alpcentaur
/
sncf-docker-compose
mirror of https://git.42l.fr/alpcentaur/sncf-docker-compose.git
1
0
Fork 0
Code Issues 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
20 MiB
Tree: df7e20de4b
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'df7e20de4b'
${ noResults }
sncf-docker-compose/docker/overlays/nextcloud/html/lib/public/AppFramework/AuthPublicShareController.php

212 lines
5.2 KiB
Raw Normal View History

first commit
3 years ago
 
  1. <?php
  2. /**
  3.  * @copyright 2018, Roeland Jago Douma <roeland@famdouma.nl>
  4.  *
  5.  * @author Joas Schilling <coding@schilljs.com>
  6.  * @author Roeland Jago Douma <roeland@famdouma.nl>
  7.  * @author Tim Obert <tobert@w-commerce.de>
  8.  * @author TimObert <tobert@w-commerce.de>
  9.  *
  10.  * @license GNU AGPL version 3 or any later version
  11.  *
  12.  * This program is free software: you can redistribute it and/or modify
  13.  * it under the terms of the GNU Affero General Public License as
  14.  * published by the Free Software Foundation, either version 3 of the
  15.  * License, or (at your option) any later version.
  16.  *
  17.  * This program is distributed in the hope that it will be useful,
  18.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  19.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  20.  * GNU Affero General Public License for more details.
  21.  *
  22.  * You should have received a copy of the GNU Affero General Public License
  23.  * along with this program. If not, see <http://www.gnu.org/licenses/>.
  24.  *
  25.  */
  26. declare(strict_types=1);
  27. 

  28. namespace OCP\AppFramework;
  29. 

  30. use OCP\AppFramework\Http\RedirectResponse;
  31. use OCP\AppFramework\Http\TemplateResponse;
  32. use OCP\IRequest;
  33. use OCP\ISession;
  34. use OCP\IURLGenerator;
  35. 

  36. /**
  37.  * Base controller for interactive public shares
  38.  *
  39.  * It will verify if the user is properly authenticated to the share. If not the
  40.  * user will be redirected to an authentication page.
  41.  *
  42.  * Use this for a controller that is to be called directly by a user. So the
  43.  * normal public share page for files/calendars etc.
  44.  *
  45.  * @since 14.0.0
  46.  */
  47. abstract class AuthPublicShareController extends PublicShareController {
  48. 

  49. 	/** @var IURLGenerator */
  50. 	protected $urlGenerator;
  51. 

  52. 	/**
  53. 	 * @since 14.0.0
  54. 	 */
  55. 	public function __construct(string $appName,
  56. 								IRequest $request,
  57. 								ISession $session,
  58. 								IURLGenerator $urlGenerator) {
  59. 		parent::__construct($appName, $request, $session);
  60. 

  61. 		$this->urlGenerator = $urlGenerator;
  62. 	}
  63. 

  64. 	/**
  65. 	 * @PublicPage
  66. 	 * @NoCSRFRequired
  67. 	 *
  68. 	 * Show the authentication page
  69. 	 * The form has to submit to the authenticate method route
  70. 	 *
  71. 	 * @since 14.0.0
  72. 	 */
  73. 	public function showAuthenticate(): TemplateResponse {
  74. 		return new TemplateResponse('core', 'publicshareauth', [], 'guest');
  75. 	}
  76. 

  77. 	/**
  78. 	 * The template to show when authentication failed
  79. 	 *
  80. 	 * @since 14.0.0
  81. 	 */
  82. 	protected function showAuthFailed(): TemplateResponse {
  83. 		return new TemplateResponse('core', 'publicshareauth', ['wrongpw' => true], 'guest');
  84. 	}
  85. 

  86. 	/**
  87. 	 * Verify the password
  88. 	 *
  89. 	 * @since 14.0.0
  90. 	 */
  91. 	abstract protected function verifyPassword(string $password): bool;
  92. 

  93. 	/**
  94. 	 * Function called after failed authentication
  95. 	 *
  96. 	 * You can use this to do some logging for example
  97. 	 *
  98. 	 * @since 14.0.0
  99. 	 */
  100. 	protected function authFailed() {
  101. 	}
  102. 

  103. 	/**
  104. 	 * Function called after successfull authentication
  105. 	 *
  106. 	 * You can use this to do some logging for example
  107. 	 *
  108. 	 * @since 14.0.0
  109. 	 */
  110. 	protected function authSucceeded() {
  111. 	}
  112. 

  113. 	/**
  114. 	 * @UseSession
  115. 	 * @PublicPage
  116. 	 * @BruteForceProtection(action=publicLinkAuth)
  117. 	 *
  118. 	 * Authenticate the share
  119. 	 *
  120. 	 * @since 14.0.0
  121. 	 */
  122. 	final public function authenticate(string $password = '') {
  123. 		// Already authenticated

  124. 		if ($this->isAuthenticated()) {
  125. 			return $this->getRedirect();
  126. 		}
  127. 

  128. 		if (!$this->verifyPassword($password)) {
  129. 			$this->authFailed();
  130. 			$response = $this->showAuthFailed();
  131. 			$response->throttle();
  132. 			return $response;
  133. 		}
  134. 

  135. 		$this->session->regenerateId(true, true);
  136. 		$response = $this->getRedirect();
  137. 

  138. 		$this->session->set('public_link_authenticated_token', $this->getToken());
  139. 		$this->session->set('public_link_authenticated_password_hash', $this->getPasswordHash());
  140. 

  141. 		$this->authSucceeded();
  142. 

  143. 		return $response;
  144. 	}
  145. 

  146. 	/**
  147. 	 * Default landing page
  148. 	 *
  149. 	 * @since 14.0.0
  150. 	 */
  151. 	abstract public function showShare(): TemplateResponse;
  152. 

  153. 	/**
  154. 	 * @since 14.0.0
  155. 	 */
  156. 	final public function getAuthenticationRedirect(string $redirect): RedirectResponse {
  157. 		return new RedirectResponse(
  158. 			$this->urlGenerator->linkToRoute($this->getRoute('showAuthenticate'), ['token' => $this->getToken(), 'redirect' => $redirect])
  159. 		);
  160. 	}
  161. 

  162. 

  163. 	/**
  164. 	 * @since 14.0.0
  165. 	 */
  166. 	private function getRoute(string $function): string {
  167. 		$app = strtolower($this->appName);
  168. 		$class = (new \ReflectionClass($this))->getShortName();
  169. 		if (substr($class, -10) === 'Controller') {
  170. 			$class = substr($class, 0, -10);
  171. 		}
  172. 		return $app .'.'. $class .'.'. $function;
  173. 	}
  174. 

  175. 	/**
  176. 	 * @since 14.0.0
  177. 	 */
  178. 	private function getRedirect(): RedirectResponse {
  179. 		//Get all the stored redirect parameters:

  180. 		$params = $this->session->get('public_link_authenticate_redirect');
  181. 

  182. 		$route = $this->getRoute('showShare');
  183. 

  184. 		if ($params === null) {
  185. 			$params = [
  186. 				'token' => $this->getToken(),
  187. 			];
  188. 		} else {
  189. 			$params = json_decode($params, true);
  190. 			if (isset($params['_route'])) {
  191. 				$route = $params['_route'];
  192. 				unset($params['_route']);
  193. 			}
  194. 

  195. 			// If the token doesn't match the rest of the arguments can't be trusted either

  196. 			if (isset($params['token']) && $params['token'] !== $this->getToken()) {
  197. 				$params = [
  198. 					'token' => $this->getToken(),
  199. 				];
  200. 			}
  201. 

  202. 			// We need a token

  203. 			if (!isset($params['token'])) {
  204. 				$params = [
  205. 					'token' => $this->getToken(),
  206. 				];
  207. 			}
  208. 		}
  209. 

  210. 		return new RedirectResponse($this->urlGenerator->linkToRoute($route, $params));
  211. 	}
  212. }