diff options
Diffstat (limited to 'apps/federation/lib/BackgroundJob/GetSharedSecret.php')
| -rw-r--r-- | apps/federation/lib/BackgroundJob/GetSharedSecret.php | 158 |
1 files changed, 46 insertions, 112 deletions
diff --git a/apps/federation/lib/BackgroundJob/GetSharedSecret.php b/apps/federation/lib/BackgroundJob/GetSharedSecret.php index 5379a837151..dc57db9fd62 100644 --- a/apps/federation/lib/BackgroundJob/GetSharedSecret.php +++ b/apps/federation/lib/BackgroundJob/GetSharedSecret.php @@ -1,31 +1,9 @@ <?php + /** - * @copyright Copyright (c) 2016, ownCloud, Inc. - * - * @author Arthur Schiwon <blizzz@arthur-schiwon.de> - * @author Bjoern Schiessle <bjoern@schiessle.org> - * @author Björn Schießle <bjoern@schiessle.org> - * @author Christoph Wurst <christoph@winzerhof-wurst.at> - * @author Joas Schilling <coding@schilljs.com> - * @author Lukas Reschke <lukas@statuscode.ch> - * @author Morris Jobke <hey@morrisjobke.de> - * @author Robin Appelman <robin@icewind.nl> - * @author Roeland Jago Douma <roeland@famdouma.nl> - * - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * + * SPDX-FileCopyrightText: 2017-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only */ namespace OCA\Federation\BackgroundJob; @@ -39,85 +17,47 @@ use OCP\BackgroundJob\Job; use OCP\Http\Client\IClient; use OCP\Http\Client\IClientService; use OCP\Http\Client\IResponse; -use OCP\ILogger; +use OCP\IConfig; use OCP\IURLGenerator; use OCP\OCS\IDiscoveryService; +use Psr\Log\LoggerInterface; /** * Class GetSharedSecret * - * request shared secret from remote Nextcloud + * Request shared secret from remote Nextcloud * * @package OCA\Federation\Backgroundjob */ class GetSharedSecret extends Job { + private IClient $httpClient; + protected bool $retainJob = false; + private string $defaultEndPoint = '/ocs/v2.php/apps/federation/api/v1/shared-secret'; + /** 30 day = 2592000sec */ + private int $maxLifespan = 2592000; - /** @var IClient */ - private $httpClient; - - /** @var IJobList */ - private $jobList; - - /** @var IURLGenerator */ - private $urlGenerator; - - /** @var TrustedServers */ - private $trustedServers; - - /** @var IDiscoveryService */ - private $ocsDiscoveryService; - - /** @var ILogger */ - private $logger; - - /** @var bool */ - protected $retainJob = false; - - private $defaultEndPoint = '/ocs/v2.php/apps/federation/api/v1/shared-secret'; - - /** @var int 30 day = 2592000sec */ - private $maxLifespan = 2592000; - - /** - * RequestSharedSecret constructor. - * - * @param IClientService $httpClientService - * @param IURLGenerator $urlGenerator - * @param IJobList $jobList - * @param TrustedServers $trustedServers - * @param ILogger $logger - * @param IDiscoveryService $ocsDiscoveryService - * @param ITimeFactory $timeFactory - */ public function __construct( IClientService $httpClientService, - IURLGenerator $urlGenerator, - IJobList $jobList, - TrustedServers $trustedServers, - ILogger $logger, - IDiscoveryService $ocsDiscoveryService, - ITimeFactory $timeFactory + private IURLGenerator $urlGenerator, + private IJobList $jobList, + private TrustedServers $trustedServers, + private LoggerInterface $logger, + private IDiscoveryService $ocsDiscoveryService, + ITimeFactory $timeFactory, + private IConfig $config, ) { parent::__construct($timeFactory); - $this->logger = $logger; $this->httpClient = $httpClientService->newClient(); - $this->jobList = $jobList; - $this->urlGenerator = $urlGenerator; - $this->ocsDiscoveryService = $ocsDiscoveryService; - $this->trustedServers = $trustedServers; } /** - * run the job, then remove it from the joblist - * - * @param IJobList $jobList - * @param ILogger|null $logger + * Run the job, then remove it from the joblist */ - public function execute(IJobList $jobList, ILogger $logger = null) { + public function start(IJobList $jobList): void { $target = $this->argument['url']; // only execute if target is still in the list of trusted domains if ($this->trustedServers->isTrustedServer($target)) { - $this->parentExecute($jobList, $logger); + $this->parentStart($jobList); } $jobList->remove($this, $this->argument); @@ -127,14 +67,8 @@ class GetSharedSecret extends Job { } } - /** - * call execute() method of parent - * - * @param IJobList $jobList - * @param ILogger $logger - */ - protected function parentExecute($jobList, $logger = null) { - parent::execute($jobList, $logger); + protected function parentStart(IJobList $jobList): void { + parent::start($jobList); } protected function run($argument) { @@ -148,13 +82,14 @@ class GetSharedSecret extends Job { // kill job after 30 days of trying $deadline = $currentTime - $this->maxLifespan; if ($created < $deadline) { + $this->logger->warning("The job to get the shared secret job is too old and gets stopped now without retention. Setting server status of '{$target}' to failure."); $this->retainJob = false; - $this->trustedServers->setServerStatus($target,TrustedServers::STATUS_FAILURE); + $this->trustedServers->setServerStatus($target, TrustedServers::STATUS_FAILURE); return; } $endPoints = $this->ocsDiscoveryService->discover($target, 'FEDERATED_SHARING'); - $endPoint = isset($endPoints['shared-secret']) ? $endPoints['shared-secret'] : $this->defaultEndPoint; + $endPoint = $endPoints['shared-secret'] ?? $this->defaultEndPoint; // make sure that we have a well formatted url $url = rtrim($target, '/') . '/' . trim($endPoint, '/'); @@ -164,14 +99,14 @@ class GetSharedSecret extends Job { $result = $this->httpClient->get( $url, [ - 'query' => - [ - 'url' => $source, - 'token' => $token, - 'format' => 'json', - ], + 'query' => [ + 'url' => $source, + 'token' => $token, + 'format' => 'json', + ], 'timeout' => 3, 'connect_timeout' => 3, + 'verify' => !$this->config->getSystemValue('sharing.federation.allowSelfSignedCertificates', false), ] ); @@ -179,20 +114,20 @@ class GetSharedSecret extends Job { } catch (ClientException $e) { $status = $e->getCode(); if ($status === Http::STATUS_FORBIDDEN) { - $this->logger->info($target . ' refused to exchange a shared secret with you.', ['app' => 'federation']); + $this->logger->info($target . ' refused to exchange a shared secret with you.'); } else { - $this->logger->info($target . ' responded with a ' . $status . ' containing: ' . $e->getMessage(), ['app' => 'federation']); + $this->logger->info($target . ' responded with a ' . $status . ' containing: ' . $e->getMessage()); } } catch (RequestException $e) { $status = -1; // There is no status code if we could not connect - $this->logger->logException($e, [ - 'message' => 'Could not connect to ' . $target, - 'level' => ILogger::INFO, - 'app' => 'federation', + $this->logger->info('Could not connect to ' . $target, [ + 'exception' => $e, ]); } catch (\Throwable $e) { $status = Http::STATUS_INTERNAL_SERVER_ERROR; - $this->logger->logException($e, ['app' => 'federation']); + $this->logger->error($e->getMessage(), [ + 'exception' => $e, + ]); } // if we received a unexpected response we try again later @@ -208,13 +143,12 @@ class GetSharedSecret extends Job { $result = json_decode($body, true); if (isset($result['ocs']['data']['sharedSecret'])) { $this->trustedServers->addSharedSecret( - $target, - $result['ocs']['data']['sharedSecret'] + $target, + $result['ocs']['data']['sharedSecret'] ); } else { $this->logger->error( - 'remote server "' . $target . '"" does not return a valid shared secret. Received data: ' . $body, - ['app' => 'federation'] + 'remote server "' . $target . '"" does not return a valid shared secret. Received data: ' . $body ); $this->trustedServers->setServerStatus($target, TrustedServers::STATUS_FAILURE); } @@ -222,13 +156,13 @@ class GetSharedSecret extends Job { } /** - * re-add background job + * Re-add background job * * @param array $argument */ - protected function reAddJob(array $argument) { + protected function reAddJob(array $argument): void { $url = $argument['url']; - $created = isset($argument['created']) ? (int)$argument['created'] : $this->time->getTime(); + $created = $argument['created'] ?? $this->time->getTime(); $token = $argument['token']; $this->jobList->add( GetSharedSecret::class, |