diff options
| author | Roeland Jago Douma <rullzer@users.noreply.github.com> | 2019-09-10 22:16:12 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-09-10 22:16:12 +0300 |
| commit | f6806cc6d1dafa1150ccf924eba4c22fd9b0594c (patch) | |
| tree | ffe77377fd6d23a74128cec8c09b046fdf27d886 | |
| parent | f348b753b1c8a0d7bc5cbaa0f2b135c3f168c9e8 (diff) | |
| parent | 1a7ed9ae81aed3e106367320ccc14db7309d41ef (diff) | |
Merge pull request #17090 from nextcloud/backport/16790/stable17
[stable17] Allow admin configured mounts to use user configured global credentials
5 files changed, 82 insertions, 5 deletions
diff --git a/apps/files_external/js/statusmanager.js b/apps/files_external/js/statusmanager.js index bd423192521..0c0c8b36c74 100644 --- a/apps/files_external/js/statusmanager.js +++ b/apps/files_external/js/statusmanager.js @@ -93,7 +93,8 @@ OCA.Files_External.StatusManager = { status: statusCode, id: mountData.id, error: statusMessage, - userProvided: response.userProvided + userProvided: response.userProvided, + authMechanism: response.authMechanism }; } afterCallback(mountData, self.mountStatus[mountData.mount_point]); @@ -178,7 +179,7 @@ OCA.Files_External.StatusManager = { if (allMountStatus.hasOwnProperty(name) && allMountStatus[name].status > 0 && allMountStatus[name].status < 7) { var mountData = allMountStatus[name]; if (mountData.type === "system") { - if (mountData.userProvided) { + if (mountData.userProvided || mountData.authMechanism === 'password::global::user') { // personal mount whit credentials problems this.showCredentialsDialog(name, mountData); } else { diff --git a/apps/files_external/lib/AppInfo/Application.php b/apps/files_external/lib/AppInfo/Application.php index 7a9325414d8..57ef28f2ae0 100644 --- a/apps/files_external/lib/AppInfo/Application.php +++ b/apps/files_external/lib/AppInfo/Application.php @@ -45,6 +45,7 @@ use OCA\Files_External\Lib\Auth\PublicKey\RSA; use OCA\Files_External\Lib\Auth\OAuth2\OAuth2; use OCA\Files_External\Lib\Auth\OAuth1\OAuth1; use OCA\Files_External\Lib\Auth\Password\GlobalAuth; +use OCA\Files_External\Lib\Auth\Password\UserGlobalAuth; use OCA\Files_External\Lib\Auth\Password\UserProvided; use OCA\Files_External\Lib\Auth\Password\LoginCredentials; use OCA\Files_External\Lib\Auth\Password\SessionCredentials; @@ -136,6 +137,7 @@ class Application extends App implements IBackendProvider, IAuthMechanismProvide $container->query(LoginCredentials::class), $container->query(UserProvided::class), $container->query(GlobalAuth::class), + $container->query(UserGlobalAuth::class), // AuthMechanism::SCHEME_OAUTH1 mechanisms $container->query(OAuth1::class), diff --git a/apps/files_external/lib/Controller/UserGlobalStoragesController.php b/apps/files_external/lib/Controller/UserGlobalStoragesController.php index 22c9c867855..55d079e9c69 100644 --- a/apps/files_external/lib/Controller/UserGlobalStoragesController.php +++ b/apps/files_external/lib/Controller/UserGlobalStoragesController.php @@ -27,6 +27,7 @@ namespace OCA\Files_External\Controller; use OCA\Files_External\Lib\Auth\AuthMechanism; use OCA\Files_External\Lib\Auth\IUserProvided; +use OCA\Files_External\Lib\Auth\Password\UserGlobalAuth; use OCA\Files_External\Lib\InsufficientDataForMeaningfulAnswerException; use OCP\ILogger; use \OCP\IRequest; @@ -156,7 +157,7 @@ class UserGlobalStoragesController extends StoragesController { try { $storage = $this->service->getStorage($id); $authMechanism = $storage->getAuthMechanism(); - if ($authMechanism instanceof IUserProvided) { + if ($authMechanism instanceof IUserProvided || $authMechanism instanceof UserGlobalAuth) { $authMechanism->saveBackendOptions($this->userSession->getUser(), $id, $backendOptions); $authMechanism->manipulateStorageConfig($storage, $this->userSession->getUser()); } else { diff --git a/apps/files_external/lib/Lib/Auth/Password/UserGlobalAuth.php b/apps/files_external/lib/Lib/Auth/Password/UserGlobalAuth.php new file mode 100644 index 00000000000..8ea9ad0f785 --- /dev/null +++ b/apps/files_external/lib/Lib/Auth/Password/UserGlobalAuth.php @@ -0,0 +1,75 @@ +<?php declare(strict_types=1); +/** + * @copyright Copyright (c) 2019 Robin Appelman <robin@icewind.nl> + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ + +namespace OCA\Files_External\Lib\Auth\Password; + +use OCA\Files_External\Service\BackendService; +use OCP\IL10N; +use OCP\IUser; +use OCA\Files_External\Lib\Auth\AuthMechanism; +use OCA\Files_External\Lib\StorageConfig; +use OCP\Security\ICredentialsManager; +use OCA\Files_External\Lib\InsufficientDataForMeaningfulAnswerException; + +/** + * User provided Global Username and Password + */ +class UserGlobalAuth extends AuthMechanism { + + private const CREDENTIALS_IDENTIFIER = 'password::global'; + + /** @var ICredentialsManager */ + protected $credentialsManager; + + public function __construct(IL10N $l, ICredentialsManager $credentialsManager) { + $this->credentialsManager = $credentialsManager; + + $this + ->setIdentifier('password::global::user') + ->setVisibility(BackendService::VISIBILITY_DEFAULT) + ->setScheme(self::SCHEME_PASSWORD) + ->setText($l->t('Global credentials, user entered')); + } + + public function saveBackendOptions(IUser $user, $id, $backendOptions) { + // make sure we're not setting any unexpected keys + $credentials = [ + 'user' => $backendOptions['user'], + 'password' => $backendOptions['password'], + ]; + $this->credentialsManager->store($user->getUID(), self::CREDENTIALS_IDENTIFIER, $credentials); + } + + public function manipulateStorageConfig(StorageConfig &$storage, IUser $user = null) { + if ($user === null) { + throw new InsufficientDataForMeaningfulAnswerException('No credentials saved'); + } + + $uid = $user->getUID(); + $credentials = $this->credentialsManager->retrieve($uid, self::CREDENTIALS_IDENTIFIER); + + if (is_array($credentials)) { + $storage->setBackendOption('user', $credentials['user']); + $storage->setBackendOption('password', $credentials['password']); + } + } + +} diff --git a/apps/files_external/templates/settings.php b/apps/files_external/templates/settings.php index 1d1fcee1d8a..f94900dccde 100644 --- a/apps/files_external/templates/settings.php +++ b/apps/files_external/templates/settings.php @@ -188,7 +188,6 @@ <?php endif; ?> </form> -<?php if ($canCreateMounts): ?> <div class="followupsection"> <form autocomplete="false" action="#" id="global_credentials"> @@ -207,4 +206,3 @@ <input type="submit" value="<?php p($l->t('Save')) ?>"/> </form> </div> -<?php endif; ?> |