function testRequireLogin()
{
$this->basicAuth->requireLogin();
$this->assertEquals('SabreDAV', $this->basicAuth->getRealm());
$this->assertEquals('HTTP/1.1 401 Unauthorized', $this->response->status, 'We expected a 401 status to be set');
$this->assertEquals('Basic realm="SabreDAV"', $this->response->headers['WWW-Authenticate'], 'The WWW-Autenticate header was not set!');
}
public static function handleRequest()
{
if (extension_loaded('newrelic')) {
newrelic_disable_autorum();
}
// retrieve authentication attempt
if ($GLOBALS['Session']->hasAccountLevel('Developer')) {
$User = $GLOBALS['Session']->Person;
} else {
$authEngine = new \Sabre\HTTP\BasicAuth();
$authEngine->setRealm('Develop ' . \Site::$title);
$authUserPass = $authEngine->getUserPass();
// try to get user
$userClass = \User::$defaultClass;
$User = $userClass::getByLogin($authUserPass[0], $authUserPass[1]);
// send auth request if login is inadiquate
if (!$User || !$User->hasAccountLevel('Developer')) {
$authEngine->requireLogin();
die("You must login using a " . \Site::getConfig('primary_hostname') . " account with Developer access\n");
}
}
// store login to session
if (isset($GLOBALS['Session'])) {
$GLOBALS['Session'] = $GLOBALS['Session']->changeClass('UserSession', array('PersonID' => $User->ID));
}
// detect base path
$basePath = array_slice(\Site::$requestPath, 0, count(\Site::$resolvedPath));
// switch to JSON response mode
if (static::peekPath() == 'json') {
$basePath[] = static::$responseMode = static::shiftPath();
}
// handle /develop request
if ($_SERVER['REQUEST_METHOD'] == 'GET' && static::getResponseMode() == 'html' && !static::peekPath()) {
\RequestHandler::respond('app/ext', array('App' => \Sencha_App::getByName('EmergenceEditor'), 'mode' => 'production', 'title' => 'EmergenceEditor'));
}
// initial and configure SabreDAV
$server = new \Sabre\DAV\Server(new RootCollection());
$server->setBaseUri('/' . join('/', $basePath));
// The lock manager is reponsible for making sure users don't overwrite each others changes. Change 'data' to a different
// directory, if you're storing your data somewhere else.
# $lockBackend = new Sabre_DAV_Locks_Backend_FS('/tmp/dav-lock');
# $lockPlugin = new Sabre_DAV_Locks_Plugin($lockBackend);
# $server->addPlugin($lockPlugin);
// filter temporary files
$server->addPlugin(new \Sabre\DAV\TemporaryFileFilterPlugin('/tmp/dav-tmp'));
// ?mount support
$server->addPlugin(new \Sabre\DAV\Mount\Plugin());
// emergence :)
$server->addPlugin(new \Emergence\DAV\ServerPlugin());
// All we need to do now, is to fire up the server
$server->exec();
}
/**
* @static
* @throws Exception
* @return User
*/
public static function authenticateHttpBasic()
{
$auth = new \Sabre\HTTP\BasicAuth();
$auth->setRealm("pimcore");
$result = $auth->getUserPass();
if (is_array($result)) {
list($username, $password) = $result;
return self::authenticatePlaintext($username, $password);
}
$auth->requireLogin();
\Logger::error("Authentication Basic (WebDAV) required");
echo "Authentication required\n";
die;
}
public function authenticate(Sabre\DAV\Server $server, $realm)
{
$auth = new Sabre\HTTP\BasicAuth();
$auth->setHTTPRequest($server->httpRequest);
$auth->setHTTPResponse($server->httpResponse);
$auth->setRealm($realm);
$userpass = $auth->getUserPass();
if (!$userpass) {
$auth->requireLogin();
throw new Sabre\DAV\Exception\NotAuthenticated('No basic authentication headers were found');
}
// Authenticates the user
//AJXP_Logger::info(__CLASS__,"authenticate",$userpass[0]);
$confDriver = ConfService::getConfStorageImpl();
$userObject = $confDriver->createUserObject($userpass[0]);
$webdavData = $userObject->getPref("AJXP_WEBDAV_DATA");
if (empty($webdavData) || !isset($webdavData["ACTIVE"]) || $webdavData["ACTIVE"] !== true) {
AJXP_Logger::warning(__CLASS__, "Login failed", array("user" => $userpass[0], "error" => "WebDAV user not found or disabled"));
throw new Sabre\DAV\Exception\NotAuthenticated();
}
// check if there are cached credentials. prevents excessive authentication calls to external
// auth mechanism.
$cachedPasswordValid = 0;
$secret = defined("AJXP_SECRET_KEY") ? AJXP_SECRET_KEY : "CDAFx¨op#";
$encryptedPass = md5($userpass[1] . $secret . date('YmdHi'));
if (isset($webdavData["TMP_PASS"]) && $encryptedPass == $webdavData["TMP_PASS"]) {
$cachedPasswordValid = true;
//AJXP_Logger::debug("Using Cached Password");
}
if (!$cachedPasswordValid && !$this->validateUserPass($userpass[0], $userpass[1])) {
AJXP_Logger::warning(__CLASS__, "Login failed", array("user" => $userpass[0], "error" => "Invalid WebDAV user or password"));
$auth->requireLogin();
throw new Sabre\DAV\Exception\NotAuthenticated('Username or password does not match');
}
$this->currentUser = $userpass[0];
$res = AuthService::logUser($this->currentUser, $userpass[1], true);
if ($res < 1) {
throw new Sabre\DAV\Exception\NotAuthenticated();
}
$this->updateCurrentUserRights(AuthService::getLoggedUser());
if (ConfService::getCoreConf("SESSION_SET_CREDENTIALS", "auth")) {
AJXP_Safe::storeCredentials($this->currentUser, $userpass[1]);
}
if (isset($this->repositoryId) && ConfService::getRepositoryById($this->repositoryId)->getOption("AJXP_WEBDAV_DISABLED") === true) {
throw new Sabre\DAV\Exception\NotAuthenticated('You are not allowed to access this workspace');
}
ConfService::switchRootDir($this->repositoryId);
// the method used here will invalidate the cached password every minute on the minute
if (!$cachedPasswordValid) {
$webdavData["TMP_PASS"] = $encryptedPass;
$userObject->setPref("AJXP_WEBDAV_DATA", $webdavData);
$userObject->save("user");
AuthService::updateUser($userObject);
}
return true;
}
<?php
// !!!! Make sure the Sabre directory is in the include_path !!!
// example:
// set_include_path('lib/' . PATH_SEPARATOR . get_include_path());
// settings
date_default_timezone_set('Canada/Eastern');
// Files we need
require_once 'vendor/autoload.php';
$u = 'admin';
$p = '1234';
$auth = new \Sabre\HTTP\BasicAuth();
$result = $auth->getUserPass();
if (!$result || $result[0] != $u || $result[1] != $p) {
$auth->requireLogin();
echo "Authentication required\n";
die;
}
