NB-Public/user_saml
14
0
Fork 0
mirror of https://github.com/netzbegruenung/user_saml.git synced 2024-04-27 14:54:53 +02:00
Code Issues Projects Releases Wiki Activity

Add switch to configure whether SAML auth is used for desktop clients

Browse source
This commit is contained in:
Lukas Reschke 2016-09-26 22:06:17 +02:00
parent 638e5f2c41
commit 6cdc174fdd
No known key found for this signature in database
GPG key ID: B9F6980CF6E759B1
4 changed files with 55 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
appinfo/app.php
View file

@ -31,7 +31,7 @@ $samlSettings = new \OCA\User_SAML\SAMLSettings(
);
$userBackend = new \OCA\User_SAML\UserBackend(
\OC::$server->getConfig(),
$config,
\OC::$server->getURLGenerator(),
\OC::$server->getSession(),
\OC::$server->getDb()
@ -58,10 +58,17 @@ if(!$userSession->isLoggedIn() && \OC::$server->getRequest()->getPathInfo() ===
// If a request to OCS or remote.php is sent by the official desktop clients it can
// be intercepted as it supports SAML. All other clients don't yet and thus we
// require the usage of application specific passwords there.
$currentUrl = substr(explode('?',$request->getRequestUri(), 2)[0], strlen(\OC::$WEBROOT));
if(substr($currentUrl, 0, 12) === '/remote.php/' || substr($currentUrl, 0, 5) === '/ocs/') {
if(!$userSession->isLoggedIn() && $request->isUserAgent([\OC\AppFramework\Http\Request::USER_AGENT_OWNCLOUD_DESKTOP])) {
$redirectSituation = true;
//
// However, it is an opt-in setting to use SAML for the desktop clients. For better
// UX (users don't have to reauthenticate) we default to disallow the access via
// SAML at the moment.
$useSamlForDesktopClients = $config->getAppValue('user_saml', 'general-use_saml_auth_for_desktop', '0');
if($useSamlForDesktopClients === '1') {
$currentUrl = substr(explode('?',$request->getRequestUri(), 2)[0], strlen(\OC::$WEBROOT));
if(substr($currentUrl, 0, 12) === '/remote.php/' || substr($currentUrl, 0, 5) === '/ocs/') {
if(!$userSession->isLoggedIn() && $request->isUserAgent([\OC\AppFramework\Http\Request::USER_AGENT_OWNCLOUD_DESKTOP])) {
$redirectSituation = true;
}
}
}

4
appinfo/info.xml
View file

@ -5,9 +5,9 @@
<description>Authenticates user against a SAML backend, such as Shibboleth.</description>
<licence>AGPL</licence>
<author>Lukas Reschke</author>
<version>1.2.0</version>
<version>1.2.1</version>
<dependencies>
<owncloud min-version="9.2" max-version="9.2" />
<owncloud min-version="9.1" max-version="9.2" />
</dependencies>
<namespace>User_SAML</namespace>
<types>

30
appinfo/update.php Normal file
View file

@ -0,0 +1,30 @@
<?php
/**
* @copyright Copyright (c) 2016 Lukas Reschke <lukas@nextcloud.com>
*
* @license GNU AGPL version 3 or any later version
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
$config = \OC::$server->getConfig();
$installedVersion = $config->getAppValue('user_saml', 'installed_version');
// Versions below 1.2.1 use SAML by default for the desktop client, this default
// has been changed with 1.2.1. To not break existing installations the value gets
// manually changed on update.
if (version_compare($installedVersion, '1.2.1', '<')) {
$config->setAppValue('user_saml', 'general-use_saml_auth_for_desktop', '0');
}

13
lib/Settings/Admin.php
View file

@ -24,6 +24,7 @@
namespace OCA\User_SAML\Settings;
use OCP\AppFramework\Http\TemplateResponse;
use OCP\Defaults;
use OCP\IL10N;
use OCP\IURLGenerator;
use OCP\Settings\ISettings;
@ -31,18 +32,22 @@ use OCP\Settings\ISettings;
class Admin implements ISettings {
/** @var IL10N */
private $l10n;
/** @var IURLGenerator */
private $urlGenerator;
/** @var Defaults */
private $defaults;
/**
* @param IL10N $l10n
* @param IURLGenerator $urlGenerator
* @param Defaults $defaults
*/
public function __construct(IL10N $l10n,
IURLGenerator $urlGenerator) {
IURLGenerator $urlGenerator,
Defaults $defaults) {
$this->l10n = $l10n;
$this->urlGenerator = $urlGenerator;
$this->defaults = $defaults;
}
/**
@ -78,6 +83,10 @@ class Admin implements ISettings {
'text' => $this->l10n->t('Only allow authentication if an account is existent on some other backend. (e.g. LDAP)'),
'type' => 'checkbox',
],
'use_saml_auth_for_desktop' => [
'text' => $this->l10n->t('Use SAML auth for the %s desktop clients (requires user re-authentication)', [$this->defaults->getName()]),
'type' => 'checkbox',
],
];
$params = [