/** * Override function here. We want to cache authentication cookies * in the syncing client to avoid HTTP-401 roundtrips. * If the sync client supplies the cookies, then OC_User::isLoggedIn() * will return true and we can see this WebDAV request as already authenticated, * even if there are no HTTP Basic Auth headers. * In other case, just fallback to the parent implementation. * * @return bool */ public function authenticate(Sabre_DAV_Server $server, $realm) { if (OC_User::handleApacheAuth() || OC_User::isLoggedIn()) { $user = OC_User::getUser(); OC_Util::setupFS($user); $this->currentUser = $user; return true; } return parent::authenticate($server, $realm); }
/** * @param \Sabre\DAV\Server $server * @param $realm * @return bool */ private function auth(\Sabre\DAV\Server $server, $realm) { if (OC_User::handleApacheAuth() || OC_User::isLoggedIn() && is_null(\OC::$server->getSession()->get(self::DAV_AUTHENTICATED))) { $user = OC_User::getUser(); OC_Util::setupFS($user); $this->currentUser = $user; \OC::$server->getSession()->close(); return true; } return parent::authenticate($server, $realm); }
/** * Try to login a user via HTTP authentication * @return bool|void */ protected static function tryApacheAuth() { $return = OC_User::handleApacheAuth(); // if return is true we are logged in -> redirect to the default page if ($return === true) { $_REQUEST['redirect_url'] = \OC::$server->getRequest()->getRequestUri(); OC_Util::redirectToDefaultPage(); exit; } // in case $return is null apache based auth is not enabled return is_null($return) ? false : true; }
/** * @param RequestInterface $request * @param ResponseInterface $response * @return array */ private function auth(RequestInterface $request, ResponseInterface $response) { if (\OC_User::handleApacheAuth() || $this->userSession->isLoggedIn() && is_null($this->session->get(self::DAV_AUTHENTICATED)) || $this->userSession->isLoggedIn() && $this->session->get(self::DAV_AUTHENTICATED) === $this->userSession->getUser()->getUID() && $request->getHeader('Authorization') === null) { $user = $this->userSession->getUser()->getUID(); \OC_Util::setupFS($user); $this->currentUser = $user; $this->session->close(); return [true, $this->principalPrefix . $user]; } if (!$this->userSession->isLoggedIn() && in_array('XMLHttpRequest', explode(',', $request->getHeader('X-Requested-With')))) { // do not re-authenticate over ajax, use dummy auth name to prevent browser popup $response->addHeader('WWW-Authenticate', 'DummyBasic realm="' . $this->realm . '"'); $response->setStatus(401); throw new \Sabre\DAV\Exception\NotAuthenticated('Cannot authenticate over ajax calls'); } return parent::check($request, $response); }
/** * @param RequestInterface $request * @param ResponseInterface $response * @return array * @throws NotAuthenticated */ private function auth(RequestInterface $request, ResponseInterface $response) { $forcedLogout = false; if (!$this->request->passesCSRFCheck() && $this->requiresCSRFCheck()) { // In case of a fail with POST we need to recheck the credentials if ($this->request->getMethod() === 'POST') { $forcedLogout = true; } else { $response->setStatus(401); throw new \Sabre\DAV\Exception\NotAuthenticated('CSRF check not passed.'); } } if ($forcedLogout) { $this->userSession->logout(); } else { if ($this->twoFactorManager->needsSecondFactor()) { throw new \Sabre\DAV\Exception\NotAuthenticated('2FA challenge not passed.'); } if (\OC_User::handleApacheAuth() || $this->userSession->isLoggedIn() && is_null($this->session->get(self::DAV_AUTHENTICATED)) || $this->userSession->isLoggedIn() && $this->session->get(self::DAV_AUTHENTICATED) === $this->userSession->getUser()->getUID() && $request->getHeader('Authorization') === null) { $user = $this->userSession->getUser()->getUID(); \OC_Util::setupFS($user); $this->currentUser = $user; $this->session->close(); return [true, $this->principalPrefix . $user]; } } if (!$this->userSession->isLoggedIn() && in_array('XMLHttpRequest', explode(',', $request->getHeader('X-Requested-With')))) { // do not re-authenticate over ajax, use dummy auth name to prevent browser popup $response->addHeader('WWW-Authenticate', 'DummyBasic realm="' . $this->realm . '"'); $response->setStatus(401); throw new \Sabre\DAV\Exception\NotAuthenticated('Cannot authenticate over ajax calls'); } $data = parent::check($request, $response); if ($data[0] === true) { $startPos = strrpos($data[1], '/') + 1; $user = $this->userSession->getUser()->getUID(); $data[1] = substr_replace($data[1], $user, $startPos); } return $data; }
/** * Check login: apache auth, auth token, basic auth * * @param OCP\IRequest $request * @return boolean */ private static function handleLogin(OCP\IRequest $request) { $userSession = self::$server->getUserSession(); if (OC_User::handleApacheAuth()) { return true; } if ($userSession->tryTokenLogin($request)) { return true; } if ($userSession->tryBasicAuthLogin($request)) { return true; } return false; }
/** * @param \Sabre\DAV\Server $server * @param string $realm * @return bool */ private function auth(\Sabre\DAV\Server $server, $realm) { if (\OC_User::handleApacheAuth() || $this->userSession->isLoggedIn() && is_null($this->session->get(self::DAV_AUTHENTICATED))) { $user = $this->userSession->getUser()->getUID(); \OC_Util::setupFS($user); $this->currentUser = $user; $this->session->close(); return true; } if ($server->httpRequest->getHeader('X-Requested-With') === 'XMLHttpRequest') { // do not re-authenticate over ajax, use dummy auth name to prevent browser popup $server->httpResponse->addHeader('WWW-Authenticate', 'DummyBasic realm="' . $realm . '"'); $server->httpResponse->setStatus(401); throw new \Sabre\DAV\Exception\NotAuthenticated('Cannot authenticate over ajax calls'); } return parent::authenticate($server, $realm); }
/** * @param \Sabre\DAV\Server $server * @param $realm * @return bool */ private function auth(\Sabre\DAV\Server $server, $realm) { if (\OC_User::handleApacheAuth() || //Fix for broken webdav clients (\OC_User::isLoggedIn() && is_null(\OC::$server->getSession()->get(self::DAV_AUTHENTICATED))) || //Well behaved clients that only send the cookie are allowed (\OC_User::isLoggedIn() && \OC::$server->getSession()->get(self::DAV_AUTHENTICATED) === \OC_User::getUser()) ) { $user = \OC_User::getUser(); \OC_Util::setupFS($user); $this->currentUser = $user; \OC::$server->getSession()->close(); return true; } return parent::authenticate($server, $realm); }