Commit cbe5c783 authored by Sigmund Augdal's avatar Sigmund Augdal

Initial commit of app password app for eske

parents
CHANGELOG
=========
Version 0.3 (Tested with OwnCloud 4.5.2)
----------------------------------------
* Fix login Issue: Javascript features +
* RewriteRule of the .httaccess avoid to redirect to apps/user_saml/auth.php. Now appinfo/ap.php do all the work and load the logic
of the auth.php
Version 0.2
-----------
* BugFix a 500 error that appeared when saml config values were not set
* Some bugfixes (typos, default settings handler) [from alenkovich]
* Code style improved [from DeepDiver1975]
Version 0.1
-----------
* Initial plugin
INTRODUCTION
============
This App provide SAML authentication support based on the simpleSAMLphp SP software.
INSTALLATION
============
PREVIOUS DEPENDENCE
-------------------
This App require a simpleSAMLphp SP installed, configured and connected to an IdP.
To learn how to do this check this documentation:
* `SimpleSAMLphp installation <http://simplesamlphp.org/docs/stable/simplesamlphp-install>`_
* `SimpleSAMLphp configuration as an SP <http://simplesamlphp.org/docs/stable/simplesamlphp-sp>`_
STEPS
-----
1. Copy the 'user_saml' folder inside the ownCloud's apps folder and give to apache server privileges on whole the folder.
2. Access to ownCloud web with an user with admin privileges.
3. Access to the Appications pannel and enable the SAML app.
4. Access to the Administration pannel and configure the SAML app.
5. Take care of session issue. ownCloud 4.5.5 and after version set for ownCloud its own session cookiename and that makes conflicts with simpleSAMLphp. There are 2 solutions for this problem:
* Set the same cookiename to simpleSAMLphp and ownCloud. Check the value of the 'instanceid' at config/config.php in ownCloud, and set the same value to the 'session.phpsession.cookiename' var of the config/config.php of simpleSAMLphp
* Use different session handler for ownCloud and simpleSAMLphp, Use memcache or SQL backend in simpleSAMLphp (http://simplesamlphp.org/docs/stable/simplesamlphp-maintenance#section_2)
EXTRA INFO
==========
* If you enable the "Autocreate user after saml login" option, then if an user does not exist, will be created. If this option is disabled and the user does not existed then the user will be not allowed to log in ownCloud.
* If you enable the "Update user data" option, when an existed user enter, then his email and groups will be updated.
By default the SAML App will unlink all the groups from a user and will provide the group defined at the groupMapping attribute. If the groupMapping is not defined
the value of the defaultGroup field will be used instead. If both are undefined, then the user will be set with no groups.
But if you configure the "protected groups" field, those groups will not be unlinked from the user.
* If you want to redirect to any specific app after force the login you can set the url param linktoapp. Also you can pass extra args to build the target url using the param linktoargs (the value must be urlencoded).
Ex. ?app=user_saml&linktoapp=files&linktoargs=file%3d%2ftest%2ftest_file.txt%26getfile%3ddownload.php
?app=user_saml&linktoapp=files&linktoargs=dir%3d%2ftest
NOTES
=====
If you had an older version of this plugin installed and the SAML link no appears at the main view, edit the index.php and set the $RUNTIME_NOAPPS to FALSE;
<?php
/**
* ownCloud - generate_pw
*
* @author Morten Knutsen <morten.knutsen@uninett.no>
* @copyright 2013 UNINETT AS
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
* License as published by the Free Software Foundation; either
* version 3 of the License, or any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
*
* You should have received a copy of the GNU Affero General Public
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
*
*/
namespace OCA\Generate_PW;
$api = new \OCA\AppFramework\Core\API('generate_pw');
$api->addNavigationEntry(array(
// the string under which your app will be referenced in owncloud
'id' => $api->getAppName(),
// sorting weight for the navigation. The higher the number, the higher
// will it be listed in the navigation
'order' => 10,
// the route that will be shown on startup
'href' => $api->linkToRoute('generate_pw_index'),
// the icon that will be shown in the navigation
'icon' => "/core/img/actions/password.svg",
// the title of your application. This will be used in the
// navigation or on the settings page of your app
'name' => $api->getTrans()->t('App password')
));
\OCP\App::registerPersonal($api->getAppName(), "hide-pwdialog");
?>
\ No newline at end of file
<?xml version="1.0"?>
<info>
<id>generate_pw</id>
<name>Password generator</name>
<description>Set and show new password</description>
<licence>AGPL</licence>
<author>Morten Knutsen @ UNINETT AS</author>
<require>4.93</require>
</info>
<?php
/**
* ownCloud - generate_pw
*
* @author Morten Knutsen <morten.knutsen@uninett.no>
* @copyright 2013 UNINETT AS
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
* License as published by the Free Software Foundation; either
* version 3 of the License, or any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
*
* You should have received a copy of the GNU Affero General Public
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
*
*/
namespace OCA\Generate_PW;
use \OCA\AppFrameWork\App;
use \OCA\Generate_PW\DependencyInjection\PWDIContainer;
$this->create('generate_pw_index', '/')->action(
function($params){
// call the index method on the class PageController
App::main('PageController', 'index', $params, new PWDIContainer());
}
);
$this->create('generate_pw_set_new_and_print' , '/new')->action(
function($params){
App::main('PageController', 'new_pw', $params, new PWDIContainer());
}
);
?>
\ No newline at end of file
<?php
/**
* ownCloud - generate_pw
*
* @author Morten Knutsen <morten.knutsen@uninett.no>
* @copyright 2013 UNINETT AS
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
* License as published by the Free Software Foundation; either
* version 3 of the License, or any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
*
* You should have received a copy of the GNU Affero General Public
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
*
*/
namespace OCA\Generate_PW\Controller;
use \OCA\AppFrameWork\Controller\Controller;
use \OCA\AppFramework\Middleware\Security\SecurityException;
use OCA\AppFramework\Http\Http;
class PageController extends Controller {
public function __construct($api, $request){
parent::__construct($api, $request);
}
/**
* @CSRFExemption
* @IsAdminExemption
* @IsSubAdminExemption
*/
public function index(){
$params = array( 'token' => \OCP\Util::callRegister() );
return $this->render('main', $params);
}
/**
* @IsAdminExemption
* @IsSubAdminExemption
*/
public function new_pw(){
if($this->api->isAdminUser($this->api->getUserId())) {
throw new SecurityException("Don't use this as admin user", false, Http::STATUS_FORBIDDEN);
}
require_once __DIR__ . '/../../../3rdparty/phpqrcode/lib/merged/phpqrcode.php';
/* Get username */
$currentuser = $this->api->getUserId();
/* Generate random pw */
$newpw = trim(exec('pwgen'));
$qr = \QRcode::svg($newpw);
$params = array ( 'newpw' => $newpw, 'qr' => $qr );
/* Set password */
\OC_User::setPassword($currentuser, $newpw);
/* Render new password */
return $this->render('display_pw', $params);
}
}
?>
\ No newline at end of file
#samlSettings fieldset{
border-bottom: 1px solid #DDD;
border-left: 1px solid #DDD;
border-right: 1px solid #DDD;
margin-bottom: 10px;
}
#samlSettings input[type="text"] {
margin-left: 15px;
width: 15em;
}
#samlSettings input[name="saml_ssp_path"] {
width: 20em;
}
<?php
/**
* ownCloud - generate_pw
*
* @author Morten Knutsen <morten.knutsen@uninett.no>
* @copyright 2013 UNINETT AS
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
* License as published by the Free Software Foundation; either
* version 3 of the License, or any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
*
* You should have received a copy of the GNU Affero General Public
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
*
*/
namespace OCA\Generate_PW\DependencyInjection;
use OCA\Generate_PW\Controller\PageController;
use OCA\AppFramework\DependencyInjection\DIContainer;
class PWDIContainer extends DIContainer {
public function __construct(){
parent::__construct('generate_pw');
// use this to specify the template directory
$this['TwigTemplateDirectory'] = __DIR__ . '/../templates';
$this['PageController'] = function($c){
return new PageController($c['API'], $c['Request']);
};
}
}
?>
\ No newline at end of file
<? \OCP\Util::addScript("generate_pw", "hide"); return ""; ?>
$(function(){$("#passwordform").hide();});
\ No newline at end of file
$(document).ready(function() {
$('#samlSettings').tabs();
});
(function() {
var saml = document.createElement('script');
saml.type = 'text/javascript';
(document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(saml);
})();
$(document).ready(function(){
var loginMsg = t('user_saml', 'Login with SAML');
$('<div id="login-saml"></div>').css({
'text-align': 'center',
}).appendTo('form');
$('<p>or</p>').css(
{
'text-align': 'center',
'font-weight': 'bolder',
'font-size' : '110%'
}).appendTo('#login-saml');
if ($('#user').val() == "") {
$('#password').parent().hide();
$('#remember_login').hide();
$('#remember_login+label').hide();
$('#submit').hide();
}
$('#user').change( function() {
if ($(this).val() !== "") {
$('#password').parent().show();
$('#remember_login').show();
$('#remember_login+label').show();
$('#submit').show();
}
else {
$('#password').parent().hide();
$('#remember_login').hide();
$('#remember_login+label').hide();
$('#submit').hide();
}
});
$('<p>Access using SAML authentication</p>').css(
{
'text-align': 'center',
'font-weight': 'bolder',
'font-size' : '110%'
}).appendTo('#login-saml');
$('<a id="login-saml-action" href="?app=user_saml" ></a>').css(
{
'text-decoration': 'none'
}).appendTo('#login-saml');
$('<img id="login-saml-img" src="' + OC.imagePath('user_saml', 'logo.jpg') + '" title="'+ loginMsg +'" alt="'+ loginMsg +'" />').css(
{
cursor : 'pointer',
border : '1px solid #777'
}).appendTo('#login-saml-action');
});
<div style="padding:10px;">
<strong>Use the following password for owncloud sync applications:</strong>
<div style="padding: 10px; background: #f8f8f8; border-radius: .5em;">{{ newpw }}</div>
You may also scan the following QR code to save some typing:<br/>
{% autoescape false %}
{{ qr }}
{% endautoescape %}
</div>
\ No newline at end of file
<form action="{{ url('generate_pw_set_new_and_print') }}" style="padding:10px;">
<fieldset style="background: #f8f8f8; border-radius: .5em;">
<legend><strong>Generate password for use with sync clients</strong></legend>
<input type="hidden" name="requesttoken" value="{{ token }}"/>
<input type="submit" value="Generate!">
</fieldset>
<strong>This will reset any previous password generated!</strong>
</form>
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment