diff options
Diffstat (limited to 'apps/federatedfilesharing/lib/Controller')
| -rw-r--r-- | apps/federatedfilesharing/lib/Controller/MountPublicLinkController.php | 64 | ||||
| -rw-r--r-- | apps/federatedfilesharing/lib/Controller/RequestHandlerController.php | 190 |
2 files changed, 81 insertions, 173 deletions
diff --git a/apps/federatedfilesharing/lib/Controller/MountPublicLinkController.php b/apps/federatedfilesharing/lib/Controller/MountPublicLinkController.php index 196dab03b0c..b8d2090713b 100644 --- a/apps/federatedfilesharing/lib/Controller/MountPublicLinkController.php +++ b/apps/federatedfilesharing/lib/Controller/MountPublicLinkController.php @@ -1,33 +1,9 @@ <?php + /** - * @copyright Copyright (c) 2016, ownCloud, Inc. - * @copyright Copyright (c) 2016, Björn Schießle <bjoern@schiessle.org> - * - * @author Allan Nordhøy <epost@anotheragency.no> - * @author Arthur Schiwon <blizzz@arthur-schiwon.de> - * @author Bjoern Schiessle <bjoern@schiessle.org> - * @author Björn Schießle <bjoern@schiessle.org> - * @author Christoph Wurst <christoph@winzerhof-wurst.at> - * @author Julius Härtl <jus@bitgrid.net> - * @author Lukas Reschke <lukas@statuscode.ch> - * @author Morris Jobke <hey@morrisjobke.de> - * @author Robin Appelman <robin@icewind.nl> - * @author Roeland Jago Douma <roeland@famdouma.nl> - * - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * + * SPDX-FileCopyrightText: 2016 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only */ namespace OCA\FederatedFileSharing\Controller; @@ -36,7 +12,11 @@ use OCA\FederatedFileSharing\AddressHandler; use OCA\FederatedFileSharing\FederatedShareProvider; use OCP\AppFramework\Controller; use OCP\AppFramework\Http; +use OCP\AppFramework\Http\Attribute\BruteForceProtection; +use OCP\AppFramework\Http\Attribute\NoAdminRequired; +use OCP\AppFramework\Http\Attribute\NoCSRFRequired; use OCP\AppFramework\Http\Attribute\OpenAPI; +use OCP\AppFramework\Http\Attribute\PublicPage; use OCP\AppFramework\Http\JSONResponse; use OCP\Constants; use OCP\Federation\ICloudIdManager; @@ -57,7 +37,6 @@ use Psr\Log\LoggerInterface; * * @package OCA\FederatedFileSharing\Controller */ -#[OpenAPI(scope: OpenAPI::SCOPE_FEDERATION)] class MountPublicLinkController extends Controller { /** * MountPublicLinkController constructor. @@ -81,17 +60,18 @@ class MountPublicLinkController extends Controller { /** * send federated share to a user of a public link * - * @NoCSRFRequired - * @PublicPage - * @BruteForceProtection(action=publicLink2FederatedShare) - * * @param string $shareWith Username to share with * @param string $token Token of the share * @param string $password Password of the share * @return JSONResponse<Http::STATUS_OK, array{remoteUrl: string}, array{}>|JSONResponse<Http::STATUS_BAD_REQUEST, array{message: string}, array{}> + * * 200: Remote URL returned * 400: Creating share is not possible */ + #[NoCSRFRequired] + #[PublicPage] + #[BruteForceProtection(action: 'publicLink2FederatedShare')] + #[OpenAPI(scope: OpenAPI::SCOPE_FEDERATION)] public function createFederatedShare($shareWith, $token, $password = '') { if (!$this->federatedShareProvider->isOutgoingServer2serverShareEnabled()) { return new JSONResponse( @@ -111,8 +91,8 @@ class MountPublicLinkController extends Controller { // make sure that user is authenticated in case of a password protected link $storedPassword = $share->getPassword(); - $authenticated = $this->session->get(PublicAuth::DAV_AUTHENTICATED) === $share->getId() || - $this->shareManager->checkPassword($share, $password); + $authenticated = $this->session->get(PublicAuth::DAV_AUTHENTICATED) === $share->getId() + || $this->shareManager->checkPassword($share, $password); if (!empty($storedPassword) && !$authenticated) { $response = new JSONResponse( ['message' => 'No permission to access the share'], @@ -150,8 +130,6 @@ class MountPublicLinkController extends Controller { /** * ask other server to get a federated share * - * @NoAdminRequired - * * @param string $token * @param string $remote * @param string $password @@ -160,6 +138,7 @@ class MountPublicLinkController extends Controller { * @param string $name (only for legacy reasons, can be removed with legacyMountPublicLink()) * @return JSONResponse */ + #[NoAdminRequired] public function askForFederatedShare($token, $remote, $password = '', $owner = '', $ownerDisplayName = '', $name = '') { // check if server admin allows to mount public links from other servers if ($this->federatedShareProvider->isIncomingServer2serverShareEnabled() === false) { @@ -173,12 +152,11 @@ class MountPublicLinkController extends Controller { try { $response = $httpClient->post($remote . '/index.php/apps/federatedfilesharing/createFederatedShare', [ - 'body' => - [ - 'token' => $token, - 'shareWith' => rtrim($cloudId->getId(), '/'), - 'password' => $password - ], + 'body' => [ + 'token' => $token, + 'shareWith' => rtrim($cloudId->getId(), '/'), + 'password' => $password + ], 'connect_timeout' => 10, ] ); diff --git a/apps/federatedfilesharing/lib/Controller/RequestHandlerController.php b/apps/federatedfilesharing/lib/Controller/RequestHandlerController.php index d5b931d0b49..7fdd718cbfe 100644 --- a/apps/federatedfilesharing/lib/Controller/RequestHandlerController.php +++ b/apps/federatedfilesharing/lib/Controller/RequestHandlerController.php @@ -1,29 +1,9 @@ <?php + /** - * @copyright Copyright (c) 2016, ownCloud, Inc. - * - * @author Bjoern Schiessle <bjoern@schiessle.org> - * @author Björn Schießle <bjoern@schiessle.org> - * @author Christoph Wurst <christoph@winzerhof-wurst.at> - * @author Joas Schilling <coding@schilljs.com> - * @author Morris Jobke <hey@morrisjobke.de> - * @author Robin Appelman <robin@icewind.nl> - * @author Roeland Jago Douma <roeland@famdouma.nl> - * - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only */ namespace OCA\FederatedFileSharing\Controller; @@ -32,7 +12,10 @@ use OCA\FederatedFileSharing\FederatedShareProvider; use OCA\FederatedFileSharing\Notifications; use OCP\App\IAppManager; use OCP\AppFramework\Http; +use OCP\AppFramework\Http\Attribute\NoCSRFRequired; use OCP\AppFramework\Http\Attribute\OpenAPI; +use OCP\AppFramework\Http\Attribute\PublicPage; +use OCP\AppFramework\Http\DataResponse; use OCP\AppFramework\OCS\OCSBadRequestException; use OCP\AppFramework\OCS\OCSException; use OCP\AppFramework\OCSController; @@ -43,10 +26,12 @@ use OCP\Federation\Exceptions\ProviderDoesNotExistsException; use OCP\Federation\ICloudFederationFactory; use OCP\Federation\ICloudFederationProviderManager; use OCP\Federation\ICloudIdManager; +use OCP\HintException; use OCP\IDBConnection; use OCP\IRequest; use OCP\IUserManager; use OCP\Log\Audit\CriticalActionPerformedEvent; +use OCP\Server; use OCP\Share; use OCP\Share\Exceptions\ShareNotFound; use Psr\Log\LoggerInterface; @@ -54,75 +39,25 @@ use Psr\Log\LoggerInterface; #[OpenAPI(scope: OpenAPI::SCOPE_FEDERATION)] class RequestHandlerController extends OCSController { - /** @var FederatedShareProvider */ - private $federatedShareProvider; - - /** @var IDBConnection */ - private $connection; - - /** @var Share\IManager */ - private $shareManager; - - /** @var Notifications */ - private $notifications; - - /** @var AddressHandler */ - private $addressHandler; - - /** @var IUserManager */ - private $userManager; - - /** @var string */ - private $shareTable = 'share'; - - /** @var ICloudIdManager */ - private $cloudIdManager; - - /** @var LoggerInterface */ - private $logger; - - /** @var ICloudFederationFactory */ - private $cloudFederationFactory; - - /** @var ICloudFederationProviderManager */ - private $cloudFederationProviderManager; - - /** @var IEventDispatcher */ - private $eventDispatcher; - - public function __construct(string $appName, + public function __construct( + string $appName, IRequest $request, - FederatedShareProvider $federatedShareProvider, - IDBConnection $connection, - Share\IManager $shareManager, - Notifications $notifications, - AddressHandler $addressHandler, - IUserManager $userManager, - ICloudIdManager $cloudIdManager, - LoggerInterface $logger, - ICloudFederationFactory $cloudFederationFactory, - ICloudFederationProviderManager $cloudFederationProviderManager, - IEventDispatcher $eventDispatcher + private FederatedShareProvider $federatedShareProvider, + private IDBConnection $connection, + private Share\IManager $shareManager, + private Notifications $notifications, + private AddressHandler $addressHandler, + private IUserManager $userManager, + private ICloudIdManager $cloudIdManager, + private LoggerInterface $logger, + private ICloudFederationFactory $cloudFederationFactory, + private ICloudFederationProviderManager $cloudFederationProviderManager, + private IEventDispatcher $eventDispatcher, ) { parent::__construct($appName, $request); - - $this->federatedShareProvider = $federatedShareProvider; - $this->connection = $connection; - $this->shareManager = $shareManager; - $this->notifications = $notifications; - $this->addressHandler = $addressHandler; - $this->userManager = $userManager; - $this->cloudIdManager = $cloudIdManager; - $this->logger = $logger; - $this->cloudFederationFactory = $cloudFederationFactory; - $this->cloudFederationProviderManager = $cloudFederationProviderManager; - $this->eventDispatcher = $eventDispatcher; } /** - * @NoCSRFRequired - * @PublicPage - * * create a new share * * @param string|null $remote Address of the remote @@ -134,11 +69,13 @@ class RequestHandlerController extends OCSController { * @param int|null $remoteId ID of the remote * @param string|null $sharedByFederatedId Federated ID of the sender * @param string|null $ownerFederatedId Federated ID of the receiver - * @return Http\DataResponse<Http::STATUS_OK, array<empty>, array{}> + * @return Http\DataResponse<Http::STATUS_OK, list<empty>, array{}> * @throws OCSException * * 200: Share created successfully */ + #[NoCSRFRequired] + #[PublicPage] public function createShare( ?string $remote = null, ?string $token = null, @@ -189,13 +126,10 @@ class RequestHandlerController extends OCSController { throw new OCSException('internal server error, was not able to add share from ' . $remote, 500); } - return new Http\DataResponse(); + return new DataResponse(); } /** - * @NoCSRFRequired - * @PublicPage - * * create re-share on behalf of another user * * @param int $id ID of the share @@ -208,10 +142,12 @@ class RequestHandlerController extends OCSController { * * 200: Remote share returned */ + #[NoCSRFRequired] + #[PublicPage] public function reShare(int $id, ?string $token = null, ?string $shareWith = null, ?int $remoteId = 0) { - if ($token === null || - $shareWith === null || - $remoteId === null + if ($token === null + || $shareWith === null + || $remoteId === null ) { throw new OCSBadRequestException(); } @@ -226,7 +162,7 @@ class RequestHandlerController extends OCSController { try { $provider = $this->cloudFederationProviderManager->getCloudFederationProvider('file'); [$newToken, $localId] = $provider->notificationReceived('REQUEST_RESHARE', $id, $notification); - return new Http\DataResponse([ + return new DataResponse([ 'token' => $newToken, 'remoteId' => $localId ]); @@ -243,20 +179,19 @@ class RequestHandlerController extends OCSController { /** - * @NoCSRFRequired - * @PublicPage - * * accept server-to-server share * * @param int $id ID of the remote share * @param string|null $token Shared secret between servers - * @return Http\DataResponse<Http::STATUS_OK, array<empty>, array{}> + * @return Http\DataResponse<Http::STATUS_OK, list<empty>, array{}> * @throws OCSException * @throws ShareNotFound - * @throws \OCP\HintException + * @throws HintException * * 200: Share accepted successfully */ + #[NoCSRFRequired] + #[PublicPage] public function acceptShare(int $id, ?string $token = null) { $notification = [ 'sharedSecret' => $token, @@ -275,22 +210,21 @@ class RequestHandlerController extends OCSController { $this->logger->debug('internal server error, can not process notification: ' . $e->getMessage(), ['exception' => $e]); } - return new Http\DataResponse(); + return new DataResponse(); } /** - * @NoCSRFRequired - * @PublicPage - * * decline server-to-server share * * @param int $id ID of the remote share * @param string|null $token Shared secret between servers - * @return Http\DataResponse<Http::STATUS_OK, array<empty>, array{}> + * @return Http\DataResponse<Http::STATUS_OK, list<empty>, array{}> * @throws OCSException * * 200: Share declined successfully */ + #[NoCSRFRequired] + #[PublicPage] public function declineShare(int $id, ?string $token = null) { $notification = [ 'sharedSecret' => $token, @@ -309,22 +243,21 @@ class RequestHandlerController extends OCSController { $this->logger->debug('internal server error, can not process notification: ' . $e->getMessage(), ['exception' => $e]); } - return new Http\DataResponse(); + return new DataResponse(); } /** - * @NoCSRFRequired - * @PublicPage - * * remove server-to-server share if it was unshared by the owner * * @param int $id ID of the share * @param string|null $token Shared secret between servers - * @return Http\DataResponse<Http::STATUS_OK, array<empty>, array{}> + * @return Http\DataResponse<Http::STATUS_OK, list<empty>, array{}> * @throws OCSException * * 200: Share unshared successfully */ + #[NoCSRFRequired] + #[PublicPage] public function unshare(int $id, ?string $token = null) { if (!$this->isS2SEnabled()) { throw new OCSException('Server does not support federated cloud sharing', 503); @@ -339,7 +272,7 @@ class RequestHandlerController extends OCSController { $this->logger->debug('processing unshare notification failed: ' . $e->getMessage(), ['exception' => $e]); } - return new Http\DataResponse(); + return new DataResponse(); } private function cleanupRemote($remote) { @@ -350,24 +283,23 @@ class RequestHandlerController extends OCSController { /** - * @NoCSRFRequired - * @PublicPage - * * federated share was revoked, either by the owner or the re-sharer * * @param int $id ID of the share * @param string|null $token Shared secret between servers - * @return Http\DataResponse<Http::STATUS_OK, array<empty>, array{}> + * @return Http\DataResponse<Http::STATUS_OK, list<empty>, array{}> * @throws OCSBadRequestException Revoking the share is not possible * * 200: Share revoked successfully */ + #[NoCSRFRequired] + #[PublicPage] public function revoke(int $id, ?string $token = null) { try { $provider = $this->cloudFederationProviderManager->getCloudFederationProvider('file'); $notification = ['sharedSecret' => $token]; $provider->notificationReceived('RESHARE_UNDO', $id, $notification); - return new Http\DataResponse(); + return new DataResponse(); } catch (\Exception $e) { throw new OCSBadRequestException(); } @@ -380,7 +312,7 @@ class RequestHandlerController extends OCSController { * @return bool */ private function isS2SEnabled($incoming = false) { - $result = \OCP\Server::get(IAppManager::class)->isEnabledForUser('files_sharing'); + $result = Server::get(IAppManager::class)->isEnabledForUser('files_sharing'); if ($incoming) { $result = $result && $this->federatedShareProvider->isIncomingServer2serverShareEnabled(); @@ -392,19 +324,18 @@ class RequestHandlerController extends OCSController { } /** - * @NoCSRFRequired - * @PublicPage - * * update share information to keep federated re-shares in sync * * @param int $id ID of the share * @param string|null $token Shared secret between servers * @param int|null $permissions New permissions - * @return Http\DataResponse<Http::STATUS_OK, array<empty>, array{}> + * @return Http\DataResponse<Http::STATUS_OK, list<empty>, array{}> * @throws OCSBadRequestException Updating permissions is not possible * * 200: Permissions updated successfully */ + #[NoCSRFRequired] + #[PublicPage] public function updatePermissions(int $id, ?string $token = null, ?int $permissions = null) { $ncPermissions = $permissions; @@ -419,7 +350,7 @@ class RequestHandlerController extends OCSController { throw new OCSBadRequestException(); } - return new Http\DataResponse(); + return new DataResponse(); } /** @@ -439,8 +370,8 @@ class RequestHandlerController extends OCSController { $ocmPermissions[] = 'read'; } - if (($ncPermissions & Constants::PERMISSION_CREATE) || - ($ncPermissions & Constants::PERMISSION_UPDATE)) { + if (($ncPermissions & Constants::PERMISSION_CREATE) + || ($ncPermissions & Constants::PERMISSION_UPDATE)) { $ocmPermissions[] = 'write'; } @@ -448,9 +379,6 @@ class RequestHandlerController extends OCSController { } /** - * @NoCSRFRequired - * @PublicPage - * * change the owner of a server-to-server share * * @param int $id ID of the share @@ -462,12 +390,14 @@ class RequestHandlerController extends OCSController { * * 200: Share moved successfully */ + #[NoCSRFRequired] + #[PublicPage] public function move(int $id, ?string $token = null, ?string $remote = null, ?string $remote_id = null) { if (!$this->isS2SEnabled()) { throw new OCSException('Server does not support federated cloud sharing', 503); } - $newRemoteId = (string) ($remote_id ?? $id); + $newRemoteId = (string)($remote_id ?? $id); $cloudId = $this->cloudIdManager->resolveCloudId($remote); $qb = $this->connection->getQueryBuilder(); @@ -480,7 +410,7 @@ class RequestHandlerController extends OCSController { $affected = $query->executeStatement(); if ($affected > 0) { - return new Http\DataResponse(['remote' => $cloudId->getRemote(), 'owner' => $cloudId->getUser()]); + return new DataResponse(['remote' => $cloudId->getRemote(), 'owner' => $cloudId->getUser()]); } else { throw new OCSBadRequestException('Share not found or token invalid'); } |