Add config option to allow basic auth only for guests

[jvillafanez]

Guests will be able to access ownCloud using basic auth, but other users will need to access through other mechanisms such as oidc.

Description

The new openid-connect.basic_auth_guest_only config option only allows guests to be able to log in using basic auth. Other users will need to use another auth mechanisms (such as oidc)

Note that the users can still log in with ANY OTHER auth mechanism available, not just oidc. It's expected that oidc is the only alternative though.

NOTE: minimum OC version raised to 10.4 in order to use the UserTypeHelper to detect guest users.

To be checked:

• remember me feature doesn't work with this app. It might still be useful for the guests though. We might need to disable the feature from the app info.
• App password aren't expected to work

Related Issue

https://github.com/owncloud/enterprise/issues/5295

Motivation and Context

How Has This Been Tested?

Manually tested:

1. Setup:
   • Keycloak with LDAP connected
   • Guest app installed
   • user_ldap app installed and connected to the same server which keycloak is connected to.
   • openidconnect app connected to keycloak
2. Set 'openid-connect.basic_auth_guest_only' => true in the config.php file
3. Ensure you can access with userA through keycloak using openidconnect (using the alternative login in the login page)
4. Ensure you can access with a guest user using username and password in the ownCloud's login page
5. Ensure you cannot access with userA through the ownCloud's login page

Note: Users (except guests) MUST also use a different auth mechanism (such as oidc) in order to access to the webdav interface. This might affect mobile and desktop clients. It's expected to work, but not tested yet.

Screenshots (if appropriate):

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)
• Technical debt
• Tests

Checklist:

• Code changes
• Unit tests added
• Acceptance tests added
• Documentation ticket raised:

Open tasks:

• Unit tests

[CLAassistant]

All committers have signed the CLA.

[DeepDiver1975]

• testable via unit test ?
• 🤖 is 🔴

[DeepDiver1975]

Maybe only add the listener if config states ...... but minor detail .....

[sonarqubecloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
6 Code Smells

0.0% Coverage
0.0% Duplication

[pmaier1]

Needs documentation @mmattel -> owncloud/docs-server#665

[ChrisEdS]

Needs also translation for the new error message?

[DeepDiver1975]

indeed - until today we don't have any translations .... I can take care