Merge pull request #212 from pdsinterop/feature/user-backend

ylebre · web-flow · commit a48d3952087d · 2025-06-27T15:17:33.000+02:00
Feature/user backend
diff --git a/solid/appinfo/info.xml b/solid/appinfo/info.xml
@@ -16,6 +16,9 @@ When you do this, the Solid App can store data in your Nextcloud account through
     <author mail="auke@muze.nl" >Auke van Slooten</author>
     <namespace>Solid</namespace>
     <category>integration</category>
+    <types>
+        <authentication/>
+    </types>
     <bugs>https://github.com/pdsinterop/solid-nextcloud/issues</bugs>
     <dependencies>
         <nextcloud min-version="28" max-version="30"/>
diff --git a/solid/lib/AppInfo/Application.php b/solid/lib/AppInfo/Application.php
@@ -10,21 +10,31 @@
 use OCA\Solid\Service\SolidWebhookService;
 use OCA\Solid\Db\SolidWebhookMapper;
 use OCA\Solid\Middleware\SolidCorsMiddleware;
+use OCA\Solid\ClientAuth;
 
 use OCP\AppFramework\App;
 use OCP\AppFramework\Bootstrap\IBootContext;
 use OCP\AppFramework\Bootstrap\IBootstrap;
 use OCP\AppFramework\Bootstrap\IRegistrationContext;
 use OCP\IDBConnection;
+use OCP\IRequest;
+use OCP\Server;
 
 class Application extends App implements IBootstrap {
     public const APP_ID = 'solid';
-	public static $userSubDomainsEnabled;
+    public static $userSubDomainsEnabled;
 
     /**
      * @param array $urlParams
      */
     public function __construct(array $urlParams = []) {
+        $request = \OCP\Server::get(\OCP\IRequest::class);
+        $rawPathInfo = $request->getRawPathInfo();
+
+        if ($rawPathInfo == '/apps/solid/token') {
+            $backend = new \OCA\Solid\ClientAuth();
+            \OC::$server->getUserManager()->registerBackend($backend);
+        }
         parent::__construct(self::APP_ID, $urlParams);
     }
 
diff --git a/solid/lib/ClientAuth.php b/solid/lib/ClientAuth.php
@@ -0,0 +1,62 @@
+<?php
+	/* 
+		IMPORTANT WARNING!
+
+		This class is a user backend that accepts 'all'.
+		Any user, and password is currently accepted as true.
+		
+		The reason this is here is that Solid clients will use basic
+		authentication to do a POST request to the token endpoint,
+		where the actual authorization happens.
+
+		The security for this user backend lies in the fact that it
+		is only activated for the token endpoint in the Solid app. 
+
+		In /lib/AppInfo/Application.php there is a check for the
+		token endpoint before this thing activates.
+				
+		It is completely unsuitable as an actual user backend in the
+		normal sense of the word.
+		
+		It is here to allow the token requests with basic
+		authentication requests to pass to us.
+	*/
+
+	namespace OCA\Solid;
+
+	use OCP\User\Backend\ABackend;
+	use OCP\User\Backend\ICheckPasswordBackend;
+	
+	/**
+	 * @package OCA\Solid
+	 */
+	class ClientAuth extends ABackend implements ICheckPasswordBackend {
+		public function __construct() {
+		}
+
+		public function checkPassword(string $username, string $password) {
+			return true;
+		}
+
+		public function getBackendName() {
+			return "Solid";
+		}
+		public function deleteUser($uid) {
+			return false;
+		}
+		public function getUsers($search = "", $limit = null, $offset = null, $callback = null) {
+			return [];
+		}
+		public function userExists($uid) {
+			return true;
+		}
+		public function getDisplayName($uid) {
+			return "Solid client";
+		}
+		public function getDisplayNames($search = "", $limit = null, $offset = null) {
+			return [];
+		}
+		public function hasUserListings() {
+			return false;
+		}
+	}
diff --git a/solid/lib/Controller/ServerController.php b/solid/lib/Controller/ServerController.php
@@ -385,14 +385,7 @@ public function register() {
 		$clientData = $this->config->saveClientRegistration($origin, $clientData);
 		$registration = array(
 			'client_id' => $clientData['client_id'],
-			/*
-				 FIXME: returning client_secret will trigger calls with basic auth to us. To get this to work, we need this patch:
-				// File /var/www/vhosts/solid-nextcloud/site/www/lib/base.php not changed so no update needed
-				//	($request->getRawPathInfo() !== '/apps/oauth2/api/v1/token') &&
-				//	($request->getRawPathInfo() !== '/apps/solid/token')
-			*/
-			// 'client_secret' => $clientData['client_secret'], // FIXME: Returning this means we need to patch Nextcloud to accept tokens on calls to
-
+			'client_secret' => $clientData['client_secret'],
 			'registration_client_uri' => $this->urlGenerator->getAbsoluteURL($this->urlGenerator->linkToRoute("solid.server.registeredClient", array("clientId" => $clientData['client_id']))),
 			'client_id_issued_at' => $clientData['client_id_issued_at'],
 			'redirect_uris' => $clientData['redirect_uris'],
