android/app/src/main/java/com/owncloud/android/operations/DetectAuthenticationMethodOperation.java at bcea3d6a5addbfa1fbf7949900c157b76d50346d · nextcloud/android · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
/*
 * Nextcloud - Android Client
 *
 * SPDX-FileCopyrightText: 2017-2019 Tobias Kaminsky <tobias@kaminsky.me>
 * SPDX-FileCopyrightText: 2016-2017 Andy Scherzinger <info@andy-scherzinger.de>
 * SPDX-FileCopyrightText: 2015 ownCloud Inc.
 * SPDX-FileCopyrightText: 2014 David A. Velasco <dvelasco@solidgear.es>
 * SPDX-License-Identifier: GPL-2.0-only AND (AGPL-3.0-or-later OR GPL-2.0-only)
 */
package com.owncloud.android.operations;

import android.content.Context;
import android.net.Uri;
import android.text.TextUtils;

import com.owncloud.android.lib.common.OwnCloudClient;
import com.owncloud.android.lib.common.operations.RemoteOperation;
import com.owncloud.android.lib.common.operations.RemoteOperationResult;
import com.owncloud.android.lib.common.utils.Log_OC;
import com.owncloud.android.lib.resources.files.ExistenceCheckRemoteOperation;

import org.apache.commons.httpclient.Header;
import org.apache.commons.httpclient.HttpStatus;

import java.util.ArrayList;
import java.util.Locale;

/**
 * Operation to find out what authentication method requires the server to access files.
 *
 * Basically, tries to access to the root folder without authorization and analyzes the response.
 *
 * When successful, the instance of {@link RemoteOperationResult} passed through
 * {@link com.owncloud.android.lib.common.operations.OnRemoteOperationListener
 * #onRemoteOperationFinish(RemoteOperation, RemoteOperationResult)} returns in
 * {@link RemoteOperationResult#getData()} a value of {@link AuthenticationMethod}.
 */
public class DetectAuthenticationMethodOperation extends RemoteOperation {

    private static final String TAG = DetectAuthenticationMethodOperation.class.getSimpleName();

    public enum AuthenticationMethod {
        UNKNOWN,
        NONE,
        BASIC_HTTP_AUTH,
        SAML_WEB_SSO,
        BEARER_TOKEN
    }

    private Context mContext;

    /**
     * Constructor
     *
     * @param context Android context of the caller.
     */
    public DetectAuthenticationMethodOperation(Context context) {
        mContext = context;
    }


    /**
     *  Performs the operation.
     *
     *  Triggers a check of existence on the root folder of the server, granting
     *  that the request is not authenticated.
     *
     *  Analyzes the result of check to find out what authentication method, if
     *  any, is requested by the server.
     */
    @Override
    protected RemoteOperationResult run(OwnCloudClient client) {
        AuthenticationMethod authMethod = AuthenticationMethod.UNKNOWN;

        final var operation = new ExistenceCheckRemoteOperation("", false);
        client.clearCredentials();
        client.setFollowRedirects(false);

        // try to access the root folder, following redirections but not SAML SSO redirections
        var result = operation.execute(client);
        String redirectedLocation = result.getRedirectedLocation();
        while (!TextUtils.isEmpty(redirectedLocation) && !result.isIdPRedirection()) {
            client.setBaseUri(Uri.parse(result.getRedirectedLocation()));
            result = operation.execute(client);
            redirectedLocation = result.getRedirectedLocation();
        }

        // analyze response
        if (result.getHttpCode() == HttpStatus.SC_UNAUTHORIZED || result.getHttpCode() == HttpStatus.SC_FORBIDDEN) {
            ArrayList<String> authHeaders = result.getAuthenticateHeaders();

            for (String header : authHeaders) {
                // currently we only support basic auth
                if (header.toLowerCase(Locale.ROOT).contains("basic")) {
                    authMethod = AuthenticationMethod.BASIC_HTTP_AUTH;
                    break;
                }
            }
            // else - fall back to UNKNOWN

        } else if (result.isSuccess()) {
            authMethod = AuthenticationMethod.NONE;

        } else if (result.isIdPRedirection()) {
            authMethod = AuthenticationMethod.SAML_WEB_SSO;
        }
        // else - fall back to UNKNOWN
        Log_OC.d(TAG, "Authentication method found: " + authenticationMethodToString(authMethod));

        if (authMethod != AuthenticationMethod.UNKNOWN) {
            result = new RemoteOperationResult(true, result.getHttpCode(), result.getHttpPhrase(), new Header[0]);
        }
        ArrayList<Object> data = new ArrayList<>();
        data.add(authMethod);
        result.setData(data);
        return result;  // same result instance, so that other errors
        // can be handled by the caller transparently
    }

    private String authenticationMethodToString(AuthenticationMethod value) {
        return switch (value) {
            case NONE -> "NONE";
            case BASIC_HTTP_AUTH -> "BASIC_HTTP_AUTH";
            case BEARER_TOKEN -> "BEARER_TOKEN";
            case SAML_WEB_SSO -> "SAML_WEB_SSO";
            default -> "UNKNOWN";
        };
    }

}