PublicAuth.php 2.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293
  1. <?php
  2. /**
  3. * @copyright Copyright (c) 2016, ownCloud, Inc.
  4. *
  5. * @author Christoph Wurst <christoph@winzerhof-wurst.at>
  6. * @author Thomas Müller <thomas.mueller@tmit.eu>
  7. *
  8. * @license AGPL-3.0
  9. *
  10. * This code is free software: you can redistribute it and/or modify
  11. * it under the terms of the GNU Affero General Public License, version 3,
  12. * as published by the Free Software Foundation.
  13. *
  14. * This program is distributed in the hope that it will be useful,
  15. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  16. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  17. * GNU Affero General Public License for more details.
  18. *
  19. * You should have received a copy of the GNU Affero General Public License, version 3,
  20. * along with this program. If not, see <http://www.gnu.org/licenses/>
  21. *
  22. */
  23. namespace OCA\DAV\DAV;
  24. use Sabre\DAV\Auth\Backend\BackendInterface;
  25. use Sabre\HTTP\RequestInterface;
  26. use Sabre\HTTP\ResponseInterface;
  27. class PublicAuth implements BackendInterface {
  28. /** @var string[] */
  29. private $publicURLs;
  30. public function __construct() {
  31. $this->publicURLs = [
  32. 'public-calendars',
  33. 'principals/system/public'
  34. ];
  35. }
  36. /**
  37. * When this method is called, the backend must check if authentication was
  38. * successful.
  39. *
  40. * The returned value must be one of the following
  41. *
  42. * [true, "principals/username"]
  43. * [false, "reason for failure"]
  44. *
  45. * If authentication was successful, it's expected that the authentication
  46. * backend returns a so-called principal url.
  47. *
  48. * Examples of a principal url:
  49. *
  50. * principals/admin
  51. * principals/user1
  52. * principals/users/joe
  53. * principals/uid/123457
  54. *
  55. * If you don't use WebDAV ACL (RFC3744) we recommend that you simply
  56. * return a string such as:
  57. *
  58. * principals/users/[username]
  59. *
  60. * @param RequestInterface $request
  61. * @param ResponseInterface $response
  62. * @return array
  63. */
  64. public function check(RequestInterface $request, ResponseInterface $response) {
  65. if ($this->isRequestPublic($request)) {
  66. return [true, "principals/system/public"];
  67. }
  68. return [false, "No public access to this resource."];
  69. }
  70. /**
  71. * @inheritdoc
  72. */
  73. public function challenge(RequestInterface $request, ResponseInterface $response) {
  74. }
  75. /**
  76. * @param RequestInterface $request
  77. * @return bool
  78. */
  79. private function isRequestPublic(RequestInterface $request) {
  80. $url = $request->getPath();
  81. $matchingUrls = array_filter($this->publicURLs, function ($publicUrl) use ($url) {
  82. return str_starts_with($url, $publicUrl);
  83. });
  84. return !empty($matchingUrls);
  85. }
  86. }