|
|
|
|
@ -29,6 +29,7 @@ |
|
|
|
|
*/ |
|
|
|
|
namespace OCA\DAV\Connector; |
|
|
|
|
|
|
|
|
|
use OC\Security\Bruteforce\Throttler; |
|
|
|
|
use OCP\IRequest; |
|
|
|
|
use OCP\ISession; |
|
|
|
|
use OCP\Share\Exceptions\ShareNotFound; |
|
|
|
|
@ -42,6 +43,7 @@ use Sabre\DAV\Auth\Backend\AbstractBasic; |
|
|
|
|
* @package OCA\DAV\Connector |
|
|
|
|
*/ |
|
|
|
|
class PublicAuth extends AbstractBasic { |
|
|
|
|
private const BRUTEFORCE_ACTION = 'public_webdav_auth'; |
|
|
|
|
|
|
|
|
|
/** @var \OCP\Share\IShare */ |
|
|
|
|
private $share; |
|
|
|
|
@ -55,17 +57,23 @@ class PublicAuth extends AbstractBasic { |
|
|
|
|
/** @var IRequest */ |
|
|
|
|
private $request; |
|
|
|
|
|
|
|
|
|
/** @var Throttler */ |
|
|
|
|
private $throttler; |
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* @param IRequest $request |
|
|
|
|
* @param IManager $shareManager |
|
|
|
|
* @param ISession $session |
|
|
|
|
* @param Throttler $throttler |
|
|
|
|
*/ |
|
|
|
|
public function __construct(IRequest $request, |
|
|
|
|
IManager $shareManager, |
|
|
|
|
ISession $session) { |
|
|
|
|
ISession $session, |
|
|
|
|
Throttler $throttler) { |
|
|
|
|
$this->request = $request; |
|
|
|
|
$this->shareManager = $shareManager; |
|
|
|
|
$this->session = $session; |
|
|
|
|
$this->throttler = $throttler; |
|
|
|
|
|
|
|
|
|
// setup realm |
|
|
|
|
$defaults = new \OCP\Defaults(); |
|
|
|
|
@ -85,9 +93,12 @@ class PublicAuth extends AbstractBasic { |
|
|
|
|
* @throws \Sabre\DAV\Exception\NotAuthenticated |
|
|
|
|
*/ |
|
|
|
|
protected function validateUserPass($username, $password) { |
|
|
|
|
$this->throttler->sleepDelayOrThrowOnMax($this->request->getRemoteAddress(), self::BRUTEFORCE_ACTION); |
|
|
|
|
|
|
|
|
|
try { |
|
|
|
|
$share = $this->shareManager->getShareByToken($username); |
|
|
|
|
} catch (ShareNotFound $e) { |
|
|
|
|
$this->throttler->registerAttempt(self::BRUTEFORCE_ACTION, $this->request->getRemoteAddress()); |
|
|
|
|
return false; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
@ -112,11 +123,14 @@ class PublicAuth extends AbstractBasic { |
|
|
|
|
header('WWW-Authenticate: DummyBasic realm="' . $this->realm . '"'); |
|
|
|
|
throw new \Sabre\DAV\Exception\NotAuthenticated('Cannot authenticate over ajax calls'); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
$this->throttler->registerAttempt(self::BRUTEFORCE_ACTION, $this->request->getRemoteAddress()); |
|
|
|
|
return false; |
|
|
|
|
} |
|
|
|
|
} elseif ($share->getShareType() === IShare::TYPE_REMOTE) { |
|
|
|
|
return true; |
|
|
|
|
} else { |
|
|
|
|
$this->throttler->registerAttempt(self::BRUTEFORCE_ACTION, $this->request->getRemoteAddress()); |
|
|
|
|
return false; |
|
|
|
|
} |
|
|
|
|
} else { |
|
|
|
|
|
Joas Schilling
5 years ago
committed by