diff options
| author | Roeland Jago Douma <roeland@famdouma.nl> | 2016-08-19 14:25:59 +0200 |
|---|---|---|
| committer | Roeland Jago Douma <roeland@famdouma.nl> | 2016-08-28 11:40:53 +0200 |
| commit | 16ff207465335b624e67b9a9d0dae00ef23cd45c (patch) | |
| tree | 9c7f4e5ec1eb53d66aaeb6c379f9ebbc55f04ae7 /apps/federation/lib | |
| parent | b580c3664de3de11460e8adabc01f3f5eeb07d02 (diff) | |
| download | nextcloud-server-16ff207465335b624e67b9a9d0dae00ef23cd45c.tar.gz nextcloud-server-16ff207465335b624e67b9a9d0dae00ef23cd45c.zip | |
Move OCSAuthAPI to AppFramework
* Convert class
* Convert routes
* Convert tests
Diffstat (limited to 'apps/federation/lib')
| -rw-r--r-- | apps/federation/lib/Controller/OCSAuthAPIController.php (renamed from apps/federation/lib/API/OCSAuthAPI.php) | 44 |
1 files changed, 27 insertions, 17 deletions
diff --git a/apps/federation/lib/API/OCSAuthAPI.php b/apps/federation/lib/Controller/OCSAuthAPIController.php index a22de155d4c..68e0f8b271e 100644 --- a/apps/federation/lib/API/OCSAuthAPI.php +++ b/apps/federation/lib/Controller/OCSAuthAPIController.php @@ -25,11 +25,13 @@ */ -namespace OCA\Federation\API; +namespace OCA\Federation\Controller; use OCA\Federation\DbHandler; use OCA\Federation\TrustedServers; use OCP\AppFramework\Http; +use OCP\AppFramework\OCS\OCSForbiddenException; +use OCP\AppFramework\OCSController; use OCP\BackgroundJob\IJobList; use OCP\ILogger; use OCP\IRequest; @@ -40,12 +42,9 @@ use OCP\Security\ISecureRandom; * * OCS API end-points to exchange shared secret between two connected ownClouds * - * @package OCA\Federation\API + * @package OCA\Federation\Controller */ -class OCSAuthAPI { - - /** @var IRequest */ - private $request; +class OCSAuthAPIController extends OCSController{ /** @var ISecureRandom */ private $secureRandom; @@ -65,6 +64,7 @@ class OCSAuthAPI { /** * OCSAuthAPI constructor. * + * @param string $appName * @param IRequest $request * @param ISecureRandom $secureRandom * @param IJobList $jobList @@ -73,6 +73,7 @@ class OCSAuthAPI { * @param ILogger $logger */ public function __construct( + $appName, IRequest $request, ISecureRandom $secureRandom, IJobList $jobList, @@ -80,7 +81,8 @@ class OCSAuthAPI { DbHandler $dbHandler, ILogger $logger ) { - $this->request = $request; + parent::__construct($appName, $request); + $this->secureRandom = $secureRandom; $this->jobList = $jobList; $this->trustedServers = $trustedServers; @@ -89,9 +91,13 @@ class OCSAuthAPI { } /** + * @NoCSRFRequired + * @PublicPage + * * request received to ask remote server for a shared secret * - * @return \OC_OCS_Result + * @return Http\DataResponse + * @throws OCSForbiddenException */ public function requestSharedSecret() { @@ -100,7 +106,7 @@ class OCSAuthAPI { if ($this->trustedServers->isTrustedServer($url) === false) { $this->logger->error('remote server not trusted (' . $url . ') while requesting shared secret', ['app' => 'federation']); - return new \OC_OCS_Result(null, HTTP::STATUS_FORBIDDEN); + throw new OCSForbiddenException(); } // if both server initiated the exchange of the shared secret the greater @@ -111,7 +117,7 @@ class OCSAuthAPI { 'remote server (' . $url . ') presented lower token. We will initiate the exchange of the shared secret.', ['app' => 'federation'] ); - return new \OC_OCS_Result(null, HTTP::STATUS_FORBIDDEN); + throw new OCSForbiddenException(); } // we ask for the shared secret so we no longer have to ask the other server @@ -131,14 +137,17 @@ class OCSAuthAPI { ] ); - return new \OC_OCS_Result(null, Http::STATUS_OK); - + return new Http\DataResponse(); } /** + * @NoCSRFRequired + * @PublicPage + * * create shared secret and return it * - * @return \OC_OCS_Result + * @return Http\DataResponse + * @throws OCSForbiddenException */ public function getSharedSecret() { @@ -147,7 +156,7 @@ class OCSAuthAPI { if ($this->trustedServers->isTrustedServer($url) === false) { $this->logger->error('remote server not trusted (' . $url . ') while getting shared secret', ['app' => 'federation']); - return new \OC_OCS_Result(null, HTTP::STATUS_FORBIDDEN); + throw new OCSForbiddenException(); } if ($this->isValidToken($url, $token) === false) { @@ -156,7 +165,7 @@ class OCSAuthAPI { 'remote server (' . $url . ') didn\'t send a valid token (got "' . $token . '" but expected "'. $expectedToken . '") while getting shared secret', ['app' => 'federation'] ); - return new \OC_OCS_Result(null, HTTP::STATUS_FORBIDDEN); + throw new OCSForbiddenException(); } $sharedSecret = $this->secureRandom->generate(32); @@ -165,8 +174,9 @@ class OCSAuthAPI { // reset token after the exchange of the shared secret was successful $this->dbHandler->addToken($url, ''); - return new \OC_OCS_Result(['sharedSecret' => $sharedSecret], Http::STATUS_OK); - + return new Http\DataResponse([ + 'sharedSecret' => $sharedSecret + ]); } protected function isValidToken($url, $token) { |