From 66effbfe0827fc61fff6d248797a894213ad20d6 Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Sat, 28 May 2016 17:46:24 +0200 Subject: upgrade to sabre32 --- .../dav/lib/DAV/Auth/Backend/AbstractDigest.php | 6 + vendor/sabre/dav/lib/DAV/Auth/Plugin.php | 126 ++++++++++++++++----- 2 files changed, 105 insertions(+), 27 deletions(-) (limited to 'vendor/sabre/dav/lib/DAV/Auth') diff --git a/vendor/sabre/dav/lib/DAV/Auth/Backend/AbstractDigest.php b/vendor/sabre/dav/lib/DAV/Auth/Backend/AbstractDigest.php index 0251decc1..85c5f30d5 100644 --- a/vendor/sabre/dav/lib/DAV/Auth/Backend/AbstractDigest.php +++ b/vendor/sabre/dav/lib/DAV/Auth/Backend/AbstractDigest.php @@ -155,8 +155,14 @@ abstract class AbstractDigest implements BackendInterface { $response ); $auth->init(); + + $oldStatus = $response->getStatus() ?: 200; $auth->requireLogin(); + // Preventing the digest utility from modifying the http status code, + // this should be handled by the main plugin. + $response->setStatus($oldStatus); + } } diff --git a/vendor/sabre/dav/lib/DAV/Auth/Plugin.php b/vendor/sabre/dav/lib/DAV/Auth/Plugin.php index 818d8a4ad..4b5f35ac3 100644 --- a/vendor/sabre/dav/lib/DAV/Auth/Plugin.php +++ b/vendor/sabre/dav/lib/DAV/Auth/Plugin.php @@ -4,7 +4,6 @@ namespace Sabre\DAV\Auth; use Sabre\HTTP\RequestInterface; use Sabre\HTTP\ResponseInterface; -use Sabre\HTTP\URLUtil; use Sabre\DAV\Exception\NotAuthenticated; use Sabre\DAV\Server; use Sabre\DAV\ServerPlugin; @@ -25,6 +24,20 @@ use Sabre\DAV\ServerPlugin; */ class Plugin extends ServerPlugin { + /** + * By default this plugin will require that the user is authenticated, + * and refuse any access if the user is not authenticated. + * + * If this setting is set to false, we let the user through, whether they + * are authenticated or not. + * + * This is useful if you want to allow both authenticated and + * unauthenticated access to your server. + * + * @param bool + */ + public $autoRequireLogin = true; + /** * authentication backends */ @@ -107,27 +120,6 @@ class Plugin extends ServerPlugin { } - /** - * Returns the current username. - * - * This method is deprecated and is only kept for backwards compatibility - * purposes. Please switch to getCurrentPrincipal(). - * - * @deprecated Will be removed in a future version! - * @return string|null - */ - function getCurrentUser() { - - // We just do a 'basename' on the principal to give back a sane value - // here. - list(, $userName) = URLUtil::splitPath( - $this->getCurrentPrincipal() - ); - - return $userName; - - } - /** * This method is called before any HTTP method and forces users to be authenticated * @@ -154,6 +146,50 @@ class Plugin extends ServerPlugin { return; } + + $authResult = $this->check($request, $response); + + if ($authResult[0]) { + // Auth was successful + $this->currentPrincipal = $authResult[1]; + $this->loginFailedReasons = null; + return; + } + + + + // If we got here, it means that no authentication backend was + // successful in authenticating the user. + $this->currentPrincipal = null; + $this->loginFailedReasons = $authResult[1]; + + if ($this->autoRequireLogin) { + $this->challenge($request, $response); + throw new NotAuthenticated(implode(', ', $authResult[1])); + } + + } + + /** + * Checks authentication credentials, and logs the user in if possible. + * + * This method returns an array. The first item in the array is a boolean + * indicating if login was successful. + * + * If login was successful, the second item in the array will contain the + * current principal url/path of the logged in user. + * + * If login was not successful, the second item in the array will contain a + * an array with strings. The strings are a list of reasons why login was + * unsuccesful. For every auth backend there will be one reason, so usually + * there's just one. + * + * @param RequestInterface $request + * @param ResponseInterface $response + * @return array + */ + function check(RequestInterface $request, ResponseInterface $response) { + if (!$this->backends) { throw new \Sabre\DAV\Exception('No authentication backends were configured on this server.'); } @@ -172,20 +208,56 @@ class Plugin extends ServerPlugin { if ($result[0]) { $this->currentPrincipal = $result[1]; // Exit early - return; + return [true, $result[1]]; } $reasons[] = $result[1]; } - // If we got here, it means that no authentication backend was - // successful in authenticating the user. - $this->currentPrincipal = null; + return [false, $reasons]; + + } + + /** + * This method sends authentication challenges to the user. + * + * This method will for example cause a HTTP Basic backend to set a + * WWW-Authorization header, indicating to the client that it should + * authenticate. + * + * @param RequestInterface $request + * @param ResponseInterface $response + * @return array + */ + function challenge(RequestInterface $request, ResponseInterface $response) { foreach ($this->backends as $backend) { $backend->challenge($request, $response); } - throw new NotAuthenticated(implode(', ', $reasons)); + + } + + /** + * List of reasons why login failed for the last login operation. + * + * @var string[]|null + */ + protected $loginFailedReasons; + + /** + * Returns a list of reasons why login was unsuccessful. + * + * This method will return the login failed reasons for the last login + * operation. One for each auth backend. + * + * This method returns null if the last authentication attempt was + * successful, or if there was no authentication attempt yet. + * + * @return string[]|null + */ + function getLoginFailedReasons() { + + return $this->loginFailedReasons; } -- cgit v1.2.3