Introduce UserSession::verifyAuthHeaders which validates the session …

[DeepDiver1975]

…against given auth headers like basic auth or oauth

Description

Related Issue

#28707

Motivation and Context

How Has This Been Tested?

Screenshots (if appropriate):

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

• My code follows the code style of this project.
• My change requires a change to the documentation.
• I have updated the documentation accordingly.
• I have read the CONTRIBUTING document.
• I have added tests to cover my changes.
• All new and existing tests passed.

[SamuAlfageme]

@DeepDiver1975 is this still a WIP?

[DeepDiver1975]

@DeepDiver1975 is this still a WIP?

yes still WIP - will be back on this after the conference ...

[michaelstingl]

@PVince81 ping

[PVince81]

@DeepDiver1975 any chance to finish this for 10.0.4 ? It is a blocker for all clients. Without this, they all need to build in ugly workarounds.

[PVince81]

@DeepDiver1975 please post a list of remaining tasks/issues so someone else can take over

[DeepDiver1975]

@DeepDiver1975 please post a list of remaining tasks/issues so someone else can take over

• test if this is already enough to fullfill the requirement
• make sure nothing else was broken

[PVince81]

test if this is already enough to fullfill the requirement

@michaelstingl @SamuAlfageme

[michaelstingl]

@jesmrec @nasli @davigonz Please check with mobile platforms ^

[DeepDiver1975]

god damn - my latest changes of today are resulting in an infinite loop ..... 💥

[nasli]

👍 @DeepDiver1975 ping us again when is ready to test

[DeepDiver1975]

👍 @DeepDiver1975 ping us again when is ready to test

@nasli ping 😉

[butonic]

hm then checkAppForUser in line 165 also needs te allow null in the phpdocs

[DeepDiver1975]

indeed

[nasli]

Great!! Thanks @DeepDiver1975, spoiler! Jesus has made first tests and seems to work fine, we let you know

[jesmrec]

ping us when it is (finally) ready.

[PVince81]

so it seems the code is ready apart from the PHPDoc comment ?

this checkbox item still requires attention:

make sure nothing else was broken

What needs to be retested ? Everything auth related, all auth types, shibboleth, etc ?

[PVince81]

@davitol is going to try and break this with different auth types.

@DeepDiver1975 assuming this is done apart from the PHPDoc issue

[davitol]

Tests results:

❌  basic auth on Webdav: It is not listed. It is needed a forwardport of https://github.com/owncloud/core/pull/28879

✅ web UI session

✅ auth with application token instead of password

✅ oauth2

[DeepDiver1975]

@PVince81 this is for 10.0.4 - right? I need to adjust the since annotation then

[PVince81]

@DeepDiver1975 yes please, thanks

[codecov]

Codecov Report

Merging #28733 into master will increase coverage by 0.01%.
The diff coverage is 57.4%.

@@             Coverage Diff              @@
##             master   #28733      +/-   ##
============================================
+ Coverage     61.37%   61.39%   +0.01%     
- Complexity    17436    17472      +36     
============================================
  Files          1042     1044       +2     
  Lines         57630    57695      +65     
============================================
+ Hits          35368    35419      +51     
- Misses        22262    22276      +14

Impacted Files	Coverage Δ	Complexity Δ
core/Application.php	27% <0%> (-0.73%)	2 <0> (ø)
lib/private/legacy/api.php	41.7% <0%> (-0.18%)	81 <0> (+1)
lib/base.php	2.68% <0%> (-0.01%)	156 <0> (+2)
ocs/v1.php	0% <0%> (ø)	0 <0> (ø)	⬇️
lib/private/App/AppManager.php	84.31% <100%> (ø)	54 <1> (ø)	⬇️
...e/AppFramework/DependencyInjection/DIContainer.php	65.13% <100%> (+0.45%)	15 <0> (ø)	⬇️
apps/dav/lib/Connector/Sabre/Auth.php	94.04% <100%> (+0.07%)	35 <0> (+1)	⬆️
lib/public/User.php	30% <100%> (ø)	10 <0> (ø)	⬇️
core/Controller/AvatarController.php	90.57% <100%> (ø)	31 <0> (ø)	⬇️
lib/private/User/Session.php	62.13% <11.53%> (-1.02%)	124 <10> (+5)
... and 6 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 91ffee2...719b5f6. Read the comment docs.

[PVince81]

PHPDoc... what's a service loader, what's a service, etc.

[PVince81]

PHPDoc, what are we loading here ? People looking at the docs of \OC::$server::load will wonder

[PVince81]

Please add missing PHPDoc then merge and backport 👍

[phil-davis]

Backport stable10 #29525

[PVince81]

Regression: #30157

[lock]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.