/**
  * This is being run in normal order before the controller is being
  * called which allows several modifications and checks
  *
  * @param Controller $controller the controller that is being called
  * @param string $methodName the name of the method that will be called on
  *                           the controller
  * @throws SecurityException
  * @since 6.0.0
  */
 public function beforeController($controller, $methodName)
 {
     // ensure that @SSOCORS annotated API routes are not used in conjunction
     // with session authentication since this enables CSRF attack vectors
     if ($this->reflector->hasAnnotation('SSOCORS') && !$this->reflector->hasAnnotation('PublicPage')) {
         $authInfo = AuthInfo::get();
         if (!\OC::$server->getSystemConfig()->getValue("sso_one_time_password")) {
             $tokenVaildator = \OCA\SingleSignOn\RequestManager::send(\OCA\SingleSignOn\ISingleSignOnRequest::VALIDTOKEN, $authInfo);
             if (!$tokenVaildator) {
                 throw new SecurityException('Token expired!', Http::STATUS_UNAUTHORIZED);
             }
         }
         $userInfo = \OCA\SingleSignOn\RequestManager::getRequest(\OCA\SingleSignOn\ISingleSignOnRequest::INFO);
         $this->session->logout();
         if (!\OCA\SingleSignOn\Util::login($userInfo, $authInfo)) {
             throw new SecurityException('SSO CORS requires basic auth', Http::STATUS_UNAUTHORIZED);
         }
     }
 }
示例#2
0
 public static function webDavLogin($userID, $password)
 {
     $config = \OC::$server->getSystemConfig();
     RequestManager::init($config->getValue("sso_portal_url"), $config->getValue("sso_requests"));
     $authInfo = WebDavAuthInfo::get($userID, $password);
     $userInfo = RequestManager::getRequest(ISingleSignOnRequest::INFO);
     $userInfo->setup(array("action" => "webDavLogin"));
     if (!$userInfo->send($authInfo)) {
         return;
     }
     if ($config->getValue("sso_multiple_region")) {
         self::redirectRegion($userInfo, $config->getValue("sso_regions"), $config->getValue("sso_owncloud_url"));
     }
     if (!\OC_User::userExists($userInfo->getUserId())) {
         return self::firstLogin($userInfo, $authInfo);
     }
     if ($authInfo) {
         return self::login($userInfo, $authInfo);
     }
     return false;
 }
 public function process()
 {
     $ssoUrl = $this->config->getValue("sso_login_url");
     $userInfo = RequestManager::getRequest(ISingleSignOnRequest::INFO);
     $authInfo = AuthInfo::get();
     $userInfo->setup(array("action" => "webLogin"));
     if ($this->unnecessaryAuth($this->request->getRequestUri())) {
         $uri = substr($this->request->getRequestUri(), -1 * strlen($this->config->getValue("sso_admin_login_uri")));
         if ($uri === $this->config->getValue("sso_admin_login_uri") && $this->visitPort != $this->config->getValue("sso_admin_login_port")) {
             Util::redirect($this->defaultPageUrl);
         }
         return;
     }
     if (isset($_GET["logout"]) && $_GET["logout"] == "true") {
         if ($this->config->getValue("sso_global_logout")) {
             RequestManager::send(ISingleSignOnRequest::INVALIDTOKEN, $authInfo);
         }
         \OC_User::logout();
         $template = new \OC_Template("singlesignon", "logout", "guest");
         $template->printPage();
         die;
     }
     if (\OC_User::isLoggedIn() && $this->config->getValue("sso_one_time_password")) {
         return;
     }
     if (\OC_User::isLoggedIn() && !$authInfo) {
         header("HTTP/1.1 " . \OCP\AppFramework\Http::STATUS_UNAUTHORIZED);
         header("Status: " . \OCP\AppFramework\Http::STATUS_UNAUTHORIZED);
         header("WWW-Authenticate: ");
         header("Retry-After: 120");
         $template = new \OC_Template("singlesignon", "unauthorizedActions", "guest");
         $template->printPage();
         die;
     }
     if (\OC_User::isLoggedIn() && (!RequestManager::send(ISingleSignOnRequest::VALIDTOKEN, $authInfo) && !$this->config->getValue("sso_one_time_password"))) {
         header("HTTP/1.1 " . \OCP\AppFramework\Http::STATUS_UNAUTHORIZED);
         header("Status: " . \OCP\AppFramework\Http::STATUS_UNAUTHORIZED);
         header("WWW-Authenticate: ");
         header("Retry-After: 120");
         $template = new \OC_Template("singlesignon", "tokenExpired", "guest");
         $template->printPage();
         die;
     }
     if (!$authInfo || !RequestManager::send(ISingleSignOnRequest::VALIDTOKEN, $authInfo) && !$this->config->getValue("sso_one_time_password")) {
         $url = $this->redirectUrl ? $ssoUrl . $this->config->getValue("sso_return_url_key") . $this->redirectUrl : $ssoUrl;
         Util::redirect($url);
     }
     if (\OC_User::isLoggedIn()) {
         return;
     }
     if (empty($ssoUrl) || !$userInfo->send($authInfo) || !$userInfo->hasPermission()) {
         header("HTTP/1.1 " . \OCP\AppFramework\Http::STATUS_UNAUTHORIZED);
         header("Status: " . \OCP\AppFramework\Http::STATUS_UNAUTHORIZED);
         header("WWW-Authenticate: ");
         header("Retry-After: 120");
         $template = new \OC_Template("singlesignon", "verificationFailure", "guest");
         $template->printPage();
         if ($userInfo->hasErrorMsg()) {
             \OCP\Util::writeLog("Single Sign-On", $userInfo->getErrorMsg(), \OCP\Util::ERROR);
         }
         die;
     }
     if ($this->config->getValue("sso_multiple_region")) {
         Util::redirectRegion($userInfo, $this->config->getValue("sso_regions"), $this->config->getValue("sso_owncloud_url"));
     }
     if (!\OC_User::userExists($userInfo->getUserId())) {
         Util::firstLogin($userInfo, $authInfo);
         if ($this->request->getHeader("ORIGIN")) {
             return;
         }
         Util::redirect($this->defaultPageUrl);
     } else {
         Util::login($userInfo, $authInfo);
         if ($this->request->getHeader("ORIGIN")) {
             return;
         }
         Util::redirect($this->defaultPageUrl);
     }
 }