mirror of
https://github.com/netzbegruenung/user_saml.git
synced 2024-04-27 14:54:53 +02:00
Add switch to configure whether SAML auth is used for desktop clients
This commit is contained in:
parent
638e5f2c41
commit
6cdc174fdd
|
@ -31,7 +31,7 @@ $samlSettings = new \OCA\User_SAML\SAMLSettings(
|
|||
);
|
||||
|
||||
$userBackend = new \OCA\User_SAML\UserBackend(
|
||||
\OC::$server->getConfig(),
|
||||
$config,
|
||||
\OC::$server->getURLGenerator(),
|
||||
\OC::$server->getSession(),
|
||||
\OC::$server->getDb()
|
||||
|
@ -58,10 +58,17 @@ if(!$userSession->isLoggedIn() && \OC::$server->getRequest()->getPathInfo() ===
|
|||
// If a request to OCS or remote.php is sent by the official desktop clients it can
|
||||
// be intercepted as it supports SAML. All other clients don't yet and thus we
|
||||
// require the usage of application specific passwords there.
|
||||
$currentUrl = substr(explode('?',$request->getRequestUri(), 2)[0], strlen(\OC::$WEBROOT));
|
||||
if(substr($currentUrl, 0, 12) === '/remote.php/' || substr($currentUrl, 0, 5) === '/ocs/') {
|
||||
if(!$userSession->isLoggedIn() && $request->isUserAgent([\OC\AppFramework\Http\Request::USER_AGENT_OWNCLOUD_DESKTOP])) {
|
||||
$redirectSituation = true;
|
||||
//
|
||||
// However, it is an opt-in setting to use SAML for the desktop clients. For better
|
||||
// UX (users don't have to reauthenticate) we default to disallow the access via
|
||||
// SAML at the moment.
|
||||
$useSamlForDesktopClients = $config->getAppValue('user_saml', 'general-use_saml_auth_for_desktop', '0');
|
||||
if($useSamlForDesktopClients === '1') {
|
||||
$currentUrl = substr(explode('?',$request->getRequestUri(), 2)[0], strlen(\OC::$WEBROOT));
|
||||
if(substr($currentUrl, 0, 12) === '/remote.php/' || substr($currentUrl, 0, 5) === '/ocs/') {
|
||||
if(!$userSession->isLoggedIn() && $request->isUserAgent([\OC\AppFramework\Http\Request::USER_AGENT_OWNCLOUD_DESKTOP])) {
|
||||
$redirectSituation = true;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -5,9 +5,9 @@
|
|||
<description>Authenticates user against a SAML backend, such as Shibboleth.</description>
|
||||
<licence>AGPL</licence>
|
||||
<author>Lukas Reschke</author>
|
||||
<version>1.2.0</version>
|
||||
<version>1.2.1</version>
|
||||
<dependencies>
|
||||
<owncloud min-version="9.2" max-version="9.2" />
|
||||
<owncloud min-version="9.1" max-version="9.2" />
|
||||
</dependencies>
|
||||
<namespace>User_SAML</namespace>
|
||||
<types>
|
||||
|
|
30
appinfo/update.php
Normal file
30
appinfo/update.php
Normal file
|
@ -0,0 +1,30 @@
|
|||
<?php
|
||||
/**
|
||||
* @copyright Copyright (c) 2016 Lukas Reschke <lukas@nextcloud.com>
|
||||
*
|
||||
* @license GNU AGPL version 3 or any later version
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as
|
||||
* published by the Free Software Foundation, either version 3 of the
|
||||
* License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*
|
||||
*/
|
||||
|
||||
$config = \OC::$server->getConfig();
|
||||
$installedVersion = $config->getAppValue('user_saml', 'installed_version');
|
||||
|
||||
// Versions below 1.2.1 use SAML by default for the desktop client, this default
|
||||
// has been changed with 1.2.1. To not break existing installations the value gets
|
||||
// manually changed on update.
|
||||
if (version_compare($installedVersion, '1.2.1', '<')) {
|
||||
$config->setAppValue('user_saml', 'general-use_saml_auth_for_desktop', '0');
|
||||
}
|
|
@ -24,6 +24,7 @@
|
|||
namespace OCA\User_SAML\Settings;
|
||||
|
||||
use OCP\AppFramework\Http\TemplateResponse;
|
||||
use OCP\Defaults;
|
||||
use OCP\IL10N;
|
||||
use OCP\IURLGenerator;
|
||||
use OCP\Settings\ISettings;
|
||||
|
@ -31,18 +32,22 @@ use OCP\Settings\ISettings;
|
|||
class Admin implements ISettings {
|
||||
/** @var IL10N */
|
||||
private $l10n;
|
||||
|
||||
/** @var IURLGenerator */
|
||||
private $urlGenerator;
|
||||
/** @var Defaults */
|
||||
private $defaults;
|
||||
|
||||
/**
|
||||
* @param IL10N $l10n
|
||||
* @param IURLGenerator $urlGenerator
|
||||
* @param Defaults $defaults
|
||||
*/
|
||||
public function __construct(IL10N $l10n,
|
||||
IURLGenerator $urlGenerator) {
|
||||
IURLGenerator $urlGenerator,
|
||||
Defaults $defaults) {
|
||||
$this->l10n = $l10n;
|
||||
$this->urlGenerator = $urlGenerator;
|
||||
$this->defaults = $defaults;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -78,6 +83,10 @@ class Admin implements ISettings {
|
|||
'text' => $this->l10n->t('Only allow authentication if an account is existent on some other backend. (e.g. LDAP)'),
|
||||
'type' => 'checkbox',
|
||||
],
|
||||
'use_saml_auth_for_desktop' => [
|
||||
'text' => $this->l10n->t('Use SAML auth for the %s desktop clients (requires user re-authentication)', [$this->defaults->getName()]),
|
||||
'type' => 'checkbox',
|
||||
],
|
||||
];
|
||||
|
||||
$params = [
|
||||
|
|
Loading…
Reference in a new issue