diff options
author | Georg Ehrke <developer@georgehrke.com> | 2017-10-19 12:57:20 +0200 |
---|---|---|
committer | Georg Ehrke <developer@georgehrke.com> | 2019-01-30 19:50:02 +0100 |
commit | 16fec60e8f97d9878242cde63be83846bb923b3e (patch) | |
tree | 20019e7b1cf173824995b018c92a6f5ada061b15 /apps/dav/lib/Provisioning/Apple | |
parent | 54093e2bd6af535e4a70f986f83398b852d49174 (diff) | |
download | nextcloud-server-16fec60e8f97d9878242cde63be83846bb923b3e.tar.gz nextcloud-server-16fec60e8f97d9878242cde63be83846bb923b3e.zip |
Add Apple Provisioning profile
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
Diffstat (limited to 'apps/dav/lib/Provisioning/Apple')
-rw-r--r-- | apps/dav/lib/Provisioning/Apple/AppleProvisioningNode.php | 91 | ||||
-rw-r--r-- | apps/dav/lib/Provisioning/Apple/AppleProvisioningPlugin.php | 269 |
2 files changed, 360 insertions, 0 deletions
diff --git a/apps/dav/lib/Provisioning/Apple/AppleProvisioningNode.php b/apps/dav/lib/Provisioning/Apple/AppleProvisioningNode.php new file mode 100644 index 00000000000..adc28c83429 --- /dev/null +++ b/apps/dav/lib/Provisioning/Apple/AppleProvisioningNode.php @@ -0,0 +1,91 @@ +<?php +/** + * @copyright 2018, Georg Ehrke <oc.list@georgehrke.com> + * + * @author Georg Ehrke <oc.list@georgehrke.com> + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ + +namespace OCA\DAV\Provisioning\Apple; + +use OCP\AppFramework\Utility\ITimeFactory; +use Sabre\DAV\Exception\Forbidden; +use Sabre\DAV\INode; +use Sabre\DAV\IProperties; +use Sabre\DAV\PropPatch; + +class AppleProvisioningNode implements INode, IProperties { + + const FILENAME = 'apple-provisioning.mobileconfig'; + + protected $timeFactory; + + /** + * @param ITimeFactory $timeFactory + */ + public function __construct(ITimeFactory $timeFactory) { + $this->timeFactory = $timeFactory; + } + + /** + * @return string + */ + public function getName() { + return self::FILENAME; + } + + + public function setName($name) { + throw new Forbidden('Renaming ' . self::FILENAME . ' is forbidden'); + } + + /** + * @return null + */ + public function getLastModified() { + return null; + } + + /** + * @throws Forbidden + */ + public function delete() { + throw new Forbidden(self::FILENAME . ' may not be deleted.'); + } + + /** + * @param array $properties + * @return array + */ + public function getProperties($properties) { + $datetime = $this->timeFactory->getDateTime(); + + return [ + '{DAV:}getcontentlength' => 42, + '{DAV:}getlastmodified' => $datetime->format(\DateTime::RFC2822), + ]; + } + + /** + * @param PropPatch $propPatch + * @throws Forbidden + */ + public function propPatch(PropPatch $propPatch) { + throw new Forbidden(self::FILENAME . '\'s properties may not be altered.'); + } +} diff --git a/apps/dav/lib/Provisioning/Apple/AppleProvisioningPlugin.php b/apps/dav/lib/Provisioning/Apple/AppleProvisioningPlugin.php new file mode 100644 index 00000000000..d996f72c160 --- /dev/null +++ b/apps/dav/lib/Provisioning/Apple/AppleProvisioningPlugin.php @@ -0,0 +1,269 @@ +<?php +/** + * @copyright 2018, Georg Ehrke <oc.list@georgehrke.com> + * + * @author Georg Ehrke <oc.list@georgehrke.com> + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ + +namespace OCA\DAV\Provisioning\Apple; + +use OCA\Theming\ThemingDefaults; +use OCP\IL10N; +use OCP\IRequest; +use OCP\IURLGenerator; +use OCP\IUserSession; +use Sabre\DAV\Server; +use Sabre\DAV\ServerPlugin; +use Sabre\DAV\UUIDUtil; +use Sabre\HTTP\RequestInterface; +use Sabre\HTTP\ResponseInterface; + +class AppleProvisioningPlugin extends ServerPlugin { + + /** + * @var Server + */ + protected $server; + + /** + * @var IURLGenerator + */ + protected $urlGenerator; + + /** + * @var IUserSession + */ + protected $userSession; + + /** + * @var ThemingDefaults + */ + protected $themingDefaults; + + /** + * @var IRequest + */ + protected $request; + + /** + * @var IL10N + */ + protected $l10n; + + /** + * @var \closure + */ + protected $uuidClosure; + + /** + * AppleProvisioningPlugin constructor. + * + * @param IUserSession $userSession + * @param IURLGenerator $urlGenerator + * @param ThemingDefaults $themingDefaults + * @param IRequest $request + * @param IL10N $l10n + * @param \closure $uuidClosure + */ + public function __construct(IUserSession $userSession, IURLGenerator $urlGenerator, + ThemingDefaults $themingDefaults, IRequest $request, + IL10N $l10n, \closure $uuidClosure) { + $this->userSession = $userSession; + $this->urlGenerator = $urlGenerator; + $this->themingDefaults = $themingDefaults; + $this->request = $request; + $this->l10n = $l10n; + $this->uuidClosure = $uuidClosure; + } + + /** + * @param Server $server + */ + public function initialize(Server $server) { + $this->server = $server; + $this->server->on('method:GET', [$this, 'httpGet'], 90); + } + + /** + * @param RequestInterface $request + * @param ResponseInterface $response + * @return boolean + */ + public function httpGet(RequestInterface $request, ResponseInterface $response):bool { + if ($request->getPath() !== 'provisioning/' . AppleProvisioningNode::FILENAME) { + return true; + } + + $user = $this->userSession->getUser(); + if (!$user) { + return true; + } + + $serverProtocol = $this->request->getServerProtocol(); + $useSSL = ($serverProtocol === 'https'); + + if (!$useSSL) { + $response->setStatus(200); + $response->setHeader('Content-Type', 'text/plain; charset=utf-8'); + $response->setBody($this->l10n->t('Your %s needs to be configured to use HTTPS in order to use CalDAV and CardDAV with iOS/macOS.', [$this->themingDefaults->getName()])); + + return false; + } + + $absoluteURL = $request->getAbsoluteUrl(); + $parsedUrl = parse_url($absoluteURL); + if (isset($parsedUrl['port'])) { + $serverPort = (int) $parsedUrl['port']; + } else { + $serverPort = 443; + } + $server_url = $parsedUrl['host']; + + $description = $this->themingDefaults->getName(); + $userId = $user->getUID(); + + $reverseDomain = implode('.', array_reverse(explode('.', $parsedUrl['host']))); + + $caldavUUID = call_user_func($this->uuidClosure); + $carddavUUID = call_user_func($this->uuidClosure); + $profileUUID = call_user_func($this->uuidClosure); + + $caldavIdentifier = $reverseDomain . '.' . $caldavUUID; + $carddavIdentifier = $reverseDomain . '.' . $carddavUUID; + $profileIdentifier = $reverseDomain . '.' . $profileUUID; + + $caldavDescription = $this->l10n->t('Configures a CalDAV account'); + $caldavDisplayname = $description . ' CalDAV'; + $carddavDescription = $this->l10n->t('Configures a CardDAV account'); + $carddavDisplayname = $description . ' CardDAV'; + + $filename = $userId . '-' . AppleProvisioningNode::FILENAME; + + $xmlSkeleton = $this->getTemplate(); + $body = vsprintf($xmlSkeleton, array_map(function($v) { + return \htmlspecialchars($v, ENT_XML1, 'UTF-8'); + }, [ + $description, + $server_url, + $userId, + $serverPort, + $caldavDescription, + $caldavDisplayname, + $caldavIdentifier, + $caldavUUID, + $description, + $server_url, + $userId, + $serverPort, + $carddavDescription, + $carddavDisplayname, + $carddavIdentifier, + $carddavUUID, + $description, + $profileIdentifier, + $profileUUID + ] + )); + + $response->setStatus(200); + $response->setHeader('Content-Disposition', 'attachment; filename="' . $filename . '"'); + $response->setHeader('Content-Type', 'application/xml; charset=utf-8'); + $response->setBody($body); + + return false; + } + + /** + * @return string + */ + private function getTemplate():string { + return <<<EOF +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> +<plist version="1.0"> +<dict> + <key>PayloadContent</key> + <array> + <dict> + <key>CalDAVAccountDescription</key> + <string>%s</string> + <key>CalDAVHostName</key> + <string>%s</string> + <key>CalDAVUsername</key> + <string>%s</string> + <key>CalDAVUseSSL</key> + <true/> + <key>CalDAVPort</key> + <integer>%s</integer> + <key>PayloadDescription</key> + <string>%s</string> + <key>PayloadDisplayName</key> + <string>%s</string> + <key>PayloadIdentifier</key> + <string>%s</string> + <key>PayloadType</key> + <string>com.apple.caldav.account</string> + <key>PayloadUUID</key> + <string>%s</string> + <key>PayloadVersion</key> + <integer>1</integer> + </dict> + <dict> + <key>CardDAVAccountDescription</key> + <string>%s</string> + <key>CardDAVHostName</key> + <string>%s</string> + <key>CardDAVUsername</key> + <string>%s</string> + <key>CardDAVUseSSL</key> + <true/> + <key>CardDAVPort</key> + <integer>%s</integer> + <key>PayloadDescription</key> + <string>%s</string> + <key>PayloadDisplayName</key> + <string>%s</string> + <key>PayloadIdentifier</key> + <string>%s</string> + <key>PayloadType</key> + <string>com.apple.carddav.account</string> + <key>PayloadUUID</key> + <string>%s</string> + <key>PayloadVersion</key> + <integer>1</integer> + </dict> + </array> + <key>PayloadDisplayName</key> + <string>%s</string> + <key>PayloadIdentifier</key> + <string>%s</string> + <key>PayloadRemovalDisallowed</key> + <false/> + <key>PayloadType</key> + <string>Configuration</string> + <key>PayloadUUID</key> + <string>%s</string> + <key>PayloadVersion</key> + <integer>1</integer> +</dict> +</plist> + +EOF; + } +} |