BearerAuth.php 2.5 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586
  1. <?php
  2. /**
  3. * @copyright Copyright (c) 2017 Lukas Reschke <lukas@statuscode.ch>
  4. *
  5. * @author Christoph Wurst <christoph@winzerhof-wurst.at>
  6. * @author Lukas Reschke <lukas@statuscode.ch>
  7. *
  8. * @license GNU AGPL version 3 or any later version
  9. *
  10. * This program is free software: you can redistribute it and/or modify
  11. * it under the terms of the GNU Affero General Public License as
  12. * published by the Free Software Foundation, either version 3 of the
  13. * License, or (at your option) any later version.
  14. *
  15. * This program is distributed in the hope that it will be useful,
  16. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  17. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  18. * GNU Affero General Public License for more details.
  19. *
  20. * You should have received a copy of the GNU Affero General Public License
  21. * along with this program. If not, see <http://www.gnu.org/licenses/>.
  22. *
  23. */
  24. namespace OCA\DAV\Connector\Sabre;
  25. use OCP\IRequest;
  26. use OCP\ISession;
  27. use OCP\IUserSession;
  28. use Sabre\DAV\Auth\Backend\AbstractBearer;
  29. use Sabre\HTTP\RequestInterface;
  30. use Sabre\HTTP\ResponseInterface;
  31. class BearerAuth extends AbstractBearer {
  32. private IUserSession $userSession;
  33. private ISession $session;
  34. private IRequest $request;
  35. private string $principalPrefix;
  36. public function __construct(IUserSession $userSession,
  37. ISession $session,
  38. IRequest $request,
  39. $principalPrefix = 'principals/users/') {
  40. $this->userSession = $userSession;
  41. $this->session = $session;
  42. $this->request = $request;
  43. $this->principalPrefix = $principalPrefix;
  44. // setup realm
  45. $defaults = new \OCP\Defaults();
  46. $this->realm = $defaults->getName() ?: 'Nextcloud';
  47. }
  48. private function setupUserFs($userId) {
  49. \OC_Util::setupFS($userId);
  50. $this->session->close();
  51. return $this->principalPrefix . $userId;
  52. }
  53. /**
  54. * {@inheritdoc}
  55. */
  56. public function validateBearerToken($bearerToken) {
  57. \OC_Util::setupFS();
  58. if (!$this->userSession->isLoggedIn()) {
  59. $this->userSession->tryTokenLogin($this->request);
  60. }
  61. if ($this->userSession->isLoggedIn()) {
  62. return $this->setupUserFs($this->userSession->getUser()->getUID());
  63. }
  64. return false;
  65. }
  66. /**
  67. * \Sabre\DAV\Auth\Backend\AbstractBearer::challenge sets an WWW-Authenticate
  68. * header which some DAV clients can't handle. Thus we override this function
  69. * and make it simply return a 401.
  70. *
  71. * @param RequestInterface $request
  72. * @param ResponseInterface $response
  73. */
  74. public function challenge(RequestInterface $request, ResponseInterface $response): void {
  75. $response->setStatus(401);
  76. }
  77. }