth2
joneug b511469
Update .gitignore
joneug fa021a3
Merge branch 'dav-oauth' into api-oauth
joneug 99eedf0
Remove submodule oauth2
joneug ecbcea3
Delete OAuth2Test.php
joneug 92af9b1
Remove reference to OAuth2 class in webdav.php
joneug 7e0b8ae
Add plugin mechanism for authentication
joneug 480173d
Update PHPDoc in IAuthModule
joneug 574ce23
Update PHPDoc for auth function
joneug 213ccd7
Merge branch 'master' of https://github.com/owncloud/core into dav-oauth
joneug c78e854
Add getUserPassword function in IAuthModule
joneug 945f6bc
Add loading of additional AuthBackends for webdav interface
joneug cde90f6
Add type check for IAuthModule
joneug b378b45
Merge branch 'master' of https://github.com/owncloud/core into dav-oauth
joneug File filter
Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -31,17 +31,22 @@ | |
|
||
namespace OC\User; | ||
|
||
use Exception; | ||
use OC; | ||
use OC\Authentication\Exceptions\InvalidTokenException; | ||
use OC\Authentication\Exceptions\PasswordlessTokenException; | ||
use OC\Authentication\Exceptions\PasswordLoginForbiddenException; | ||
use OC\Authentication\Token\IProvider; | ||
use OC\Authentication\Token\IToken; | ||
use OC\Hooks\Emitter; | ||
use OC_App; | ||
use OC_User; | ||
use OC_Util; | ||
use OCA\DAV\Connector\Sabre\Auth; | ||
use OCP\App\IAppManager; | ||
use OCP\AppFramework\QueryException; | ||
use OCP\AppFramework\Utility\ITimeFactory; | ||
use OCP\Authentication\IAuthModule; | ||
use OCP\IConfig; | ||
use OCP\IRequest; | ||
use OCP\ISession; | ||
|
@@ -675,6 +680,79 @@ public function tryTokenLogin(IRequest $request) { | |
return true; | ||
} | ||
|
||
/** | ||
* Tries to login with an AuthModule provided by an app | ||
* | ||
* @param IRequest $request The request | ||
* @return bool True if request can be authenticated, false otherwise | ||
* @throws Exception If the auth module could not be loaded | ||
*/ | ||
public function tryAuthModuleLogin(IRequest $request) { | ||
/** @var IAppManager $appManager */ | ||
$appManager = OC::$server->query('AppManager'); | ||
$allApps = $appManager->getInstalledApps(); | ||
|
||
foreach ($allApps as $appId) { | ||
$info = $appManager->getAppInfo($appId); | ||
|
||
if (isset($info['auth-modules'])) { | ||
$authModules = $info['auth-modules']; | ||
|
||
foreach ($authModules as $class) { | ||
try { | ||
if (!OC_App::isAppLoaded($appId)) { | ||
OC_App::loadApp($appId); | ||
} | ||
|
||
/** @var IAuthModule $authModule */ | ||
$authModule = OC::$server->query($class); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. adding a type check? if ($authModule instanceof IAuthModule) { There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Done |
||
|
||
return $this->loginUser($authModule->auth($request), $authModule->getUserPassword($request)); | ||
} catch (QueryException $exc) { | ||
throw new Exception("Could not load the auth module $class"); | ||
} | ||
} | ||
} | ||
} | ||
|
||
return false; | ||
} | ||
|
||
/** | ||
* Log an user in | ||
* | ||
* @param IUser $user The user | ||
* @param String $password The user's password | ||
* @return boolean True if the user can be authenticated, false otherwise | ||
* @throws LoginException if an app canceld the login process or the user is not enabled | ||
*/ | ||
private function loginUser($user, $password) { | ||
if (is_null($user)) { | ||
return false; | ||
} | ||
|
||
$this->manager->emit('\OC\User', 'preLogin', [$user, $password]); | ||
|
||
if (!$user->isEnabled()) { | ||
$message = \OC::$server->getL10N('lib')->t('User disabled'); | ||
throw new LoginException($message); | ||
} | ||
|
||
$this->setUser($user); | ||
$this->setLoginName($user->getDisplayName()); | ||
|
||
$this->manager->emit('\OC\User', 'postLogin', [$user, $password]); | ||
|
||
if ($this->isLoggedIn()) { | ||
$this->prepareUserLogin(false); | ||
} else { | ||
$message = \OC::$server->getL10N('lib')->t('Login canceled by app'); | ||
throw new LoginException($message); | ||
} | ||
|
||
return true; | ||
} | ||
|
||
/** | ||
* perform login using the magic cookie (remember login) | ||
* | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
<?php | ||
|
||
namespace OCP\Authentication; | ||
|
||
use OCP\IRequest; | ||
use OCP\IUser; | ||
|
||
/** | ||
* Interface IAuthModule | ||
* | ||
* @package OCP\Authentication | ||
* @since 10.0.0 | ||
*/ | ||
interface IAuthModule { | ||
|
||
/** | ||
* Authenticates a request. | ||
* | ||
* @param IRequest $request The request. | ||
* | ||
* @return null|IUser The user if the request is authenticated, null otherwise. | ||
* @since 10.0.0 | ||
*/ | ||
public function auth(IRequest $request); | ||
|
||
/** | ||
* Returns the user's password. | ||
* | ||
* @param IRequest $request The request. | ||
* | ||
* @return String The user's password. | ||
* @since 10.0.0 | ||
*/ | ||
public function getUserPassword(IRequest $request); | ||
|
||
} |
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
please inject appManager as parameter in the ctor
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I tried to inject the AppManager, but when changing the registration of
UserSession
inServer.php
(see here) I get the following error:Inside the closure for the
registerService
function,$appManager = $c->getAppManager();
is called over and over again. Any ideas?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No ideas?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
okay then let's keep it this way