compliance with http://www.w3.org/community/unhosted/wiki/remoteStorage

5 files changed, 124 insertions, 70 deletions

diff --git a/apps/remoteStorage/compat.php b/apps/remoteStorage/WebDAV.php
index 445257320c6..e048d19e8f2 100644
--- a/apps/remoteStorage/compat.php
+++ b/apps/remoteStorage/WebDAV.php
@@ -52,14 +52,11 @@ if(isset($_SERVER['HTTP_ORIGIN'])) {
 $path = substr($_SERVER["REQUEST_URI"], strlen($_SERVER["SCRIPT_NAME"]));
 $pathParts =  explode('/', $path);
 // for webdav:
-// 0/     1       /   2    /   3  /   4     /    5     /   6     / 7
-//  /$ownCloudUser/remoteStorage/webdav/$userHost/$userName/$dataScope/$key
-// for oauth:
-// 0/      1      /  2     /  3  / 4
-//  /$ownCloudUser/remoteStorage/oauth/auth
+// 0/     1       /   2    /   3...
+//  /$ownCloudUser/remoteStorage/$category/
 
-if(count($pathParts) >= 8 && $pathParts[0] == '' && $pathParts[2] == 'remoteStorage' && $pathParts[3] == 'webdav') {
-	list($dummy0, $ownCloudUser, $dummy2, $dummy3, $userHost, $userName, $dataScope) = $pathParts;
+if(count($pathParts) >= 3 && $pathParts[0] == '') {
+	list($dummy, $ownCloudUser, $dummy2, $category) = $pathParts;
 
 	OC_Util::setupFS($ownCloudUser);
 
@@ -68,10 +65,10 @@ if(count($pathParts) >= 8 && $pathParts[0] == '' && $pathParts[2] == 'remoteStor
 	$server = new Sabre_DAV_Server($publicDir);
 
 	// Path to our script
-	$server->setBaseUri(OC::$WEBROOT."/apps/remoteStorage/compat.php/$ownCloudUser");
+	$server->setBaseUri(OC::$WEBROOT."/apps/remoteStorage/WebDAV.php/$ownCloudUser");
 
 	// Auth backend
-	$authBackend = new OC_Connector_Sabre_Auth_ro_oauth(OC_remoteStorage::getValidTokens($ownCloudUser, $userName.'@'.$userHost, $dataScope));
+	$authBackend = new OC_Connector_Sabre_Auth_ro_oauth(OC_remoteStorage::getValidTokens($ownCloudUser, $category));
 
 	$authPlugin = new Sabre_DAV_Auth_Plugin($authBackend,'ownCloud');//should use $validTokens here
 	$server->addPlugin($authPlugin);
@@ -83,41 +80,6 @@ if(count($pathParts) >= 8 && $pathParts[0] == '' && $pathParts[2] == 'remoteStor
 
 	// And off we go!
 	$server->exec();
-} else if(count($pathParts) >= 4 && $pathParts[0] == '' && $pathParts[2] == 'remoteStorage' && $pathParts[3] == 'oauth2' && $pathParts[4] = 'auth') {
-	if(isset($_POST['allow'])) {
-		//TODO: input checking. these explodes may fail to produces the desired arrays:
-		$ownCloudUser = $pathParts[1];
-		foreach($_GET as $k => $v) {
-			if($k=='user_address'){
-				$userAddress=$v;
-			} else if($k=='redirect_uri'){
-				$appUrl=$v;
-			} else if($k=='scope'){
-				$dataScope=$v;
-			}
-		}
-		if(OC_User::getUser() == $ownCloudUser) {
-			//TODO: check if this can be faked by editing the cookie in firebug!
-			$token=OC_remoteStorage::createDataScope($appUrl, $userAddress, $dataScope);
-			header('Location: '.$_GET['redirect_uri'].'#access_token='.$token.'&token_type=remoteStorage');
-		} else {
-			if((isset($_SERVER['HTTPS'])) && ($_SERVER['HTTPS'])) {
-				$url = "https://";
-			} else {
-				$url = "http://";
-			}
-			$url .= $_SERVER['SERVER_NAME'];
-			$url .= substr($_SERVER['SCRIPT_NAME'], 0, -strlen('apps/remoteStorage/compat.php'));
-			die('Please '
-				.'<input type="submit" onclick="'
-				."window.open('$url','Close me!','height=600,width=300');"
-				.'" value="log in">'
-				.', close the pop-up, and '
-				.'<form method="POST"><input name="allow" type="submit" value="Try again"></form>');
-		}
-	} else {
-		echo '<form method="POST"><input name="allow" type="submit" value="Allow this web app to store stuff on your owncloud."></form>';
-	}
 } else {
-	die('not webdav and not oauth. dont know what to do '.var_export($pathParts, true));
+	die('not the right address format '.var_export($pathParts, true));
 }
diff --git a/apps/remoteStorage/appinfo/database.xml b/apps/remoteStorage/appinfo/database.xml
index b4e1ac7d8af..00ee4942744 100644
--- a/apps/remoteStorage/appinfo/database.xml
+++ b/apps/remoteStorage/appinfo/database.xml
@@ -29,14 +29,7 @@
 				<length>64</length>
 			 </field>
 			<field>
-				<name>dataScope</name>
-				<type>text</type>
-				<default></default>
-				<notnull>true</notnull>
-				<length>64</length>
-			 </field>
-			<field>
-				<name>userAddress</name>
+				<name>category</name>
 				<type>text</type>
 				<default></default>
 				<notnull>true</notnull>
diff --git a/apps/remoteStorage/auth.php b/apps/remoteStorage/auth.php
new file mode 100644
index 00000000000..85421ba3d88
--- /dev/null
+++ b/apps/remoteStorage/auth.php
@@ -0,0 +1,100 @@
+<?php
+
+/**
+* ownCloud
+*
+* Original:
+* @author Frank Karlitschek
+* @copyright 2010 Frank Karlitschek karlitschek@kde.org
+* 
+* Adapted:
+* @author Michiel de Jong, 2011
+*
+* This library is free software; you can redistribute it and/or
+* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
+* License as published by the Free Software Foundation; either
+* version 3 of the License, or any later version.
+*
+* This library is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
+*
+* You should have received a copy of the GNU Affero General Public
+* License along with this library.  If not, see <http://www.gnu.org/licenses/>.
+*
+*/
+
+
+// Do not load FS ...
+$RUNTIME_NOSETUPFS = true;
+
+require_once('../../lib/base.php');
+OC_Util::checkAppEnabled('remoteStorage');
+require_once('Sabre/autoload.php');
+require_once('lib_remoteStorage.php');
+require_once('oauth_ro_auth.php');
+
+ini_set('default_charset', 'UTF-8');
+#ini_set('error_reporting', '');
+@ob_clean();
+
+//allow use as remote storage for other websites
+if(isset($_SERVER['HTTP_ORIGIN'])) {
+	header('Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN']);
+	header('Access-Control-Max-Age: 3600');
+	header('Access-Control-Allow-Methods: OPTIONS, GET, PUT, DELETE, PROPFIND');
+  	header('Access-Control-Allow-Headers: Authorization, Content-Type');
+} else {
+	header('Access-Control-Allow-Origin: *');
+}
+
+$path = substr($_SERVER["REQUEST_URI"], strlen($_SERVER["SCRIPT_NAME"]));
+$pathParts =  explode('/', $path);
+// for webdav:
+// 0/     1       /   2    /   3  /   4     /    5     /   6     / 7
+//  /$ownCloudUser/remoteStorage/webdav/$userHost/$userName/$dataScope/$key
+// for oauth:
+// 0/      1      /  2     /  3  / 4
+//  /$ownCloudUser/remoteStorage/oauth/auth
+
+if(count($pathParts) == 2 && $pathParts[0] == '') {
+	//TODO: input checking. these explodes may fail to produces the desired arrays:
+	$subPathParts = explode('?', $pathParts[1]);
+	$ownCloudUser = $subPathParts[0];
+	foreach($_GET as $k => $v) {
+		if($k=='user_address'){
+			$userAddress=$v;
+		} else if($k=='redirect_uri'){
+			$appUrl=$v;
+		} else if($k=='scope'){
+			$category=$v;
+		}
+	}
+	$currUser = OC_User::getUser();
+	if($currUser == $ownCloudUser) {
+		if(isset($_POST['allow'])) {
+			//TODO: check if this can be faked by editing the cookie in firebug!
+			$token=OC_remoteStorage::createCategory($appUrl, $category);
+			header('Location: '.$_GET['redirect_uri'].'#access_token='.$token.'&token_type=bearer');
+		} else {
+			echo '<form method="POST"><input name="allow" type="submit" value="Allow this web app to store stuff on your owncloud."></form>';
+		}
+	} else {
+		if((isset($_SERVER['HTTPS'])) && ($_SERVER['HTTPS'])) {
+			$url = "https://";
+		} else {
+			$url = "http://";
+		}
+		$url .= $_SERVER['SERVER_NAME'];
+		$url .= substr($_SERVER['SCRIPT_NAME'], 0, -strlen('apps/remoteStorage/compat.php'));
+		die('You are '.($currUser?'logged in as '.$currUser.' instead of '.$ownCloudUser:'not logged in').'. Please '
+			.'<input type="submit" onclick="'
+			."window.open('$url','Close me!','height=600,width=300');"
+			.'" value="log in">'
+			.', close the pop-up, and '
+			.'<form method="POST"><input name="allow" type="submit" value="Click here"></form>');
+	}
+} else {
+	die('please use auth.php/username?params. '.var_export($pathParts, true));
+}
diff --git a/apps/remoteStorage/lib_remoteStorage.php b/apps/remoteStorage/lib_remoteStorage.php
index 4bbadafe7d2..4f19310904e 100644
--- a/apps/remoteStorage/lib_remoteStorage.php
+++ b/apps/remoteStorage/lib_remoteStorage.php
@@ -1,26 +1,25 @@
 <?php
 
 class OC_remoteStorage {
-	public static function getValidTokens($ownCloudUser, $userAddress, $dataScope) {
-		$query=OC_DB::prepare("SELECT token,appUrl FROM *PREFIX*authtoken WHERE user=? AND userAddress=? AND dataScope=? LIMIT 100");
-		$result=$query->execute(array($ownCloudUser,$userAddress,$dataScope));
+	public static function getValidTokens($ownCloudUser, $category) {
+		$query=OC_DB::prepare("SELECT token,appUrl FROM *PREFIX*authtoken WHERE user=? AND category=? LIMIT 100");
+		$result=$query->execute(array($ownCloudUser,$category));
 		$ret = array();
 		while($row=$result->fetchRow()){
-			$ret[$row['token']]=$userAddress;
+			$ret[$row['token']]=true;
 		}
 		return $ret;
 	}
 
 	public static function getAllTokens() {
 		$user=OC_User::getUser();
-		$query=OC_DB::prepare("SELECT token,appUrl,userAddress,dataScope FROM *PREFIX*authtoken WHERE user=? LIMIT 100");
+		$query=OC_DB::prepare("SELECT token,appUrl,category FROM *PREFIX*authtoken WHERE user=? LIMIT 100");
 		$result=$query->execute(array($user));
 		$ret = array();
 		while($row=$result->fetchRow()){
 			$ret[$row['token']] = array(
 				'appUrl' => $row['appurl'],
-				'userAddress' => $row['useraddress'],
-				'dataScope' => $row['datascope'],
+				'category' => $row['category'],
 			);
 		}
 		return $ret;
@@ -31,24 +30,23 @@ class OC_remoteStorage {
 		$query=OC_DB::prepare("DELETE FROM *PREFIX*authtoken WHERE token=? AND user=?");
 		$result=$query->execute(array($token,$user));
 	}
-	private static function addToken($token, $appUrl, $userAddress, $dataScope){
+	private static function addToken($token, $appUrl, $category){
 		$user=OC_User::getUser();
-		$query=OC_DB::prepare("INSERT INTO *PREFIX*authtoken (`token`,`appUrl`,`user`,`userAddress`,`dataScope`) VALUES(?,?,?,?,?)");
-		$result=$query->execute(array($token,$appUrl,$user,$userAddress,$dataScope));
+		$query=OC_DB::prepare("INSERT INTO *PREFIX*authtoken (`token`,`appUrl`,`user`,`category`) VALUES(?,?,?,?)");
+		$result=$query->execute(array($token,$appUrl,$user,$category));
 	}
-	public static function createDataScope($appUrl, $userAddress, $dataScope){
+	public static function createCategory($appUrl, $category) {
 		$token=uniqid();
-		self::addToken($token, $appUrl, $userAddress, $dataScope);
-		//TODO: input checking on $userAddress and $dataScope
-		list($userName, $userHost) = explode('@', $userAddress);
+		self::addToken($token, $appUrl, $category);
+		//TODO: input checking on $category
 		OC_Util::setupFS(OC_User::getUser());
-		$scopePathParts = array('remoteStorage', 'webdav', $userHost, $userName, $dataScope);
+		$scopePathParts = array('remoteStorage', $category);
 		for($i=0;$i<=count($scopePathParts);$i++){
 			$thisPath = '/'.implode('/', array_slice($scopePathParts, 0, $i));
 			if(!OC_Filesystem::file_exists($thisPath)) {
 				OC_Filesystem::mkdir($thisPath);
 			}
 		}
-		return $token;
+		return base64_encode('remoteStorage:'.$token);
 	}
 }
diff --git a/apps/remoteStorage/oauth_ro_auth.php b/apps/remoteStorage/oauth_ro_auth.php
index b785d85fead..5403fbe20c9 100644
--- a/apps/remoteStorage/oauth_ro_auth.php
+++ b/apps/remoteStorage/oauth_ro_auth.php
@@ -13,6 +13,7 @@
  * @author Evert Pot (http://www.rooftopsolutions.nl/) 
  * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License
  */
+
 class OC_Connector_Sabre_Auth_ro_oauth extends Sabre_DAV_Auth_Backend_AbstractBasic {
 	private $validTokens;
 
@@ -52,7 +53,7 @@ die('not getting in with "'.$username.'"/"'.$password.'"!');
 		$auth->setRealm($realm);
 		$userpass = $auth->getUserPass();
 		if (!$userpass) {
-			if(in_array($_SERVER['REQUEST_METHOD'], array('GET', 'HEAD', 'OPTIONS'))) {
+			if(in_array($_SERVER['REQUEST_METHOD'], array('OPTIONS'))) {
 				$userpass = array('', '');
 			} else {
 				$auth->requireLogin();