Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>tags/v13.0.0beta1
@@ -76,6 +76,9 @@ class GetSharedSecret extends Job{ | |||
private $defaultEndPoint = '/ocs/v2.php/apps/federation/api/v1/shared-secret'; | |||
/** @var int 30 day = 2592000sec */ | |||
private $maxLifespan = 2592000; | |||
/** | |||
* RequestSharedSecret constructor. | |||
* | |||
@@ -130,8 +133,10 @@ class GetSharedSecret extends Job{ | |||
$this->parentExecute($jobList, $logger); | |||
} | |||
if (!$this->retainJob) { | |||
$jobList->remove($this, $this->argument); | |||
$jobList->remove($this, $this->argument); | |||
if ($this->retainJob) { | |||
$this->reAddJob($jobList, $this->argument); | |||
} | |||
} | |||
@@ -147,10 +152,20 @@ class GetSharedSecret extends Job{ | |||
protected function run($argument) { | |||
$target = $argument['url']; | |||
$created = isset($argument['created']) ? (int)$argument['created'] : time(); | |||
$currentTime = time(); | |||
$source = $this->urlGenerator->getAbsoluteURL('/'); | |||
$source = rtrim($source, '/'); | |||
$token = $argument['token']; | |||
// kill job after 30 days of trying | |||
$deadline = $currentTime - $this->maxLifespan; | |||
if ($created < $deadline) { | |||
$this->retainJob = false; | |||
$this->trustedServers->setServerStatus($target,TrustedServers::STATUS_FAILURE); | |||
return; | |||
} | |||
$endPoints = $this->ocsDiscoveryService->discover($target, 'FEDERATED_SHARING'); | |||
$endPoint = isset($endPoints['shared-secret']) ? $endPoints['shared-secret'] : $this->defaultEndPoint; | |||
@@ -215,4 +230,24 @@ class GetSharedSecret extends Job{ | |||
} | |||
} | |||
/** | |||
* re-add background job | |||
* | |||
* @param IJobList $jobList | |||
* @param array $argument | |||
*/ | |||
protected function reAddJob(IJobList $jobList, array $argument) { | |||
$url = $argument['url']; | |||
$created = isset($argument['created']) ? (int)$argument['created'] : time(); | |||
$token = $argument['token']; | |||
$this->jobList->add( | |||
GetSharedSecret::class, | |||
[ | |||
'url' => $url, | |||
'token' => $token, | |||
'created' => $created | |||
] | |||
); | |||
} | |||
} |
@@ -163,6 +163,7 @@ class OCSAuthAPIController extends OCSController{ | |||
[ | |||
'url' => $url, | |||
'token' => $token, | |||
'created' => $this->getTimestamp() | |||
] | |||
); | |||
@@ -211,4 +212,8 @@ class OCSAuthAPIController extends OCSController{ | |||
return hash_equals($storedToken, $token); | |||
} | |||
protected function getTimestamp() { | |||
return time(); | |||
} | |||
} |
@@ -59,6 +59,9 @@ class OCSAuthAPIControllerTest extends TestCase { | |||
/** @var OCSAuthAPIController */ | |||
private $ocsAuthApi; | |||
/** @var int simulated timestamp */ | |||
private $currentTime = 1234567; | |||
public function setUp() { | |||
parent::setUp(); | |||
@@ -73,15 +76,20 @@ class OCSAuthAPIControllerTest extends TestCase { | |||
$this->logger = $this->getMockBuilder('OCP\ILogger') | |||
->disableOriginalConstructor()->getMock(); | |||
$this->ocsAuthApi = new OCSAuthAPIController( | |||
'federation', | |||
$this->request, | |||
$this->secureRandom, | |||
$this->jobList, | |||
$this->trustedServers, | |||
$this->dbHandler, | |||
$this->logger | |||
); | |||
$this->ocsAuthApi = $this->getMockBuilder(OCSAuthAPIController::class) | |||
->setConstructorArgs( | |||
[ | |||
'federation', | |||
$this->request, | |||
$this->secureRandom, | |||
$this->jobList, | |||
$this->trustedServers, | |||
$this->dbHandler, | |||
$this->logger | |||
] | |||
)->setMethods(['getTimestamp'])->getMock(); | |||
$this->ocsAuthApi->expects($this->any())->method('getTimestamp')->willReturn($this->currentTime); | |||
} | |||
@@ -105,7 +113,7 @@ class OCSAuthAPIControllerTest extends TestCase { | |||
if ($ok) { | |||
$this->jobList->expects($this->once())->method('add') | |||
->with('OCA\Federation\BackgroundJob\GetSharedSecret', ['url' => $url, 'token' => $token]); | |||
->with('OCA\Federation\BackgroundJob\GetSharedSecret', ['url' => $url, 'token' => $token, 'created' => $this->currentTime]); | |||
$this->jobList->expects($this->once())->method('remove') | |||
->with('OCA\Federation\BackgroundJob\RequestSharedSecret', ['url' => $url, 'token' => $localToken]); | |||
} else { |