Add application specific passwords
Fixes https://github.com/nextcloud/user_saml/issues/1
This commit is contained in:
parent
03646e6159
commit
84c1547c85
|
@ -22,4 +22,4 @@
|
|||
$app = new \OCA\User_SAML\AppInfo\Application();
|
||||
/** @var \OCA\User_SAML\Controller\SettingsController $controller */
|
||||
$controller = $app->getContainer()->query('SettingsController');
|
||||
return $controller->displayPanel()->render();
|
||||
return $controller->displayAdminPanel()->render();
|
||||
|
|
|
@ -22,6 +22,7 @@
|
|||
require_once __DIR__ . '/../3rdparty/vendor/autoload.php';
|
||||
|
||||
\OCP\App::registerAdmin('user_saml', 'admin');
|
||||
\OCP\App::registerPersonal('user_saml', 'personal');
|
||||
|
||||
$urlGenerator = \OC::$server->getURLGenerator();
|
||||
$config = \OC::$server->getConfig();
|
||||
|
@ -30,21 +31,24 @@ $samlSettings = new \OCA\User_SAML\SAMLSettings(
|
|||
$urlGenerator,
|
||||
$config
|
||||
);
|
||||
try {
|
||||
$oneLoginSettings = new \OneLogin_Saml2_Settings($samlSettings->getOneLoginSettingsArray());
|
||||
} catch(OneLogin_Saml2_Error $e) {
|
||||
return;
|
||||
}
|
||||
|
||||
$userBackend = new \OCA\User_SAML\UserBackend(
|
||||
\OC::$server->getConfig(),
|
||||
\OC::$server->getLogger(),
|
||||
\OC::$server->getURLGenerator(),
|
||||
\OC::$server->getSession()
|
||||
\OC::$server->getSession(),
|
||||
\OC::$server->getDb()
|
||||
);
|
||||
OC_User::useBackend($userBackend);
|
||||
OC_User::handleApacheAuth();
|
||||
|
||||
// Setting up the one login config may fail, if so, do not catch the requests later.
|
||||
try {
|
||||
$oneLoginSettings = new \OneLogin_Saml2_Settings($samlSettings->getOneLoginSettingsArray());
|
||||
} catch(OneLogin_Saml2_Error $e) {
|
||||
return;
|
||||
}
|
||||
|
||||
// Redirect all requests to the login page to the SAML login
|
||||
$currentUrl = substr(explode('?',$request->getRequestUri(), 2)[0], strlen(\OC::$WEBROOT));
|
||||
if($currentUrl === '/index.php/login' && !OC_User::isLoggedIn()) {
|
||||
|
|
|
@ -0,0 +1,50 @@
|
|||
<?xml version="1.0" encoding="ISO-8859-1" ?>
|
||||
<database>
|
||||
|
||||
<name>*dbname*</name>
|
||||
<create>true</create>
|
||||
<overwrite>false</overwrite>
|
||||
<charset>utf8</charset>
|
||||
|
||||
<table>
|
||||
<!-- Copied table from core: Nextcloud 9 does not support application
|
||||
specific passwords and so we -->
|
||||
<name>*dbprefix*user_saml_auth_token</name>
|
||||
|
||||
<declaration>
|
||||
<field>
|
||||
<name>id</name>
|
||||
<type>integer</type>
|
||||
<default>0</default>
|
||||
<notnull>true</notnull>
|
||||
<autoincrement>1</autoincrement>
|
||||
<unsigned>true</unsigned>
|
||||
<length>4</length>
|
||||
</field>
|
||||
|
||||
<!-- Foreign Key users::uid -->
|
||||
<field>
|
||||
<name>uid</name>
|
||||
<type>text</type>
|
||||
<default></default>
|
||||
<notnull>true</notnull>
|
||||
<length>64</length>
|
||||
</field>
|
||||
|
||||
<field>
|
||||
<name>name</name>
|
||||
<type>clob</type>
|
||||
<default></default>
|
||||
<notnull>true</notnull>
|
||||
</field>
|
||||
|
||||
<field>
|
||||
<name>token</name>
|
||||
<type>text</type>
|
||||
<default></default>
|
||||
<notnull>true</notnull>
|
||||
<length>200</length>
|
||||
</field>
|
||||
</declaration>
|
||||
</table>
|
||||
</database>
|
|
@ -7,6 +7,6 @@
|
|||
<author>Nextcloud</author>
|
||||
<version>1.0.0</version>
|
||||
<dependencies>
|
||||
<owncloud min-version="9.0" max-version="9.1" />
|
||||
<owncloud min-version="9.0" max-version="9.0" />
|
||||
</dependencies>
|
||||
</info>
|
||||
|
|
|
@ -21,26 +21,36 @@
|
|||
|
||||
namespace OCA\User_SAML\AppInfo;
|
||||
|
||||
(new \OCP\AppFramework\App('user_saml'))->registerRoutes($this, array('routes' => array(
|
||||
(new Application())->registerRoutes(
|
||||
$this,
|
||||
[
|
||||
'name' => 'SAML#login',
|
||||
'url' => '/saml/login',
|
||||
'verb' => 'GET',
|
||||
],
|
||||
[
|
||||
'name' => 'SAML#getMetadata',
|
||||
'url' => '/saml/metadata',
|
||||
'verb' => 'GET',
|
||||
],
|
||||
[
|
||||
'name' => 'SAML#assertionConsumerService',
|
||||
'url' => '/saml/acs',
|
||||
'verb' => 'POST',
|
||||
],
|
||||
[
|
||||
'name' => 'SAML#singleLogoutService',
|
||||
'url' => '/saml/sls',
|
||||
'verb' => 'GET',
|
||||
],
|
||||
)));
|
||||
'resources' => [
|
||||
'AuthSettings' => [
|
||||
'url' => '/authtokens'
|
||||
],
|
||||
],
|
||||
'routes' => [
|
||||
[
|
||||
'name' => 'SAML#login',
|
||||
'url' => '/saml/login',
|
||||
'verb' => 'GET',
|
||||
],
|
||||
[
|
||||
'name' => 'SAML#getMetadata',
|
||||
'url' => '/saml/metadata',
|
||||
'verb' => 'GET',
|
||||
],
|
||||
[
|
||||
'name' => 'SAML#assertionConsumerService',
|
||||
'url' => '/saml/acs',
|
||||
'verb' => 'POST',
|
||||
],
|
||||
[
|
||||
'name' => 'SAML#singleLogoutService',
|
||||
'url' => '/saml/sls',
|
||||
'verb' => 'GET',
|
||||
],
|
||||
]
|
||||
]
|
||||
);
|
||||
|
||||
|
|
|
@ -0,0 +1,30 @@
|
|||
#user-saml-apppasswords table {
|
||||
width: 100%;
|
||||
min-height: 150px;
|
||||
padding-top: 25px;
|
||||
}
|
||||
#user-saml-appasswords table th {
|
||||
font-weight: 800;
|
||||
}
|
||||
#user-saml-apppasswords table th,
|
||||
#user-saml-apppasswords table td {
|
||||
padding: 10px;
|
||||
}
|
||||
|
||||
#user-saml-apppasswords .token-list td {
|
||||
border-top: 1px solid #DDD;
|
||||
text-overflow: ellipsis;
|
||||
max-width: 200px;
|
||||
white-space: nowrap;
|
||||
overflow: hidden;
|
||||
}
|
||||
#user-saml-apppasswords .token-list td a.icon-delete {
|
||||
display: block;
|
||||
opacity: 0.6;
|
||||
}
|
||||
|
||||
#user-saml-new-app-password {
|
||||
width: 186px;
|
||||
font-family: monospace;
|
||||
background-color: lightyellow;
|
||||
}
|
|
@ -1,4 +1,3 @@
|
|||
|
||||
function setSAMLConfigValue(category, setting, value) {
|
||||
OC.msg.startSaving('#user-saml-save-indicator');
|
||||
OC.AppConfig.setValue('user_saml', category+'-'+setting, value);
|
|
@ -0,0 +1,9 @@
|
|||
$(function() {
|
||||
|
||||
// Show token views
|
||||
var collection = new OCA.User_SAML.AuthTokenCollection();
|
||||
var view = new OCA.User_SAML.AuthTokenView({
|
||||
collection: collection
|
||||
});
|
||||
view.reload();
|
||||
});
|
|
@ -0,0 +1,52 @@
|
|||
/* global Backbone */
|
||||
|
||||
/**
|
||||
* @author Christoph Wurst <christoph@owncloud.com>
|
||||
*
|
||||
* @copyright Copyright (c) 2016, ownCloud, Inc.
|
||||
* @license AGPL-3.0
|
||||
*
|
||||
* This code is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License, version 3,
|
||||
* as published by the Free Software Foundation.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License, version 3,
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>
|
||||
*
|
||||
*/
|
||||
|
||||
(function(OCA, Backbone) {
|
||||
'use strict';
|
||||
|
||||
OCA.User_SAML = OCA.User_SAML || {};
|
||||
|
||||
var AuthTokenCollection = Backbone.Collection.extend({
|
||||
|
||||
model: OCA.User_SAML.AuthToken,
|
||||
|
||||
/**
|
||||
* Show recently used sessions/devices first
|
||||
*
|
||||
* @param {OCA.User_SAML.AuthToken} t1
|
||||
* @param {OCA.User_SAML.AuthToken} t2
|
||||
* @returns {Boolean}
|
||||
*/
|
||||
comparator: function (t1, t2) {
|
||||
var ts1 = parseInt(t1.get('lastActivity'), 10);
|
||||
var ts2 = parseInt(t2.get('lastActivity'), 10);
|
||||
return ts1 < ts2;
|
||||
},
|
||||
|
||||
tokenType: null,
|
||||
|
||||
url: OC.generateUrl('/apps/user_saml/authtokens')
|
||||
});
|
||||
|
||||
OCA.User_SAML.AuthTokenCollection = AuthTokenCollection;
|
||||
|
||||
})(OCA, Backbone);
|
|
@ -0,0 +1,33 @@
|
|||
/* global Backbone */
|
||||
|
||||
/**
|
||||
* @author Christoph Wurst <christoph@owncloud.com>
|
||||
*
|
||||
* @copyright Copyright (c) 2016, ownCloud, Inc.
|
||||
* @license AGPL-3.0
|
||||
*
|
||||
* This code is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License, version 3,
|
||||
* as published by the Free Software Foundation.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License, version 3,
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>
|
||||
*
|
||||
*/
|
||||
|
||||
(function(OCA, Backbone) {
|
||||
'use strict';
|
||||
|
||||
OCA.User_SAML = OCA.User_SAML || {};
|
||||
|
||||
var AuthToken = Backbone.Model.extend({
|
||||
});
|
||||
|
||||
OCA.User_SAML.AuthToken = AuthToken;
|
||||
|
||||
})(OCA, Backbone);
|
|
@ -0,0 +1,230 @@
|
|||
/* global Backbone, Handlebars, moment */
|
||||
|
||||
/**
|
||||
* @author Christoph Wurst <christoph@owncloud.com>
|
||||
*
|
||||
* @copyright Copyright (c) 2016, ownCloud, Inc.
|
||||
* @license AGPL-3.0
|
||||
*
|
||||
* This code is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License, version 3,
|
||||
* as published by the Free Software Foundation.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License, version 3,
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>
|
||||
*
|
||||
*/
|
||||
|
||||
(function(OCA, _, Backbone, $, Handlebars, moment) {
|
||||
'use strict';
|
||||
|
||||
OCA.User_SAML = OCA.User_SAML|| {};
|
||||
|
||||
var TEMPLATE_TOKEN =
|
||||
'<tr data-id="{{id}}">'
|
||||
+ '<td class="has-tooltip" title="{{name}}"><span class="token-name">{{name}}</span></td>'
|
||||
+ '<td><a class="icon-delete has-tooltip" title="' + t('core', 'Disconnect') + '"></a></td>'
|
||||
+ '<tr>';
|
||||
|
||||
var SubView = Backbone.View.extend({
|
||||
collection: null,
|
||||
type: 0,
|
||||
_template: undefined,
|
||||
|
||||
template: function(data) {
|
||||
if (_.isUndefined(this._template)) {
|
||||
this._template = Handlebars.compile(TEMPLATE_TOKEN);
|
||||
}
|
||||
|
||||
return this._template(data);
|
||||
},
|
||||
|
||||
initialize: function(options) {
|
||||
this.type = options.type;
|
||||
this.collection = options.collection;
|
||||
|
||||
this.on(this.collection, 'change', this.render);
|
||||
},
|
||||
|
||||
render: function() {
|
||||
var _this = this;
|
||||
|
||||
var list = this.$('.token-list');
|
||||
var tokens = this.collection.filter(function(token) {
|
||||
return parseInt(token.get('type'), 10) === _this.type;
|
||||
});
|
||||
list.html('');
|
||||
|
||||
// Show header only if there are tokens to show
|
||||
this._toggleHeader(tokens.length > 0);
|
||||
|
||||
tokens.forEach(function(token) {
|
||||
var viewData = token.toJSON();
|
||||
var ts = viewData.lastActivity * 1000;
|
||||
viewData.lastActivity = OC.Util.relativeModifiedDate(ts);
|
||||
viewData.lastActivityTime = OC.Util.formatDate(ts, 'LLL');
|
||||
var html = _this.template(viewData);
|
||||
var $html = $(html);
|
||||
$html.find('.has-tooltip').tooltip({container: 'body'});
|
||||
list.append($html);
|
||||
});
|
||||
},
|
||||
|
||||
toggleLoading: function(state) {
|
||||
this.$('.token-list').toggleClass('icon-loading', state);
|
||||
},
|
||||
|
||||
_toggleHeader: function(show) {
|
||||
this.$('.hidden-when-empty').toggleClass('hidden', !show);
|
||||
}
|
||||
});
|
||||
|
||||
var AuthTokenView = Backbone.View.extend({
|
||||
collection: null,
|
||||
|
||||
_views: [],
|
||||
|
||||
_form: undefined,
|
||||
|
||||
_tokenName: undefined,
|
||||
|
||||
_addAppPasswordBtn: undefined,
|
||||
|
||||
_result: undefined,
|
||||
|
||||
_newAppPassword: undefined,
|
||||
|
||||
_hideAppPasswordBtn: undefined,
|
||||
|
||||
_addingToken: false,
|
||||
|
||||
initialize: function(options) {
|
||||
this.collection = options.collection;
|
||||
|
||||
var tokenTypes = [0, 1];
|
||||
var _this = this;
|
||||
_.each(tokenTypes, function(type) {
|
||||
var el = '#user-saml-apppasswords';
|
||||
_this._views.push(new SubView({
|
||||
el: el,
|
||||
type: type,
|
||||
collection: _this.collection
|
||||
}));
|
||||
|
||||
var $el = $(el);
|
||||
$el.on('click', 'a.icon-delete', _.bind(_this._onDeleteToken, _this));
|
||||
});
|
||||
|
||||
this._form = $('#user-saml-app-password-form');
|
||||
this._tokenName = $('#user-saml-app-password-name');
|
||||
this._addAppPasswordBtn = $('#user-saml-add-app-password');
|
||||
this._addAppPasswordBtn.click(_.bind(this._addAppPassword, this));
|
||||
|
||||
this._result = $('#user-saml-app-password-result');
|
||||
this._newAppPassword = $('#user-saml-new-app-password');
|
||||
this._newAppPassword.on('focus', _.bind(this._onNewTokenFocus, this));
|
||||
this._hideAppPasswordBtn = $('#user-saml-app-password-hide');
|
||||
this._hideAppPasswordBtn.click(_.bind(this._hideToken, this));
|
||||
},
|
||||
|
||||
render: function() {
|
||||
_.each(this._views, function(view) {
|
||||
view.render();
|
||||
view.toggleLoading(false);
|
||||
});
|
||||
},
|
||||
|
||||
reload: function() {
|
||||
var _this = this;
|
||||
|
||||
_.each(this._views, function(view) {
|
||||
view.toggleLoading(true);
|
||||
});
|
||||
|
||||
var loadingTokens = this.collection.fetch();
|
||||
|
||||
$.when(loadingTokens).done(function() {
|
||||
_this.render();
|
||||
});
|
||||
$.when(loadingTokens).fail(function() {
|
||||
OC.Notification.showTemporary(t('core', 'Error while loading browser sessions and device tokens'));
|
||||
});
|
||||
},
|
||||
|
||||
_addAppPassword: function() {
|
||||
var _this = this;
|
||||
this._toggleAddingToken(true);
|
||||
|
||||
var deviceName = this._tokenName.val();
|
||||
var creatingToken = $.ajax(OC.generateUrl('/apps/user_saml/authtokens'), {
|
||||
method: 'POST',
|
||||
data: {
|
||||
name: deviceName
|
||||
}
|
||||
});
|
||||
|
||||
$.when(creatingToken).done(function(resp) {
|
||||
_this.collection.add(resp.deviceToken);
|
||||
_this.render();
|
||||
_this._newAppPassword.val(resp.token);
|
||||
_this._toggleFormResult(false);
|
||||
_this._newAppPassword.select();
|
||||
_this._tokenName.val('');
|
||||
});
|
||||
$.when(creatingToken).fail(function() {
|
||||
OC.Notification.showTemporary(t('core', 'Error while creating device token'));
|
||||
});
|
||||
$.when(creatingToken).always(function() {
|
||||
_this._toggleAddingToken(false);
|
||||
});
|
||||
},
|
||||
|
||||
_onNewTokenFocus: function() {
|
||||
this._newAppPassword.select();
|
||||
},
|
||||
|
||||
_hideToken: function() {
|
||||
this._toggleFormResult(true);
|
||||
},
|
||||
|
||||
_toggleAddingToken: function(state) {
|
||||
this._addingToken = state;
|
||||
this._addAppPasswordBtn.toggleClass('icon-loading-small', state);
|
||||
},
|
||||
|
||||
_onDeleteToken: function(event) {
|
||||
var $target = $(event.target);
|
||||
var $row = $target.closest('tr');
|
||||
var id = $row.data('id');
|
||||
|
||||
var token = this.collection.get(id);
|
||||
if (_.isUndefined(token)) {
|
||||
// Ignore event
|
||||
return;
|
||||
}
|
||||
|
||||
var destroyingToken = token.destroy();
|
||||
|
||||
var _this = this;
|
||||
$.when(destroyingToken).fail(function() {
|
||||
OC.Notification.showTemporary(t('core', 'Error while deleting the token'));
|
||||
});
|
||||
$.when(destroyingToken).always(function() {
|
||||
_this.render();
|
||||
});
|
||||
},
|
||||
|
||||
_toggleFormResult: function(showForm) {
|
||||
this._form.toggleClass('hidden', !showForm);
|
||||
this._result.toggleClass('hidden', showForm);
|
||||
}
|
||||
});
|
||||
|
||||
OCA.User_SAML.AuthTokenView = AuthTokenView;
|
||||
|
||||
})(OCA, _, Backbone, $, Handlebars, moment);
|
|
@ -21,6 +21,7 @@
|
|||
|
||||
namespace OCA\User_SAML\AppInfo;
|
||||
|
||||
use OCA\User_SAML\Controller\AuthSettingsController;
|
||||
use OCA\User_SAML\Controller\SAMLController;
|
||||
use OCA\User_SAML\Controller\SettingsController;
|
||||
use OCA\User_SAML\SAMLSettings;
|
||||
|
@ -35,6 +36,19 @@ class Application extends App {
|
|||
/**
|
||||
* Controller
|
||||
*/
|
||||
$container->registerService('AuthSettingsController', function(IAppContainer $c) {
|
||||
/** @var \OC\Server $server */
|
||||
$server = $c->query('ServerContainer');
|
||||
return new AuthSettingsController(
|
||||
$c->getAppName(),
|
||||
$server->getRequest(),
|
||||
$server->getUserManager(),
|
||||
$server->getSession(),
|
||||
$server->getSecureRandom(),
|
||||
$server->getDb(),
|
||||
$server->getUserSession()->getUser()->getUID()
|
||||
);
|
||||
});
|
||||
$container->registerService('SettingsController', function(IAppContainer $c) {
|
||||
/** @var \OC\Server $server */
|
||||
$server = $c->query('ServerContainer');
|
||||
|
|
|
@ -0,0 +1,167 @@
|
|||
<?php
|
||||
/**
|
||||
* @author Christoph Wurst <christoph@owncloud.com>
|
||||
*
|
||||
* @copyright Copyright (c) 2016, ownCloud, Inc.
|
||||
* @license AGPL-3.0
|
||||
*
|
||||
* This code is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License, version 3,
|
||||
* as published by the Free Software Foundation.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License, version 3,
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>
|
||||
*
|
||||
*/
|
||||
namespace OCA\User_SAML\Controller;
|
||||
|
||||
use OC\AppFramework\Http;
|
||||
use OCP\AppFramework\Controller;
|
||||
use OCP\AppFramework\Http\JSONResponse;
|
||||
use OCP\DB\QueryBuilder\IQueryBuilder;
|
||||
use OCP\IDb;
|
||||
use OCP\IRequest;
|
||||
use OCP\ISession;
|
||||
use OCP\IUserManager;
|
||||
use OCP\Security\ISecureRandom;
|
||||
|
||||
class AuthSettingsController extends Controller {
|
||||
/** @var IUserManager */
|
||||
private $userManager;
|
||||
/** @var ISession */
|
||||
private $session;
|
||||
/** @var string */
|
||||
private $uid;
|
||||
/** @var ISecureRandom */
|
||||
private $random;
|
||||
/** @var IDb */
|
||||
private $db;
|
||||
|
||||
/**
|
||||
* @param string $appName
|
||||
* @param IRequest $request
|
||||
* @param IUserManager $userManager
|
||||
* @param ISession $session
|
||||
* @param ISecureRandom $random
|
||||
* @param IDb $db
|
||||
* @param string $uid
|
||||
*/
|
||||
public function __construct($appName,
|
||||
IRequest $request,
|
||||
IUserManager $userManager,
|
||||
ISession $session,
|
||||
ISecureRandom $random,
|
||||
IDb $db,
|
||||
$uid) {
|
||||
parent::__construct($appName, $request);
|
||||
$this->userManager = $userManager;
|
||||
$this->uid = $uid;
|
||||
$this->session = $session;
|
||||
$this->random = $random;
|
||||
$this->db = $db;
|
||||
}
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
*
|
||||
* @return JSONResponse
|
||||
*/
|
||||
public function index() {
|
||||
$user = $this->userManager->get($this->uid);
|
||||
if (is_null($user)) {
|
||||
return [];
|
||||
}
|
||||
|
||||
/* @var $qb IQueryBuilder */
|
||||
$qb = $this->db->getQueryBuilder();
|
||||
$qb->select('id', 'uid', 'name', 'token')
|
||||
->from('user_saml_auth_token')
|
||||
->where($qb->expr()->eq('uid', $qb->createNamedParameter($user->getUID())))
|
||||
->setMaxResults(1000);
|
||||
$result = $qb->execute();
|
||||
$data = $result->fetchAll();
|
||||
$result->closeCursor();
|
||||
|
||||
foreach($data as $key => $entry) {
|
||||
unset($data[$key]['token']);
|
||||
unset($data[$key]['uid']);
|
||||
$data[$key]['id'] = (int)$data[$key]['id'];
|
||||
$data[$key]['type'] = 1;
|
||||
}
|
||||
|
||||
return $data;
|
||||
}
|
||||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
*
|
||||
* @param string $name
|
||||
* @return JSONResponse
|
||||
*/
|
||||
public function create($name) {
|
||||
$token = $this->generateRandomDeviceToken();
|
||||
|
||||
$values = [
|
||||
'uid' => $this->uid,
|
||||
'name' => $name,
|
||||
'token' => password_hash($token, PASSWORD_DEFAULT),
|
||||
];
|
||||
|
||||
/* @var $qb IQueryBuilder */
|
||||
$qb = $this->db->getQueryBuilder();
|
||||
$qb->insert('user_saml_auth_token');
|
||||
foreach($values as $column => $value) {
|
||||
$qb->setValue($column, $qb->createNamedParameter($value));
|
||||
}
|
||||
$qb->execute();
|
||||
|
||||
return [
|
||||
'token' => $token,
|
||||
'loginName' => $name,
|
||||
'deviceToken' => [
|
||||
'id' => $qb->getLastInsertId(),
|
||||
'name' => $name,
|
||||
'type' => 1,
|
||||
],
|
||||
];
|
||||
}
|
||||
/**
|
||||
* Return a 20 digit device password
|
||||
*
|
||||
* Example: ABCDE-FGHIJ-KLMNO-PQRST
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
private function generateRandomDeviceToken() {
|
||||
$groups = [];
|
||||
for ($i = 0; $i < 4; $i++) {
|
||||
$groups[] = $this->random->generate(5, implode('', range('A', 'Z')));
|
||||
}
|
||||
return implode('-', $groups);
|
||||
}
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
*
|
||||
* @param string $id
|
||||
* @return JSONResponse
|
||||
*/
|
||||
public function destroy($id) {
|
||||
$user = $this->userManager->get($this->uid);
|
||||
if (is_null($user)) {
|
||||
return [];
|
||||
}
|
||||
|
||||
/* @var $qb IQueryBuilder */
|
||||
$qb = $this->db->getQueryBuilder();
|
||||
$qb->delete('user_saml_auth_token')
|
||||
->where($qb->expr()->eq('id', $qb->createNamedParameter($id)))
|
||||
->andWhere($qb->expr()->eq('uid', $qb->createNamedParameter($user->getUID())));
|
||||
$qb->execute();
|
||||
|
||||
return [];
|
||||
}
|
||||
}
|
|
@ -45,7 +45,17 @@ class SettingsController extends Controller {
|
|||
$this->l10n = $l10n;
|
||||
}
|
||||
|
||||
public function displayPanel() {
|
||||
/**
|
||||
* @return Http\TemplateResponse
|
||||
*/
|
||||
public function displayPersonalPanel() {
|
||||
return new Http\TemplateResponse($this->appName, 'personal', [], 'blank');
|
||||
}
|
||||
|
||||
/**
|
||||
* @return Http\TemplateResponse
|
||||
*/
|
||||
public function displayAdminPanel() {
|
||||
$serviceProviderFields = [
|
||||
'x509cert' => $this->l10n->t('X.509 certificate of the Service Provider'),
|
||||
'privateKey' => $this->l10n->t('Private key of the Service Provider'),
|
||||
|
@ -80,7 +90,7 @@ class SettingsController extends Controller {
|
|||
'general' => $generalSettings,
|
||||
];
|
||||
|
||||
return new Http\TemplateResponse($this->appName, 'settings', $params, 'blank');
|
||||
return new Http\TemplateResponse($this->appName, 'admin', $params, 'blank');
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -22,6 +22,8 @@
|
|||
namespace OCA\User_SAML;
|
||||
|
||||
use OCP\Authentication\IApacheBackend;
|
||||
use OCP\DB\QueryBuilder\IQueryBuilder;
|
||||
use OCP\IDb;
|
||||
use OCP\UserInterface;
|
||||
use OCP\IUserBackend;
|
||||
use OCP\IConfig;
|
||||
|
@ -38,21 +40,26 @@ class UserBackend implements IApacheBackend, UserInterface, IUserBackend {
|
|||
private $urlGenerator;
|
||||
/** @var ISession */
|
||||
private $session;
|
||||
/** @var IDb */
|
||||
private $db;
|
||||
|
||||
/**
|
||||
* @param IConfig $config
|
||||
* @param ILogger $logger
|
||||
* @param IURLGenerator $urlGenerator
|
||||
* @param ISession $session
|
||||
* @param IDb $db
|
||||
*/
|
||||
public function __construct(IConfig $config,
|
||||
ILogger $logger,
|
||||
IURLGenerator $urlGenerator,
|
||||
ISession $session) {
|
||||
ISession $session,
|
||||
IDb $db) {
|
||||
$this->config = $config;
|
||||
$this->logger = $logger;
|
||||
$this->urlGenerator = $urlGenerator;
|
||||
$this->session = $session;
|
||||
$this->db = $db;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -65,9 +72,40 @@ class UserBackend implements IApacheBackend, UserInterface, IUserBackend {
|
|||
* @since 4.5.0
|
||||
*/
|
||||
public function implementsActions($actions) {
|
||||
return (bool)((\OC_User_Backend::CHECK_PASSWORD | \OC_User_Backend::GET_DISPLAYNAME)
|
||||
& $actions);
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if the provided token is correct
|
||||
* @param string $uid The username
|
||||
* @param string $password The password
|
||||
* @return string
|
||||
*
|
||||
* Check if the password is correct without logging in the user
|
||||
* returns the user id or false
|
||||
*/
|
||||
public function checkPassword($uid, $password) {
|
||||
/* @var $qb IQueryBuilder */
|
||||
$qb = $this->db->getQueryBuilder();
|
||||
$qb->select('token')
|
||||
->from('user_saml_auth_token')
|
||||
->where($qb->expr()->eq('uid', $qb->createNamedParameter($uid)))
|
||||
->setMaxResults(1000);
|
||||
$result = $qb->execute();
|
||||
$data = $result->fetchAll();
|
||||
$result->closeCursor();
|
||||
|
||||
foreach($data as $passwords) {
|
||||
if(password_verify($password, $passwords['token'])) {
|
||||
return $uid;
|
||||
}
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* delete a user
|
||||
* @param string $uid The username of the user to delete
|
||||
|
|
|
@ -0,0 +1,25 @@
|
|||
<?php
|
||||
/**
|
||||
* @copyright Copyright (c) 2016 Lukas Reschke <lukas@statuscode.ch>
|
||||
*
|
||||
* @license GNU AGPL version 3 or any later version
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as
|
||||
* published by the Free Software Foundation, either version 3 of the
|
||||
* License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*
|
||||
*/
|
||||
|
||||
$app = new \OCA\User_SAML\AppInfo\Application();
|
||||
/** @var \OCA\User_SAML\Controller\SettingsController $controller */
|
||||
$controller = $app->getContainer()->query('SettingsController');
|
||||
return $controller->displayPersonalPanel()->render();
|
|
@ -1,6 +1,6 @@
|
|||
<?php
|
||||
script('user_saml', 'settings');
|
||||
style('user_saml', 'settings');
|
||||
script('user_saml', 'admin');
|
||||
style('user_saml', 'admin');
|
||||
|
||||
/** @var array $_ */
|
||||
?>
|
|
@ -0,0 +1,40 @@
|
|||
<?php
|
||||
style('user_saml', 'personal');
|
||||
|
||||
script('user_saml', [
|
||||
'personal/authtoken',
|
||||
'personal/authtoken-collection',
|
||||
'personal/authtoken_view',
|
||||
'personal',
|
||||
]);
|
||||
|
||||
/** @var array $_ */
|
||||
?>
|
||||
|
||||
<div id="user-saml-apppasswords" class="section">
|
||||
<h2><?php p($l->t('App passwords'));?></h2>
|
||||
<span class="hidden-when-empty"><?php p($l->t("You've linked these apps."));?></span>
|
||||
<table>
|
||||
<thead class="hidden-when-empty">
|
||||
<tr>
|
||||
<th><?php p($l->t('Name'));?></th>
|
||||
<th></th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody class="token-list icon-loading">
|
||||
</tbody>
|
||||
</table>
|
||||
<p><?php p($l->t('An app password is a passcode that gives an app or device permissions to access your %s account.', [$theme->getName()]));?></p>
|
||||
<div id="user-saml-app-password-form">
|
||||
<input id="user-saml-app-password-name" type="text" placeholder="<?php p($l->t('App name')); ?>">
|
||||
<button id="user-saml-add-app-password" class="button"><?php p($l->t('Create new app password')); ?></button>
|
||||
</div>
|
||||
<div id="user-saml-app-password-result" class="hidden">
|
||||
<span><?php p($l->t('Use the credentials below to configure your app or device.')); ?></span>
|
||||
<div class="user-saml-app-password-row">
|
||||
<span class="user-saml-app-password-label"><?php p($l->t('Password')); ?></span>
|
||||
<input id="user-saml-new-app-password" type="text" readonly="readonly"/>
|
||||
<button id="user-saml-app-password-hide" class="button"><?php p($l->t('Done')); ?></button>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
Loading…
Reference in New Issue