renaming core_unhosted app to just unhosted, and cleaning up unused files in it

author: Michiel@unhosted <michiel@unhosted.org> 2011-09-02 15:25:04 +0200
committer: Michiel@unhosted <michiel@unhosted.org> 2011-09-02 15:25:04 +0200
commit: e798c32375dd01ec578ccd6fd9420c72a22e4fc4 (patch)
tree: 22fa25be6cea077c9eddf498d5fb7a4d78f3a08d /apps/unhosted
parent: 71205b8b07be83c0a1ced3ce5dfe92629c7a5cc3 (diff)
download: nextcloud-server-e798c32375dd01ec578ccd6fd9420c72a22e4fc4.tar.gz
nextcloud-server-e798c32375dd01ec578ccd6fd9420c72a22e4fc4.zip
6 files changed, 343 insertions, 0 deletions
diff --git a/apps/unhosted/appinfo/app.php b/apps/unhosted/appinfo/app.php
new file mode 100644
index 00000000000..84e07304534
--- /dev/null
+++ b/apps/unhosted/appinfo/app.php
@@ -0,0 +1,5 @@
+<?php
+OC_App::register( array( 
+  'order' => 10,
+  'id' => 'unhosted',
+  'name' => 'Unhosted Web' ));
diff --git a/apps/unhosted/appinfo/database.xml b/apps/unhosted/appinfo/database.xml
new file mode 100644
index 00000000000..db25657085b
--- /dev/null
+++ b/apps/unhosted/appinfo/database.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="ISO-8859-1" ?>
+<database>
+	 <name>*dbname*</name>
+	 <create>true</create>
+	 <overwrite>false</overwrite>
+	 <charset>latin1</charset>
+	 <table>
+		<name>*dbprefix*authtoken</name>
+		<declaration>
+			<field>
+				<name>token</name>
+				<type>text</type>
+				<default></default>
+				<notnull>true</notnull>
+				<length>40</length>
+			</field>
+			<field>
+				<name>appUrl</name>
+				<type>text</type>
+				<default></default>
+				<notnull>true</notnull>
+				<length>128</length>
+			</field>
+			<field>
+				<name>user</name>
+				<type>text</type>
+				<default></default>
+				<notnull>true</notnull>
+				<length>64</length>
+			 </field>
+			<field>
+				<name>dataScope</name>
+				<type>text</type>
+				<default></default>
+				<notnull>true</notnull>
+				<length>64</length>
+			 </field>
+			<field>
+				<name>userAddress</name>
+				<type>text</type>
+				<default></default>
+				<notnull>true</notnull>
+				<length>64</length>
+			 </field>
+			<index>
+				<name>a_app_unhostedweb_user</name>
+				<unique>true</unique>
+				<field>
+					<name>user</name>
+					<sorting>ascending</sorting>
+				</field>
+				<field>
+					<name>token</name>
+					<sorting>ascending</sorting>
+				</field>
+			</index>
+		</declaration>
+	</table>
+</database>
diff --git a/apps/unhosted/appinfo/info.xml b/apps/unhosted/appinfo/info.xml
new file mode 100644
index 00000000000..359620f4578
--- /dev/null
+++ b/apps/unhosted/appinfo/info.xml
@@ -0,0 +1,10 @@
+<?xml version="1.0"?>
+<info>
+	<id>unhosted</id>
+	<name>Unhosted Web</name>
+	<description>On websites that allow unhosted accounts, use your owncloud as the storage for your user data</description>
+	<version>0.1</version>
+	<licence>AGPL</licence>
+	<author>Michiel de Jong</author>
+	<require>2</require>
+</info>
diff --git a/apps/unhosted/compat.php b/apps/unhosted/compat.php
new file mode 100644
index 00000000000..88dac5e7b55
--- /dev/null
+++ b/apps/unhosted/compat.php
@@ -0,0 +1,110 @@
+<?php
+
+/**
+* ownCloud
+*
+* Original:
+* @author Frank Karlitschek
+* @copyright 2010 Frank Karlitschek karlitschek@kde.org
+* 
+* Adapted:
+* @author Michiel de Jong, 2011
+*
+* This library is free software; you can redistribute it and/or
+* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
+* License as published by the Free Software Foundation; either
+* version 3 of the License, or any later version.
+*
+* This library is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
+*
+* You should have received a copy of the GNU Affero General Public
+* License along with this library.  If not, see <http://www.gnu.org/licenses/>.
+*
+*/
+
+
+// Do not load FS ...
+$RUNTIME_NOSETUPFS = true;
+
+require_once('../../lib/base.php');
+require_once('Sabre/autoload.php');
+require_once('lib_unhosted.php');
+require_once('oauth_ro_auth.php');
+
+ini_set('default_charset', 'UTF-8');
+#ini_set('error_reporting', '');
+@ob_clean();
+
+//allow use as unhosted storage for other websites
+if(isset($_SERVER['HTTP_ORIGIN'])) {
+	header('Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN']);
+	header('Access-Control-Max-Age: 3600');
+	header('Access-Control-Allow-Methods: OPTIONS, GET, PUT, DELETE, PROPFIND');
+  	header('Access-Control-Allow-Headers: Authorization');
+} else {
+	header('Access-Control-Allow-Origin: *');
+}
+
+$path = substr($_SERVER["REQUEST_URI"], strlen($_SERVER["SCRIPT_NAME"]));
+$pathParts =  explode('/', $path);
+// for webdav:
+// 0/     1       /   2    /   3  /   4     /    5     /   6     / 7
+//  /$ownCloudUser/unhosted/webdav/$userHost/$userName/$dataScope/$key
+// for oauth:
+// 0/      1      /  2     /  3  / 4
+//  /$ownCloudUser/unhosted/oauth/auth
+
+if(count($pathParts) >= 8 && $pathParts[0] == '' && $pathParts[2] == 'unhosted' && $pathParts[3] == 'webdav') {
+	list($dummy0, $ownCloudUser, $dummy2, $dummy3, $userHost, $userName, $dataScope) = $pathParts;
+
+	OC_Util::setupFS($ownCloudUser);
+
+	// Create ownCloud Dir
+	$publicDir = new OC_Connector_Sabre_Directory('');
+	$server = new Sabre_DAV_Server($publicDir);
+
+	// Path to our script
+	$server->setBaseUri("$WEBROOT/apps/core_unhosted/compat.php/$ownCloudUser");
+
+	// Auth backend
+	$authBackend = new OC_Connector_Sabre_Auth_ro_oauth(OC_UnhostedWeb::getValidTokens($ownCloudUser, $userName.'@'.$userHost, $dataScope));
+
+	$authPlugin = new Sabre_DAV_Auth_Plugin($authBackend,'ownCloud');//should use $validTokens here
+	$server->addPlugin($authPlugin);
+
+	// Also make sure there is a 'data' directory, writable by the server. This directory is used to store information about locks
+	$lockBackend = new OC_Connector_Sabre_Locks();
+	$lockPlugin = new Sabre_DAV_Locks_Plugin($lockBackend);
+	$server->addPlugin($lockPlugin);
+
+	// And off we go!
+	$server->exec();
+} else if(count($pathParts) >= 4 && $pathParts[0] == '' && $pathParts[2] == 'unhosted' && $pathParts[3] == 'oauth2' && $pathParts[4] = 'auth') {
+	if(isset($_POST['allow'])) {
+		//TODO: input checking. these explodes may fail to produces the desired arrays:
+		$ownCloudUser = $pathParts[1];
+		foreach($_GET as $k => $v) {
+			if($k=='user_address'){
+				$userAddress=$v;
+			} else if($k=='redirect_uri'){
+				$appUrl=$v;
+			} else if($k=='scope'){
+				$dataScope=$v;
+			}
+		}
+		if(OC_User::getUser() == $ownCloudUser) {
+			//TODO: check if this can be faked by editing the cookie in firebug!
+			$token=OC_UnhostedWeb::createDataScope($appUrl, $userAddress, $dataScope);
+			header('Location: '.$_GET['redirect_uri'].'#access_token='.$token.'&token_type=unhosted');
+		} else {
+			die('not logged in: '.var_export($pathParts, true));
+		}
+	} else {
+		echo '<form method="POST"><input name="allow" type="submit" value="Allow this web app to store stuff on your owncloud."></form>';
+	}
+} else {
+	die('not webdav and not oauth. dont know what to do '.var_export($pathParts, true));
+}
diff --git a/apps/unhosted/lib_unhosted.php b/apps/unhosted/lib_unhosted.php
new file mode 100644
index 00000000000..304759c521c
--- /dev/null
+++ b/apps/unhosted/lib_unhosted.php
@@ -0,0 +1,86 @@
+<?php
+
+class OC_UnhostedWeb {
+	public static function getValidTokens($ownCloudUser, $userAddress, $dataScope) {
+		$user=OC_DB::escape($ownCloudUser);
+		$userAddress=OC_DB::escape($userAddress);
+		$dataScope=OC_DB::escape($dataScope);
+		$query=OC_DB::prepare("SELECT token,appUrl FROM *PREFIX*authtoken WHERE user=? AND userAddress=? AND dataScope=? LIMIT 100");
+		$result=$query->execute(array($user,$userAddress,$dataScope));
+		if( PEAR::isError($result)) {
+			$entry = 'DB Error: "'.$result->getMessage().'"<br />';
+			$entry .= 'Offending command was: '.$result->getDebugInfo().'<br />';
+			error_log( $entry );
+			die( $entry );
+		}
+		$ret = array();
+		while($row=$result->fetchRow()){
+			$ret[$row['token']]=$userAddress;
+		}
+		return $ret;
+	}
+
+	public static function getAllTokens() {
+		$user=OC_User::getUser();
+		$query=OC_DB::prepare("SELECT token,appUrl,userAddress,dataScope FROM *PREFIX*authtoken WHERE user=? LIMIT 100");
+		$result=$query->execute(array($user));
+		if( PEAR::isError($result)) {
+			$entry = 'DB Error: "'.$result->getMessage().'"<br />';
+			$entry .= 'Offending command was: '.$result->getDebugInfo().'<br />';
+			error_log( $entry );
+			die( $entry );
+		}
+		$ret = array();
+		while($row=$result->fetchRow()){
+			$ret[$row['token']] = array(
+				'appUrl' => $row['appurl'],
+				'userAddress' => $row['useraddress'],
+				'dataScope' => $row['datascope'],
+			);
+		}
+		return $ret;
+	}
+
+	public static function deleteToken($token) {
+		$user=OC_User::getUser();
+		$token=OC_DB::escape($token);
+		$query=OC_DB::prepare("DELETE FROM *PREFIX*authtoken WHERE token=? AND user=?");
+		$result=$query->execute(array($token,$user));
+		if( PEAR::isError($result)) {
+			$entry = 'DB Error: "'.$result->getMessage().'"<br />';
+			$entry .= 'Offending command was: '.$result->getDebugInfo().'<br />';
+			error_log( $entry );
+			die( $entry );
+		}
+	}
+	private static function addToken($token, $appUrl, $userAddress, $dataScope){
+		$user=OC_User::getUser();
+		$token=OC_DB::escape($token);
+		$appUrl=OC_DB::escape($appUrl);
+		$userAddress=OC_DB::escape($userAddress);
+		$dataScope=OC_DB::escape($dataScope);
+		$query=OC_DB::prepare("INSERT INTO *PREFIX*authtoken (`token`,`appUrl`,`user`,`userAddress`,`dataScope`) VALUES(?,?,?,?,?)");
+		$result=$query->execute(array($token,$appUrl,$user,$userAddress,$dataScope));
+		if( PEAR::isError($result)) {
+			$entry = 'DB Error: "'.$result->getMessage().'"<br />';
+			$entry .= 'Offending command was: '.$result->getDebugInfo().'<br />';
+			error_log( $entry );
+			die( $entry );
+		}
+	}
+	public static function createDataScope($appUrl, $userAddress, $dataScope){
+		$token=uniqid();
+		self::addToken($token, $appUrl, $userAddress, $dataScope);
+		//TODO: input checking on $userAddress and $dataScope
+		list($userName, $userHost) = explode('@', $userAddress);
+		OC_Util::setupFS(OC_User::getUser());
+		$scopePathParts = array('unhosted', 'webdav', $userHost, $userName, $dataScope);
+		for($i=0;$i<=count($scopePathParts);$i++){
+			$thisPath = '/'.implode('/', array_slice($scopePathParts, 0, $i));
+			if(!OC_Filesystem::file_exists($thisPath)) {
+				OC_Filesystem::mkdir($thisPath);
+			}
+		}
+		return $token;
+	}
+}
diff --git a/apps/unhosted/oauth_ro_auth.php b/apps/unhosted/oauth_ro_auth.php
new file mode 100644
index 00000000000..b785d85fead
--- /dev/null
+++ b/apps/unhosted/oauth_ro_auth.php
@@ -0,0 +1,73 @@
+<?php
+/**
+ * HTTP Basic authentication backend class
+ *
+ * This class can be used by authentication objects wishing to use HTTP Basic
+ * Most of the digest logic is handled, implementors just need to worry about
+ * the validateUserPass method.
+ *
+ * @package Sabre
+ * @subpackage DAV
+ * @copyright Copyright (C) 2007-2011 Rooftop Solutions. All rights reserved.
+ * @author James David Low (http://jameslow.com/)
+ * @author Evert Pot (http://www.rooftopsolutions.nl/) 
+ * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License
+ */
+class OC_Connector_Sabre_Auth_ro_oauth extends Sabre_DAV_Auth_Backend_AbstractBasic {
+	private $validTokens;
+
+	public function __construct($validTokensArg) {
+		$this->validTokens = $validTokensArg;
+	}
+
+	/**
+	 * Validates a username and password
+	 *
+	 * This method should return true or false depending on if login
+	 * succeeded.
+	 *
+	 * @return bool
+	 */
+	protected function validateUserPass($username, $password){
+		//always give read-only:
+		if(in_array($_SERVER['REQUEST_METHOD'], array('GET', 'HEAD', 'OPTIONS'))) {
+			OC_Util::setUpFS();
+			return true;
+		} else if(isset($this->validTokens[$password]) && $this->validTokens[$password] == $username) {
+			OC_Util::setUpFS();
+			return true;
+		} else {
+var_export($_SERVER);
+var_export($this->validTokens);
+die('not getting in with "'.$username.'"/"'.$password.'"!');
+			return false;	
+		}
+	}
+
+	//overwriting this to make it not automatically fail if no auth header is found:
+	public function authenticate(Sabre_DAV_Server $server,$realm) {
+		$auth = new Sabre_HTTP_BasicAuth();
+		$auth->setHTTPRequest($server->httpRequest);
+		$auth->setHTTPResponse($server->httpResponse);
+		$auth->setRealm($realm);
+		$userpass = $auth->getUserPass();
+		if (!$userpass) {
+			if(in_array($_SERVER['REQUEST_METHOD'], array('GET', 'HEAD', 'OPTIONS'))) {
+				$userpass = array('', '');
+			} else {
+				$auth->requireLogin();
+				throw new Sabre_DAV_Exception_NotAuthenticated('No basic authentication headers were found');
+			}
+		}
+
+		// Authenticates the user
+		if (!$this->validateUserPass($userpass[0],$userpass[1])) {
+			$auth->requireLogin();
+			throw new Sabre_DAV_Exception_NotAuthenticated('Username or password does not match');
+		}
+		$this->currentUser = $userpass[0];
+		return true;
+	}
+
+} 
+
author	Michiel@unhosted <michiel@unhosted.org>	2011-09-02 15:25:04 +0200
committer	Michiel@unhosted <michiel@unhosted.org>	2011-09-02 15:25:04 +0200
commit	e798c32375dd01ec578ccd6fd9420c72a22e4fc4 (patch)
tree	22fa25be6cea077c9eddf498d5fb7a4d78f3a08d /apps/unhosted
parent	71205b8b07be83c0a1ced3ce5dfe92629c7a5cc3 (diff)
download	nextcloud-server-e798c32375dd01ec578ccd6fd9420c72a22e4fc4.tar.gz nextcloud-server-e798c32375dd01ec578ccd6fd9420c72a22e4fc4.zip