Add config option to allow basic auth only for guests

jvillafanez commented 1 year ago

Guests will be able to access ownCloud using basic auth, but other users will need to access through other mechanisms such as oidc.

Description

The new openid-connect.basic_auth_guest_only config option only allows guests to be able to log in using basic auth. Other users will need to use another auth mechanisms (such as oidc)

Note that the users can still log in with ANY OTHER auth mechanism available, not just oidc. It's expected that oidc is the only alternative though.

NOTE: minimum OC version raised to 10.4 in order to use the UserTypeHelper to detect guest users.

To be checked:

remember me feature doesn't work with this app. It might still be useful for the guests though. We might need to disable the feature from the app info.
App password aren't expected to work

Motivation and Context

How Has This Been Tested?

Manually tested:

Setup:
- Keycloak with LDAP connected
- Guest app installed
- user_ldap app installed and connected to the same server which keycloak is connected to.
- openidconnect app connected to keycloak
Set 'openid-connect.basic_auth_guest_only' => true in the config.php file
Ensure you can access with userA through keycloak using openidconnect (using the alternative login in the login page)
Ensure you can access with a guest user using username and password in the ownCloud's login page
Ensure you cannot access with userA through the ownCloud's login page

Screenshot from 2022-09-26 14-06-15

Note: Users (except guests) MUST also use a different auth mechanism (such as oidc) in order to access to the webdav interface. This might affect mobile and desktop clients. It's expected to work, but not tested yet.

Screenshots (if appropriate):

Types of changes

[ ] Bug fix (non-breaking change which fixes an issue)
[x] New feature (non-breaking change which adds functionality)
[ ] Breaking change (fix or feature that would cause existing functionality to change)
[ ] Technical debt
[ ] Tests