exchange shared secret

author: Björn Schießle <bjoern@schiessle.org> 2015-11-10 10:50:59 +0100
committer: Björn Schießle <bjoern@schiessle.org> 2015-11-19 18:06:51 +0100
commit: 698100d279fdd8c8bc086e729833705d1a31c018 (patch)
tree: 3e38110373da82a5a89dbbe1a84708b6208b7d51 /apps/federation/backgroundjob
parent: ed039ee5ebdba6778b245f249fe206d2423a6a36 (diff)
download: nextcloud-server-698100d279fdd8c8bc086e729833705d1a31c018.tar.gz
nextcloud-server-698100d279fdd8c8bc086e729833705d1a31c018.zip
2 files changed, 289 insertions, 0 deletions
diff --git a/apps/federation/backgroundjob/getsharedsecret.php b/apps/federation/backgroundjob/getsharedsecret.php
new file mode 100644
index 00000000000..665c6ec6cce
--- /dev/null
+++ b/apps/federation/backgroundjob/getsharedsecret.php
@@ -0,0 +1,155 @@
+<?php
+/**
+ * @author Björn Schießle <schiessle@owncloud.com>
+ *
+ * @copyright Copyright (c) 2015, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+
+namespace OCA\Federation\BackgroundJob;
+
+use OC\BackgroundJob\QueuedJob;
+use OCA\Federation\DbHandler;
+use OCA\Federation\TrustedServers;
+use OCP\AppFramework\Http;
+use OCP\BackgroundJob\IJobList;
+use OCP\Http\Client\IClient;
+use OCP\ILogger;
+use OCP\IURLGenerator;
+
+/**
+ * Class GetSharedSecret
+ *
+ * request shared secret from remote ownCloud
+ *
+ * @package OCA\Federation\Backgroundjob
+ */
+class GetSharedSecret extends QueuedJob{
+
+	/** @var IClient */
+	private $httpClient;
+
+	/** @var IJobList */
+	private $jobList;
+
+	/** @var IURLGenerator */
+	private $urlGenerator;
+
+	/** @var TrustedServers  */
+	private $trustedServers;
+
+	/** @var ILogger */
+	private $logger;
+
+	private $endPoint = '/ocs/v2.php/apps/federation/api/v1/shared-secret?format=json';
+
+	/**
+	 * RequestSharedSecret constructor.
+	 *
+	 * @param IClient $httpClient
+	 * @param IURLGenerator $urlGenerator
+	 * @param IJobList $jobList
+	 * @param TrustedServers $trustedServers
+	 * @param ILogger $logger
+	 */
+	public function __construct(
+		IClient $httpClient = null,
+		IURLGenerator $urlGenerator = null,
+		IJobList $jobList = null,
+		TrustedServers $trustedServers = null,
+		ILogger $logger = null
+	) {
+		$this->logger = $logger ? $logger : \OC::$server->getLogger();
+		$this->httpClient = $httpClient ? $httpClient : \OC::$server->getHTTPClientService()->newClient();
+		$this->jobList = $jobList ? $jobList : \OC::$server->getJobList();
+		$this->urlGenerator = $urlGenerator ? $urlGenerator : \OC::$server->getURLGenerator();
+		if ($trustedServers) {
+			$this->trustedServers = $trustedServers;
+		} else {
+			$this->trustedServers = new TrustedServers(
+					new DbHandler(\OC::$server->getDatabaseConnection(), \OC::$server->getL10N('federation')),
+					\OC::$server->getHTTPClientService(),
+					\OC::$server->getLogger(),
+					$this->jobList,
+					\OC::$server->getSecureRandom()
+			);
+		}
+	}
+
+	/**
+	 * run the job, then remove it from the joblist
+	 *
+	 * @param JobList $jobList
+	 * @param ILogger $logger
+	 */
+	public function execute($jobList, ILogger $logger = null) {
+		$jobList->remove($this, $this->argument);
+		$target = $this->argument['url'];
+		// only execute if target is still in the list of trusted domains
+		if ($this->trustedServers->isTrustedServer($target)) {
+			parent::execute($jobList, $logger);
+		}
+	}
+
+	protected function run($argument) {
+		$target = $argument['url'];
+		$source = $this->urlGenerator->getAbsoluteURL('/');
+		$source = rtrim($source, '/');
+		$token = $argument['token'];
+
+		$result = $this->httpClient->get(
+			$target . $this->endPoint,
+			[
+				'query' =>
+					[
+						'url' => $source,
+						'token' => $token
+					],
+				'timeout' => 3,
+				'connect_timeout' => 3,
+			]
+		);
+
+		$status = $result->getStatusCode();
+
+		// if we received a unexpected response we try again later
+		if (
+			$status !== Http::STATUS_OK
+			&& $status !== Http::STATUS_FORBIDDEN
+		) {
+			$this->jobList->add(
+				'OCA\Federation\Backgroundjob\RequestSharedSecret',
+				$argument
+			);
+		} elseif ($status === Http::STATUS_OK) {
+			$body = $result->getBody();
+			$result = json_decode($body, true);
+			if (isset($result['ocs']['data']['sharedSecret'])) {
+				$this->trustedServers->addSharedSecret(
+						$target,
+						$result['ocs']['data']['sharedSecret']
+				);
+			} else {
+				$this->logger->error(
+						'remote server "' . $target . '"" does not return a valid shared secret',
+						['app' => 'federation']
+				);
+				$this->trustedServers->setServerStatus($target, TrustedServers::STATUS_FAILURE);
+			}
+		}
+	}
+}
diff --git a/apps/federation/backgroundjob/requestsharedsecret.php b/apps/federation/backgroundjob/requestsharedsecret.php
new file mode 100644
index 00000000000..b61026a4d66
--- /dev/null
+++ b/apps/federation/backgroundjob/requestsharedsecret.php
@@ -0,0 +1,134 @@
+<?php
+/**
+ * @author Björn Schießle <schiessle@owncloud.com>
+ *
+ * @copyright Copyright (c) 2015, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+
+namespace OCA\Federation\BackgroundJob;
+
+
+use OC\BackgroundJob\QueuedJob;
+use OCA\Federation\DbHandler;
+use OCA\Federation\TrustedServers;
+use OCP\AppFramework\Http;
+use OCP\BackgroundJob\IJobList;
+use OCP\Http\Client\IClient;
+use OCP\ILogger;
+use OCP\IURLGenerator;
+
+/**
+ * Class RequestSharedSecret
+ *
+ * Ask remote ownCloud to request a sharedSecret from this server
+ *
+ * @package OCA\Federation\Backgroundjob
+ */
+class RequestSharedSecret extends QueuedJob {
+
+	/** @var IClient */
+	private $httpClient;
+
+	/** @var IJobList */
+	private $jobList;
+
+	/** @var IURLGenerator */
+	private $urlGenerator;
+
+	private $endPoint = '/ocs/v2.php/apps/federation/api/v1/request-shared-secret?format=json';
+
+	/**
+	 * RequestSharedSecret constructor.
+	 *
+	 * @param IClient $httpClient
+	 * @param IURLGenerator $urlGenerator
+	 * @param IJobList $jobList
+	 * @param TrustedServers $trustedServers
+	 */
+	public function __construct(
+		IClient $httpClient = null,
+		IURLGenerator $urlGenerator = null,
+		IJobList $jobList = null,
+		TrustedServers $trustedServers = null
+	) {
+		$this->httpClient = $httpClient ? $httpClient : \OC::$server->getHTTPClientService()->newClient();
+		$this->jobList = $jobList ? $jobList : \OC::$server->getJobList();
+		$this->urlGenerator = $urlGenerator ? $urlGenerator : \OC::$server->getURLGenerator();
+		if ($trustedServers) {
+			$this->trustedServers = $trustedServers;
+		} else {
+			$this->trustedServers = new TrustedServers(
+				new DbHandler(\OC::$server->getDatabaseConnection(), \OC::$server->getL10N('federation')),
+				\OC::$server->getHTTPClientService(),
+				\OC::$server->getLogger(),
+				$this->jobList,
+				\OC::$server->getSecureRandom()
+			);
+		}
+	}
+
+
+	/**
+	 * run the job, then remove it from the joblist
+	 *
+	 * @param JobList $jobList
+	 * @param ILogger $logger
+	 */
+	public function execute($jobList, ILogger $logger = null) {
+		$jobList->remove($this, $this->argument);
+		$target = $this->argument['url'];
+		// only execute if target is still in the list of trusted domains
+		if ($this->trustedServers->isTrustedServer($target)) {
+			parent::execute($jobList, $logger);
+		}
+	}
+
+	protected function run($argument) {
+
+		$target = $argument['url'];
+		$source = $this->urlGenerator->getAbsoluteURL('/');
+		$source = rtrim($source, '/');
+		$token = $argument['token'];
+
+		$result = $this->httpClient->post(
+			$target . $this->endPoint,
+			[
+				'body' => [
+					'url' => $source,
+					'token' => $token,
+				],
+				'timeout' => 3,
+				'connect_timeout' => 3,
+			]
+		);
+
+		$status = $result->getStatusCode();
+
+		// if we received a unexpected response we try again later
+		if (
+			$status !== Http::STATUS_OK
+			&& $status !== Http::STATUS_FORBIDDEN
+		) {
+			$this->jobList->add(
+				'OCA\Federation\BackgroundJob\RequestSharedSecret',
+				$argument
+			);
+		}
+
+	}
+}
author	Björn Schießle <bjoern@schiessle.org>	2015-11-10 10:50:59 +0100
committer	Björn Schießle <bjoern@schiessle.org>	2015-11-19 18:06:51 +0100
commit	698100d279fdd8c8bc086e729833705d1a31c018 (patch)
tree	3e38110373da82a5a89dbbe1a84708b6208b7d51 /apps/federation/backgroundjob
parent	ed039ee5ebdba6778b245f249fe206d2423a6a36 (diff)
download	nextcloud-server-698100d279fdd8c8bc086e729833705d1a31c018.tar.gz nextcloud-server-698100d279fdd8c8bc086e729833705d1a31c018.zip