forked from owncloud-archive/apps
-
Notifications
You must be signed in to change notification settings - Fork 0
/
oauth.php
75 lines (59 loc) · 2.59 KB
/
oauth.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
<?php
require_once '3rdparty/php-lib-remote-rs/lib/OAuth/RemoteResourceServer.php';
use \OAuth\RemoteResourceServer as RemoteResourceServer;
use \OAuth\RemoteResourceServerException as RemoteResourceServerException;
class OC_Connector_Sabre_OAuth implements Sabre_DAV_Auth_IBackend
{
private $currentUser;
private $tokenInfoEndpoint;
private $useResourceOwnerId;
private $userIdAttributeName;
public function __construct($tokenInfoEndpoint, $useResourceOwnerId = TRUE, $userIdAttributeName = "uid")
{
$this->tokenInfoEndpoint = $tokenInfoEndpoint;
$this->useResourceOwnerId = $useResourceOwnerId;
$this->userIdAttributeName = $userIdAttributeName;
}
public function getCurrentUser()
{
return $this->currentUser;
}
public function authenticate(Sabre_DAV_Server $server, $realm)
{
$config = array(
"tokenInfoEndpoint" => $this->tokenInfoEndpoint,
"throwException" => TRUE,
"resourceServerRealm" => $realm,
);
$authorizationHeader = $server->httpRequest->getHeader('Authorization');
// Apache could prefix environment variables with REDIRECT_ when urls
// are passed through mod_rewrite
if (!$authorizationHeader) {
$authorizationHeader = $server->httpRequest->getRawServerValue('REDIRECT_HTTP_AUTHORIZATION');
}
try {
$resourceServer = new RemoteResourceServer($config);
$resourceServer->verifyAuthorizationHeader($authorizationHeader);
if ($this->useResourceOwnerId) {
// when using the user_id
$this->currentUser = $resourceServer->getResourceOwnerId();
} else {
// when using a (SAML) attribute
$attributes = $resourceServer->getAttributes();
$this->currentUser = $attributes[$this->userIdAttributeName][0];
}
OC_Util::setupFS($this->currentUser);
return true;
} catch (RemoteResourceServerException $e) {
$server->httpResponse->setHeader('WWW-Authenticate', $e->getAuthenticateHeader());
// FIXME: do we need to set the status here explicitly, or does the
// Exception below take care of this?
$server->httpResponse->sendStatus($e->getResponseCode());
if ("403" === $e->getResponseCode()) {
throw new Sabre_DAV_Exception_Forbidden($e->getDescription());
} else {
throw new Sabre_DAV_Exception_NotAuthenticated($e->getDescription());
}
}
}
}