Exemplo n.º 1
0
 /**
  * Authenticates the user based on the current request.
  *
  * If authentication is succesful, true must be returned.
  * If authentication fails, an exception must be thrown.
  *
  * @throws Sabre_DAV_Exception_NotAuthenticated
  * @return bool 
  */
 public function authenticate(Sabre_DAV_Server $server, $realm)
 {
     $digest = new Sabre_HTTP_DigestAuth();
     // Hooking up request and response objects
     $digest->setHTTPRequest($server->httpRequest);
     $digest->setHTTPResponse($server->httpResponse);
     $digest->setRealm($realm);
     $digest->init();
     $username = $digest->getUsername();
     // No username was given
     if (!$username) {
         $digest->requireLogin();
         throw new Sabre_DAV_Exception_NotAuthenticated('No digest authentication headers were found');
     }
     $userData = $this->getUserInfo($realm, $username);
     // If this was false, the user account didn't exist
     if ($userData === false) {
         $digest->requireLogin();
         throw new Sabre_DAV_Exception_NotAuthenticated('The supplied username was not on file');
     }
     if (!is_array($userData)) {
         throw new Sabre_DAV_Exception('The returntype for getUserInfo must be either false or an array');
     }
     if (!isset($userData['uri']) || !isset($userData['digestHash'])) {
         throw new Sabre_DAV_Exception('The returned array from getUserInfo must contain at least a uri and digestHash element');
     }
     // If this was false, the password or part of the hash was incorrect.
     if (!$digest->validateA1($userData['digestHash'])) {
         $digest->requireLogin();
         throw new Sabre_DAV_Exception_NotAuthenticated('Incorrect username');
     }
     $this->currentUser = $userData;
     return true;
 }
 /**
  * Authenticates the user based on the current request.
  *
  * If authentication is successful, true must be returned.
  * If authentication fails, an exception must be thrown.
  *
  * @param Sabre_DAV_Server $server
  * @param string $realm
  * @throws Sabre_DAV_Exception_NotAuthenticated
  * @return bool
  */
 public function authenticate(Sabre_DAV_Server $server, $realm)
 {
     $digest = new Sabre_HTTP_DigestAuth();
     // Hooking up request and response objects
     $digest->setHTTPRequest($server->httpRequest);
     $digest->setHTTPResponse($server->httpResponse);
     $digest->setRealm($realm);
     $digest->init();
     $username = $digest->getUsername();
     // No username was given
     if (!$username) {
         $digest->requireLogin();
         throw new Sabre_DAV_Exception_NotAuthenticated('No digest authentication headers were found');
     }
     $hash = $this->getDigestHash($realm, $username);
     // If this was false, the user account didn't exist
     if ($hash === false || is_null($hash)) {
         $digest->requireLogin();
         throw new Sabre_DAV_Exception_NotAuthenticated('The supplied username was not on file');
     }
     if (!is_string($hash)) {
         throw new Sabre_DAV_Exception('The returned value from getDigestHash must be a string or null');
     }
     // If this was false, the password or part of the hash was incorrect.
     if (!$digest->validateA1($hash)) {
         $digest->requireLogin();
         throw new Sabre_DAV_Exception_NotAuthenticated('Incorrect username');
     }
     $this->currentUser = $username;
     return true;
 }
Exemplo n.º 3
0
 /**
  * @static
  * @throws Exception
  * @return User
  */
 public static function authenticateDigest()
 {
     // the following is a fix for Basic Auth in an FastCGI Environment
     if (isset($_SERVER['Authorization']) && !empty($_SERVER['Authorization'])) {
         $parts = explode(" ", $_SERVER['Authorization']);
         $type = array_shift($parts);
         $cred = implode(" ", $parts);
         if ($type == 'Digest') {
             $_SERVER["PHP_AUTH_DIGEST"] = $cred;
         }
     }
     // only digest auth is supported anymore
     try {
         $auth = new Sabre_HTTP_DigestAuth();
         $auth->setRealm("pimcore");
         $auth->init();
         if ($user = User::getByName($auth->getUsername())) {
             if (!$user->isAdmin()) {
                 throw new Exception("Only admins can access WebDAV");
             }
             if ($auth->validateA1($user->getPassword())) {
                 return $user;
             }
         }
         throw new Exception("Authentication required");
     } catch (Exception $e) {
         $auth->requireLogin();
         echo "Authentication required\n";
         die;
     }
 }
Exemplo n.º 4
0
 /**
  * This method is called before any HTTP method and forces users to be authenticated
  * 
  * @param string $method
  * @throws Sabre_DAV_Exception_NotAuthenticated
  * @return bool 
  */
 public function beforeMethod($method)
 {
     $digest = new Sabre_HTTP_DigestAuth();
     // Hooking up request and response objects
     $digest->setHTTPRequest($this->server->httpRequest);
     $digest->setHTTPResponse($this->server->httpResponse);
     $digest->setRealm($this->realm);
     $digest->init();
     $username = $digest->getUsername();
     // No username was given
     if (!$username) {
         $digest->requireLogin();
         throw new Sabre_DAV_Exception_NotAuthenticated('No digest authentication headers were found');
     }
     // Now checking the backend for the A1 hash
     $A1 = $this->authBackend->getDigestHash($username);
     // If this was false, the user account didn't exist
     if (!$A1) {
         $digest->requireLogin();
         throw new Sabre_DAV_Exception_NotAuthenticated('The supplied username was not on file');
     }
     // If this was false, the password or part of the hash was incorrect.
     if (!$digest->validateA1($A1)) {
         $digest->requireLogin();
         throw new Sabre_DAV_Exception_NotAuthenticated('Incorrect username');
     }
     $this->userName = $username;
     $this->userId = $this->authBackend->getUserId($username);
     // Eventhooks must return true to continue processing
     return true;
 }
Exemplo n.º 5
0
 public function process()
 {
     // initialize authentication
     $auth = new Sabre_HTTP_DigestAuth();
     $auth->setRealm($this->app->config->site->auth_realm);
     $auth->init();
     // authenticate and get correct user
     $email = $auth->getUsername();
     $class_name = SwatDBClassMap::get('PinholeAdminUser');
     $user = new $class_name();
     $user->setDatabase($this->app->db);
     if (!$user->loadFromEmail($email) || !$auth->validateA1($user->digest_ha1)) {
         $auth->requireLogin();
         echo Pinhole::_('Authentication required') . "\n";
         exit;
     }
     // create directory for account and object tree for dav server
     $root = new PinholeDavDirectory($this->app, $user);
     $tree = new Sabre_DAV_ObjectTree($root);
     // create server
     $server = new Sabre_DAV_Server($tree);
     $server->setBaseUri($this->getDavBaseUri());
     // don't save temp files in the database
     $tempFilePlugin = new Sabre_DAV_TemporaryFileFilterPlugin($this->getDataDir('dav/temp'));
     $server->addPlugin($tempFilePlugin);
     // set up lock plugin
     $lockBackend = new Sabre_DAV_Locks_Backend_FS($this->getDataDir('dav/locks'));
     $lockPlugin = new Sabre_DAV_Locks_Plugin($lockBackend);
     $server->addPlugin($lockPlugin);
     // also allow regular web browsing
     $browserPlugin = new Sabre_DAV_Browser_Plugin(false);
     $server->addPlugin($browserPlugin);
     // serve it up!
     $server->exec();
 }
 private function getServerTokens($qop = Sabre_HTTP_DigestAuth::QOP_AUTH)
 {
     $this->auth->requireLogin();
     switch ($qop) {
         case Sabre_HTTP_DigestAuth::QOP_AUTH:
             $qopstr = 'auth';
             break;
         case Sabre_HTTP_DigestAuth::QOP_AUTHINT:
             $qopstr = 'auth-int';
             break;
         default:
             $qopstr = 'auth,auth-int';
             break;
     }
     $test = preg_match('/Digest realm="' . self::REALM . '",qop="' . $qopstr . '",nonce="([0-9a-f]*)",opaque="([0-9a-f]*)"/', $this->response->headers['WWW-Authenticate'], $matches);
     $this->assertTrue($test == true, 'The WWW-Authenticate response didn\'t match our pattern. We received: ' . $this->response->headers['WWW-Authenticate']);
     $nonce = $matches[1];
     $opaque = $matches[2];
     // Reset our environment
     $this->setUp();
     $this->auth->setQOP($qop);
     return array($nonce, $opaque);
 }
Exemplo n.º 7
0
        $identities = $response['Identities'];
        foreach ($identities as $identity) {
            if ($identity['Type'] === 'a1hash' && $identity['Enabled']) {
                $userID = $identity['UserID'];
                return $identity['Credential'];
            }
        }
        // User or WebDAV identity not found
        return null;
    }
    log_message('error', "Error fetching identities for user '{$userName}': " . $response['Message']);
    return null;
}
// Initialize WebDAV authentication
$realm = 'Inventory';
$auth = new Sabre_HTTP_DigestAuth();
$auth->setRealm($realm);
$auth->init();
$userID = null;
$userName = $auth->getUsername();
// Lookup the WebDAV ("a1hash") identity for the given username
$hash = get_a1_hash($userName, $userID);
// Check if the lookup was successful and that the credentials match
if (!$hash || !$auth->validateA1($hash)) {
    log_message('info', "WebDAV Authentication failed for user '{$userName}' requesting " . $_SERVER['REQUEST_URI']);
    $auth->requireLogin();
    echo "Authentication required\n";
    exit;
}
// Construct the WebDAV tree and server objects
$rootDirectory = new RootDirectory($userID);
Exemplo n.º 8
0
     if (!$user) {
         Logging::logDebug("DAV authentication failure");
         $auth->requireLogin();
         echo "Authentication required\n";
         die;
     }
     $userAuth = $env->configuration()->getUserAuth($user["id"]);
     if (!$env->passwordHash()->isEqual($result[1], $userAuth["hash"], $userAuth["salt"])) {
         Logging::logDebug("DAV authentication failure");
         $auth->requireLogin();
         echo "Authentication required\n";
         die;
     }
     $env->authentication()->setAuth($user, "pw");
 } else {
     $auth = new Sabre_HTTP_DigestAuth();
     $auth->setRealm($env->authentication()->realm());
     $auth->init();
     $username = $auth->getUserName();
     if (!$username) {
         Logging::logDebug("DAV digest authentication missing");
         $auth->requireLogin();
         echo "Authentication required\n";
         die;
     }
     $user = $env->configuration()->getUserByNameOrEmail($username);
     if (!$user) {
         Logging::logDebug("DAV digest authentication failure");
         $auth->requireLogin();
         echo "Authentication required\n";
         die;
Exemplo n.º 9
0
<?php

// !!!! Make sure the Sabre directory is in the include_path !!!
// example:
// set_include_path('lib/' . PATH_SEPARATOR . get_include_path());
// settings
date_default_timezone_set('Canada/Eastern');
// Files we need
require_once 'Sabre/autoload.php';
$u = 'admin';
$p = '1234';
$auth = new Sabre_HTTP_DigestAuth();
$auth->init();
if ($auth->getUsername() != $u || !$auth->validatePassword($p)) {
    $auth->requireLogin();
    echo "Authentication required\n";
    die;
}
Exemplo n.º 10
0
<?php

require_once '../lib/Sabre/autoload.php';
$rootdir = new Sabre_DAV_FS_Directory('../source');
$server = new Sabre_DAV_Server($rootdir);
$lock_backend = new Sabre_DAV_Locks_Backend_File('../locks/');
$lock_plugin = new Sabre_DAV_Locks_Plugin($lock_backend);
$server->addPlugin($lock_plugin);
$browser_plugin = new Sabre_DAV_Browser_Plugin();
$server->addPlugin($browser_plugin);
$user = '******';
$pass = '******';
$auth = new Sabre_HTTP_DigestAuth();
$auth->init();
if ($auth->getUsername() == $user && $auth->validatePassword($pass)) {
    $server->exec();
} else {
    $auth->requireLogin();
    echo "Authentication required!\n";
    die;
}
Exemplo n.º 11
0
    }
}
// The rootNode needs to be passed to the server object.
$server = new Sabre_DAV_Server();
$server->setBaseUri($baseUri);
// Support for LOCK and UNLOCK
$lockBackend = new Sabre_DAV_Locks_Backend_File($tmpDir . '/locksdb');
$lockPlugin = new Sabre_DAV_Locks_Plugin($lockBackend);
$server->addPlugin($lockPlugin);
// Automatically guess (some) contenttypes, based on extesion
$server->addPlugin(new Sabre_DAV_Browser_GuessContentType());
$server->addPlugin(new Sabre_DAV_Browser_Plugin());
// Authentication backend
//$authBackend = new Sabre_DAV_Auth_Backend_File('.htdigest');
$authBackend = new Sabre_DAV_Auth_Backend_PDO($pdo);
$auth = new Sabre_DAV_Auth_Plugin($authBackend, 'SabreDAV');
$server->addPlugin($auth);
$digest = new Sabre_HTTP_DigestAuth();
// Hooking up request and response objects
$digest->setHTTPRequest($server->httpRequest);
$digest->setHTTPResponse($server->httpResponse);
$digest->setRealm('SabreDAV');
$digest->init();
$user = $digest->getUsername();
$rootNode = new MyCollection($publicDir, $pdo, $user);
$server->tree = new Sabre_DAV_ObjectTree($rootNode);
// Temporary file filter
$tempFF = new Sabre_DAV_TemporaryFileFilterPlugin($tmpDir);
$server->addPlugin($tempFF);
// And off we go!
$server->exec();