throw PasswordLoginForbidden on DAV

5a8cfab6 · Christoph Wurst · 82b50d12 · 5a8cfab6 · 5a8cfab6 · 5a8cfab6
Unverified Commit 5a8cfab6 authored Jun 17, 2016 by Christoph Wurst
--- a/apps/dav/lib/Connector/Sabre/Auth.php
+++ b/apps/dav/lib/Connector/Sabre/Auth.php
@@ -34,6 +34,7 @@ use OC\AppFramework\Http\Request;
 use OC\Authentication\Exceptions\PasswordLoginForbiddenException;
 use OC\Authentication\TwoFactorAuth\Manager;
 use OC\User\Session;
+use OCA\DAV\Connector\Sabre\Exception\PasswordLoginForbidden;
 use OCP\IRequest;
 use OCP\ISession;
 use Sabre\DAV\Auth\Backend\AbstractBasic;
@@ -127,9 +128,8 @@ class Auth extends AbstractBasic {
 					return false;
 				}
 			} catch (PasswordLoginForbiddenException $ex) {
-				// TODO: throw sabre exception
 				$this->session->close();
-				return false;
+				throw new PasswordLoginForbidden();
 			}
 		}
 	}

--- a/apps/dav/lib/Connector/Sabre/Exception/PasswordLoginForbidden.php
+++ b/apps/dav/lib/Connector/Sabre/Exception/PasswordLoginForbidden.php
+<?php
+
+/**
+ * @author Christoph Wurst <christoph@owncloud.com>
+ *
+ * @copyright Copyright (c) 2016, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+namespace OCA\DAV\Connector\Sabre\Exception;
+
+use DOMElement;
+use Sabre\DAV\Exception;
+use Sabre\DAV\Server;
+
+class PasswordLoginForbidden extends Exception {
+
+	const NS_OWNCLOUD = 'http://owncloud.org/ns';
+
+	public function getHTTPCode() {
+		return 401;
+	}
+
+	/**
+	 * This method allows the exception to include additional information
+	 * into the WebDAV error response
+	 *
+	 * @param Server $server
+	 * @param DOMElement $errorNode
+	 * @return void
+	 */
+	public function serialize(Server $server, DOMElement $errorNode) {
+
+		// set ownCloud namespace
+		$errorNode->setAttribute('xmlns:o', self::NS_OWNCLOUD);
+
+		$error = $errorNode->ownerDocument->createElementNS('o:', 'o:hint', 'password login forbidden');
+		$errorNode->appendChild($error);
+	}
+
+}
--- a/apps/dav/tests/unit/Connector/Sabre/AuthTest.php
+++ b/apps/dav/tests/unit/Connector/Sabre/AuthTest.php
@@ -208,6 +208,9 @@ class AuthTest extends TestCase {
 		$this->assertFalse($this->invokePrivate($this->auth, 'validateUserPass', ['MyTestUser', 'MyTestPassword']));
 	}

+	/**
+	 * @expectedException \OCA\DAV\Connector\Sabre\Exception\PasswordLoginForbidden
+	 */
 	public function testValidateUserPassWithPasswordLoginForbidden() {
 		$this->userSession
 			->expects($this->once())
@@ -222,7 +225,7 @@ class AuthTest extends TestCase {
 			->expects($this->once())
 			->method('close');

-		$this->assertFalse($this->invokePrivate($this->auth, 'validateUserPass', ['MyTestUser', 'MyTestPassword']));
+		$this->invokePrivate($this->auth, 'validateUserPass', ['MyTestUser', 'MyTestPassword']);
 	}

 	public function testAuthenticateAlreadyLoggedInWithoutCsrfTokenForNonGet() {