Permalink
Browse files

Reorganize concentric middlewares. Use authfront plugins as pseudo mi…

…ddlewares as well.

Factorize more and more index.php and rest.php - cmd.php could do the same.
Encapsulate loggingResult in a serializable message.
  • Loading branch information...
1 parent a35a6e5 commit c837e20fd4c5cac8e0d80d9d2d27c1ed5548a2ca @cdujeu cdujeu committed May 11, 2016
Showing with 692 additions and 348 deletions.
  1. +9 −9 core/src/core/src/pydio/Core/Controller/Controller.php
  2. +5 −3 core/src/core/src/pydio/Core/Controller/XMLWriter.php
  3. +78 −0 core/src/core/src/pydio/Core/Http/Message/LoggingResult.php
  4. +3 −1 core/src/core/src/pydio/Core/Http/{ → Message}/UserMessage.php
  5. +150 −0 core/src/core/src/pydio/Core/Http/Middleware/AuthMiddleware.php
  6. +95 −0 core/src/core/src/pydio/Core/Http/Middleware/SapiMiddleware.php
  7. +105 −0 core/src/core/src/pydio/Core/Http/Middleware/SecureTokenMiddleware.php
  8. +63 −0 core/src/core/src/pydio/Core/Http/Middleware/SessionMiddleware.php
  9. +30 −198 core/src/core/src/pydio/Core/Http/Server.php
  10. +2 −45 core/src/core/src/pydio/Core/Services/AuthService.php
  11. +12 −1 core/src/core/src/pydio/Core/Services/SessionService.php
  12. +4 −26 core/src/index.php
  13. +1 −1 core/src/plugins/access.fs/class.fsAccessDriver.php
  14. +3 −1 core/src/plugins/authfront.cas/class.CasAuthFrontend.php
  15. +2 −1 core/src/plugins/authfront.cyphered/class.CypheredAuthFrontend.php
  16. +13 −7 core/src/plugins/authfront.duosecurity/class.DuoSecurityFrontend.php
  17. +26 −22 core/src/plugins/authfront.http_basic/class.BasicHttpAuthFrontend.php
  18. +4 −3 core/src/plugins/authfront.http_server/class.ServerHttpAuthFrontend.php
  19. +2 −1 core/src/plugins/authfront.keystore/class.KeystoreAuthFrontend.php
  20. +1 −1 core/src/plugins/authfront.multi/class.MultiAuthFrontend.php
  21. +8 −2 core/src/plugins/authfront.otp/class.OtpAuthFrontend.php
  22. +47 −10 core/src/plugins/authfront.session_login/class.SessionLoginFrontend.php
  23. +1 −1 core/src/plugins/authfront.session_login/manifest.xml
  24. +1 −1 core/src/plugins/authfront.webftp/class.FTPAuthFrontend.php
  25. +2 −1 core/src/plugins/core.auth/class.AbstractAuthDriver.php
  26. +5 −2 core/src/plugins/core.authfront/class.AbstractAuthFrontend.php
  27. +4 −2 core/src/plugins/gui.ajax/class.AJXP_ClientDriver.php
  28. +13 −0 core/src/plugins/uploader.flex/class.FlexUploadProcessor.php
  29. +3 −9 core/src/rest.php
@@ -22,6 +22,7 @@
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
+use Pydio\Core\Exception\ActionNotFoundException;
use Pydio\Core\Exception\AuthRequiredException;
use Pydio\Core\Exception\PydioException;
use Pydio\Auth\Core\AJXP_Safe;
@@ -80,7 +81,8 @@ public static function registryReset(){
/**
* @param ServerRequestInterface $request
- * @return \DOMElement|bool
+ * @return bool|\DOMElement
+ * @throws ActionNotFoundException
*/
public static function parseRestParameters(ServerRequestInterface &$request){
$actionName = $request->getAttribute("action");
@@ -90,14 +92,12 @@ public static function parseRestParameters(ServerRequestInterface &$request){
$xPath = self::initXPath(true);
$actions = $xPath->query("actions/action[@name='$actionName']");
if (!$actions->length) {
- self::$lastActionNeedsAuth = true;
- return false;
+ throw new ActionNotFoundException($actionName);
}
$action = $actions->item(0);
$restPathList = $xPath->query("processing/serverCallback/@restParams", $action);
if (!$restPathList->length) {
- self::$lastActionNeedsAuth = true;
- return false;
+ throw new ActionNotFoundException($actionName);
}
$restPath = $restPathList->item(0)->nodeValue;
$paramNames = explode("/", trim($restPath, "/"));
@@ -134,7 +134,7 @@ public static function registryActionMiddleware(ServerRequestInterface &$request
}
$response = Controller::run($request, $action);
if($nextCallable != null){
- $response = call_user_func($nextCallable, $request, $response);
+ $response = call_user_func_array($nextCallable, array(&$request, &$response));
}
return $response;
}
@@ -195,13 +195,13 @@ public static function run(ServerRequestInterface $request, &$actionNode = null)
}
}
}
- throw new AuthRequiredException();
+ throw new ActionNotFoundException("cross_copy");
}
$xPath = self::initXPath(true);
if ($actionNode == null) {
$actions = $xPath->query("actions/action[@name='$actionName']");
if (!$actions->length) {
- throw new AuthRequiredException();
+ throw new AuthRequiredException($actionName);
}
$actionNode = $actions->item(0);
}
@@ -642,7 +642,7 @@ public static function actionNeedsRight($actionNode, $xPath, $right, $expectedVa
$rightNode = $rights->item(0);
$rightAttr = $xPath->query("@".$right, $rightNode);
if ($rightAttr->length && $rightAttr->item(0)->value == $expectedValue) {
- self::$lastActionNeedsAuth = true;
+ //self::$lastActionNeedsAuth = true;
return true;
}
return false;
@@ -819,9 +819,9 @@ public static function repositoryToXML($repoId, $repoObject, $exposed, $streams,
* @param string $rememberLogin
* @param string $rememberPass
* @param string $secureToken
- * @return void
+ * @return void|string
*/
- public static function loggingResult($result, $rememberLogin="", $rememberPass = "", $secureToken="")
+ public static function loggingResult($result, $rememberLogin="", $rememberPass = "", $secureToken="", $print = true)
{
$remString = "";
if ($rememberPass != "" && $rememberLogin!= "") {
@@ -830,7 +830,9 @@ public static function loggingResult($result, $rememberLogin="", $rememberPass =
if ($secureToken != "") {
$remString .= " secure_token=\"$secureToken\"";
}
- print("<logging_result value=\"$result\"$remString/>");
+ $st = "<logging_result value=\"$result\"$remString/>";
+ if($print) print $st;
+ else return $st;
}
/**
@@ -0,0 +1,78 @@
+<?php
+/*
+ * Copyright 2007-2015 Abstrium <contact (at) pydio.com>
+ * This file is part of Pydio.
+ *
+ * Pydio is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Pydio is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with Pydio. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * The latest code can be found at <http://pyd.io/>.
+ */
+namespace Pydio\Core\Http\Message;
+
+defined('AJXP_EXEC') or die('Access not allowed');
+
+
+use Pydio\Core\Http\XMLSerializableResponseChunk;
+
+class LoggingResult implements XMLSerializableResponseChunk
+{
+ /**
+ * @var int
+ */
+ private $result;
+ /**
+ * @var string
+ */
+ private $rememberLogin;
+ /**
+ * @var string
+ */
+ private $rememberPass;
+ /**
+ * @var string
+ */
+ private $secureToken;
+
+
+ public function __construct($result, $rememberLogin="", $rememberPass = "", $secureToken="")
+ {
+ $this->result = $result;
+ $this->rememberLogin = $rememberLogin;
+ $this->rememberPass = $rememberPass;
+ $this->secureToken = $secureToken;
+ }
+
+ /**
+ * @return int
+ */
+ public function getResult(){
+ return $this->result;
+ }
+
+ /**
+ * @return string
+ */
+ public function toXML()
+ {
+ $remString = "";
+ if ($this->rememberPass != "" && $this->rememberLogin!= "") {
+ $remString = " remember_login=\"$this->rememberLogin\" remember_pass=\"$this->rememberPass\"";
+ }
+ if ($this->secureToken != "") {
+ $remString .= " secure_token=\"$this->secureToken\"";
+ }
+ return "<logging_result value=\"$this->result\"$remString/>";
+
+ }
+}
@@ -18,9 +18,11 @@
*
* The latest code can be found at <http://pyd.io/>.
*/
-namespace Pydio\Core\Http;
+namespace Pydio\Core\Http\Message;
use Pydio\Core\Controller\XMLWriter;
+use Pydio\Core\Http\JSONSerializableResponseChunk;
+use Pydio\Core\Http\XMLSerializableResponseChunk;
defined('AJXP_EXEC') or die('Access not allowed');
@@ -0,0 +1,150 @@
+<?php
+/*
+ * Copyright 2007-2015 Abstrium <contact (at) pydio.com>
+ * This file is part of Pydio.
+ *
+ * Pydio is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Pydio is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with Pydio. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * The latest code can be found at <http://pyd.io/>.
+ */
+namespace Pydio\Core\Http\Middleware;
+
+use Psr\Http\Message\ServerRequestInterface;
+use Pydio\Authfront\Core\AbstractAuthFrontend;
+use Pydio\Core\Exception\PydioException;
+use Pydio\Core\Exception\WorkspaceNotFoundException;
+use Pydio\Core\Http\Server;
+use Pydio\Core\PluginFramework\PluginsService;
+use Pydio\Core\Services\AuthService;
+use Pydio\Core\Services\ConfService;
+use Pydio\Log\Core\AJXP_Logger;
+
+defined('AJXP_EXEC') or die('Access not allowed');
+
+
+class AuthMiddleware
+{
+
+ /**
+ * @param ServerRequestInterface $requestInterface
+ * @param \Psr\Http\Message\ResponseInterface $responseInterface
+ * @return \Psr\Http\Message\ResponseInterface
+ * @param callable|null $next
+ * @throws WorkspaceNotFoundException
+ */
+ public static function handleRequest(\Psr\Http\Message\ServerRequestInterface &$requestInterface, \Psr\Http\Message\ResponseInterface &$responseInterface, callable $next = null){
+
+ if(AuthService::usersEnabled()){
+
+ PluginsService::getInstance()->initActivePlugins();
+ $frontends = PluginsService::getInstance()->getActivePluginsForType("authfront");
+ $index = 0;
+ /**
+ * @var AbstractAuthFrontend $frontendPlugin
+ */
+ foreach($frontends as $frontendPlugin){
+ if(!$frontendPlugin->isEnabled()) continue;
+ if(!method_exists($frontendPlugin, "tryToLogUser")){
+ AJXP_Logger::error(__CLASS__, __FUNCTION__, "Trying to use an authfront plugin without tryToLogUser method. Wrongly initialized?");
+ continue;
+ }
+ //$res = $frontendPlugin->tryToLogUser($httpVars, ($index == count($frontends)-1));
+ $isLast = ($index == count($frontends)-1);
+ $res = $frontendPlugin->tryToLogUser($requestInterface, $responseInterface, $isLast);
+ $index ++;
+ if($res) {
+ if($responseInterface->getBody()->getSize() > 0 || $responseInterface->getStatusCode() != 200){
+ // Do not go to the other middleware, return directly.
+ return $responseInterface;
+ }
+ break;
+ }
+ }
+
+ }
+
+ if(Server::$mode == Server::MODE_SESSION){
+ self::bootSessionServer($requestInterface);
+ }else{
+ self::bootRestServer($requestInterface);
+ }
+
+ ConfService::reloadServicesAndActivePlugins();
+
+ return Server::callNextMiddleWare($requestInterface, $responseInterface, $next);
+
+ }
+
+ protected static function bootSessionServer(ServerRequestInterface $request){
+
+ $parameters = $request->getParsedBody();
+ if (AuthService::usersEnabled()) {
+
+ $loggedUser = AuthService::getLoggedUser();
+ if ($loggedUser != null) {
+ $res = ConfService::switchUserToActiveRepository($loggedUser, (isSet($parameters["tmp_repository_id"])?$parameters["tmp_repository_id"]:"-1"));
+ if (!$res) {
+ AuthService::disconnect();
+ }
+ }
+
+ }else{
+
+ if (isSet($parameters["tmp_repository_id"])) {
+ try{
+ ConfService::switchRootDir($parameters["tmp_repository_id"], true);
+ }catch(PydioException $e){}
+ } else if (isSet($_SESSION["SWITCH_BACK_REPO_ID"])) {
+ ConfService::switchRootDir($_SESSION["SWITCH_BACK_REPO_ID"]);
+ unset($_SESSION["SWITCH_BACK_REPO_ID"]);
+ }
+
+ }
+
+ //Set language
+ $loggedUser = AuthService::getLoggedUser();
+ if($loggedUser != null && $loggedUser->getPref("lang") != "") ConfService::setLanguage($loggedUser->getPref("lang"));
+ else if(isSet($request->getCookieParams()["AJXP_lang"])) ConfService::setLanguage($request->getCookieParams()["AJXP_lang"]);
+
+ }
+
+ protected static function bootRestServer(ServerRequestInterface $request){
+
+ if(AuthService::getLoggedUser() == null){
+ header('HTTP/1.0 401 Unauthorized');
+ echo 'You are not authorized to access this API.';
+ exit;
+ }
+
+ $repoID = $request->getAttribute("repository_id");
+ if($repoID == 'pydio'){
+ ConfService::switchRootDir();
+ $repo = ConfService::getRepository();
+ }else{
+ $repo = ConfService::findRepositoryByIdOrAlias($repoID);
+ if ($repo == null) {
+ throw new WorkspaceNotFoundException($repoID);
+ }
+ if(!ConfService::repositoryIsAccessible($repo->getId(), $repo, AuthService::getLoggedUser(), false, true)){
+ header('HTTP/1.0 401 Unauthorized');
+ echo 'You are not authorized to access this workspace.';
+ exit;
+ }
+ ConfService::switchRootDir($repo->getId());
+ }
+
+ }
+
+
+}
Oops, something went wrong.

0 comments on commit c837e20

Please sign in to comment.