summaryrefslogtreecommitdiffstats
path: root/apps/federation/lib
diff options
context:
space:
mode:
authorBjoern Schiessle <bjoern@schiessle.org>2017-07-28 14:43:35 +0200
committerRoeland Jago Douma <roeland@famdouma.nl>2017-08-01 10:07:51 +0200
commit51d85eb2f84675f292279fc4d5977c958620e802 (patch)
treed98d8c25e9d1d2756807b1e4a1a6b6a40fc93f62 /apps/federation/lib
parent2b895e0c60b6f283cb26b2ca0e18a05497103bc2 (diff)
downloadnextcloud-server-51d85eb2f84675f292279fc4d5977c958620e802.tar.gz
nextcloud-server-51d85eb2f84675f292279fc4d5977c958620e802.zip
expire getShareadSecret job after 30 days
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
Diffstat (limited to 'apps/federation/lib')
-rw-r--r--apps/federation/lib/BackgroundJob/GetSharedSecret.php39
-rw-r--r--apps/federation/lib/Controller/OCSAuthAPIController.php5
2 files changed, 42 insertions, 2 deletions
diff --git a/apps/federation/lib/BackgroundJob/GetSharedSecret.php b/apps/federation/lib/BackgroundJob/GetSharedSecret.php
index 8a8d475da61..761ad951e73 100644
--- a/apps/federation/lib/BackgroundJob/GetSharedSecret.php
+++ b/apps/federation/lib/BackgroundJob/GetSharedSecret.php
@@ -76,6 +76,9 @@ class GetSharedSecret extends Job{
private $defaultEndPoint = '/ocs/v2.php/apps/federation/api/v1/shared-secret';
+ /** @var int 30 day = 2592000sec */
+ private $maxLifespan = 2592000;
+
/**
* RequestSharedSecret constructor.
*
@@ -130,8 +133,10 @@ class GetSharedSecret extends Job{
$this->parentExecute($jobList, $logger);
}
- if (!$this->retainJob) {
- $jobList->remove($this, $this->argument);
+ $jobList->remove($this, $this->argument);
+
+ if ($this->retainJob) {
+ $this->reAddJob($jobList, $this->argument);
}
}
@@ -147,10 +152,20 @@ class GetSharedSecret extends Job{
protected function run($argument) {
$target = $argument['url'];
+ $created = isset($argument['created']) ? (int)$argument['created'] : time();
+ $currentTime = time();
$source = $this->urlGenerator->getAbsoluteURL('/');
$source = rtrim($source, '/');
$token = $argument['token'];
+ // kill job after 30 days of trying
+ $deadline = $currentTime - $this->maxLifespan;
+ if ($created < $deadline) {
+ $this->retainJob = false;
+ $this->trustedServers->setServerStatus($target,TrustedServers::STATUS_FAILURE);
+ return;
+ }
+
$endPoints = $this->ocsDiscoveryService->discover($target, 'FEDERATED_SHARING');
$endPoint = isset($endPoints['shared-secret']) ? $endPoints['shared-secret'] : $this->defaultEndPoint;
@@ -215,4 +230,24 @@ class GetSharedSecret extends Job{
}
}
+
+ /**
+ * re-add background job
+ *
+ * @param IJobList $jobList
+ * @param array $argument
+ */
+ protected function reAddJob(IJobList $jobList, array $argument) {
+ $url = $argument['url'];
+ $created = isset($argument['created']) ? (int)$argument['created'] : time();
+ $token = $argument['token'];
+ $this->jobList->add(
+ GetSharedSecret::class,
+ [
+ 'url' => $url,
+ 'token' => $token,
+ 'created' => $created
+ ]
+ );
+ }
}
diff --git a/apps/federation/lib/Controller/OCSAuthAPIController.php b/apps/federation/lib/Controller/OCSAuthAPIController.php
index 594299a2d02..a2a608babac 100644
--- a/apps/federation/lib/Controller/OCSAuthAPIController.php
+++ b/apps/federation/lib/Controller/OCSAuthAPIController.php
@@ -163,6 +163,7 @@ class OCSAuthAPIController extends OCSController{
[
'url' => $url,
'token' => $token,
+ 'created' => $this->getTimestamp()
]
);
@@ -211,4 +212,8 @@ class OCSAuthAPIController extends OCSController{
return hash_equals($storedToken, $token);
}
+ protected function getTimestamp() {
+ return time();
+ }
+
}