diff options
| author | Wave <wave72@users.noreply.github.com> | 2016-07-22 10:55:02 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2016-07-22 10:55:02 +0200 |
| commit | 744ad84714fe0f7a3d90250a4ff02dc4327b9061 (patch) | |
| tree | 595fb74ec9ea0bc7130d18bd7993d719a222d343 /Zotlabs/Storage/BasicAuth.php | |
| parent | c38c79d71c8ef70ef649f83e322f1984b75ee2dd (diff) | |
| parent | 7d897a3f03bd57ed556433eb84a41963ba44e02e (diff) | |
| download | volse-hubzilla-744ad84714fe0f7a3d90250a4ff02dc4327b9061.tar.gz volse-hubzilla-744ad84714fe0f7a3d90250a4ff02dc4327b9061.tar.bz2 volse-hubzilla-744ad84714fe0f7a3d90250a4ff02dc4327b9061.zip | |
Merge pull request #6 from redmatrix/dev
Dev
Diffstat (limited to 'Zotlabs/Storage/BasicAuth.php')
| -rw-r--r-- | Zotlabs/Storage/BasicAuth.php | 118 |
1 files changed, 86 insertions, 32 deletions
diff --git a/Zotlabs/Storage/BasicAuth.php b/Zotlabs/Storage/BasicAuth.php index 637cd222f..995976dcd 100644 --- a/Zotlabs/Storage/BasicAuth.php +++ b/Zotlabs/Storage/BasicAuth.php @@ -3,6 +3,8 @@ namespace Zotlabs\Storage; use Sabre\DAV; +use Sabre\HTTP\RequestInterface; +use Sabre\HTTP\ResponseInterface; /** * @brief Authentication backend class for DAV. @@ -73,10 +75,12 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic { protected $timezone = ''; + public $module_disabled = false; + + /** * @brief Validates a username and password. * - * Guest access is granted with the password "+++". * * @see \Sabre\DAV\Auth\Backend\AbstractBasic::validateUserPass * @param string $username @@ -84,42 +88,29 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic { * @return bool */ protected function validateUserPass($username, $password) { - if (trim($password) === '+++') { - logger('guest: ' . $username); - return true; - } require_once('include/auth.php'); $record = account_verify_password($username, $password); - if ($record && $record['account_default_channel']) { - $r = q("SELECT * FROM channel WHERE channel_account_id = %d AND channel_id = %d LIMIT 1", - intval($record['account_id']), - intval($record['account_default_channel']) - ); - if ($r) { - return $this->setAuthenticated($r[0]); + if($record && $record['account']) { + if($record['channel']) + $channel = $record['channel']; + else { + $r = q("SELECT * FROM channel WHERE channel_account_id = %d AND channel_id = %d LIMIT 1", + intval($record['account']['account_id']), + intval($record['account']['account_default_channel']) + ); + if($r) + $channel = $r[0]; } } - $r = q("SELECT * FROM channel WHERE channel_address = '%s' LIMIT 1", - dbesc($username) - ); - if ($r) { - $x = q("SELECT account_flags, account_salt, account_password FROM account WHERE account_id = %d LIMIT 1", - intval($r[0]['channel_account_id']) - ); - if ($x) { - // @fixme this foreach should not be needed? - foreach ($x as $record) { - if ((($record['account_flags'] == ACCOUNT_OK) || ($record['account_flags'] == ACCOUNT_UNVERIFIED)) - && (hash('whirlpool', $record['account_salt'] . $password) === $record['account_password'])) { - logger('password verified for ' . $username); - return $this->setAuthenticated($r[0]); - } - } - } + if($channel && $this->check_module_access($channel['channel_id'])) { + return $this->setAuthenticated($channel); } - $error = 'password failed for ' . $username; + if($this->module_disabled) + $error = 'module not enabled for ' . $username; + else + $error = 'password failed for ' . $username; logger($error); log_failed_login($error); @@ -143,6 +134,69 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic { return true; } + /** + * When this method is called, the backend must check if authentication was + * successful. + * + * The returned value must be one of the following + * + * [true, "principals/username"] + * [false, "reason for failure"] + * + * If authentication was successful, it's expected that the authentication + * backend returns a so-called principal url. + * + * Examples of a principal url: + * + * principals/admin + * principals/user1 + * principals/users/joe + * principals/uid/123457 + * + * If you don't use WebDAV ACL (RFC3744) we recommend that you simply + * return a string such as: + * + * principals/users/[username] + * + * @param RequestInterface $request + * @param ResponseInterface $response + * @return array + */ + function check(RequestInterface $request, ResponseInterface $response) { + + if(local_channel()) { + $this->setAuthenticated(\App::get_channel()); + return [ true, $this->principalPrefix . $this->channel_name ]; + } + + $auth = new \Sabre\HTTP\Auth\Basic( + $this->realm, + $request, + $response + ); + + $userpass = $auth->getCredentials(); + if (!$userpass) { + return [false, "No 'Authorization: Basic' header found. Either the client didn't send one, or the server is misconfigured"]; + } + if (!$this->validateUserPass($userpass[0], $userpass[1])) { + return [false, "Username or password was incorrect"]; + } + return [true, $this->principalPrefix . $userpass[0]]; + + } + + protected function check_module_access($channel_id) { + if($channel_id && \App::$module === 'cdav') { + $x = get_pconfig($channel_id,'cdav','enabled'); + if(! $x) { + $this->module_disabled = true; + return false; + } + } + return true; + } + /** * Sets the channel_name from the currently logged-in channel. * @@ -165,7 +219,7 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic { } /** - * @brief Sets the timezone from the channel in RedBasicAuth. + * @brief Sets the timezone from the channel in BasicAuth. * * Set in mod/cloud.php if the channel has a timezone set. * @@ -209,4 +263,4 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic { logger('owner_id ' . $this->owner_id, LOGGER_DATA); logger('owner_nick ' . $this->owner_nick, LOGGER_DATA); } -}
\ No newline at end of file +} |