diff options
Diffstat (limited to 'apps/files_external/lib/Controller')
6 files changed, 95 insertions, 121 deletions
diff --git a/apps/files_external/lib/Controller/AjaxController.php b/apps/files_external/lib/Controller/AjaxController.php index 72c8b6cd25b..5cee6422530 100644 --- a/apps/files_external/lib/Controller/AjaxController.php +++ b/apps/files_external/lib/Controller/AjaxController.php @@ -1,4 +1,5 @@ <?php + /** * SPDX-FileCopyrightText: 2017-2024 Nextcloud GmbH and Nextcloud contributors * SPDX-FileCopyrightText: 2016 ownCloud, Inc. @@ -9,21 +10,16 @@ namespace OCA\Files_External\Controller; use OCA\Files_External\Lib\Auth\Password\GlobalAuth; use OCA\Files_External\Lib\Auth\PublicKey\RSA; use OCP\AppFramework\Controller; +use OCP\AppFramework\Http; +use OCP\AppFramework\Http\Attribute\NoAdminRequired; +use OCP\AppFramework\Http\Attribute\PasswordConfirmationRequired; use OCP\AppFramework\Http\JSONResponse; use OCP\IGroupManager; +use OCP\IL10N; use OCP\IRequest; use OCP\IUserSession; class AjaxController extends Controller { - /** @var RSA */ - private $rsaMechanism; - /** @var GlobalAuth */ - private $globalAuth; - /** @var IUserSession */ - private $userSession; - /** @var IGroupManager */ - private $groupManager; - /** * @param string $appName * @param IRequest $request @@ -32,17 +28,16 @@ class AjaxController extends Controller { * @param IUserSession $userSession * @param IGroupManager $groupManager */ - public function __construct($appName, + public function __construct( + $appName, IRequest $request, - RSA $rsaMechanism, - GlobalAuth $globalAuth, - IUserSession $userSession, - IGroupManager $groupManager) { + private RSA $rsaMechanism, + private GlobalAuth $globalAuth, + private IUserSession $userSession, + private IGroupManager $groupManager, + private IL10N $l10n, + ) { parent::__construct($appName, $request); - $this->rsaMechanism = $rsaMechanism; - $this->globalAuth = $globalAuth; - $this->userSession = $userSession; - $this->groupManager = $groupManager; } /** @@ -60,39 +55,53 @@ class AjaxController extends Controller { /** * Generates an SSH public/private key pair. * - * @NoAdminRequired * @param int $keyLength */ + #[NoAdminRequired] public function getSshKeys($keyLength = 1024) { $key = $this->generateSshKeys($keyLength); - return new JSONResponse( - ['data' => [ + return new JSONResponse([ + 'data' => [ 'private_key' => $key['privatekey'], 'public_key' => $key['publickey'] ], - 'status' => 'success' - ]); + 'status' => 'success', + ]); } /** - * @NoAdminRequired - * * @param string $uid * @param string $user * @param string $password - * @return bool + * @return JSONResponse */ - public function saveGlobalCredentials($uid, $user, $password) { + #[NoAdminRequired] + #[PasswordConfirmationRequired(strict: true)] + public function saveGlobalCredentials($uid, $user, $password): JSONResponse { $currentUser = $this->userSession->getUser(); + if ($currentUser === null) { + return new JSONResponse([ + 'status' => 'error', + 'message' => $this->l10n->t('You are not logged in'), + ], Http::STATUS_UNAUTHORIZED); + } // Non-admins can only edit their own credentials - $allowedToEdit = ($currentUser->getUID() === $uid); + // Admin can edit global credentials + $allowedToEdit = $uid === '' + ? $this->groupManager->isAdmin($currentUser->getUID()) + : $currentUser->getUID() === $uid; if ($allowedToEdit) { $this->globalAuth->saveAuth($uid, $user, $password); - return true; - } else { - return false; + return new JSONResponse([ + 'status' => 'success', + ]); } + + return new JSONResponse([ + 'status' => 'success', + 'message' => $this->l10n->t('Permission denied'), + ], Http::STATUS_FORBIDDEN); } } diff --git a/apps/files_external/lib/Controller/ApiController.php b/apps/files_external/lib/Controller/ApiController.php index a763f7874c3..49547357e6b 100644 --- a/apps/files_external/lib/Controller/ApiController.php +++ b/apps/files_external/lib/Controller/ApiController.php @@ -14,9 +14,10 @@ use OCA\Files_External\ResponseDefinitions; use OCA\Files_External\Service\UserGlobalStoragesService; use OCA\Files_External\Service\UserStoragesService; use OCP\AppFramework\Http; -use OCP\AppFramework\Http\Attribute\OpenAPI; +use OCP\AppFramework\Http\Attribute\NoAdminRequired; use OCP\AppFramework\Http\DataResponse; use OCP\AppFramework\OCSController; +use OCP\Constants; use OCP\IRequest; /** @@ -24,18 +25,13 @@ use OCP\IRequest; */ class ApiController extends OCSController { - private UserGlobalStoragesService $userGlobalStoragesService; - private UserStoragesService $userStoragesService; - public function __construct( string $appName, IRequest $request, - UserGlobalStoragesService $userGlobalStorageService, - UserStoragesService $userStorageService + private UserGlobalStoragesService $userGlobalStoragesService, + private UserStoragesService $userStoragesService, ) { parent::__construct($appName, $request); - $this->userGlobalStoragesService = $userGlobalStorageService; - $this->userStoragesService = $userStorageService; } /** @@ -55,10 +51,10 @@ class ApiController extends OCSController { $isSystemMount = $mountConfig->getType() === StorageConfig::MOUNT_TYPE_ADMIN; - $permissions = \OCP\Constants::PERMISSION_READ; + $permissions = Constants::PERMISSION_READ; // personal mounts can be deleted if (!$isSystemMount) { - $permissions |= \OCP\Constants::PERMISSION_DELETE; + $permissions |= Constants::PERMISSION_DELETE; } $entry = [ @@ -76,14 +72,13 @@ class ApiController extends OCSController { } /** - * @NoAdminRequired - * * Get the mount points visible for this user * - * @return DataResponse<Http::STATUS_OK, Files_ExternalMount[], array{}> + * @return DataResponse<Http::STATUS_OK, list<Files_ExternalMount>, array{}> * * 200: User mounts returned */ + #[NoAdminRequired] public function getUserMounts(): DataResponse { $entries = []; $mountPoints = []; @@ -103,33 +98,4 @@ class ApiController extends OCSController { return new DataResponse($entries); } - - /** - * @NoAdminRequired - * @NoCSRFRequired - * - * Ask for credentials using a browser's native basic auth prompt - * Then returns it if provided - */ - #[OpenAPI(scope: OpenAPI::SCOPE_IGNORE)] - public function askNativeAuth(): DataResponse { - if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW'])) { - $response = new DataResponse([], Http::STATUS_UNAUTHORIZED); - $response->addHeader('WWW-Authenticate', 'Basic realm="Storage authentification needed"'); - return $response; - } - - $user = $_SERVER['PHP_AUTH_USER']; - $password = $_SERVER['PHP_AUTH_PW']; - - // Reset auth - unset($_SERVER['PHP_AUTH_USER']); - unset($_SERVER['PHP_AUTH_PW']); - - // Using 401 again to ensure we clear any cached Authorization - return new DataResponse([ - 'user' => $user, - 'password' => $password, - ], Http::STATUS_UNAUTHORIZED); - } } diff --git a/apps/files_external/lib/Controller/GlobalStoragesController.php b/apps/files_external/lib/Controller/GlobalStoragesController.php index d773f3ea5e2..e7274c9cfb6 100644 --- a/apps/files_external/lib/Controller/GlobalStoragesController.php +++ b/apps/files_external/lib/Controller/GlobalStoragesController.php @@ -1,4 +1,5 @@ <?php + /** * SPDX-FileCopyrightText: 2017-2024 Nextcloud GmbH and Nextcloud contributors * SPDX-FileCopyrightText: 2016 ownCloud, Inc. @@ -9,6 +10,7 @@ namespace OCA\Files_External\Controller; use OCA\Files_External\NotFoundException; use OCA\Files_External\Service\GlobalStoragesService; use OCP\AppFramework\Http; +use OCP\AppFramework\Http\Attribute\PasswordConfirmationRequired; use OCP\AppFramework\Http\DataResponse; use OCP\IConfig; use OCP\IGroupManager; @@ -41,7 +43,7 @@ class GlobalStoragesController extends StoragesController { LoggerInterface $logger, IUserSession $userSession, IGroupManager $groupManager, - IConfig $config + IConfig $config, ) { parent::__construct( $AppName, @@ -69,6 +71,7 @@ class GlobalStoragesController extends StoragesController { * * @return DataResponse */ + #[PasswordConfirmationRequired(strict: true)] public function create( $mountPoint, $backend, @@ -77,7 +80,7 @@ class GlobalStoragesController extends StoragesController { $mountOptions, $applicableUsers, $applicableGroups, - $priority + $priority, ) { $canCreateNewLocalStorage = $this->config->getSystemValue('files_external_allow_create_new_local', true); if (!$canCreateNewLocalStorage && $backend === 'local') { @@ -130,10 +133,10 @@ class GlobalStoragesController extends StoragesController { * @param array $applicableUsers users for which to mount the storage * @param array $applicableGroups groups for which to mount the storage * @param int $priority priority - * @param bool $testOnly whether to storage should only test the connection or do more things * * @return DataResponse */ + #[PasswordConfirmationRequired(strict: true)] public function update( $id, $mountPoint, @@ -144,7 +147,6 @@ class GlobalStoragesController extends StoragesController { $applicableUsers, $applicableGroups, $priority, - $testOnly = true ) { $storage = $this->createStorage( $mountPoint, @@ -177,7 +179,7 @@ class GlobalStoragesController extends StoragesController { ); } - $this->updateStorageStatus($storage, $testOnly); + $this->updateStorageStatus($storage); return new DataResponse( $storage->jsonSerialize(true), diff --git a/apps/files_external/lib/Controller/StoragesController.php b/apps/files_external/lib/Controller/StoragesController.php index fd004b49b37..df3a4528054 100644 --- a/apps/files_external/lib/Controller/StoragesController.php +++ b/apps/files_external/lib/Controller/StoragesController.php @@ -1,4 +1,5 @@ <?php + /** * SPDX-FileCopyrightText: 2017-2024 Nextcloud GmbH and Nextcloud contributors * SPDX-FileCopyrightText: 2016 ownCloud, Inc. @@ -10,10 +11,12 @@ use OCA\Files_External\Lib\Auth\AuthMechanism; use OCA\Files_External\Lib\Backend\Backend; use OCA\Files_External\Lib\InsufficientDataForMeaningfulAnswerException; use OCA\Files_External\Lib\StorageConfig; +use OCA\Files_External\MountConfig; use OCA\Files_External\NotFoundException; use OCA\Files_External\Service\StoragesService; use OCP\AppFramework\Controller; use OCP\AppFramework\Http; +use OCP\AppFramework\Http\Attribute\PasswordConfirmationRequired; use OCP\AppFramework\Http\DataResponse; use OCP\Files\StorageNotAvailableException; use OCP\IConfig; @@ -44,7 +47,7 @@ abstract class StoragesController extends Controller { protected LoggerInterface $logger, protected IUserSession $userSession, protected IGroupManager $groupManager, - protected IConfig $config + protected IConfig $config, ) { parent::__construct($AppName, $request); } @@ -71,7 +74,7 @@ abstract class StoragesController extends Controller { $mountOptions = null, $applicableUsers = null, $applicableGroups = null, - $priority = null + $priority = null, ) { $canCreateNewLocalStorage = $this->config->getSystemValue('files_external_allow_create_new_local', true); if (!$canCreateNewLocalStorage && $backend === 'local') { @@ -210,9 +213,8 @@ abstract class StoragesController extends Controller { * on whether the remote storage is available or not. * * @param StorageConfig $storage storage configuration - * @param bool $testOnly whether to storage should only test the connection or do more things */ - protected function updateStorageStatus(StorageConfig &$storage, $testOnly = true) { + protected function updateStorageStatus(StorageConfig &$storage) { try { $this->manipulateStorageConfig($storage); @@ -220,15 +222,13 @@ abstract class StoragesController extends Controller { $backend = $storage->getBackend(); // update status (can be time-consuming) $storage->setStatus( - \OCA\Files_External\MountConfig::getBackendStatus( + MountConfig::getBackendStatus( $backend->getStorageClass(), $storage->getBackendOptions(), - false, - $testOnly ) ); } catch (InsufficientDataForMeaningfulAnswerException $e) { - $status = $e->getCode() ? $e->getCode() : StorageNotAvailableException::STATUS_INDETERMINATE; + $status = $e->getCode() ?: StorageNotAvailableException::STATUS_INDETERMINATE; $storage->setStatus( (int)$status, $this->l10n->t('Insufficient data: %s', [$e->getMessage()]) @@ -265,15 +265,14 @@ abstract class StoragesController extends Controller { * Get an external storage entry. * * @param int $id storage id - * @param bool $testOnly whether to storage should only test the connection or do more things * * @return DataResponse */ - public function show($id, $testOnly = true) { + public function show(int $id) { try { $storage = $this->service->getStorage($id); - $this->updateStorageStatus($storage, $testOnly); + $this->updateStorageStatus($storage); } catch (NotFoundException $e) { return new DataResponse( [ @@ -300,7 +299,8 @@ abstract class StoragesController extends Controller { * * @return DataResponse */ - public function destroy($id) { + #[PasswordConfirmationRequired(strict: true)] + public function destroy(int $id) { try { $this->service->removeStorage($id); } catch (NotFoundException $e) { diff --git a/apps/files_external/lib/Controller/UserGlobalStoragesController.php b/apps/files_external/lib/Controller/UserGlobalStoragesController.php index cd6ffae660d..88a9f936401 100644 --- a/apps/files_external/lib/Controller/UserGlobalStoragesController.php +++ b/apps/files_external/lib/Controller/UserGlobalStoragesController.php @@ -1,4 +1,5 @@ <?php + /** * SPDX-FileCopyrightText: 2017-2024 Nextcloud GmbH and Nextcloud contributors * SPDX-FileCopyrightText: 2016 ownCloud, Inc. @@ -15,6 +16,8 @@ use OCA\Files_External\Lib\StorageConfig; use OCA\Files_External\NotFoundException; use OCA\Files_External\Service\UserGlobalStoragesService; use OCP\AppFramework\Http; +use OCP\AppFramework\Http\Attribute\NoAdminRequired; +use OCP\AppFramework\Http\Attribute\PasswordConfirmationRequired; use OCP\AppFramework\Http\DataResponse; use OCP\IConfig; use OCP\IGroupManager; @@ -46,7 +49,7 @@ class UserGlobalStoragesController extends StoragesController { LoggerInterface $logger, IUserSession $userSession, IGroupManager $groupManager, - IConfig $config + IConfig $config, ) { parent::__construct( $AppName, @@ -64,9 +67,8 @@ class UserGlobalStoragesController extends StoragesController { * Get all storage entries * * @return DataResponse - * - * @NoAdminRequired */ + #[NoAdminRequired] public function index() { /** @var UserGlobalStoragesService */ $service = $this->service; @@ -95,16 +97,14 @@ class UserGlobalStoragesController extends StoragesController { * Get an external storage entry. * * @param int $id storage id - * @param bool $testOnly whether to storage should only test the connection or do more things * @return DataResponse - * - * @NoAdminRequired */ - public function show($id, $testOnly = true) { + #[NoAdminRequired] + public function show($id) { try { $storage = $this->service->getStorage($id); - $this->updateStorageStatus($storage, $testOnly); + $this->updateStorageStatus($storage); } catch (NotFoundException $e) { return new DataResponse( [ @@ -132,16 +132,14 @@ class UserGlobalStoragesController extends StoragesController { * * @param int $id storage id * @param array $backendOptions backend-specific options - * @param bool $testOnly whether to storage should only test the connection or do more things * * @return DataResponse - * - * @NoAdminRequired */ + #[NoAdminRequired] + #[PasswordConfirmationRequired(strict: true)] public function update( $id, $backendOptions, - $testOnly = true ) { try { $storage = $this->service->getStorage($id); @@ -166,7 +164,7 @@ class UserGlobalStoragesController extends StoragesController { ); } - $this->updateStorageStatus($storage, $testOnly); + $this->updateStorageStatus($storage); $this->sanitizeStorage($storage); return new DataResponse( diff --git a/apps/files_external/lib/Controller/UserStoragesController.php b/apps/files_external/lib/Controller/UserStoragesController.php index dc59d43d692..7b564d57f7e 100644 --- a/apps/files_external/lib/Controller/UserStoragesController.php +++ b/apps/files_external/lib/Controller/UserStoragesController.php @@ -1,4 +1,5 @@ <?php + /** * SPDX-FileCopyrightText: 2017-2024 Nextcloud GmbH and Nextcloud contributors * SPDX-FileCopyrightText: 2016 ownCloud, Inc. @@ -12,6 +13,8 @@ use OCA\Files_External\Lib\StorageConfig; use OCA\Files_External\NotFoundException; use OCA\Files_External\Service\UserStoragesService; use OCP\AppFramework\Http; +use OCP\AppFramework\Http\Attribute\NoAdminRequired; +use OCP\AppFramework\Http\Attribute\PasswordConfirmationRequired; use OCP\AppFramework\Http\DataResponse; use OCP\IConfig; use OCP\IGroupManager; @@ -43,7 +46,7 @@ class UserStoragesController extends StoragesController { LoggerInterface $logger, IUserSession $userSession, IGroupManager $groupManager, - IConfig $config + IConfig $config, ) { parent::__construct( $AppName, @@ -69,10 +72,9 @@ class UserStoragesController extends StoragesController { /** * Get all storage entries * - * @NoAdminRequired - * * @return DataResponse */ + #[NoAdminRequired] public function index() { return parent::index(); } @@ -80,12 +82,11 @@ class UserStoragesController extends StoragesController { /** * Return storage * - * @NoAdminRequired - * * {@inheritdoc} */ - public function show($id, $testOnly = true) { - return parent::show($id, $testOnly); + #[NoAdminRequired] + public function show(int $id) { + return parent::show($id); } /** @@ -98,15 +99,15 @@ class UserStoragesController extends StoragesController { * @param array $mountOptions backend-specific mount options * * @return DataResponse - * - * @NoAdminRequired */ + #[NoAdminRequired] + #[PasswordConfirmationRequired(strict: true)] public function create( $mountPoint, $backend, $authMechanism, $backendOptions, - $mountOptions + $mountOptions, ) { $canCreateNewLocalStorage = $this->config->getSystemValue('files_external_allow_create_new_local', true); if (!$canCreateNewLocalStorage && $backend === 'local') { @@ -151,12 +152,11 @@ class UserStoragesController extends StoragesController { * @param string $authMechanism authentication mechanism identifier * @param array $backendOptions backend-specific options * @param array $mountOptions backend-specific mount options - * @param bool $testOnly whether to storage should only test the connection or do more things * * @return DataResponse - * - * @NoAdminRequired */ + #[NoAdminRequired] + #[PasswordConfirmationRequired(strict: true)] public function update( $id, $mountPoint, @@ -164,7 +164,6 @@ class UserStoragesController extends StoragesController { $authMechanism, $backendOptions, $mountOptions, - $testOnly = true ) { $storage = $this->createStorage( $mountPoint, @@ -194,7 +193,7 @@ class UserStoragesController extends StoragesController { ); } - $this->updateStorageStatus($storage, $testOnly); + $this->updateStorageStatus($storage); return new DataResponse( $storage->jsonSerialize(true), @@ -205,11 +204,11 @@ class UserStoragesController extends StoragesController { /** * Delete storage * - * @NoAdminRequired - * * {@inheritdoc} */ - public function destroy($id) { + #[NoAdminRequired] + #[PasswordConfirmationRequired(strict: true)] + public function destroy(int $id) { return parent::destroy($id); } } |