nextcloud /
server
@@ -24,82 +24,82 @@ |
||
| 24 | 24 | * Username and password from login credentials, saved in DB |
| 25 | 25 | */ |
| 26 | 26 | class LoginCredentials extends AuthMechanism { |
| 27 | - public const CREDENTIALS_IDENTIFIER = 'password::logincredentials/credentials'; |
|
| 27 | + public const CREDENTIALS_IDENTIFIER = 'password::logincredentials/credentials'; |
|
| 28 | 28 | |
| 29 | - public function __construct( |
|
| 30 | - IL10N $l, |
|
| 31 | - protected ISession $session, |
|
| 32 | - protected ICredentialsManager $credentialsManager, |
|
| 33 | - private CredentialsStore $credentialsStore, |
|
| 34 | - private ILDAPProviderFactory $ldapFactory, |
|
| 35 | - ) { |
|
| 36 | - $this |
|
| 37 | - ->setIdentifier('password::logincredentials') |
|
| 38 | - ->setScheme(self::SCHEME_PASSWORD) |
|
| 39 | - ->setText($l->t('Log-in credentials, save in database')) |
|
| 40 | - ->addParameters([ |
|
| 41 | - (new DefinitionParameter('password', $l->t('Password'))) |
|
| 42 | - ->setType(DefinitionParameter::VALUE_PASSWORD) |
|
| 43 | - ->setFlag(DefinitionParameter::FLAG_HIDDEN) |
|
| 44 | - ->setFlag(DefinitionParameter::FLAG_OPTIONAL), |
|
| 45 | - ]); |
|
| 46 | - } |
|
| 29 | + public function __construct( |
|
| 30 | + IL10N $l, |
|
| 31 | + protected ISession $session, |
|
| 32 | + protected ICredentialsManager $credentialsManager, |
|
| 33 | + private CredentialsStore $credentialsStore, |
|
| 34 | + private ILDAPProviderFactory $ldapFactory, |
|
| 35 | + ) { |
|
| 36 | + $this |
|
| 37 | + ->setIdentifier('password::logincredentials') |
|
| 38 | + ->setScheme(self::SCHEME_PASSWORD) |
|
| 39 | + ->setText($l->t('Log-in credentials, save in database')) |
|
| 40 | + ->addParameters([ |
|
| 41 | + (new DefinitionParameter('password', $l->t('Password'))) |
|
| 42 | + ->setType(DefinitionParameter::VALUE_PASSWORD) |
|
| 43 | + ->setFlag(DefinitionParameter::FLAG_HIDDEN) |
|
| 44 | + ->setFlag(DefinitionParameter::FLAG_OPTIONAL), |
|
| 45 | + ]); |
|
| 46 | + } |
|
| 47 | 47 | |
| 48 | - private function getCredentials(IUser $user): array { |
|
| 49 | - $credentials = $this->credentialsManager->retrieve($user->getUID(), self::CREDENTIALS_IDENTIFIER); |
|
| 48 | + private function getCredentials(IUser $user): array { |
|
| 49 | + $credentials = $this->credentialsManager->retrieve($user->getUID(), self::CREDENTIALS_IDENTIFIER); |
|
| 50 | 50 | |
| 51 | - if (is_null($credentials)) { |
|
| 52 | - // nothing saved in db, try to get it from the session and save it |
|
| 53 | - try { |
|
| 54 | - $sessionCredentials = $this->credentialsStore->getLoginCredentials(); |
|
| 51 | + if (is_null($credentials)) { |
|
| 52 | + // nothing saved in db, try to get it from the session and save it |
|
| 53 | + try { |
|
| 54 | + $sessionCredentials = $this->credentialsStore->getLoginCredentials(); |
|
| 55 | 55 | |
| 56 | - if ($sessionCredentials->getUID() !== $user->getUID()) { |
|
| 57 | - // Can't take the credentials from the session as they are not the same user |
|
| 58 | - throw new CredentialsUnavailableException(); |
|
| 59 | - } |
|
| 56 | + if ($sessionCredentials->getUID() !== $user->getUID()) { |
|
| 57 | + // Can't take the credentials from the session as they are not the same user |
|
| 58 | + throw new CredentialsUnavailableException(); |
|
| 59 | + } |
|
| 60 | 60 | |
| 61 | - $credentials = [ |
|
| 62 | - 'user' => $sessionCredentials->getLoginName(), |
|
| 63 | - 'password' => $sessionCredentials->getPassword(), |
|
| 64 | - ]; |
|
| 61 | + $credentials = [ |
|
| 62 | + 'user' => $sessionCredentials->getLoginName(), |
|
| 63 | + 'password' => $sessionCredentials->getPassword(), |
|
| 64 | + ]; |
|
| 65 | 65 | |
| 66 | - $this->credentialsManager->store($user->getUID(), self::CREDENTIALS_IDENTIFIER, $credentials); |
|
| 67 | - } catch (CredentialsUnavailableException $e) { |
|
| 68 | - throw new InsufficientDataForMeaningfulAnswerException('No login credentials saved'); |
|
| 69 | - } |
|
| 70 | - } |
|
| 66 | + $this->credentialsManager->store($user->getUID(), self::CREDENTIALS_IDENTIFIER, $credentials); |
|
| 67 | + } catch (CredentialsUnavailableException $e) { |
|
| 68 | + throw new InsufficientDataForMeaningfulAnswerException('No login credentials saved'); |
|
| 69 | + } |
|
| 70 | + } |
|
| 71 | 71 | |
| 72 | - return $credentials; |
|
| 73 | - } |
|
| 72 | + return $credentials; |
|
| 73 | + } |
|
| 74 | 74 | |
| 75 | - /** |
|
| 76 | - * @return void |
|
| 77 | - */ |
|
| 78 | - public function manipulateStorageConfig(StorageConfig &$storage, ?IUser $user = null) { |
|
| 79 | - if (!isset($user)) { |
|
| 80 | - throw new InsufficientDataForMeaningfulAnswerException('No login credentials saved'); |
|
| 81 | - } |
|
| 82 | - $credentials = $this->getCredentials($user); |
|
| 75 | + /** |
|
| 76 | + * @return void |
|
| 77 | + */ |
|
| 78 | + public function manipulateStorageConfig(StorageConfig &$storage, ?IUser $user = null) { |
|
| 79 | + if (!isset($user)) { |
|
| 80 | + throw new InsufficientDataForMeaningfulAnswerException('No login credentials saved'); |
|
| 81 | + } |
|
| 82 | + $credentials = $this->getCredentials($user); |
|
| 83 | 83 | |
| 84 | - $loginKey = $storage->getBackendOption('login_ldap_attr'); |
|
| 85 | - if ($loginKey) { |
|
| 86 | - $backend = $user->getBackend(); |
|
| 87 | - if ($backend instanceof IUserBackend && $backend->getBackendName() === 'LDAP') { |
|
| 88 | - $value = $this->getLdapPropertyForUser($user, $loginKey); |
|
| 89 | - if ($value === null) { |
|
| 90 | - throw new InsufficientDataForMeaningfulAnswerException('Custom ldap attribute not set for user ' . $user->getUID()); |
|
| 91 | - } |
|
| 92 | - $storage->setBackendOption('user', $value); |
|
| 93 | - } else { |
|
| 94 | - throw new InsufficientDataForMeaningfulAnswerException('Custom ldap attribute configured but user ' . $user->getUID() . ' is not an ldap user'); |
|
| 95 | - } |
|
| 96 | - } else { |
|
| 97 | - $storage->setBackendOption('user', $credentials['user']); |
|
| 98 | - } |
|
| 99 | - $storage->setBackendOption('password', $credentials['password']); |
|
| 100 | - } |
|
| 84 | + $loginKey = $storage->getBackendOption('login_ldap_attr'); |
|
| 85 | + if ($loginKey) { |
|
| 86 | + $backend = $user->getBackend(); |
|
| 87 | + if ($backend instanceof IUserBackend && $backend->getBackendName() === 'LDAP') { |
|
| 88 | + $value = $this->getLdapPropertyForUser($user, $loginKey); |
|
| 89 | + if ($value === null) { |
|
| 90 | + throw new InsufficientDataForMeaningfulAnswerException('Custom ldap attribute not set for user ' . $user->getUID()); |
|
| 91 | + } |
|
| 92 | + $storage->setBackendOption('user', $value); |
|
| 93 | + } else { |
|
| 94 | + throw new InsufficientDataForMeaningfulAnswerException('Custom ldap attribute configured but user ' . $user->getUID() . ' is not an ldap user'); |
|
| 95 | + } |
|
| 96 | + } else { |
|
| 97 | + $storage->setBackendOption('user', $credentials['user']); |
|
| 98 | + } |
|
| 99 | + $storage->setBackendOption('password', $credentials['password']); |
|
| 100 | + } |
|
| 101 | 101 | |
| 102 | - private function getLdapPropertyForUser(IUser $user, string $property): ?string { |
|
| 103 | - return $this->ldapFactory->getLDAPProvider()->getUserAttribute($user->getUID(), $property); |
|
| 104 | - } |
|
| 102 | + private function getLdapPropertyForUser(IUser $user, string $property): ?string { |
|
| 103 | + return $this->ldapFactory->getLDAPProvider()->getUserAttribute($user->getUID(), $property); |
|
| 104 | + } |
|
| 105 | 105 | } |
@@ -60,98 +60,98 @@ |
||
| 60 | 60 | * @package OCA\Files_External\AppInfo |
| 61 | 61 | */ |
| 62 | 62 | class Application extends App implements IBackendProvider, IAuthMechanismProvider, IBootstrap { |
| 63 | - public const APP_ID = 'files_external'; |
|
| 64 | - |
|
| 65 | - /** |
|
| 66 | - * Application constructor. |
|
| 67 | - * |
|
| 68 | - * @throws QueryException |
|
| 69 | - */ |
|
| 70 | - public function __construct(array $urlParams = []) { |
|
| 71 | - parent::__construct(self::APP_ID, $urlParams); |
|
| 72 | - } |
|
| 73 | - |
|
| 74 | - public function register(IRegistrationContext $context): void { |
|
| 75 | - $context->registerEventListener(UserDeletedEvent::class, UserDeletedListener::class); |
|
| 76 | - $context->registerEventListener(GroupDeletedEvent::class, GroupDeletedListener::class); |
|
| 77 | - $context->registerEventListener(LoadAdditionalScriptsEvent::class, LoadAdditionalListener::class); |
|
| 78 | - $context->registerEventListener(UserLoggedInEvent::class, StorePasswordListener::class); |
|
| 79 | - $context->registerEventListener(PasswordUpdatedEvent::class, StorePasswordListener::class); |
|
| 80 | - $context->registerConfigLexicon(ConfigLexicon::class); |
|
| 81 | - } |
|
| 82 | - |
|
| 83 | - public function boot(IBootContext $context): void { |
|
| 84 | - $context->injectFn(function (IMountProviderCollection $mountProviderCollection, ConfigAdapter $configAdapter): void { |
|
| 85 | - $mountProviderCollection->registerProvider($configAdapter); |
|
| 86 | - }); |
|
| 87 | - $context->injectFn(function (BackendService $backendService, UserPlaceholderHandler $userConfigHandler): void { |
|
| 88 | - $backendService->registerBackendProvider($this); |
|
| 89 | - $backendService->registerAuthMechanismProvider($this); |
|
| 90 | - $backendService->registerConfigHandler('user', function () use ($userConfigHandler) { |
|
| 91 | - return $userConfigHandler; |
|
| 92 | - }); |
|
| 93 | - }); |
|
| 94 | - } |
|
| 95 | - |
|
| 96 | - /** |
|
| 97 | - * @{inheritdoc} |
|
| 98 | - */ |
|
| 99 | - public function getBackends() { |
|
| 100 | - $container = $this->getContainer(); |
|
| 101 | - |
|
| 102 | - $backends = [ |
|
| 103 | - $container->get(Local::class), |
|
| 104 | - $container->get(FTP::class), |
|
| 105 | - $container->get(DAV::class), |
|
| 106 | - $container->get(OwnCloud::class), |
|
| 107 | - $container->get(SFTP::class), |
|
| 108 | - $container->get(AmazonS3::class), |
|
| 109 | - $container->get(Swift::class), |
|
| 110 | - $container->get(SFTP_Key::class), |
|
| 111 | - $container->get(SMB::class), |
|
| 112 | - $container->get(SMB_OC::class), |
|
| 113 | - ]; |
|
| 114 | - |
|
| 115 | - return $backends; |
|
| 116 | - } |
|
| 117 | - |
|
| 118 | - /** |
|
| 119 | - * @{inheritdoc} |
|
| 120 | - */ |
|
| 121 | - public function getAuthMechanisms() { |
|
| 122 | - $container = $this->getContainer(); |
|
| 123 | - |
|
| 124 | - return [ |
|
| 125 | - // AuthMechanism::SCHEME_NULL mechanism |
|
| 126 | - $container->get(NullMechanism::class), |
|
| 127 | - |
|
| 128 | - // AuthMechanism::SCHEME_BUILTIN mechanism |
|
| 129 | - $container->get(Builtin::class), |
|
| 130 | - |
|
| 131 | - // AuthMechanism::SCHEME_PASSWORD mechanisms |
|
| 132 | - $container->get(Password::class), |
|
| 133 | - $container->get(SessionCredentials::class), |
|
| 134 | - $container->get(LoginCredentials::class), |
|
| 135 | - $container->get(UserProvided::class), |
|
| 136 | - $container->get(GlobalAuth::class), |
|
| 137 | - $container->get(UserGlobalAuth::class), |
|
| 138 | - |
|
| 139 | - // AuthMechanism::SCHEME_OAUTH2 mechanisms |
|
| 140 | - $container->get(OAuth2::class), |
|
| 141 | - |
|
| 142 | - // AuthMechanism::SCHEME_PUBLICKEY mechanisms |
|
| 143 | - $container->get(RSA::class), |
|
| 144 | - $container->get(RSAPrivateKey::class), |
|
| 145 | - |
|
| 146 | - // AuthMechanism::SCHEME_OPENSTACK mechanisms |
|
| 147 | - $container->get(OpenStackV2::class), |
|
| 148 | - $container->get(OpenStackV3::class), |
|
| 149 | - $container->get(Rackspace::class), |
|
| 150 | - |
|
| 151 | - // Specialized mechanisms |
|
| 152 | - $container->get(AccessKey::class), |
|
| 153 | - $container->get(KerberosAuth::class), |
|
| 154 | - $container->get(KerberosApacheAuth::class), |
|
| 155 | - ]; |
|
| 156 | - } |
|
| 63 | + public const APP_ID = 'files_external'; |
|
| 64 | + |
|
| 65 | + /** |
|
| 66 | + * Application constructor. |
|
| 67 | + * |
|
| 68 | + * @throws QueryException |
|
| 69 | + */ |
|
| 70 | + public function __construct(array $urlParams = []) { |
|
| 71 | + parent::__construct(self::APP_ID, $urlParams); |
|
| 72 | + } |
|
| 73 | + |
|
| 74 | + public function register(IRegistrationContext $context): void { |
|
| 75 | + $context->registerEventListener(UserDeletedEvent::class, UserDeletedListener::class); |
|
| 76 | + $context->registerEventListener(GroupDeletedEvent::class, GroupDeletedListener::class); |
|
| 77 | + $context->registerEventListener(LoadAdditionalScriptsEvent::class, LoadAdditionalListener::class); |
|
| 78 | + $context->registerEventListener(UserLoggedInEvent::class, StorePasswordListener::class); |
|
| 79 | + $context->registerEventListener(PasswordUpdatedEvent::class, StorePasswordListener::class); |
|
| 80 | + $context->registerConfigLexicon(ConfigLexicon::class); |
|
| 81 | + } |
|
| 82 | + |
|
| 83 | + public function boot(IBootContext $context): void { |
|
| 84 | + $context->injectFn(function (IMountProviderCollection $mountProviderCollection, ConfigAdapter $configAdapter): void { |
|
| 85 | + $mountProviderCollection->registerProvider($configAdapter); |
|
| 86 | + }); |
|
| 87 | + $context->injectFn(function (BackendService $backendService, UserPlaceholderHandler $userConfigHandler): void { |
|
| 88 | + $backendService->registerBackendProvider($this); |
|
| 89 | + $backendService->registerAuthMechanismProvider($this); |
|
| 90 | + $backendService->registerConfigHandler('user', function () use ($userConfigHandler) { |
|
| 91 | + return $userConfigHandler; |
|
| 92 | + }); |
|
| 93 | + }); |
|
| 94 | + } |
|
| 95 | + |
|
| 96 | + /** |
|
| 97 | + * @{inheritdoc} |
|
| 98 | + */ |
|
| 99 | + public function getBackends() { |
|
| 100 | + $container = $this->getContainer(); |
|
| 101 | + |
|
| 102 | + $backends = [ |
|
| 103 | + $container->get(Local::class), |
|
| 104 | + $container->get(FTP::class), |
|
| 105 | + $container->get(DAV::class), |
|
| 106 | + $container->get(OwnCloud::class), |
|
| 107 | + $container->get(SFTP::class), |
|
| 108 | + $container->get(AmazonS3::class), |
|
| 109 | + $container->get(Swift::class), |
|
| 110 | + $container->get(SFTP_Key::class), |
|
| 111 | + $container->get(SMB::class), |
|
| 112 | + $container->get(SMB_OC::class), |
|
| 113 | + ]; |
|
| 114 | + |
|
| 115 | + return $backends; |
|
| 116 | + } |
|
| 117 | + |
|
| 118 | + /** |
|
| 119 | + * @{inheritdoc} |
|
| 120 | + */ |
|
| 121 | + public function getAuthMechanisms() { |
|
| 122 | + $container = $this->getContainer(); |
|
| 123 | + |
|
| 124 | + return [ |
|
| 125 | + // AuthMechanism::SCHEME_NULL mechanism |
|
| 126 | + $container->get(NullMechanism::class), |
|
| 127 | + |
|
| 128 | + // AuthMechanism::SCHEME_BUILTIN mechanism |
|
| 129 | + $container->get(Builtin::class), |
|
| 130 | + |
|
| 131 | + // AuthMechanism::SCHEME_PASSWORD mechanisms |
|
| 132 | + $container->get(Password::class), |
|
| 133 | + $container->get(SessionCredentials::class), |
|
| 134 | + $container->get(LoginCredentials::class), |
|
| 135 | + $container->get(UserProvided::class), |
|
| 136 | + $container->get(GlobalAuth::class), |
|
| 137 | + $container->get(UserGlobalAuth::class), |
|
| 138 | + |
|
| 139 | + // AuthMechanism::SCHEME_OAUTH2 mechanisms |
|
| 140 | + $container->get(OAuth2::class), |
|
| 141 | + |
|
| 142 | + // AuthMechanism::SCHEME_PUBLICKEY mechanisms |
|
| 143 | + $container->get(RSA::class), |
|
| 144 | + $container->get(RSAPrivateKey::class), |
|
| 145 | + |
|
| 146 | + // AuthMechanism::SCHEME_OPENSTACK mechanisms |
|
| 147 | + $container->get(OpenStackV2::class), |
|
| 148 | + $container->get(OpenStackV3::class), |
|
| 149 | + $container->get(Rackspace::class), |
|
| 150 | + |
|
| 151 | + // Specialized mechanisms |
|
| 152 | + $container->get(AccessKey::class), |
|
| 153 | + $container->get(KerberosAuth::class), |
|
| 154 | + $container->get(KerberosApacheAuth::class), |
|
| 155 | + ]; |
|
| 156 | + } |
|
| 157 | 157 | } |
