From 0c727f175509ccfdec87dc69fd52af60cf2d6b94 Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Mon, 9 May 2016 15:09:50 +0200 Subject: Move federation code to PSR-4 --- apps/federation/api/ocsauthapi.php | 176 ------------ apps/federation/appinfo/application.php | 181 ------------ apps/federation/backgroundjob/getsharedsecret.php | 200 ------------- .../backgroundjob/requestsharedsecret.php | 184 ------------ .../command/syncfederationaddressbooks.php | 74 ----- apps/federation/controller/settingscontroller.php | 122 -------- apps/federation/dav/fedauth.php | 54 ---- apps/federation/lib/API/OCSAuthAPI.php | 176 ++++++++++++ apps/federation/lib/AppInfo/Application.php | 181 ++++++++++++ .../lib/BackgroundJob/GetSharedSecret.php | 200 +++++++++++++ .../lib/BackgroundJob/RequestSharedSecret.php | 184 ++++++++++++ .../lib/Command/SyncFederationAddressBooks.php | 74 +++++ .../lib/Controller/SettingsController.php | 122 ++++++++ apps/federation/lib/DAV/FedAuth.php | 54 ++++ apps/federation/lib/DbHandler.php | 318 +++++++++++++++++++++ apps/federation/lib/Hooks.php | 50 ++++ .../lib/Middleware/AddServerMiddleware.php | 72 +++++ apps/federation/lib/SyncFederationAddressBooks.php | 82 ++++++ apps/federation/lib/SyncJob.php | 43 +++ apps/federation/lib/TrustedServers.php | 270 +++++++++++++++++ apps/federation/lib/dbhandler.php | 318 --------------------- apps/federation/lib/hooks.php | 50 ---- apps/federation/lib/syncfederationaddressbooks.php | 82 ------ apps/federation/lib/syncjob.php | 43 --- apps/federation/lib/trustedservers.php | 270 ----------------- apps/federation/middleware/addservermiddleware.php | 72 ----- 26 files changed, 1826 insertions(+), 1826 deletions(-) delete mode 100644 apps/federation/api/ocsauthapi.php delete mode 100644 apps/federation/appinfo/application.php delete mode 100644 apps/federation/backgroundjob/getsharedsecret.php delete mode 100644 apps/federation/backgroundjob/requestsharedsecret.php delete mode 100644 apps/federation/command/syncfederationaddressbooks.php delete mode 100644 apps/federation/controller/settingscontroller.php delete mode 100644 apps/federation/dav/fedauth.php create mode 100644 apps/federation/lib/API/OCSAuthAPI.php create mode 100644 apps/federation/lib/AppInfo/Application.php create mode 100644 apps/federation/lib/BackgroundJob/GetSharedSecret.php create mode 100644 apps/federation/lib/BackgroundJob/RequestSharedSecret.php create mode 100644 apps/federation/lib/Command/SyncFederationAddressBooks.php create mode 100644 apps/federation/lib/Controller/SettingsController.php create mode 100644 apps/federation/lib/DAV/FedAuth.php create mode 100644 apps/federation/lib/DbHandler.php create mode 100644 apps/federation/lib/Hooks.php create mode 100644 apps/federation/lib/Middleware/AddServerMiddleware.php create mode 100644 apps/federation/lib/SyncFederationAddressBooks.php create mode 100644 apps/federation/lib/SyncJob.php create mode 100644 apps/federation/lib/TrustedServers.php delete mode 100644 apps/federation/lib/dbhandler.php delete mode 100644 apps/federation/lib/hooks.php delete mode 100644 apps/federation/lib/syncfederationaddressbooks.php delete mode 100644 apps/federation/lib/syncjob.php delete mode 100644 apps/federation/lib/trustedservers.php delete mode 100644 apps/federation/middleware/addservermiddleware.php diff --git a/apps/federation/api/ocsauthapi.php b/apps/federation/api/ocsauthapi.php deleted file mode 100644 index 1c4e73cc8de..00000000000 --- a/apps/federation/api/ocsauthapi.php +++ /dev/null @@ -1,176 +0,0 @@ - - * @author Lukas Reschke - * @author Robin Appelman - * @author Roeland Jago Douma - * @author Thomas Müller - * - * @copyright Copyright (c) 2016, ownCloud, Inc. - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see - * - */ - - -namespace OCA\Federation\API; - -use OCA\Federation\DbHandler; -use OCA\Federation\TrustedServers; -use OCP\AppFramework\Http; -use OCP\BackgroundJob\IJobList; -use OCP\ILogger; -use OCP\IRequest; -use OCP\Security\ISecureRandom; - -/** - * Class OCSAuthAPI - * - * OCS API end-points to exchange shared secret between two connected ownClouds - * - * @package OCA\Federation\API - */ -class OCSAuthAPI { - - /** @var IRequest */ - private $request; - - /** @var ISecureRandom */ - private $secureRandom; - - /** @var IJobList */ - private $jobList; - - /** @var TrustedServers */ - private $trustedServers; - - /** @var DbHandler */ - private $dbHandler; - - /** @var ILogger */ - private $logger; - - /** - * OCSAuthAPI constructor. - * - * @param IRequest $request - * @param ISecureRandom $secureRandom - * @param IJobList $jobList - * @param TrustedServers $trustedServers - * @param DbHandler $dbHandler - * @param ILogger $logger - */ - public function __construct( - IRequest $request, - ISecureRandom $secureRandom, - IJobList $jobList, - TrustedServers $trustedServers, - DbHandler $dbHandler, - ILogger $logger - ) { - $this->request = $request; - $this->secureRandom = $secureRandom; - $this->jobList = $jobList; - $this->trustedServers = $trustedServers; - $this->dbHandler = $dbHandler; - $this->logger = $logger; - } - - /** - * request received to ask remote server for a shared secret - * - * @return \OC_OCS_Result - */ - public function requestSharedSecret() { - - $url = $this->request->getParam('url'); - $token = $this->request->getParam('token'); - - if ($this->trustedServers->isTrustedServer($url) === false) { - $this->logger->error('remote server not trusted (' . $url . ') while requesting shared secret', ['app' => 'federation']); - return new \OC_OCS_Result(null, HTTP::STATUS_FORBIDDEN); - } - - // if both server initiated the exchange of the shared secret the greater - // token wins - $localToken = $this->dbHandler->getToken($url); - if (strcmp($localToken, $token) > 0) { - $this->logger->info( - 'remote server (' . $url . ') presented lower token. We will initiate the exchange of the shared secret.', - ['app' => 'federation'] - ); - return new \OC_OCS_Result(null, HTTP::STATUS_FORBIDDEN); - } - - // we ask for the shared secret so we no longer have to ask the other server - // to request the shared secret - $this->jobList->remove('OCA\Federation\BackgroundJob\RequestSharedSecret', - [ - 'url' => $url, - 'token' => $localToken - ] - ); - - $this->jobList->add( - 'OCA\Federation\BackgroundJob\GetSharedSecret', - [ - 'url' => $url, - 'token' => $token, - ] - ); - - return new \OC_OCS_Result(null, Http::STATUS_OK); - - } - - /** - * create shared secret and return it - * - * @return \OC_OCS_Result - */ - public function getSharedSecret() { - - $url = $this->request->getParam('url'); - $token = $this->request->getParam('token'); - - if ($this->trustedServers->isTrustedServer($url) === false) { - $this->logger->error('remote server not trusted (' . $url . ') while getting shared secret', ['app' => 'federation']); - return new \OC_OCS_Result(null, HTTP::STATUS_FORBIDDEN); - } - - if ($this->isValidToken($url, $token) === false) { - $expectedToken = $this->dbHandler->getToken($url); - $this->logger->error( - 'remote server (' . $url . ') didn\'t send a valid token (got "' . $token . '" but expected "'. $expectedToken . '") while getting shared secret', - ['app' => 'federation'] - ); - return new \OC_OCS_Result(null, HTTP::STATUS_FORBIDDEN); - } - - $sharedSecret = $this->secureRandom->generate(32); - - $this->trustedServers->addSharedSecret($url, $sharedSecret); - // reset token after the exchange of the shared secret was successful - $this->dbHandler->addToken($url, ''); - - return new \OC_OCS_Result(['sharedSecret' => $sharedSecret], Http::STATUS_OK); - - } - - protected function isValidToken($url, $token) { - $storedToken = $this->dbHandler->getToken($url); - return hash_equals($storedToken, $token); - } - -} diff --git a/apps/federation/appinfo/application.php b/apps/federation/appinfo/application.php deleted file mode 100644 index 74185345329..00000000000 --- a/apps/federation/appinfo/application.php +++ /dev/null @@ -1,181 +0,0 @@ - - * @author Robin Appelman - * @author Thomas Müller - * - * @copyright Copyright (c) 2016, ownCloud, Inc. - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see - * - */ - -namespace OCA\Federation\AppInfo; - -use OCA\Federation\API\OCSAuthAPI; -use OCA\Federation\Controller\SettingsController; -use OCA\Federation\DAV\FedAuth; -use OCA\Federation\DbHandler; -use OCA\Federation\Hooks; -use OCA\Federation\Middleware\AddServerMiddleware; -use OCA\Federation\SyncFederationAddressBooks; -use OCA\Federation\SyncJob; -use OCA\Federation\TrustedServers; -use OCP\API; -use OCP\App; -use OCP\AppFramework\IAppContainer; -use OCP\SabrePluginEvent; -use OCP\Util; -use Sabre\DAV\Auth\Plugin; - -class Application extends \OCP\AppFramework\App { - - /** - * @param array $urlParams - */ - public function __construct($urlParams = array()) { - parent::__construct('federation', $urlParams); - $this->registerService(); - $this->registerMiddleware(); - } - - /** - * register setting scripts - */ - public function registerSettings() { - App::registerAdmin('federation', 'settings/settings-admin'); - } - - private function registerService() { - $container = $this->getContainer(); - - $container->registerService('addServerMiddleware', function(IAppContainer $c) { - return new AddServerMiddleware( - $c->getAppName(), - \OC::$server->getL10N($c->getAppName()), - \OC::$server->getLogger() - ); - }); - - $container->registerService('DbHandler', function(IAppContainer $c) { - return new DbHandler( - \OC::$server->getDatabaseConnection(), - \OC::$server->getL10N($c->getAppName()) - ); - }); - - $container->registerService('TrustedServers', function(IAppContainer $c) { - $server = $c->getServer(); - return new TrustedServers( - $c->query('DbHandler'), - $server->getHTTPClientService(), - $server->getLogger(), - $server->getJobList(), - $server->getSecureRandom(), - $server->getConfig(), - $server->getEventDispatcher() - ); - }); - - $container->registerService('SettingsController', function (IAppContainer $c) { - $server = $c->getServer(); - return new SettingsController( - $c->getAppName(), - $server->getRequest(), - $server->getL10N($c->getAppName()), - $c->query('TrustedServers') - ); - }); - - } - - private function registerMiddleware() { - $container = $this->getContainer(); - $container->registerMiddleware('addServerMiddleware'); - } - - /** - * register OCS API Calls - */ - public function registerOCSApi() { - - $container = $this->getContainer(); - $server = $container->getServer(); - - $auth = new OCSAuthAPI( - $server->getRequest(), - $server->getSecureRandom(), - $server->getJobList(), - $container->query('TrustedServers'), - $container->query('DbHandler'), - $server->getLogger() - - ); - - API::register('get', - '/apps/federation/api/v1/shared-secret', - array($auth, 'getSharedSecret'), - 'federation', - API::GUEST_AUTH - ); - - API::register('post', - '/apps/federation/api/v1/request-shared-secret', - array($auth, 'requestSharedSecret'), - 'federation', - API::GUEST_AUTH - ); - - } - - /** - * listen to federated_share_added hooks to auto-add new servers to the - * list of trusted servers. - */ - public function registerHooks() { - - $container = $this->getContainer(); - $hooksManager = new Hooks($container->query('TrustedServers')); - - Util::connectHook( - 'OCP\Share', - 'federated_share_added', - $hooksManager, - 'addServerHook' - ); - - $dispatcher = $this->getContainer()->getServer()->getEventDispatcher(); - $dispatcher->addListener('OCA\DAV\Connector\Sabre::authInit', function($event) use($container) { - if ($event instanceof SabrePluginEvent) { - $authPlugin = $event->getServer()->getPlugin('auth'); - if ($authPlugin instanceof Plugin) { - $h = new DbHandler($container->getServer()->getDatabaseConnection(), - $container->getServer()->getL10N('federation') - ); - $authPlugin->addBackend(new FedAuth($h)); - } - } - }); - } - - /** - * @return SyncFederationAddressBooks - */ - public function getSyncService() { - $syncService = \OC::$server->query('CardDAVSyncService'); - $dbHandler = $this->getContainer()->query('DbHandler'); - return new SyncFederationAddressBooks($dbHandler, $syncService); - } - -} diff --git a/apps/federation/backgroundjob/getsharedsecret.php b/apps/federation/backgroundjob/getsharedsecret.php deleted file mode 100644 index 66ab082c1a2..00000000000 --- a/apps/federation/backgroundjob/getsharedsecret.php +++ /dev/null @@ -1,200 +0,0 @@ - - * @author Thomas Müller - * - * @copyright Copyright (c) 2016, ownCloud, Inc. - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see - * - */ - - -namespace OCA\Federation\BackgroundJob; - -use GuzzleHttp\Exception\ClientException; -use OC\BackgroundJob\JobList; -use OC\BackgroundJob\Job; -use OCA\Federation\DbHandler; -use OCA\Federation\TrustedServers; -use OCP\AppFramework\Http; -use OCP\BackgroundJob\IJobList; -use OCP\Http\Client\IClient; -use OCP\Http\Client\IResponse; -use OCP\ILogger; -use OCP\IURLGenerator; - -/** - * Class GetSharedSecret - * - * request shared secret from remote ownCloud - * - * @package OCA\Federation\Backgroundjob - */ -class GetSharedSecret extends Job{ - - /** @var IClient */ - private $httpClient; - - /** @var IJobList */ - private $jobList; - - /** @var IURLGenerator */ - private $urlGenerator; - - /** @var TrustedServers */ - private $trustedServers; - - /** @var DbHandler */ - private $dbHandler; - - /** @var ILogger */ - private $logger; - - /** @var bool */ - protected $retainJob = false; - - private $endPoint = '/ocs/v2.php/apps/federation/api/v1/shared-secret?format=json'; - - /** - * RequestSharedSecret constructor. - * - * @param IClient $httpClient - * @param IURLGenerator $urlGenerator - * @param IJobList $jobList - * @param TrustedServers $trustedServers - * @param ILogger $logger - * @param DbHandler $dbHandler - */ - public function __construct( - IClient $httpClient = null, - IURLGenerator $urlGenerator = null, - IJobList $jobList = null, - TrustedServers $trustedServers = null, - ILogger $logger = null, - DbHandler $dbHandler = null - ) { - $this->logger = $logger ? $logger : \OC::$server->getLogger(); - $this->httpClient = $httpClient ? $httpClient : \OC::$server->getHTTPClientService()->newClient(); - $this->jobList = $jobList ? $jobList : \OC::$server->getJobList(); - $this->urlGenerator = $urlGenerator ? $urlGenerator : \OC::$server->getURLGenerator(); - $this->dbHandler = $dbHandler ? $dbHandler : new DbHandler(\OC::$server->getDatabaseConnection(), \OC::$server->getL10N('federation')); - if ($trustedServers) { - $this->trustedServers = $trustedServers; - } else { - $this->trustedServers = new TrustedServers( - $this->dbHandler, - \OC::$server->getHTTPClientService(), - $this->logger, - $this->jobList, - \OC::$server->getSecureRandom(), - \OC::$server->getConfig(), - \OC::$server->getEventDispatcher() - ); - } - } - - /** - * run the job, then remove it from the joblist - * - * @param JobList $jobList - * @param ILogger $logger - */ - public function execute($jobList, ILogger $logger = null) { - $target = $this->argument['url']; - // only execute if target is still in the list of trusted domains - if ($this->trustedServers->isTrustedServer($target)) { - $this->parentExecute($jobList, $logger); - } - - if (!$this->retainJob) { - $jobList->remove($this, $this->argument); - } - } - - /** - * call execute() method of parent - * - * @param JobList $jobList - * @param ILogger $logger - */ - protected function parentExecute($jobList, $logger) { - parent::execute($jobList, $logger); - } - - protected function run($argument) { - $target = $argument['url']; - $source = $this->urlGenerator->getAbsoluteURL('/'); - $source = rtrim($source, '/'); - $token = $argument['token']; - - $result = null; - try { - $result = $this->httpClient->get( - $target . $this->endPoint, - [ - 'query' => - [ - 'url' => $source, - 'token' => $token - ], - 'timeout' => 3, - 'connect_timeout' => 3, - ] - ); - - $status = $result->getStatusCode(); - - } catch (ClientException $e) { - $status = $e->getCode(); - if ($status === Http::STATUS_FORBIDDEN) { - $this->logger->info($target . ' refused to exchange a shared secret with you.', ['app' => 'federation']); - } else { - $this->logger->logException($e, ['app' => 'federation']); - } - } catch (\Exception $e) { - $status = Http::STATUS_INTERNAL_SERVER_ERROR; - $this->logger->logException($e, ['app' => 'federation']); - } - - // if we received a unexpected response we try again later - if ( - $status !== Http::STATUS_OK - && $status !== Http::STATUS_FORBIDDEN - ) { - $this->retainJob = true; - } else { - // reset token if we received a valid response - $this->dbHandler->addToken($target, ''); - } - - if ($status === Http::STATUS_OK && $result instanceof IResponse) { - $body = $result->getBody(); - $result = json_decode($body, true); - if (isset($result['ocs']['data']['sharedSecret'])) { - $this->trustedServers->addSharedSecret( - $target, - $result['ocs']['data']['sharedSecret'] - ); - } else { - $this->logger->error( - 'remote server "' . $target . '"" does not return a valid shared secret', - ['app' => 'federation'] - ); - $this->trustedServers->setServerStatus($target, TrustedServers::STATUS_FAILURE); - } - } - - } -} diff --git a/apps/federation/backgroundjob/requestsharedsecret.php b/apps/federation/backgroundjob/requestsharedsecret.php deleted file mode 100644 index 040e8e1d8e2..00000000000 --- a/apps/federation/backgroundjob/requestsharedsecret.php +++ /dev/null @@ -1,184 +0,0 @@ - - * @author Robin Appelman - * @author Thomas Müller - * - * @copyright Copyright (c) 2016, ownCloud, Inc. - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see - * - */ - - -namespace OCA\Federation\BackgroundJob; - - -use GuzzleHttp\Exception\ClientException; -use OC\BackgroundJob\JobList; -use OC\BackgroundJob\Job; -use OCA\Federation\DbHandler; -use OCA\Federation\TrustedServers; -use OCP\AppFramework\Http; -use OCP\BackgroundJob\IJobList; -use OCP\Http\Client\IClient; -use OCP\ILogger; -use OCP\IURLGenerator; - -/** - * Class RequestSharedSecret - * - * Ask remote ownCloud to request a sharedSecret from this server - * - * @package OCA\Federation\Backgroundjob - */ -class RequestSharedSecret extends Job { - - /** @var IClient */ - private $httpClient; - - /** @var IJobList */ - private $jobList; - - /** @var IURLGenerator */ - private $urlGenerator; - - /** @var DbHandler */ - private $dbHandler; - - /** @var TrustedServers */ - private $trustedServers; - - private $endPoint = '/ocs/v2.php/apps/federation/api/v1/request-shared-secret?format=json'; - - /** @var ILogger */ - private $logger; - - /** @var bool */ - protected $retainJob = false; - - /** - * RequestSharedSecret constructor. - * - * @param IClient $httpClient - * @param IURLGenerator $urlGenerator - * @param IJobList $jobList - * @param TrustedServers $trustedServers - * @param DbHandler $dbHandler - */ - public function __construct( - IClient $httpClient = null, - IURLGenerator $urlGenerator = null, - IJobList $jobList = null, - TrustedServers $trustedServers = null, - DbHandler $dbHandler = null - ) { - $this->httpClient = $httpClient ? $httpClient : \OC::$server->getHTTPClientService()->newClient(); - $this->jobList = $jobList ? $jobList : \OC::$server->getJobList(); - $this->urlGenerator = $urlGenerator ? $urlGenerator : \OC::$server->getURLGenerator(); - $this->dbHandler = $dbHandler ? $dbHandler : new DbHandler(\OC::$server->getDatabaseConnection(), \OC::$server->getL10N('federation')); - $this->logger = \OC::$server->getLogger(); - if ($trustedServers) { - $this->trustedServers = $trustedServers; - } else { - $this->trustedServers = new TrustedServers( - $this->dbHandler, - \OC::$server->getHTTPClientService(), - $this->logger, - $this->jobList, - \OC::$server->getSecureRandom(), - \OC::$server->getConfig(), - \OC::$server->getEventDispatcher() - ); - } - } - - - /** - * run the job, then remove it from the joblist - * - * @param JobList $jobList - * @param ILogger $logger - */ - public function execute($jobList, ILogger $logger = null) { - $target = $this->argument['url']; - // only execute if target is still in the list of trusted domains - if ($this->trustedServers->isTrustedServer($target)) { - $this->parentExecute($jobList, $logger); - } - - if (!$this->retainJob) { - $jobList->remove($this, $this->argument); - } - } - - /** - * call execute() method of parent - * - * @param JobList $jobList - * @param ILogger $logger - */ - protected function parentExecute($jobList, $logger) { - parent::execute($jobList, $logger); - } - - protected function run($argument) { - - $target = $argument['url']; - $source = $this->urlGenerator->getAbsoluteURL('/'); - $source = rtrim($source, '/'); - $token = $argument['token']; - - try { - $result = $this->httpClient->post( - $target . $this->endPoint, - [ - 'body' => [ - 'url' => $source, - 'token' => $token, - ], - 'timeout' => 3, - 'connect_timeout' => 3, - ] - ); - - $status = $result->getStatusCode(); - - } catch (ClientException $e) { - $status = $e->getCode(); - if ($status === Http::STATUS_FORBIDDEN) { - $this->logger->info($target . ' refused to ask for a shared secret.', ['app' => 'federation']); - } else { - $this->logger->logException($e, ['app' => 'federation']); - } - } catch (\Exception $e) { - $status = Http::STATUS_INTERNAL_SERVER_ERROR; - $this->logger->logException($e, ['app' => 'federation']); - } - - // if we received a unexpected response we try again later - if ( - $status !== Http::STATUS_OK - && $status !== Http::STATUS_FORBIDDEN - ) { - $this->retainJob = true; - } - - if ($status === Http::STATUS_FORBIDDEN) { - // clear token if remote server refuses to ask for shared secret - $this->dbHandler->addToken($target, ''); - } - - } -} diff --git a/apps/federation/command/syncfederationaddressbooks.php b/apps/federation/command/syncfederationaddressbooks.php deleted file mode 100644 index 879d38f8c22..00000000000 --- a/apps/federation/command/syncfederationaddressbooks.php +++ /dev/null @@ -1,74 +0,0 @@ - - * @author Lukas Reschke - * @author Thomas Müller - * - * @copyright Copyright (c) 2016, ownCloud, Inc. - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see - * - */ -namespace OCA\Federation\Command; - -use OCA\Federation\DbHandler; -use Symfony\Component\Console\Command\Command; -use Symfony\Component\Console\Helper\ProgressBar; -use Symfony\Component\Console\Input\InputInterface; -use Symfony\Component\Console\Output\OutputInterface; - -class SyncFederationAddressBooks extends Command { - - /** @var \OCA\Federation\SyncFederationAddressBooks */ - private $syncService; - - /** - * @param \OCA\Federation\SyncFederationAddressBooks $syncService - */ - function __construct(\OCA\Federation\SyncFederationAddressBooks $syncService) { - parent::__construct(); - - $this->syncService = $syncService; - } - - protected function configure() { - $this - ->setName('federation:sync-addressbooks') - ->setDescription('Synchronizes addressbooks of all federated clouds'); - } - - /** - * @param InputInterface $input - * @param OutputInterface $output - * @return int - */ - protected function execute(InputInterface $input, OutputInterface $output) { - - $progress = new ProgressBar($output); - $progress->start(); - $this->syncService->syncThemAll(function($url, $ex) use ($progress, $output) { - if ($ex instanceof \Exception) { - $output->writeln("Error while syncing $url : " . $ex->getMessage()); - - } else { - $progress->advance(); - } - }); - - $progress->finish(); - $output->writeln(''); - - return 0; - } -} diff --git a/apps/federation/controller/settingscontroller.php b/apps/federation/controller/settingscontroller.php deleted file mode 100644 index 3adb6fced66..00000000000 --- a/apps/federation/controller/settingscontroller.php +++ /dev/null @@ -1,122 +0,0 @@ - - * - * @copyright Copyright (c) 2016, ownCloud, Inc. - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see - * - */ - -namespace OCA\Federation\Controller; - -use OC\HintException; -use OCA\Federation\TrustedServers; -use OCP\AppFramework\Controller; -use OCP\AppFramework\Http; -use OCP\AppFramework\Http\DataResponse; -use OCP\IL10N; -use OCP\IRequest; - - -class SettingsController extends Controller { - - /** @var IL10N */ - private $l; - - /** @var TrustedServers */ - private $trustedServers; - - /** - * @param string $AppName - * @param IRequest $request - * @param IL10N $l10n - * @param TrustedServers $trustedServers - */ - public function __construct($AppName, - IRequest $request, - IL10N $l10n, - TrustedServers $trustedServers - ) { - parent::__construct($AppName, $request); - $this->l = $l10n; - $this->trustedServers = $trustedServers; - } - - - /** - * add server to the list of trusted ownClouds - * - * @param string $url - * @return DataResponse - * @throws HintException - */ - public function addServer($url) { - $this->checkServer($url); - $id = $this->trustedServers->addServer($url); - - return new DataResponse( - [ - 'url' => $url, - 'id' => $id, - 'message' => (string) $this->l->t('Server added to the list of trusted ownClouds') - ] - ); - } - - /** - * add server to the list of trusted ownClouds - * - * @param int $id - * @return DataResponse - */ - public function removeServer($id) { - $this->trustedServers->removeServer($id); - return new DataResponse(); - } - - /** - * enable/disable to automatically add servers to the list of trusted servers - * once a federated share was created and accepted successfully - * - * @param bool $autoAddServers - */ - public function autoAddServers($autoAddServers) { - $this->trustedServers->setAutoAddServers($autoAddServers); - } - - /** - * check if the server should be added to the list of trusted servers or not - * - * @param string $url - * @return bool - * @throws HintException - */ - protected function checkServer($url) { - if ($this->trustedServers->isTrustedServer($url) === true) { - $message = 'Server is already in the list of trusted servers.'; - $hint = $this->l->t('Server is already in the list of trusted servers.'); - throw new HintException($message, $hint); - } - - if ($this->trustedServers->isOwnCloudServer($url) === false) { - $message = 'No ownCloud server found'; - $hint = $this->l->t('No ownCloud server found'); - throw new HintException($message, $hint); - } - - return true; - } - -} diff --git a/apps/federation/dav/fedauth.php b/apps/federation/dav/fedauth.php deleted file mode 100644 index bb1041adcdf..00000000000 --- a/apps/federation/dav/fedauth.php +++ /dev/null @@ -1,54 +0,0 @@ - - * - * @copyright Copyright (c) 2016, ownCloud, Inc. - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see - * - */ -namespace OCA\Federation\DAV; - -use OCA\Federation\DbHandler; -use Sabre\DAV\Auth\Backend\AbstractBasic; - -class FedAuth extends AbstractBasic { - - /** @var DbHandler */ - private $db; - - /** - * FedAuth constructor. - * - * @param DbHandler $db - */ - public function __construct(DbHandler $db) { - $this->db = $db; - $this->principalPrefix = 'principals/system/'; - } - - /** - * Validates a username and password - * - * This method should return true or false depending on if login - * succeeded. - * - * @param string $username - * @param string $password - * @return bool - */ - protected function validateUserPass($username, $password) { - return $this->db->auth($username, $password); - } -} diff --git a/apps/federation/lib/API/OCSAuthAPI.php b/apps/federation/lib/API/OCSAuthAPI.php new file mode 100644 index 00000000000..1c4e73cc8de --- /dev/null +++ b/apps/federation/lib/API/OCSAuthAPI.php @@ -0,0 +1,176 @@ + + * @author Lukas Reschke + * @author Robin Appelman + * @author Roeland Jago Douma + * @author Thomas Müller + * + * @copyright Copyright (c) 2016, ownCloud, Inc. + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see + * + */ + + +namespace OCA\Federation\API; + +use OCA\Federation\DbHandler; +use OCA\Federation\TrustedServers; +use OCP\AppFramework\Http; +use OCP\BackgroundJob\IJobList; +use OCP\ILogger; +use OCP\IRequest; +use OCP\Security\ISecureRandom; + +/** + * Class OCSAuthAPI + * + * OCS API end-points to exchange shared secret between two connected ownClouds + * + * @package OCA\Federation\API + */ +class OCSAuthAPI { + + /** @var IRequest */ + private $request; + + /** @var ISecureRandom */ + private $secureRandom; + + /** @var IJobList */ + private $jobList; + + /** @var TrustedServers */ + private $trustedServers; + + /** @var DbHandler */ + private $dbHandler; + + /** @var ILogger */ + private $logger; + + /** + * OCSAuthAPI constructor. + * + * @param IRequest $request + * @param ISecureRandom $secureRandom + * @param IJobList $jobList + * @param TrustedServers $trustedServers + * @param DbHandler $dbHandler + * @param ILogger $logger + */ + public function __construct( + IRequest $request, + ISecureRandom $secureRandom, + IJobList $jobList, + TrustedServers $trustedServers, + DbHandler $dbHandler, + ILogger $logger + ) { + $this->request = $request; + $this->secureRandom = $secureRandom; + $this->jobList = $jobList; + $this->trustedServers = $trustedServers; + $this->dbHandler = $dbHandler; + $this->logger = $logger; + } + + /** + * request received to ask remote server for a shared secret + * + * @return \OC_OCS_Result + */ + public function requestSharedSecret() { + + $url = $this->request->getParam('url'); + $token = $this->request->getParam('token'); + + if ($this->trustedServers->isTrustedServer($url) === false) { + $this->logger->error('remote server not trusted (' . $url . ') while requesting shared secret', ['app' => 'federation']); + return new \OC_OCS_Result(null, HTTP::STATUS_FORBIDDEN); + } + + // if both server initiated the exchange of the shared secret the greater + // token wins + $localToken = $this->dbHandler->getToken($url); + if (strcmp($localToken, $token) > 0) { + $this->logger->info( + 'remote server (' . $url . ') presented lower token. We will initiate the exchange of the shared secret.', + ['app' => 'federation'] + ); + return new \OC_OCS_Result(null, HTTP::STATUS_FORBIDDEN); + } + + // we ask for the shared secret so we no longer have to ask the other server + // to request the shared secret + $this->jobList->remove('OCA\Federation\BackgroundJob\RequestSharedSecret', + [ + 'url' => $url, + 'token' => $localToken + ] + ); + + $this->jobList->add( + 'OCA\Federation\BackgroundJob\GetSharedSecret', + [ + 'url' => $url, + 'token' => $token, + ] + ); + + return new \OC_OCS_Result(null, Http::STATUS_OK); + + } + + /** + * create shared secret and return it + * + * @return \OC_OCS_Result + */ + public function getSharedSecret() { + + $url = $this->request->getParam('url'); + $token = $this->request->getParam('token'); + + if ($this->trustedServers->isTrustedServer($url) === false) { + $this->logger->error('remote server not trusted (' . $url . ') while getting shared secret', ['app' => 'federation']); + return new \OC_OCS_Result(null, HTTP::STATUS_FORBIDDEN); + } + + if ($this->isValidToken($url, $token) === false) { + $expectedToken = $this->dbHandler->getToken($url); + $this->logger->error( + 'remote server (' . $url . ') didn\'t send a valid token (got "' . $token . '" but expected "'. $expectedToken . '") while getting shared secret', + ['app' => 'federation'] + ); + return new \OC_OCS_Result(null, HTTP::STATUS_FORBIDDEN); + } + + $sharedSecret = $this->secureRandom->generate(32); + + $this->trustedServers->addSharedSecret($url, $sharedSecret); + // reset token after the exchange of the shared secret was successful + $this->dbHandler->addToken($url, ''); + + return new \OC_OCS_Result(['sharedSecret' => $sharedSecret], Http::STATUS_OK); + + } + + protected function isValidToken($url, $token) { + $storedToken = $this->dbHandler->getToken($url); + return hash_equals($storedToken, $token); + } + +} diff --git a/apps/federation/lib/AppInfo/Application.php b/apps/federation/lib/AppInfo/Application.php new file mode 100644 index 00000000000..74185345329 --- /dev/null +++ b/apps/federation/lib/AppInfo/Application.php @@ -0,0 +1,181 @@ + + * @author Robin Appelman + * @author Thomas Müller + * + * @copyright Copyright (c) 2016, ownCloud, Inc. + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see + * + */ + +namespace OCA\Federation\AppInfo; + +use OCA\Federation\API\OCSAuthAPI; +use OCA\Federation\Controller\SettingsController; +use OCA\Federation\DAV\FedAuth; +use OCA\Federation\DbHandler; +use OCA\Federation\Hooks; +use OCA\Federation\Middleware\AddServerMiddleware; +use OCA\Federation\SyncFederationAddressBooks; +use OCA\Federation\SyncJob; +use OCA\Federation\TrustedServers; +use OCP\API; +use OCP\App; +use OCP\AppFramework\IAppContainer; +use OCP\SabrePluginEvent; +use OCP\Util; +use Sabre\DAV\Auth\Plugin; + +class Application extends \OCP\AppFramework\App { + + /** + * @param array $urlParams + */ + public function __construct($urlParams = array()) { + parent::__construct('federation', $urlParams); + $this->registerService(); + $this->registerMiddleware(); + } + + /** + * register setting scripts + */ + public function registerSettings() { + App::registerAdmin('federation', 'settings/settings-admin'); + } + + private function registerService() { + $container = $this->getContainer(); + + $container->registerService('addServerMiddleware', function(IAppContainer $c) { + return new AddServerMiddleware( + $c->getAppName(), + \OC::$server->getL10N($c->getAppName()), + \OC::$server->getLogger() + ); + }); + + $container->registerService('DbHandler', function(IAppContainer $c) { + return new DbHandler( + \OC::$server->getDatabaseConnection(), + \OC::$server->getL10N($c->getAppName()) + ); + }); + + $container->registerService('TrustedServers', function(IAppContainer $c) { + $server = $c->getServer(); + return new TrustedServers( + $c->query('DbHandler'), + $server->getHTTPClientService(), + $server->getLogger(), + $server->getJobList(), + $server->getSecureRandom(), + $server->getConfig(), + $server->getEventDispatcher() + ); + }); + + $container->registerService('SettingsController', function (IAppContainer $c) { + $server = $c->getServer(); + return new SettingsController( + $c->getAppName(), + $server->getRequest(), + $server->getL10N($c->getAppName()), + $c->query('TrustedServers') + ); + }); + + } + + private function registerMiddleware() { + $container = $this->getContainer(); + $container->registerMiddleware('addServerMiddleware'); + } + + /** + * register OCS API Calls + */ + public function registerOCSApi() { + + $container = $this->getContainer(); + $server = $container->getServer(); + + $auth = new OCSAuthAPI( + $server->getRequest(), + $server->getSecureRandom(), + $server->getJobList(), + $container->query('TrustedServers'), + $container->query('DbHandler'), + $server->getLogger() + + ); + + API::register('get', + '/apps/federation/api/v1/shared-secret', + array($auth, 'getSharedSecret'), + 'federation', + API::GUEST_AUTH + ); + + API::register('post', + '/apps/federation/api/v1/request-shared-secret', + array($auth, 'requestSharedSecret'), + 'federation', + API::GUEST_AUTH + ); + + } + + /** + * listen to federated_share_added hooks to auto-add new servers to the + * list of trusted servers. + */ + public function registerHooks() { + + $container = $this->getContainer(); + $hooksManager = new Hooks($container->query('TrustedServers')); + + Util::connectHook( + 'OCP\Share', + 'federated_share_added', + $hooksManager, + 'addServerHook' + ); + + $dispatcher = $this->getContainer()->getServer()->getEventDispatcher(); + $dispatcher->addListener('OCA\DAV\Connector\Sabre::authInit', function($event) use($container) { + if ($event instanceof SabrePluginEvent) { + $authPlugin = $event->getServer()->getPlugin('auth'); + if ($authPlugin instanceof Plugin) { + $h = new DbHandler($container->getServer()->getDatabaseConnection(), + $container->getServer()->getL10N('federation') + ); + $authPlugin->addBackend(new FedAuth($h)); + } + } + }); + } + + /** + * @return SyncFederationAddressBooks + */ + public function getSyncService() { + $syncService = \OC::$server->query('CardDAVSyncService'); + $dbHandler = $this->getContainer()->query('DbHandler'); + return new SyncFederationAddressBooks($dbHandler, $syncService); + } + +} diff --git a/apps/federation/lib/BackgroundJob/GetSharedSecret.php b/apps/federation/lib/BackgroundJob/GetSharedSecret.php new file mode 100644 index 00000000000..66ab082c1a2 --- /dev/null +++ b/apps/federation/lib/BackgroundJob/GetSharedSecret.php @@ -0,0 +1,200 @@ + + * @author Thomas Müller + * + * @copyright Copyright (c) 2016, ownCloud, Inc. + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see + * + */ + + +namespace OCA\Federation\BackgroundJob; + +use GuzzleHttp\Exception\ClientException; +use OC\BackgroundJob\JobList; +use OC\BackgroundJob\Job; +use OCA\Federation\DbHandler; +use OCA\Federation\TrustedServers; +use OCP\AppFramework\Http; +use OCP\BackgroundJob\IJobList; +use OCP\Http\Client\IClient; +use OCP\Http\Client\IResponse; +use OCP\ILogger; +use OCP\IURLGenerator; + +/** + * Class GetSharedSecret + * + * request shared secret from remote ownCloud + * + * @package OCA\Federation\Backgroundjob + */ +class GetSharedSecret extends Job{ + + /** @var IClient */ + private $httpClient; + + /** @var IJobList */ + private $jobList; + + /** @var IURLGenerator */ + private $urlGenerator; + + /** @var TrustedServers */ + private $trustedServers; + + /** @var DbHandler */ + private $dbHandler; + + /** @var ILogger */ + private $logger; + + /** @var bool */ + protected $retainJob = false; + + private $endPoint = '/ocs/v2.php/apps/federation/api/v1/shared-secret?format=json'; + + /** + * RequestSharedSecret constructor. + * + * @param IClient $httpClient + * @param IURLGenerator $urlGenerator + * @param IJobList $jobList + * @param TrustedServers $trustedServers + * @param ILogger $logger + * @param DbHandler $dbHandler + */ + public function __construct( + IClient $httpClient = null, + IURLGenerator $urlGenerator = null, + IJobList $jobList = null, + TrustedServers $trustedServers = null, + ILogger $logger = null, + DbHandler $dbHandler = null + ) { + $this->logger = $logger ? $logger : \OC::$server->getLogger(); + $this->httpClient = $httpClient ? $httpClient : \OC::$server->getHTTPClientService()->newClient(); + $this->jobList = $jobList ? $jobList : \OC::$server->getJobList(); + $this->urlGenerator = $urlGenerator ? $urlGenerator : \OC::$server->getURLGenerator(); + $this->dbHandler = $dbHandler ? $dbHandler : new DbHandler(\OC::$server->getDatabaseConnection(), \OC::$server->getL10N('federation')); + if ($trustedServers) { + $this->trustedServers = $trustedServers; + } else { + $this->trustedServers = new TrustedServers( + $this->dbHandler, + \OC::$server->getHTTPClientService(), + $this->logger, + $this->jobList, + \OC::$server->getSecureRandom(), + \OC::$server->getConfig(), + \OC::$server->getEventDispatcher() + ); + } + } + + /** + * run the job, then remove it from the joblist + * + * @param JobList $jobList + * @param ILogger $logger + */ + public function execute($jobList, ILogger $logger = null) { + $target = $this->argument['url']; + // only execute if target is still in the list of trusted domains + if ($this->trustedServers->isTrustedServer($target)) { + $this->parentExecute($jobList, $logger); + } + + if (!$this->retainJob) { + $jobList->remove($this, $this->argument); + } + } + + /** + * call execute() method of parent + * + * @param JobList $jobList + * @param ILogger $logger + */ + protected function parentExecute($jobList, $logger) { + parent::execute($jobList, $logger); + } + + protected function run($argument) { + $target = $argument['url']; + $source = $this->urlGenerator->getAbsoluteURL('/'); + $source = rtrim($source, '/'); + $token = $argument['token']; + + $result = null; + try { + $result = $this->httpClient->get( + $target . $this->endPoint, + [ + 'query' => + [ + 'url' => $source, + 'token' => $token + ], + 'timeout' => 3, + 'connect_timeout' => 3, + ] + ); + + $status = $result->getStatusCode(); + + } catch (ClientException $e) { + $status = $e->getCode(); + if ($status === Http::STATUS_FORBIDDEN) { + $this->logger->info($target . ' refused to exchange a shared secret with you.', ['app' => 'federation']); + } else { + $this->logger->logException($e, ['app' => 'federation']); + } + } catch (\Exception $e) { + $status = Http::STATUS_INTERNAL_SERVER_ERROR; + $this->logger->logException($e, ['app' => 'federation']); + } + + // if we received a unexpected response we try again later + if ( + $status !== Http::STATUS_OK + && $status !== Http::STATUS_FORBIDDEN + ) { + $this->retainJob = true; + } else { + // reset token if we received a valid response + $this->dbHandler->addToken($target, ''); + } + + if ($status === Http::STATUS_OK && $result instanceof IResponse) { + $body = $result->getBody(); + $result = json_decode($body, true); + if (isset($result['ocs']['data']['sharedSecret'])) { + $this->trustedServers->addSharedSecret( + $target, + $result['ocs']['data']['sharedSecret'] + ); + } else { + $this->logger->error( + 'remote server "' . $target . '"" does not return a valid shared secret', + ['app' => 'federation'] + ); + $this->trustedServers->setServerStatus($target, TrustedServers::STATUS_FAILURE); + } + } + + } +} diff --git a/apps/federation/lib/BackgroundJob/RequestSharedSecret.php b/apps/federation/lib/BackgroundJob/RequestSharedSecret.php new file mode 100644 index 00000000000..040e8e1d8e2 --- /dev/null +++ b/apps/federation/lib/BackgroundJob/RequestSharedSecret.php @@ -0,0 +1,184 @@ + + * @author Robin Appelman + * @author Thomas Müller + * + * @copyright Copyright (c) 2016, ownCloud, Inc. + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see + * + */ + + +namespace OCA\Federation\BackgroundJob; + + +use GuzzleHttp\Exception\ClientException; +use OC\BackgroundJob\JobList; +use OC\BackgroundJob\Job; +use OCA\Federation\DbHandler; +use OCA\Federation\TrustedServers; +use OCP\AppFramework\Http; +use OCP\BackgroundJob\IJobList; +use OCP\Http\Client\IClient; +use OCP\ILogger; +use OCP\IURLGenerator; + +/** + * Class RequestSharedSecret + * + * Ask remote ownCloud to request a sharedSecret from this server + * + * @package OCA\Federation\Backgroundjob + */ +class RequestSharedSecret extends Job { + + /** @var IClient */ + private $httpClient; + + /** @var IJobList */ + private $jobList; + + /** @var IURLGenerator */ + private $urlGenerator; + + /** @var DbHandler */ + private $dbHandler; + + /** @var TrustedServers */ + private $trustedServers; + + private $endPoint = '/ocs/v2.php/apps/federation/api/v1/request-shared-secret?format=json'; + + /** @var ILogger */ + private $logger; + + /** @var bool */ + protected $retainJob = false; + + /** + * RequestSharedSecret constructor. + * + * @param IClient $httpClient + * @param IURLGenerator $urlGenerator + * @param IJobList $jobList + * @param TrustedServers $trustedServers + * @param DbHandler $dbHandler + */ + public function __construct( + IClient $httpClient = null, + IURLGenerator $urlGenerator = null, + IJobList $jobList = null, + TrustedServers $trustedServers = null, + DbHandler $dbHandler = null + ) { + $this->httpClient = $httpClient ? $httpClient : \OC::$server->getHTTPClientService()->newClient(); + $this->jobList = $jobList ? $jobList : \OC::$server->getJobList(); + $this->urlGenerator = $urlGenerator ? $urlGenerator : \OC::$server->getURLGenerator(); + $this->dbHandler = $dbHandler ? $dbHandler : new DbHandler(\OC::$server->getDatabaseConnection(), \OC::$server->getL10N('federation')); + $this->logger = \OC::$server->getLogger(); + if ($trustedServers) { + $this->trustedServers = $trustedServers; + } else { + $this->trustedServers = new TrustedServers( + $this->dbHandler, + \OC::$server->getHTTPClientService(), + $this->logger, + $this->jobList, + \OC::$server->getSecureRandom(), + \OC::$server->getConfig(), + \OC::$server->getEventDispatcher() + ); + } + } + + + /** + * run the job, then remove it from the joblist + * + * @param JobList $jobList + * @param ILogger $logger + */ + public function execute($jobList, ILogger $logger = null) { + $target = $this->argument['url']; + // only execute if target is still in the list of trusted domains + if ($this->trustedServers->isTrustedServer($target)) { + $this->parentExecute($jobList, $logger); + } + + if (!$this->retainJob) { + $jobList->remove($this, $this->argument); + } + } + + /** + * call execute() method of parent + * + * @param JobList $jobList + * @param ILogger $logger + */ + protected function parentExecute($jobList, $logger) { + parent::execute($jobList, $logger); + } + + protected function run($argument) { + + $target = $argument['url']; + $source = $this->urlGenerator->getAbsoluteURL('/'); + $source = rtrim($source, '/'); + $token = $argument['token']; + + try { + $result = $this->httpClient->post( + $target . $this->endPoint, + [ + 'body' => [ + 'url' => $source, + 'token' => $token, + ], + 'timeout' => 3, + 'connect_timeout' => 3, + ] + ); + + $status = $result->getStatusCode(); + + } catch (ClientException $e) { + $status = $e->getCode(); + if ($status === Http::STATUS_FORBIDDEN) { + $this->logger->info($target . ' refused to ask for a shared secret.', ['app' => 'federation']); + } else { + $this->logger->logException($e, ['app' => 'federation']); + } + } catch (\Exception $e) { + $status = Http::STATUS_INTERNAL_SERVER_ERROR; + $this->logger->logException($e, ['app' => 'federation']); + } + + // if we received a unexpected response we try again later + if ( + $status !== Http::STATUS_OK + && $status !== Http::STATUS_FORBIDDEN + ) { + $this->retainJob = true; + } + + if ($status === Http::STATUS_FORBIDDEN) { + // clear token if remote server refuses to ask for shared secret + $this->dbHandler->addToken($target, ''); + } + + } +} diff --git a/apps/federation/lib/Command/SyncFederationAddressBooks.php b/apps/federation/lib/Command/SyncFederationAddressBooks.php new file mode 100644 index 00000000000..879d38f8c22 --- /dev/null +++ b/apps/federation/lib/Command/SyncFederationAddressBooks.php @@ -0,0 +1,74 @@ + + * @author Lukas Reschke + * @author Thomas Müller + * + * @copyright Copyright (c) 2016, ownCloud, Inc. + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see + * + */ +namespace OCA\Federation\Command; + +use OCA\Federation\DbHandler; +use Symfony\Component\Console\Command\Command; +use Symfony\Component\Console\Helper\ProgressBar; +use Symfony\Component\Console\Input\InputInterface; +use Symfony\Component\Console\Output\OutputInterface; + +class SyncFederationAddressBooks extends Command { + + /** @var \OCA\Federation\SyncFederationAddressBooks */ + private $syncService; + + /** + * @param \OCA\Federation\SyncFederationAddressBooks $syncService + */ + function __construct(\OCA\Federation\SyncFederationAddressBooks $syncService) { + parent::__construct(); + + $this->syncService = $syncService; + } + + protected function configure() { + $this + ->setName('federation:sync-addressbooks') + ->setDescription('Synchronizes addressbooks of all federated clouds'); + } + + /** + * @param InputInterface $input + * @param OutputInterface $output + * @return int + */ + protected function execute(InputInterface $input, OutputInterface $output) { + + $progress = new ProgressBar($output); + $progress->start(); + $this->syncService->syncThemAll(function($url, $ex) use ($progress, $output) { + if ($ex instanceof \Exception) { + $output->writeln("Error while syncing $url : " . $ex->getMessage()); + + } else { + $progress->advance(); + } + }); + + $progress->finish(); + $output->writeln(''); + + return 0; + } +} diff --git a/apps/federation/lib/Controller/SettingsController.php b/apps/federation/lib/Controller/SettingsController.php new file mode 100644 index 00000000000..3adb6fced66 --- /dev/null +++ b/apps/federation/lib/Controller/SettingsController.php @@ -0,0 +1,122 @@ + + * + * @copyright Copyright (c) 2016, ownCloud, Inc. + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see + * + */ + +namespace OCA\Federation\Controller; + +use OC\HintException; +use OCA\Federation\TrustedServers; +use OCP\AppFramework\Controller; +use OCP\AppFramework\Http; +use OCP\AppFramework\Http\DataResponse; +use OCP\IL10N; +use OCP\IRequest; + + +class SettingsController extends Controller { + + /** @var IL10N */ + private $l; + + /** @var TrustedServers */ + private $trustedServers; + + /** + * @param string $AppName + * @param IRequest $request + * @param IL10N $l10n + * @param TrustedServers $trustedServers + */ + public function __construct($AppName, + IRequest $request, + IL10N $l10n, + TrustedServers $trustedServers + ) { + parent::__construct($AppName, $request); + $this->l = $l10n; + $this->trustedServers = $trustedServers; + } + + + /** + * add server to the list of trusted ownClouds + * + * @param string $url + * @return DataResponse + * @throws HintException + */ + public function addServer($url) { + $this->checkServer($url); + $id = $this->trustedServers->addServer($url); + + return new DataResponse( + [ + 'url' => $url, + 'id' => $id, + 'message' => (string) $this->l->t('Server added to the list of trusted ownClouds') + ] + ); + } + + /** + * add server to the list of trusted ownClouds + * + * @param int $id + * @return DataResponse + */ + public function removeServer($id) { + $this->trustedServers->removeServer($id); + return new DataResponse(); + } + + /** + * enable/disable to automatically add servers to the list of trusted servers + * once a federated share was created and accepted successfully + * + * @param bool $autoAddServers + */ + public function autoAddServers($autoAddServers) { + $this->trustedServers->setAutoAddServers($autoAddServers); + } + + /** + * check if the server should be added to the list of trusted servers or not + * + * @param string $url + * @return bool + * @throws HintException + */ + protected function checkServer($url) { + if ($this->trustedServers->isTrustedServer($url) === true) { + $message = 'Server is already in the list of trusted servers.'; + $hint = $this->l->t('Server is already in the list of trusted servers.'); + throw new HintException($message, $hint); + } + + if ($this->trustedServers->isOwnCloudServer($url) === false) { + $message = 'No ownCloud server found'; + $hint = $this->l->t('No ownCloud server found'); + throw new HintException($message, $hint); + } + + return true; + } + +} diff --git a/apps/federation/lib/DAV/FedAuth.php b/apps/federation/lib/DAV/FedAuth.php new file mode 100644 index 00000000000..bb1041adcdf --- /dev/null +++ b/apps/federation/lib/DAV/FedAuth.php @@ -0,0 +1,54 @@ + + * + * @copyright Copyright (c) 2016, ownCloud, Inc. + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see + * + */ +namespace OCA\Federation\DAV; + +use OCA\Federation\DbHandler; +use Sabre\DAV\Auth\Backend\AbstractBasic; + +class FedAuth extends AbstractBasic { + + /** @var DbHandler */ + private $db; + + /** + * FedAuth constructor. + * + * @param DbHandler $db + */ + public function __construct(DbHandler $db) { + $this->db = $db; + $this->principalPrefix = 'principals/system/'; + } + + /** + * Validates a username and password + * + * This method should return true or false depending on if login + * succeeded. + * + * @param string $username + * @param string $password + * @return bool + */ + protected function validateUserPass($username, $password) { + return $this->db->auth($username, $password); + } +} diff --git a/apps/federation/lib/DbHandler.php b/apps/federation/lib/DbHandler.php new file mode 100644 index 00000000000..8720560efc6 --- /dev/null +++ b/apps/federation/lib/DbHandler.php @@ -0,0 +1,318 @@ + + * @author Thomas Müller + * + * @copyright Copyright (c) 2016, ownCloud, Inc. + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see + * + */ + + +namespace OCA\Federation; + + +use OC\Files\Filesystem; +use OC\HintException; +use OCP\IDBConnection; +use OCP\IL10N; + +/** + * Class DbHandler + * + * handles all database calls for the federation app + * + * @group DB + * @package OCA\Federation + */ +class DbHandler { + + /** @var IDBConnection */ + private $connection; + + /** @var IL10N */ + private $l; + + /** @var string */ + private $dbTable = 'trusted_servers'; + + /** + * @param IDBConnection $connection + * @param IL10N $il10n + */ + public function __construct( + IDBConnection $connection, + IL10N $il10n + ) { + $this->connection = $connection; + $this->IL10N = $il10n; + } + + /** + * add server to the list of trusted ownCloud servers + * + * @param string $url + * @return int + * @throws HintException + */ + public function addServer($url) { + $hash = $this->hash($url); + $url = rtrim($url, '/'); + $query = $this->connection->getQueryBuilder(); + $query->insert($this->dbTable) + ->values( + [ + 'url' => $query->createParameter('url'), + 'url_hash' => $query->createParameter('url_hash'), + ] + ) + ->setParameter('url', $url) + ->setParameter('url_hash', $hash); + + $result = $query->execute(); + + if ($result) { + return (int)$this->connection->lastInsertId('*PREFIX*'.$this->dbTable); + } else { + $message = 'Internal failure, Could not add ownCloud as trusted server: ' . $url; + $message_t = $this->l->t('Could not add server'); + throw new HintException($message, $message_t); + } + } + + /** + * remove server from the list of trusted ownCloud servers + * + * @param int $id + */ + public function removeServer($id) { + $query = $this->connection->getQueryBuilder(); + $query->delete($this->dbTable) + ->where($query->expr()->eq('id', $query->createParameter('id'))) + ->setParameter('id', $id); + $query->execute(); + } + + /** + * get trusted server with given ID + * + * @param int $id + * @return array + * @throws \Exception + */ + public function getServerById($id) { + $query = $this->connection->getQueryBuilder(); + $query->select('*')->from($this->dbTable) + ->where($query->expr()->eq('id', $query->createParameter('id'))) + ->setParameter('id', $id); + $query->execute(); + $result = $query->execute()->fetchAll(); + + if (empty($result)) { + throw new \Exception('No Server found with ID: ' . $id); + } + + return $result[0]; + } + + /** + * get all trusted servers + * + * @return array + */ + public function getAllServer() { + $query = $this->connection->getQueryBuilder(); + $query->select(['url', 'url_hash', 'id', 'status', 'shared_secret', 'sync_token'])->from($this->dbTable); + $result = $query->execute()->fetchAll(); + return $result; + } + + /** + * check if server already exists in the database table + * + * @param string $url + * @return bool + */ + public function serverExists($url) { + $hash = $this->hash($url); + $query = $this->connection->getQueryBuilder(); + $query->select('url')->from($this->dbTable) + ->where($query->expr()->eq('url_hash', $query->createParameter('url_hash'))) + ->setParameter('url_hash', $hash); + $result = $query->execute()->fetchAll(); + + return !empty($result); + } + + /** + * write token to database. Token is used to exchange the secret + * + * @param string $url + * @param string $token + */ + public function addToken($url, $token) { + $hash = $this->hash($url); + $query = $this->connection->getQueryBuilder(); + $query->update($this->dbTable) + ->set('token', $query->createParameter('token')) + ->where($query->expr()->eq('url_hash', $query->createParameter('url_hash'))) + ->setParameter('url_hash', $hash) + ->setParameter('token', $token); + $query->execute(); + } + + /** + * get token stored in database + * + * @param string $url + * @return string + * @throws \Exception + */ + public function getToken($url) { + $hash = $this->hash($url); + $query = $this->connection->getQueryBuilder(); + $query->select('token')->from($this->dbTable) + ->where($query->expr()->eq('url_hash', $query->createParameter('url_hash'))) + ->setParameter('url_hash', $hash); + + $result = $query->execute()->fetch(); + + if (!isset($result['token'])) { + throw new \Exception('No token found for: ' . $url); + } + + return $result['token']; + } + + /** + * add shared Secret to database + * + * @param string $url + * @param string $sharedSecret + */ + public function addSharedSecret($url, $sharedSecret) { + $hash = $this->hash($url); + $query = $this->connection->getQueryBuilder(); + $query->update($this->dbTable) + ->set('shared_secret', $query->createParameter('sharedSecret')) + ->where($query->expr()->eq('url_hash', $query->createParameter('url_hash'))) + ->setParameter('url_hash', $hash) + ->setParameter('sharedSecret', $sharedSecret); + $query->execute(); + } + + /** + * get shared secret from database + * + * @param string $url + * @return string + */ + public function getSharedSecret($url) { + $hash = $this->hash($url); + $query = $this->connection->getQueryBuilder(); + $query->select('shared_secret')->from($this->dbTable) + ->where($query->expr()->eq('url_hash', $query->createParameter('url_hash'))) + ->setParameter('url_hash', $hash); + + $result = $query->execute()->fetch(); + return $result['shared_secret']; + } + + /** + * set server status + * + * @param string $url + * @param int $status + * @param string|null $token + */ + public function setServerStatus($url, $status, $token = null) { + $hash = $this->hash($url); + $query = $this->connection->getQueryBuilder(); + $query->update($this->dbTable) + ->set('status', $query->createNamedParameter($status)) + ->where($query->expr()->eq('url_hash', $query->createNamedParameter($hash))); + if (!is_null($token)) { + $query->set('sync_token', $query->createNamedParameter($token)); + } + $query->execute(); + } + + /** + * get server status + * + * @param string $url + * @return int + */ + public function getServerStatus($url) { + $hash = $this->hash($url); + $query = $this->connection->getQueryBuilder(); + $query->select('status')->from($this->dbTable) + ->where($query->expr()->eq('url_hash', $query->createParameter('url_hash'))) + ->setParameter('url_hash', $hash); + + $result = $query->execute()->fetch(); + return (int)$result['status']; + } + + /** + * create hash from URL + * + * @param string $url + * @return string + */ + protected function hash($url) { + $normalized = $this->normalizeUrl($url); + return sha1($normalized); + } + + /** + * normalize URL, used to create the sha1 hash + * + * @param string $url + * @return string + */ + protected function normalizeUrl($url) { + $normalized = $url; + + if (strpos($url, 'https://') === 0) { + $normalized = substr($url, strlen('https://')); + } else if (strpos($url, 'http://') === 0) { + $normalized = substr($url, strlen('http://')); + } + + $normalized = Filesystem::normalizePath($normalized); + $normalized = trim($normalized, '/'); + + return $normalized; + } + + /** + * @param $username + * @param $password + * @return bool + */ + public function auth($username, $password) { + if ($username !== 'system') { + return false; + } + $query = $this->connection->getQueryBuilder(); + $query->select('url')->from($this->dbTable) + ->where($query->expr()->eq('shared_secret', $query->createNamedParameter($password))); + + $result = $query->execute()->fetch(); + return !empty($result); + } + +} diff --git a/apps/federation/lib/Hooks.php b/apps/federation/lib/Hooks.php new file mode 100644 index 00000000000..b7f63d27f55 --- /dev/null +++ b/apps/federation/lib/Hooks.php @@ -0,0 +1,50 @@ + + * + * @copyright Copyright (c) 2016, ownCloud, Inc. + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see + * + */ + + +namespace OCA\Federation; + + + +class Hooks { + + /** @var TrustedServers */ + private $trustedServers; + + public function __construct(TrustedServers $trustedServers) { + $this->trustedServers = $trustedServers; + } + + /** + * add servers to the list of trusted servers once a federated share was established + * + * @param array $params + */ + public function addServerHook($params) { + if ( + $this->trustedServers->getAutoAddServers() === true && + $this->trustedServers->isTrustedServer($params['server']) === false + ) { + $this->trustedServers->addServer($params['server']); + } + } + +} diff --git a/apps/federation/lib/Middleware/AddServerMiddleware.php b/apps/federation/lib/Middleware/AddServerMiddleware.php new file mode 100644 index 00000000000..4b752f51ee4 --- /dev/null +++ b/apps/federation/lib/Middleware/AddServerMiddleware.php @@ -0,0 +1,72 @@ + + * @author Thomas Müller + * + * @copyright Copyright (c) 2016, ownCloud, Inc. + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see + * + */ + +namespace OCA\Federation\Middleware; + +use OC\HintException; +use OCP\AppFramework\Http; +use OCP\AppFramework\Http\JSONResponse; +use OCP\AppFramework\Middleware; +use OCP\IL10N; +use OCP\ILogger; + +class AddServerMiddleware extends Middleware { + + /** @var string */ + protected $appName; + + /** @var IL10N */ + protected $l; + + /** @var ILogger */ + protected $logger; + + public function __construct($appName, IL10N $l, ILogger $logger) { + $this->appName = $appName; + $this->l = $l; + $this->logger = $logger; + } + + /** + * Log error message and return a response which can be displayed to the user + * + * @param \OCP\AppFramework\Controller $controller + * @param string $methodName + * @param \Exception $exception + * @return JSONResponse + */ + public function afterException($controller, $methodName, \Exception $exception) { + $this->logger->error($exception->getMessage(), ['app' => $this->appName]); + if ($exception instanceof HintException) { + $message = $exception->getHint(); + } else { + $message = $exception->getMessage(); + } + + return new JSONResponse( + ['message' => $message], + Http::STATUS_BAD_REQUEST + ); + + } + +} diff --git a/apps/federation/lib/SyncFederationAddressBooks.php b/apps/federation/lib/SyncFederationAddressBooks.php new file mode 100644 index 00000000000..209094266ca --- /dev/null +++ b/apps/federation/lib/SyncFederationAddressBooks.php @@ -0,0 +1,82 @@ + + * @author Lukas Reschke + * @author Thomas Müller + * + * @copyright Copyright (c) 2016, ownCloud, Inc. + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see + * + */ +namespace OCA\Federation; + +use OCA\DAV\CardDAV\SyncService; +use OCP\AppFramework\Http; +use Symfony\Component\Console\Command\Command; +use Symfony\Component\Console\Helper\ProgressBar; +use Symfony\Component\Console\Input\InputInterface; +use Symfony\Component\Console\Output\OutputInterface; + +class SyncFederationAddressBooks { + + /** @var DbHandler */ + protected $dbHandler; + + /** @var SyncService */ + private $syncService; + + /** + * @param DbHandler $dbHandler + * @param SyncService $syncService + */ + function __construct(DbHandler $dbHandler, SyncService $syncService) { + $this->syncService = $syncService; + $this->dbHandler = $dbHandler; + } + + /** + * @param \Closure $callback + */ + public function syncThemAll(\Closure $callback) { + + $trustedServers = $this->dbHandler->getAllServer(); + foreach ($trustedServers as $trustedServer) { + $url = $trustedServer['url']; + $callback($url, null); + $sharedSecret = $trustedServer['shared_secret']; + $syncToken = $trustedServer['sync_token']; + + if (is_null($sharedSecret)) { + continue; + } + $targetBookId = $trustedServer['url_hash']; + $targetPrincipal = "principals/system/system"; + $targetBookProperties = [ + '{DAV:}displayname' => $url + ]; + try { + $newToken = $this->syncService->syncRemoteAddressBook($url, 'system', $sharedSecret, $syncToken, $targetBookId, $targetPrincipal, $targetBookProperties); + if ($newToken !== $syncToken) { + $this->dbHandler->setServerStatus($url, TrustedServers::STATUS_OK, $newToken); + } + } catch (\Exception $ex) { + if ($ex->getCode() === Http::STATUS_UNAUTHORIZED) { + $this->dbHandler->setServerStatus($url, TrustedServers::STATUS_ACCESS_REVOKED); + } + $callback($url, $ex); + } + } + } +} diff --git a/apps/federation/lib/SyncJob.php b/apps/federation/lib/SyncJob.php new file mode 100644 index 00000000000..2b904813b92 --- /dev/null +++ b/apps/federation/lib/SyncJob.php @@ -0,0 +1,43 @@ + + * + * @copyright Copyright (c) 2016, ownCloud, Inc. + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see + * + */ + +namespace OCA\Federation; + +use OC\BackgroundJob\TimedJob; +use OCA\Federation\AppInfo\Application; + +class SyncJob extends TimedJob { + + public function __construct() { + // Run once a day + $this->setInterval(24 * 60 * 60); + } + + protected function run($argument) { + $app = new Application(); + $ss = $app->getSyncService(); + $ss->syncThemAll(function($url, $ex) { + if ($ex instanceof \Exception) { + \OC::$server->getLogger()->error("Error while syncing $url : " . $ex->getMessage(), ['app' => 'fed-sync']); + } + }); + } +} diff --git a/apps/federation/lib/TrustedServers.php b/apps/federation/lib/TrustedServers.php new file mode 100644 index 00000000000..3b356ea2a49 --- /dev/null +++ b/apps/federation/lib/TrustedServers.php @@ -0,0 +1,270 @@ + + * @author Roeland Jago Douma + * @author Thomas Müller + * + * @copyright Copyright (c) 2016, ownCloud, Inc. + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see + * + */ + + +namespace OCA\Federation; + +use OC\HintException; +use OCP\AppFramework\Http; +use OCP\BackgroundJob\IJobList; +use OCP\Http\Client\IClientService; +use OCP\IConfig; +use OCP\ILogger; +use OCP\Security\ISecureRandom; +use Symfony\Component\EventDispatcher\EventDispatcherInterface; +use Symfony\Component\EventDispatcher\GenericEvent; + +class TrustedServers { + + /** after a user list was exchanged at least once successfully */ + const STATUS_OK = 1; + /** waiting for shared secret or initial user list exchange */ + const STATUS_PENDING = 2; + /** something went wrong, misconfigured server, software bug,... user interaction needed */ + const STATUS_FAILURE = 3; + /** remote server revoked access */ + const STATUS_ACCESS_REVOKED = 4; + + /** @var dbHandler */ + private $dbHandler; + + /** @var IClientService */ + private $httpClientService; + + /** @var ILogger */ + private $logger; + + /** @var IJobList */ + private $jobList; + + /** @var ISecureRandom */ + private $secureRandom; + + /** @var IConfig */ + private $config; + + /** @var EventDispatcherInterface */ + private $dispatcher; + + /** + * @param DbHandler $dbHandler + * @param IClientService $httpClientService + * @param ILogger $logger + * @param IJobList $jobList + * @param ISecureRandom $secureRandom + * @param IConfig $config + * @param EventDispatcherInterface $dispatcher + */ + public function __construct( + DbHandler $dbHandler, + IClientService $httpClientService, + ILogger $logger, + IJobList $jobList, + ISecureRandom $secureRandom, + IConfig $config, + EventDispatcherInterface $dispatcher + ) { + $this->dbHandler = $dbHandler; + $this->httpClientService = $httpClientService; + $this->logger = $logger; + $this->jobList = $jobList; + $this->secureRandom = $secureRandom; + $this->config = $config; + $this->dispatcher = $dispatcher; + } + + /** + * add server to the list of trusted ownCloud servers + * + * @param $url + * @return int server id + */ + public function addServer($url) { + $url = $this->updateProtocol($url); + $result = $this->dbHandler->addServer($url); + if ($result) { + $token = $this->secureRandom->generate(16); + $this->dbHandler->addToken($url, $token); + $this->jobList->add( + 'OCA\Federation\BackgroundJob\RequestSharedSecret', + [ + 'url' => $url, + 'token' => $token + ] + ); + } + + return $result; + } + + /** + * enable/disable to automatically add servers to the list of trusted servers + * once a federated share was created and accepted successfully + * + * @param bool $status + */ + public function setAutoAddServers($status) { + $value = $status ? '1' : '0'; + $this->config->setAppValue('federation', 'autoAddServers', $value); + } + + /** + * return if we automatically add servers to the list of trusted servers + * once a federated share was created and accepted successfully + * + * @return bool + */ + public function getAutoAddServers() { + $value = $this->config->getAppValue('federation', 'autoAddServers', '1'); + return $value === '1'; + } + + /** + * get shared secret for the given server + * + * @param string $url + * @return string + */ + public function getSharedSecret($url) { + return $this->dbHandler->getSharedSecret($url); + } + + /** + * add shared secret for the given server + * + * @param string $url + * @param $sharedSecret + */ + public function addSharedSecret($url, $sharedSecret) { + $this->dbHandler->addSharedSecret($url, $sharedSecret); + } + + /** + * remove server from the list of trusted ownCloud servers + * + * @param int $id + */ + public function removeServer($id) { + $server = $this->dbHandler->getServerById($id); + $this->dbHandler->removeServer($id); + $event = new GenericEvent($server['url_hash']); + $this->dispatcher->dispatch('OCP\Federation\TrustedServerEvent::remove', $event); + } + + /** + * get all trusted servers + * + * @return array + */ + public function getServers() { + return $this->dbHandler->getAllServer(); + } + + /** + * check if given server is a trusted ownCloud server + * + * @param string $url + * @return bool + */ + public function isTrustedServer($url) { + return $this->dbHandler->serverExists($url); + } + + /** + * set server status + * + * @param string $url + * @param int $status + */ + public function setServerStatus($url, $status) { + $this->dbHandler->setServerStatus($url, $status); + } + + /** + * @param string $url + * @return int + */ + public function getServerStatus($url) { + return $this->dbHandler->getServerStatus($url); + } + + /** + * check if URL point to a ownCloud server + * + * @param string $url + * @return bool + */ + public function isOwnCloudServer($url) { + $isValidOwnCloud = false; + $client = $this->httpClientService->newClient(); + $result = $client->get( + $url . '/status.php', + [ + 'timeout' => 3, + 'connect_timeout' => 3, + ] + ); + if ($result->getStatusCode() === Http::STATUS_OK) { + $isValidOwnCloud = $this->checkOwnCloudVersion($result->getBody()); + } + + return $isValidOwnCloud; + } + + /** + * check if ownCloud version is >= 9.0 + * + * @param $status + * @return bool + * @throws HintException + */ + protected function checkOwnCloudVersion($status) { + $decoded = json_decode($status, true); + if (!empty($decoded) && isset($decoded['version'])) { + if (!version_compare($decoded['version'], '9.0.0', '>=')) { + throw new HintException('Remote server version is too low. ownCloud 9.0 is required.'); + } + return true; + } + return false; + } + + /** + * check if the URL contain a protocol, if not add https + * + * @param string $url + * @return string + */ + protected function updateProtocol($url) { + if ( + strpos($url, 'https://') === 0 + || strpos($url, 'http://') === 0 + ) { + + return $url; + + } + + return 'https://' . $url; + } +} diff --git a/apps/federation/lib/dbhandler.php b/apps/federation/lib/dbhandler.php deleted file mode 100644 index 8720560efc6..00000000000 --- a/apps/federation/lib/dbhandler.php +++ /dev/null @@ -1,318 +0,0 @@ - - * @author Thomas Müller - * - * @copyright Copyright (c) 2016, ownCloud, Inc. - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see - * - */ - - -namespace OCA\Federation; - - -use OC\Files\Filesystem; -use OC\HintException; -use OCP\IDBConnection; -use OCP\IL10N; - -/** - * Class DbHandler - * - * handles all database calls for the federation app - * - * @group DB - * @package OCA\Federation - */ -class DbHandler { - - /** @var IDBConnection */ - private $connection; - - /** @var IL10N */ - private $l; - - /** @var string */ - private $dbTable = 'trusted_servers'; - - /** - * @param IDBConnection $connection - * @param IL10N $il10n - */ - public function __construct( - IDBConnection $connection, - IL10N $il10n - ) { - $this->connection = $connection; - $this->IL10N = $il10n; - } - - /** - * add server to the list of trusted ownCloud servers - * - * @param string $url - * @return int - * @throws HintException - */ - public function addServer($url) { - $hash = $this->hash($url); - $url = rtrim($url, '/'); - $query = $this->connection->getQueryBuilder(); - $query->insert($this->dbTable) - ->values( - [ - 'url' => $query->createParameter('url'), - 'url_hash' => $query->createParameter('url_hash'), - ] - ) - ->setParameter('url', $url) - ->setParameter('url_hash', $hash); - - $result = $query->execute(); - - if ($result) { - return (int)$this->connection->lastInsertId('*PREFIX*'.$this->dbTable); - } else { - $message = 'Internal failure, Could not add ownCloud as trusted server: ' . $url; - $message_t = $this->l->t('Could not add server'); - throw new HintException($message, $message_t); - } - } - - /** - * remove server from the list of trusted ownCloud servers - * - * @param int $id - */ - public function removeServer($id) { - $query = $this->connection->getQueryBuilder(); - $query->delete($this->dbTable) - ->where($query->expr()->eq('id', $query->createParameter('id'))) - ->setParameter('id', $id); - $query->execute(); - } - - /** - * get trusted server with given ID - * - * @param int $id - * @return array - * @throws \Exception - */ - public function getServerById($id) { - $query = $this->connection->getQueryBuilder(); - $query->select('*')->from($this->dbTable) - ->where($query->expr()->eq('id', $query->createParameter('id'))) - ->setParameter('id', $id); - $query->execute(); - $result = $query->execute()->fetchAll(); - - if (empty($result)) { - throw new \Exception('No Server found with ID: ' . $id); - } - - return $result[0]; - } - - /** - * get all trusted servers - * - * @return array - */ - public function getAllServer() { - $query = $this->connection->getQueryBuilder(); - $query->select(['url', 'url_hash', 'id', 'status', 'shared_secret', 'sync_token'])->from($this->dbTable); - $result = $query->execute()->fetchAll(); - return $result; - } - - /** - * check if server already exists in the database table - * - * @param string $url - * @return bool - */ - public function serverExists($url) { - $hash = $this->hash($url); - $query = $this->connection->getQueryBuilder(); - $query->select('url')->from($this->dbTable) - ->where($query->expr()->eq('url_hash', $query->createParameter('url_hash'))) - ->setParameter('url_hash', $hash); - $result = $query->execute()->fetchAll(); - - return !empty($result); - } - - /** - * write token to database. Token is used to exchange the secret - * - * @param string $url - * @param string $token - */ - public function addToken($url, $token) { - $hash = $this->hash($url); - $query = $this->connection->getQueryBuilder(); - $query->update($this->dbTable) - ->set('token', $query->createParameter('token')) - ->where($query->expr()->eq('url_hash', $query->createParameter('url_hash'))) - ->setParameter('url_hash', $hash) - ->setParameter('token', $token); - $query->execute(); - } - - /** - * get token stored in database - * - * @param string $url - * @return string - * @throws \Exception - */ - public function getToken($url) { - $hash = $this->hash($url); - $query = $this->connection->getQueryBuilder(); - $query->select('token')->from($this->dbTable) - ->where($query->expr()->eq('url_hash', $query->createParameter('url_hash'))) - ->setParameter('url_hash', $hash); - - $result = $query->execute()->fetch(); - - if (!isset($result['token'])) { - throw new \Exception('No token found for: ' . $url); - } - - return $result['token']; - } - - /** - * add shared Secret to database - * - * @param string $url - * @param string $sharedSecret - */ - public function addSharedSecret($url, $sharedSecret) { - $hash = $this->hash($url); - $query = $this->connection->getQueryBuilder(); - $query->update($this->dbTable) - ->set('shared_secret', $query->createParameter('sharedSecret')) - ->where($query->expr()->eq('url_hash', $query->createParameter('url_hash'))) - ->setParameter('url_hash', $hash) - ->setParameter('sharedSecret', $sharedSecret); - $query->execute(); - } - - /** - * get shared secret from database - * - * @param string $url - * @return string - */ - public function getSharedSecret($url) { - $hash = $this->hash($url); - $query = $this->connection->getQueryBuilder(); - $query->select('shared_secret')->from($this->dbTable) - ->where($query->expr()->eq('url_hash', $query->createParameter('url_hash'))) - ->setParameter('url_hash', $hash); - - $result = $query->execute()->fetch(); - return $result['shared_secret']; - } - - /** - * set server status - * - * @param string $url - * @param int $status - * @param string|null $token - */ - public function setServerStatus($url, $status, $token = null) { - $hash = $this->hash($url); - $query = $this->connection->getQueryBuilder(); - $query->update($this->dbTable) - ->set('status', $query->createNamedParameter($status)) - ->where($query->expr()->eq('url_hash', $query->createNamedParameter($hash))); - if (!is_null($token)) { - $query->set('sync_token', $query->createNamedParameter($token)); - } - $query->execute(); - } - - /** - * get server status - * - * @param string $url - * @return int - */ - public function getServerStatus($url) { - $hash = $this->hash($url); - $query = $this->connection->getQueryBuilder(); - $query->select('status')->from($this->dbTable) - ->where($query->expr()->eq('url_hash', $query->createParameter('url_hash'))) - ->setParameter('url_hash', $hash); - - $result = $query->execute()->fetch(); - return (int)$result['status']; - } - - /** - * create hash from URL - * - * @param string $url - * @return string - */ - protected function hash($url) { - $normalized = $this->normalizeUrl($url); - return sha1($normalized); - } - - /** - * normalize URL, used to create the sha1 hash - * - * @param string $url - * @return string - */ - protected function normalizeUrl($url) { - $normalized = $url; - - if (strpos($url, 'https://') === 0) { - $normalized = substr($url, strlen('https://')); - } else if (strpos($url, 'http://') === 0) { - $normalized = substr($url, strlen('http://')); - } - - $normalized = Filesystem::normalizePath($normalized); - $normalized = trim($normalized, '/'); - - return $normalized; - } - - /** - * @param $username - * @param $password - * @return bool - */ - public function auth($username, $password) { - if ($username !== 'system') { - return false; - } - $query = $this->connection->getQueryBuilder(); - $query->select('url')->from($this->dbTable) - ->where($query->expr()->eq('shared_secret', $query->createNamedParameter($password))); - - $result = $query->execute()->fetch(); - return !empty($result); - } - -} diff --git a/apps/federation/lib/hooks.php b/apps/federation/lib/hooks.php deleted file mode 100644 index b7f63d27f55..00000000000 --- a/apps/federation/lib/hooks.php +++ /dev/null @@ -1,50 +0,0 @@ - - * - * @copyright Copyright (c) 2016, ownCloud, Inc. - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see - * - */ - - -namespace OCA\Federation; - - - -class Hooks { - - /** @var TrustedServers */ - private $trustedServers; - - public function __construct(TrustedServers $trustedServers) { - $this->trustedServers = $trustedServers; - } - - /** - * add servers to the list of trusted servers once a federated share was established - * - * @param array $params - */ - public function addServerHook($params) { - if ( - $this->trustedServers->getAutoAddServers() === true && - $this->trustedServers->isTrustedServer($params['server']) === false - ) { - $this->trustedServers->addServer($params['server']); - } - } - -} diff --git a/apps/federation/lib/syncfederationaddressbooks.php b/apps/federation/lib/syncfederationaddressbooks.php deleted file mode 100644 index 209094266ca..00000000000 --- a/apps/federation/lib/syncfederationaddressbooks.php +++ /dev/null @@ -1,82 +0,0 @@ - - * @author Lukas Reschke - * @author Thomas Müller - * - * @copyright Copyright (c) 2016, ownCloud, Inc. - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see - * - */ -namespace OCA\Federation; - -use OCA\DAV\CardDAV\SyncService; -use OCP\AppFramework\Http; -use Symfony\Component\Console\Command\Command; -use Symfony\Component\Console\Helper\ProgressBar; -use Symfony\Component\Console\Input\InputInterface; -use Symfony\Component\Console\Output\OutputInterface; - -class SyncFederationAddressBooks { - - /** @var DbHandler */ - protected $dbHandler; - - /** @var SyncService */ - private $syncService; - - /** - * @param DbHandler $dbHandler - * @param SyncService $syncService - */ - function __construct(DbHandler $dbHandler, SyncService $syncService) { - $this->syncService = $syncService; - $this->dbHandler = $dbHandler; - } - - /** - * @param \Closure $callback - */ - public function syncThemAll(\Closure $callback) { - - $trustedServers = $this->dbHandler->getAllServer(); - foreach ($trustedServers as $trustedServer) { - $url = $trustedServer['url']; - $callback($url, null); - $sharedSecret = $trustedServer['shared_secret']; - $syncToken = $trustedServer['sync_token']; - - if (is_null($sharedSecret)) { - continue; - } - $targetBookId = $trustedServer['url_hash']; - $targetPrincipal = "principals/system/system"; - $targetBookProperties = [ - '{DAV:}displayname' => $url - ]; - try { - $newToken = $this->syncService->syncRemoteAddressBook($url, 'system', $sharedSecret, $syncToken, $targetBookId, $targetPrincipal, $targetBookProperties); - if ($newToken !== $syncToken) { - $this->dbHandler->setServerStatus($url, TrustedServers::STATUS_OK, $newToken); - } - } catch (\Exception $ex) { - if ($ex->getCode() === Http::STATUS_UNAUTHORIZED) { - $this->dbHandler->setServerStatus($url, TrustedServers::STATUS_ACCESS_REVOKED); - } - $callback($url, $ex); - } - } - } -} diff --git a/apps/federation/lib/syncjob.php b/apps/federation/lib/syncjob.php deleted file mode 100644 index 2b904813b92..00000000000 --- a/apps/federation/lib/syncjob.php +++ /dev/null @@ -1,43 +0,0 @@ - - * - * @copyright Copyright (c) 2016, ownCloud, Inc. - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see - * - */ - -namespace OCA\Federation; - -use OC\BackgroundJob\TimedJob; -use OCA\Federation\AppInfo\Application; - -class SyncJob extends TimedJob { - - public function __construct() { - // Run once a day - $this->setInterval(24 * 60 * 60); - } - - protected function run($argument) { - $app = new Application(); - $ss = $app->getSyncService(); - $ss->syncThemAll(function($url, $ex) { - if ($ex instanceof \Exception) { - \OC::$server->getLogger()->error("Error while syncing $url : " . $ex->getMessage(), ['app' => 'fed-sync']); - } - }); - } -} diff --git a/apps/federation/lib/trustedservers.php b/apps/federation/lib/trustedservers.php deleted file mode 100644 index 3b356ea2a49..00000000000 --- a/apps/federation/lib/trustedservers.php +++ /dev/null @@ -1,270 +0,0 @@ - - * @author Roeland Jago Douma - * @author Thomas Müller - * - * @copyright Copyright (c) 2016, ownCloud, Inc. - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see - * - */ - - -namespace OCA\Federation; - -use OC\HintException; -use OCP\AppFramework\Http; -use OCP\BackgroundJob\IJobList; -use OCP\Http\Client\IClientService; -use OCP\IConfig; -use OCP\ILogger; -use OCP\Security\ISecureRandom; -use Symfony\Component\EventDispatcher\EventDispatcherInterface; -use Symfony\Component\EventDispatcher\GenericEvent; - -class TrustedServers { - - /** after a user list was exchanged at least once successfully */ - const STATUS_OK = 1; - /** waiting for shared secret or initial user list exchange */ - const STATUS_PENDING = 2; - /** something went wrong, misconfigured server, software bug,... user interaction needed */ - const STATUS_FAILURE = 3; - /** remote server revoked access */ - const STATUS_ACCESS_REVOKED = 4; - - /** @var dbHandler */ - private $dbHandler; - - /** @var IClientService */ - private $httpClientService; - - /** @var ILogger */ - private $logger; - - /** @var IJobList */ - private $jobList; - - /** @var ISecureRandom */ - private $secureRandom; - - /** @var IConfig */ - private $config; - - /** @var EventDispatcherInterface */ - private $dispatcher; - - /** - * @param DbHandler $dbHandler - * @param IClientService $httpClientService - * @param ILogger $logger - * @param IJobList $jobList - * @param ISecureRandom $secureRandom - * @param IConfig $config - * @param EventDispatcherInterface $dispatcher - */ - public function __construct( - DbHandler $dbHandler, - IClientService $httpClientService, - ILogger $logger, - IJobList $jobList, - ISecureRandom $secureRandom, - IConfig $config, - EventDispatcherInterface $dispatcher - ) { - $this->dbHandler = $dbHandler; - $this->httpClientService = $httpClientService; - $this->logger = $logger; - $this->jobList = $jobList; - $this->secureRandom = $secureRandom; - $this->config = $config; - $this->dispatcher = $dispatcher; - } - - /** - * add server to the list of trusted ownCloud servers - * - * @param $url - * @return int server id - */ - public function addServer($url) { - $url = $this->updateProtocol($url); - $result = $this->dbHandler->addServer($url); - if ($result) { - $token = $this->secureRandom->generate(16); - $this->dbHandler->addToken($url, $token); - $this->jobList->add( - 'OCA\Federation\BackgroundJob\RequestSharedSecret', - [ - 'url' => $url, - 'token' => $token - ] - ); - } - - return $result; - } - - /** - * enable/disable to automatically add servers to the list of trusted servers - * once a federated share was created and accepted successfully - * - * @param bool $status - */ - public function setAutoAddServers($status) { - $value = $status ? '1' : '0'; - $this->config->setAppValue('federation', 'autoAddServers', $value); - } - - /** - * return if we automatically add servers to the list of trusted servers - * once a federated share was created and accepted successfully - * - * @return bool - */ - public function getAutoAddServers() { - $value = $this->config->getAppValue('federation', 'autoAddServers', '1'); - return $value === '1'; - } - - /** - * get shared secret for the given server - * - * @param string $url - * @return string - */ - public function getSharedSecret($url) { - return $this->dbHandler->getSharedSecret($url); - } - - /** - * add shared secret for the given server - * - * @param string $url - * @param $sharedSecret - */ - public function addSharedSecret($url, $sharedSecret) { - $this->dbHandler->addSharedSecret($url, $sharedSecret); - } - - /** - * remove server from the list of trusted ownCloud servers - * - * @param int $id - */ - public function removeServer($id) { - $server = $this->dbHandler->getServerById($id); - $this->dbHandler->removeServer($id); - $event = new GenericEvent($server['url_hash']); - $this->dispatcher->dispatch('OCP\Federation\TrustedServerEvent::remove', $event); - } - - /** - * get all trusted servers - * - * @return array - */ - public function getServers() { - return $this->dbHandler->getAllServer(); - } - - /** - * check if given server is a trusted ownCloud server - * - * @param string $url - * @return bool - */ - public function isTrustedServer($url) { - return $this->dbHandler->serverExists($url); - } - - /** - * set server status - * - * @param string $url - * @param int $status - */ - public function setServerStatus($url, $status) { - $this->dbHandler->setServerStatus($url, $status); - } - - /** - * @param string $url - * @return int - */ - public function getServerStatus($url) { - return $this->dbHandler->getServerStatus($url); - } - - /** - * check if URL point to a ownCloud server - * - * @param string $url - * @return bool - */ - public function isOwnCloudServer($url) { - $isValidOwnCloud = false; - $client = $this->httpClientService->newClient(); - $result = $client->get( - $url . '/status.php', - [ - 'timeout' => 3, - 'connect_timeout' => 3, - ] - ); - if ($result->getStatusCode() === Http::STATUS_OK) { - $isValidOwnCloud = $this->checkOwnCloudVersion($result->getBody()); - } - - return $isValidOwnCloud; - } - - /** - * check if ownCloud version is >= 9.0 - * - * @param $status - * @return bool - * @throws HintException - */ - protected function checkOwnCloudVersion($status) { - $decoded = json_decode($status, true); - if (!empty($decoded) && isset($decoded['version'])) { - if (!version_compare($decoded['version'], '9.0.0', '>=')) { - throw new HintException('Remote server version is too low. ownCloud 9.0 is required.'); - } - return true; - } - return false; - } - - /** - * check if the URL contain a protocol, if not add https - * - * @param string $url - * @return string - */ - protected function updateProtocol($url) { - if ( - strpos($url, 'https://') === 0 - || strpos($url, 'http://') === 0 - ) { - - return $url; - - } - - return 'https://' . $url; - } -} diff --git a/apps/federation/middleware/addservermiddleware.php b/apps/federation/middleware/addservermiddleware.php deleted file mode 100644 index 15781251349..00000000000 --- a/apps/federation/middleware/addservermiddleware.php +++ /dev/null @@ -1,72 +0,0 @@ - - * @author Thomas Müller - * - * @copyright Copyright (c) 2016, ownCloud, Inc. - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see - * - */ - -namespace OCA\Federation\Middleware ; - -use OC\HintException; -use OCP\AppFramework\Http; -use OCP\AppFramework\Http\JSONResponse; -use OCP\AppFramework\Middleware; -use OCP\IL10N; -use OCP\ILogger; - -class AddServerMiddleware extends Middleware { - - /** @var string */ - protected $appName; - - /** @var IL10N */ - protected $l; - - /** @var ILogger */ - protected $logger; - - public function __construct($appName, IL10N $l, ILogger $logger) { - $this->appName = $appName; - $this->l = $l; - $this->logger = $logger; - } - - /** - * Log error message and return a response which can be displayed to the user - * - * @param \OCP\AppFramework\Controller $controller - * @param string $methodName - * @param \Exception $exception - * @return JSONResponse - */ - public function afterException($controller, $methodName, \Exception $exception) { - $this->logger->error($exception->getMessage(), ['app' => $this->appName]); - if ($exception instanceof HintException) { - $message = $exception->getHint(); - } else { - $message = $exception->getMessage(); - } - - return new JSONResponse( - ['message' => $message], - Http::STATUS_BAD_REQUEST - ); - - } - -} -- cgit v1.2.3