Ejemplo n.º 1
0
 public static function firstLogin($userInfo, $authInfo)
 {
     $userID = $userInfo->getUserId();
     $password = RequestManager::getRequest(ISingleSignOnRequest::USERPASSWORDGENERATOR) ? RequestManager::send(ISingleSignOnRequest::USERPASSWORDGENERATOR) : $userID;
     $user = \OC_User::createUser($userID, $password);
     if (class_exists('\\OCA\\SingleSignOn\\UserInfoSetter')) {
         UserInfoSetter::setInfo($user, $userInfo);
     }
     self::wirteAuthInfoToSession($authInfo);
     return \OC_User::login($userID, $password);
 }
Ejemplo n.º 2
0
 /**
  * This is being run in normal order before the controller is being
  * called which allows several modifications and checks
  *
  * @param Controller $controller the controller that is being called
  * @param string $methodName the name of the method that will be called on
  *                           the controller
  * @throws SecurityException
  * @since 6.0.0
  */
 public function beforeController($controller, $methodName)
 {
     // ensure that @SSOCORS annotated API routes are not used in conjunction
     // with session authentication since this enables CSRF attack vectors
     if ($this->reflector->hasAnnotation('SSOCORS') && !$this->reflector->hasAnnotation('PublicPage')) {
         $authInfo = AuthInfo::get();
         if (!\OC::$server->getSystemConfig()->getValue("sso_one_time_password")) {
             $tokenVaildator = \OCA\SingleSignOn\RequestManager::send(\OCA\SingleSignOn\ISingleSignOnRequest::VALIDTOKEN, $authInfo);
             if (!$tokenVaildator) {
                 throw new SecurityException('Token expired!', Http::STATUS_UNAUTHORIZED);
             }
         }
         $userInfo = \OCA\SingleSignOn\RequestManager::getRequest(\OCA\SingleSignOn\ISingleSignOnRequest::INFO);
         $this->session->logout();
         if (!\OCA\SingleSignOn\Util::login($userInfo, $authInfo)) {
             throw new SecurityException('SSO CORS requires basic auth', Http::STATUS_UNAUTHORIZED);
         }
     }
 }
Ejemplo n.º 3
0
 public function process()
 {
     $ssoUrl = $this->config->getValue("sso_login_url");
     $userInfo = RequestManager::getRequest(ISingleSignOnRequest::INFO);
     $authInfo = AuthInfo::get();
     $userInfo->setup(array("action" => "webLogin"));
     if ($this->unnecessaryAuth($this->request->getRequestUri())) {
         $uri = substr($this->request->getRequestUri(), -1 * strlen($this->config->getValue("sso_admin_login_uri")));
         if ($uri === $this->config->getValue("sso_admin_login_uri") && $this->visitPort != $this->config->getValue("sso_admin_login_port")) {
             Util::redirect($this->defaultPageUrl);
         }
         return;
     }
     if (isset($_GET["logout"]) && $_GET["logout"] == "true") {
         if ($this->config->getValue("sso_global_logout")) {
             RequestManager::send(ISingleSignOnRequest::INVALIDTOKEN, $authInfo);
         }
         \OC_User::logout();
         $template = new \OC_Template("singlesignon", "logout", "guest");
         $template->printPage();
         die;
     }
     if (\OC_User::isLoggedIn() && $this->config->getValue("sso_one_time_password")) {
         return;
     }
     if (\OC_User::isLoggedIn() && !$authInfo) {
         header("HTTP/1.1 " . \OCP\AppFramework\Http::STATUS_UNAUTHORIZED);
         header("Status: " . \OCP\AppFramework\Http::STATUS_UNAUTHORIZED);
         header("WWW-Authenticate: ");
         header("Retry-After: 120");
         $template = new \OC_Template("singlesignon", "unauthorizedActions", "guest");
         $template->printPage();
         die;
     }
     if (\OC_User::isLoggedIn() && (!RequestManager::send(ISingleSignOnRequest::VALIDTOKEN, $authInfo) && !$this->config->getValue("sso_one_time_password"))) {
         header("HTTP/1.1 " . \OCP\AppFramework\Http::STATUS_UNAUTHORIZED);
         header("Status: " . \OCP\AppFramework\Http::STATUS_UNAUTHORIZED);
         header("WWW-Authenticate: ");
         header("Retry-After: 120");
         $template = new \OC_Template("singlesignon", "tokenExpired", "guest");
         $template->printPage();
         die;
     }
     if (!$authInfo || !RequestManager::send(ISingleSignOnRequest::VALIDTOKEN, $authInfo) && !$this->config->getValue("sso_one_time_password")) {
         $url = $this->redirectUrl ? $ssoUrl . $this->config->getValue("sso_return_url_key") . $this->redirectUrl : $ssoUrl;
         Util::redirect($url);
     }
     if (\OC_User::isLoggedIn()) {
         return;
     }
     if (empty($ssoUrl) || !$userInfo->send($authInfo) || !$userInfo->hasPermission()) {
         header("HTTP/1.1 " . \OCP\AppFramework\Http::STATUS_UNAUTHORIZED);
         header("Status: " . \OCP\AppFramework\Http::STATUS_UNAUTHORIZED);
         header("WWW-Authenticate: ");
         header("Retry-After: 120");
         $template = new \OC_Template("singlesignon", "verificationFailure", "guest");
         $template->printPage();
         if ($userInfo->hasErrorMsg()) {
             \OCP\Util::writeLog("Single Sign-On", $userInfo->getErrorMsg(), \OCP\Util::ERROR);
         }
         die;
     }
     if ($this->config->getValue("sso_multiple_region")) {
         Util::redirectRegion($userInfo, $this->config->getValue("sso_regions"), $this->config->getValue("sso_owncloud_url"));
     }
     if (!\OC_User::userExists($userInfo->getUserId())) {
         Util::firstLogin($userInfo, $authInfo);
         if ($this->request->getHeader("ORIGIN")) {
             return;
         }
         Util::redirect($this->defaultPageUrl);
     } else {
         Util::login($userInfo, $authInfo);
         if ($this->request->getHeader("ORIGIN")) {
             return;
         }
         Util::redirect($this->defaultPageUrl);
     }
 }