diff options
| author | Sixto Martin <smartin@yaco.es> | 2013-07-16 15:43:44 +0400 |
|---|---|---|
| committer | Sixto Martin <smartin@yaco.es> | 2013-07-16 15:43:44 +0400 |
| commit | 1791489b4bc716b7f92f2f3a3eb3772046d71a9e (patch) | |
| tree | 07a5af49253d061756643246df1d39a8c3c2e0f8 /user_saml | |
| parent | a1d470e6615bf9c953eca85530e45ef9a771ff0c (diff) | |
Add force_login_param, csrf protection
Diffstat (limited to 'user_saml')
| -rw-r--r-- | user_saml/CHANGELOG.txt | 7 | ||||
| -rw-r--r-- | user_saml/README.md | 9 | ||||
| -rw-r--r-- | user_saml/appinfo/app.php | 24 | ||||
| -rw-r--r-- | user_saml/appinfo/info.xml | 2 | ||||
| -rw-r--r-- | user_saml/appinfo/version | 2 | ||||
| -rw-r--r-- | user_saml/settings.php | 6 | ||||
| -rw-r--r-- | user_saml/templates/settings.php | 1 | ||||
| -rw-r--r-- | user_saml/user_saml.php | 2 |
8 files changed, 44 insertions, 9 deletions
diff --git a/user_saml/CHANGELOG.txt b/user_saml/CHANGELOG.txt index da5fffd9f..6f46130cd 100644 --- a/user_saml/CHANGELOG.txt +++ b/user_saml/CHANGELOG.txt @@ -1,6 +1,13 @@ CHANGELOG ========= +Version 0.4 (Tested with OwnCloud 5.0.8) +---------------------------------------- + +* Add csrf protection on setting form +* Add a config param to force the saml login + + Version 0.3 (Tested with OwnCloud 4.5.2) ---------------------------------------- diff --git a/user_saml/README.md b/user_saml/README.md index 41f4d91d5..a746da9b4 100644 --- a/user_saml/README.md +++ b/user_saml/README.md @@ -20,7 +20,7 @@ To learn how to do this check this documentation: STEPS ----- -1. Copy the 'user_saml' folder inside the ownCloud's apps folder and give to apache server privileges on whole the folder. +1. Copy the `user_saml` folder inside the ownCloud's apps folder and give to apache server privileges on whole the folder. 2. Access to ownCloud web with an user with admin privileges. 3. Access to the Appications pannel and enable the SAML app. 4. Access to the Administration pannel and configure the SAML app. @@ -45,8 +45,13 @@ EXTRA INFO Ex. ?app=user_saml&linktoapp=files&linktoargs=file%3d%2ftest%2ftest_file.txt%26getfile%3ddownload.php ?app=user_saml&linktoapp=files&linktoargs=dir%3d%2ftest +* There is a parameter in the settings named `force_saml_login` to avoid the login form, redirecting directly to the IdP when accesing owncloud. + If you are an admin and you want to log in using the login form, then use the GET param `admin_login` to deactivate the forced redirection. NOTES ===== -If you had an older version of this plugin installed and the SAML link no appears at the main view, edit the index.php and set the $RUNTIME_NOAPPS to FALSE; +If you had an older version of this plugin installed and the SAML link no appears at the main view, edit the index.php and set the $RUNTIME_NOAPPS to FALSE; + + + diff --git a/user_saml/appinfo/app.php b/user_saml/appinfo/app.php index 8259d786f..b3ac041a2 100644 --- a/user_saml/appinfo/app.php +++ b/user_saml/appinfo/app.php @@ -54,7 +54,7 @@ if (OCP\App::isEnabled('user_saml')) { if (isset($_GET["linktoapp"])) { $path = OC::$WEBROOT . '/?app='.$_GET["linktoapp"]; - if (isset($_GET["linktoargs"])) { + if (isset($_GET["linktoargs"])) { $path .= '&'.urldecode($_GET["linktoargs"]); } header( 'Location: ' . $path); @@ -65,10 +65,26 @@ if (OCP\App::isEnabled('user_saml')) { OC_Util::redirectToDefaultPage(); } - if (!OCP\User::isLoggedIn()) { + $forceLogin = OCP\Config::getAppValue('user_saml', 'saml_force_saml_login', false); + if($forceLogin && !isset($_GET['admin_login'])) { + require_once 'user_saml/auth.php'; + + if (isset($_GET["linktoapp"])) { + $path = OC::$WEBROOT . '/?app='.$_GET["linktoapp"]; + if (isset($_GET["linktoargs"])) { + $path .= '&'.urldecode($_GET["linktoargs"]); + } + header( 'Location: ' . $path); + exit(); + } - // Load js code in order to render the SAML link and to hide parts of the normal login form - OCP\Util::addScript('user_saml', 'utils'); + OC::$REQUESTEDAPP = ''; + OC_Util::redirectToDefaultPage(); + } + else { + // Load js code in order to render the SAML link and to hide parts of the normal login form + OCP\Util::addScript('user_saml', 'utils'); + } } } diff --git a/user_saml/appinfo/info.xml b/user_saml/appinfo/info.xml index ac5b8ba4c..4d786cc97 100644 --- a/user_saml/appinfo/info.xml +++ b/user_saml/appinfo/info.xml @@ -5,7 +5,7 @@ <description>Authenticate Users by SAML</description> <licence>AGPL</licence> <author>Sixto Martin @ Yaco Sistemas</author> - <require>4.93</require> + <require>5</require> <types> <prelogin/> <authentication/> diff --git a/user_saml/appinfo/version b/user_saml/appinfo/version index be5863417..bd73f4707 100644 --- a/user_saml/appinfo/version +++ b/user_saml/appinfo/version @@ -1 +1 @@ -0.3 +0.4 diff --git a/user_saml/settings.php b/user_saml/settings.php index 5d930e251..464cd771c 100644 --- a/user_saml/settings.php +++ b/user_saml/settings.php @@ -23,11 +23,14 @@ OC_Util::checkAdminUser(); -$params = array('saml_ssp_path', 'saml_sp_source', 'saml_autocreate', 'saml_update_user_data', 'saml_protected_groups', 'saml_default_group', 'saml_username_mapping', 'saml_email_mapping', 'saml_group_mapping'); +$params = array('saml_ssp_path', 'saml_sp_source', 'saml_force_saml_login', 'saml_autocreate', 'saml_update_user_data', 'saml_protected_groups', 'saml_default_group', 'saml_username_mapping', 'saml_email_mapping', 'saml_group_mapping'); OCP\Util::addscript('user_saml', 'settings'); if ($_POST) { + // CSRF check + OCP\JSON::callCheck(); + foreach($params as $param) { if (isset($_POST[$param])) { OCP\Config::setAppValue('user_saml', $param, $_POST[$param]); @@ -52,6 +55,7 @@ foreach ($params as $param) { // settings with default values $tmpl->assign( 'saml_ssp_path', OCP\Config::getAppValue('user_saml', 'saml_ssp_path', '/var/www/sp/simplesamlphp')); $tmpl->assign( 'saml_sp_source', OCP\Config::getAppValue('user_saml', 'saml_sp_source', 'default-sp')); +$tmpl->assign( 'saml_force_saml_login', OCP\Config::getAppValue('user_saml', 'saml_force_saml_login', 0)); $tmpl->assign( 'saml_autocreate', OCP\Config::getAppValue('user_saml', 'saml_autocreate', 0)); $tmpl->assign( 'saml_update_user_data', OCP\Config::getAppValue('user_saml', 'saml_update_user_data', 0)); $tmpl->assign( 'saml_protected_groups', OCP\Config::getAppValue('user_saml', 'saml_protected_groups', '')); diff --git a/user_saml/templates/settings.php b/user_saml/templates/settings.php index 90d9764ae..51d4c97d3 100644 --- a/user_saml/templates/settings.php +++ b/user_saml/templates/settings.php @@ -11,6 +11,7 @@ <fieldset id="samlSettings-1"> <p><label for="saml_ssp_path"><?php p($l->t('SimpleSAMLphp path'));?></label><input type="text" id="saml_ssp_path" name="saml_ssp_path" value="<?php p($_['saml_ssp_path']); ?>"></p> <p><label for="saml_sp_source"><?php p($l->t('SimpleSAMLphp SP source'));?></label><input type="text" id="saml_sp_source" name="saml_sp_source" value="<?php p($_['saml_sp_source']); ?>"></p> + <p><label for="saml_force_saml_login"><?php p($l->t('Force SAML login?'));?></label><input type="checkbox" id="saml_force_saml_login" name="saml_force_saml_login" <?php p((($_['saml_force_saml_login'] != false) ? 'checked="checked"' : '')); ?>></p> <p><label for="saml_autocreate"><?php p($l->t('Autocreate user after saml login?'));?></label><input type="checkbox" id="saml_autocreate" name="saml_autocreate" <?php p((($_['saml_autocreate'] != false) ? 'checked="checked"' : '')); ?>></p> <p><label for="saml_update_user_data"><?php p($l->t('Update user data after login?'));?></label><input type="checkbox" id="saml_update_user_data" name="saml_update_user_data" <?php p((($_['saml_update_user_data'] != false) ? 'checked="checked"' : '')); ?>></p> <p><label for="saml_protected_groups"><?php p($l->t('Groups that will not be unlinked from the user when sync the IdP and the owncloud'));?></label><input type="text" id="saml_protected_groups" name="saml_protected_groups" value="<?php p($_['saml_protected_groups']); ?>" /></p> <?php p($l->t('(protected grop are multivalued, use comma to separate the values)')); ?> diff --git a/user_saml/user_saml.php b/user_saml/user_saml.php index c52619747..c771fcb67 100644 --- a/user_saml/user_saml.php +++ b/user_saml/user_saml.php @@ -26,6 +26,7 @@ class OC_USER_SAML extends OC_User_Backend { // cached settings protected $sspPath; protected $spSource; + public $forceLogin; public $autocreate; public $updateUserData; public $protectedGroups; @@ -39,6 +40,7 @@ class OC_USER_SAML extends OC_User_Backend { public function __construct() { $this->sspPath = OCP\Config::getAppValue('user_saml', 'saml_ssp_path', ''); $this->spSource = OCP\Config::getAppValue('user_saml', 'saml_sp_source', ''); + $this->forceLogin = OCP\Config::getAppValue('user_saml', 'saml_force_saml_login', false); $this->autocreate = OCP\Config::getAppValue('user_saml', 'saml_autocreate', false); $this->updateUserData = OCP\Config::getAppValue('user_saml', 'saml_update_user_data', false); $this->defaultGroup = OCP\Config::getAppValue('user_saml', 'saml_default_group', ''); |