1
0

TicketSaveMiddleware.php 2.8 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091
  1. <?php
  2. declare(strict_types=1);
  3. /**
  4. * @copyright Copyright (c) 2023 Robin Appelman <robin@icewind.nl>
  5. *
  6. * @license GNU AGPL version 3 or any later version
  7. *
  8. * This program is free software: you can redistribute it and/or modify
  9. * it under the terms of the GNU Affero General Public License as
  10. * published by the Free Software Foundation, either version 3 of the
  11. * License, or (at your option) any later version.
  12. *
  13. * This program is distributed in the hope that it will be useful,
  14. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  15. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  16. * GNU Affero General Public License for more details.
  17. *
  18. * You should have received a copy of the GNU Affero General Public License
  19. * along with this program. If not, see <http://www.gnu.org/licenses/>.
  20. *
  21. */
  22. namespace OCA\Files_External\Lib;
  23. use Icewind\SMB\KerberosTicket;
  24. use OCA\Files_External\Controller\UserGlobalStoragesController;
  25. use OCA\Files_External\Lib\Auth\SMB\KerberosSsoDatabase;
  26. use OCA\Files_External\Lib\Auth\SMB\KerberosSsoSession;
  27. use OCA\Files_External\Service\UserGlobalStoragesService;
  28. use OCP\AppFramework\Http\Response;
  29. use OCP\AppFramework\Middleware;
  30. use OCP\ISession;
  31. use OCP\IUser;
  32. use OCP\IUserSession;
  33. use OCP\Security\ICredentialsManager;
  34. class TicketSaveMiddleware extends Middleware {
  35. const SAVE_SESSION = 1;
  36. const SAVE_DB = 2;
  37. private ISession $session;
  38. private IUserSession $userSession;
  39. private UserGlobalStoragesService $storagesService;
  40. private ICredentialsManager $credentialsManager;
  41. public function __construct(
  42. ISession $session,
  43. ICredentialsManager $credentialsManager,
  44. IUserSession $userSession,
  45. UserGlobalStoragesService $storagesService
  46. ) {
  47. $this->session = $session;
  48. $this->credentialsManager = $credentialsManager;
  49. $this->userSession = $userSession;
  50. $this->storagesService = $storagesService;
  51. }
  52. public function afterController($controller, $methodName, Response $response) {
  53. $user = $this->userSession->getUser();
  54. if (!$user) {
  55. return $response;
  56. }
  57. $ticket = KerberosTicket::fromEnv();
  58. if ($ticket && $ticket->isValid()) {
  59. $save = $this->needToSaveTicket($user);
  60. if ($save & self::SAVE_SESSION) {
  61. $this->session->set('kerberos_ticket', base64_encode($ticket->save()));
  62. }
  63. if ($save & self::SAVE_DB) {
  64. $this->credentialsManager->store($user->getUID(), 'kerberos_ticket', base64_encode($ticket->save()));
  65. }
  66. }
  67. return $response;
  68. }
  69. private function needToSaveTicket(IUser $user): int {
  70. $save = 0;
  71. $storages = $this->storagesService->getAllStoragesForUser($user);
  72. foreach ($storages as $storage) {
  73. $auth = $storage->getAuthMechanism();
  74. if ($auth instanceof KerberosSsoSession) {
  75. $save = $save | self::SAVE_SESSION;
  76. }
  77. if ($auth instanceof KerberosSsoDatabase) {
  78. $save = $save | self::SAVE_DB;
  79. }
  80. }
  81. return $save;
  82. }
  83. }