From ac49348b417111753621275922e2d36ce16d1082 Mon Sep 17 00:00:00 2001 From: "A.Unger" Date: Tue, 13 Jul 2021 14:29:26 +0200 Subject: [PATCH] fix 215, 216 - first draft --- proxy/pkg/middleware/account_resolver.go | 3 +- proxy/pkg/middleware/basic_auth.go | 90 +++++++++++++++++++++++- 2 files changed, 90 insertions(+), 3 deletions(-) diff --git a/proxy/pkg/middleware/account_resolver.go b/proxy/pkg/middleware/account_resolver.go index 6aa829c49..f7379eda4 100644 --- a/proxy/pkg/middleware/account_resolver.go +++ b/proxy/pkg/middleware/account_resolver.go @@ -1,9 +1,10 @@ package middleware import ( + "net/http" + "github.com/cs3org/reva/pkg/auth/scope" "github.com/owncloud/ocis/proxy/pkg/user/backend" - "net/http" tokenPkg "github.com/cs3org/reva/pkg/token" "github.com/cs3org/reva/pkg/token/manager/jwt" diff --git a/proxy/pkg/middleware/basic_auth.go b/proxy/pkg/middleware/basic_auth.go index df710c6e4..3a63b8684 100644 --- a/proxy/pkg/middleware/basic_auth.go +++ b/proxy/pkg/middleware/basic_auth.go @@ -1,12 +1,14 @@ package middleware import ( + "encoding/xml" "fmt" + "net/http" + "strings" + "github.com/owncloud/ocis/ocis-pkg/log" "github.com/owncloud/ocis/ocis-pkg/oidc" "github.com/owncloud/ocis/proxy/pkg/user/backend" - "net/http" - "strings" ) const publicFilesEndpoint = "/remote.php/dav/public-files/" @@ -61,7 +63,18 @@ func BasicAuth(optionSetters ...Option) func(next http.Handler) http.Handler { writeSupportedAuthenticateHeader(w, req) } + // if the request is a PROPFIND return a WebDAV error code. + // TODO: The proxy has to be smart enough to detect when a request is directed towards a webdav server + // and react accordingly. + w.WriteHeader(http.StatusUnauthorized) + + b, err := Marshal(exception{ + code: SabredavPermissionDenied, + message: "Authentication error", + }) + + HandleWebdavError(w, b, err) return } @@ -93,3 +106,76 @@ func (m basicAuth) isBasicAuth(req *http.Request) bool { login, password, ok := req.BasicAuth() return m.enabled && ok && login != "" && password != "" } + +type code int + +const ( + // SabredavBadRequest maps to HTTP 400 + SabredavBadRequest code = iota + // SabredavMethodNotAllowed maps to HTTP 405 + SabredavMethodNotAllowed + // SabredavNotAuthenticated maps to HTTP 401 + SabredavNotAuthenticated + // SabredavPreconditionFailed maps to HTTP 412 + SabredavPreconditionFailed + // SabredavPermissionDenied maps to HTTP 403 + SabredavPermissionDenied + // SabredavNotFound maps to HTTP 404 + SabredavNotFound + // SabredavConflict maps to HTTP 409 + SabredavConflict +) + +var ( + codesEnum = []string{ + "Sabre\\DAV\\Exception\\BadRequest", + "Sabre\\DAV\\Exception\\MethodNotAllowed", + "Sabre\\DAV\\Exception\\NotAuthenticated", + "Sabre\\DAV\\Exception\\PreconditionFailed", + "Sabre\\DAV\\Exception\\PermissionDenied", + "Sabre\\DAV\\Exception\\NotFound", + "Sabre\\DAV\\Exception\\Conflict", + } +) + +type exception struct { + code code + message string + header string +} + +// Marshal just calls the xml marshaller for a given exception. +func Marshal(e exception) ([]byte, error) { + xmlstring, err := xml.Marshal(&errorXML{ + Xmlnsd: "DAV", + Xmlnss: "http://sabredav.org/ns", + Exception: codesEnum[e.code], + Message: e.message, + Header: e.header, + }) + if err != nil { + return []byte(""), err + } + return []byte(xml.Header + string(xmlstring)), err +} + +// http://www.webdav.org/specs/rfc4918.html#ELEMENT_error +type errorXML struct { + XMLName xml.Name `xml:"d:error"` + Xmlnsd string `xml:"xmlns:d,attr"` + Xmlnss string `xml:"xmlns:s,attr"` + Exception string `xml:"s:exception"` + Message string `xml:"s:message"` + InnerXML []byte `xml:",innerxml"` + Header string `xml:"s:header,omitempty"` +} + +func HandleWebdavError(w http.ResponseWriter, b []byte, err error) { + if err != nil { + w.WriteHeader(http.StatusInternalServerError) + return + } + _, err = w.Write(b) + if err != nil { + } +}