Skip to content

Feature/user backend #212

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
ylebre merged 9 commits into from
Jun 27, 2025
Merged

Feature/user backend #212

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
8088220
first bits, try to register a user backend
ylebre Jun 27, 2025
becb437
move register step to constructor, it needs to be called before boot
ylebre Jun 27, 2025
a9fdac7
implement all functions to get something to run
ylebre Jun 27, 2025
e6568ff
only register for the token endpoint
ylebre Jun 27, 2025
c045b4d
token endpoint now uses the clientauth thing, so we can safely return…
ylebre Jun 27, 2025
e93980a
remove error_log and add HUGE warning sign
ylebre Jun 27, 2025
6988778
add warning
ylebre Jun 27, 2025
4d96b15
remove error_log
ylebre Jun 27, 2025
16f8048
whitespace
ylebre Jun 27, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions solid/appinfo/info.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,9 @@ When you do this, the Solid App can store data in your Nextcloud account through
<author mail="[email protected]" >Auke van Slooten</author>
<namespace>Solid</namespace>
<category>integration</category>
<types>
<authentication/>
</types>
<bugs>https://github.com/pdsinterop/solid-nextcloud/issues</bugs>
<dependencies>
<nextcloud min-version="28" max-version="30"/>
Expand Down
12 changes: 11 additions & 1 deletion solid/lib/AppInfo/Application.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,21 +10,31 @@
use OCA\Solid\Service\SolidWebhookService;
use OCA\Solid\Db\SolidWebhookMapper;
use OCA\Solid\Middleware\SolidCorsMiddleware;
use OCA\Solid\ClientAuth;

use OCP\AppFramework\App;
use OCP\AppFramework\Bootstrap\IBootContext;
use OCP\AppFramework\Bootstrap\IBootstrap;
use OCP\AppFramework\Bootstrap\IRegistrationContext;
use OCP\IDBConnection;
use OCP\IRequest;
use OCP\Server;

class Application extends App implements IBootstrap {
public const APP_ID = 'solid';
public static $userSubDomainsEnabled;
public static $userSubDomainsEnabled;

/**
* @param array $urlParams
*/
public function __construct(array $urlParams = []) {
$request = \OCP\Server::get(\OCP\IRequest::class);
$rawPathInfo = $request->getRawPathInfo();

if ($rawPathInfo == '/apps/solid/token') {
$backend = new \OCA\Solid\ClientAuth();
\OC::$server->getUserManager()->registerBackend($backend);
}
parent::__construct(self::APP_ID, $urlParams);
}

Expand Down
62 changes: 62 additions & 0 deletions solid/lib/ClientAuth.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
<?php
/*
IMPORTANT WARNING!

This class is a user backend that accepts 'all'.
Any user, and password is currently accepted as true.

The reason this is here is that Solid clients will use basic
authentication to do a POST request to the token endpoint,
where the actual authorization happens.

The security for this user backend lies in the fact that it
is only activated for the token endpoint in the Solid app.

In /lib/AppInfo/Application.php there is a check for the
token endpoint before this thing activates.

It is completely unsuitable as an actual user backend in the
normal sense of the word.

It is here to allow the token requests with basic
authentication requests to pass to us.
*/

namespace OCA\Solid;

use OCP\User\Backend\ABackend;
use OCP\User\Backend\ICheckPasswordBackend;

/**
* @package OCA\Solid
*/
class ClientAuth extends ABackend implements ICheckPasswordBackend {
public function __construct() {
}

public function checkPassword(string $username, string $password) {
return true;
}

public function getBackendName() {
return "Solid";
}
public function deleteUser($uid) {
return false;
}
public function getUsers($search = "", $limit = null, $offset = null, $callback = null) {
return [];
}
public function userExists($uid) {
return true;
}
public function getDisplayName($uid) {
return "Solid client";
}
public function getDisplayNames($search = "", $limit = null, $offset = null) {
return [];
}
public function hasUserListings() {
return false;
}
}
9 changes: 1 addition & 8 deletions solid/lib/Controller/ServerController.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -385,14 +385,7 @@ public function register() {
$clientData = $this->config->saveClientRegistration($origin, $clientData);
$registration = array(
'client_id' => $clientData['client_id'],
/*
FIXME: returning client_secret will trigger calls with basic auth to us. To get this to work, we need this patch:
// File /var/www/vhosts/solid-nextcloud/site/www/lib/base.php not changed so no update needed
// ($request->getRawPathInfo() !== '/apps/oauth2/api/v1/token') &&
// ($request->getRawPathInfo() !== '/apps/solid/token')
*/
// 'client_secret' => $clientData['client_secret'], // FIXME: Returning this means we need to patch Nextcloud to accept tokens on calls to

'client_secret' => $clientData['client_secret'],
'registration_client_uri' => $this->urlGenerator->getAbsoluteURL($this->urlGenerator->linkToRoute("solid.server.registeredClient", array("clientId" => $clientData['client_id']))),
'client_id_issued_at' => $clientData['client_id_issued_at'],
'redirect_uris' => $clientData['redirect_uris'],
Expand Down