diff options
Diffstat (limited to 'apps/workflowengine/lib/Check')
| -rw-r--r-- | apps/workflowengine/lib/Check/AbstractStringCheck.php | 121 | ||||
| -rw-r--r-- | apps/workflowengine/lib/Check/FileMimeType.php | 85 | ||||
| -rw-r--r-- | apps/workflowengine/lib/Check/FileSize.php | 119 | ||||
| -rw-r--r-- | apps/workflowengine/lib/Check/FileSystemTags.php | 161 | ||||
| -rw-r--r-- | apps/workflowengine/lib/Check/RequestRemoteAddress.php | 154 | ||||
| -rw-r--r-- | apps/workflowengine/lib/Check/RequestTime.php | 129 | ||||
| -rw-r--r-- | apps/workflowengine/lib/Check/RequestURL.php | 92 | ||||
| -rw-r--r-- | apps/workflowengine/lib/Check/RequestUserAgent.php | 74 | ||||
| -rw-r--r-- | apps/workflowengine/lib/Check/UserGroupMembership.php | 4 |
9 files changed, 937 insertions, 2 deletions
diff --git a/apps/workflowengine/lib/Check/AbstractStringCheck.php b/apps/workflowengine/lib/Check/AbstractStringCheck.php new file mode 100644 index 00000000000..0fd728e3496 --- /dev/null +++ b/apps/workflowengine/lib/Check/AbstractStringCheck.php @@ -0,0 +1,121 @@ +<?php +/** + * @copyright Copyright (c) 2016 Joas Schilling <coding@schilljs.com> + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ + +namespace OCA\WorkflowEngine\Check; + + +use OCP\Files\Storage\IStorage; +use OCP\IL10N; +use OCP\WorkflowEngine\ICheck; + +abstract class AbstractStringCheck implements ICheck { + + /** @var array[] Nested array: [Pattern => [ActualValue => Regex Result]] */ + protected $matches; + + /** @var IL10N */ + protected $l; + + /** + * @param IL10N $l + */ + public function __construct(IL10N $l) { + $this->l = $l; + } + + /** + * @param IStorage $storage + * @param string $path + */ + public function setFileInfo(IStorage $storage, $path) { + // Nothing changes here with a different path + } + + /** + * @return string + */ + abstract protected function getActualValue(); + + /** + * @param string $operator + * @param string $value + * @return bool + */ + public function executeCheck($operator, $value) { + $actualValue = $this->getActualValue(); + return $this->executeStringCheck($operator, $value, $actualValue); + } + + /** + * @param string $operator + * @param string $checkValue + * @param string $actualValue + * @return bool + */ + protected function executeStringCheck($operator, $checkValue, $actualValue) { + if ($operator === 'is') { + return $checkValue === $actualValue; + } else if ($operator === '!is') { + return $checkValue !== $actualValue; + } else { + $match = $this->match($checkValue, $actualValue); + if ($operator === 'matches') { + return $match === 1; + } else { + return $match === 0; + } + } + } + + /** + * @param string $operator + * @param string $value + * @throws \UnexpectedValueException + */ + public function validateCheck($operator, $value) { + if (!in_array($operator, ['is', '!is', 'matches', '!matches'])) { + throw new \UnexpectedValueException($this->l->t('The given operator is invalid'), 1); + } + + if (in_array($operator, ['matches', '!matches']) && + @preg_match($value, null) === false) { + throw new \UnexpectedValueException($this->l->t('The given regular expression is invalid'), 2); + } + } + + /** + * @param string $pattern + * @param string $subject + * @return int|bool + */ + protected function match($pattern, $subject) { + $patternHash = md5($pattern); + $subjectHash = md5($subject); + if (isset($this->matches[$patternHash][$subjectHash])) { + return $this->matches[$patternHash][$subjectHash]; + } + if (!isset($this->matches[$patternHash])) { + $this->matches[$patternHash] = []; + } + $this->matches[$patternHash][$subjectHash] = preg_match($pattern, $subject); + return $this->matches[$patternHash][$subjectHash]; + } +} diff --git a/apps/workflowengine/lib/Check/FileMimeType.php b/apps/workflowengine/lib/Check/FileMimeType.php new file mode 100644 index 00000000000..1de9a70a17d --- /dev/null +++ b/apps/workflowengine/lib/Check/FileMimeType.php @@ -0,0 +1,85 @@ +<?php +/** + * @copyright Copyright (c) 2016 Joas Schilling <coding@schilljs.com> + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ + +namespace OCA\WorkflowEngine\Check; + + +use OCP\Files\IMimeTypeDetector; +use OCP\IL10N; +use OCP\IRequest; + +class FileMimeType extends AbstractStringCheck { + + /** @var string */ + protected $mimeType; + + /** @var IRequest */ + protected $request; + + /** @var IMimeTypeDetector */ + protected $mimeTypeDetector; + + /** + * @param IL10N $l + * @param IRequest $request + * @param IMimeTypeDetector $mimeTypeDetector + */ + public function __construct(IL10N $l, IRequest $request, IMimeTypeDetector $mimeTypeDetector) { + parent::__construct($l); + $this->request = $request; + $this->mimeTypeDetector = $mimeTypeDetector; + } + + /** + * @return string + */ + protected function getActualValue() { + if ($this->mimeType !== null) { + return $this->mimeType; + } + + $this->mimeType = ''; + if ($this->isWebDAVRequest()) { + if ($this->request->getMethod() === 'PUT') { + $path = $this->request->getPathInfo(); + $this->mimeType = $this->mimeTypeDetector->detectPath($path); + } + } else if (in_array($this->request->getMethod(), ['POST', 'PUT'])) { + $files = $this->request->getUploadedFile('files'); + if (isset($files['type'][0])) { + $this->mimeType = $files['type'][0]; + } + } + return $this->mimeType; + } + + /** + * @return bool + */ + protected function isWebDAVRequest() { + return substr($this->request->getScriptName(), 0 - strlen('/remote.php')) === '/remote.php' && ( + $this->request->getPathInfo() === '/webdav' || + strpos($this->request->getPathInfo(), '/webdav/') === 0 || + $this->request->getPathInfo() === '/dav/files' || + strpos($this->request->getPathInfo(), '/dav/files/') === 0 + ); + } +} diff --git a/apps/workflowengine/lib/Check/FileSize.php b/apps/workflowengine/lib/Check/FileSize.php new file mode 100644 index 00000000000..1744793dec7 --- /dev/null +++ b/apps/workflowengine/lib/Check/FileSize.php @@ -0,0 +1,119 @@ +<?php +/** + * @copyright Copyright (c) 2016 Joas Schilling <coding@schilljs.com> + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ + +namespace OCA\WorkflowEngine\Check; + + +use OCP\Files\Storage\IStorage; +use OCP\IL10N; +use OCP\IRequest; +use OCP\Util; +use OCP\WorkflowEngine\ICheck; + +class FileSize implements ICheck { + + /** @var int */ + protected $size; + + /** @var IL10N */ + protected $l; + + /** @var IRequest */ + protected $request; + + /** + * @param IL10N $l + * @param IRequest $request + */ + public function __construct(IL10N $l, IRequest $request) { + $this->l = $l; + $this->request = $request; + } + + /** + * @param IStorage $storage + * @param string $path + */ + public function setFileInfo(IStorage $storage, $path) { + } + + /** + * @param string $operator + * @param string $value + * @return bool + */ + public function executeCheck($operator, $value) { + $size = $this->getFileSizeFromHeader(); + + $value = Util::computerFileSize($value); + if ($size !== false) { + switch ($operator) { + case 'less': + return $size < $value; + case '!less': + return $size >= $value; + case 'greater': + return $size > $value; + case '!greater': + return $size <= $value; + } + } + return false; + } + + /** + * @param string $operator + * @param string $value + * @throws \UnexpectedValueException + */ + public function validateCheck($operator, $value) { + if (!in_array($operator, ['less', '!less', 'greater', '!greater'])) { + throw new \UnexpectedValueException($this->l->t('The given operator is invalid'), 1); + } + + if (!preg_match('/^[0-9]+[ ]?[kmgt]?b$/i', $value)) { + throw new \UnexpectedValueException($this->l->t('The given file size is invalid'), 2); + } + } + + /** + * @return string + */ + protected function getFileSizeFromHeader() { + if ($this->size !== null) { + return $this->size; + } + + $size = $this->request->getHeader('OC-Total-Length'); + if ($size === null) { + if (in_array($this->request->getMethod(), ['POST', 'PUT'])) { + $size = $this->request->getHeader('Content-Length'); + } + } + + if ($size === null) { + $size = false; + } + + $this->size = $size; + return $this->size; + } +} diff --git a/apps/workflowengine/lib/Check/FileSystemTags.php b/apps/workflowengine/lib/Check/FileSystemTags.php new file mode 100644 index 00000000000..e9b5a945967 --- /dev/null +++ b/apps/workflowengine/lib/Check/FileSystemTags.php @@ -0,0 +1,161 @@ +<?php +/** + * @copyright Copyright (c) 2016 Joas Schilling <coding@schilljs.com> + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ + +namespace OCA\WorkflowEngine\Check; + + +use OCP\Files\Cache\ICache; +use OCP\Files\Storage\IStorage; +use OCP\IL10N; +use OCP\SystemTag\ISystemTagManager; +use OCP\SystemTag\ISystemTagObjectMapper; +use OCP\SystemTag\TagNotFoundException; +use OCP\WorkflowEngine\ICheck; + +class FileSystemTags implements ICheck { + + /** @var array */ + protected $fileIds; + + /** @var array */ + protected $fileSystemTags; + + /** @var IL10N */ + protected $l; + + /** @var ISystemTagManager */ + protected $systemTagManager; + + /** @var ISystemTagObjectMapper */ + protected $systemTagObjectMapper; + + /** @var IStorage */ + protected $storage; + + /** @var string */ + protected $path; + + /** + * @param IL10N $l + * @param ISystemTagManager $systemTagManager + * @param ISystemTagObjectMapper $systemTagObjectMapper + */ + public function __construct(IL10N $l, ISystemTagManager $systemTagManager, ISystemTagObjectMapper $systemTagObjectMapper) { + $this->l = $l; + $this->systemTagManager = $systemTagManager; + $this->systemTagObjectMapper = $systemTagObjectMapper; + } + + /** + * @param IStorage $storage + * @param string $path + */ + public function setFileInfo(IStorage $storage, $path) { + $this->storage = $storage; + $this->path = $path; + } + + /** + * @param string $operator + * @param string $value + * @return bool + */ + public function executeCheck($operator, $value) { + $systemTags = $this->getSystemTags(); + return ($operator === 'is') === in_array($value, $systemTags); + } + + /** + * @param string $operator + * @param string $value + * @throws \UnexpectedValueException + */ + public function validateCheck($operator, $value) { + if (!in_array($operator, ['is', '!is'])) { + throw new \UnexpectedValueException($this->l->t('The given operator is invalid'), 1); + } + + try { + $this->systemTagManager->getTagsByIds($value); + } catch (TagNotFoundException $e) { + throw new \UnexpectedValueException($this->l->t('The given tag id is invalid'), 2); + } catch (\InvalidArgumentException $e) { + throw new \UnexpectedValueException($this->l->t('The given tag id is invalid'), 3); + } + } + + /** + * Get the ids of the assigned system tags + * @return string[] + */ + protected function getSystemTags() { + $cache = $this->storage->getCache(); + $fileIds = $this->getFileIds($cache, $this->path); + + $systemTags = []; + foreach ($fileIds as $i => $fileId) { + if (isset($this->fileSystemTags[$fileId])) { + $systemTags[] = $this->fileSystemTags[$fileId]; + unset($fileIds[$i]); + } + } + + if (!empty($fileIds)) { + $mappedSystemTags = $this->systemTagObjectMapper->getTagIdsForObjects($fileIds, 'files'); + foreach ($mappedSystemTags as $fileId => $fileSystemTags) { + $this->fileSystemTags[$fileId] = $fileSystemTags; + $systemTags[] = $fileSystemTags; + } + } + + $systemTags = call_user_func_array('array_merge', $systemTags); + $systemTags = array_unique($systemTags); + return $systemTags; + } + + /** + * Get the file ids of the given path and its parents + * @param ICache $cache + * @param string $path + * @return int[] + */ + protected function getFileIds(ICache $cache, $path) { + $cacheId = $cache->getNumericStorageId(); + if (isset($this->fileIds[$cacheId][$path])) { + return $this->fileIds[$cacheId][$path]; + } + + if ($path !== dirname($path)) { + $parentIds = $this->getFileIds($cache, dirname($path)); + } else { + return []; + } + + $fileId = $cache->getId($path); + if ($fileId !== -1) { + $parentIds[] = $cache->getId($path); + } + + $this->fileIds[$cacheId][$path] = $parentIds; + + return $parentIds; + } +} diff --git a/apps/workflowengine/lib/Check/RequestRemoteAddress.php b/apps/workflowengine/lib/Check/RequestRemoteAddress.php new file mode 100644 index 00000000000..de9738fb631 --- /dev/null +++ b/apps/workflowengine/lib/Check/RequestRemoteAddress.php @@ -0,0 +1,154 @@ +<?php +/** + * @copyright Copyright (c) 2016 Joas Schilling <coding@schilljs.com> + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ + +namespace OCA\WorkflowEngine\Check; + + +use OCP\Files\Storage\IStorage; +use OCP\IL10N; +use OCP\IRequest; +use OCP\WorkflowEngine\ICheck; + +class RequestRemoteAddress implements ICheck { + + /** @var IL10N */ + protected $l; + + /** @var IRequest */ + protected $request; + + /** + * @param IL10N $l + * @param IRequest $request + */ + public function __construct(IL10N $l, IRequest $request) { + $this->l = $l; + $this->request = $request; + } + + /** + * @param IStorage $storage + * @param string $path + */ + public function setFileInfo(IStorage $storage, $path) { + // A different path doesn't change time, so nothing to do here. + } + + /** + * @param string $operator + * @param string $value + * @return bool + */ + public function executeCheck($operator, $value) { + $actualValue = $this->request->getRemoteAddress(); + $decodedValue = explode('/', $value); + + if ($operator === 'matchesIPv4') { + return $this->matchIPv4($actualValue, $decodedValue[0], $decodedValue[1]); + } else if ($operator === '!matchesIPv4') { + return !$this->matchIPv4($actualValue, $decodedValue[0], $decodedValue[1]); + } else if ($operator === 'matchesIPv6') { + return $this->matchIPv6($actualValue, $decodedValue[0], $decodedValue[1]); + } else { + return !$this->matchIPv6($actualValue, $decodedValue[0], $decodedValue[1]); + } + } + + /** + * @param string $operator + * @param string $value + * @throws \UnexpectedValueException + */ + public function validateCheck($operator, $value) { + if (!in_array($operator, ['matchesIPv4', '!matchesIPv4', 'matchesIPv6', '!matchesIPv6'])) { + throw new \UnexpectedValueException($this->l->t('The given operator is invalid'), 1); + } + + $decodedValue = explode('/', $value); + if (sizeof($decodedValue) !== 2) { + throw new \UnexpectedValueException($this->l->t('The given IP range is invalid'), 2); + } + + if (in_array($operator, ['matchesIPv4', '!matchesIPv4'])) { + if (!filter_var($decodedValue[0], FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) { + throw new \UnexpectedValueException($this->l->t('The given IP range is not valid for IPv4'), 3); + } + if ($decodedValue[1] > 32 || $decodedValue[1] <= 0) { + throw new \UnexpectedValueException($this->l->t('The given IP range is not valid for IPv4'), 4); + } + } else { + if (!filter_var($decodedValue[0], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) { + throw new \UnexpectedValueException($this->l->t('The given IP range is not valid for IPv6'), 3); + } + if ($decodedValue[1] > 128 || $decodedValue[1] <= 0) { + throw new \UnexpectedValueException($this->l->t('The given IP range is not valid for IPv6'), 4); + } + } + } + + /** + * Based on http://stackoverflow.com/a/594134 + * @param string $ip + * @param string $rangeIp + * @param int $bits + * @return bool + */ + protected function matchIPv4($ip, $rangeIp, $bits) { + $rangeDecimal = ip2long($rangeIp); + $ipDecimal = ip2long($ip); + $mask = -1 << (32 - $bits); + return ($ipDecimal & $mask) === ($rangeDecimal & $mask); + } + + /** + * Based on http://stackoverflow.com/a/7951507 + * @param string $ip + * @param string $rangeIp + * @param int $bits + * @return bool + */ + protected function matchIPv6($ip, $rangeIp, $bits) { + $ipNet = inet_pton($ip); + $binaryIp = $this->ipv6ToBits($ipNet); + $ipNetBits = substr($binaryIp, 0, $bits); + + $rangeNet = inet_pton($rangeIp); + $binaryRange = $this->ipv6ToBits($rangeNet); + $rangeNetBits = substr($binaryRange, 0, $bits); + + return $ipNetBits === $rangeNetBits; + } + + /** + * Based on http://stackoverflow.com/a/7951507 + * @param string $packedIp + * @return string + */ + protected function ipv6ToBits($packedIp) { + $unpackedIp = unpack('A16', $packedIp); + $unpackedIp = str_split($unpackedIp[1]); + $binaryIp = ''; + foreach ($unpackedIp as $char) { + $binaryIp .= str_pad(decbin(ord($char)), 8, '0', STR_PAD_LEFT); + } + return str_pad($binaryIp, 128, '0', STR_PAD_RIGHT); + } +} diff --git a/apps/workflowengine/lib/Check/RequestTime.php b/apps/workflowengine/lib/Check/RequestTime.php new file mode 100644 index 00000000000..2aa79e77673 --- /dev/null +++ b/apps/workflowengine/lib/Check/RequestTime.php @@ -0,0 +1,129 @@ +<?php +/** + * @copyright Copyright (c) 2016 Joas Schilling <coding@schilljs.com> + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ + +namespace OCA\WorkflowEngine\Check; + + +use OCP\AppFramework\Utility\ITimeFactory; +use OCP\Files\Storage\IStorage; +use OCP\IL10N; +use OCP\WorkflowEngine\ICheck; + +class RequestTime implements ICheck { + + const REGEX_TIME = '([0-1][0-9]|2[0-3]):([0-5][0-9])'; + const REGEX_TIMEZONE = '([a-zA-Z]+(?:\\/[a-zA-Z\-\_]+)+)'; + + /** @var bool[] */ + protected $cachedResults; + + /** @var IL10N */ + protected $l; + + /** @var ITimeFactory */ + protected $timeFactory; + + /** + * @param ITimeFactory $timeFactory + */ + public function __construct(IL10N $l, ITimeFactory $timeFactory) { + $this->l = $l; + $this->timeFactory = $timeFactory; + } + + /** + * @param IStorage $storage + * @param string $path + */ + public function setFileInfo(IStorage $storage, $path) { + // A different path doesn't change time, so nothing to do here. + } + + /** + * @param string $operator + * @param string $value + * @return bool + */ + public function executeCheck($operator, $value) { + $valueHash = md5($value); + + if (isset($this->cachedResults[$valueHash])) { + return $this->cachedResults[$valueHash]; + } + + $timestamp = $this->timeFactory->getTime(); + + $values = json_decode($value, true); + $timestamp1 = $this->getTimestamp($timestamp, $values[0]); + $timestamp2 = $this->getTimestamp($timestamp, $values[1]); + + if ($timestamp1 < $timestamp2) { + $in = $timestamp1 <= $timestamp && $timestamp <= $timestamp2; + } else { + $in = $timestamp1 <= $timestamp || $timestamp <= $timestamp2; + } + + return ($operator === 'in') ? $in : !$in; + } + + /** + * @param int $currentTimestamp + * @param string $value Format: "H:i e" + * @return int + */ + protected function getTimestamp($currentTimestamp, $value) { + list($time1, $timezone1) = explode(' ', $value); + list($hour1, $minute1) = explode(':', $time1); + $date1 = new \DateTime('now', new \DateTimeZone($timezone1)); + $date1->setTimestamp($currentTimestamp); + $date1->setTime($hour1, $minute1); + + return $date1->getTimestamp(); + } + + /** + * @param string $operator + * @param string $value + * @throws \UnexpectedValueException + */ + public function validateCheck($operator, $value) { + if (!in_array($operator, ['in', '!in'])) { + throw new \UnexpectedValueException($this->l->t('The given operator is invalid'), 1); + } + + $regexValue = '\"' . self::REGEX_TIME . ' ' . self::REGEX_TIMEZONE . '\"'; + $result = preg_match('/^\[' . $regexValue . ',' . $regexValue . '\]$/', $value, $matches); + if (!$result) { + throw new \UnexpectedValueException($this->l->t('The given time span is invalid'), 2); + } + + $values = json_decode($value, true); + $time1 = \DateTime::createFromFormat('H:i e', $values[0]); + if ($time1 === false) { + throw new \UnexpectedValueException($this->l->t('The given start time is invalid'), 3); + } + + $time2 = \DateTime::createFromFormat('H:i e', $values[1]); + if ($time2 === false) { + throw new \UnexpectedValueException($this->l->t('The given end time is invalid'), 4); + } + } +} diff --git a/apps/workflowengine/lib/Check/RequestURL.php b/apps/workflowengine/lib/Check/RequestURL.php new file mode 100644 index 00000000000..36d41c101f2 --- /dev/null +++ b/apps/workflowengine/lib/Check/RequestURL.php @@ -0,0 +1,92 @@ +<?php +/** + * @copyright Copyright (c) 2016 Joas Schilling <coding@schilljs.com> + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ + +namespace OCA\WorkflowEngine\Check; + + +use OCP\IL10N; +use OCP\IRequest; + +class RequestURL extends AbstractStringCheck { + + /** @var string */ + protected $url; + + /** @var IRequest */ + protected $request; + + /** + * @param IL10N $l + * @param IRequest $request + */ + public function __construct(IL10N $l, IRequest $request) { + parent::__construct($l); + $this->request = $request; + } + + /** + * @param string $operator + * @param string $value + * @return bool + */ + public function executeCheck($operator, $value) { + $actualValue = $this->getActualValue(); + if (in_array($operator, ['is', '!is'])) { + switch ($value) { + case 'webdav': + if ($operator === 'is') { + return $this->isWebDAVRequest(); + } else { + return !$this->isWebDAVRequest(); + } + } + } + return $this->executeStringCheck($operator, $value, $actualValue); + } + + /** + * @return string + */ + protected function getActualValue() { + if ($this->url !== null) { + return $this->url; + } + + $this->url = $this->request->getServerProtocol() . '://';// E.g. http(s) + :// + $this->url .= $this->request->getServerHost();// E.g. localhost + $this->url .= $this->request->getScriptName();// E.g. /nextcloud/index.php + $this->url .= $this->request->getPathInfo();// E.g. /apps/files_texteditor/ajax/loadfile + + return $this->url; // E.g. https://localhost/nextcloud/index.php/apps/files_texteditor/ajax/loadfile + } + + /** + * @return bool + */ + protected function isWebDAVRequest() { + return substr($this->request->getScriptName(), 0 - strlen('/remote.php')) === '/remote.php' && ( + $this->request->getPathInfo() === '/webdav' || + strpos($this->request->getPathInfo(), '/webdav/') === 0 || + $this->request->getPathInfo() === '/dav/files' || + strpos($this->request->getPathInfo(), '/dav/files/') === 0 + ); + } +} diff --git a/apps/workflowengine/lib/Check/RequestUserAgent.php b/apps/workflowengine/lib/Check/RequestUserAgent.php new file mode 100644 index 00000000000..7a8d4a71acf --- /dev/null +++ b/apps/workflowengine/lib/Check/RequestUserAgent.php @@ -0,0 +1,74 @@ +<?php +/** + * @copyright Copyright (c) 2016 Joas Schilling <coding@schilljs.com> + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ + +namespace OCA\WorkflowEngine\Check; + + +use OCP\IL10N; +use OCP\IRequest; + +class RequestUserAgent extends AbstractStringCheck { + + /** @var IRequest */ + protected $request; + + /** + * @param IL10N $l + * @param IRequest $request + */ + public function __construct(IL10N $l, IRequest $request) { + parent::__construct($l); + $this->request = $request; + } + + /** + * @param string $operator + * @param string $value + * @return bool + */ + public function executeCheck($operator, $value) { + $actualValue = $this->getActualValue(); + if (in_array($operator, ['is', '!is'])) { + switch ($value) { + case 'android': + $operator = $operator === 'is' ? 'matches' : '!matches'; + $value = IRequest::USER_AGENT_CLIENT_ANDROID; + break; + case 'ios': + $operator = $operator === 'is' ? 'matches' : '!matches'; + $value = IRequest::USER_AGENT_CLIENT_IOS; + break; + case 'desktop': + $operator = $operator === 'is' ? 'matches' : '!matches'; + $value = IRequest::USER_AGENT_CLIENT_DESKTOP; + break; + } + } + return $this->executeStringCheck($operator, $value, $actualValue); + } + + /** + * @return string + */ + protected function getActualValue() { + return (string) $this->request->getHeader('User-Agent'); + } +} diff --git a/apps/workflowengine/lib/Check/UserGroupMembership.php b/apps/workflowengine/lib/Check/UserGroupMembership.php index 6390c57fbea..fd6ba00d092 100644 --- a/apps/workflowengine/lib/Check/UserGroupMembership.php +++ b/apps/workflowengine/lib/Check/UserGroupMembership.php @@ -89,11 +89,11 @@ class UserGroupMembership implements ICheck { */ public function validateCheck($operator, $value) { if (!in_array($operator, ['is', '!is'])) { - throw new \UnexpectedValueException($this->l->t('Operator %s is invalid', $operator), 1); + throw new \UnexpectedValueException($this->l->t('The given operator is invalid'), 1); } if (!$this->groupManager->groupExists($value)) { - throw new \UnexpectedValueException($this->l->t('Group %s does not exist', $value), 2); + throw new \UnexpectedValueException($this->l->t('The given group does not exist'), 2); } } |