New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
webdav Basic auth: login with user token #159
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Now that we have this piece of code three times, we should move it to some function to make adjusting it easier. I think of something like a completeLogin
function in the LoginService
, which is then called at the end of the this->loginService->login()
call.
As the logic requires the userSession
and request
, we should pass that to the this->loginService->login
call.
369a506
to
2443eca
Compare
I factorized those bits of code. |
2443eca
to
6c28c90
Compare
Co-authored-by: Tobias <me+github@kantusch.dev>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tested all three (web-based, bearer, basic auth) operations and they work for me now. Please make sure to properly test your code before sending it out for a review :)
Yes, sorry for that. My current development workflow is prone to errors, I should work on this. Thank you for your time. |
If it helps, here is my local setup: I basically use the following version: '3'
volumes:
nextcloud:
db:
services:
db:
image: mariadb
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --skip-innodb-read-only-compressed
volumes:
- db:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=
- MYSQL_PASSWORD=
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
app:
image: nextcloud:stable
ports:
- 8081:80
links:
- db
volumes:
- nextcloud:/var/www/html
- ./nextcloud-oidc-login:/var/www/html/custom_apps/oidc_login
- ./oidc.config.php:/var/www/html/config/oidc.config.php
environment:
- OVERWRITEPROTOCOL=http
- MYSQL_PASSWORD=
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
- MYSQL_HOST=db Then, to test bearer and basic authentication, I use the following Bash script. It is not ideal, but it works. However, it assumes that you use Keycloak. If not, you need to adjust the #!/bin/bash
# Keycloak base address (e.g. http://localhost:8080/auth)
KC_BASE=""
# Keycloak username
KC_USERNAME=""
# Keycloak password
KC_PASSWORD=""
# Keycloak client id
KC_CLIENT=""
# Keycloak client secret
KC_SECRET=""
# Keycloak realm
KC_REALM=""
TOKEN_ENDPOINT="$KC_BASE/realms/$KC_REALM/protocol/openid-connect/token"
# Nextcloud base url (e.g. http://localhost:8081)
NC_BASE=""
# User id of the Nextcloud user that is associated with the Keycloak user above.
# Can be found by logging in as the admin user and listing all users.
# (e.g. bc07e521-184d-448d-a743-5ebe6cfb6c9b)
NC_UID=""
resp=$(curl -s -X POST "$TOKEN_ENDPOINT" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d 'grant_type=password' \
-d "client_id=$KC_CLIENT" -d "client_secret=$KC_SECRET" \
-d "username=$KC_USERNAME" -d "password=$KC_PASSWORD" \
-d "scope=openid")
token=$(echo $resp | jq -r .access_token)
if [ "$token" == "null" ]; then
echo $resp
exit 1
fi
echo "Testing token authentication"
curl -X PROPFIND \
-H "Depth: 1" \
-H "Authorization: Bearer $token" \
$NC_BASE/remote.php/dav/files/$NC_UID/
echo "Testing basic authentication"
curl -X PROPFIND \
-H "Depth: 1" \
-u "$KC_USERNAME:$KC_PASSWORD" \
$NC_BASE/remote.php/dav/files/$NC_UID/ |
Thank you for sharing the configuration. |
This is a port of #154 for
BasicAuthBackend.php