diff options
Diffstat (limited to 'core')
-rw-r--r-- | core/Application.php | 13 | ||||
-rw-r--r-- | core/Controller/OccController.php | 147 | ||||
-rw-r--r-- | core/routes.php | 1 |
3 files changed, 0 insertions, 161 deletions
diff --git a/core/Application.php b/core/Application.php index 8ea2672e54e..a87917b626a 100644 --- a/core/Application.php +++ b/core/Application.php @@ -32,7 +32,6 @@ use OC\AppFramework\Utility\TimeFactory; use OC\Core\Controller\AvatarController; use OC\Core\Controller\LoginController; use OC\Core\Controller\LostController; -use OC\Core\Controller\OccController; use OC\Core\Controller\TokenController; use OC\Core\Controller\TwoFactorChallengeController; use OC\Core\Controller\UserController; @@ -126,18 +125,6 @@ class Application extends App { $c->query('SecureRandom') ); }); - $container->registerService('OccController', function(SimpleContainer $c) { - return new OccController( - $c->query('AppName'), - $c->query('Request'), - $c->query('Config'), - new \OC\Console\Application( - $c->query('Config'), - $c->query('ServerContainer')->getEventDispatcher(), - $c->query('Request') - ) - ); - }); /** * Core class wrappers diff --git a/core/Controller/OccController.php b/core/Controller/OccController.php deleted file mode 100644 index 917d02f37f1..00000000000 --- a/core/Controller/OccController.php +++ /dev/null @@ -1,147 +0,0 @@ -<?php -/** - * @author Victor Dubiniuk <dubiniuk@owncloud.com> - * - * @copyright Copyright (c) 2016, ownCloud, Inc. - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * - */ - -namespace OC\Core\Controller; - -use OCP\AppFramework\Controller; -use OCP\AppFramework\Http\JSONResponse; -use OC\Console\Application; -use OCP\IConfig; -use OCP\IRequest; -use Symfony\Component\Console\Input\ArrayInput; -use Symfony\Component\Console\Output\BufferedOutput; - -class OccController extends Controller { - - /** @var array */ - private $allowedCommands = [ - 'app:disable', - 'app:enable', - 'app:getpath', - 'app:list', - 'check', - 'config:list', - 'maintenance:mode', - 'status', - 'upgrade' - ]; - - /** @var IConfig */ - private $config; - /** @var Application */ - private $console; - - /** - * OccController constructor. - * - * @param string $appName - * @param IRequest $request - * @param IConfig $config - * @param Application $console - */ - public function __construct($appName, IRequest $request, - IConfig $config, Application $console) { - parent::__construct($appName, $request); - $this->config = $config; - $this->console = $console; - } - - /** - * @PublicPage - * @NoCSRFRequired - * - * Execute occ command - * Sample request - * POST http://domain.tld/index.php/occ/status', - * { - * 'params': { - * '--no-warnings':'1', - * '--output':'json' - * }, - * 'token': 'someToken' - * } - * - * @param string $command - * @param string $token - * @param array $params - * - * @return JSONResponse - * @throws \Exception - */ - public function execute($command, $token, $params = []) { - try { - $this->validateRequest($command, $token); - - $output = new BufferedOutput(); - $formatter = $output->getFormatter(); - $formatter->setDecorated(false); - $this->console->setAutoExit(false); - $this->console->loadCommands(new ArrayInput([]), $output); - - $inputArray = array_merge(['command' => $command], $params); - $input = new ArrayInput($inputArray); - - $exitCode = $this->console->run($input, $output); - $response = $output->fetch(); - - $json = [ - 'exitCode' => $exitCode, - 'response' => $response - ]; - - } catch (\UnexpectedValueException $e){ - $json = [ - 'exitCode' => 126, - 'response' => 'Not allowed', - 'details' => $e->getMessage() - ]; - } - return new JSONResponse($json); - } - - /** - * Check if command is allowed and has a valid security token - * @param $command - * @param $token - */ - protected function validateRequest($command, $token){ - if (!in_array($this->request->getRemoteAddress(), ['::1', '127.0.0.1', 'localhost'])) { - throw new \UnexpectedValueException('Web executor is not allowed to run from a different host'); - } - - if (!in_array($command, $this->allowedCommands)) { - throw new \UnexpectedValueException(sprintf('Command "%s" is not allowed to run via web request', $command)); - } - - $coreToken = $this->config->getSystemValue('updater.secret', ''); - if ($coreToken === '') { - throw new \UnexpectedValueException( - 'updater.secret is undefined in config/config.php. Either browse the admin settings in your ownCloud and click "Open updater" or define a strong secret using <pre>php -r \'echo password_hash("MyStrongSecretDoUseYourOwn!", PASSWORD_DEFAULT)."\n";\'</pre> and set this in the config.php.' - ); - } - - if (!password_verify($token, $coreToken)) { - throw new \UnexpectedValueException( - 'updater.secret does not match the provided token' - ); - } - } -} diff --git a/core/routes.php b/core/routes.php index c473408e2e9..402277d8f3e 100644 --- a/core/routes.php +++ b/core/routes.php @@ -48,7 +48,6 @@ $application->registerRoutes($this, [ ['name' => 'login#showLoginForm', 'url' => '/login', 'verb' => 'GET'], ['name' => 'login#logout', 'url' => '/logout', 'verb' => 'GET'], ['name' => 'token#generateToken', 'url' => '/token/generate', 'verb' => 'POST'], - ['name' => 'occ#execute', 'url' => '/occ/{command}', 'verb' => 'POST'], ['name' => 'TwoFactorChallenge#selectChallenge', 'url' => '/login/selectchallenge', 'verb' => 'GET'], ['name' => 'TwoFactorChallenge#showChallenge', 'url' => '/login/challenge/{challengeProviderId}', 'verb' => 'GET'], ['name' => 'TwoFactorChallenge#solveChallenge', 'url' => '/login/challenge/{challengeProviderId}', 'verb' => 'POST'], |