From cdc536c42367a1c7667a63c598f50b95956da759 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Thomas=20M=C3=BCller?= <thomas.mueller@tmit.eu>
Date: Thu, 3 Dec 2015 16:22:18 +0100
Subject: [PATCH] Allow trusted servers to authenticate
---
apps/dav/lib/connector/fedauth.php | 55 ++++++++++++++++++++++++++++
apps/dav/lib/server.php | 5 ++-
apps/federation/appinfo/database.xml | 9 ++++-
apps/federation/lib/dbhandler.php | 19 +++++++++-
4 files changed, 85 insertions(+), 3 deletions(-)
create mode 100644 apps/dav/lib/connector/fedauth.php
diff --git a/apps/dav/lib/connector/fedauth.php b/apps/dav/lib/connector/fedauth.php
new file mode 100644
index 00000000000..42a29cef3fc
--- /dev/null
+++ b/apps/dav/lib/connector/fedauth.php
@@ -0,0 +1,55 @@
+<?php
+/**
+ * @author Thomas Müller <thomas.mueller@tmit.eu>
+ *
+ * @copyright Copyright (c) 2015, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+namespace OCA\DAV\Connector;
+
+use OCA\Federation\DbHandler;
+use OCP\IDBConnection;
+use Sabre\DAV\Auth\Backend\AbstractBasic;
+
+class FedAuth extends AbstractBasic {
+
+ /**
+ * FedAuth constructor.
+ *
+ * @param IDBConnection $db
+ */
+ public function __construct(IDBConnection $db) {
+ $this->db = $db;
+ $this->principalPrefix = 'principals/system/';
+ }
+
+ /**
+ * Validates a username and password
+ *
+ * This method should return true or false depending on if login
+ * succeeded.
+ *
+ * @param string $username
+ * @param string $password
+ * @return bool
+ */
+ protected function validateUserPass($username, $password) {
+ $h = new DbHandler($this->db,
+ \OC::$server->getL10N('federation')
+ );
+ return $h->auth($username, $password);
+ }
+}
diff --git a/apps/dav/lib/server.php b/apps/dav/lib/server.php
index a6ad878d29f..8b7171c145c 100644
--- a/apps/dav/lib/server.php
+++ b/apps/dav/lib/server.php
@@ -3,6 +3,7 @@
namespace OCA\DAV;
use OCA\DAV\CalDAV\Schedule\IMipPlugin;
+use OCA\DAV\Connector\FedAuth;
use OCA\DAV\Connector\Sabre\Auth;
use OCA\DAV\Connector\Sabre\BlockLegacyClientPlugin;
use OCA\DAV\Files\CustomPropertiesBackend;
@@ -35,7 +36,9 @@ class Server {
$this->server->setBaseUri($this->baseUri);
$this->server->addPlugin(new BlockLegacyClientPlugin(\OC::$server->getConfig()));
- $this->server->addPlugin(new Plugin($authBackend, 'ownCloud'));
+ $authPlugin = new Plugin($authBackend, 'ownCloud');
+ $authPlugin->addBackend(new FedAuth(\OC::$server->getDatabaseConnection()));
+ $this->server->addPlugin($authPlugin);
$this->server->addPlugin(new \OCA\DAV\Connector\Sabre\DummyGetResponsePlugin());
$this->server->addPlugin(new \OCA\DAV\Connector\Sabre\ExceptionLoggerPlugin('webdav', $logger));
$this->server->addPlugin(new \OCA\DAV\Connector\Sabre\LockPlugin());
diff --git a/apps/federation/appinfo/database.xml b/apps/federation/appinfo/database.xml
index e0bb241918e..e6728df1408 100644
--- a/apps/federation/appinfo/database.xml
+++ b/apps/federation/appinfo/database.xml
@@ -34,7 +34,7 @@
<name>token</name>
<type>text</type>
<length>128</length>
- <comments>toke used to exchange the shared secret</comments>
+ <comments>token used to exchange the shared secret</comments>
</field>
<field>
<name>shared_secret</name>
@@ -50,6 +50,13 @@
<default>2</default>
<comments>current status of the connection</comments>
</field>
+ <field>
+ <name>sync_token</name>
+ <type>integer</type>
+ <notnull>true</notnull>
+ <default>0</default>
+ <comments>cardDav sync token</comments>
+ </field>
<index>
<name>url_hash</name>
<unique>true</unique>
diff --git a/apps/federation/lib/dbhandler.php b/apps/federation/lib/dbhandler.php
index 7606593f780..f86a8e15d80 100644
--- a/apps/federation/lib/dbhandler.php
+++ b/apps/federation/lib/dbhandler.php
@@ -111,7 +111,7 @@ class DbHandler {
*/
public function getAllServer() {
$query = $this->connection->getQueryBuilder();
- $query->select(['url', 'id', 'status'])->from($this->dbTable);
+ $query->select(['url', 'id', 'status', 'shared_secret', 'sync_token'])->from($this->dbTable);
$result = $query->execute()->fetchAll();
return $result;
}
@@ -267,4 +267,21 @@ class DbHandler {
return $normalized;
}
+ /**
+ * @param $username
+ * @param $password
+ * @return bool
+ */
+ public function auth($username, $password) {
+ if ($username !== 'system') {
+ return false;
+ }
+ $query = $this->connection->getQueryBuilder();
+ $query->select('url')->from($this->dbTable)
+ ->where($query->expr()->eq('shared_secret', $query->createNamedParameter($password)));
+
+ $result = $query->execute()->fetch();
+ return !empty($result);
+ }
+
}
--
GitLab