PublicAuth.php 1.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778
  1. <?php
  2. /**
  3. * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors
  4. * SPDX-FileCopyrightText: 2016 ownCloud, Inc.
  5. * SPDX-License-Identifier: AGPL-3.0-only
  6. */
  7. namespace OCA\DAV\DAV;
  8. use Sabre\DAV\Auth\Backend\BackendInterface;
  9. use Sabre\HTTP\RequestInterface;
  10. use Sabre\HTTP\ResponseInterface;
  11. class PublicAuth implements BackendInterface {
  12. /** @var string[] */
  13. private $publicURLs;
  14. public function __construct() {
  15. $this->publicURLs = [
  16. 'public-calendars',
  17. 'principals/system/public'
  18. ];
  19. }
  20. /**
  21. * When this method is called, the backend must check if authentication was
  22. * successful.
  23. *
  24. * The returned value must be one of the following
  25. *
  26. * [true, "principals/username"]
  27. * [false, "reason for failure"]
  28. *
  29. * If authentication was successful, it's expected that the authentication
  30. * backend returns a so-called principal url.
  31. *
  32. * Examples of a principal url:
  33. *
  34. * principals/admin
  35. * principals/user1
  36. * principals/users/joe
  37. * principals/uid/123457
  38. *
  39. * If you don't use WebDAV ACL (RFC3744) we recommend that you simply
  40. * return a string such as:
  41. *
  42. * principals/users/[username]
  43. *
  44. * @param RequestInterface $request
  45. * @param ResponseInterface $response
  46. * @return array
  47. */
  48. public function check(RequestInterface $request, ResponseInterface $response) {
  49. if ($this->isRequestPublic($request)) {
  50. return [true, "principals/system/public"];
  51. }
  52. return [false, "No public access to this resource."];
  53. }
  54. /**
  55. * @inheritdoc
  56. */
  57. public function challenge(RequestInterface $request, ResponseInterface $response) {
  58. }
  59. /**
  60. * @param RequestInterface $request
  61. * @return bool
  62. */
  63. private function isRequestPublic(RequestInterface $request) {
  64. $url = $request->getPath();
  65. $matchingUrls = array_filter($this->publicURLs, function ($publicUrl) use ($url) {
  66. return str_starts_with($url, $publicUrl);
  67. });
  68. return !empty($matchingUrls);
  69. }
  70. }