Allow trusted servers to authenticate

apps/dav/lib/connector/fedauth.php

+<?php
+/**
+ * @author Thomas Müller <thomas.mueller@tmit.eu>
+ *
+ * @copyright Copyright (c) 2015, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+namespace OCA\DAV\Connector;
+
+use OCA\Federation\DbHandler;
+use OCP\IDBConnection;
+use Sabre\DAV\Auth\Backend\AbstractBasic;
+
+class FedAuth extends AbstractBasic {
+
+	/**
+	 * FedAuth constructor.
+	 *
+	 * @param IDBConnection $db
+	 */
+	public function __construct(IDBConnection $db) {
+		$this->db = $db;
+		$this->principalPrefix = 'principals/system/';
+	}
+
+	/**
+	 * Validates a username and password
+	 *
+	 * This method should return true or false depending on if login
+	 * succeeded.
+	 *
+	 * @param string $username
+	 * @param string $password
+	 * @return bool
+	 */
+	protected function validateUserPass($username, $password) {
+		$h = new DbHandler($this->db,
+				\OC::$server->getL10N('federation')
+		);
+		return $h->auth($username, $password);
+	}
+}

apps/dav/lib/server.php

@@ -3,6 +3,7 @@
 namespace OCA\DAV;
 
 use OCA\DAV\CalDAV\Schedule\IMipPlugin;
+use OCA\DAV\Connector\FedAuth;
 use OCA\DAV\Connector\Sabre\Auth;
 use OCA\DAV\Connector\Sabre\BlockLegacyClientPlugin;
 use OCA\DAV\Files\CustomPropertiesBackend;
@@ -35,7 +36,9 @@ class Server {
 		$this->server->setBaseUri($this->baseUri);
 
 		$this->server->addPlugin(new BlockLegacyClientPlugin(\OC::$server->getConfig()));
-		$this->server->addPlugin(new Plugin($authBackend, 'ownCloud'));
+		$authPlugin = new Plugin($authBackend, 'ownCloud');
+		$authPlugin->addBackend(new FedAuth(\OC::$server->getDatabaseConnection()));
+		$this->server->addPlugin($authPlugin);
 		$this->server->addPlugin(new \OCA\DAV\Connector\Sabre\DummyGetResponsePlugin());
 		$this->server->addPlugin(new \OCA\DAV\Connector\Sabre\ExceptionLoggerPlugin('webdav', $logger));
 		$this->server->addPlugin(new \OCA\DAV\Connector\Sabre\LockPlugin());

apps/federation/appinfo/database.xml

@@ -34,7 +34,7 @@
 				<name>token</name>
 				<type>text</type>
 				<length>128</length>
-				<comments>toke used to exchange the shared secret</comments>
+				<comments>token used to exchange the shared secret</comments>
 			</field>
 			<field>
 				<name>shared_secret</name>
@@ -50,6 +50,13 @@
 				<default>2</default>
 				<comments>current status of the connection</comments>
 			</field>
+			<field>
+				<name>sync_token</name>
+				<type>integer</type>
+				<notnull>true</notnull>
+				<default>0</default>
+				<comments>cardDav sync token</comments>
+			</field>
 			<index>
 				<name>url_hash</name>
 				<unique>true</unique>

apps/federation/lib/dbhandler.php

@@ -111,7 +111,7 @@ class DbHandler {
 	 */
 	public function getAllServer() {
 		$query = $this->connection->getQueryBuilder();
-		$query->select(['url', 'id', 'status'])->from($this->dbTable);
+		$query->select(['url', 'id', 'status', 'shared_secret', 'sync_token'])->from($this->dbTable);
 		$result = $query->execute()->fetchAll();
 		return $result;
 	}
@@ -267,4 +267,21 @@ class DbHandler {
 		return $normalized;
 	}
 
+	/**
+	 * @param $username
+	 * @param $password
+	 * @return bool
+	 */
+	public function auth($username, $password) {
+		if ($username !== 'system') {
+			return false;
+		}
+		$query = $this->connection->getQueryBuilder();
+		$query->select('url')->from($this->dbTable)
+				->where($query->expr()->eq('shared_secret', $query->createNamedParameter($password)));
+
+		$result = $query->execute()->fetch();
+		return !empty($result);
+	}
+
 }