/**
* Makes sure the user is already properly authenticated when a password is required and none
* was provided
*
* @param IShare $share
*
* @throws CheckException
*/
private function checkSession($share)
{
// Not authenticated ?
if (!$this->session->exists('public_link_authenticated') || $this->session->get('public_link_authenticated') !== (string) $share->getId()) {
throw new CheckException("Missing password", Http::STATUS_UNAUTHORIZED);
}
}
/**
* Get the timezone of the current user, based on his session information and config data
*
* @param bool|int $timestamp
* @return \DateTimeZone
*/
public function getTimeZone($timestamp = false)
{
$timeZone = $this->config->getUserValue($this->session->get('user_id'), 'core', 'timezone', null);
if ($timeZone === null) {
if ($this->session->exists('timezone')) {
return $this->guessTimeZoneFromOffset($this->session->get('timezone'), $timestamp);
}
$timeZone = $this->getDefaultTimeZone();
}
try {
return new \DateTimeZone($timeZone);
} catch (\Exception $e) {
\OCP\Util::writeLog('datetimezone', 'Failed to created DateTimeZone "' . $timeZone . "'", \OCP\Util::DEBUG);
return new \DateTimeZone($this->getDefaultTimeZone());
}
}
/**
* Makes sure the user is already properly authenticated when a password is required and none
* was provided
*
* @param array|bool $linkItem
*
* @throws CheckException
*/
private function checkSession($linkItem)
{
// Not authenticated ?
if (!$this->session->exists('public_link_authenticated') || $this->session->get('public_link_authenticated') !== $linkItem['id']) {
throw new CheckException("Missing password", Http::STATUS_UNAUTHORIZED);
}
}
/**
* Get the timezone of the current user, based on his session information and config data
*
* @return \DateTimeZone
*/
public function getTimeZone()
{
$timeZone = $this->config->getUserValue($this->session->get('user_id'), 'core', 'timezone', null);
if ($timeZone === null) {
if ($this->session->exists('timezone')) {
$offsetHours = $this->session->get('timezone');
// Note: the timeZone name is the inverse to the offset,
// so a positive offset means negative timeZone
// and the other way around.
if ($offsetHours > 0) {
return new \DateTimeZone('Etc/GMT-' . $offsetHours);
} else {
return new \DateTimeZone('Etc/GMT+' . abs($offsetHours));
}
} else {
return new \DateTimeZone('UTC');
}
}
return new \DateTimeZone($timeZone);
}
/**
* Validates a username and password
*
* This method should return true or false depending on if login
* succeeded.
*
* @param string $username
* @param string $password
*
* @return bool
* @throws \Sabre\DAV\Exception\NotAuthenticated
*/
protected function validateUserPass($username, $password)
{
try {
$share = $this->shareManager->getShareByToken($username);
} catch (ShareNotFound $e) {
return false;
}
$this->share = $share;
\OC_User::setIncognitoMode(true);
// check if the share is password protected
if ($share->getPassword() !== null) {
if ($share->getShareType() === \OCP\Share::SHARE_TYPE_LINK) {
if ($this->shareManager->checkPassword($share, $password)) {
return true;
} else {
if ($this->session->exists('public_link_authenticated') && $this->session->get('public_link_authenticated') === $share->getId()) {
return true;
} else {
if (in_array('XMLHttpRequest', explode(',', $this->request->getHeader('X-Requested-With')))) {
// do not re-authenticate over ajax, use dummy auth name to prevent browser popup
http_response_code(401);
header('WWW-Authenticate', 'DummyBasic real="ownCloud"');
throw new \Sabre\DAV\Exception\NotAuthenticated('Cannot authenticate over ajax calls');
}
return false;
}
}
} else {
if ($share->getShareType() === \OCP\Share::SHARE_TYPE_REMOTE) {
return true;
} else {
return false;
}
}
} else {
return true;
}
}
/**
* Authenticate a link item with the given password.
* Or use the session if no password is provided.
*
* This is a modified version of Helper::authenticate
* TODO: Try to merge back eventually with Helper::authenticate
*
* @param \OCP\Share\IShare $share
* @param string|null $password
* @return bool
*/
private function linkShareAuth(\OCP\Share\IShare $share, $password = null)
{
if ($password !== null) {
if ($this->shareManager->checkPassword($share, $password)) {
$this->session->set('public_link_authenticated', (string) $share->getId());
} else {
return false;
}
} else {
// not authenticated ?
if (!$this->session->exists('public_link_authenticated') || $this->session->get('public_link_authenticated') !== (string) $share->getId()) {
return false;
}
}
return true;
}
/**
* @NoAdminRequired
* @NoCSRFRequired
* @UseSession
*
* @param string $challengeProviderId
* @param string $redirect_url
* @return TemplateResponse
*/
public function showChallenge($challengeProviderId, $redirect_url)
{
$user = $this->userSession->getUser();
$provider = $this->twoFactorManager->getProvider($user, $challengeProviderId);
if (is_null($provider)) {
return new RedirectResponse($this->urlGenerator->linkToRoute('core.TwoFactorChallenge.selectChallenge'));
}
if ($this->session->exists('two_factor_auth_error')) {
$this->session->remove('two_factor_auth_error');
$error = true;
} else {
$error = false;
}
$tmpl = $provider->getTemplate($user);
$tmpl->assign('redirect_url', $redirect_url);
$data = ['error' => $error, 'provider' => $provider, 'logout_attribute' => $this->getLogoutAttribute(), 'template' => $tmpl->fetchPage()];
return new TemplateResponse($this->appName, 'twofactorshowchallenge', $data, 'guest');
}
/**
* Whether the storage has a storage.
*
* @return bool
*/
public function hasToken()
{
return $this->session->exists('requesttoken');
}
/**
* Check if the currently logged in user needs to pass 2FA
*
* @return boolean
*/
public function needsSecondFactor()
{
return $this->session->exists(self::SESSION_UID_KEY);
}
/**
* Check if a named key exists in the session
*
* @param string $key
* @return bool
*/
public function exists($key)
{
return $this->session->exists($key);
}
