Last active
December 8, 2020 14:11
-
-
Save seanschneeweiss/7c8688a1d1f207fe834d9435e70028af to your computer and use it in GitHub Desktop.
Nextcloud auto login (SAML/SSO) and webdav mapping
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Connect Nextcloud Webdav with app password from autologin | |
| function Write-Log { | |
| Param($messageToOut) | |
| $message = ('time="{0}" msg="{1}"' -f @((Get-Date -Format o), $messageToOut)) | |
| Write-Host $message | |
| $logFile = ($env:TEMP + "\nextcloudLogin.log") | |
| $message >> $logFile | |
| } | |
| # Use SSO/SAML autologin to get apppassword for webdav mount. | |
| function Get-AppPassword($server) { | |
| $loginUrl = "https://${server}/nextcloud/apps/user_saml/saml/login?originalUrl=&idp=1" | |
| Write-Log "Perform SSO autologin with negotiation (default credentials)" | |
| $request = iwr $loginUrl -UseDefaultCredentials -SessionVariable mysession | |
| $saml = $request.InputFields.FindByName('SAMLResponse').value | |
| Write-Log $saml.StatusCode | |
| Write-Log "Post SAML code to login" | |
| $login = iwr "https://${server}/nextcloud/apps/user_saml/saml/acs" ` | |
| -WebSession $mysession -Method Post ` | |
| -Body @{'SAMLResponse' = $saml; 'RelayState' = "http://${server}/nextcloud/apps/user_saml/saml/login"} | |
| Write-Log $login.StatusCode | |
| $requesttoken = $login.ParsedHtml.getElementsByTagName("head")[0].getAttribute("data-requesttoken") | |
| # Write-Log $requesttoken | |
| Write-Log "Request App Password" | |
| $passwordRequest = iwr "https://${server}/nextcloud/settings/personal/authtokens" ` | |
| -WebSession $mysession -Method Post ` | |
| -Headers @{'Accept' = 'application/json'; 'requesttoken' = $requesttoken} ` | |
| -Body @{'name' = $env:COMPUTERNAME} | |
| Write-Log $passwordRequest.StatusCode | |
| $password = (ConvertFrom-Json $passwordRequest.Content).token | |
| # Write-Log $password | |
| return $password | |
| #Write-Log "Request App Password" | |
| #$urlAppPassword = "https://${server}/nextcloud/ocs/v2.php/core/getapppassword" | |
| #$passwordRequest = iwr $urlAppPassword -Headers @{'OCS-APIRequest' = 'true'} -WebSession $mysession | |
| #Write-Log $passwordRequest.StatusCode | |
| #$password = ([xml]$passwordRequest.Content).ocs.data.apppassword | |
| # Write-Log $password | |
| #return $password | |
| } | |
| function Test-Cloud($driveLetter) { | |
| Write-Log "Test connection to ${driveLetter}:\." | |
| if (cmd /c "IF EXIST ${driveLetter}:\ ECHO 1") { | |
| Write-Log 'Connection successful. Will exit now.' | |
| Exit 0 | |
| } | |
| } | |
| Write-Log "Connecting the Cloud Drive..." | |
| $driveLetter = 'N' # N as in Nextcloud | |
| $server = 'my.nextcloud.de' | |
| #$webdav = "https://${server}/nextcloud/remote.php/dav/files/${env:USERNAME}/" | |
| $webdav = "\\${server}@SSL\nextcloud\remote.php\dav\files\${env:USERNAME}" | |
| $savedCredential = cmdkey.exe /list:${server} | |
| if ($savedCredential -match $env:USERNAME) { | |
| Write-Log "Credentials are stored for ${server} and user ${env:USERNAME}." | |
| NET USE ${driveLetter}: $webdav /SAVECRED /PERSISTENT:NO | |
| if ($LASTEXITCODE -eq 0) {Test-Cloud $driveLetter} | |
| Write-Log "Connection failed. Delete credentials stored for ${server} and user ${env:USERNAME}." | |
| cmdkey.exe /delete:${server} | |
| } | |
| Write-Log "No credentials are stored for ${server} and user ${env:USERNAME}." | |
| $password = Get-AppPassword $server | |
| Write-Log "Store credentials to Windows Credential Manager." | |
| cmdkey.exe /generic:${server} /user:${env:USERNAME} /password:${password} | |
| Write-Log "Storing credentials exit code (0 means successful): ${LASTEXITCODE}" | |
| NET USE ${driveLetter}: | |
| if ($LASTEXITCODE -eq 0) { | |
| Write-Log "Drive ${driveLetter}:\ already exists, will delete it first." | |
| NET USE ${driveLetter}: /delete | |
| } | |
| Write-Log "Change label of the drive." | |
| #$regpath = "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\${webdav}" | |
| #REG ADD $regpath /v _LabelFromReg /t REG_SZ /d Cloud /f | |
| $regpath = "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##${server}@SSL#nextcloud#remote.php#dav#files#${env:USERNAME}" | |
| REG ADD $regpath /v _LabelFromReg /t REG_SZ /d Cloud /f | |
| Write-Log "Connecting to ${webdav} with username ${env:USERNAME} and app password, please wait ..." | |
| NET USE ${driveLetter}: $webdav /SAVECRED /PERSISTENT:NO | |
| Write-Log "Drive mapping error code (0 means successful): ${LASTEXITCODE}" | |
| Test-Cloud $driveLetter | |
| Write-Log "Connection to ${webdav} failed again, exit now." | |
| Exit 1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment