/** * Makes sure the user is already properly authenticated when a password is required and none * was provided * * @param IShare $share * * @throws CheckException */ private function checkSession($share) { // Not authenticated ? if (!$this->session->exists('public_link_authenticated') || $this->session->get('public_link_authenticated') !== (string) $share->getId()) { throw new CheckException("Missing password", Http::STATUS_UNAUTHORIZED); } }
/** * Get the timezone of the current user, based on his session information and config data * * @param bool|int $timestamp * @return \DateTimeZone */ public function getTimeZone($timestamp = false) { $timeZone = $this->config->getUserValue($this->session->get('user_id'), 'core', 'timezone', null); if ($timeZone === null) { if ($this->session->exists('timezone')) { return $this->guessTimeZoneFromOffset($this->session->get('timezone'), $timestamp); } $timeZone = $this->getDefaultTimeZone(); } try { return new \DateTimeZone($timeZone); } catch (\Exception $e) { \OCP\Util::writeLog('datetimezone', 'Failed to created DateTimeZone "' . $timeZone . "'", \OCP\Util::DEBUG); return new \DateTimeZone($this->getDefaultTimeZone()); } }
/** * Makes sure the user is already properly authenticated when a password is required and none * was provided * * @param array|bool $linkItem * * @throws CheckException */ private function checkSession($linkItem) { // Not authenticated ? if (!$this->session->exists('public_link_authenticated') || $this->session->get('public_link_authenticated') !== $linkItem['id']) { throw new CheckException("Missing password", Http::STATUS_UNAUTHORIZED); } }
/** * Get the timezone of the current user, based on his session information and config data * * @return \DateTimeZone */ public function getTimeZone() { $timeZone = $this->config->getUserValue($this->session->get('user_id'), 'core', 'timezone', null); if ($timeZone === null) { if ($this->session->exists('timezone')) { $offsetHours = $this->session->get('timezone'); // Note: the timeZone name is the inverse to the offset, // so a positive offset means negative timeZone // and the other way around. if ($offsetHours > 0) { return new \DateTimeZone('Etc/GMT-' . $offsetHours); } else { return new \DateTimeZone('Etc/GMT+' . abs($offsetHours)); } } else { return new \DateTimeZone('UTC'); } } return new \DateTimeZone($timeZone); }
/** * Validates a username and password * * This method should return true or false depending on if login * succeeded. * * @param string $username * @param string $password * * @return bool * @throws \Sabre\DAV\Exception\NotAuthenticated */ protected function validateUserPass($username, $password) { try { $share = $this->shareManager->getShareByToken($username); } catch (ShareNotFound $e) { return false; } $this->share = $share; \OC_User::setIncognitoMode(true); // check if the share is password protected if ($share->getPassword() !== null) { if ($share->getShareType() === \OCP\Share::SHARE_TYPE_LINK) { if ($this->shareManager->checkPassword($share, $password)) { return true; } else { if ($this->session->exists('public_link_authenticated') && $this->session->get('public_link_authenticated') === $share->getId()) { return true; } else { if (in_array('XMLHttpRequest', explode(',', $this->request->getHeader('X-Requested-With')))) { // do not re-authenticate over ajax, use dummy auth name to prevent browser popup http_response_code(401); header('WWW-Authenticate', 'DummyBasic real="ownCloud"'); throw new \Sabre\DAV\Exception\NotAuthenticated('Cannot authenticate over ajax calls'); } return false; } } } else { if ($share->getShareType() === \OCP\Share::SHARE_TYPE_REMOTE) { return true; } else { return false; } } } else { return true; } }
/** * Authenticate a link item with the given password. * Or use the session if no password is provided. * * This is a modified version of Helper::authenticate * TODO: Try to merge back eventually with Helper::authenticate * * @param \OCP\Share\IShare $share * @param string|null $password * @return bool */ private function linkShareAuth(\OCP\Share\IShare $share, $password = null) { if ($password !== null) { if ($this->shareManager->checkPassword($share, $password)) { $this->session->set('public_link_authenticated', (string) $share->getId()); } else { return false; } } else { // not authenticated ? if (!$this->session->exists('public_link_authenticated') || $this->session->get('public_link_authenticated') !== (string) $share->getId()) { return false; } } return true; }
/** * @NoAdminRequired * @NoCSRFRequired * @UseSession * * @param string $challengeProviderId * @param string $redirect_url * @return TemplateResponse */ public function showChallenge($challengeProviderId, $redirect_url) { $user = $this->userSession->getUser(); $provider = $this->twoFactorManager->getProvider($user, $challengeProviderId); if (is_null($provider)) { return new RedirectResponse($this->urlGenerator->linkToRoute('core.TwoFactorChallenge.selectChallenge')); } if ($this->session->exists('two_factor_auth_error')) { $this->session->remove('two_factor_auth_error'); $error = true; } else { $error = false; } $tmpl = $provider->getTemplate($user); $tmpl->assign('redirect_url', $redirect_url); $data = ['error' => $error, 'provider' => $provider, 'logout_attribute' => $this->getLogoutAttribute(), 'template' => $tmpl->fetchPage()]; return new TemplateResponse($this->appName, 'twofactorshowchallenge', $data, 'guest'); }
/** * Whether the storage has a storage. * * @return bool */ public function hasToken() { return $this->session->exists('requesttoken'); }
/** * Check if the currently logged in user needs to pass 2FA * * @return boolean */ public function needsSecondFactor() { return $this->session->exists(self::SESSION_UID_KEY); }
/** * Check if a named key exists in the session * * @param string $key * @return bool */ public function exists($key) { return $this->session->exists($key); }