Initial commit of the Faster IT roundcube_calendar plugin distribution

This includes:
 * Kolab plugins 3.2.9 (calendar and libcalendaring)
 * CalDAV driver 3.2.8
 * .htaccess files for at least some security
 * SabreDAV updated to 1.8.12 (Jan 2015 release)
 * Support for CURLOPT_SSL_* settings to allow self-signed certificates
 * Small fixes & improved documentation

7 files changed, 541 insertions, 0 deletions

diff --git a/calendar/lib/SabreDAV/lib/OldSabre/DAV/Auth/Backend/AbstractBasic.php b/calendar/lib/SabreDAV/lib/OldSabre/DAV/Auth/Backend/AbstractBasic.php
new file mode 100644
index 0000000..986bc04
--- /dev/null
+++ b/calendar/lib/SabreDAV/lib/OldSabre/DAV/Auth/Backend/AbstractBasic.php
@@ -0,0 +1,87 @@
+<?php
+
+namespace OldSabre\DAV\Auth\Backend;
+
+use OldSabre\DAV;
+use OldSabre\HTTP;
+
+/**
+ * HTTP Basic authentication backend class
+ *
+ * This class can be used by authentication objects wishing to use HTTP Basic
+ * Most of the digest logic is handled, implementors just need to worry about
+ * the validateUserPass method.
+ *
+ * @copyright Copyright (C) 2007-2015 fruux GmbH (https://fruux.com/).
+ * @author James David Low (http://jameslow.com/)
+ * @author Evert Pot (http://evertpot.com/)
+ * @license http://sabre.io/license/ Modified BSD License
+ */
+abstract class AbstractBasic implements BackendInterface {
+
+    /**
+     * This variable holds the currently logged in username.
+     *
+     * @var string|null
+     */
+    protected $currentUser;
+
+    /**
+     * Validates a username and password
+     *
+     * This method should return true or false depending on if login
+     * succeeded.
+     *
+     * @param string $username
+     * @param string $password
+     * @return bool
+     */
+    abstract protected function validateUserPass($username, $password);
+
+    /**
+     * Returns information about the currently logged in username.
+     *
+     * If nobody is currently logged in, this method should return null.
+     *
+     * @return string|null
+     */
+    public function getCurrentUser() {
+        return $this->currentUser;
+    }
+
+
+    /**
+     * Authenticates the user based on the current request.
+     *
+     * If authentication is successful, true must be returned.
+     * If authentication fails, an exception must be thrown.
+     *
+     * @param DAV\Server $server
+     * @param string $realm
+     * @throws DAV\Exception\NotAuthenticated
+     * @return bool
+     */
+    public function authenticate(DAV\Server $server, $realm) {
+
+        $auth = new HTTP\BasicAuth();
+        $auth->setHTTPRequest($server->httpRequest);
+        $auth->setHTTPResponse($server->httpResponse);
+        $auth->setRealm($realm);
+        $userpass = $auth->getUserPass();
+        if (!$userpass) {
+            $auth->requireLogin();
+            throw new DAV\Exception\NotAuthenticated('No basic authentication headers were found');
+        }
+
+        // Authenticates the user
+        if (!$this->validateUserPass($userpass[0],$userpass[1])) {
+            $auth->requireLogin();
+            throw new DAV\Exception\NotAuthenticated('Username or password does not match');
+        }
+        $this->currentUser = $userpass[0];
+        return true;
+    }
+
+
+}
+
diff --git a/calendar/lib/SabreDAV/lib/OldSabre/DAV/Auth/Backend/AbstractDigest.php b/calendar/lib/SabreDAV/lib/OldSabre/DAV/Auth/Backend/AbstractDigest.php
new file mode 100644
index 0000000..9513493
--- /dev/null
+++ b/calendar/lib/SabreDAV/lib/OldSabre/DAV/Auth/Backend/AbstractDigest.php
@@ -0,0 +1,101 @@
+<?php
+
+namespace OldSabre\DAV\Auth\Backend;
+
+use OldSabre\HTTP;
+use OldSabre\DAV;
+
+/**
+ * HTTP Digest authentication backend class
+ *
+ * This class can be used by authentication objects wishing to use HTTP Digest
+ * Most of the digest logic is handled, implementors just need to worry about
+ * the getDigestHash method
+ *
+ * @copyright Copyright (C) 2007-2015 fruux GmbH (https://fruux.com/).
+ * @author Evert Pot (http://evertpot.com/)
+ * @license http://sabre.io/license/ Modified BSD License
+ */
+abstract class AbstractDigest implements BackendInterface {
+
+    /**
+     * This variable holds the currently logged in username.
+     *
+     * @var array|null
+     */
+    protected $currentUser;
+
+    /**
+     * Returns a users digest hash based on the username and realm.
+     *
+     * If the user was not known, null must be returned.
+     *
+     * @param string $realm
+     * @param string $username
+     * @return string|null
+     */
+    abstract public function getDigestHash($realm, $username);
+
+    /**
+     * Authenticates the user based on the current request.
+     *
+     * If authentication is successful, true must be returned.
+     * If authentication fails, an exception must be thrown.
+     *
+     * @param DAV\Server $server
+     * @param string $realm
+     * @throws DAV\Exception\NotAuthenticated
+     * @return bool
+     */
+    public function authenticate(DAV\Server $server, $realm) {
+
+        $digest = new HTTP\DigestAuth();
+
+        // Hooking up request and response objects
+        $digest->setHTTPRequest($server->httpRequest);
+        $digest->setHTTPResponse($server->httpResponse);
+
+        $digest->setRealm($realm);
+        $digest->init();
+
+        $username = $digest->getUsername();
+
+        // No username was given
+        if (!$username) {
+            $digest->requireLogin();
+            throw new DAV\Exception\NotAuthenticated('No digest authentication headers were found');
+        }
+
+        $hash = $this->getDigestHash($realm, $username);
+        // If this was false, the user account didn't exist
+        if ($hash===false || is_null($hash)) {
+            $digest->requireLogin();
+            throw new DAV\Exception\NotAuthenticated('The supplied username was not on file');
+        }
+        if (!is_string($hash)) {
+            throw new DAV\Exception('The returned value from getDigestHash must be a string or null');
+        }
+
+        // If this was false, the password or part of the hash was incorrect.
+        if (!$digest->validateA1($hash)) {
+            $digest->requireLogin();
+            throw new DAV\Exception\NotAuthenticated('Incorrect username');
+        }
+
+        $this->currentUser = $username;
+        return true;
+
+    }
+
+    /**
+     * Returns the currently logged in username.
+     *
+     * @return string|null
+     */
+    public function getCurrentUser() {
+
+        return $this->currentUser;
+
+    }
+
+}
diff --git a/calendar/lib/SabreDAV/lib/OldSabre/DAV/Auth/Backend/Apache.php b/calendar/lib/SabreDAV/lib/OldSabre/DAV/Auth/Backend/Apache.php
new file mode 100644
index 0000000..79d94af
--- /dev/null
+++ b/calendar/lib/SabreDAV/lib/OldSabre/DAV/Auth/Backend/Apache.php
@@ -0,0 +1,63 @@
+<?php
+
+namespace OldSabre\DAV\Auth\Backend;
+use OldSabre\DAV;
+
+/**
+ * Apache authenticator
+ *
+ * This authentication backend assumes that authentication has been
+ * configured in apache, rather than within SabreDAV.
+ *
+ * Make sure apache is properly configured for this to work.
+ *
+ * @copyright Copyright (C) 2007-2015 fruux GmbH (https://fruux.com/).
+ * @author Evert Pot (http://evertpot.com/)
+ * @license http://sabre.io/license/ Modified BSD License
+ */
+class Apache implements BackendInterface {
+
+    /**
+     * Current apache user
+     *
+     * @var string
+     */
+    protected $remoteUser;
+
+    /**
+     * Authenticates the user based on the current request.
+     *
+     * If authentication is successful, true must be returned.
+     * If authentication fails, an exception must be thrown.
+     *
+     * @param DAV\Server $server
+     * @param string $realm
+     * @return bool
+     */
+    public function authenticate(DAV\Server $server, $realm) {
+
+        $remoteUser = $server->httpRequest->getRawServerValue('REMOTE_USER');
+        if (is_null($remoteUser)) {
+            throw new DAV\Exception('We did not receive the $_SERVER[REMOTE_USER] property. This means that apache might have been misconfigured');
+        }
+
+        $this->remoteUser = $remoteUser;
+        return true;
+
+    }
+
+    /**
+     * Returns information about the currently logged in user.
+     *
+     * If nobody is currently logged in, this method should return null.
+     *
+     * @return array|null
+     */
+    public function getCurrentUser() {
+
+        return $this->remoteUser;
+
+    }
+
+}
+
diff --git a/calendar/lib/SabreDAV/lib/OldSabre/DAV/Auth/Backend/BackendInterface.php b/calendar/lib/SabreDAV/lib/OldSabre/DAV/Auth/Backend/BackendInterface.php
new file mode 100644
index 0000000..91241ab
--- /dev/null
+++ b/calendar/lib/SabreDAV/lib/OldSabre/DAV/Auth/Backend/BackendInterface.php
@@ -0,0 +1,36 @@
+<?php
+
+namespace OldSabre\DAV\Auth\Backend;
+
+/**
+ * This is the base class for any authentication object.
+ *
+ * @copyright Copyright (C) 2007-2015 fruux GmbH (https://fruux.com/).
+ * @author Evert Pot (http://evertpot.com/)
+ * @license http://sabre.io/license/ Modified BSD License
+ */
+interface BackendInterface {
+
+    /**
+     * Authenticates the user based on the current request.
+     *
+     * If authentication is successful, true must be returned.
+     * If authentication fails, an exception must be thrown.
+     *
+     * @param \OldSabre\DAV\Server $server
+     * @param string $realm
+     * @return bool
+     */
+    function authenticate(\OldSabre\DAV\Server $server,$realm);
+
+    /**
+     * Returns information about the currently logged in username.
+     *
+     * If nobody is currently logged in, this method should return null.
+     *
+     * @return string|null
+     */
+    function getCurrentUser();
+
+}
+
diff --git a/calendar/lib/SabreDAV/lib/OldSabre/DAV/Auth/Backend/File.php b/calendar/lib/SabreDAV/lib/OldSabre/DAV/Auth/Backend/File.php
new file mode 100644
index 0000000..8710832
--- /dev/null
+++ b/calendar/lib/SabreDAV/lib/OldSabre/DAV/Auth/Backend/File.php
@@ -0,0 +1,77 @@
+<?php
+
+namespace OldSabre\DAV\Auth\Backend;
+
+use OldSabre\DAV;
+
+/**
+ * This is an authentication backend that uses a file to manage passwords.
+ *
+ * The backend file must conform to Apache's htdigest format
+ *
+ * @copyright Copyright (C) 2007-2015 fruux GmbH (https://fruux.com/).
+ * @author Evert Pot (http://evertpot.com/)
+ * @license http://sabre.io/license/ Modified BSD License
+ */
+class File extends AbstractDigest {
+
+    /**
+     * List of users
+     *
+     * @var array
+     */
+    protected $users = array();
+
+    /**
+     * Creates the backend object.
+     *
+     * If the filename argument is passed in, it will parse out the specified file fist.
+     *
+     * @param string|null $filename
+     */
+    public function __construct($filename=null) {
+
+        if (!is_null($filename))
+            $this->loadFile($filename);
+
+    }
+
+    /**
+     * Loads an htdigest-formatted file. This method can be called multiple times if
+     * more than 1 file is used.
+     *
+     * @param string $filename
+     * @return void
+     */
+    public function loadFile($filename) {
+
+        foreach(file($filename,FILE_IGNORE_NEW_LINES) as $line) {
+
+            if (substr_count($line, ":") !== 2)
+                throw new DAV\Exception('Malformed htdigest file. Every line should contain 2 colons');
+
+            list($username,$realm,$A1) = explode(':',$line);
+
+            if (!preg_match('/^[a-zA-Z0-9]{32}$/', $A1))
+                throw new DAV\Exception('Malformed htdigest file. Invalid md5 hash');
+
+            $this->users[$realm . ':' . $username] = $A1;
+
+        }
+
+    }
+
+    /**
+     * Returns a users' information
+     *
+     * @param string $realm
+     * @param string $username
+     * @return string
+     */
+    public function getDigestHash($realm, $username) {
+
+        return isset($this->users[$realm . ':' . $username])?$this->users[$realm . ':' . $username]:false;
+
+    }
+
+}
diff --git a/calendar/lib/SabreDAV/lib/OldSabre/DAV/Auth/Backend/PDO.php b/calendar/lib/SabreDAV/lib/OldSabre/DAV/Auth/Backend/PDO.php
new file mode 100644
index 0000000..0b8b2be
--- /dev/null
+++ b/calendar/lib/SabreDAV/lib/OldSabre/DAV/Auth/Backend/PDO.php
@@ -0,0 +1,65 @@
+<?php
+
+namespace OldSabre\DAV\Auth\Backend;
+
+/**
+ * This is an authentication backend that uses a file to manage passwords.
+ *
+ * The backend file must conform to Apache's htdigest format
+ *
+ * @copyright Copyright (C) 2007-2015 fruux GmbH (https://fruux.com/).
+ * @author Evert Pot (http://evertpot.com/)
+ * @license http://sabre.io/license/ Modified BSD License
+ */
+class PDO extends AbstractDigest {
+
+    /**
+     * Reference to PDO connection
+     *
+     * @var PDO
+     */
+    protected $pdo;
+
+    /**
+     * PDO table name we'll be using
+     *
+     * @var string
+     */
+    protected $tableName;
+
+
+    /**
+     * Creates the backend object.
+     *
+     * If the filename argument is passed in, it will parse out the specified file fist.
+     *
+     * @param PDO $pdo
+     * @param string $tableName The PDO table name to use
+     */
+    public function __construct(\PDO $pdo, $tableName = 'users') {
+
+        $this->pdo = $pdo;
+        $this->tableName = $tableName;
+
+    }
+
+    /**
+     * Returns the digest hash for a user.
+     *
+     * @param string $realm
+     * @param string $username
+     * @return string|null
+     */
+    public function getDigestHash($realm,$username) {
+
+        $stmt = $this->pdo->prepare('SELECT username, digesta1 FROM '.$this->tableName.' WHERE username = ?');
+        $stmt->execute(array($username));
+        $result = $stmt->fetchAll();
+
+        if (!count($result)) return;
+
+        return $result[0]['digesta1'];
+
+    }
+
+}
diff --git a/calendar/lib/SabreDAV/lib/OldSabre/DAV/Auth/Plugin.php b/calendar/lib/SabreDAV/lib/OldSabre/DAV/Auth/Plugin.php
new file mode 100644
index 0000000..17106cb
--- /dev/null
+++ b/calendar/lib/SabreDAV/lib/OldSabre/DAV/Auth/Plugin.php
@@ -0,0 +1,112 @@
+<?php
+
+namespace OldSabre\DAV\Auth;
+use OldSabre\DAV;
+
+/**
+ * This plugin provides Authentication for a WebDAV server.
+ *
+ * It relies on a Backend object, which provides user information.
+ *
+ * Additionally, it provides support for:
+ *  * {DAV:}current-user-principal property from RFC5397
+ *  * {DAV:}principal-collection-set property from RFC3744
+ *
+ * @copyright Copyright (C) 2007-2015 fruux GmbH (https://fruux.com/).
+ * @author Evert Pot (http://evertpot.com/)
+ * @license http://sabre.io/license/ Modified BSD License
+ */
+class Plugin extends DAV\ServerPlugin {
+
+    /**
+     * Reference to main server object
+     *
+     * @var OldSabre\DAV\Server
+     */
+    protected $server;
+
+    /**
+     * Authentication backend
+     *
+     * @var Backend\BackendInterface
+     */
+    protected $authBackend;
+
+    /**
+     * The authentication realm.
+     *
+     * @var string
+     */
+    private $realm;
+
+    /**
+     * __construct
+     *
+     * @param Backend\BackendInterface $authBackend
+     * @param string $realm
+     */
+    public function __construct(Backend\BackendInterface $authBackend, $realm) {
+
+        $this->authBackend = $authBackend;
+        $this->realm = $realm;
+
+    }
+
+    /**
+     * Initializes the plugin. This function is automatically called by the server
+     *
+     * @param DAV\Server $server
+     * @return void
+     */
+    public function initialize(DAV\Server $server) {
+
+        $this->server = $server;
+        $this->server->subscribeEvent('beforeMethod',array($this,'beforeMethod'),10);
+
+    }
+
+    /**
+     * Returns a plugin name.
+     *
+     * Using this name other plugins will be able to access other plugins
+     * using DAV\Server::getPlugin
+     *
+     * @return string
+     */
+    public function getPluginName() {
+
+        return 'auth';
+
+    }
+
+    /**
+     * Returns the current users' principal uri.
+     *
+     * If nobody is logged in, this will return null.
+     *
+     * @return string|null
+     */
+    public function getCurrentUser() {
+
+        $userInfo = $this->authBackend->getCurrentUser();
+        if (!$userInfo) return null;
+
+        return $userInfo;
+
+    }
+
+    /**
+     * This method is called before any HTTP method and forces users to be authenticated
+     *
+     * @param string $method
+     * @param string $uri
+     * @throws OldSabre\DAV\Exception\NotAuthenticated
+     * @return bool
+     */
+    public function beforeMethod($method, $uri) {
+
+        $this->authBackend->authenticate($this->server,$this->realm);
+
+    }
+
+}