/**
* Validates a username and password
*
* This method should return true or false depending on if login
* succeeded.
*
* @param string $username
* @param string $password
*
* @return bool
* @throws \Sabre\DAV\Exception\NotAuthenticated
*/
protected function validateUserPass($username, $password)
{
try {
$share = $this->shareManager->getShareByToken($username);
} catch (ShareNotFound $e) {
return false;
}
$this->share = $share;
\OC_User::setIncognitoMode(true);
// check if the share is password protected
if ($share->getPassword() !== null) {
if ($share->getShareType() === \OCP\Share::SHARE_TYPE_LINK) {
if ($this->shareManager->checkPassword($share, $password)) {
return true;
} else {
if ($this->session->exists('public_link_authenticated') && $this->session->get('public_link_authenticated') === $share->getId()) {
return true;
} else {
if (in_array('XMLHttpRequest', explode(',', $this->request->getHeader('X-Requested-With')))) {
// do not re-authenticate over ajax, use dummy auth name to prevent browser popup
http_response_code(401);
header('WWW-Authenticate', 'DummyBasic real="ownCloud"');
throw new \Sabre\DAV\Exception\NotAuthenticated('Cannot authenticate over ajax calls');
}
return false;
}
}
} else {
if ($share->getShareType() === \OCP\Share::SHARE_TYPE_REMOTE) {
return true;
} else {
return false;
}
}
} else {
return true;
}
}
/**
* Validates the given password
*
* @fixme @LukasReschke says: Migrate old hashes to new hash format
* Due to the fact that there is no reasonable functionality to update the password
* of an existing share no migration is yet performed there.
* The only possibility is to update the existing share which will result in a new
* share ID and is a major hack.
*
* In the future the migration should be performed once there is a proper method
* to update the share's password. (for example `$share->updatePassword($password)`
*
* @link https://github.com/owncloud/core/issues/10671
*
* @param IShare $share
* @param string $password
*
* @throws CheckException
*/
private function checkPassword($share, $password)
{
$newHash = '';
if ($this->shareManager->checkPassword($share, $password)) {
// Save item id in session for future requests
$this->session->set('public_link_authenticated', (string) $share->getId());
// @codeCoverageIgnoreStart
if (!empty($newHash)) {
// For future use
}
// @codeCoverageIgnoreEnd
} else {
throw new CheckException("Wrong password", Http::STATUS_UNAUTHORIZED);
}
}
/**
* Authenticate a link item with the given password.
* Or use the session if no password is provided.
*
* This is a modified version of Helper::authenticate
* TODO: Try to merge back eventually with Helper::authenticate
*
* @param \OCP\Share\IShare $share
* @param string|null $password
* @return bool
*/
private function linkShareAuth(\OCP\Share\IShare $share, $password = null)
{
if ($password !== null) {
if ($this->shareManager->checkPassword($share, $password)) {
$this->session->set('public_link_authenticated', (string) $share->getId());
} else {
$this->emitAccessShareHook($share, 403, 'Wrong password');
return false;
}
} else {
// not authenticated ?
if (!$this->session->exists('public_link_authenticated') || $this->session->get('public_link_authenticated') !== (string) $share->getId()) {
return false;
}
}
return true;
}
