Skip to content

Commit

Permalink
only save the ticket when the user is using session sso
Browse files Browse the repository at this point in the history
Signed-off-by: Robin Appelman <[email protected]>
  • Loading branch information
icewind1991 committed Sep 21, 2023
1 parent c4f5f49 commit b5abd91
Showing 1 changed file with 28 additions and 2 deletions.
30 changes: 28 additions & 2 deletions apps/files_external/lib/Lib/TicketSaveMiddleware.php
Original file line number Diff line number Diff line change
Expand Up @@ -24,22 +24,48 @@
namespace OCA\Files_External\Lib;

use Icewind\SMB\KerberosTicket;
use OCA\Files_External\Controller\UserGlobalStoragesController;
use OCA\Files_External\Lib\Auth\SMB\KerberosSsoSession;
use OCA\Files_External\Service\UserGlobalStoragesService;
use OCP\AppFramework\Http\Response;
use OCP\AppFramework\Middleware;
use OCP\ISession;
use OCP\IUserSession;

class TicketSaveMiddleware extends Middleware {
private ISession $session;
private IUserSession $userSession;
private UserGlobalStoragesService $storagesService;

public function __construct(ISession $session) {
public function __construct(
ISession $session,
IUserSession $userSession,
UserGlobalStoragesService $storagesService
) {
$this->session = $session;
$this->userSession = $userSession;
$this->storagesService = $storagesService;
}

public function afterController($controller, $methodName, Response $response) {
$ticket = KerberosTicket::fromEnv();
if ($ticket && $ticket->isValid()) {
if ($ticket && $ticket->isValid() && $this->needToSaveTicket()) {
$this->session->set('kerberos_ticket', base64_encode($ticket->save()));
}
return $response;
}

private function needToSaveTicket(): bool {
$user = $this->userSession->getUser();
if (!$user) {
return false;
}
$storages = $this->storagesService->getAllStoragesForUser($user);
foreach ($storages as $storage) {
if ($storage->getAuthMechanism() instanceof KerberosSsoSession) {
return true;
}
}
return false;
}
}

0 comments on commit b5abd91

Please sign in to comment.