[Pkg-owncloud-commits] [php-sabredav] 164/220: Added support for ACL-based unauthenticated access.
David Prévot
taffit at moszumanska.debian.org
Thu May 12 01:21:22 UTC 2016
This is an automated email from the git hooks/post-receive script.
taffit pushed a commit to branch master
in repository php-sabredav.
commit 28bbce1c30abada11d0e1d49094c120ff1e3084c
Author: Evert Pot <me at evertpot.com>
Date: Sun Apr 17 17:31:55 2016 +0900
Added support for ACL-based unauthenticated access.
---
lib/DAV/Auth/Backend/AbstractDigest.php | 6 ++
lib/DAV/Auth/Plugin.php | 104 ++++++++++++++++++++-
lib/DAVACL/Plugin.php | 72 +++++++++++---
tests/Sabre/CalDAV/ICSExportPluginTest.php | 11 ++-
tests/Sabre/CalDAV/Notifications/PluginTest.php | 4 +-
tests/Sabre/CalDAV/PluginTest.php | 4 +-
.../Sabre/CalDAV/Schedule/FreeBusyRequestTest.php | 1 +
tests/Sabre/DAV/Auth/PluginTest.php | 2 -
tests/Sabre/DAVACL/ACLMethodTest.php | 11 +++
tests/Sabre/DAVACL/AllowAccessTest.php | 11 ++-
tests/Sabre/DAVACL/BlockAccessTest.php | 10 ++
tests/Sabre/DAVACL/ExpandPropertiesTest.php | 4 +-
tests/Sabre/DAVACL/PluginPropertiesTest.php | 9 ++
tests/Sabre/DAVACL/PluginUpdatePropertiesTest.php | 19 ++--
tests/Sabre/DAVACL/PrincipalPropertySearchTest.php | 1 +
.../DAVACL/PrincipalSearchPropertySetTest.php | 1 +
tests/Sabre/DAVACL/SimplePluginTest.php | 7 ++
tests/Sabre/DAVServerTest.php | 13 ++-
18 files changed, 249 insertions(+), 41 deletions(-)
diff --git a/lib/DAV/Auth/Backend/AbstractDigest.php b/lib/DAV/Auth/Backend/AbstractDigest.php
index 0251dec..5d583e1 100644
--- a/lib/DAV/Auth/Backend/AbstractDigest.php
+++ b/lib/DAV/Auth/Backend/AbstractDigest.php
@@ -155,8 +155,14 @@ abstract class AbstractDigest implements BackendInterface {
$response
);
$auth->init();
+
+ $oldStatus = $response->getStatus() ? : 200;
$auth->requireLogin();
+ // Preventing the digest utility from modifying the http status code,
+ // this should be handled by the main plugin.
+ $response->setStatus($oldStatus);
+
}
}
diff --git a/lib/DAV/Auth/Plugin.php b/lib/DAV/Auth/Plugin.php
index 4ff6d2a..4b5f35a 100644
--- a/lib/DAV/Auth/Plugin.php
+++ b/lib/DAV/Auth/Plugin.php
@@ -25,6 +25,20 @@ use Sabre\DAV\ServerPlugin;
class Plugin extends ServerPlugin {
/**
+ * By default this plugin will require that the user is authenticated,
+ * and refuse any access if the user is not authenticated.
+ *
+ * If this setting is set to false, we let the user through, whether they
+ * are authenticated or not.
+ *
+ * This is useful if you want to allow both authenticated and
+ * unauthenticated access to your server.
+ *
+ * @param bool
+ */
+ public $autoRequireLogin = true;
+
+ /**
* authentication backends
*/
protected $backends;
@@ -132,6 +146,50 @@ class Plugin extends ServerPlugin {
return;
}
+
+ $authResult = $this->check($request, $response);
+
+ if ($authResult[0]) {
+ // Auth was successful
+ $this->currentPrincipal = $authResult[1];
+ $this->loginFailedReasons = null;
+ return;
+ }
+
+
+
+ // If we got here, it means that no authentication backend was
+ // successful in authenticating the user.
+ $this->currentPrincipal = null;
+ $this->loginFailedReasons = $authResult[1];
+
+ if ($this->autoRequireLogin) {
+ $this->challenge($request, $response);
+ throw new NotAuthenticated(implode(', ', $authResult[1]));
+ }
+
+ }
+
+ /**
+ * Checks authentication credentials, and logs the user in if possible.
+ *
+ * This method returns an array. The first item in the array is a boolean
+ * indicating if login was successful.
+ *
+ * If login was successful, the second item in the array will contain the
+ * current principal url/path of the logged in user.
+ *
+ * If login was not successful, the second item in the array will contain a
+ * an array with strings. The strings are a list of reasons why login was
+ * unsuccesful. For every auth backend there will be one reason, so usually
+ * there's just one.
+ *
+ * @param RequestInterface $request
+ * @param ResponseInterface $response
+ * @return array
+ */
+ function check(RequestInterface $request, ResponseInterface $response) {
+
if (!$this->backends) {
throw new \Sabre\DAV\Exception('No authentication backends were configured on this server.');
}
@@ -150,20 +208,56 @@ class Plugin extends ServerPlugin {
if ($result[0]) {
$this->currentPrincipal = $result[1];
// Exit early
- return;
+ return [true, $result[1]];
}
$reasons[] = $result[1];
}
- // If we got here, it means that no authentication backend was
- // successful in authenticating the user.
- $this->currentPrincipal = null;
+ return [false, $reasons];
+
+ }
+
+ /**
+ * This method sends authentication challenges to the user.
+ *
+ * This method will for example cause a HTTP Basic backend to set a
+ * WWW-Authorization header, indicating to the client that it should
+ * authenticate.
+ *
+ * @param RequestInterface $request
+ * @param ResponseInterface $response
+ * @return array
+ */
+ function challenge(RequestInterface $request, ResponseInterface $response) {
foreach ($this->backends as $backend) {
$backend->challenge($request, $response);
}
- throw new NotAuthenticated(implode(', ', $reasons));
+
+ }
+
+ /**
+ * List of reasons why login failed for the last login operation.
+ *
+ * @var string[]|null
+ */
+ protected $loginFailedReasons;
+
+ /**
+ * Returns a list of reasons why login was unsuccessful.
+ *
+ * This method will return the login failed reasons for the last login
+ * operation. One for each auth backend.
+ *
+ * This method returns null if the last authentication attempt was
+ * successful, or if there was no authentication attempt yet.
+ *
+ * @return string[]|null
+ */
+ function getLoginFailedReasons() {
+
+ return $this->loginFailedReasons;
}
diff --git a/lib/DAVACL/Plugin.php b/lib/DAVACL/Plugin.php
index ab3ddf5..f22d206 100644
--- a/lib/DAVACL/Plugin.php
+++ b/lib/DAVACL/Plugin.php
@@ -6,6 +6,8 @@ use Sabre\DAV;
use Sabre\DAV\INode;
use Sabre\DAV\Exception\BadRequest;
use Sabre\DAV\Exception\NotFound;
+use Sabre\DAV\Exception\NotAuthenticated;
+use Sabre\DAVACL\Exception\NeedPrivileges;
use Sabre\HTTP\RequestInterface;
use Sabre\HTTP\ResponseInterface;
use Sabre\Uri;
@@ -98,6 +100,18 @@ class Plugin extends DAV\ServerPlugin {
public $adminPrincipals = [];
/**
+ * The ACL plugin allows privileges to be assigned to users that are not
+ * logged in. To facilitate that, it modifies the auth plugin's behavior
+ * to only require login when a privileged operation was denied.
+ *
+ * Unauthenticated access can be considered a security concern, so it's
+ * possible to turn this feature off to harden the server's security.
+ *
+ * @var bool
+ */
+ public $allowUnauthenticatedAccess = true;
+
+ /**
* Returns a list of features added by this plugin.
*
* This list is used in the response of a HTTP OPTIONS request.
@@ -168,7 +182,8 @@ class Plugin extends DAV\ServerPlugin {
* @param array|string $privileges
* @param int $recursion
* @param bool $throwExceptions if set to false, this method won't throw exceptions.
- * @throws Sabre\DAVACL\Exception\NeedPrivileges
+ * @throws NeedPrivileges
+ * @throws NotAuthenticated
* @return bool
*/
function checkPrivileges($uri, $privileges, $recursion = self::R_PARENT, $throwExceptions = true) {
@@ -187,10 +202,22 @@ class Plugin extends DAV\ServerPlugin {
}
if ($failed) {
- if ($throwExceptions)
- throw new Exception\NeedPrivileges($uri, $failed);
- else
+ if ($this->allowUnauthenticatedAccess && is_null($this->getCurrentUserPrincipal())) {
+ // We are not authenticated. Kicking in the Auth plugin.
+ $authPlugin = $this->server->getPlugin('auth');
+ $reasons = $authPlugin->getLoginFailedReasons();
+ $authPlugin->challenge(
+ $this->server->httpRequest,
+ $this->server->httpResponse
+ );
+ throw new notAuthenticated(implode(', ', $reasons) . '. Login was needed for privilege: ' . implode(', ', $failed) . ' on ' . $uri);
+ }
+ if ($throwExceptions) {
+
+ throw new NeedPrivileges($uri, $failed);
+ } else {
return false;
+ }
}
return true;
@@ -207,9 +234,9 @@ class Plugin extends DAV\ServerPlugin {
function getCurrentUserPrincipal() {
$authPlugin = $this->server->getPlugin('auth');
- if (is_null($authPlugin)) return null;
- /** @var $authPlugin Sabre\DAV\Auth\Plugin */
-
+ if (!$authPlugin) {
+ return null;
+ }
return $authPlugin->getCurrentPrincipal();
}
@@ -277,6 +304,11 @@ class Plugin extends DAV\ServerPlugin {
'protected' => true,
'privilege' => '{DAV:}all',
],
+ [
+ 'principal' => '{DAV:}unauthenticated',
+ 'protected' => true,
+ 'privilege' => '{DAV:}read',
+ ],
];
/**
@@ -595,6 +627,8 @@ class Plugin extends DAV\ServerPlugin {
$collected = [];
+ $isAuthenticated = $this->getCurrentUserPrincipal() !== null;
+
foreach ($acl as $ace) {
$principal = $ace['principal'];
@@ -611,17 +645,21 @@ class Plugin extends DAV\ServerPlugin {
// 'all' matches for every user
case '{DAV:}all' :
+ $collected[] = $ace;
+ break;
- // 'authenticated' matched for every user that's logged in.
- // Since it's not possible to use ACL while not being logged
- // in, this is also always true.
case '{DAV:}authenticated' :
- $collected[] = $ace;
+ // Authenticated users only
+ if ($isAuthenticated) {
+ $collected[] = $ace;
+ }
break;
- // 'unauthenticated' can never occur either, so we simply
- // ignore these.
case '{DAV:}unauthenticated' :
+ // Unauthenticated users only
+ if (!$isAuthenticated) {
+ $collected[] = $ace;
+ }
break;
default :
@@ -765,6 +803,14 @@ class Plugin extends DAV\ServerPlugin {
*/
function initialize(DAV\Server $server) {
+ if ($this->allowUnauthenticatedAccess) {
+ $authPlugin = $server->getPlugin('auth');
+ if (!$authPlugin) {
+ throw new \Exception('The Auth plugin must be loaded before the ACL plugin if you want to allow unauthenticated access.');
+ }
+ $authPlugin->autoRequireLogin = false;
+ }
+
$this->server = $server;
$server->on('propFind', [$this, 'propFind'], 20);
$server->on('beforeMethod', [$this, 'beforeMethod'], 20);
diff --git a/tests/Sabre/CalDAV/ICSExportPluginTest.php b/tests/Sabre/CalDAV/ICSExportPluginTest.php
index 1470a94..9719529 100644
--- a/tests/Sabre/CalDAV/ICSExportPluginTest.php
+++ b/tests/Sabre/CalDAV/ICSExportPluginTest.php
@@ -7,9 +7,6 @@ use Sabre\HTTP;
use Sabre\VObject;
use Sabre\DAVACL;
-require_once 'Sabre/CalDAV/TestUtil.php';
-require_once 'Sabre/HTTP/ResponseMock.php';
-
class ICSExportPluginTest extends \Sabre\DAVServerTest {
protected $setupCalDAV = true;
@@ -137,8 +134,10 @@ ICS
function testACLIntegrationBlocked() {
+ $aclPlugin = new DAVACL\Plugin();
+ $aclPlugin->allowUnauthenticatedAccess = false;
$this->server->addPlugin(
- new DAVACL\Plugin()
+ $aclPlugin
);
$request = new HTTP\Request(
@@ -152,8 +151,10 @@ ICS
function testACLIntegrationNotBlocked() {
+ $aclPlugin = new DAVACL\Plugin();
+ $aclPlugin->allowUnauthenticatedAccess = false;
$this->server->addPlugin(
- new DAVACL\Plugin()
+ $aclPlugin
);
$this->server->addPlugin(
new Plugin()
diff --git a/tests/Sabre/CalDAV/Notifications/PluginTest.php b/tests/Sabre/CalDAV/Notifications/PluginTest.php
index 40cff5a..cd82b63 100644
--- a/tests/Sabre/CalDAV/Notifications/PluginTest.php
+++ b/tests/Sabre/CalDAV/Notifications/PluginTest.php
@@ -45,7 +45,9 @@ class PluginTest extends \PHPUnit_Framework_TestCase {
// Adding ACL plugin
- $this->server->addPlugin(new DAVACL\Plugin());
+ $aclPlugin = new DAVACL\Plugin();
+ $aclPlugin->allowUnauthenticatedAccess = false;
+ $this->server->addPlugin($aclPlugin);
// CalDAV is also required.
$this->server->addPlugin(new CalDAV\Plugin());
diff --git a/tests/Sabre/CalDAV/PluginTest.php b/tests/Sabre/CalDAV/PluginTest.php
index a81b5bb..ccbb1e0 100644
--- a/tests/Sabre/CalDAV/PluginTest.php
+++ b/tests/Sabre/CalDAV/PluginTest.php
@@ -81,7 +81,9 @@ class PluginTest extends \PHPUnit_Framework_TestCase {
$this->server->addPlugin($this->plugin);
// Adding ACL plugin
- $this->server->addPlugin(new DAVACL\Plugin());
+ $aclPlugin = new DAVACL\Plugin();
+ $aclPlugin->allowUnauthenticatedAccess = false;
+ $this->server->addPlugin($aclPlugin);
// Adding Auth plugin, and ensuring that we are logged in.
$authBackend = new DAV\Auth\Backend\Mock();
diff --git a/tests/Sabre/CalDAV/Schedule/FreeBusyRequestTest.php b/tests/Sabre/CalDAV/Schedule/FreeBusyRequestTest.php
index 4fa7d71..4886ec5 100644
--- a/tests/Sabre/CalDAV/Schedule/FreeBusyRequestTest.php
+++ b/tests/Sabre/CalDAV/Schedule/FreeBusyRequestTest.php
@@ -76,6 +76,7 @@ END:VCALENDAR',
$this->server->httpResponse = $this->response;
$this->aclPlugin = new DAVACL\Plugin();
+ $this->aclPlugin->allowUnauthenticatedAccess = false;
$this->server->addPlugin($this->aclPlugin);
$authBackend = new DAV\Auth\Backend\Mock();
diff --git a/tests/Sabre/DAV/Auth/PluginTest.php b/tests/Sabre/DAV/Auth/PluginTest.php
index 225fe14..3ed79a7 100644
--- a/tests/Sabre/DAV/Auth/PluginTest.php
+++ b/tests/Sabre/DAV/Auth/PluginTest.php
@@ -5,8 +5,6 @@ namespace Sabre\DAV\Auth;
use Sabre\HTTP;
use Sabre\DAV;
-require_once 'Sabre/HTTP/ResponseMock.php';
-
class PluginTest extends \PHPUnit_Framework_TestCase {
function testInit() {
diff --git a/tests/Sabre/DAVACL/ACLMethodTest.php b/tests/Sabre/DAVACL/ACLMethodTest.php
index 8c899ff..7d7a54d 100644
--- a/tests/Sabre/DAVACL/ACLMethodTest.php
+++ b/tests/Sabre/DAVACL/ACLMethodTest.php
@@ -14,6 +14,7 @@ class ACLMethodTest extends \PHPUnit_Framework_TestCase {
$acl = new Plugin();
$server = new DAV\Server();
+ $server->addPlugin(new DAV\Auth\Plugin());
$server->addPlugin($acl);
$acl->httpAcl($server->httpRequest, $server->httpResponse);
@@ -36,6 +37,7 @@ class ACLMethodTest extends \PHPUnit_Framework_TestCase {
<d:acl xmlns:d="DAV:">
</d:acl>';
$server->httpRequest->setBody($body);
+ $server->addPlugin(new DAV\Auth\Plugin());
$server->addPlugin($acl);
$acl->httpACL($server->httpRequest, $server->httpResponse);
@@ -56,6 +58,7 @@ class ACLMethodTest extends \PHPUnit_Framework_TestCase {
<d:acl xmlns:d="DAV:">
</d:acl>';
$server->httpRequest->setBody($body);
+ $server->addPlugin(new DAV\Auth\Plugin());
$server->addPlugin($acl);
$this->assertFalse($acl->httpACL($server->httpRequest, $server->httpResponse));
@@ -81,6 +84,7 @@ class ACLMethodTest extends \PHPUnit_Framework_TestCase {
</d:ace>
</d:acl>';
$server->httpRequest->setBody($body);
+ $server->addPlugin(new DAV\Auth\Plugin());
$server->addPlugin($acl);
$acl->httpACL($server->httpRequest, $server->httpResponse);
@@ -109,6 +113,7 @@ class ACLMethodTest extends \PHPUnit_Framework_TestCase {
</d:ace>
</d:acl>';
$server->httpRequest->setBody($body);
+ $server->addPlugin(new DAV\Auth\Plugin());
$server->addPlugin($acl);
$acl->httpACL($server->httpRequest, $server->httpResponse);
@@ -134,6 +139,7 @@ class ACLMethodTest extends \PHPUnit_Framework_TestCase {
</d:ace>
</d:acl>';
$server->httpRequest->setBody($body);
+ $server->addPlugin(new DAV\Auth\Plugin());
$server->addPlugin($acl);
$acl->httpACL($server->httpRequest, $server->httpResponse);
@@ -162,6 +168,7 @@ class ACLMethodTest extends \PHPUnit_Framework_TestCase {
</d:ace>
</d:acl>';
$server->httpRequest->setBody($body);
+ $server->addPlugin(new DAV\Auth\Plugin());
$server->addPlugin($acl);
$acl->httpACL($server->httpRequest, $server->httpResponse);
@@ -195,6 +202,7 @@ class ACLMethodTest extends \PHPUnit_Framework_TestCase {
</d:ace>
</d:acl>';
$server->httpRequest->setBody($body);
+ $server->addPlugin(new DAV\Auth\Plugin());
$server->addPlugin($acl);
$acl->httpACL($server->httpRequest, $server->httpResponse);
@@ -228,6 +236,7 @@ class ACLMethodTest extends \PHPUnit_Framework_TestCase {
</d:ace>
</d:acl>';
$server->httpRequest->setBody($body);
+ $server->addPlugin(new DAV\Auth\Plugin());
$server->addPlugin($acl);
$acl->httpACL($server->httpRequest, $server->httpResponse);
@@ -261,6 +270,7 @@ class ACLMethodTest extends \PHPUnit_Framework_TestCase {
</d:ace>
</d:acl>';
$server->httpRequest->setBody($body);
+ $server->addPlugin(new DAV\Auth\Plugin());
$server->addPlugin($acl);
$acl->httpACL($server->httpRequest, $server->httpResponse);
@@ -304,6 +314,7 @@ class ACLMethodTest extends \PHPUnit_Framework_TestCase {
</d:ace>
</d:acl>';
$server->httpRequest->setBody($body);
+ $server->addPlugin(new DAV\Auth\Plugin());
$server->addPlugin($acl);
diff --git a/tests/Sabre/DAVACL/AllowAccessTest.php b/tests/Sabre/DAVACL/AllowAccessTest.php
index 9b4b539..f166936 100644
--- a/tests/Sabre/DAVACL/AllowAccessTest.php
+++ b/tests/Sabre/DAVACL/AllowAccessTest.php
@@ -20,8 +20,17 @@ class AllowAccessTest extends \PHPUnit_Framework_TestCase {
];
$this->server = new DAV\Server($nodes);
+ $this->server->addPlugin(
+ new DAV\Auth\Plugin(
+ new DAV\Auth\Backend\Mock()
+ )
+ );
+ // Login
+ $this->server->getPlugin('auth')->beforeMethod(
+ new \Sabre\HTTP\Request(),
+ new \Sabre\HTTP\Response()
+ );
$aclPlugin = new Plugin();
- $aclPlugin->allowAccessToNodesWithoutACL = true;
$this->server->addPlugin($aclPlugin);
}
diff --git a/tests/Sabre/DAVACL/BlockAccessTest.php b/tests/Sabre/DAVACL/BlockAccessTest.php
index d3c925d..ceae9ae 100644
--- a/tests/Sabre/DAVACL/BlockAccessTest.php
+++ b/tests/Sabre/DAVACL/BlockAccessTest.php
@@ -21,6 +21,16 @@ class BlockAccessTest extends \PHPUnit_Framework_TestCase {
$this->server = new DAV\Server($nodes);
$this->plugin = new Plugin();
$this->plugin->setDefaultAcl([]);
+ $this->server->addPlugin(
+ new DAV\Auth\Plugin(
+ new DAV\Auth\Backend\Mock()
+ )
+ );
+ // Login
+ $this->server->getPlugin('auth')->beforeMethod(
+ new \Sabre\HTTP\Request(),
+ new \Sabre\HTTP\Response()
+ );
$this->server->addPlugin($this->plugin);
}
diff --git a/tests/Sabre/DAVACL/ExpandPropertiesTest.php b/tests/Sabre/DAVACL/ExpandPropertiesTest.php
index 8fc6659..0612b54 100644
--- a/tests/Sabre/DAVACL/ExpandPropertiesTest.php
+++ b/tests/Sabre/DAVACL/ExpandPropertiesTest.php
@@ -33,9 +33,9 @@ class ExpandPropertiesTest extends \PHPUnit_Framework_TestCase {
$fakeServer->debugExceptions = true;
$fakeServer->httpResponse = new HTTP\ResponseMock();
$plugin = new Plugin();
- $plugin->allowAccessToNodesWithoutACL = true;
-
+ $plugin->allowUnauthenticatedAccess = false;
$this->assertTrue($plugin instanceof Plugin);
+
$fakeServer->addPlugin($plugin);
$this->assertEquals($plugin, $fakeServer->getPlugin('acl'));
diff --git a/tests/Sabre/DAVACL/PluginPropertiesTest.php b/tests/Sabre/DAVACL/PluginPropertiesTest.php
index 8665816..5762ac9 100644
--- a/tests/Sabre/DAVACL/PluginPropertiesTest.php
+++ b/tests/Sabre/DAVACL/PluginPropertiesTest.php
@@ -10,6 +10,7 @@ class PluginPropertiesTest extends \PHPUnit_Framework_TestCase {
function testPrincipalCollectionSet() {
$plugin = new Plugin();
+ $plugin->allowUnauthenticatedAccess = false;
$plugin->principalCollectionSet = [
'principals1',
'principals2',
@@ -78,6 +79,7 @@ class PluginPropertiesTest extends \PHPUnit_Framework_TestCase {
function testSupportedPrivilegeSet() {
$plugin = new Plugin();
+ $plugin->allowUnauthenticatedAccess = false;
$server = new DAV\Server();
$server->addPlugin($plugin);
@@ -137,6 +139,7 @@ class PluginPropertiesTest extends \PHPUnit_Framework_TestCase {
function testACL() {
$plugin = new Plugin();
+ $plugin->allowUnauthenticatedAccess = false;
$nodes = [
new MockACLNode('foo', [
@@ -175,6 +178,7 @@ class PluginPropertiesTest extends \PHPUnit_Framework_TestCase {
function testACLRestrictions() {
$plugin = new Plugin();
+ $plugin->allowUnauthenticatedAccess = false;
$nodes = [
new MockACLNode('foo', [
@@ -222,6 +226,7 @@ class PluginPropertiesTest extends \PHPUnit_Framework_TestCase {
//$plugin = new DAV\Auth\Plugin(new DAV\Auth\MockBackend())
//$fakeServer->addPlugin($plugin);
$plugin = new Plugin();
+ $plugin->allowUnauthenticatedAccess = false;
$fakeServer->addPlugin($plugin);
$requestedProperties = [
@@ -250,6 +255,7 @@ class PluginPropertiesTest extends \PHPUnit_Framework_TestCase {
//$plugin = new DAV\Auth\Plugin(new DAV\Auth\MockBackend());
//$fakeServer->addPlugin($plugin);
$plugin = new Plugin();
+ $plugin->allowUnauthenticatedAccess = false;
$fakeServer->addPlugin($plugin);
$requestedProperties = [
@@ -279,6 +285,7 @@ class PluginPropertiesTest extends \PHPUnit_Framework_TestCase {
//$plugin = new DAV\Auth\Plugin(new DAV\Auth\MockBackend());
//$fakeServer->addPlugin($plugin);
$plugin = new Plugin();
+ $plugin->allowUnauthenticatedAccess = false;
$fakeServer->addPlugin($plugin);
$requestedProperties = [
@@ -306,6 +313,7 @@ class PluginPropertiesTest extends \PHPUnit_Framework_TestCase {
$fakeServer = new DAV\Server($tree);
$plugin = new Plugin();
+ $plugin->allowUnauthenticatedAccess = false;
$fakeServer->addPlugin($plugin);
$requestedProperties = [
@@ -333,6 +341,7 @@ class PluginPropertiesTest extends \PHPUnit_Framework_TestCase {
$fakeServer = new DAV\Server($tree);
$plugin = new Plugin();
+ $plugin->allowUnauthenticatedAccess = false;
$fakeServer->addPlugin($plugin);
$requestedProperties = [
diff --git a/tests/Sabre/DAVACL/PluginUpdatePropertiesTest.php b/tests/Sabre/DAVACL/PluginUpdatePropertiesTest.php
index dd07f68..0147e6a 100644
--- a/tests/Sabre/DAVACL/PluginUpdatePropertiesTest.php
+++ b/tests/Sabre/DAVACL/PluginUpdatePropertiesTest.php
@@ -4,8 +4,6 @@ namespace Sabre\DAVACL;
use Sabre\DAV;
-require_once 'Sabre/DAVACL/MockPrincipal.php';
-
class PluginUpdatePropertiesTest extends \PHPUnit_Framework_TestCase {
function testUpdatePropertiesPassthrough() {
@@ -14,6 +12,7 @@ class PluginUpdatePropertiesTest extends \PHPUnit_Framework_TestCase {
new DAV\SimpleCollection('foo'),
];
$server = new DAV\Server($tree);
+ $server->addPlugin(new DAV\Auth\Plugin());
$server->addPlugin(new Plugin());
$result = $server->updateProperties('foo', [
@@ -34,7 +33,9 @@ class PluginUpdatePropertiesTest extends \PHPUnit_Framework_TestCase {
new MockPrincipal('foo', 'foo'),
];
$server = new DAV\Server($tree);
- $server->addPlugin(new Plugin());
+ $plugin = new Plugin();
+ $plugin->allowUnauthenticatedAccess = false;
+ $server->addPlugin($plugin);
$result = $server->updateProperties('foo', [
'{DAV:}group-member-set' => null,
@@ -55,7 +56,9 @@ class PluginUpdatePropertiesTest extends \PHPUnit_Framework_TestCase {
new MockPrincipal('foo', 'foo'),
];
$server = new DAV\Server($tree);
- $server->addPlugin(new Plugin());
+ $plugin = new Plugin();
+ $plugin->allowUnauthenticatedAccess = false;
+ $server->addPlugin($plugin);
$result = $server->updateProperties('foo', [
'{DAV:}group-member-set' => new DAV\Xml\Property\Href(['/bar', '/baz'], true),
@@ -79,7 +82,9 @@ class PluginUpdatePropertiesTest extends \PHPUnit_Framework_TestCase {
new MockPrincipal('foo', 'foo'),
];
$server = new DAV\Server($tree);
- $server->addPlugin(new Plugin());
+ $plugin = new Plugin();
+ $plugin->allowUnauthenticatedAccess = false;
+ $server->addPlugin($plugin);
$result = $server->updateProperties('foo', [
'{DAV:}group-member-set' => new \StdClass(),
@@ -93,7 +98,9 @@ class PluginUpdatePropertiesTest extends \PHPUnit_Framework_TestCase {
new DAV\SimpleCollection('foo'),
];
$server = new DAV\Server($tree);
- $server->addPlugin(new Plugin());
+ $plugin = new Plugin();
+ $plugin->allowUnauthenticatedAccess = false;
+ $server->addPlugin($plugin);
$result = $server->updateProperties('foo', [
'{DAV:}group-member-set' => new DAV\Xml\Property\Href(['/bar', '/baz'], false),
diff --git a/tests/Sabre/DAVACL/PrincipalPropertySearchTest.php b/tests/Sabre/DAVACL/PrincipalPropertySearchTest.php
index a3b7c02..60e156d 100644
--- a/tests/Sabre/DAVACL/PrincipalPropertySearchTest.php
+++ b/tests/Sabre/DAVACL/PrincipalPropertySearchTest.php
@@ -23,6 +23,7 @@ class PrincipalPropertySearchTest extends \PHPUnit_Framework_TestCase {
$fakeServer->debugExceptions = true;
$plugin = new MockPlugin();
$plugin->allowAccessToNodesWithoutACL = true;
+ $plugin->allowUnauthenticatedAccess = false;
$this->assertTrue($plugin instanceof Plugin);
$fakeServer->addPlugin($plugin);
diff --git a/tests/Sabre/DAVACL/PrincipalSearchPropertySetTest.php b/tests/Sabre/DAVACL/PrincipalSearchPropertySetTest.php
index cf125c3..fa1314d 100644
--- a/tests/Sabre/DAVACL/PrincipalSearchPropertySetTest.php
+++ b/tests/Sabre/DAVACL/PrincipalSearchPropertySetTest.php
@@ -21,6 +21,7 @@ class PrincipalSearchPropertySetTest extends \PHPUnit_Framework_TestCase {
$fakeServer->sapi = new HTTP\SapiMock();
$fakeServer->httpResponse = new HTTP\ResponseMock();
$plugin = new Plugin();
+ $plugin->allowUnauthenticatedAccess = false;
$this->assertTrue($plugin instanceof Plugin);
$fakeServer->addPlugin($plugin);
$this->assertEquals($plugin, $fakeServer->getPlugin('acl'));
diff --git a/tests/Sabre/DAVACL/SimplePluginTest.php b/tests/Sabre/DAVACL/SimplePluginTest.php
index 4b65970..51ba64d 100644
--- a/tests/Sabre/DAVACL/SimplePluginTest.php
+++ b/tests/Sabre/DAVACL/SimplePluginTest.php
@@ -115,6 +115,7 @@ class SimplePluginTest extends \PHPUnit_Framework_TestCase {
];
$plugin = new Plugin();
+ $plugin->allowUnauthenticatedAccess = false;
$server = new DAV\Server();
$server->addPlugin($plugin);
$this->assertEquals($expected, $plugin->getFlatPrivilegeSet(''));
@@ -124,6 +125,7 @@ class SimplePluginTest extends \PHPUnit_Framework_TestCase {
function testCurrentUserPrincipalsNotLoggedIn() {
$acl = new Plugin();
+ $acl->allowUnauthenticatedAccess = false;
$server = new DAV\Server();
$server->addPlugin($acl);
@@ -142,6 +144,7 @@ class SimplePluginTest extends \PHPUnit_Framework_TestCase {
];
$acl = new Plugin();
+ $acl->allowUnauthenticatedAccess = false;
$server = new DAV\Server($tree);
$server->addPlugin($acl);
@@ -169,6 +172,7 @@ class SimplePluginTest extends \PHPUnit_Framework_TestCase {
];
$acl = new Plugin();
+ $acl->allowUnauthenticatedAccess = false;
$server = new DAV\Server($tree);
$server->addPlugin($acl);
@@ -212,6 +216,7 @@ class SimplePluginTest extends \PHPUnit_Framework_TestCase {
$server = new DAV\Server($tree);
$aclPlugin = new Plugin();
+ $aclPlugin->allowUnauthenticatedAccess = false;
$server->addPlugin($aclPlugin);
$this->assertEquals($acl, $aclPlugin->getACL('foo'));
@@ -247,6 +252,7 @@ class SimplePluginTest extends \PHPUnit_Framework_TestCase {
$server = new DAV\Server($tree);
$aclPlugin = new Plugin();
+ $aclPlugin->allowUnauthenticatedAccess = false;
$server->addPlugin($aclPlugin);
$auth = new DAV\Auth\Plugin(new DAV\Auth\Backend\Mock());
@@ -299,6 +305,7 @@ class SimplePluginTest extends \PHPUnit_Framework_TestCase {
$server = new DAV\Server($tree);
$aclPlugin = new Plugin();
+ $aclPlugin->allowUnauthenticatedAccess = false;
$server->addPlugin($aclPlugin);
$auth = new DAV\Auth\Plugin(new DAV\Auth\Backend\Mock());
diff --git a/tests/Sabre/DAVServerTest.php b/tests/Sabre/DAVServerTest.php
index 4485003..c9039ea 100644
--- a/tests/Sabre/DAVServerTest.php
+++ b/tests/Sabre/DAVServerTest.php
@@ -150,11 +150,6 @@ abstract class DAVServerTest extends \PHPUnit_Framework_TestCase {
$this->carddavPlugin = new CardDAV\Plugin();
$this->server->addPlugin($this->carddavPlugin);
}
- if ($this->setupACL) {
- $this->aclPlugin = new DAVACL\Plugin();
- $this->aclPlugin->adminPrincipals = ['principals/admin'];
- $this->server->addPlugin($this->aclPlugin);
- }
if ($this->setupLocks) {
$this->locksPlugin = new DAV\Locks\Plugin(
$this->locksBackend
@@ -170,6 +165,14 @@ abstract class DAVServerTest extends \PHPUnit_Framework_TestCase {
if ($this->autoLogin) {
$this->autoLogin($this->autoLogin);
}
+ if ($this->setupACL) {
+ $this->aclPlugin = new DAVACL\Plugin();
+ if (!$this->autoLogin) {
+ $this->aclPlugin->allowUnauthenticatedAccess = false;
+ }
+ $this->aclPlugin->adminPrincipals = ['principals/admin'];
+ $this->server->addPlugin($this->aclPlugin);
+ }
}
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-php/php-sabredav.git
More information about the Pkg-owncloud-commits
mailing list