function testRequireLogin()
{
$this->basicAuth->requireLogin();
$this->assertEquals('SabreDAV', $this->basicAuth->getRealm());
$this->assertEquals('HTTP/1.1 401 Unauthorized', $this->response->status, 'We expected a 401 status to be set');
$this->assertEquals('Basic realm="SabreDAV"', $this->response->headers['WWW-Authenticate'], 'The WWW-Autenticate header was not set!');
}
private function _authenticate()
{
$auth = new Sabre_HTTP_BasicAuth();
$auth->setRealm(item::root()->title);
$authResult = $auth->getUserPass();
list($username, $password) = $authResult;
if (!$username || !$password) {
$auth->requireLogin();
return false;
}
$user = identity::lookup_user_by_name($username);
if (empty($user) || !identity::is_correct_password($user, $password)) {
$auth->requireLogin();
return false;
}
identity::set_active_user($user);
return true;
}
/**
* Handles a WebDAV request.
*/
public function requestAction()
{
if (!isset($this->_config->resources->sabredav->enabled) || 0 == $this->_config->resources->sabredav->enabled) {
// Render 404
$response = $this->getResponse();
$response->clearAllHeaders();
$response->clearBody();
$response->setHttpResponseCode(404);
$response->sendResponse();
return;
}
$baseUri = $this->view->url('@admin_webdav');
$publicDir = ROOT_PATH . '/public/uploads';
$tmpDir = ROOT_PATH . '/data/tmp';
$auth = new Sabre_HTTP_BasicAuth();
$auth->setRealm('Fizzy');
$authResult = $auth->getUserPass();
if (false === $authResult) {
$auth->requireLogin();
die('Authentication required');
}
list($username, $password) = $authResult;
$authAdapter = new Fizzy_Doctrine_AuthAdapter($username, $password);
$authResult = $authAdapter->authenticate();
if ($authResult->getCode() !== Zend_Auth_Result::SUCCESS) {
$auth->requireLogin();
die('Authentication failed');
}
$publicDirObj = new Sabre_DAV_FS_Directory($publicDir);
$objectTree = new Sabre_DAV_ObjectTree($publicDirObj);
$server = new Sabre_DAV_Server($objectTree);
$server->setBaseUri($baseUri);
if (isset($this->_config->resources->sabredav->browser) && false != $this->_config->resources->sabredav->browser) {
$browser = new Sabre_DAV_Browser_Plugin();
$server->addPlugin($browser);
}
$server->exec();
}
/**
* Authenticates the user based on the current request.
*
* If authentication is succesful, true must be returned.
* If authentication fails, an exception must be thrown.
*
* @throws Sabre_DAV_Exception_NotAuthenticated
* @return bool
*/
public function authenticate(Sabre_DAV_Server $server, $realm)
{
$auth = new Sabre_HTTP_BasicAuth();
$auth->setHTTPRequest($server->httpRequest);
$auth->setHTTPResponse($server->httpResponse);
$auth->setRealm($realm);
$userpass = $auth->getUserPass();
if (!$userpass) {
$auth->requireLogin();
throw new Sabre_DAV_Exception_NotAuthenticated('No basic authentication headers were found');
}
// Authenticates the user
if (!$this->validateUserPass($userpass[0], $userpass[1])) {
$auth->requireLogin();
throw new Sabre_DAV_Exception_NotAuthenticated('Username or password does not match');
}
$this->currentUser = $userpass[0];
return true;
}
public function authenticate(Sabre_DAV_Server $server, $realm)
{
$auth = new Sabre_HTTP_BasicAuth();
$auth->setHTTPRequest($server->httpRequest);
$auth->setHTTPResponse($server->httpResponse);
$auth->setRealm($realm);
$userpass = $auth->getUserPass();
if (!$userpass) {
if (in_array($_SERVER['REQUEST_METHOD'], array('GET', 'HEAD', 'OPTIONS'))) {
$userpass = array('', '');
} else {
$auth->requireLogin();
throw new Sabre_DAV_Exception_NotAuthenticated('No basic authentication headers were found');
}
}
// Authenticates the user
if (!$this->validateUserPass($userpass[0], $userpass[1])) {
$auth->requireLogin();
throw new Sabre_DAV_Exception_NotAuthenticated('Username or password does not match');
}
$this->currentUser = $userpass[0];
return true;
}
<?php
// include autoload
require_once 'static/SabreDAV/vendor/autoload.php';
// init TSunic
include_once 'init.php';
// Authentication
$auth = new Sabre_HTTP_BasicAuth();
$result = $auth->getUserPass();
if (!$result or !$TSunic->Usr->login($result[0], $result[1])) {
$auth->requireLogin();
echo "Authentication required\n";
die;
}
// allowed to use webdav?
if (!$TSunic->Usr->access('$$$useWebdav')) {
$TSunic->Log->doLog(3, "webdav: Access denied!");
throw new Sabre_DAV_Exception_Forbidden('Permission denied to use webdav');
die;
}
// Get root directory object
$rootDirectory = new ${${$DavCollection}}();
// get server object
$server = new Sabre_DAV_Server($rootDirectory);
// set base uri
//$server->setBaseUri('webdav.php');
// Add lock plugin
$lockBackend = new Sabre_DAV_Locks_Backend_File($TSunic->Config->get('dir_data') . '/webdavlocks');
$lockPlugin = new Sabre_DAV_Locks_Plugin($lockBackend);
$server->addPlugin($lockPlugin);
// We assume $server is a Sabre_DAV_Server
function __construct(ipsRegistry $registry)
{
$this->registry = $registry;
$this->DB = $this->registry->DB();
$this->settings =& $this->registry->fetchSettings();
$this->request =& $this->registry->fetchRequest();
$this->cache = $this->registry->cache();
$this->caches =& $this->registry->cache()->fetchCaches();
/* Set require path to include sabre directory */
@set_include_path(IPS_KERNEL_PATH . 'sabre/');
/*noLibHook*/
ipsRegistry::$settings['use_friendly_urls'] = 0;
/* Fetch authentication library */
$classToLoad = IPSLib::loadLibrary(IPS_ROOT_PATH . 'sources/handlers/han_login.php', 'han_login');
$login = new $classToLoad($registry);
/* Require spl for sabre */
require_once 'Sabre.autoload.php';
/*noLibHook*/
/* Attempt authentication */
$auth = new Sabre_HTTP_BasicAuth();
$auth->setRealm("IP.Board WebDav");
/* Enabled? */
if (!$this->settings['webdav_on']) {
$auth->requireLogin();
echo "Please visit your Admin CP - Look and Feel - Externally Edit Templates and CSS to enable this functionality";
exit;
}
/* Fetch details */
$authDetails = $auth->getUserPass();
/* Check auth */
$member = IPSMember::load(IPSText::parseCleanValue($authDetails[0]), 'all', 'username');
if (!$member['member_id']) {
$auth->requireLogin();
print "Authentication Required (User doesn't exist)";
exit;
}
/* Internal auth only */
$result = IPSMember::authenticateMember($member['member_id'], md5(IPSText::parseCleanValue($authDetails[1])));
if ($result === false) {
$auth->requireLogin();
print "Authentication Required (Username or password incorrect)";
exit;
}
/* Load permissions class */
$classToLoad = IPSLib::loadLibrary(IPS_ROOT_PATH . 'sources/classes/class_permissions.php', 'class_permissions');
$this->registry->setClass('class_permissions', new $classToLoad($this->registry));
if (!$member['g_access_cp']) {
$auth->requireLogin();
print "Authentication Required (You are not an admin)";
exit;
}
if (!$this->registry->getClass('class_permissions')->checkPermission('settemplates_external_edit')) {
$auth->requireLogin();
print "You are not permitted to edit skins externally";
exit;
}
/* Require some files for our sabre implementation */
require_once IPS_ROOT_PATH . 'sources/classes/sabre/root/skins.php';
/*noLibHook*/
require_once IPS_ROOT_PATH . 'sources/classes/sabre/directory/templates.php';
/*noLibHook*/
require_once IPS_ROOT_PATH . 'sources/classes/sabre/directory/groups.php';
/*noLibHook*/
require_once IPS_ROOT_PATH . 'sources/classes/sabre/files/templates.php';
/*noLibHook*/
require_once IPS_ROOT_PATH . 'sources/classes/sabre/lock/nolocks.php';
/*noLibHook*/
$tree = new Sabre_DAV_ObjectTree(new sabre_root_skins());
$server = new Sabre_DAV_Server($tree);
$server->setBaseUri($this->getBaseUrl() . '/');
//$server->addPlugin( new Sabre_DAV_Browser_Plugin() );
$server->addPlugin(new Sabre_DAV_Locks_Plugin(new sabre_lock_nolocks()));
/* Process */
$server->exec();
}
echo 'Must be in debug mode.';
exit;
}
$dependencies = new XenForo_Dependencies_Admin();
$dependencies->preLoadData();
if (!function_exists('mb_detect_encoding')) {
// this is a hack to not require the mbstring functions for *1* function call
function mb_detect_encoding()
{
return 'UTF-8';
}
}
require $fileDir . '/library/Sabre/Sabre.autoload.php';
$request = new Zend_Controller_Request_Http();
$baseUrl = $request->getBaseUrl();
$auth = new Sabre_HTTP_BasicAuth();
$auth->setRealm('XenForo Admin CP WebDAV');
$authData = $auth->getUserPass();
/* @var $userModel XenForo_Model_User */
$userModel = XenForo_Model::create('XenForo_Model_User');
$authValid = false;
$userId = $userModel->validateAuthentication($authData[0], $authData[1]);
if ($userId) {
$visitor = XenForo_Visitor::setup($userId);
if ($visitor['is_admin']) {
$authValid = true;
}
}
if (!$authValid) {
$auth->requireLogin();
echo "Authentication required";