зеркало из https://github.com/nextcloud/server.git
Add identity proof
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
This commit is contained in:
Lukas Reschke
Roeland Jago Douma
Родитель
53c8391e96
Коммит
6f4cb12be2
|
|
@ -30,7 +30,10 @@
|
||||||
|
|
||||||
namespace OC\Core;
|
namespace OC\Core;
|
||||||
|
|
||||||
|
use OC\AppFramework\Utility\SimpleContainer;
|
||||||
|
use OC\Security\IdentityProof\Manager;
|
||||||
use OCP\AppFramework\App;
|
use OCP\AppFramework\App;
|
||||||
|
use OCP\Files\IAppData;
|
||||||
use OCP\Util;
|
use OCP\Util;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
@ -45,8 +48,14 @@ class Application extends App {
|
||||||
|
|
||||||
$container = $this->getContainer();
|
$container = $this->getContainer();
|
||||||
|
|
||||||
$container->registerService('defaultMailAddress', function() {
|
$container->registerService('defaultMailAddress', function () {
|
||||||
return Util::getDefaultEmailAddress('lostpassword-noreply');
|
return Util::getDefaultEmailAddress('lostpassword-noreply');
|
||||||
});
|
});
|
||||||
|
$container->registerService(Manager::class, function () {
|
||||||
|
return new Manager(
|
||||||
|
\OC::$server->getAppDataDir('identityproof'),
|
||||||
|
\OC::$server->getCrypto()
|
||||||
|
);
|
||||||
|
});
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -23,6 +23,7 @@ namespace OC\Core\Controller;
|
||||||
|
|
||||||
use OC\CapabilitiesManager;
|
use OC\CapabilitiesManager;
|
||||||
use OC\Security\Bruteforce\Throttler;
|
use OC\Security\Bruteforce\Throttler;
|
||||||
|
use OC\Security\IdentityProof\Manager;
|
||||||
use OCP\AppFramework\Http\DataResponse;
|
use OCP\AppFramework\Http\DataResponse;
|
||||||
use OCP\IRequest;
|
use OCP\IRequest;
|
||||||
use OCP\IUserManager;
|
use OCP\IUserManager;
|
||||||
|
|
@ -32,13 +33,12 @@ class OCSController extends \OCP\AppFramework\OCSController {
|
||||||
|
|
||||||
/** @var CapabilitiesManager */
|
/** @var CapabilitiesManager */
|
||||||
private $capabilitiesManager;
|
private $capabilitiesManager;
|
||||||
|
|
||||||
/** @var IUserSession */
|
/** @var IUserSession */
|
||||||
private $userSession;
|
private $userSession;
|
||||||
|
|
||||||
/** @var IUserManager */
|
/** @var IUserManager */
|
||||||
private $userManager;
|
private $userManager;
|
||||||
|
/** @var Manager */
|
||||||
|
private $keyManager;
|
||||||
/** @var Throttler */
|
/** @var Throttler */
|
||||||
private $throttler;
|
private $throttler;
|
||||||
|
|
||||||
|
|
@ -51,19 +51,21 @@ class OCSController extends \OCP\AppFramework\OCSController {
|
||||||
* @param IUserSession $userSession
|
* @param IUserSession $userSession
|
||||||
* @param IUserManager $userManager
|
* @param IUserManager $userManager
|
||||||
* @param Throttler $throttler
|
* @param Throttler $throttler
|
||||||
|
* @param Manager $keyManager
|
||||||
*/
|
*/
|
||||||
public function __construct($appName,
|
public function __construct($appName,
|
||||||
IRequest $request,
|
IRequest $request,
|
||||||
CapabilitiesManager $capabilitiesManager,
|
CapabilitiesManager $capabilitiesManager,
|
||||||
IUserSession $userSession,
|
IUserSession $userSession,
|
||||||
IUserManager $userManager,
|
IUserManager $userManager,
|
||||||
Throttler $throttler) {
|
Throttler $throttler,
|
||||||
|
Manager $keyManager) {
|
||||||
parent::__construct($appName, $request);
|
parent::__construct($appName, $request);
|
||||||
|
|
||||||
$this->capabilitiesManager = $capabilitiesManager;
|
$this->capabilitiesManager = $capabilitiesManager;
|
||||||
$this->userSession = $userSession;
|
$this->userSession = $userSession;
|
||||||
$this->userManager = $userManager;
|
$this->userManager = $userManager;
|
||||||
$this->throttler = $throttler;
|
$this->throttler = $throttler;
|
||||||
|
$this->keyManager = $keyManager;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
@ -139,4 +141,24 @@ class OCSController extends \OCP\AppFramework\OCSController {
|
||||||
}
|
}
|
||||||
return new DataResponse(null, 101);
|
return new DataResponse(null, 101);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @PublicPage
|
||||||
|
*
|
||||||
|
* @param string $cloudId
|
||||||
|
* @return DataResponse
|
||||||
|
*/
|
||||||
|
public function getIdentityProof($cloudId) {
|
||||||
|
$userObject = $this->userManager->get($cloudId);
|
||||||
|
|
||||||
|
if($cloudId !== null) {
|
||||||
|
$key = $this->keyManager->getKey($userObject);
|
||||||
|
$data = [
|
||||||
|
'public' => $key->getPublic(),
|
||||||
|
];
|
||||||
|
return new DataResponse($data);
|
||||||
|
}
|
||||||
|
|
||||||
|
return new DataResponse(101);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -61,6 +61,7 @@ $application->registerRoutes($this, [
|
||||||
['root' => '/cloud', 'name' => 'OCS#getCurrentUser', 'url' => '/user', 'verb' => 'GET'],
|
['root' => '/cloud', 'name' => 'OCS#getCurrentUser', 'url' => '/user', 'verb' => 'GET'],
|
||||||
['root' => '', 'name' => 'OCS#getConfig', 'url' => '/config', 'verb' => 'GET'],
|
['root' => '', 'name' => 'OCS#getConfig', 'url' => '/config', 'verb' => 'GET'],
|
||||||
['root' => '/person', 'name' => 'OCS#personCheck', 'url' => '/check', 'verb' => 'POST'],
|
['root' => '/person', 'name' => 'OCS#personCheck', 'url' => '/check', 'verb' => 'POST'],
|
||||||
|
['root' => '/identityproof', 'name' => 'OCS#getIdentityProof', 'url' => '/key/{cloudId}', 'verb' => 'GET'],
|
||||||
],
|
],
|
||||||
]);
|
]);
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -22,13 +22,12 @@
|
||||||
namespace OC\Security\IdentityProof;
|
namespace OC\Security\IdentityProof;
|
||||||
|
|
||||||
use OCP\Files\IAppData;
|
use OCP\Files\IAppData;
|
||||||
use OCP\Files\SimpleFS\ISimpleFolder;
|
|
||||||
use OCP\IUser;
|
use OCP\IUser;
|
||||||
use OCP\Security\ICrypto;
|
use OCP\Security\ICrypto;
|
||||||
|
|
||||||
class Manager {
|
class Manager {
|
||||||
/** @var ISimpleFolder */
|
/** @var IAppData */
|
||||||
private $folder;
|
private $appData;
|
||||||
/** @var ICrypto */
|
/** @var ICrypto */
|
||||||
private $crypto;
|
private $crypto;
|
||||||
|
|
||||||
|
|
@ -38,7 +37,7 @@ class Manager {
|
||||||
*/
|
*/
|
||||||
public function __construct(IAppData $appData,
|
public function __construct(IAppData $appData,
|
||||||
ICrypto $crypto) {
|
ICrypto $crypto) {
|
||||||
$this->folder = $appData->getFolder('identityproof');
|
$this->appData = $appData;
|
||||||
$this->crypto = $crypto;
|
$this->crypto = $crypto;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -64,9 +63,9 @@ class Manager {
|
||||||
$publicKey = $publicKey['key'];
|
$publicKey = $publicKey['key'];
|
||||||
|
|
||||||
// Write the private and public key to the disk
|
// Write the private and public key to the disk
|
||||||
$this->folder->newFile($user->getUID() . '.private')
|
$this->appData->getFolder($user->getUID())->newFile('private')
|
||||||
->putContent($this->crypto->encrypt($privateKey));
|
->putContent($this->crypto->encrypt($privateKey));
|
||||||
$this->folder->newFile($user->getUID() . '.public')
|
$this->appData->getFolder($user->getUID())->newFile('public')
|
||||||
->putContent($publicKey);
|
->putContent($publicKey);
|
||||||
|
|
||||||
return new Key($publicKey, $privateKey);
|
return new Key($publicKey, $privateKey);
|
||||||
|
|
@ -80,8 +79,8 @@ class Manager {
|
||||||
*/
|
*/
|
||||||
public function getKey(IUser $user) {
|
public function getKey(IUser $user) {
|
||||||
try {
|
try {
|
||||||
$privateKey = $this->crypto->decrypt($this->folder->getFile($user->getUID() . '.private')->getContent());
|
$privateKey = $this->crypto->decrypt($this->appData->getFolder($user->getUID())->getFile('private')->getContent());
|
||||||
$publicKey = $this->folder->getFile($user->getUID() . '.public')->getContent();
|
$publicKey = $this->appData->getFolder($user->getUID())->getFile('public')->getContent();
|
||||||
return new Key($publicKey, $privateKey);
|
return new Key($publicKey, $privateKey);
|
||||||
} catch (\Exception $e) {
|
} catch (\Exception $e) {
|
||||||
return $this->generateKey($user);
|
return $this->generateKey($user);
|
||||||
|
|
|
||||||
Загрузка…
Ссылка в новой задаче