diff options
Diffstat (limited to 'vendor/sabre/dav/lib/DAV/Auth/Backend')
9 files changed, 212 insertions, 135 deletions
diff --git a/vendor/sabre/dav/lib/DAV/Auth/Backend/AbstractBasic.php b/vendor/sabre/dav/lib/DAV/Auth/Backend/AbstractBasic.php index 40a95f8bf..aa8b1f573 100644 --- a/vendor/sabre/dav/lib/DAV/Auth/Backend/AbstractBasic.php +++ b/vendor/sabre/dav/lib/DAV/Auth/Backend/AbstractBasic.php @@ -1,14 +1,15 @@ <?php +declare(strict_types=1); + namespace Sabre\DAV\Auth\Backend; -use Sabre\DAV; use Sabre\HTTP; use Sabre\HTTP\RequestInterface; use Sabre\HTTP\ResponseInterface; /** - * HTTP Basic authentication backend class + * HTTP Basic authentication backend class. * * This class can be used by authentication objects wishing to use HTTP Basic * Most of the digest logic is handled, implementors just need to worry about @@ -19,8 +20,8 @@ use Sabre\HTTP\ResponseInterface; * @author Evert Pot (http://evertpot.com/) * @license http://sabre.io/license/ Modified BSD License */ -abstract class AbstractBasic implements BackendInterface { - +abstract class AbstractBasic implements BackendInterface +{ /** * Authentication Realm. * @@ -39,13 +40,14 @@ abstract class AbstractBasic implements BackendInterface { protected $principalPrefix = 'principals/'; /** - * Validates a username and password + * Validates a username and password. * * This method should return true or false depending on if login * succeeded. * * @param string $username * @param string $password + * * @return bool */ abstract protected function validateUserPass($username, $password); @@ -54,12 +56,10 @@ abstract class AbstractBasic implements BackendInterface { * Sets the authentication realm for this backend. * * @param string $realm - * @return void */ - function setRealm($realm) { - + public function setRealm($realm) + { $this->realm = $realm; - } /** @@ -86,12 +86,13 @@ abstract class AbstractBasic implements BackendInterface { * * principals/users/[username] * - * @param RequestInterface $request + * @param RequestInterface $request * @param ResponseInterface $response + * * @return array */ - function check(RequestInterface $request, ResponseInterface $response) { - + public function check(RequestInterface $request, ResponseInterface $response) + { $auth = new HTTP\Auth\Basic( $this->realm, $request, @@ -103,10 +104,10 @@ abstract class AbstractBasic implements BackendInterface { return [false, "No 'Authorization: Basic' header found. Either the client didn't send one, or the server is misconfigured"]; } if (!$this->validateUserPass($userpass[0], $userpass[1])) { - return [false, "Username or password was incorrect"]; + return [false, 'Username or password was incorrect']; } - return [true, $this->principalPrefix . $userpass[0]]; + return [true, $this->principalPrefix.$userpass[0]]; } /** @@ -126,19 +127,16 @@ abstract class AbstractBasic implements BackendInterface { * append your own WWW-Authenticate header instead of overwriting the * existing one. * - * @param RequestInterface $request + * @param RequestInterface $request * @param ResponseInterface $response - * @return void */ - function challenge(RequestInterface $request, ResponseInterface $response) { - + public function challenge(RequestInterface $request, ResponseInterface $response) + { $auth = new HTTP\Auth\Basic( $this->realm, $request, $response ); $auth->requireLogin(); - } - } diff --git a/vendor/sabre/dav/lib/DAV/Auth/Backend/AbstractBearer.php b/vendor/sabre/dav/lib/DAV/Auth/Backend/AbstractBearer.php index ae7a8a12f..a2653b2b0 100644 --- a/vendor/sabre/dav/lib/DAV/Auth/Backend/AbstractBearer.php +++ b/vendor/sabre/dav/lib/DAV/Auth/Backend/AbstractBearer.php @@ -1,14 +1,15 @@ <?php +declare(strict_types=1); + namespace Sabre\DAV\Auth\Backend; -use Sabre\DAV; use Sabre\HTTP; use Sabre\HTTP\RequestInterface; use Sabre\HTTP\ResponseInterface; /** - * HTTP Bearer authentication backend class + * HTTP Bearer authentication backend class. * * This class can be used by authentication objects wishing to use HTTP Bearer * Most of the digest logic is handled, implementors just need to worry about @@ -20,8 +21,8 @@ use Sabre\HTTP\ResponseInterface; * @author Evert Pot (http://evertpot.com/) * @license http://sabre.io/license/ Modified BSD License */ -abstract class AbstractBearer implements BackendInterface { - +abstract class AbstractBearer implements BackendInterface +{ /** * Authentication Realm. * @@ -33,12 +34,13 @@ abstract class AbstractBearer implements BackendInterface { protected $realm = 'sabre/dav'; /** - * Validates a Bearer token + * Validates a Bearer token. * * This method should return the full principal url, or false if the * token was incorrect. * * @param string $bearerToken + * * @return string|false */ abstract protected function validateBearerToken($bearerToken); @@ -47,12 +49,10 @@ abstract class AbstractBearer implements BackendInterface { * Sets the authentication realm for this backend. * * @param string $realm - * @return void */ - function setRealm($realm) { - + public function setRealm($realm) + { $this->realm = $realm; - } /** @@ -79,12 +79,13 @@ abstract class AbstractBearer implements BackendInterface { * * principals/users/[username] * - * @param RequestInterface $request + * @param RequestInterface $request * @param ResponseInterface $response + * * @return array */ - function check(RequestInterface $request, ResponseInterface $response) { - + public function check(RequestInterface $request, ResponseInterface $response) + { $auth = new HTTP\Auth\Bearer( $this->realm, $request, @@ -97,10 +98,10 @@ abstract class AbstractBearer implements BackendInterface { } $principalUrl = $this->validateBearerToken($bearerToken); if (!$principalUrl) { - return [false, "Bearer token was incorrect"]; + return [false, 'Bearer token was incorrect']; } - return [true, $principalUrl]; + return [true, $principalUrl]; } /** @@ -120,19 +121,16 @@ abstract class AbstractBearer implements BackendInterface { * append your own WWW-Authenticate header instead of overwriting the * existing one. * - * @param RequestInterface $request + * @param RequestInterface $request * @param ResponseInterface $response - * @return void */ - function challenge(RequestInterface $request, ResponseInterface $response) { - + public function challenge(RequestInterface $request, ResponseInterface $response) + { $auth = new HTTP\Auth\Bearer( $this->realm, $request, $response ); $auth->requireLogin(); - } - } diff --git a/vendor/sabre/dav/lib/DAV/Auth/Backend/AbstractDigest.php b/vendor/sabre/dav/lib/DAV/Auth/Backend/AbstractDigest.php index 4b47f56c9..06c9ed3a4 100644 --- a/vendor/sabre/dav/lib/DAV/Auth/Backend/AbstractDigest.php +++ b/vendor/sabre/dav/lib/DAV/Auth/Backend/AbstractDigest.php @@ -1,5 +1,7 @@ <?php +declare(strict_types=1); + namespace Sabre\DAV\Auth\Backend; use Sabre\DAV; @@ -8,7 +10,7 @@ use Sabre\HTTP\RequestInterface; use Sabre\HTTP\ResponseInterface; /** - * HTTP Digest authentication backend class + * HTTP Digest authentication backend class. * * This class can be used by authentication objects wishing to use HTTP Digest * Most of the digest logic is handled, implementors just need to worry about @@ -18,8 +20,8 @@ use Sabre\HTTP\ResponseInterface; * @author Evert Pot (http://evertpot.com/) * @license http://sabre.io/license/ Modified BSD License */ -abstract class AbstractDigest implements BackendInterface { - +abstract class AbstractDigest implements BackendInterface +{ /** * Authentication Realm. * @@ -45,12 +47,10 @@ abstract class AbstractDigest implements BackendInterface { * existing hashes will break and nobody can authenticate. * * @param string $realm - * @return void */ - function setRealm($realm) { - + public function setRealm($realm) + { $this->realm = $realm; - } /** @@ -60,9 +60,10 @@ abstract class AbstractDigest implements BackendInterface { * * @param string $realm * @param string $username + * * @return string|null */ - abstract function getDigestHash($realm, $username); + abstract public function getDigestHash($realm, $username); /** * When this method is called, the backend must check if authentication was @@ -88,12 +89,13 @@ abstract class AbstractDigest implements BackendInterface { * * principals/users/[username] * - * @param RequestInterface $request + * @param RequestInterface $request * @param ResponseInterface $response + * * @return array */ - function check(RequestInterface $request, ResponseInterface $response) { - + public function check(RequestInterface $request, ResponseInterface $response) + { $digest = new HTTP\Auth\Digest( $this->realm, $request, @@ -110,8 +112,8 @@ abstract class AbstractDigest implements BackendInterface { $hash = $this->getDigestHash($this->realm, $username); // If this was false, the user account didn't exist - if ($hash === false || is_null($hash)) { - return [false, "Username or password was incorrect"]; + if (false === $hash || is_null($hash)) { + return [false, 'Username or password was incorrect']; } if (!is_string($hash)) { throw new DAV\Exception('The returned value from getDigestHash must be a string or null'); @@ -119,11 +121,10 @@ abstract class AbstractDigest implements BackendInterface { // If this was false, the password or part of the hash was incorrect. if (!$digest->validateA1($hash)) { - return [false, "Username or password was incorrect"]; + return [false, 'Username or password was incorrect']; } - return [true, $this->principalPrefix . $username]; - + return [true, $this->principalPrefix.$username]; } /** @@ -143,12 +144,11 @@ abstract class AbstractDigest implements BackendInterface { * append your own WWW-Authenticate header instead of overwriting the * existing one. * - * @param RequestInterface $request + * @param RequestInterface $request * @param ResponseInterface $response - * @return void */ - function challenge(RequestInterface $request, ResponseInterface $response) { - + public function challenge(RequestInterface $request, ResponseInterface $response) + { $auth = new HTTP\Auth\Digest( $this->realm, $request, @@ -162,7 +162,5 @@ abstract class AbstractDigest implements BackendInterface { // Preventing the digest utility from modifying the http status code, // this should be handled by the main plugin. $response->setStatus($oldStatus); - } - } diff --git a/vendor/sabre/dav/lib/DAV/Auth/Backend/Apache.php b/vendor/sabre/dav/lib/DAV/Auth/Backend/Apache.php index e203d2685..201fe615c 100644 --- a/vendor/sabre/dav/lib/DAV/Auth/Backend/Apache.php +++ b/vendor/sabre/dav/lib/DAV/Auth/Backend/Apache.php @@ -1,24 +1,26 @@ <?php +declare(strict_types=1); + namespace Sabre\DAV\Auth\Backend; use Sabre\HTTP\RequestInterface; use Sabre\HTTP\ResponseInterface; /** - * Apache authenticator + * Apache (or NGINX) authenticator. * * This authentication backend assumes that authentication has been - * configured in apache, rather than within SabreDAV. + * configured in apache (or NGINX), rather than within SabreDAV. * - * Make sure apache is properly configured for this to work. + * Make sure apache (or NGINX) is properly configured for this to work. * * @copyright Copyright (C) fruux GmbH (https://fruux.com/) * @author Evert Pot (http://evertpot.com/) * @license http://sabre.io/license/ Modified BSD License */ -class Apache implements BackendInterface { - +class Apache implements BackendInterface +{ /** * This is the prefix that will be used to generate principal urls. * @@ -50,22 +52,25 @@ class Apache implements BackendInterface { * * principals/users/[username] * - * @param RequestInterface $request + * @param RequestInterface $request * @param ResponseInterface $response + * * @return array */ - function check(RequestInterface $request, ResponseInterface $response) { - + public function check(RequestInterface $request, ResponseInterface $response) + { $remoteUser = $request->getRawServerValue('REMOTE_USER'); if (is_null($remoteUser)) { $remoteUser = $request->getRawServerValue('REDIRECT_REMOTE_USER'); } if (is_null($remoteUser)) { - return [false, 'No REMOTE_USER property was found in the PHP $_SERVER super-global. This likely means your server is not configured correctly']; + $remoteUser = $request->getRawServerValue('PHP_AUTH_USER'); + } + if (is_null($remoteUser)) { + return [false, 'No REMOTE_USER, REDIRECT_REMOTE_USER, or PHP_AUTH_USER property was found in the PHP $_SERVER super-global. This likely means your server is not configured correctly']; } - return [true, $this->principalPrefix . $remoteUser]; - + return [true, $this->principalPrefix.$remoteUser]; } /** @@ -85,12 +90,10 @@ class Apache implements BackendInterface { * append your own WWW-Authenticate header instead of overwriting the * existing one. * - * @param RequestInterface $request + * @param RequestInterface $request * @param ResponseInterface $response - * @return void */ - function challenge(RequestInterface $request, ResponseInterface $response) { - + public function challenge(RequestInterface $request, ResponseInterface $response) + { } - } diff --git a/vendor/sabre/dav/lib/DAV/Auth/Backend/BackendInterface.php b/vendor/sabre/dav/lib/DAV/Auth/Backend/BackendInterface.php index 0fb2210f4..8598791fb 100644 --- a/vendor/sabre/dav/lib/DAV/Auth/Backend/BackendInterface.php +++ b/vendor/sabre/dav/lib/DAV/Auth/Backend/BackendInterface.php @@ -1,5 +1,7 @@ <?php +declare(strict_types=1); + namespace Sabre\DAV\Auth\Backend; use Sabre\HTTP\RequestInterface; @@ -12,8 +14,8 @@ use Sabre\HTTP\ResponseInterface; * @author Evert Pot (http://evertpot.com/) * @license http://sabre.io/license/ Modified BSD License */ -interface BackendInterface { - +interface BackendInterface +{ /** * When this method is called, the backend must check if authentication was * successful. @@ -38,11 +40,12 @@ interface BackendInterface { * * principals/users/[username] * - * @param RequestInterface $request + * @param RequestInterface $request * @param ResponseInterface $response + * * @return array */ - function check(RequestInterface $request, ResponseInterface $response); + public function check(RequestInterface $request, ResponseInterface $response); /** * This method is called when a user could not be authenticated, and @@ -61,10 +64,8 @@ interface BackendInterface { * append your own WWW-Authenticate header instead of overwriting the * existing one. * - * @param RequestInterface $request + * @param RequestInterface $request * @param ResponseInterface $response - * @return void */ - function challenge(RequestInterface $request, ResponseInterface $response); - + public function challenge(RequestInterface $request, ResponseInterface $response); } diff --git a/vendor/sabre/dav/lib/DAV/Auth/Backend/BasicCallBack.php b/vendor/sabre/dav/lib/DAV/Auth/Backend/BasicCallBack.php index 7ad8f48b2..aab3c5e1c 100644 --- a/vendor/sabre/dav/lib/DAV/Auth/Backend/BasicCallBack.php +++ b/vendor/sabre/dav/lib/DAV/Auth/Backend/BasicCallBack.php @@ -1,5 +1,7 @@ <?php +declare(strict_types=1); + namespace Sabre\DAV\Auth\Backend; /** @@ -14,10 +16,10 @@ namespace Sabre\DAV\Auth\Backend; * @author Evert Pot (http://evertpot.com/) * @license http://sabre.io/license/ Modified BSD License */ -class BasicCallBack extends AbstractBasic { - +class BasicCallBack extends AbstractBasic +{ /** - * Callback + * Callback. * * @var callable */ @@ -30,29 +32,27 @@ class BasicCallBack extends AbstractBasic { * password. * * @param callable $callBack - * @return void */ - function __construct(callable $callBack) { - + public function __construct(callable $callBack) + { $this->callBack = $callBack; - } /** - * Validates a username and password + * Validates a username and password. * * This method should return true or false depending on if login * succeeded. * * @param string $username * @param string $password + * * @return bool */ - protected function validateUserPass($username, $password) { - + protected function validateUserPass($username, $password) + { $cb = $this->callBack; - return $cb($username, $password); + return $cb($username, $password); } - } diff --git a/vendor/sabre/dav/lib/DAV/Auth/Backend/File.php b/vendor/sabre/dav/lib/DAV/Auth/Backend/File.php index 3a687d747..ea2d39679 100644 --- a/vendor/sabre/dav/lib/DAV/Auth/Backend/File.php +++ b/vendor/sabre/dav/lib/DAV/Auth/Backend/File.php @@ -1,5 +1,7 @@ <?php +declare(strict_types=1); + namespace Sabre\DAV\Auth\Backend; use Sabre\DAV; @@ -13,10 +15,10 @@ use Sabre\DAV; * @author Evert Pot (http://evertpot.com/) * @license http://sabre.io/license/ Modified BSD License */ -class File extends AbstractDigest { - +class File extends AbstractDigest +{ /** - * List of users + * List of users. * * @var array */ @@ -29,11 +31,11 @@ class File extends AbstractDigest { * * @param string|null $filename */ - function __construct($filename = null) { - - if (!is_null($filename)) + public function __construct($filename = null) + { + if (!is_null($filename)) { $this->loadFile($filename); - + } } /** @@ -41,37 +43,32 @@ class File extends AbstractDigest { * more than 1 file is used. * * @param string $filename - * @return void */ - function loadFile($filename) { - + public function loadFile($filename) + { foreach (file($filename, FILE_IGNORE_NEW_LINES) as $line) { - - if (substr_count($line, ":") !== 2) + if (2 !== substr_count($line, ':')) { throw new DAV\Exception('Malformed htdigest file. Every line should contain 2 colons'); - + } list($username, $realm, $A1) = explode(':', $line); - if (!preg_match('/^[a-zA-Z0-9]{32}$/', $A1)) + if (!preg_match('/^[a-zA-Z0-9]{32}$/', $A1)) { throw new DAV\Exception('Malformed htdigest file. Invalid md5 hash'); - - $this->users[$realm . ':' . $username] = $A1; - + } + $this->users[$realm.':'.$username] = $A1; } - } /** - * Returns a users' information + * Returns a users' information. * * @param string $realm * @param string $username + * * @return string */ - function getDigestHash($realm, $username) { - - return isset($this->users[$realm . ':' . $username]) ? $this->users[$realm . ':' . $username] : false; - + public function getDigestHash($realm, $username) + { + return isset($this->users[$realm.':'.$username]) ? $this->users[$realm.':'.$username] : false; } - } diff --git a/vendor/sabre/dav/lib/DAV/Auth/Backend/IMAP.php b/vendor/sabre/dav/lib/DAV/Auth/Backend/IMAP.php new file mode 100644 index 000000000..3a1831116 --- /dev/null +++ b/vendor/sabre/dav/lib/DAV/Auth/Backend/IMAP.php @@ -0,0 +1,82 @@ +<?php + +namespace Sabre\DAV\Auth\Backend; + +/** + * This is an authentication backend that uses imap. + * + * @copyright Copyright (C) fruux GmbH (https://fruux.com/) + * @author Michael Niewöhner (foss@mniewoehner.de) + * @author rosali (https://github.com/rosali) + * @author Evert Pot (http://evertpot.com/) + * @license http://sabre.io/license/ Modified BSD License + */ +class IMAP extends AbstractBasic +{ + /** + * IMAP server in the form {host[:port][/flag1/flag2...]}. + * + * @see http://php.net/manual/en/function.imap-open.php + * + * @var string + */ + protected $mailbox; + + /** + * Creates the backend object. + * + * @param string $mailbox + */ + public function __construct($mailbox) + { + $this->mailbox = $mailbox; + } + + /** + * Connects to an IMAP server and tries to authenticate. + * + * @param string $username + * @param string $password + * + * @return bool + */ + protected function imapOpen($username, $password) + { + $success = false; + + try { + $imap = imap_open($this->mailbox, $username, $password, OP_HALFOPEN | OP_READONLY, 1); + if ($imap) { + $success = true; + } + } catch (\ErrorException $e) { + error_log($e->getMessage()); + } + + $errors = imap_errors(); + if ($errors) { + foreach ($errors as $error) { + error_log($error); + } + } + + if (isset($imap) && $imap) { + imap_close($imap); + } + + return $success; + } + + /** + * Validates a username and password by trying to authenticate against IMAP. + * + * @param string $username + * @param string $password + * + * @return bool + */ + protected function validateUserPass($username, $password) + { + return $this->imapOpen($username, $password); + } +} diff --git a/vendor/sabre/dav/lib/DAV/Auth/Backend/PDO.php b/vendor/sabre/dav/lib/DAV/Auth/Backend/PDO.php index c2f6de974..87ead6fcd 100644 --- a/vendor/sabre/dav/lib/DAV/Auth/Backend/PDO.php +++ b/vendor/sabre/dav/lib/DAV/Auth/Backend/PDO.php @@ -1,5 +1,7 @@ <?php +declare(strict_types=1); + namespace Sabre\DAV\Auth\Backend; /** @@ -9,23 +11,22 @@ namespace Sabre\DAV\Auth\Backend; * @author Evert Pot (http://evertpot.com/) * @license http://sabre.io/license/ Modified BSD License */ -class PDO extends AbstractDigest { - +class PDO extends AbstractDigest +{ /** - * Reference to PDO connection + * Reference to PDO connection. * * @var PDO */ protected $pdo; /** - * PDO table name we'll be using + * PDO table name we'll be using. * * @var string */ public $tableName = 'users'; - /** * Creates the backend object. * @@ -33,10 +34,9 @@ class PDO extends AbstractDigest { * * @param \PDO $pdo */ - function __construct(\PDO $pdo) { - + public function __construct(\PDO $pdo) + { $this->pdo = $pdo; - } /** @@ -44,14 +44,14 @@ class PDO extends AbstractDigest { * * @param string $realm * @param string $username + * * @return string|null */ - function getDigestHash($realm, $username) { - - $stmt = $this->pdo->prepare('SELECT digesta1 FROM ' . $this->tableName . ' WHERE username = ?'); + public function getDigestHash($realm, $username) + { + $stmt = $this->pdo->prepare('SELECT digesta1 FROM '.$this->tableName.' WHERE username = ?'); $stmt->execute([$username]); - return $stmt->fetchColumn() ?: null; + return $stmt->fetchColumn() ?: null; } - } |