Skip to content

Commit

Permalink
Merge pull request #48384 from nextcloud/backport/48359/stable26
Browse files Browse the repository at this point in the history
[stable26] fix: Use placeholder for external storage password
  • Loading branch information
sorbaugh authored Oct 1, 2024
2 parents a04eb93 + 4280736 commit 8d4efca
Show file tree
Hide file tree
Showing 2 changed files with 32 additions and 17 deletions.
41 changes: 24 additions & 17 deletions .github/workflows/smb-kerberos.yml
Original file line number Diff line number Diff line change
@@ -1,42 +1,48 @@
name: Samba Kerberos SSO
on:
push:
branches:
- master
- stable*
paths:
- 'apps/files_external/**'
- '.github/workflows/smb-kerberos.yml'
pull_request:
paths:
- 'apps/files_external/**'
- '.github/workflows/smb-kerberos.yml'

concurrency:
group: smb-kerberos-${{ github.head_ref || github.run_id }}
cancel-in-progress: true

jobs:
smb-kerberos-tests:
runs-on: ubuntu-latest
runs-on: ubuntu-22.04

if: ${{ github.repository_owner != 'nextcloud-gmbh' }}

name: smb-kerberos-sso

steps:
- name: Checkout server
uses: actions/checkout@v3
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
submodules: true
- name: Checkout user_saml
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
repository: nextcloud/user_saml
path: apps/user_saml
ref: stable-5.2
- name: Pull images
run: |
docker pull icewind1991/samba-krb-test-dc
docker pull icewind1991/samba-krb-test-apache
docker pull icewind1991/samba-krb-test-client
docker pull ghcr.io/icewind1991/samba-krb-test-dc
docker pull ghcr.io/icewind1991/samba-krb-test-apache
docker pull ghcr.io/icewind1991/samba-krb-test-client
docker tag ghcr.io/icewind1991/samba-krb-test-dc icewind1991/samba-krb-test-dc
docker tag ghcr.io/icewind1991/samba-krb-test-apache icewind1991/samba-krb-test-apache
docker tag ghcr.io/icewind1991/samba-krb-test-client icewind1991/samba-krb-test-client
- name: Setup AD-DC
run: |
cp apps/files_external/tests/*.sh .
mkdir data
sudo chown -R 33 data apps config
DC_IP=$(./start-dc.sh)
./start-apache.sh $DC_IP $PWD
DC_IP=$(apps/files_external/tests/start-dc.sh)
sleep 1
apps/files_external/tests/start-apache.sh $DC_IP $PWD
echo "DC_IP=$DC_IP" >> $GITHUB_ENV
- name: Set up Nextcloud
run: |
Expand All @@ -61,14 +67,15 @@ jobs:
chmod 0777 /tmp/shared/cookies
echo "SAML login"
./client-cmd.sh ${{ env.DC_IP }} curl -c /shared/cookies/jar -s --negotiate -u testuser@DOMAIN.TEST: --delegation always http://httpd.domain.test/index.php/apps/user_saml/saml/login
apps/files_external/tests/client-cmd.sh ${{ env.DC_IP }} curl -c /shared/cookies/jar -s --negotiate -u testuser@DOMAIN.TEST: --delegation always http://httpd.domain.test/index.php/apps/user_saml/saml/login
echo "Check we are logged in"
CONTENT=$(./client-cmd.sh ${{ env.DC_IP }} curl -b /shared/cookies/jar -s --negotiate -u testuser@DOMAIN.TEST: --delegation always http://httpd.domain.test/remote.php/webdav/smb/test.txt)
CONTENT=$(apps/files_external/tests/client-cmd.sh ${{ env.DC_IP }} curl -b /shared/cookies/jar -s --negotiate -u testuser@DOMAIN.TEST: --delegation always http://httpd.domain.test/remote.php/webdav/smb/test.txt)
CONTENT=$(echo $CONTENT | head -n 1 | tr -d '[:space:]')
[[ $CONTENT == "testfile" ]]
- name: Show logs
if: failure()
run: |
docker exec --user 33 apache ./occ log:file
FILEPATH=$(docker exec --user 33 apache ./occ log:file | grep "Log file:" | cut -d' ' -f3)
echo "$FILEPATH:"
docker exec --user 33 apache cat $FILEPATH
8 changes: 8 additions & 0 deletions apps/files_external/lib/Lib/Auth/Password/GlobalAuth.php
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@
*/
class GlobalAuth extends AuthMechanism {
public const CREDENTIALS_IDENTIFIER = 'password::global';
private const PWD_PLACEHOLDER = '************************';

/** @var ICredentialsManager */
protected $credentialsManager;
Expand All @@ -59,11 +60,18 @@ public function getAuth($uid) {
'password' => ''
];
} else {
$auth['password'] = self::PWD_PLACEHOLDER;
return $auth;
}
}

public function saveAuth($uid, $user, $password) {
// Use old password if it has not changed.
if ($password === self::PWD_PLACEHOLDER) {
$auth = $this->credentialsManager->retrieve($uid, self::CREDENTIALS_IDENTIFIER);
$password = $auth['password'];
}

$this->credentialsManager->store($uid, self::CREDENTIALS_IDENTIFIER, [
'user' => $user,
'password' => $password
Expand Down

0 comments on commit 8d4efca

Please sign in to comment.