Allow SSO authentication to provide a user secret

Implementing PR #24837 from immerda Signed-off-by: MichaIng <[email protected]>
nextcloud · Jul 12, 2021 · ad36b8c · ad36b8c
1 parent bf4c0c7
commit ad36b8c
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 2 deletions.
diff --git a/lib/private/legacy/OC_User.php b/lib/private/legacy/OC_User.php
@@ -172,7 +172,9 @@ public static function loginWithApache(\OCP\Authentication\IApacheBackend $backe
 				$userSession = \OC::$server->getUserSession();
 				$userSession->setLoginName($uid);
 				$request = OC::$server->getRequest();
-				$userSession->createSessionToken($request, $uid, $uid);
+				$secret = $backend->getCurrentUserSecret();
+				$userSession->createSessionToken($request, $uid, $uid, $secret);
+				$pw = $secret === null ? '' : $secret;
 				// setup the filesystem
 				OC_Util::setupFS($uid);
 				// first call the post_login hooks, the login-process needs to be
@@ -184,7 +186,7 @@ public static function loginWithApache(\OCP\Authentication\IApacheBackend $backe
 					'post_login',
 					[
 						'uid' => $uid,
-						'password' => '',
+						'password' => $pw,
 						'isTokenLogin' => false,
 					]
 				);

diff --git a/lib/public/Authentication/IApacheBackend.php b/lib/public/Authentication/IApacheBackend.php
@@ -56,4 +56,12 @@ public function getLogoutUrl();
 	 * @since 6.0.0
 	 */
 	public function getCurrentUserId();
+
+	/**
+	 * Optionally returns a stable per-user secret. This secret is for
+	 * instance used to secure file encryption keys.
+	 * @return string|null
+	 * @since 21.0.0
+	 */
+	public function getCurrentUserSecret();
 }