diff options
Diffstat (limited to 'lib/base.php')
| -rw-r--r-- | lib/base.php | 1455 |
1 files changed, 772 insertions, 683 deletions
diff --git a/lib/base.php b/lib/base.php index f3076a1181a..ab838d366b1 100644 --- a/lib/base.php +++ b/lib/base.php @@ -1,59 +1,38 @@ <?php + +declare(strict_types=1); /** - * @author Adam Williamson <awilliam@redhat.com> - * @author Andreas Fischer <bantu@owncloud.com> - * @author Arthur Schiwon <blizzz@owncloud.com> - * @author Bart Visscher <bartv@thisnet.nl> - * @author Bernhard Posselt <dev@bernhard-posselt.com> - * @author Björn Schießle <schiessle@owncloud.com> - * @author Christopher Schäpers <kondou@ts.unde.re> - * @author davidgumberg <davidnoizgumberg@gmail.com> - * @author Florian Scholz <FlorianScholz@bgstyle.de> - * @author Florin Peter <github@florin-peter.de> - * @author Frank Karlitschek <frank@owncloud.org> - * @author Georg Ehrke <georg@owncloud.com> - * @author Hugo Gonzalez Labrador <hglavra@gmail.com> - * @author Individual IT Services <info@individual-it.net> - * @author Jakob Sack <mail@jakobsack.de> - * @author Joachim Bauch <bauch@struktur.de> - * @author Joas Schilling <nickvergessen@owncloud.com> - * @author Jörn Friedrich Dreyer <jfd@butonic.de> - * @author Lukas Reschke <lukas@owncloud.com> - * @author marc0s <marcos@tenak.net> - * @author Martin Mattel <martin.mattel@diemattels.at> - * @author Michael Gapczynski <GapczynskiM@gmail.com> - * @author Morris Jobke <hey@morrisjobke.de> - * @author Owen Winkler <a_github@midnightcircus.com> - * @author Phil Davis <phil.davis@inf.org> - * @author Ramiro Aparicio <rapariciog@gmail.com> - * @author Robin Appelman <icewind@owncloud.com> - * @author Robin McCorkell <robin@mccorkell.me.uk> - * @author Roeland Jago Douma <rullzer@owncloud.com> - * @author scolebrook <scolebrook@mac.com> - * @author Thomas Müller <thomas.mueller@tmit.eu> - * @author Thomas Tanghus <thomas@tanghus.net> - * @author Victor Dubiniuk <dubiniuk@owncloud.com> - * @author Vincent Petry <pvince81@owncloud.com> - * @author Volkan Gezer <volkangezer@gmail.com> - * - * @copyright Copyright (c) 2016, ownCloud, Inc. - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2013-2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only */ -require_once 'public/constants.php'; +use OC\Profiler\BuiltInProfiler; +use OC\Share20\GroupDeletedListener; +use OC\Share20\Hooks; +use OC\Share20\UserDeletedListener; +use OC\Share20\UserRemovedListener; +use OC\User\DisabledUserException; +use OCP\EventDispatcher\IEventDispatcher; +use OCP\Files\Events\BeforeFileSystemSetupEvent; +use OCP\Group\Events\GroupDeletedEvent; +use OCP\Group\Events\UserRemovedEvent; +use OCP\IConfig; +use OCP\ILogger; +use OCP\IRequest; +use OCP\IURLGenerator; +use OCP\IUserSession; +use OCP\Security\Bruteforce\IThrottler; +use OCP\Server; +use OCP\Template\ITemplateManager; +use OCP\User\Events\UserChangedEvent; +use OCP\User\Events\UserDeletedEvent; +use OCP\Util; +use Psr\Log\LoggerInterface; +use Symfony\Component\Routing\Exception\MethodNotAllowedException; +use function OCP\Log\logger; + +require_once 'public/Constants.php'; /** * Class that is a namespace for all global OC variables @@ -62,88 +41,76 @@ require_once 'public/constants.php'; */ class OC { /** - * Associative array for autoloading. classname => filename - */ - public static $CLASSPATH = array(); - /** - * The installation path for owncloud on the server (e.g. /srv/http/owncloud) - */ - public static $SERVERROOT = ''; - /** - * the current request path relative to the owncloud root (e.g. files/index.php) + * The installation path for Nextcloud on the server (e.g. /srv/http/nextcloud) */ - private static $SUBURI = ''; + public static string $SERVERROOT = ''; /** - * the owncloud root path for http requests (e.g. owncloud/) + * the current request path relative to the Nextcloud root (e.g. files/index.php) */ - public static $WEBROOT = ''; + private static string $SUBURI = ''; /** - * The installation path of the 3rdparty folder on the server (e.g. /srv/http/owncloud/3rdparty) + * the Nextcloud root path for http requests (e.g. /nextcloud) */ - public static $THIRDPARTYROOT = ''; + public static string $WEBROOT = ''; /** - * the root path of the 3rdparty folder for http requests (e.g. owncloud/3rdparty) - */ - public static $THIRDPARTYWEBROOT = ''; - /** - * The installation path array of the apps folder on the server (e.g. /srv/http/owncloud) 'path' and + * The installation path array of the apps folder on the server (e.g. /srv/http/nextcloud) 'path' and * web path in 'url' */ - public static $APPSROOTS = array(); + public static array $APPSROOTS = []; - public static $configDir; + public static string $configDir; /** * requested app */ - public static $REQUESTEDAPP = ''; + public static string $REQUESTEDAPP = ''; /** - * check if ownCloud runs in cli mode + * check if Nextcloud runs in cli mode */ - public static $CLI = false; + public static bool $CLI = false; - /** - * @var \OC\Autoloader $loader - */ - public static $loader = null; + public static \Composer\Autoload\ClassLoader $composerAutoloader; - /** - * @var \OC\Server - */ - public static $server = null; + public static \OC\Server $server; - /** - * @var \OC\Config - */ - private static $config = null; + private static \OC\Config $config; /** * @throws \RuntimeException when the 3rdparty directory is missing or - * the app path list is empty or contains an invalid path + * the app path list is empty or contains an invalid path */ - public static function initPaths() { - if(defined('PHPUNIT_CONFIG_DIR')) { + public static function initPaths(): void { + if (defined('PHPUNIT_CONFIG_DIR')) { self::$configDir = OC::$SERVERROOT . '/' . PHPUNIT_CONFIG_DIR . '/'; - } elseif(defined('PHPUNIT_RUN') and PHPUNIT_RUN and is_dir(OC::$SERVERROOT . '/tests/config/')) { + } elseif (defined('PHPUNIT_RUN') and PHPUNIT_RUN and is_dir(OC::$SERVERROOT . '/tests/config/')) { self::$configDir = OC::$SERVERROOT . '/tests/config/'; + } elseif ($dir = getenv('NEXTCLOUD_CONFIG_DIR')) { + self::$configDir = rtrim($dir, '/') . '/'; } else { self::$configDir = OC::$SERVERROOT . '/config/'; } self::$config = new \OC\Config(self::$configDir); - OC::$SUBURI = str_replace("\\", "/", substr(realpath($_SERVER["SCRIPT_FILENAME"]), strlen(OC::$SERVERROOT))); + OC::$SUBURI = str_replace('\\', '/', substr(realpath($_SERVER['SCRIPT_FILENAME'] ?? ''), strlen(OC::$SERVERROOT))); /** - * FIXME: The following lines are required because we can't yet instantiiate - * \OC::$server->getRequest() since \OC::$server does not yet exist. + * FIXME: The following lines are required because we can't yet instantiate + * Server::get(\OCP\IRequest::class) since \OC::$server does not yet exist. */ $params = [ 'server' => [ - 'SCRIPT_NAME' => $_SERVER['SCRIPT_NAME'], - 'SCRIPT_FILENAME' => $_SERVER['SCRIPT_FILENAME'], + 'SCRIPT_NAME' => $_SERVER['SCRIPT_NAME'] ?? null, + 'SCRIPT_FILENAME' => $_SERVER['SCRIPT_FILENAME'] ?? null, ], ]; - $fakeRequest = new \OC\AppFramework\Http\Request($params, null, new \OC\AllConfig(new \OC\SystemConfig(self::$config))); + if (isset($_SERVER['REMOTE_ADDR'])) { + $params['server']['REMOTE_ADDR'] = $_SERVER['REMOTE_ADDR']; + } + $fakeRequest = new \OC\AppFramework\Http\Request( + $params, + new \OC\AppFramework\Http\RequestId($_SERVER['UNIQUE_ID'] ?? '', new \OC\Security\SecureRandom()), + new \OC\AllConfig(new \OC\SystemConfig(self::$config)) + ); $scriptName = $fakeRequest->getScriptName(); if (substr($scriptName, -1) == '/') { $scriptName .= 'index.php'; @@ -156,7 +123,6 @@ class OC { } } - if (OC::$CLI) { OC::$WEBROOT = self::$config->getValue('overwritewebroot', ''); } else { @@ -174,36 +140,17 @@ class OC { OC::$WEBROOT = self::$config->getValue('overwritewebroot', ''); } - // Resolve /owncloud to /owncloud/ to ensure to always have a trailing + // Resolve /nextcloud to /nextcloud/ to ensure to always have a trailing // slash which is required by URL generation. - if($_SERVER['REQUEST_URI'] === \OC::$WEBROOT && - substr($_SERVER['REQUEST_URI'], -1) !== '/') { - header('Location: '.\OC::$WEBROOT.'/'); + if (isset($_SERVER['REQUEST_URI']) && $_SERVER['REQUEST_URI'] === \OC::$WEBROOT + && substr($_SERVER['REQUEST_URI'], -1) !== '/') { + header('Location: ' . \OC::$WEBROOT . '/'); exit(); } } - // search the 3rdparty folder - OC::$THIRDPARTYROOT = self::$config->getValue('3rdpartyroot', null); - OC::$THIRDPARTYWEBROOT = self::$config->getValue('3rdpartyurl', null); - - if (empty(OC::$THIRDPARTYROOT) && empty(OC::$THIRDPARTYWEBROOT)) { - if (file_exists(OC::$SERVERROOT . '/3rdparty')) { - OC::$THIRDPARTYROOT = OC::$SERVERROOT; - OC::$THIRDPARTYWEBROOT = OC::$WEBROOT; - } elseif (file_exists(OC::$SERVERROOT . '/../3rdparty')) { - OC::$THIRDPARTYWEBROOT = rtrim(dirname(OC::$WEBROOT), '/'); - OC::$THIRDPARTYROOT = rtrim(dirname(OC::$SERVERROOT), '/'); - } - } - if (empty(OC::$THIRDPARTYROOT) || !file_exists(OC::$THIRDPARTYROOT)) { - throw new \RuntimeException('3rdparty directory not found! Please put the ownCloud 3rdparty' - . ' folder in the ownCloud folder or the folder above.' - . ' You can also configure the location in the config.php file.'); - } - // search the apps folder - $config_paths = self::$config->getValue('apps_paths', array()); + $config_paths = self::$config->getValue('apps_paths', []); if (!empty($config_paths)) { foreach ($config_paths as $paths) { if (isset($paths['url']) && isset($paths['path'])) { @@ -213,890 +160,1032 @@ class OC { } } } elseif (file_exists(OC::$SERVERROOT . '/apps')) { - OC::$APPSROOTS[] = array('path' => OC::$SERVERROOT . '/apps', 'url' => '/apps', 'writable' => true); - } elseif (file_exists(OC::$SERVERROOT . '/../apps')) { - OC::$APPSROOTS[] = array( - 'path' => rtrim(dirname(OC::$SERVERROOT), '/') . '/apps', - 'url' => '/apps', - 'writable' => true - ); + OC::$APPSROOTS[] = ['path' => OC::$SERVERROOT . '/apps', 'url' => '/apps', 'writable' => true]; } if (empty(OC::$APPSROOTS)) { - throw new \RuntimeException('apps directory not found! Please put the ownCloud apps folder in the ownCloud folder' - . ' or the folder above. You can also configure the location in the config.php file.'); + throw new \RuntimeException('apps directory not found! Please put the Nextcloud apps folder in the Nextcloud folder' + . '. You can also configure the location in the config.php file.'); } - $paths = array(); + $paths = []; foreach (OC::$APPSROOTS as $path) { $paths[] = $path['path']; if (!is_dir($path['path'])) { - throw new \RuntimeException(sprintf('App directory "%s" not found! Please put the ownCloud apps folder in the' - . ' ownCloud folder or the folder above. You can also configure the location in the' - . ' config.php file.', $path['path'])); + throw new \RuntimeException(sprintf('App directory "%s" not found! Please put the Nextcloud apps folder in the' + . ' Nextcloud folder. You can also configure the location in the config.php file.', $path['path'])); } } // set the right include path set_include_path( - OC::$SERVERROOT . '/lib/private' . PATH_SEPARATOR . - OC::$SERVERROOT . '/config' . PATH_SEPARATOR . - OC::$THIRDPARTYROOT . '/3rdparty' . PATH_SEPARATOR . - implode(PATH_SEPARATOR, $paths) . PATH_SEPARATOR . - get_include_path() . PATH_SEPARATOR . - OC::$SERVERROOT + implode(PATH_SEPARATOR, $paths) ); } - public static function checkConfig() { - $l = \OC::$server->getL10N('lib'); - + public static function checkConfig(): void { // Create config if it does not already exist - $configFilePath = self::$configDir .'/config.php'; - if(!file_exists($configFilePath)) { + $configFilePath = self::$configDir . '/config.php'; + if (!file_exists($configFilePath)) { @touch($configFilePath); } // Check if config is writable $configFileWritable = is_writable($configFilePath); - if (!$configFileWritable && !OC_Helper::isReadOnlyConfigEnabled() - || !$configFileWritable && self::checkUpgrade(false)) { - - $urlGenerator = \OC::$server->getURLGenerator(); + $configReadOnly = Server::get(IConfig::class)->getSystemValueBool('config_is_read_only'); + if (!$configFileWritable && !$configReadOnly + || !$configFileWritable && \OCP\Util::needUpgrade()) { + $urlGenerator = Server::get(IURLGenerator::class); + $l = Server::get(\OCP\L10N\IFactory::class)->get('lib'); if (self::$CLI) { - echo $l->t('Cannot write into "config" directory!')."\n"; - echo $l->t('This can usually be fixed by giving the webserver write access to the config directory')."\n"; + echo $l->t('Cannot write into "config" directory!') . "\n"; + echo $l->t('This can usually be fixed by giving the web server write access to the config directory.') . "\n"; echo "\n"; - echo $l->t('See %s', [ $urlGenerator->linkToDocs('admin-dir_permissions') ])."\n"; + echo $l->t('But, if you prefer to keep config.php file read only, set the option "config_is_read_only" to true in it.') . "\n"; + echo $l->t('See %s', [ $urlGenerator->linkToDocs('admin-config') ]) . "\n"; exit; } else { - OC_Template::printErrorPage( + Server::get(ITemplateManager::class)->printErrorPage( $l->t('Cannot write into "config" directory!'), - $l->t('This can usually be fixed by ' - . '%sgiving the webserver write access to the config directory%s.', - array('<a href="' . $urlGenerator->linkToDocs('admin-dir_permissions') . '" target="_blank" rel="noreferrer">', '</a>')) + $l->t('This can usually be fixed by giving the web server write access to the config directory.') . ' ' + . $l->t('But, if you prefer to keep config.php file read only, set the option "config_is_read_only" to true in it.') . ' ' + . $l->t('See %s', [ $urlGenerator->linkToDocs('admin-config') ]), + 503 ); } } } - public static function checkInstalled() { + public static function checkInstalled(\OC\SystemConfig $systemConfig): void { if (defined('OC_CONSOLE')) { return; } // Redirect to installer if not installed - if (!\OC::$server->getSystemConfig()->getValue('installed', false) && OC::$SUBURI != '/index.php') { + if (!$systemConfig->getValue('installed', false) && OC::$SUBURI !== '/index.php' && OC::$SUBURI !== '/status.php') { if (OC::$CLI) { throw new Exception('Not installed'); } else { - $url = 'http://' . $_SERVER['SERVER_NAME'] . OC::$WEBROOT . '/index.php'; + $url = OC::$WEBROOT . '/index.php'; header('Location: ' . $url); } exit(); } } - public static function checkMaintenanceMode() { + public static function checkMaintenanceMode(\OC\SystemConfig $systemConfig): void { // Allow ajax update script to execute without being stopped - if (\OC::$server->getSystemConfig()->getValue('maintenance', false) && OC::$SUBURI != '/core/ajax/update.php') { + if (((bool)$systemConfig->getValue('maintenance', false)) && OC::$SUBURI != '/core/ajax/update.php') { // send http status 503 - header('HTTP/1.1 503 Service Temporarily Unavailable'); - header('Status: 503 Service Temporarily Unavailable'); + http_response_code(503); + header('X-Nextcloud-Maintenance-Mode: 1'); header('Retry-After: 120'); // render error page - $template = new OC_Template('', 'update.user', 'guest'); - OC_Util::addscript('maintenance-check'); + $template = Server::get(ITemplateManager::class)->getTemplate('', 'update.user', 'guest'); + \OCP\Util::addScript('core', 'maintenance'); + \OCP\Util::addScript('core', 'common'); + \OCP\Util::addStyle('core', 'guest'); $template->printPage(); die(); } } - public static function checkSingleUserMode($lockIfNoUserLoggedIn = false) { - if (!\OC::$server->getSystemConfig()->getValue('singleuser', false)) { - return; - } - $user = OC_User::getUserSession()->getUser(); - if ($user) { - $group = \OC::$server->getGroupManager()->get('admin'); - if ($group->inGroup($user)) { - return; - } - } else { - if(!$lockIfNoUserLoggedIn) { - return; + /** + * Prints the upgrade page + */ + private static function printUpgradePage(\OC\SystemConfig $systemConfig): void { + $cliUpgradeLink = $systemConfig->getValue('upgrade.cli-upgrade-link', ''); + $disableWebUpdater = $systemConfig->getValue('upgrade.disable-web', false); + $tooBig = false; + if (!$disableWebUpdater) { + $apps = Server::get(\OCP\App\IAppManager::class); + if ($apps->isEnabledForAnyone('user_ldap')) { + $qb = Server::get(\OCP\IDBConnection::class)->getQueryBuilder(); + + $result = $qb->select($qb->func()->count('*', 'user_count')) + ->from('ldap_user_mapping') + ->executeQuery(); + $row = $result->fetch(); + $result->closeCursor(); + + $tooBig = ($row['user_count'] > 50); } - } - // send http status 503 - header('HTTP/1.1 503 Service Temporarily Unavailable'); - header('Status: 503 Service Temporarily Unavailable'); - header('Retry-After: 120'); + if (!$tooBig && $apps->isEnabledForAnyone('user_saml')) { + $qb = Server::get(\OCP\IDBConnection::class)->getQueryBuilder(); - // render error page - $template = new OC_Template('', 'singleuser.user', 'guest'); - $template->printPage(); - die(); - } + $result = $qb->select($qb->func()->count('*', 'user_count')) + ->from('user_saml_users') + ->executeQuery(); + $row = $result->fetch(); + $result->closeCursor(); - /** - * Checks if the version requires an update and shows - * @param bool $showTemplate Whether an update screen should get shown - * @return bool|void - */ - public static function checkUpgrade($showTemplate = true) { - if (\OCP\Util::needUpgrade()) { - $systemConfig = \OC::$server->getSystemConfig(); - if ($showTemplate && !$systemConfig->getValue('maintenance', false)) { - self::printUpgradePage(); - exit(); - } else { - return true; + $tooBig = ($row['user_count'] > 50); + } + if (!$tooBig) { + // count users + $totalUsers = Server::get(\OCP\IUserManager::class)->countUsersTotal(51); + $tooBig = ($totalUsers > 50); } } - return false; - } + $ignoreTooBigWarning = isset($_GET['IKnowThatThisIsABigInstanceAndTheUpdateRequestCouldRunIntoATimeoutAndHowToRestoreABackup']) + && $_GET['IKnowThatThisIsABigInstanceAndTheUpdateRequestCouldRunIntoATimeoutAndHowToRestoreABackup'] === 'IAmSuperSureToDoThis'; - /** - * Prints the upgrade page - */ - private static function printUpgradePage() { - $systemConfig = \OC::$server->getSystemConfig(); - $oldTheme = $systemConfig->getValue('theme'); - $systemConfig->setValue('theme', ''); - \OCP\Util::addScript('config'); // needed for web root - \OCP\Util::addScript('update'); + if ($disableWebUpdater || ($tooBig && !$ignoreTooBigWarning)) { + // send http status 503 + http_response_code(503); + header('Retry-After: 120'); + + $serverVersion = \OCP\Server::get(\OCP\ServerVersion::class); + + // render error page + $template = Server::get(ITemplateManager::class)->getTemplate('', 'update.use-cli', 'guest'); + $template->assign('productName', 'nextcloud'); // for now + $template->assign('version', $serverVersion->getVersionString()); + $template->assign('tooBig', $tooBig); + $template->assign('cliUpgradeLink', $cliUpgradeLink); + + $template->printPage(); + die(); + } // check whether this is a core update or apps update $installedVersion = $systemConfig->getValue('version', '0.0.0'); $currentVersion = implode('.', \OCP\Util::getVersion()); - $appManager = \OC::$server->getAppManager(); + // if not a core upgrade, then it's apps upgrade + $isAppsOnlyUpgrade = version_compare($currentVersion, $installedVersion, '='); - $tmpl = new OC_Template('', 'update.admin', 'guest'); - $tmpl->assign('version', OC_Util::getVersionString()); + $oldTheme = $systemConfig->getValue('theme'); + $systemConfig->setValue('theme', ''); + \OCP\Util::addScript('core', 'common'); + \OCP\Util::addScript('core', 'main'); + \OCP\Util::addTranslations('core'); + \OCP\Util::addScript('core', 'update'); - // if not a core upgrade, then it's apps upgrade - if (version_compare($currentVersion, $installedVersion, '=')) { - $tmpl->assign('isAppsOnlyUpgrade', true); - } else { - $tmpl->assign('isAppsOnlyUpgrade', false); - } + /** @var \OC\App\AppManager $appManager */ + $appManager = Server::get(\OCP\App\IAppManager::class); + + $tmpl = Server::get(ITemplateManager::class)->getTemplate('', 'update.admin', 'guest'); + $tmpl->assign('version', \OCP\Server::get(\OCP\ServerVersion::class)->getVersionString()); + $tmpl->assign('isAppsOnlyUpgrade', $isAppsOnlyUpgrade); // get third party apps $ocVersion = \OCP\Util::getVersion(); + $ocVersion = implode('.', $ocVersion); + $incompatibleApps = $appManager->getIncompatibleApps($ocVersion); + $incompatibleOverwrites = $systemConfig->getValue('app_install_overwrite', []); + $incompatibleShippedApps = []; + $incompatibleDisabledApps = []; + foreach ($incompatibleApps as $appInfo) { + if ($appManager->isShipped($appInfo['id'])) { + $incompatibleShippedApps[] = $appInfo['name'] . ' (' . $appInfo['id'] . ')'; + } + if (!in_array($appInfo['id'], $incompatibleOverwrites)) { + $incompatibleDisabledApps[] = $appInfo; + } + } + + if (!empty($incompatibleShippedApps)) { + $l = Server::get(\OCP\L10N\IFactory::class)->get('core'); + $hint = $l->t('Application %1$s is not present or has a non-compatible version with this server. Please check the apps directory.', [implode(', ', $incompatibleShippedApps)]); + throw new \OCP\HintException('Application ' . implode(', ', $incompatibleShippedApps) . ' is not present or has a non-compatible version with this server. Please check the apps directory.', $hint); + } + $tmpl->assign('appsToUpgrade', $appManager->getAppsNeedingUpgrade($ocVersion)); - $tmpl->assign('incompatibleAppsList', $appManager->getIncompatibleApps($ocVersion)); - $tmpl->assign('productName', 'ownCloud'); // for now + $tmpl->assign('incompatibleAppsList', $incompatibleDisabledApps); + try { + $defaults = new \OC_Defaults(); + $tmpl->assign('productName', $defaults->getName()); + } catch (Throwable $error) { + $tmpl->assign('productName', 'Nextcloud'); + } $tmpl->assign('oldTheme', $oldTheme); $tmpl->printPage(); } - public static function initSession() { + public static function initSession(): void { + $request = Server::get(IRequest::class); + + // TODO: Temporary disabled again to solve issues with CalDAV/CardDAV clients like DAVx5 that use cookies + // TODO: See https://github.com/nextcloud/server/issues/37277#issuecomment-1476366147 and the other comments + // TODO: for further information. + // $isDavRequest = strpos($request->getRequestUri(), '/remote.php/dav') === 0 || strpos($request->getRequestUri(), '/remote.php/webdav') === 0; + // if ($request->getHeader('Authorization') !== '' && is_null($request->getCookie('cookie_test')) && $isDavRequest && !isset($_COOKIE['nc_session_id'])) { + // setcookie('cookie_test', 'test', time() + 3600); + // // Do not initialize the session if a request is authenticated directly + // // unless there is a session cookie already sent along + // return; + // } + + if ($request->getServerProtocol() === 'https') { + ini_set('session.cookie_secure', 'true'); + } + // prevents javascript from accessing php session cookies - ini_set('session.cookie_httponly', true); + ini_set('session.cookie_httponly', 'true'); - // set the cookie path to the ownCloud directory + // Do not initialize sessions for 'status.php' requests + // Monitoring endpoints can quickly flood session handlers + // and 'status.php' doesn't require sessions anyway + if (str_ends_with($request->getScriptName(), '/status.php')) { + return; + } + + // set the cookie path to the Nextcloud directory $cookie_path = OC::$WEBROOT ? : '/'; ini_set('session.cookie_path', $cookie_path); + // set the cookie domain to the Nextcloud domain + $cookie_domain = self::$config->getValue('cookie_domain', ''); + if ($cookie_domain) { + ini_set('session.cookie_domain', $cookie_domain); + } + // Let the session name be changed in the initSession Hook $sessionName = OC_Util::getInstanceId(); try { - // Allow session apps to create a custom session object - $useCustomSession = false; - $session = self::$server->getSession(); - OC_Hook::emit('OC', 'initSession', array('session' => &$session, 'sessionName' => &$sessionName, 'useCustomSession' => &$useCustomSession)); - if (!$useCustomSession) { - // set the session name to the instance id - which is unique - $session = new \OC\Session\Internal($sessionName); + $logger = null; + if (Server::get(\OC\SystemConfig::class)->getValue('installed', false)) { + $logger = logger('core'); } - $cryptoWrapper = \OC::$server->getSessionCryptoWrapper(); + // set the session name to the instance id - which is unique + $session = new \OC\Session\Internal( + $sessionName, + $logger, + ); + + $cryptoWrapper = Server::get(\OC\Session\CryptoWrapper::class); $session = $cryptoWrapper->wrapSession($session); self::$server->setSession($session); - // if session cant be started break with http 500 error + // if session can't be started break with http 500 error } catch (Exception $e) { - \OCP\Util::logException('base', $e); + Server::get(LoggerInterface::class)->error($e->getMessage(), ['app' => 'base','exception' => $e]); //show the user a detailed error page - OC_Response::setStatus(OC_Response::STATUS_INTERNAL_SERVER_ERROR); - OC_Template::printExceptionErrorPage($e); + Server::get(ITemplateManager::class)->printExceptionErrorPage($e, 500); die(); } + //try to set the session lifetime $sessionLifeTime = self::getSessionLifeTime(); // session timeout if ($session->exists('LAST_ACTIVITY') && (time() - $session->get('LAST_ACTIVITY') > $sessionLifeTime)) { if (isset($_COOKIE[session_name()])) { - setcookie(session_name(), null, -1, self::$WEBROOT ? : '/'); + setcookie(session_name(), '', -1, self::$WEBROOT ? : '/'); } - $session->clear(); + Server::get(IUserSession::class)->logout(); } - $session->set('LAST_ACTIVITY', time()); + if (!self::hasSessionRelaxedExpiry()) { + $session->set('LAST_ACTIVITY', time()); + } + $session->close(); + } + + private static function getSessionLifeTime(): int { + return Server::get(\OC\AllConfig::class)->getSystemValueInt('session_lifetime', 60 * 60 * 24); } /** - * @return string + * @return bool true if the session expiry should only be done by gc instead of an explicit timeout */ - private static function getSessionLifeTime() { - return \OC::$server->getConfig()->getSystemValue('session_lifetime', 60 * 60 * 24); + public static function hasSessionRelaxedExpiry(): bool { + return Server::get(\OC\AllConfig::class)->getSystemValueBool('session_relaxed_expiry', false); } - public static function loadAppClassPaths() { - foreach (OC_APP::getEnabledApps() as $app) { - $appPath = OC_App::getAppPath($app); - if ($appPath === false) { - continue; - } + /** + * Try to set some values to the required Nextcloud default + */ + public static function setRequiredIniValues(): void { + // Don't display errors and log them + @ini_set('display_errors', '0'); + @ini_set('log_errors', '1'); - $file = $appPath . '/appinfo/classpath.php'; - if (file_exists($file)) { - require_once $file; - } + // Try to configure php to enable big file uploads. + // This doesn't work always depending on the webserver and php configuration. + // Let's try to overwrite some defaults if they are smaller than 1 hour + + if (intval(@ini_get('max_execution_time') ?: 0) < 3600) { + @ini_set('max_execution_time', strval(3600)); } + + if (intval(@ini_get('max_input_time') ?: 0) < 3600) { + @ini_set('max_input_time', strval(3600)); + } + + // Try to set the maximum execution time to the largest time limit we have + if (strpos(@ini_get('disable_functions'), 'set_time_limit') === false) { + @set_time_limit(max(intval(@ini_get('max_execution_time')), intval(@ini_get('max_input_time')))); + } + + @ini_set('default_charset', 'UTF-8'); + @ini_set('gd.jpeg_ignore_warning', '1'); } /** - * Try to set some values to the required ownCloud default + * Send the same site cookies */ - public static function setRequiredIniValues() { - @ini_set('default_charset', 'UTF-8'); - @ini_set('gd.jpeg_ignore_warning', 1); + private static function sendSameSiteCookies(): void { + $cookieParams = session_get_cookie_params(); + $secureCookie = ($cookieParams['secure'] === true) ? 'secure; ' : ''; + $policies = [ + 'lax', + 'strict', + ]; + + // Append __Host to the cookie if it meets the requirements + $cookiePrefix = ''; + if ($cookieParams['secure'] === true && $cookieParams['path'] === '/') { + $cookiePrefix = '__Host-'; + } + + foreach ($policies as $policy) { + header( + sprintf( + 'Set-Cookie: %snc_sameSiteCookie%s=true; path=%s; httponly;' . $secureCookie . 'expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=%s', + $cookiePrefix, + $policy, + $cookieParams['path'], + $policy + ), + false + ); + } + } + + /** + * Same Site cookie to further mitigate CSRF attacks. This cookie has to + * be set in every request if cookies are sent to add a second level of + * defense against CSRF. + * + * If the cookie is not sent this will set the cookie and reload the page. + * We use an additional cookie since we want to protect logout CSRF and + * also we can't directly interfere with PHP's session mechanism. + */ + private static function performSameSiteCookieProtection(IConfig $config): void { + $request = Server::get(IRequest::class); + + // Some user agents are notorious and don't really properly follow HTTP + // specifications. For those, have an automated opt-out. Since the protection + // for remote.php is applied in base.php as starting point we need to opt out + // here. + $incompatibleUserAgents = $config->getSystemValue('csrf.optout'); + + // Fallback, if csrf.optout is unset + if (!is_array($incompatibleUserAgents)) { + $incompatibleUserAgents = [ + // OS X Finder + '/^WebDAVFS/', + // Windows webdav drive + '/^Microsoft-WebDAV-MiniRedir/', + ]; + } + + if ($request->isUserAgent($incompatibleUserAgents)) { + return; + } + + if (count($_COOKIE) > 0) { + $requestUri = $request->getScriptName(); + $processingScript = explode('/', $requestUri); + $processingScript = $processingScript[count($processingScript) - 1]; + + if ($processingScript === 'index.php' // index.php routes are handled in the middleware + || $processingScript === 'cron.php' // and cron.php does not need any authentication at all + || $processingScript === 'public.php' // For public.php, auth for password protected shares is done in the PublicAuth plugin + ) { + return; + } + + // All other endpoints require the lax and the strict cookie + if (!$request->passesStrictCookieCheck()) { + logger('core')->warning('Request does not pass strict cookie check'); + self::sendSameSiteCookies(); + // Debug mode gets access to the resources without strict cookie + // due to the fact that the SabreDAV browser also lives there. + if (!$config->getSystemValueBool('debug', false)) { + http_response_code(\OCP\AppFramework\Http::STATUS_PRECONDITION_FAILED); + header('Content-Type: application/json'); + echo json_encode(['error' => 'Strict Cookie has not been found in request']); + exit(); + } + } + } elseif (!isset($_COOKIE['nc_sameSiteCookielax']) || !isset($_COOKIE['nc_sameSiteCookiestrict'])) { + self::sendSameSiteCookies(); + } } - public static function init() { + public static function init(): void { + // First handle PHP configuration and copy auth headers to the expected + // $_SERVER variable before doing anything Server object related + self::setRequiredIniValues(); + self::handleAuthHeaders(); + + // prevent any XML processing from loading external entities + libxml_set_external_entity_loader(static function () { + return null; + }); + + // Set default timezone before the Server object is booted + if (!date_default_timezone_set('UTC')) { + throw new \RuntimeException('Could not set timezone to UTC'); + } + // calculate the root directories - OC::$SERVERROOT = str_replace("\\", '/', substr(__DIR__, 0, -4)); + OC::$SERVERROOT = str_replace('\\', '/', substr(__DIR__, 0, -4)); // register autoloader $loaderStart = microtime(true); - require_once __DIR__ . '/autoloader.php'; - self::$loader = new \OC\Autoloader([ - OC::$SERVERROOT . '/lib', - OC::$SERVERROOT . '/core', - OC::$SERVERROOT . '/settings', - OC::$SERVERROOT . '/ocs', - OC::$SERVERROOT . '/ocs-provider', - ]); - if (defined('PHPUNIT_RUN')) { - self::$loader->addValidRoot(OC::$SERVERROOT . '/tests'); - } - spl_autoload_register(array(self::$loader, 'load')); - $loaderEnd = microtime(true); self::$CLI = (php_sapi_name() == 'cli'); + // Add default composer PSR-4 autoloader, ensure apcu to be disabled + self::$composerAutoloader = require_once OC::$SERVERROOT . '/lib/composer/autoload.php'; + self::$composerAutoloader->setApcuPrefix(null); + + try { self::initPaths(); // setup 3rdparty autoloader - $vendorAutoLoad = OC::$THIRDPARTYROOT . '/3rdparty/autoload.php'; + $vendorAutoLoad = OC::$SERVERROOT . '/3rdparty/autoload.php'; if (!file_exists($vendorAutoLoad)) { throw new \RuntimeException('Composer autoloader not found, unable to continue. Check the folder "3rdparty". Running "git submodule update --init" will initialize the git submodule that handles the subfolder "3rdparty".'); } require_once $vendorAutoLoad; - } catch (\RuntimeException $e) { if (!self::$CLI) { - OC_Response::setStatus(OC_Response::STATUS_SERVICE_UNAVAILABLE); + http_response_code(503); } // we can't use the template error page here, because this needs the // DI container which isn't available yet print($e->getMessage()); exit(); } + $loaderEnd = microtime(true); - // Add default composer PSR-4 autoloader - require_once OC::$SERVERROOT . '/lib/composer/autoload.php'; + // Enable lazy loading if activated + \OC\AppFramework\Utility\SimpleContainer::$useLazyObjects = (bool)self::$config->getValue('enable_lazy_objects', true); // setup the basic server self::$server = new \OC\Server(\OC::$WEBROOT, self::$config); - \OC::$server->getEventLogger()->log('autoloader', 'Autoloader', $loaderStart, $loaderEnd); - \OC::$server->getEventLogger()->start('boot', 'Initialize'); + self::$server->boot(); - // Don't display errors and log them - error_reporting(E_ALL | E_STRICT); - @ini_set('display_errors', 0); - @ini_set('log_errors', 1); - - date_default_timezone_set('UTC'); - - //try to configure php to enable big file uploads. - //this doesn´t work always depending on the webserver and php configuration. - //Let´s try to overwrite some defaults anyway + try { + $profiler = new BuiltInProfiler( + Server::get(IConfig::class), + Server::get(IRequest::class), + ); + $profiler->start(); + } catch (\Throwable $e) { + logger('core')->error('Failed to start profiler: ' . $e->getMessage(), ['app' => 'base']); + } - //try to set the maximum execution time to 60min - @set_time_limit(3600); - @ini_set('max_execution_time', 3600); - @ini_set('max_input_time', 3600); + if (self::$CLI && in_array('--' . \OCP\Console\ReservedOptions::DEBUG_LOG, $_SERVER['argv'])) { + \OC\Core\Listener\BeforeMessageLoggedEventListener::setup(); + } - //try to set the maximum filesize to 10G - @ini_set('upload_max_filesize', '10G'); - @ini_set('post_max_size', '10G'); - @ini_set('file_uploads', '50'); + $eventLogger = Server::get(\OCP\Diagnostics\IEventLogger::class); + $eventLogger->log('autoloader', 'Autoloader', $loaderStart, $loaderEnd); + $eventLogger->start('boot', 'Initialize'); - self::setRequiredIniValues(); - self::handleAuthHeaders(); - self::registerAutoloaderCache(); + // Override php.ini and log everything if we're troubleshooting + if (self::$config->getValue('loglevel') === ILogger::DEBUG) { + error_reporting(E_ALL); + } - // initialize intl fallback is necessary - \Patchwork\Utf8\Bootup::initIntl(); + // initialize intl fallback if necessary OC_Util::isSetLocaleWorking(); + $config = Server::get(IConfig::class); if (!defined('PHPUNIT_RUN')) { - $logger = \OC::$server->getLogger(); - OC\Log\ErrorHandler::setLogger($logger); - if (\OC::$server->getConfig()->getSystemValue('debug', false)) { - OC\Log\ErrorHandler::register(true); - set_exception_handler(array('OC_Template', 'printExceptionErrorPage')); + $errorHandler = new OC\Log\ErrorHandler( + \OCP\Server::get(\Psr\Log\LoggerInterface::class), + ); + $exceptionHandler = [$errorHandler, 'onException']; + if ($config->getSystemValueBool('debug', false)) { + set_error_handler([$errorHandler, 'onAll'], E_ALL); + if (\OC::$CLI) { + $exceptionHandler = [Server::get(ITemplateManager::class), 'printExceptionErrorPage']; + } } else { - OC\Log\ErrorHandler::register(); + set_error_handler([$errorHandler, 'onError']); } + register_shutdown_function([$errorHandler, 'onShutdown']); + set_exception_handler($exceptionHandler); } - // register the stream wrappers - stream_wrapper_register('fakedir', 'OC\Files\Stream\Dir'); - stream_wrapper_register('static', 'OC\Files\Stream\StaticStream'); - stream_wrapper_register('close', 'OC\Files\Stream\Close'); - stream_wrapper_register('quota', 'OC\Files\Stream\Quota'); - stream_wrapper_register('oc', 'OC\Files\Stream\OC'); + /** @var \OC\AppFramework\Bootstrap\Coordinator $bootstrapCoordinator */ + $bootstrapCoordinator = Server::get(\OC\AppFramework\Bootstrap\Coordinator::class); + $bootstrapCoordinator->runInitialRegistration(); - \OC::$server->getEventLogger()->start('init_session', 'Initialize session'); - OC_App::loadApps(array('session')); + $eventLogger->start('init_session', 'Initialize session'); + + // Check for PHP SimpleXML extension earlier since we need it before our other checks and want to provide a useful hint for web users + // see https://github.com/nextcloud/server/pull/2619 + if (!function_exists('simplexml_load_file')) { + throw new \OCP\HintException('The PHP SimpleXML/PHP-XML extension is not installed.', 'Install the extension or make sure it is enabled.'); + } + + $systemConfig = Server::get(\OC\SystemConfig::class); + $appManager = Server::get(\OCP\App\IAppManager::class); + if ($systemConfig->getValue('installed', false)) { + $appManager->loadApps(['session']); + } if (!self::$CLI) { self::initSession(); } - \OC::$server->getEventLogger()->end('init_session'); + $eventLogger->end('init_session'); self::checkConfig(); - self::checkInstalled(); + self::checkInstalled($systemConfig); OC_Response::addSecurityHeaders(); - if(self::$server->getRequest()->getServerProtocol() === 'https') { - ini_set('session.cookie_secure', true); - } + + self::performSameSiteCookieProtection($config); if (!defined('OC_CONSOLE')) { - $errors = OC_Util::checkServer(\OC::$server->getConfig()); + $eventLogger->start('check_server', 'Run a few configuration checks'); + $errors = OC_Util::checkServer($systemConfig); if (count($errors) > 0) { - if (self::$CLI) { - // Convert l10n string into regular string for usage in database - $staticErrors = []; - foreach ($errors as $error) { - echo $error['error'] . "\n"; - echo $error['hint'] . "\n\n"; - $staticErrors[] = [ - 'error' => (string)$error['error'], - 'hint' => (string)$error['hint'], - ]; - } - + if (!self::$CLI) { + http_response_code(503); + Util::addStyle('guest'); try { - \OC::$server->getConfig()->setAppValue('core', 'cronErrors', json_encode($staticErrors)); + Server::get(ITemplateManager::class)->printGuestPage('', 'error', ['errors' => $errors]); + exit; } catch (\Exception $e) { - echo('Writing to database failed'); + // In case any error happens when showing the error page, we simply fall back to posting the text. + // This might be the case when e.g. the data directory is broken and we can not load/write SCSS to/from it. } - exit(1); - } else { - OC_Response::setStatus(OC_Response::STATUS_SERVICE_UNAVAILABLE); - OC_Template::printGuestPage('', 'error', array('errors' => $errors)); - exit; } - } elseif (self::$CLI && \OC::$server->getConfig()->getSystemValue('installed', false)) { - \OC::$server->getConfig()->deleteAppValue('core', 'cronErrors'); + + // Convert l10n string into regular string for usage in database + $staticErrors = []; + foreach ($errors as $error) { + echo $error['error'] . "\n"; + echo $error['hint'] . "\n\n"; + $staticErrors[] = [ + 'error' => (string)$error['error'], + 'hint' => (string)$error['hint'], + ]; + } + + try { + $config->setAppValue('core', 'cronErrors', json_encode($staticErrors)); + } catch (\Exception $e) { + echo('Writing to database failed'); + } + exit(1); + } elseif (self::$CLI && $config->getSystemValueBool('installed', false)) { + $config->deleteAppValue('core', 'cronErrors'); } + $eventLogger->end('check_server'); } - //try to set the session lifetime - $sessionLifeTime = self::getSessionLifeTime(); - @ini_set('gc_maxlifetime', (string)$sessionLifeTime); - - $systemConfig = \OC::$server->getSystemConfig(); // User and Groups - if (!$systemConfig->getValue("installed", false)) { + if (!$systemConfig->getValue('installed', false)) { self::$server->getSession()->set('user_id', ''); } - OC_User::useBackend(new OC_User_Database()); - OC_Group::useBackend(new OC_Group_Database()); + $eventLogger->start('setup_backends', 'Setup group and user backends'); + Server::get(\OCP\IUserManager::class)->registerBackend(new \OC\User\Database()); + Server::get(\OCP\IGroupManager::class)->addBackend(new \OC\Group\Database()); // Subscribe to the hook \OCP\Util::connectHook( '\OCA\Files_Sharing\API\Server2Server', 'preLoginNameUsedAsUserName', - '\OC_User_Database', + '\OC\User\Database', 'preLoginNameUsedAsUserName' ); //setup extra user backends - if (!self::checkUpgrade(false)) { + if (!\OCP\Util::needUpgrade()) { OC_User::setupBackends(); + } else { + // Run upgrades in incognito mode + OC_User::setIncognitoMode(true); } - - self::registerCacheHooks(); - self::registerFilesystemHooks(); - if ($systemConfig->getValue('enable_previews', true)) { - self::registerPreviewHooks(); + $eventLogger->end('setup_backends'); + + self::registerCleanupHooks($systemConfig); + self::registerShareHooks($systemConfig); + self::registerEncryptionWrapperAndHooks(); + self::registerAccountHooks(); + self::registerResourceCollectionHooks(); + self::registerFileReferenceEventListener(); + self::registerRenderReferenceEventListener(); + self::registerAppRestrictionsHooks(); + + // Make sure that the application class is not loaded before the database is setup + if ($systemConfig->getValue('installed', false)) { + $appManager->loadApp('settings'); } - self::registerShareHooks(); - self::registerLogRotate(); - self::registerEncryptionWrapper(); - self::registerEncryptionHooks(); //make sure temporary files are cleaned up - $tmpManager = \OC::$server->getTempManager(); - register_shutdown_function(array($tmpManager, 'clean')); - $lockProvider = \OC::$server->getLockingProvider(); - register_shutdown_function(array($lockProvider, 'releaseAll')); + $tmpManager = Server::get(\OCP\ITempManager::class); + register_shutdown_function([$tmpManager, 'clean']); + $lockProvider = Server::get(\OCP\Lock\ILockingProvider::class); + register_shutdown_function([$lockProvider, 'releaseAll']); // Check whether the sample configuration has been copied - if($systemConfig->getValue('copied_sample_config', false)) { - $l = \OC::$server->getL10N('lib'); - header('HTTP/1.1 503 Service Temporarily Unavailable'); - header('Status: 503 Service Temporarily Unavailable'); - OC_Template::printErrorPage( + if ($systemConfig->getValue('copied_sample_config', false)) { + $l = Server::get(\OCP\L10N\IFactory::class)->get('lib'); + Server::get(ITemplateManager::class)->printErrorPage( $l->t('Sample configuration detected'), - $l->t('It has been detected that the sample configuration has been copied. This can break your installation and is unsupported. Please read the documentation before performing changes on config.php') + $l->t('It has been detected that the sample configuration has been copied. This can break your installation and is unsupported. Please read the documentation before performing changes on config.php'), + 503 ); return; } - $request = \OC::$server->getRequest(); + $request = Server::get(IRequest::class); $host = $request->getInsecureServerHost(); /** * if the host passed in headers isn't trusted * FIXME: Should not be in here at all :see_no_evil: */ if (!OC::$CLI - // overwritehost is always trusted, workaround to not have to make - // \OC\AppFramework\Http\Request::getOverwriteHost public - && self::$server->getConfig()->getSystemValue('overwritehost') === '' - && !\OC::$server->getTrustedDomainHelper()->isTrustedDomain($host) - && self::$server->getConfig()->getSystemValue('installed', false) + && !Server::get(\OC\Security\TrustedDomainHelper::class)->isTrustedDomain($host) + && $config->getSystemValueBool('installed', false) ) { - header('HTTP/1.1 400 Bad Request'); - header('Status: 400 Bad Request'); + // Allow access to CSS resources + $isScssRequest = false; + if (strpos($request->getPathInfo() ?: '', '/css/') === 0) { + $isScssRequest = true; + } + + if (substr($request->getRequestUri(), -11) === '/status.php') { + http_response_code(400); + header('Content-Type: application/json'); + echo '{"error": "Trusted domain error.", "code": 15}'; + exit(); + } - \OC::$server->getLogger()->warning( + if (!$isScssRequest) { + http_response_code(400); + Server::get(LoggerInterface::class)->info( 'Trusted domain error. "{remoteAddress}" tried to access using "{host}" as host.', [ 'app' => 'core', 'remoteAddress' => $request->getRemoteAddress(), 'host' => $host, ] - ); + ); - $tmpl = new OCP\Template('core', 'untrustedDomain', 'guest'); - $tmpl->assign('domain', $host); - $tmpl->printPage(); + $tmpl = Server::get(ITemplateManager::class)->getTemplate('core', 'untrustedDomain', 'guest'); + $tmpl->assign('docUrl', Server::get(IURLGenerator::class)->linkToDocs('admin-trusted-domains')); + $tmpl->printPage(); - exit(); + exit(); + } } - \OC::$server->getEventLogger()->end('boot'); + $eventLogger->end('boot'); + $eventLogger->log('init', 'OC::init', $loaderStart, microtime(true)); + $eventLogger->start('runtime', 'Runtime'); + $eventLogger->start('request', 'Full request after boot'); + register_shutdown_function(function () use ($eventLogger) { + $eventLogger->end('request'); + }); + + register_shutdown_function(function () { + $memoryPeak = memory_get_peak_usage(); + $logLevel = match (true) { + $memoryPeak > 500_000_000 => ILogger::FATAL, + $memoryPeak > 400_000_000 => ILogger::ERROR, + $memoryPeak > 300_000_000 => ILogger::WARN, + default => null, + }; + if ($logLevel !== null) { + $message = 'Request used more than 300 MB of RAM: ' . Util::humanFileSize($memoryPeak); + $logger = Server::get(LoggerInterface::class); + $logger->log($logLevel, $message, ['app' => 'core']); + } + }); } /** - * register hooks for the cache + * register hooks for the cleanup of cache and bruteforce protection */ - public static function registerCacheHooks() { + public static function registerCleanupHooks(\OC\SystemConfig $systemConfig): void { //don't try to do this before we are properly setup - if (\OC::$server->getSystemConfig()->getValue('installed', false) && !self::checkUpgrade(false)) { - + if ($systemConfig->getValue('installed', false) && !\OCP\Util::needUpgrade()) { // NOTE: This will be replaced to use OCP - $userSession = self::$server->getUserSession(); - $userSession->listen('\OC\User', 'postLogin', function () { + $userSession = Server::get(\OC\User\Session::class); + $userSession->listen('\OC\User', 'postLogin', function () use ($userSession) { + if (!defined('PHPUNIT_RUN') && $userSession->isLoggedIn()) { + // reset brute force delay for this IP address and username + $uid = $userSession->getUser()->getUID(); + $request = Server::get(IRequest::class); + $throttler = Server::get(IThrottler::class); + $throttler->resetDelay($request->getRemoteAddress(), 'login', ['user' => $uid]); + } + try { $cache = new \OC\Cache\File(); $cache->gc(); } catch (\OC\ServerNotAvailableException $e) { // not a GC exception, pass it on throw $e; + } catch (\OC\ForbiddenException $e) { + // filesystem blocked for this request, ignore } catch (\Exception $e) { // a GC exception should not prevent users from using OC, // so log the exception - \OC::$server->getLogger()->warning('Exception when running cache gc: ' . $e->getMessage(), array('app' => 'core')); + Server::get(LoggerInterface::class)->warning('Exception when running cache gc.', [ + 'app' => 'core', + 'exception' => $e, + ]); } }); } } - private static function registerEncryptionWrapper() { - $manager = self::$server->getEncryptionManager(); - \OCP\Util::connectHook('OC_Filesystem', 'preSetup', $manager, 'setupStorage'); - } + private static function registerEncryptionWrapperAndHooks(): void { + /** @var \OC\Encryption\Manager */ + $manager = Server::get(\OCP\Encryption\IManager::class); + Server::get(IEventDispatcher::class)->addListener( + BeforeFileSystemSetupEvent::class, + $manager->setupStorage(...), + ); - private static function registerEncryptionHooks() { - $enabled = self::$server->getEncryptionManager()->isEnabled(); + $enabled = $manager->isEnabled(); if ($enabled) { - \OCP\Util::connectHook('OCP\Share', 'post_shared', 'OC\Encryption\HookManager', 'postShared'); - \OCP\Util::connectHook('OCP\Share', 'post_unshare', 'OC\Encryption\HookManager', 'postUnshared'); - \OCP\Util::connectHook('OC_Filesystem', 'post_rename', 'OC\Encryption\HookManager', 'postRename'); - \OCP\Util::connectHook('\OCA\Files_Trashbin\Trashbin', 'post_restore', 'OC\Encryption\HookManager', 'postRestore'); + \OC\Encryption\EncryptionEventListener::register(Server::get(IEventDispatcher::class)); } } - /** - * register hooks for the cache - */ - public static function registerLogRotate() { - $systemConfig = \OC::$server->getSystemConfig(); - if ($systemConfig->getValue('installed', false) && $systemConfig->getValue('log_rotate_size', false) && !self::checkUpgrade(false)) { - //don't try to do this before we are properly setup - //use custom logfile path if defined, otherwise use default of owncloud.log in data directory - \OCP\BackgroundJob::registerJob('OC\Log\Rotate', $systemConfig->getValue('logfile', $systemConfig->getValue('datadirectory', OC::$SERVERROOT . '/data') . '/owncloud.log')); - } + private static function registerAccountHooks(): void { + /** @var IEventDispatcher $dispatcher */ + $dispatcher = Server::get(IEventDispatcher::class); + $dispatcher->addServiceListener(UserChangedEvent::class, \OC\Accounts\Hooks::class); } - /** - * register hooks for the filesystem - */ - public static function registerFilesystemHooks() { - // Check for blacklisted files - OC_Hook::connect('OC_Filesystem', 'write', 'OC\Files\Filesystem', 'isBlacklisted'); - OC_Hook::connect('OC_Filesystem', 'rename', 'OC\Files\Filesystem', 'isBlacklisted'); + private static function registerAppRestrictionsHooks(): void { + /** @var \OC\Group\Manager $groupManager */ + $groupManager = Server::get(\OCP\IGroupManager::class); + $groupManager->listen('\OC\Group', 'postDelete', function (\OCP\IGroup $group) { + $appManager = Server::get(\OCP\App\IAppManager::class); + $apps = $appManager->getEnabledAppsForGroup($group); + foreach ($apps as $appId) { + $restrictions = $appManager->getAppRestriction($appId); + if (empty($restrictions)) { + continue; + } + $key = array_search($group->getGID(), $restrictions); + unset($restrictions[$key]); + $restrictions = array_values($restrictions); + if (empty($restrictions)) { + $appManager->disableApp($appId); + } else { + $appManager->enableAppForGroups($appId, $restrictions); + } + } + }); } - /** - * register hooks for previews - */ - public static function registerPreviewHooks() { - OC_Hook::connect('OC_Filesystem', 'post_write', 'OC\Preview', 'post_write'); - OC_Hook::connect('OC_Filesystem', 'delete', 'OC\Preview', 'prepare_delete_files'); - OC_Hook::connect('\OCP\Versions', 'preDelete', 'OC\Preview', 'prepare_delete'); - OC_Hook::connect('\OCP\Trashbin', 'preDelete', 'OC\Preview', 'prepare_delete'); - OC_Hook::connect('OC_Filesystem', 'post_delete', 'OC\Preview', 'post_delete_files'); - OC_Hook::connect('\OCP\Versions', 'delete', 'OC\Preview', 'post_delete_versions'); - OC_Hook::connect('\OCP\Trashbin', 'delete', 'OC\Preview', 'post_delete'); - OC_Hook::connect('\OCP\Versions', 'rollback', 'OC\Preview', 'post_delete_versions'); + private static function registerResourceCollectionHooks(): void { + \OC\Collaboration\Resources\Listener::register(Server::get(IEventDispatcher::class)); + } + + private static function registerFileReferenceEventListener(): void { + \OC\Collaboration\Reference\File\FileReferenceEventListener::register(Server::get(IEventDispatcher::class)); + } + + private static function registerRenderReferenceEventListener() { + \OC\Collaboration\Reference\RenderReferenceEventListener::register(Server::get(IEventDispatcher::class)); } /** * register hooks for sharing */ - public static function registerShareHooks() { - if (\OC::$server->getSystemConfig()->getValue('installed')) { - OC_Hook::connect('OC_User', 'post_deleteUser', 'OC\Share\Hooks', 'post_deleteUser'); - OC_Hook::connect('OC_User', 'post_addToGroup', 'OC\Share\Hooks', 'post_addToGroup'); - OC_Hook::connect('OC_Group', 'pre_addToGroup', 'OC\Share\Hooks', 'pre_addToGroup'); - OC_Hook::connect('OC_User', 'post_removeFromGroup', 'OC\Share\Hooks', 'post_removeFromGroup'); - OC_Hook::connect('OC_User', 'post_deleteGroup', 'OC\Share\Hooks', 'post_deleteGroup'); - } - } + public static function registerShareHooks(\OC\SystemConfig $systemConfig): void { + if ($systemConfig->getValue('installed')) { - protected static function registerAutoloaderCache() { - // The class loader takes an optional low-latency cache, which MUST be - // namespaced. The instanceid is used for namespacing, but might be - // unavailable at this point. Futhermore, it might not be possible to - // generate an instanceid via \OC_Util::getInstanceId() because the - // config file may not be writable. As such, we only register a class - // loader cache if instanceid is available without trying to create one. - $instanceId = \OC::$server->getSystemConfig()->getValue('instanceid', null); - if ($instanceId) { - try { - $memcacheFactory = \OC::$server->getMemCacheFactory(); - self::$loader->setMemoryCache($memcacheFactory->createLocal('Autoloader')); - } catch (\Exception $ex) { - } + $dispatcher = Server::get(IEventDispatcher::class); + $dispatcher->addServiceListener(UserRemovedEvent::class, UserRemovedListener::class); + $dispatcher->addServiceListener(GroupDeletedEvent::class, GroupDeletedListener::class); + $dispatcher->addServiceListener(UserDeletedEvent::class, UserDeletedListener::class); } } /** * Handle the request */ - public static function handleRequest() { + public static function handleRequest(): void { + Server::get(\OCP\Diagnostics\IEventLogger::class)->start('handle_request', 'Handle request'); + $systemConfig = Server::get(\OC\SystemConfig::class); - \OC::$server->getEventLogger()->start('handle_request', 'Handle request'); - $systemConfig = \OC::$server->getSystemConfig(); - // load all the classpaths from the enabled apps so they are available - // in the routing files of each app - OC::loadAppClassPaths(); - - // Check if ownCloud is installed or in maintenance (update) mode + // Check if Nextcloud is installed or in maintenance (update) mode if (!$systemConfig->getValue('installed', false)) { \OC::$server->getSession()->clear(); - $setupHelper = new OC\Setup(\OC::$server->getConfig(), \OC::$server->getIniWrapper(), - \OC::$server->getL10N('lib'), new \OC_Defaults(), \OC::$server->getLogger(), - \OC::$server->getSecureRandom()); - $controller = new OC\Core\Controller\SetupController($setupHelper); + $controller = Server::get(\OC\Core\Controller\SetupController::class); $controller->run($_POST); exit(); } - $request = \OC::$server->getRequest(); + $request = Server::get(IRequest::class); + $request->throwDecodingExceptionIfAny(); $requestPath = $request->getRawPathInfo(); - if (substr($requestPath, -3) !== '.js') { // we need these files during the upgrade - self::checkMaintenanceMode(); - self::checkUpgrade(); + if ($requestPath === '/heartbeat') { + return; } + if (substr($requestPath, -3) !== '.js') { // we need these files during the upgrade + self::checkMaintenanceMode($systemConfig); - // emergency app disabling - if ($requestPath === '/disableapp' - && $request->getMethod() === 'POST' - && ((string)$request->getParam('appid')) !== '' - ) { - \OCP\JSON::callCheck(); - \OCP\JSON::checkAdminUser(); - $appId = (string)$request->getParam('appid'); - $appId = \OC_App::cleanAppId($appId); - - \OC_App::disable($appId); - \OC_JSON::success(); - exit(); + if (\OCP\Util::needUpgrade()) { + if (function_exists('opcache_reset')) { + opcache_reset(); + } + if (!((bool)$systemConfig->getValue('maintenance', false))) { + self::printUpgradePage($systemConfig); + exit(); + } + } } + $appManager = Server::get(\OCP\App\IAppManager::class); + // Always load authentication apps - OC_App::loadApps(['authentication']); + $appManager->loadApps(['authentication']); + $appManager->loadApps(['extended_authentication']); // Load minimum set of apps - if (!self::checkUpgrade(false) - && !$systemConfig->getValue('maintenance', false)) { + if (!\OCP\Util::needUpgrade() + && !((bool)$systemConfig->getValue('maintenance', false))) { // For logged-in users: Load everything - if(OC_User::isLoggedIn()) { - OC_App::loadApps(); + if (Server::get(IUserSession::class)->isLoggedIn()) { + $appManager->loadApps(); } else { // For guests: Load only filesystem and logging - OC_App::loadApps(array('filesystem', 'logging')); - \OC_User::tryBasicAuthLogin(); + $appManager->loadApps(['filesystem', 'logging']); + + // Don't try to login when a client is trying to get a OAuth token. + // OAuth needs to support basic auth too, so the login is not valid + // inside Nextcloud and the Login exception would ruin it. + if ($request->getRawPathInfo() !== '/apps/oauth2/api/v1/token') { + try { + self::handleLogin($request); + } catch (DisabledUserException $e) { + // Disabled users would not be seen as logged in and + // trying to log them in would fail, so the login + // exception is ignored for the themed stylesheets and + // images. + if ($request->getRawPathInfo() !== '/apps/theming/theme/default.css' + && $request->getRawPathInfo() !== '/apps/theming/theme/light.css' + && $request->getRawPathInfo() !== '/apps/theming/theme/dark.css' + && $request->getRawPathInfo() !== '/apps/theming/theme/light-highcontrast.css' + && $request->getRawPathInfo() !== '/apps/theming/theme/dark-highcontrast.css' + && $request->getRawPathInfo() !== '/apps/theming/theme/opendyslexic.css' + && $request->getRawPathInfo() !== '/apps/theming/image/background' + && $request->getRawPathInfo() !== '/apps/theming/image/logo' + && $request->getRawPathInfo() !== '/apps/theming/image/logoheader' + && !str_starts_with($request->getRawPathInfo(), '/apps/theming/favicon') + && !str_starts_with($request->getRawPathInfo(), '/apps/theming/icon')) { + throw $e; + } + } + } } } - if (!self::$CLI and (!isset($_GET["logout"]) or ($_GET["logout"] !== 'true'))) { + if (!self::$CLI) { try { - if (!$systemConfig->getValue('maintenance', false) && !self::checkUpgrade(false)) { - OC_App::loadApps(array('filesystem', 'logging')); - OC_App::loadApps(); + if (!\OCP\Util::needUpgrade()) { + $appManager->loadApps(['filesystem', 'logging']); + $appManager->loadApps(); } - self::checkSingleUserMode(); - OC_Util::setupFS(); - OC::$server->getRouter()->match(\OC::$server->getRequest()->getRawPathInfo()); + Server::get(\OC\Route\Router::class)->match($request->getRawPathInfo()); return; } catch (Symfony\Component\Routing\Exception\ResourceNotFoundException $e) { //header('HTTP/1.0 404 Not Found'); } catch (Symfony\Component\Routing\Exception\MethodNotAllowedException $e) { - OC_Response::setStatus(405); + http_response_code(405); return; } } - // Handle redirect URL for logged in users - if (isset($_REQUEST['redirect_url']) && OC_User::isLoggedIn()) { - $location = \OC::$server->getURLGenerator()->getAbsoluteURL(urldecode($_REQUEST['redirect_url'])); - - // Deny the redirect if the URL contains a @ - // This prevents unvalidated redirects like ?redirect_url=:user@domain.com - if (strpos($location, '@') === false) { - header('Location: ' . $location); - return; - } - } // Handle WebDAV - if ($_SERVER['REQUEST_METHOD'] == 'PROPFIND') { + if (isset($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] === 'PROPFIND') { // not allowed any more to prevent people // mounting this root directly. // Users need to mount remote.php/webdav instead. - header('HTTP/1.1 405 Method Not Allowed'); - header('Status: 405 Method Not Allowed'); + http_response_code(405); return; } - // Redirect to index if the logout link is accessed without valid session - // this is needed to prevent "Token expired" messages while login if a session is expired - // @see https://github.com/owncloud/core/pull/8443#issuecomment-42425583 - if(isset($_GET['logout']) && !OC_User::isLoggedIn()) { - header("Location: " . \OC::$server->getURLGenerator()->getAbsoluteURL('/')); + // Handle requests for JSON or XML + $acceptHeader = $request->getHeader('Accept'); + if (in_array($acceptHeader, ['application/json', 'application/xml'], true)) { + http_response_code(404); return; } - // Someone is logged in - if (OC_User::isLoggedIn()) { - OC_App::loadApps(); - OC_User::setupBackends(); - OC_Util::setupFS(); - if (isset($_GET["logout"]) and ($_GET["logout"])) { - OC_JSON::callCheck(); - if (isset($_COOKIE['oc_token'])) { - \OC::$server->getConfig()->deleteUserValue(OC_User::getUser(), 'login_token', $_COOKIE['oc_token']); - } - OC_User::logout(); - // redirect to webroot and add slash if webroot is empty - header("Location: " . \OC::$server->getURLGenerator()->getAbsoluteURL('/')); - } else { - // Redirect to default application - OC_Util::redirectToDefaultPage(); - } - } else { - // Not handled and not logged in - self::handleLogin(); - } - } - - protected static function handleAuthHeaders() { - //copy http auth headers for apache+php-fcgid work around - if (isset($_SERVER['HTTP_XAUTHORIZATION']) && !isset($_SERVER['HTTP_AUTHORIZATION'])) { - $_SERVER['HTTP_AUTHORIZATION'] = $_SERVER['HTTP_XAUTHORIZATION']; + // Handle resources that can't be found + // This prevents browsers from redirecting to the default page and then + // attempting to parse HTML as CSS and similar. + $destinationHeader = $request->getHeader('Sec-Fetch-Dest'); + if (in_array($destinationHeader, ['font', 'script', 'style'])) { + http_response_code(404); + return; } - // Extract PHP_AUTH_USER/PHP_AUTH_PW from other headers if necessary. - $vars = array( - 'HTTP_AUTHORIZATION', // apache+php-cgi work around - 'REDIRECT_HTTP_AUTHORIZATION', // apache+php-cgi alternative - ); - foreach ($vars as $var) { - if (isset($_SERVER[$var]) && preg_match('/Basic\s+(.*)$/i', $_SERVER[$var], $matches)) { - list($name, $password) = explode(':', base64_decode($matches[1]), 2); - $_SERVER['PHP_AUTH_USER'] = $name; - $_SERVER['PHP_AUTH_PW'] = $password; - break; + // Redirect to the default app or login only as an entry point + if ($requestPath === '') { + // Someone is logged in + if (Server::get(IUserSession::class)->isLoggedIn()) { + header('Location: ' . Server::get(IURLGenerator::class)->linkToDefaultPageUrl()); + } else { + // Not handled and not logged in + header('Location: ' . Server::get(IURLGenerator::class)->linkToRouteAbsolute('core.login.showLoginForm')); } + return; } - } - - protected static function handleLogin() { - OC_App::loadApps(array('prelogin')); - $error = array(); - $messages = []; try { - // auth possible via apache module? - if (OC::tryApacheAuth()) { - $error[] = 'apacheauthfailed'; - } // remember was checked after last login - elseif (OC::tryRememberLogin()) { - $error[] = 'invalidcookie'; - } // logon via web form - elseif (OC::tryFormLogin()) { - $error[] = 'invalidpassword'; + Server::get(\OC\Route\Router::class)->match('/error/404'); + } catch (\Exception $e) { + if (!$e instanceof MethodNotAllowedException) { + logger('core')->emergency($e->getMessage(), ['exception' => $e]); } - } catch (\OC\User\LoginException $e) { - $messages[] = $e->getMessage(); - } catch (\Exception $ex) { - \OCP\Util::logException('handleLogin', $ex); - // do not disclose information. show generic error - $error[] = 'internalexception'; + $l = Server::get(\OCP\L10N\IFactory::class)->get('lib'); + Server::get(ITemplateManager::class)->printErrorPage( + '404', + $l->t('The page could not be found on the server.'), + 404 + ); } - - OC_Util::displayLoginPage(array_unique($error), $messages); } /** - * Remove outdated and therefore invalid tokens for a user - * @param string $user + * Check login: apache auth, auth token, basic auth */ - protected static function cleanupLoginTokens($user) { - $config = \OC::$server->getConfig(); - $cutoff = time() - $config->getSystemValue('remember_login_cookie_lifetime', 60 * 60 * 24 * 15); - $tokens = $config->getUserKeys($user, 'login_token'); - foreach ($tokens as $token) { - $time = $config->getUserValue($user, 'login_token', $token); - if ($time < $cutoff) { - $config->deleteUserValue($user, 'login_token', $token); - } + public static function handleLogin(OCP\IRequest $request): bool { + if ($request->getHeader('X-Nextcloud-Federation')) { + return false; } - } - - /** - * Try to login a user via HTTP authentication - * @return bool|void - */ - protected static function tryApacheAuth() { - $return = OC_User::handleApacheAuth(); - - // if return is true we are logged in -> redirect to the default page - if ($return === true) { - $_REQUEST['redirect_url'] = \OC::$server->getRequest()->getRequestUri(); - OC_Util::redirectToDefaultPage(); - exit; + $userSession = Server::get(\OC\User\Session::class); + if (OC_User::handleApacheAuth()) { + return true; } - - // in case $return is null apache based auth is not enabled - return is_null($return) ? false : true; - } - - /** - * Try to login a user using the remember me cookie. - * @return bool Whether the provided cookie was valid - */ - protected static function tryRememberLogin() { - if (!isset($_COOKIE["oc_remember_login"]) - || !isset($_COOKIE["oc_token"]) - || !isset($_COOKIE["oc_username"]) - || !$_COOKIE["oc_remember_login"] - || !OC_Util::rememberLoginAllowed() - ) { - return false; + if (self::tryAppAPILogin($request)) { + return true; + } + if ($userSession->tryTokenLogin($request)) { + return true; + } + if (isset($_COOKIE['nc_username']) + && isset($_COOKIE['nc_token']) + && isset($_COOKIE['nc_session_id']) + && $userSession->loginWithCookie($_COOKIE['nc_username'], $_COOKIE['nc_token'], $_COOKIE['nc_session_id'])) { + return true; } + if ($userSession->tryBasicAuthLogin($request, Server::get(IThrottler::class))) { + return true; + } + return false; + } - if (\OC::$server->getConfig()->getSystemValue('debug', false)) { - \OCP\Util::writeLog('core', 'Trying to login from cookie', \OCP\Util::DEBUG); + protected static function handleAuthHeaders(): void { + //copy http auth headers for apache+php-fcgid work around + if (isset($_SERVER['HTTP_XAUTHORIZATION']) && !isset($_SERVER['HTTP_AUTHORIZATION'])) { + $_SERVER['HTTP_AUTHORIZATION'] = $_SERVER['HTTP_XAUTHORIZATION']; } - if(OC_User::userExists($_COOKIE['oc_username'])) { - self::cleanupLoginTokens($_COOKIE['oc_username']); - // verify whether the supplied "remember me" token was valid - $granted = OC_User::loginWithCookie( - $_COOKIE['oc_username'], $_COOKIE['oc_token']); - if($granted === true) { - OC_Util::redirectToDefaultPage(); - // doesn't return + // Extract PHP_AUTH_USER/PHP_AUTH_PW from other headers if necessary. + $vars = [ + 'HTTP_AUTHORIZATION', // apache+php-cgi work around + 'REDIRECT_HTTP_AUTHORIZATION', // apache+php-cgi alternative + ]; + foreach ($vars as $var) { + if (isset($_SERVER[$var]) && is_string($_SERVER[$var]) && preg_match('/Basic\s+(.*)$/i', $_SERVER[$var], $matches)) { + $credentials = explode(':', base64_decode($matches[1]), 2); + if (count($credentials) === 2) { + $_SERVER['PHP_AUTH_USER'] = $credentials[0]; + $_SERVER['PHP_AUTH_PW'] = $credentials[1]; + break; + } } - \OCP\Util::writeLog('core', 'Authentication cookie rejected for user ' . - $_COOKIE['oc_username'], \OCP\Util::WARN); - // if you reach this point you have changed your password - // or you are an attacker - // we can not delete tokens here because users may reach - // this point multiple times after a password change } - - OC_User::unsetMagicInCookie(); - return true; } - /** - * Tries to login a user using the form based authentication - * @return bool|void - */ - protected static function tryFormLogin() { - if (!isset($_POST["user"]) || !isset($_POST['password'])) { + protected static function tryAppAPILogin(OCP\IRequest $request): bool { + if (!$request->getHeader('AUTHORIZATION-APP-API')) { return false; } - - if(!(\OC::$server->getRequest()->passesCSRFCheck())) { + $appManager = Server::get(OCP\App\IAppManager::class); + if (!$appManager->isEnabledForAnyone('app_api')) { return false; } - OC_App::loadApps(); - - //setup extra user backends - OC_User::setupBackends(); - - if (OC_User::login((string)$_POST["user"], (string)$_POST["password"])) { - $userId = OC_User::getUser(); - - // setting up the time zone - if (isset($_POST['timezone-offset'])) { - self::$server->getSession()->set('timezone', (string)$_POST['timezone-offset']); - self::$server->getConfig()->setUserValue($userId, 'core', 'timezone', (string)$_POST['timezone']); - } - - self::cleanupLoginTokens($userId); - if (!empty($_POST["remember_login"])) { - $config = self::$server->getConfig(); - if ($config->getSystemValue('debug', false)) { - self::$server->getLogger()->debug('Setting remember login to cookie', array('app' => 'core')); - } - $token = \OC::$server->getSecureRandom()->generate(32); - $config->setUserValue($userId, 'login_token', $token, time()); - OC_User::setMagicInCookie($userId, $token); - } else { - OC_User::unsetMagicInCookie(); - } - OC_Util::redirectToDefaultPage(); - exit(); + try { + $appAPIService = Server::get(OCA\AppAPI\Service\AppAPIService::class); + return $appAPIService->validateExAppRequestToNC($request); + } catch (\Psr\Container\NotFoundExceptionInterface|\Psr\Container\ContainerExceptionInterface $e) { + return false; } - return true; } - } - OC::init(); |