diff --git a/db_structure.xml b/db_structure.xml
index 09dbde710d30fb507b78c74cb791249bd38932e9..c7e1e072a8eff238f5f36e6d62db47b7489ebb52 100644
--- a/db_structure.xml
+++ b/db_structure.xml
@@ -1152,6 +1152,13 @@
<length>4</length>
</field>
+ <field>
+ <name>scope</name>
+ <type>clob</type>
+ <default></default>
+ <notnull>false</notnull>
+ </field>
+
<index>
<name>authtoken_token_index</name>
<unique>true</unique>
diff --git a/lib/private/Authentication/Token/DefaultToken.php b/lib/private/Authentication/Token/DefaultToken.php
index faef2f73b33dfd84c93c04fe3dc6a63ab0b6879e..0c45c9efa56044434e5d4ec10a412399d2d05bdb 100644
--- a/lib/private/Authentication/Token/DefaultToken.php
+++ b/lib/private/Authentication/Token/DefaultToken.php
@@ -87,6 +87,11 @@ class DefaultToken extends Entity implements IToken {
*/
protected $lastCheck;
+ /**
+ * @var string
+ */
+ protected $scope;
+
public function getId() {
return $this->id;
}
@@ -119,6 +124,7 @@ class DefaultToken extends Entity implements IToken {
'name' => $this->name,
'lastActivity' => $this->lastActivity,
'type' => $this->type,
+ 'scope' => $this->getScope()
];
}
@@ -140,4 +146,11 @@ class DefaultToken extends Entity implements IToken {
return parent::setLastCheck($time);
}
+ public function getScope() {
+ return json_decode(parent::getScope(), true);
+ }
+
+ public function setScope($scope) {
+ return parent::setScope(json_encode($scope));
+ }
}
diff --git a/lib/private/Authentication/Token/DefaultTokenMapper.php b/lib/private/Authentication/Token/DefaultTokenMapper.php
index 752974ff24033af274418ff0f314dfd4b2227fba..e2a17ca0f914dc9b7291a01a297ba556ec03a1a0 100644
--- a/lib/private/Authentication/Token/DefaultTokenMapper.php
+++ b/lib/private/Authentication/Token/DefaultTokenMapper.php
@@ -72,7 +72,7 @@ class DefaultTokenMapper extends Mapper {
public function getToken($token) {
/* @var $qb IQueryBuilder */
$qb = $this->db->getQueryBuilder();
- $result = $qb->select('id', 'uid', 'login_name', 'password', 'name', 'type', 'remember', 'token', 'last_activity', 'last_check')
+ $result = $qb->select('id', 'uid', 'login_name', 'password', 'name', 'type', 'remember', 'token', 'last_activity', 'last_check', 'scope')
->from('authtoken')
->where($qb->expr()->eq('token', $qb->createParameter('token')))
->setParameter('token', $token)
@@ -98,7 +98,7 @@ class DefaultTokenMapper extends Mapper {
public function getTokenByUser(IUser $user) {
/* @var $qb IQueryBuilder */
$qb = $this->db->getQueryBuilder();
- $qb->select('id', 'uid', 'login_name', 'password', 'name', 'type', 'remember', 'token', 'last_activity', 'last_check')
+ $qb->select('id', 'uid', 'login_name', 'password', 'name', 'type', 'remember', 'token', 'last_activity', 'last_check', 'scope')
->from('authtoken')
->where($qb->expr()->eq('uid', $qb->createNamedParameter($user->getUID())))
->setMaxResults(1000);
diff --git a/lib/private/Authentication/Token/IToken.php b/lib/private/Authentication/Token/IToken.php
index 14811dd3201a07e22ae5cadb58fe18ac6cbba6b6..3fa8ccbb078e62c0010061189e30024c258393fb 100644
--- a/lib/private/Authentication/Token/IToken.php
+++ b/lib/private/Authentication/Token/IToken.php
@@ -72,4 +72,8 @@ interface IToken extends JsonSerializable {
* @param int $time
*/
public function setLastCheck($time);
+
+ public function getScope();
+
+ public function setScope($scope);
}
diff --git a/lib/private/Lockdown/LockdownManager.php b/lib/private/Lockdown/LockdownManager.php
index 9f10646a9dd3dcdb2d2c760af8c80b46707a2f0f..150b54bdba2332bec9677e99d9ca415c2da7c759 100644
--- a/lib/private/Lockdown/LockdownManager.php
+++ b/lib/private/Lockdown/LockdownManager.php
@@ -23,24 +23,36 @@ use OC\Authentication\Token\IToken;
use OCP\Lockdown\ILockdownManager;
class LockdownManager implements ILockdownManager {
- /** @var IToken|null */
- private $token;
-
private $enabled = false;
+ /** @var array|null */
+ private $scope;
+
public function enable() {
$this->enabled = true;
}
public function setToken(IToken $token) {
- $this->token = $token;
+ $this->scope = $token->getScope();
+ $this->enable();
}
public function canAccessFilesystem() {
- return true;
+ if (!$this->enabled) {
+ return true;
+ }
+ return !$this->scope || $this->scope['filesystem'];
}
public function canAccessApp($app) {
- return $app === 'logreader' || $app === 'files' || $app === 'dav';
+ if (!$this->enabled) {
+ return true;
+ }
+ if ($this->scope && $this->scope['apps']) {
+ return in_array($app, $this->scope['apps']);
+ } else {
+ // no limit
+ return true;
+ }
}
}
diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php
index 82af9281a4cc5f953672fbb7f7ae87a2c7d9ddf0..6033f0605041f6526e33316ad83ba6de260154c4 100644
--- a/lib/private/User/Session.php
+++ b/lib/private/User/Session.php
@@ -341,12 +341,10 @@ class Session implements IUserSession, Emitter {
if ($isTokenPassword) {
$this->session->set('app_password', $password);
- \OC::$server->getLockdownManager()->setToken($this->tokenProvider->getToken($password));
} else if($this->supportsCookies($request)) {
// Password login, but cookies supported -> create (browser) session token
$this->createSessionToken($request, $this->getUser()->getUID(), $user, $password);
}
- \OC::$server->getLockdownManager()->enable();
return true;
}
@@ -527,6 +525,7 @@ class Session implements IUserSession, Emitter {
//login
$this->setUser($user);
$this->setLoginName($dbToken->getLoginName());
+ \OC::$server->getLockdownManager()->setToken($dbToken);
$this->manager->emit('\OC\User', 'postLogin', array($user, $password));
if ($this->isLoggedIn()) {
diff --git a/version.php b/version.php
index 42a0e7c9bdbe87f496ea7925e554f021c0c18cad..d556386a848a058782858e554966d1d4d41154a8 100644
--- a/version.php
+++ b/version.php
@@ -25,7 +25,7 @@
// We only can count up. The 4. digit is only for the internal patchlevel to trigger DB upgrades
// between betas, final and RCs. This is _not_ the public version number. Reset minor/patchlevel
// when updating major/minor version number.
-$OC_Version = array(11, 0, 0, 0);
+$OC_Version = array(11, 0, 0, 1);
// The human readable string
$OC_VersionString = '11.0 alpha';