From: Jan-Christoph Borchardt Date: Tue, 4 Oct 2011 08:07:46 +0000 (+0200) Subject: renamed unhosted to remoteStorage (needs to be updated with coming protocol version) X-Git-Tag: v3.0~95^2~18^2 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=79da90bb08a7bb0dd1c4d29136dd18b27501888e;p=nextcloud-server.git renamed unhosted to remoteStorage (needs to be updated with coming protocol version) --- diff --git a/apps/remoteStorage/appinfo/app.php b/apps/remoteStorage/appinfo/app.php new file mode 100644 index 00000000000..ac1ecde5082 --- /dev/null +++ b/apps/remoteStorage/appinfo/app.php @@ -0,0 +1,5 @@ + 10, + 'id' => 'remoteStorage', + 'name' => 'remoteStorage compatibility' )); diff --git a/apps/remoteStorage/appinfo/database.xml b/apps/remoteStorage/appinfo/database.xml new file mode 100644 index 00000000000..b4e1ac7d8af --- /dev/null +++ b/apps/remoteStorage/appinfo/database.xml @@ -0,0 +1,59 @@ + + + *dbname* + true + false + latin1 + + *dbprefix*authtoken + + + token + text + + true + 40 + + + appUrl + text + + true + 128 + + + user + text + + true + 64 + + + dataScope + text + + true + 64 + + + userAddress + text + + true + 64 + + + a_app_remotestorage_user + true + + user + ascending + + + token + ascending + + + +
+ diff --git a/apps/remoteStorage/appinfo/info.xml b/apps/remoteStorage/appinfo/info.xml new file mode 100644 index 00000000000..a20c6ff4cd4 --- /dev/null +++ b/apps/remoteStorage/appinfo/info.xml @@ -0,0 +1,10 @@ + + + remoteStorage + remoteStorage compatibility + Enables your users to use ownCloud as their remote storage for unhosted applications. + 0.1 + AGPL + Michiel de Jong + 2 + diff --git a/apps/remoteStorage/compat.php b/apps/remoteStorage/compat.php new file mode 100644 index 00000000000..d383e879510 --- /dev/null +++ b/apps/remoteStorage/compat.php @@ -0,0 +1,123 @@ +. +* +*/ + + +// Do not load FS ... +$RUNTIME_NOSETUPFS = true; + +require_once('../../lib/base.php'); +OC_Util::checkAppEnabled('remoteStorage'); +require_once('Sabre/autoload.php'); +require_once('lib_remoteStorage.php'); +require_once('oauth_ro_auth.php'); + +ini_set('default_charset', 'UTF-8'); +#ini_set('error_reporting', ''); +@ob_clean(); + +//allow use as remote storage for other websites +if(isset($_SERVER['HTTP_ORIGIN'])) { + header('Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN']); + header('Access-Control-Max-Age: 3600'); + header('Access-Control-Allow-Methods: OPTIONS, GET, PUT, DELETE, PROPFIND'); + header('Access-Control-Allow-Headers: Authorization'); +} else { + header('Access-Control-Allow-Origin: *'); +} + +$path = substr($_SERVER["REQUEST_URI"], strlen($_SERVER["SCRIPT_NAME"])); +$pathParts = explode('/', $path); +// for webdav: +// 0/ 1 / 2 / 3 / 4 / 5 / 6 / 7 +// /$ownCloudUser/remoteStorage/webdav/$userHost/$userName/$dataScope/$key +// for oauth: +// 0/ 1 / 2 / 3 / 4 +// /$ownCloudUser/remoteStorage/oauth/auth + +if(count($pathParts) >= 8 && $pathParts[0] == '' && $pathParts[2] == 'remoteStorage' && $pathParts[3] == 'webdav') { + list($dummy0, $ownCloudUser, $dummy2, $dummy3, $userHost, $userName, $dataScope) = $pathParts; + + OC_Util::setupFS($ownCloudUser); + + // Create ownCloud Dir + $publicDir = new OC_Connector_Sabre_Directory(''); + $server = new Sabre_DAV_Server($publicDir); + + // Path to our script + $server->setBaseUri(OC::$WEBROOT."/apps/remoteStorage/compat.php/$ownCloudUser"); + + // Auth backend + $authBackend = new OC_Connector_Sabre_Auth_ro_oauth(OC_remoteStorage::getValidTokens($ownCloudUser, $userName.'@'.$userHost, $dataScope)); + + $authPlugin = new Sabre_DAV_Auth_Plugin($authBackend,'ownCloud');//should use $validTokens here + $server->addPlugin($authPlugin); + + // Also make sure there is a 'data' directory, writable by the server. This directory is used to store information about locks + $lockBackend = new OC_Connector_Sabre_Locks(); + $lockPlugin = new Sabre_DAV_Locks_Plugin($lockBackend); + $server->addPlugin($lockPlugin); + + // And off we go! + $server->exec(); +} else if(count($pathParts) >= 4 && $pathParts[0] == '' && $pathParts[2] == 'remoteStorage' && $pathParts[3] == 'oauth2' && $pathParts[4] = 'auth') { + if(isset($_POST['allow'])) { + //TODO: input checking. these explodes may fail to produces the desired arrays: + $ownCloudUser = $pathParts[1]; + foreach($_GET as $k => $v) { + if($k=='user_address'){ + $userAddress=$v; + } else if($k=='redirect_uri'){ + $appUrl=$v; + } else if($k=='scope'){ + $dataScope=$v; + } + } + if(OC_User::getUser() == $ownCloudUser) { + //TODO: check if this can be faked by editing the cookie in firebug! + $token=OC_remoteStorage::createDataScope($appUrl, $userAddress, $dataScope); + header('Location: '.$_GET['redirect_uri'].'#access_token='.$token.'&token_type=remoteStorage'); + } else { + if($_SERVER['HTTPS']){ + $url = "https://"; + } else { + $url = "http://"; + } + $url .= $_SERVER['SERVER_NAME']; + $url .= substr($_SERVER['SCRIPT_NAME'], 0, -strlen('apps/remoteStorage/compat.php')); + die('Please ' + .'' + .', close the pop-up, and ' + .'
'); + } + } else { + echo '
'; + } +} else { + die('not webdav and not oauth. dont know what to do '.var_export($pathParts, true)); +} diff --git a/apps/remoteStorage/lib_remoteStorage.php b/apps/remoteStorage/lib_remoteStorage.php new file mode 100644 index 00000000000..259efb0da69 --- /dev/null +++ b/apps/remoteStorage/lib_remoteStorage.php @@ -0,0 +1,78 @@ +execute(array($user,$userAddress,$dataScope)); + if( PEAR::isError($result)) { + $entry = 'DB Error: "'.$result->getMessage().'"
'; + $entry .= 'Offending command was: '.$result->getDebugInfo().'
'; + if(defined("DEBUG") && DEBUG) {error_log( $entry );} + die( $entry ); + } + $ret = array(); + while($row=$result->fetchRow()){ + $ret[$row['token']]=$userAddress; + } + return $ret; + } + + public static function getAllTokens() { + $user=OC_User::getUser(); + $query=OC_DB::prepare("SELECT token,appUrl,userAddress,dataScope FROM *PREFIX*authtoken WHERE user=? LIMIT 100"); + $result=$query->execute(array($user)); + if( PEAR::isError($result)) { + $entry = 'DB Error: "'.$result->getMessage().'"
'; + $entry .= 'Offending command was: '.$result->getDebugInfo().'
'; + if(defined("DEBUG") && DEBUG) {error_log( $entry );} + die( $entry ); + } + $ret = array(); + while($row=$result->fetchRow()){ + $ret[$row['token']] = array( + 'appUrl' => $row['appurl'], + 'userAddress' => $row['useraddress'], + 'dataScope' => $row['datascope'], + ); + } + return $ret; + } + + public static function deleteToken($token) { + $user=OC_User::getUser(); + $query=OC_DB::prepare("DELETE FROM *PREFIX*authtoken WHERE token=? AND user=?"); + $result=$query->execute(array($token,$user)); + if( PEAR::isError($result)) { + $entry = 'DB Error: "'.$result->getMessage().'"
'; + $entry .= 'Offending command was: '.$result->getDebugInfo().'
'; + if(defined("DEBUG") && DEBUG) {error_log( $entry );} + die( $entry ); + } + } + private static function addToken($token, $appUrl, $userAddress, $dataScope){ + $user=OC_User::getUser(); + $query=OC_DB::prepare("INSERT INTO *PREFIX*authtoken (`token`,`appUrl`,`user`,`userAddress`,`dataScope`) VALUES(?,?,?,?,?)"); + $result=$query->execute(array($token,$appUrl,$user,$userAddress,$dataScope)); + if( PEAR::isError($result)) { + $entry = 'DB Error: "'.$result->getMessage().'"
'; + $entry .= 'Offending command was: '.$result->getDebugInfo().'
'; + if(defined("DEBUG") && DEBUG) {error_log( $entry );} + die( $entry ); + } + } + public static function createDataScope($appUrl, $userAddress, $dataScope){ + $token=uniqid(); + self::addToken($token, $appUrl, $userAddress, $dataScope); + //TODO: input checking on $userAddress and $dataScope + list($userName, $userHost) = explode('@', $userAddress); + OC_Util::setupFS(OC_User::getUser()); + $scopePathParts = array('remoteStorage', 'webdav', $userHost, $userName, $dataScope); + for($i=0;$i<=count($scopePathParts);$i++){ + $thisPath = '/'.implode('/', array_slice($scopePathParts, 0, $i)); + if(!OC_Filesystem::file_exists($thisPath)) { + OC_Filesystem::mkdir($thisPath); + } + } + return $token; + } +} diff --git a/apps/remoteStorage/oauth_ro_auth.php b/apps/remoteStorage/oauth_ro_auth.php new file mode 100644 index 00000000000..b785d85fead --- /dev/null +++ b/apps/remoteStorage/oauth_ro_auth.php @@ -0,0 +1,73 @@ +validTokens = $validTokensArg; + } + + /** + * Validates a username and password + * + * This method should return true or false depending on if login + * succeeded. + * + * @return bool + */ + protected function validateUserPass($username, $password){ + //always give read-only: + if(in_array($_SERVER['REQUEST_METHOD'], array('GET', 'HEAD', 'OPTIONS'))) { + OC_Util::setUpFS(); + return true; + } else if(isset($this->validTokens[$password]) && $this->validTokens[$password] == $username) { + OC_Util::setUpFS(); + return true; + } else { +var_export($_SERVER); +var_export($this->validTokens); +die('not getting in with "'.$username.'"/"'.$password.'"!'); + return false; + } + } + + //overwriting this to make it not automatically fail if no auth header is found: + public function authenticate(Sabre_DAV_Server $server,$realm) { + $auth = new Sabre_HTTP_BasicAuth(); + $auth->setHTTPRequest($server->httpRequest); + $auth->setHTTPResponse($server->httpResponse); + $auth->setRealm($realm); + $userpass = $auth->getUserPass(); + if (!$userpass) { + if(in_array($_SERVER['REQUEST_METHOD'], array('GET', 'HEAD', 'OPTIONS'))) { + $userpass = array('', ''); + } else { + $auth->requireLogin(); + throw new Sabre_DAV_Exception_NotAuthenticated('No basic authentication headers were found'); + } + } + + // Authenticates the user + if (!$this->validateUserPass($userpass[0],$userpass[1])) { + $auth->requireLogin(); + throw new Sabre_DAV_Exception_NotAuthenticated('Username or password does not match'); + } + $this->currentUser = $userpass[0]; + return true; + } + +} + diff --git a/apps/unhosted/appinfo/app.php b/apps/unhosted/appinfo/app.php deleted file mode 100644 index 84e07304534..00000000000 --- a/apps/unhosted/appinfo/app.php +++ /dev/null @@ -1,5 +0,0 @@ - 10, - 'id' => 'unhosted', - 'name' => 'Unhosted Web' )); diff --git a/apps/unhosted/appinfo/database.xml b/apps/unhosted/appinfo/database.xml deleted file mode 100644 index db25657085b..00000000000 --- a/apps/unhosted/appinfo/database.xml +++ /dev/null @@ -1,59 +0,0 @@ - - - *dbname* - true - false - latin1 - - *dbprefix*authtoken - - - token - text - - true - 40 - - - appUrl - text - - true - 128 - - - user - text - - true - 64 - - - dataScope - text - - true - 64 - - - userAddress - text - - true - 64 - - - a_app_unhostedweb_user - true - - user - ascending - - - token - ascending - - - -
- diff --git a/apps/unhosted/appinfo/info.xml b/apps/unhosted/appinfo/info.xml deleted file mode 100644 index 359620f4578..00000000000 --- a/apps/unhosted/appinfo/info.xml +++ /dev/null @@ -1,10 +0,0 @@ - - - unhosted - Unhosted Web - On websites that allow unhosted accounts, use your owncloud as the storage for your user data - 0.1 - AGPL - Michiel de Jong - 2 - diff --git a/apps/unhosted/compat.php b/apps/unhosted/compat.php deleted file mode 100644 index a514018f71a..00000000000 --- a/apps/unhosted/compat.php +++ /dev/null @@ -1,123 +0,0 @@ -. -* -*/ - - -// Do not load FS ... -$RUNTIME_NOSETUPFS = true; - -require_once('../../lib/base.php'); -OC_Util::checkAppEnabled('unhosted'); -require_once('Sabre/autoload.php'); -require_once('lib_unhosted.php'); -require_once('oauth_ro_auth.php'); - -ini_set('default_charset', 'UTF-8'); -#ini_set('error_reporting', ''); -@ob_clean(); - -//allow use as unhosted storage for other websites -if(isset($_SERVER['HTTP_ORIGIN'])) { - header('Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN']); - header('Access-Control-Max-Age: 3600'); - header('Access-Control-Allow-Methods: OPTIONS, GET, PUT, DELETE, PROPFIND'); - header('Access-Control-Allow-Headers: Authorization'); -} else { - header('Access-Control-Allow-Origin: *'); -} - -$path = substr($_SERVER["REQUEST_URI"], strlen($_SERVER["SCRIPT_NAME"])); -$pathParts = explode('/', $path); -// for webdav: -// 0/ 1 / 2 / 3 / 4 / 5 / 6 / 7 -// /$ownCloudUser/unhosted/webdav/$userHost/$userName/$dataScope/$key -// for oauth: -// 0/ 1 / 2 / 3 / 4 -// /$ownCloudUser/unhosted/oauth/auth - -if(count($pathParts) >= 8 && $pathParts[0] == '' && $pathParts[2] == 'unhosted' && $pathParts[3] == 'webdav') { - list($dummy0, $ownCloudUser, $dummy2, $dummy3, $userHost, $userName, $dataScope) = $pathParts; - - OC_Util::setupFS($ownCloudUser); - - // Create ownCloud Dir - $publicDir = new OC_Connector_Sabre_Directory(''); - $server = new Sabre_DAV_Server($publicDir); - - // Path to our script - $server->setBaseUri(OC::$WEBROOT."/apps/unhosted/compat.php/$ownCloudUser"); - - // Auth backend - $authBackend = new OC_Connector_Sabre_Auth_ro_oauth(OC_UnhostedWeb::getValidTokens($ownCloudUser, $userName.'@'.$userHost, $dataScope)); - - $authPlugin = new Sabre_DAV_Auth_Plugin($authBackend,'ownCloud');//should use $validTokens here - $server->addPlugin($authPlugin); - - // Also make sure there is a 'data' directory, writable by the server. This directory is used to store information about locks - $lockBackend = new OC_Connector_Sabre_Locks(); - $lockPlugin = new Sabre_DAV_Locks_Plugin($lockBackend); - $server->addPlugin($lockPlugin); - - // And off we go! - $server->exec(); -} else if(count($pathParts) >= 4 && $pathParts[0] == '' && $pathParts[2] == 'unhosted' && $pathParts[3] == 'oauth2' && $pathParts[4] = 'auth') { - if(isset($_POST['allow'])) { - //TODO: input checking. these explodes may fail to produces the desired arrays: - $ownCloudUser = $pathParts[1]; - foreach($_GET as $k => $v) { - if($k=='user_address'){ - $userAddress=$v; - } else if($k=='redirect_uri'){ - $appUrl=$v; - } else if($k=='scope'){ - $dataScope=$v; - } - } - if(OC_User::getUser() == $ownCloudUser) { - //TODO: check if this can be faked by editing the cookie in firebug! - $token=OC_UnhostedWeb::createDataScope($appUrl, $userAddress, $dataScope); - header('Location: '.$_GET['redirect_uri'].'#access_token='.$token.'&token_type=unhosted'); - } else { - if($_SERVER['HTTPS']){ - $url = "https://"; - } else { - $url = "http://"; - } - $url .= $_SERVER['SERVER_NAME']; - $url .= substr($_SERVER['SCRIPT_NAME'], 0, -strlen('apps/unhosted/compat.php')); - die('Please ' - .'' - .', close the pop-up, and ' - .'
'); - } - } else { - echo '
'; - } -} else { - die('not webdav and not oauth. dont know what to do '.var_export($pathParts, true)); -} diff --git a/apps/unhosted/lib_unhosted.php b/apps/unhosted/lib_unhosted.php deleted file mode 100644 index 484f469f0ed..00000000000 --- a/apps/unhosted/lib_unhosted.php +++ /dev/null @@ -1,78 +0,0 @@ -execute(array($user,$userAddress,$dataScope)); - if( PEAR::isError($result)) { - $entry = 'DB Error: "'.$result->getMessage().'"
'; - $entry .= 'Offending command was: '.$result->getDebugInfo().'
'; - if(defined("DEBUG") && DEBUG) {error_log( $entry );} - die( $entry ); - } - $ret = array(); - while($row=$result->fetchRow()){ - $ret[$row['token']]=$userAddress; - } - return $ret; - } - - public static function getAllTokens() { - $user=OC_User::getUser(); - $query=OC_DB::prepare("SELECT token,appUrl,userAddress,dataScope FROM *PREFIX*authtoken WHERE user=? LIMIT 100"); - $result=$query->execute(array($user)); - if( PEAR::isError($result)) { - $entry = 'DB Error: "'.$result->getMessage().'"
'; - $entry .= 'Offending command was: '.$result->getDebugInfo().'
'; - if(defined("DEBUG") && DEBUG) {error_log( $entry );} - die( $entry ); - } - $ret = array(); - while($row=$result->fetchRow()){ - $ret[$row['token']] = array( - 'appUrl' => $row['appurl'], - 'userAddress' => $row['useraddress'], - 'dataScope' => $row['datascope'], - ); - } - return $ret; - } - - public static function deleteToken($token) { - $user=OC_User::getUser(); - $query=OC_DB::prepare("DELETE FROM *PREFIX*authtoken WHERE token=? AND user=?"); - $result=$query->execute(array($token,$user)); - if( PEAR::isError($result)) { - $entry = 'DB Error: "'.$result->getMessage().'"
'; - $entry .= 'Offending command was: '.$result->getDebugInfo().'
'; - if(defined("DEBUG") && DEBUG) {error_log( $entry );} - die( $entry ); - } - } - private static function addToken($token, $appUrl, $userAddress, $dataScope){ - $user=OC_User::getUser(); - $query=OC_DB::prepare("INSERT INTO *PREFIX*authtoken (`token`,`appUrl`,`user`,`userAddress`,`dataScope`) VALUES(?,?,?,?,?)"); - $result=$query->execute(array($token,$appUrl,$user,$userAddress,$dataScope)); - if( PEAR::isError($result)) { - $entry = 'DB Error: "'.$result->getMessage().'"
'; - $entry .= 'Offending command was: '.$result->getDebugInfo().'
'; - if(defined("DEBUG") && DEBUG) {error_log( $entry );} - die( $entry ); - } - } - public static function createDataScope($appUrl, $userAddress, $dataScope){ - $token=uniqid(); - self::addToken($token, $appUrl, $userAddress, $dataScope); - //TODO: input checking on $userAddress and $dataScope - list($userName, $userHost) = explode('@', $userAddress); - OC_Util::setupFS(OC_User::getUser()); - $scopePathParts = array('unhosted', 'webdav', $userHost, $userName, $dataScope); - for($i=0;$i<=count($scopePathParts);$i++){ - $thisPath = '/'.implode('/', array_slice($scopePathParts, 0, $i)); - if(!OC_Filesystem::file_exists($thisPath)) { - OC_Filesystem::mkdir($thisPath); - } - } - return $token; - } -} diff --git a/apps/unhosted/oauth_ro_auth.php b/apps/unhosted/oauth_ro_auth.php deleted file mode 100644 index b785d85fead..00000000000 --- a/apps/unhosted/oauth_ro_auth.php +++ /dev/null @@ -1,73 +0,0 @@ -validTokens = $validTokensArg; - } - - /** - * Validates a username and password - * - * This method should return true or false depending on if login - * succeeded. - * - * @return bool - */ - protected function validateUserPass($username, $password){ - //always give read-only: - if(in_array($_SERVER['REQUEST_METHOD'], array('GET', 'HEAD', 'OPTIONS'))) { - OC_Util::setUpFS(); - return true; - } else if(isset($this->validTokens[$password]) && $this->validTokens[$password] == $username) { - OC_Util::setUpFS(); - return true; - } else { -var_export($_SERVER); -var_export($this->validTokens); -die('not getting in with "'.$username.'"/"'.$password.'"!'); - return false; - } - } - - //overwriting this to make it not automatically fail if no auth header is found: - public function authenticate(Sabre_DAV_Server $server,$realm) { - $auth = new Sabre_HTTP_BasicAuth(); - $auth->setHTTPRequest($server->httpRequest); - $auth->setHTTPResponse($server->httpResponse); - $auth->setRealm($realm); - $userpass = $auth->getUserPass(); - if (!$userpass) { - if(in_array($_SERVER['REQUEST_METHOD'], array('GET', 'HEAD', 'OPTIONS'))) { - $userpass = array('', ''); - } else { - $auth->requireLogin(); - throw new Sabre_DAV_Exception_NotAuthenticated('No basic authentication headers were found'); - } - } - - // Authenticates the user - if (!$this->validateUserPass($userpass[0],$userpass[1])) { - $auth->requireLogin(); - throw new Sabre_DAV_Exception_NotAuthenticated('Username or password does not match'); - } - $this->currentUser = $userpass[0]; - return true; - } - -} - diff --git a/apps/user_webfinger/activate.php b/apps/user_webfinger/activate.php index 547c8e54d32..50257232ae4 100644 --- a/apps/user_webfinger/activate.php +++ b/apps/user_webfinger/activate.php @@ -1,11 +1,4 @@ user_webfinger Webfinger - Provide webfinger for all users, so that they can use their ownCloud account as their remote storage on the web. If you don't run owncloud in the root of your domain, for instance if you run it on http://example.com/owncloud/, then makes sure you link http://example.com/.well-known/ to http://example.com/owncloud/apps/user_webfinger/ - for instance by running something like "ln -s /var/www/owncloud/apps/user_webfinger /var/www/.well-known". Only enable this app if you run this owncloud installation on a public web address, not if you run it on an intranet or on localhost. + Provide WebFinger for all users so they get a user address like user@owncloudinstance which can be used for unhosted applications. If you don't run ownCloud in the root of your domain, for instance if you run it on example.com/owncloud/, then make sure you link example.com/.well-known/ to example.com/owncloud/apps/user_webfinger/ - by running something like "ln -s /var/www/owncloud/apps/user_webfinger /var/www/.well-known". Only enable this app if you run this ownCloud installation on a public web address, not if you run it on an intranet or on localhost. 0.1 AGPL Michiel de Jong diff --git a/apps/user_webfinger/webfinger.php b/apps/user_webfinger/webfinger.php index 269bb4758ed..afb53689682 100644 --- a/apps/user_webfinger/webfinger.php +++ b/apps/user_webfinger/webfinger.php @@ -20,5 +20,5 @@ echo "<"; ?xml version="1.0" encoding="UTF-8"?> - +