From 71205b8b07be83c0a1ced3ce5dfe92629c7a5cc3 Mon Sep 17 00:00:00 2001 From: "Michiel@unhosted" Date: Fri, 2 Sep 2011 14:56:40 +0200 Subject: adding core_unhosted app --- apps/core_unhosted/admin.php | 50 +++++++++++++ apps/core_unhosted/ajax/deletetoken.php | 12 +++ apps/core_unhosted/ajax/link.php | 49 +++++++++++++ apps/core_unhosted/appinfo/database.xml | 59 +++++++++++++++ apps/core_unhosted/appinfo/info.xml | 10 +++ apps/core_unhosted/compat.php | 110 ++++++++++++++++++++++++++++ apps/core_unhosted/css/admin.css | 2 + apps/core_unhosted/img/island.png | Bin 0 -> 3674 bytes apps/core_unhosted/js/admin.js | 16 ++++ apps/core_unhosted/lib_unhosted.php | 86 ++++++++++++++++++++++ apps/core_unhosted/oauth_ro_auth.php | 73 ++++++++++++++++++ apps/core_unhosted/templates/admin.php | 19 +++++ apps/core_unhosted/templates/breadcrumb.php | 4 + apps/core_unhosted/templates/files.php | 9 +++ 14 files changed, 499 insertions(+) create mode 100644 apps/core_unhosted/admin.php create mode 100644 apps/core_unhosted/ajax/deletetoken.php create mode 100644 apps/core_unhosted/ajax/link.php create mode 100644 apps/core_unhosted/appinfo/database.xml create mode 100644 apps/core_unhosted/appinfo/info.xml create mode 100644 apps/core_unhosted/compat.php create mode 100644 apps/core_unhosted/css/admin.css create mode 100644 apps/core_unhosted/img/island.png create mode 100644 apps/core_unhosted/js/admin.js create mode 100644 apps/core_unhosted/lib_unhosted.php create mode 100644 apps/core_unhosted/oauth_ro_auth.php create mode 100644 apps/core_unhosted/templates/admin.php create mode 100644 apps/core_unhosted/templates/breadcrumb.php create mode 100644 apps/core_unhosted/templates/files.php diff --git a/apps/core_unhosted/admin.php b/apps/core_unhosted/admin.php new file mode 100644 index 00000000000..8a4f9f9a2e0 --- /dev/null +++ b/apps/core_unhosted/admin.php @@ -0,0 +1,50 @@ +. +* +*/ + + +// Init owncloud +require_once('../../lib/base.php'); +require_once( 'lib_unhosted.php' ); +require( 'template.php' ); + +// Check if we are a user +if( !OC_USER::isLoggedIn()){ +//var_export($_COOKIE); +//var_export($_SESSION); +//die('get a cookie!'); + header( "Location: ".OC_HELPER::linkTo( "index.php" )); + exit(); +} + +OC_APP::setActiveNavigationEntry( "unhosted_web_administration" ); + +OC_UTIL::addStyle( 'unhosted_web', 'admin' ); +OC_UTIL::addScript( 'unhosted_web', 'admin' ); + +// return template +$tmpl = new OC_TEMPLATE( "unhosted_web", "admin", "admin" ); +$tmpl->assign( 'tokens', OC_UnhostedWeb::getAllTokens()); +$tmpl->printPage(); + +?> diff --git a/apps/core_unhosted/ajax/deletetoken.php b/apps/core_unhosted/ajax/deletetoken.php new file mode 100644 index 00000000000..3e3668188bd --- /dev/null +++ b/apps/core_unhosted/ajax/deletetoken.php @@ -0,0 +1,12 @@ + diff --git a/apps/core_unhosted/ajax/link.php b/apps/core_unhosted/ajax/link.php new file mode 100644 index 00000000000..9f479cbd510 --- /dev/null +++ b/apps/core_unhosted/ajax/link.php @@ -0,0 +1,49 @@ + 'https://myfavouritesandwich.org:444/', + 'usr' => $_POST['userAddress'],//this is not necessarily the case, you could also use one owncloud user and many user addresses on it + 'pwd' => OC_User::generatePassword(), + ); + $storage = array( + 'dataScope' => $_POST['dataScope'], + 'storageType' => 'http://unhosted.org/spec/dav/0.1', + 'davUrl' => 'https://myfavouritesandwich.org:444/apps/unhosted_web/compat.php/'.$ownCloudDetails['usr'].'/unhosted/', + 'userAddress' => $_POST['userAddress'],//here, it refers to the user sent to DAV in the basic auth + ); + if(OC_User::userExists($ownCloudDetails['usr'])){ + $message = 'account reopened'; + $result = OC_User::setPassword($ownCloudDetails['usr'], $ownCloudDetails['pwd']); + } else { + $message = 'account created'; + $result = OC_User::createUser($ownCloudDetails['usr'], $ownCloudDetails['pwd']); + } + if($result) { + $storage['davToken'] = OC_UnhostedWeb::createDataScope( + 'https://myfavouritesandwich.org/', + $ownCloudDetails['usr'], $storage['dataScope']); + echo json_encode(array('ownCloudDetails' => $ownCloudDetails, 'storage' => $storage)); + exit(); + } else { + echo json_encode( array( "status" => "error", "data" => "couldn't ", "ownCloudDetails" => $ownCloudDetails)); + exit(); + } + } else { + echo json_encode( array( "status" => "error", "data" => "post not ok")); + } +} catch(Exception $e) { + echo json_encode( array( "status" => "error", "data" => $e)); +} +echo json_encode( array( "status" => "error", "data" => array( "message" => "Computer says 'no'" ))); +?> diff --git a/apps/core_unhosted/appinfo/database.xml b/apps/core_unhosted/appinfo/database.xml new file mode 100644 index 00000000000..db25657085b --- /dev/null +++ b/apps/core_unhosted/appinfo/database.xml @@ -0,0 +1,59 @@ + + + *dbname* + true + false + latin1 + + *dbprefix*authtoken + + + token + text + + true + 40 + + + appUrl + text + + true + 128 + + + user + text + + true + 64 + + + dataScope + text + + true + 64 + + + userAddress + text + + true + 64 + + + a_app_unhostedweb_user + true + + user + ascending + + + token + ascending + + + +
+ diff --git a/apps/core_unhosted/appinfo/info.xml b/apps/core_unhosted/appinfo/info.xml new file mode 100644 index 00000000000..dccbd3b8245 --- /dev/null +++ b/apps/core_unhosted/appinfo/info.xml @@ -0,0 +1,10 @@ + + + core_unhosted + Unhosted Web + On websites that allow unhosted accounts, use your owncloud as the storage for your user data + 0.1 + AGPL + Michiel de Jong + 2 + diff --git a/apps/core_unhosted/compat.php b/apps/core_unhosted/compat.php new file mode 100644 index 00000000000..88dac5e7b55 --- /dev/null +++ b/apps/core_unhosted/compat.php @@ -0,0 +1,110 @@ +. +* +*/ + + +// Do not load FS ... +$RUNTIME_NOSETUPFS = true; + +require_once('../../lib/base.php'); +require_once('Sabre/autoload.php'); +require_once('lib_unhosted.php'); +require_once('oauth_ro_auth.php'); + +ini_set('default_charset', 'UTF-8'); +#ini_set('error_reporting', ''); +@ob_clean(); + +//allow use as unhosted storage for other websites +if(isset($_SERVER['HTTP_ORIGIN'])) { + header('Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN']); + header('Access-Control-Max-Age: 3600'); + header('Access-Control-Allow-Methods: OPTIONS, GET, PUT, DELETE, PROPFIND'); + header('Access-Control-Allow-Headers: Authorization'); +} else { + header('Access-Control-Allow-Origin: *'); +} + +$path = substr($_SERVER["REQUEST_URI"], strlen($_SERVER["SCRIPT_NAME"])); +$pathParts = explode('/', $path); +// for webdav: +// 0/ 1 / 2 / 3 / 4 / 5 / 6 / 7 +// /$ownCloudUser/unhosted/webdav/$userHost/$userName/$dataScope/$key +// for oauth: +// 0/ 1 / 2 / 3 / 4 +// /$ownCloudUser/unhosted/oauth/auth + +if(count($pathParts) >= 8 && $pathParts[0] == '' && $pathParts[2] == 'unhosted' && $pathParts[3] == 'webdav') { + list($dummy0, $ownCloudUser, $dummy2, $dummy3, $userHost, $userName, $dataScope) = $pathParts; + + OC_Util::setupFS($ownCloudUser); + + // Create ownCloud Dir + $publicDir = new OC_Connector_Sabre_Directory(''); + $server = new Sabre_DAV_Server($publicDir); + + // Path to our script + $server->setBaseUri("$WEBROOT/apps/core_unhosted/compat.php/$ownCloudUser"); + + // Auth backend + $authBackend = new OC_Connector_Sabre_Auth_ro_oauth(OC_UnhostedWeb::getValidTokens($ownCloudUser, $userName.'@'.$userHost, $dataScope)); + + $authPlugin = new Sabre_DAV_Auth_Plugin($authBackend,'ownCloud');//should use $validTokens here + $server->addPlugin($authPlugin); + + // Also make sure there is a 'data' directory, writable by the server. This directory is used to store information about locks + $lockBackend = new OC_Connector_Sabre_Locks(); + $lockPlugin = new Sabre_DAV_Locks_Plugin($lockBackend); + $server->addPlugin($lockPlugin); + + // And off we go! + $server->exec(); +} else if(count($pathParts) >= 4 && $pathParts[0] == '' && $pathParts[2] == 'unhosted' && $pathParts[3] == 'oauth2' && $pathParts[4] = 'auth') { + if(isset($_POST['allow'])) { + //TODO: input checking. these explodes may fail to produces the desired arrays: + $ownCloudUser = $pathParts[1]; + foreach($_GET as $k => $v) { + if($k=='user_address'){ + $userAddress=$v; + } else if($k=='redirect_uri'){ + $appUrl=$v; + } else if($k=='scope'){ + $dataScope=$v; + } + } + if(OC_User::getUser() == $ownCloudUser) { + //TODO: check if this can be faked by editing the cookie in firebug! + $token=OC_UnhostedWeb::createDataScope($appUrl, $userAddress, $dataScope); + header('Location: '.$_GET['redirect_uri'].'#access_token='.$token.'&token_type=unhosted'); + } else { + die('not logged in: '.var_export($pathParts, true)); + } + } else { + echo '
'; + } +} else { + die('not webdav and not oauth. dont know what to do '.var_export($pathParts, true)); +} diff --git a/apps/core_unhosted/css/admin.css b/apps/core_unhosted/css/admin.css new file mode 100644 index 00000000000..f21b289f043 --- /dev/null +++ b/apps/core_unhosted/css/admin.css @@ -0,0 +1,2 @@ +td.path{min-width:200px} +td.expire{width:120px} \ No newline at end of file diff --git a/apps/core_unhosted/img/island.png b/apps/core_unhosted/img/island.png new file mode 100644 index 00000000000..8536e508e34 Binary files /dev/null and b/apps/core_unhosted/img/island.png differ diff --git a/apps/core_unhosted/js/admin.js b/apps/core_unhosted/js/admin.js new file mode 100644 index 00000000000..bf578c0b547 --- /dev/null +++ b/apps/core_unhosted/js/admin.js @@ -0,0 +1,16 @@ +$(document).ready(function() { + $("button.revoke").live('click', function( event ) { + event.preventDefault(); + var token=$(this).attr('data-token'); + var data="token="+token; + $.ajax({ + type: 'GET', + url: 'ajax/deletetoken.php', + cache: false, + data: data, + success: function(){ + $('#'+token).remove(); + } + }); + }); +}); diff --git a/apps/core_unhosted/lib_unhosted.php b/apps/core_unhosted/lib_unhosted.php new file mode 100644 index 00000000000..304759c521c --- /dev/null +++ b/apps/core_unhosted/lib_unhosted.php @@ -0,0 +1,86 @@ +execute(array($user,$userAddress,$dataScope)); + if( PEAR::isError($result)) { + $entry = 'DB Error: "'.$result->getMessage().'"
'; + $entry .= 'Offending command was: '.$result->getDebugInfo().'
'; + error_log( $entry ); + die( $entry ); + } + $ret = array(); + while($row=$result->fetchRow()){ + $ret[$row['token']]=$userAddress; + } + return $ret; + } + + public static function getAllTokens() { + $user=OC_User::getUser(); + $query=OC_DB::prepare("SELECT token,appUrl,userAddress,dataScope FROM *PREFIX*authtoken WHERE user=? LIMIT 100"); + $result=$query->execute(array($user)); + if( PEAR::isError($result)) { + $entry = 'DB Error: "'.$result->getMessage().'"
'; + $entry .= 'Offending command was: '.$result->getDebugInfo().'
'; + error_log( $entry ); + die( $entry ); + } + $ret = array(); + while($row=$result->fetchRow()){ + $ret[$row['token']] = array( + 'appUrl' => $row['appurl'], + 'userAddress' => $row['useraddress'], + 'dataScope' => $row['datascope'], + ); + } + return $ret; + } + + public static function deleteToken($token) { + $user=OC_User::getUser(); + $token=OC_DB::escape($token); + $query=OC_DB::prepare("DELETE FROM *PREFIX*authtoken WHERE token=? AND user=?"); + $result=$query->execute(array($token,$user)); + if( PEAR::isError($result)) { + $entry = 'DB Error: "'.$result->getMessage().'"
'; + $entry .= 'Offending command was: '.$result->getDebugInfo().'
'; + error_log( $entry ); + die( $entry ); + } + } + private static function addToken($token, $appUrl, $userAddress, $dataScope){ + $user=OC_User::getUser(); + $token=OC_DB::escape($token); + $appUrl=OC_DB::escape($appUrl); + $userAddress=OC_DB::escape($userAddress); + $dataScope=OC_DB::escape($dataScope); + $query=OC_DB::prepare("INSERT INTO *PREFIX*authtoken (`token`,`appUrl`,`user`,`userAddress`,`dataScope`) VALUES(?,?,?,?,?)"); + $result=$query->execute(array($token,$appUrl,$user,$userAddress,$dataScope)); + if( PEAR::isError($result)) { + $entry = 'DB Error: "'.$result->getMessage().'"
'; + $entry .= 'Offending command was: '.$result->getDebugInfo().'
'; + error_log( $entry ); + die( $entry ); + } + } + public static function createDataScope($appUrl, $userAddress, $dataScope){ + $token=uniqid(); + self::addToken($token, $appUrl, $userAddress, $dataScope); + //TODO: input checking on $userAddress and $dataScope + list($userName, $userHost) = explode('@', $userAddress); + OC_Util::setupFS(OC_User::getUser()); + $scopePathParts = array('unhosted', 'webdav', $userHost, $userName, $dataScope); + for($i=0;$i<=count($scopePathParts);$i++){ + $thisPath = '/'.implode('/', array_slice($scopePathParts, 0, $i)); + if(!OC_Filesystem::file_exists($thisPath)) { + OC_Filesystem::mkdir($thisPath); + } + } + return $token; + } +} diff --git a/apps/core_unhosted/oauth_ro_auth.php b/apps/core_unhosted/oauth_ro_auth.php new file mode 100644 index 00000000000..b785d85fead --- /dev/null +++ b/apps/core_unhosted/oauth_ro_auth.php @@ -0,0 +1,73 @@ +validTokens = $validTokensArg; + } + + /** + * Validates a username and password + * + * This method should return true or false depending on if login + * succeeded. + * + * @return bool + */ + protected function validateUserPass($username, $password){ + //always give read-only: + if(in_array($_SERVER['REQUEST_METHOD'], array('GET', 'HEAD', 'OPTIONS'))) { + OC_Util::setUpFS(); + return true; + } else if(isset($this->validTokens[$password]) && $this->validTokens[$password] == $username) { + OC_Util::setUpFS(); + return true; + } else { +var_export($_SERVER); +var_export($this->validTokens); +die('not getting in with "'.$username.'"/"'.$password.'"!'); + return false; + } + } + + //overwriting this to make it not automatically fail if no auth header is found: + public function authenticate(Sabre_DAV_Server $server,$realm) { + $auth = new Sabre_HTTP_BasicAuth(); + $auth->setHTTPRequest($server->httpRequest); + $auth->setHTTPResponse($server->httpResponse); + $auth->setRealm($realm); + $userpass = $auth->getUserPass(); + if (!$userpass) { + if(in_array($_SERVER['REQUEST_METHOD'], array('GET', 'HEAD', 'OPTIONS'))) { + $userpass = array('', ''); + } else { + $auth->requireLogin(); + throw new Sabre_DAV_Exception_NotAuthenticated('No basic authentication headers were found'); + } + } + + // Authenticates the user + if (!$this->validateUserPass($userpass[0],$userpass[1])) { + $auth->requireLogin(); + throw new Sabre_DAV_Exception_NotAuthenticated('Username or password does not match'); + } + $this->currentUser = $userpass[0]; + return true; + } + +} + diff --git a/apps/core_unhosted/templates/admin.php b/apps/core_unhosted/templates/admin.php new file mode 100644 index 00000000000..5ad76cc17c8 --- /dev/null +++ b/apps/core_unhosted/templates/admin.php @@ -0,0 +1,19 @@ + + + + + + + + + + $details):?> + + + + + + + + +
t( 'App-Url' ); ?>t( 'User-Address' ); ?>t( 'Token' ); ?>
diff --git a/apps/core_unhosted/templates/breadcrumb.php b/apps/core_unhosted/templates/breadcrumb.php new file mode 100644 index 00000000000..733531d9e10 --- /dev/null +++ b/apps/core_unhosted/templates/breadcrumb.php @@ -0,0 +1,4 @@ + " alt="Root" /> + + "> + \ No newline at end of file diff --git a/apps/core_unhosted/templates/files.php b/apps/core_unhosted/templates/files.php new file mode 100644 index 00000000000..b4ae17656c3 --- /dev/null +++ b/apps/core_unhosted/templates/files.php @@ -0,0 +1,9 @@ + + + + )" href="" title=""> + + + + + + \ No newline at end of file -- cgit v1.2.3 From e798c32375dd01ec578ccd6fd9420c72a22e4fc4 Mon Sep 17 00:00:00 2001 From: "Michiel@unhosted" Date: Fri, 2 Sep 2011 15:25:04 +0200 Subject: renaming core_unhosted app to just unhosted, and cleaning up unused files in it --- apps/core_unhosted/admin.php | 50 ------------- apps/core_unhosted/ajax/deletetoken.php | 12 --- apps/core_unhosted/ajax/link.php | 49 ------------- apps/core_unhosted/appinfo/database.xml | 59 --------------- apps/core_unhosted/appinfo/info.xml | 10 --- apps/core_unhosted/compat.php | 110 ---------------------------- apps/core_unhosted/css/admin.css | 2 - apps/core_unhosted/img/island.png | Bin 3674 -> 0 bytes apps/core_unhosted/js/admin.js | 16 ---- apps/core_unhosted/lib_unhosted.php | 86 ---------------------- apps/core_unhosted/oauth_ro_auth.php | 73 ------------------ apps/core_unhosted/templates/admin.php | 19 ----- apps/core_unhosted/templates/breadcrumb.php | 4 - apps/core_unhosted/templates/files.php | 9 --- apps/unhosted/appinfo/app.php | 5 ++ apps/unhosted/appinfo/database.xml | 59 +++++++++++++++ apps/unhosted/appinfo/info.xml | 10 +++ apps/unhosted/compat.php | 110 ++++++++++++++++++++++++++++ apps/unhosted/lib_unhosted.php | 86 ++++++++++++++++++++++ apps/unhosted/oauth_ro_auth.php | 73 ++++++++++++++++++ 20 files changed, 343 insertions(+), 499 deletions(-) delete mode 100644 apps/core_unhosted/admin.php delete mode 100644 apps/core_unhosted/ajax/deletetoken.php delete mode 100644 apps/core_unhosted/ajax/link.php delete mode 100644 apps/core_unhosted/appinfo/database.xml delete mode 100644 apps/core_unhosted/appinfo/info.xml delete mode 100644 apps/core_unhosted/compat.php delete mode 100644 apps/core_unhosted/css/admin.css delete mode 100644 apps/core_unhosted/img/island.png delete mode 100644 apps/core_unhosted/js/admin.js delete mode 100644 apps/core_unhosted/lib_unhosted.php delete mode 100644 apps/core_unhosted/oauth_ro_auth.php delete mode 100644 apps/core_unhosted/templates/admin.php delete mode 100644 apps/core_unhosted/templates/breadcrumb.php delete mode 100644 apps/core_unhosted/templates/files.php create mode 100644 apps/unhosted/appinfo/app.php create mode 100644 apps/unhosted/appinfo/database.xml create mode 100644 apps/unhosted/appinfo/info.xml create mode 100644 apps/unhosted/compat.php create mode 100644 apps/unhosted/lib_unhosted.php create mode 100644 apps/unhosted/oauth_ro_auth.php diff --git a/apps/core_unhosted/admin.php b/apps/core_unhosted/admin.php deleted file mode 100644 index 8a4f9f9a2e0..00000000000 --- a/apps/core_unhosted/admin.php +++ /dev/null @@ -1,50 +0,0 @@ -. -* -*/ - - -// Init owncloud -require_once('../../lib/base.php'); -require_once( 'lib_unhosted.php' ); -require( 'template.php' ); - -// Check if we are a user -if( !OC_USER::isLoggedIn()){ -//var_export($_COOKIE); -//var_export($_SESSION); -//die('get a cookie!'); - header( "Location: ".OC_HELPER::linkTo( "index.php" )); - exit(); -} - -OC_APP::setActiveNavigationEntry( "unhosted_web_administration" ); - -OC_UTIL::addStyle( 'unhosted_web', 'admin' ); -OC_UTIL::addScript( 'unhosted_web', 'admin' ); - -// return template -$tmpl = new OC_TEMPLATE( "unhosted_web", "admin", "admin" ); -$tmpl->assign( 'tokens', OC_UnhostedWeb::getAllTokens()); -$tmpl->printPage(); - -?> diff --git a/apps/core_unhosted/ajax/deletetoken.php b/apps/core_unhosted/ajax/deletetoken.php deleted file mode 100644 index 3e3668188bd..00000000000 --- a/apps/core_unhosted/ajax/deletetoken.php +++ /dev/null @@ -1,12 +0,0 @@ - diff --git a/apps/core_unhosted/ajax/link.php b/apps/core_unhosted/ajax/link.php deleted file mode 100644 index 9f479cbd510..00000000000 --- a/apps/core_unhosted/ajax/link.php +++ /dev/null @@ -1,49 +0,0 @@ - 'https://myfavouritesandwich.org:444/', - 'usr' => $_POST['userAddress'],//this is not necessarily the case, you could also use one owncloud user and many user addresses on it - 'pwd' => OC_User::generatePassword(), - ); - $storage = array( - 'dataScope' => $_POST['dataScope'], - 'storageType' => 'http://unhosted.org/spec/dav/0.1', - 'davUrl' => 'https://myfavouritesandwich.org:444/apps/unhosted_web/compat.php/'.$ownCloudDetails['usr'].'/unhosted/', - 'userAddress' => $_POST['userAddress'],//here, it refers to the user sent to DAV in the basic auth - ); - if(OC_User::userExists($ownCloudDetails['usr'])){ - $message = 'account reopened'; - $result = OC_User::setPassword($ownCloudDetails['usr'], $ownCloudDetails['pwd']); - } else { - $message = 'account created'; - $result = OC_User::createUser($ownCloudDetails['usr'], $ownCloudDetails['pwd']); - } - if($result) { - $storage['davToken'] = OC_UnhostedWeb::createDataScope( - 'https://myfavouritesandwich.org/', - $ownCloudDetails['usr'], $storage['dataScope']); - echo json_encode(array('ownCloudDetails' => $ownCloudDetails, 'storage' => $storage)); - exit(); - } else { - echo json_encode( array( "status" => "error", "data" => "couldn't ", "ownCloudDetails" => $ownCloudDetails)); - exit(); - } - } else { - echo json_encode( array( "status" => "error", "data" => "post not ok")); - } -} catch(Exception $e) { - echo json_encode( array( "status" => "error", "data" => $e)); -} -echo json_encode( array( "status" => "error", "data" => array( "message" => "Computer says 'no'" ))); -?> diff --git a/apps/core_unhosted/appinfo/database.xml b/apps/core_unhosted/appinfo/database.xml deleted file mode 100644 index db25657085b..00000000000 --- a/apps/core_unhosted/appinfo/database.xml +++ /dev/null @@ -1,59 +0,0 @@ - - - *dbname* - true - false - latin1 - - *dbprefix*authtoken - - - token - text - - true - 40 - - - appUrl - text - - true - 128 - - - user - text - - true - 64 - - - dataScope - text - - true - 64 - - - userAddress - text - - true - 64 - - - a_app_unhostedweb_user - true - - user - ascending - - - token - ascending - - - -
- diff --git a/apps/core_unhosted/appinfo/info.xml b/apps/core_unhosted/appinfo/info.xml deleted file mode 100644 index dccbd3b8245..00000000000 --- a/apps/core_unhosted/appinfo/info.xml +++ /dev/null @@ -1,10 +0,0 @@ - - - core_unhosted - Unhosted Web - On websites that allow unhosted accounts, use your owncloud as the storage for your user data - 0.1 - AGPL - Michiel de Jong - 2 - diff --git a/apps/core_unhosted/compat.php b/apps/core_unhosted/compat.php deleted file mode 100644 index 88dac5e7b55..00000000000 --- a/apps/core_unhosted/compat.php +++ /dev/null @@ -1,110 +0,0 @@ -. -* -*/ - - -// Do not load FS ... -$RUNTIME_NOSETUPFS = true; - -require_once('../../lib/base.php'); -require_once('Sabre/autoload.php'); -require_once('lib_unhosted.php'); -require_once('oauth_ro_auth.php'); - -ini_set('default_charset', 'UTF-8'); -#ini_set('error_reporting', ''); -@ob_clean(); - -//allow use as unhosted storage for other websites -if(isset($_SERVER['HTTP_ORIGIN'])) { - header('Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN']); - header('Access-Control-Max-Age: 3600'); - header('Access-Control-Allow-Methods: OPTIONS, GET, PUT, DELETE, PROPFIND'); - header('Access-Control-Allow-Headers: Authorization'); -} else { - header('Access-Control-Allow-Origin: *'); -} - -$path = substr($_SERVER["REQUEST_URI"], strlen($_SERVER["SCRIPT_NAME"])); -$pathParts = explode('/', $path); -// for webdav: -// 0/ 1 / 2 / 3 / 4 / 5 / 6 / 7 -// /$ownCloudUser/unhosted/webdav/$userHost/$userName/$dataScope/$key -// for oauth: -// 0/ 1 / 2 / 3 / 4 -// /$ownCloudUser/unhosted/oauth/auth - -if(count($pathParts) >= 8 && $pathParts[0] == '' && $pathParts[2] == 'unhosted' && $pathParts[3] == 'webdav') { - list($dummy0, $ownCloudUser, $dummy2, $dummy3, $userHost, $userName, $dataScope) = $pathParts; - - OC_Util::setupFS($ownCloudUser); - - // Create ownCloud Dir - $publicDir = new OC_Connector_Sabre_Directory(''); - $server = new Sabre_DAV_Server($publicDir); - - // Path to our script - $server->setBaseUri("$WEBROOT/apps/core_unhosted/compat.php/$ownCloudUser"); - - // Auth backend - $authBackend = new OC_Connector_Sabre_Auth_ro_oauth(OC_UnhostedWeb::getValidTokens($ownCloudUser, $userName.'@'.$userHost, $dataScope)); - - $authPlugin = new Sabre_DAV_Auth_Plugin($authBackend,'ownCloud');//should use $validTokens here - $server->addPlugin($authPlugin); - - // Also make sure there is a 'data' directory, writable by the server. This directory is used to store information about locks - $lockBackend = new OC_Connector_Sabre_Locks(); - $lockPlugin = new Sabre_DAV_Locks_Plugin($lockBackend); - $server->addPlugin($lockPlugin); - - // And off we go! - $server->exec(); -} else if(count($pathParts) >= 4 && $pathParts[0] == '' && $pathParts[2] == 'unhosted' && $pathParts[3] == 'oauth2' && $pathParts[4] = 'auth') { - if(isset($_POST['allow'])) { - //TODO: input checking. these explodes may fail to produces the desired arrays: - $ownCloudUser = $pathParts[1]; - foreach($_GET as $k => $v) { - if($k=='user_address'){ - $userAddress=$v; - } else if($k=='redirect_uri'){ - $appUrl=$v; - } else if($k=='scope'){ - $dataScope=$v; - } - } - if(OC_User::getUser() == $ownCloudUser) { - //TODO: check if this can be faked by editing the cookie in firebug! - $token=OC_UnhostedWeb::createDataScope($appUrl, $userAddress, $dataScope); - header('Location: '.$_GET['redirect_uri'].'#access_token='.$token.'&token_type=unhosted'); - } else { - die('not logged in: '.var_export($pathParts, true)); - } - } else { - echo '
'; - } -} else { - die('not webdav and not oauth. dont know what to do '.var_export($pathParts, true)); -} diff --git a/apps/core_unhosted/css/admin.css b/apps/core_unhosted/css/admin.css deleted file mode 100644 index f21b289f043..00000000000 --- a/apps/core_unhosted/css/admin.css +++ /dev/null @@ -1,2 +0,0 @@ -td.path{min-width:200px} -td.expire{width:120px} \ No newline at end of file diff --git a/apps/core_unhosted/img/island.png b/apps/core_unhosted/img/island.png deleted file mode 100644 index 8536e508e34..00000000000 Binary files a/apps/core_unhosted/img/island.png and /dev/null differ diff --git a/apps/core_unhosted/js/admin.js b/apps/core_unhosted/js/admin.js deleted file mode 100644 index bf578c0b547..00000000000 --- a/apps/core_unhosted/js/admin.js +++ /dev/null @@ -1,16 +0,0 @@ -$(document).ready(function() { - $("button.revoke").live('click', function( event ) { - event.preventDefault(); - var token=$(this).attr('data-token'); - var data="token="+token; - $.ajax({ - type: 'GET', - url: 'ajax/deletetoken.php', - cache: false, - data: data, - success: function(){ - $('#'+token).remove(); - } - }); - }); -}); diff --git a/apps/core_unhosted/lib_unhosted.php b/apps/core_unhosted/lib_unhosted.php deleted file mode 100644 index 304759c521c..00000000000 --- a/apps/core_unhosted/lib_unhosted.php +++ /dev/null @@ -1,86 +0,0 @@ -execute(array($user,$userAddress,$dataScope)); - if( PEAR::isError($result)) { - $entry = 'DB Error: "'.$result->getMessage().'"
'; - $entry .= 'Offending command was: '.$result->getDebugInfo().'
'; - error_log( $entry ); - die( $entry ); - } - $ret = array(); - while($row=$result->fetchRow()){ - $ret[$row['token']]=$userAddress; - } - return $ret; - } - - public static function getAllTokens() { - $user=OC_User::getUser(); - $query=OC_DB::prepare("SELECT token,appUrl,userAddress,dataScope FROM *PREFIX*authtoken WHERE user=? LIMIT 100"); - $result=$query->execute(array($user)); - if( PEAR::isError($result)) { - $entry = 'DB Error: "'.$result->getMessage().'"
'; - $entry .= 'Offending command was: '.$result->getDebugInfo().'
'; - error_log( $entry ); - die( $entry ); - } - $ret = array(); - while($row=$result->fetchRow()){ - $ret[$row['token']] = array( - 'appUrl' => $row['appurl'], - 'userAddress' => $row['useraddress'], - 'dataScope' => $row['datascope'], - ); - } - return $ret; - } - - public static function deleteToken($token) { - $user=OC_User::getUser(); - $token=OC_DB::escape($token); - $query=OC_DB::prepare("DELETE FROM *PREFIX*authtoken WHERE token=? AND user=?"); - $result=$query->execute(array($token,$user)); - if( PEAR::isError($result)) { - $entry = 'DB Error: "'.$result->getMessage().'"
'; - $entry .= 'Offending command was: '.$result->getDebugInfo().'
'; - error_log( $entry ); - die( $entry ); - } - } - private static function addToken($token, $appUrl, $userAddress, $dataScope){ - $user=OC_User::getUser(); - $token=OC_DB::escape($token); - $appUrl=OC_DB::escape($appUrl); - $userAddress=OC_DB::escape($userAddress); - $dataScope=OC_DB::escape($dataScope); - $query=OC_DB::prepare("INSERT INTO *PREFIX*authtoken (`token`,`appUrl`,`user`,`userAddress`,`dataScope`) VALUES(?,?,?,?,?)"); - $result=$query->execute(array($token,$appUrl,$user,$userAddress,$dataScope)); - if( PEAR::isError($result)) { - $entry = 'DB Error: "'.$result->getMessage().'"
'; - $entry .= 'Offending command was: '.$result->getDebugInfo().'
'; - error_log( $entry ); - die( $entry ); - } - } - public static function createDataScope($appUrl, $userAddress, $dataScope){ - $token=uniqid(); - self::addToken($token, $appUrl, $userAddress, $dataScope); - //TODO: input checking on $userAddress and $dataScope - list($userName, $userHost) = explode('@', $userAddress); - OC_Util::setupFS(OC_User::getUser()); - $scopePathParts = array('unhosted', 'webdav', $userHost, $userName, $dataScope); - for($i=0;$i<=count($scopePathParts);$i++){ - $thisPath = '/'.implode('/', array_slice($scopePathParts, 0, $i)); - if(!OC_Filesystem::file_exists($thisPath)) { - OC_Filesystem::mkdir($thisPath); - } - } - return $token; - } -} diff --git a/apps/core_unhosted/oauth_ro_auth.php b/apps/core_unhosted/oauth_ro_auth.php deleted file mode 100644 index b785d85fead..00000000000 --- a/apps/core_unhosted/oauth_ro_auth.php +++ /dev/null @@ -1,73 +0,0 @@ -validTokens = $validTokensArg; - } - - /** - * Validates a username and password - * - * This method should return true or false depending on if login - * succeeded. - * - * @return bool - */ - protected function validateUserPass($username, $password){ - //always give read-only: - if(in_array($_SERVER['REQUEST_METHOD'], array('GET', 'HEAD', 'OPTIONS'))) { - OC_Util::setUpFS(); - return true; - } else if(isset($this->validTokens[$password]) && $this->validTokens[$password] == $username) { - OC_Util::setUpFS(); - return true; - } else { -var_export($_SERVER); -var_export($this->validTokens); -die('not getting in with "'.$username.'"/"'.$password.'"!'); - return false; - } - } - - //overwriting this to make it not automatically fail if no auth header is found: - public function authenticate(Sabre_DAV_Server $server,$realm) { - $auth = new Sabre_HTTP_BasicAuth(); - $auth->setHTTPRequest($server->httpRequest); - $auth->setHTTPResponse($server->httpResponse); - $auth->setRealm($realm); - $userpass = $auth->getUserPass(); - if (!$userpass) { - if(in_array($_SERVER['REQUEST_METHOD'], array('GET', 'HEAD', 'OPTIONS'))) { - $userpass = array('', ''); - } else { - $auth->requireLogin(); - throw new Sabre_DAV_Exception_NotAuthenticated('No basic authentication headers were found'); - } - } - - // Authenticates the user - if (!$this->validateUserPass($userpass[0],$userpass[1])) { - $auth->requireLogin(); - throw new Sabre_DAV_Exception_NotAuthenticated('Username or password does not match'); - } - $this->currentUser = $userpass[0]; - return true; - } - -} - diff --git a/apps/core_unhosted/templates/admin.php b/apps/core_unhosted/templates/admin.php deleted file mode 100644 index 5ad76cc17c8..00000000000 --- a/apps/core_unhosted/templates/admin.php +++ /dev/null @@ -1,19 +0,0 @@ - - - - - - - - - - $details):?> - - - - - - - - -
t( 'App-Url' ); ?>t( 'User-Address' ); ?>t( 'Token' ); ?>
diff --git a/apps/core_unhosted/templates/breadcrumb.php b/apps/core_unhosted/templates/breadcrumb.php deleted file mode 100644 index 733531d9e10..00000000000 --- a/apps/core_unhosted/templates/breadcrumb.php +++ /dev/null @@ -1,4 +0,0 @@ - " alt="Root" /> - - "> - \ No newline at end of file diff --git a/apps/core_unhosted/templates/files.php b/apps/core_unhosted/templates/files.php deleted file mode 100644 index b4ae17656c3..00000000000 --- a/apps/core_unhosted/templates/files.php +++ /dev/null @@ -1,9 +0,0 @@ - - - - )" href="" title=""> - - - + - - \ No newline at end of file diff --git a/apps/unhosted/appinfo/app.php b/apps/unhosted/appinfo/app.php new file mode 100644 index 00000000000..84e07304534 --- /dev/null +++ b/apps/unhosted/appinfo/app.php @@ -0,0 +1,5 @@ + 10, + 'id' => 'unhosted', + 'name' => 'Unhosted Web' )); diff --git a/apps/unhosted/appinfo/database.xml b/apps/unhosted/appinfo/database.xml new file mode 100644 index 00000000000..db25657085b --- /dev/null +++ b/apps/unhosted/appinfo/database.xml @@ -0,0 +1,59 @@ + + + *dbname* + true + false + latin1 + + *dbprefix*authtoken + + + token + text + + true + 40 + + + appUrl + text + + true + 128 + + + user + text + + true + 64 + + + dataScope + text + + true + 64 + + + userAddress + text + + true + 64 + + + a_app_unhostedweb_user + true + + user + ascending + + + token + ascending + + + +
+ diff --git a/apps/unhosted/appinfo/info.xml b/apps/unhosted/appinfo/info.xml new file mode 100644 index 00000000000..359620f4578 --- /dev/null +++ b/apps/unhosted/appinfo/info.xml @@ -0,0 +1,10 @@ + + + unhosted + Unhosted Web + On websites that allow unhosted accounts, use your owncloud as the storage for your user data + 0.1 + AGPL + Michiel de Jong + 2 + diff --git a/apps/unhosted/compat.php b/apps/unhosted/compat.php new file mode 100644 index 00000000000..88dac5e7b55 --- /dev/null +++ b/apps/unhosted/compat.php @@ -0,0 +1,110 @@ +. +* +*/ + + +// Do not load FS ... +$RUNTIME_NOSETUPFS = true; + +require_once('../../lib/base.php'); +require_once('Sabre/autoload.php'); +require_once('lib_unhosted.php'); +require_once('oauth_ro_auth.php'); + +ini_set('default_charset', 'UTF-8'); +#ini_set('error_reporting', ''); +@ob_clean(); + +//allow use as unhosted storage for other websites +if(isset($_SERVER['HTTP_ORIGIN'])) { + header('Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN']); + header('Access-Control-Max-Age: 3600'); + header('Access-Control-Allow-Methods: OPTIONS, GET, PUT, DELETE, PROPFIND'); + header('Access-Control-Allow-Headers: Authorization'); +} else { + header('Access-Control-Allow-Origin: *'); +} + +$path = substr($_SERVER["REQUEST_URI"], strlen($_SERVER["SCRIPT_NAME"])); +$pathParts = explode('/', $path); +// for webdav: +// 0/ 1 / 2 / 3 / 4 / 5 / 6 / 7 +// /$ownCloudUser/unhosted/webdav/$userHost/$userName/$dataScope/$key +// for oauth: +// 0/ 1 / 2 / 3 / 4 +// /$ownCloudUser/unhosted/oauth/auth + +if(count($pathParts) >= 8 && $pathParts[0] == '' && $pathParts[2] == 'unhosted' && $pathParts[3] == 'webdav') { + list($dummy0, $ownCloudUser, $dummy2, $dummy3, $userHost, $userName, $dataScope) = $pathParts; + + OC_Util::setupFS($ownCloudUser); + + // Create ownCloud Dir + $publicDir = new OC_Connector_Sabre_Directory(''); + $server = new Sabre_DAV_Server($publicDir); + + // Path to our script + $server->setBaseUri("$WEBROOT/apps/core_unhosted/compat.php/$ownCloudUser"); + + // Auth backend + $authBackend = new OC_Connector_Sabre_Auth_ro_oauth(OC_UnhostedWeb::getValidTokens($ownCloudUser, $userName.'@'.$userHost, $dataScope)); + + $authPlugin = new Sabre_DAV_Auth_Plugin($authBackend,'ownCloud');//should use $validTokens here + $server->addPlugin($authPlugin); + + // Also make sure there is a 'data' directory, writable by the server. This directory is used to store information about locks + $lockBackend = new OC_Connector_Sabre_Locks(); + $lockPlugin = new Sabre_DAV_Locks_Plugin($lockBackend); + $server->addPlugin($lockPlugin); + + // And off we go! + $server->exec(); +} else if(count($pathParts) >= 4 && $pathParts[0] == '' && $pathParts[2] == 'unhosted' && $pathParts[3] == 'oauth2' && $pathParts[4] = 'auth') { + if(isset($_POST['allow'])) { + //TODO: input checking. these explodes may fail to produces the desired arrays: + $ownCloudUser = $pathParts[1]; + foreach($_GET as $k => $v) { + if($k=='user_address'){ + $userAddress=$v; + } else if($k=='redirect_uri'){ + $appUrl=$v; + } else if($k=='scope'){ + $dataScope=$v; + } + } + if(OC_User::getUser() == $ownCloudUser) { + //TODO: check if this can be faked by editing the cookie in firebug! + $token=OC_UnhostedWeb::createDataScope($appUrl, $userAddress, $dataScope); + header('Location: '.$_GET['redirect_uri'].'#access_token='.$token.'&token_type=unhosted'); + } else { + die('not logged in: '.var_export($pathParts, true)); + } + } else { + echo '
'; + } +} else { + die('not webdav and not oauth. dont know what to do '.var_export($pathParts, true)); +} diff --git a/apps/unhosted/lib_unhosted.php b/apps/unhosted/lib_unhosted.php new file mode 100644 index 00000000000..304759c521c --- /dev/null +++ b/apps/unhosted/lib_unhosted.php @@ -0,0 +1,86 @@ +execute(array($user,$userAddress,$dataScope)); + if( PEAR::isError($result)) { + $entry = 'DB Error: "'.$result->getMessage().'"
'; + $entry .= 'Offending command was: '.$result->getDebugInfo().'
'; + error_log( $entry ); + die( $entry ); + } + $ret = array(); + while($row=$result->fetchRow()){ + $ret[$row['token']]=$userAddress; + } + return $ret; + } + + public static function getAllTokens() { + $user=OC_User::getUser(); + $query=OC_DB::prepare("SELECT token,appUrl,userAddress,dataScope FROM *PREFIX*authtoken WHERE user=? LIMIT 100"); + $result=$query->execute(array($user)); + if( PEAR::isError($result)) { + $entry = 'DB Error: "'.$result->getMessage().'"
'; + $entry .= 'Offending command was: '.$result->getDebugInfo().'
'; + error_log( $entry ); + die( $entry ); + } + $ret = array(); + while($row=$result->fetchRow()){ + $ret[$row['token']] = array( + 'appUrl' => $row['appurl'], + 'userAddress' => $row['useraddress'], + 'dataScope' => $row['datascope'], + ); + } + return $ret; + } + + public static function deleteToken($token) { + $user=OC_User::getUser(); + $token=OC_DB::escape($token); + $query=OC_DB::prepare("DELETE FROM *PREFIX*authtoken WHERE token=? AND user=?"); + $result=$query->execute(array($token,$user)); + if( PEAR::isError($result)) { + $entry = 'DB Error: "'.$result->getMessage().'"
'; + $entry .= 'Offending command was: '.$result->getDebugInfo().'
'; + error_log( $entry ); + die( $entry ); + } + } + private static function addToken($token, $appUrl, $userAddress, $dataScope){ + $user=OC_User::getUser(); + $token=OC_DB::escape($token); + $appUrl=OC_DB::escape($appUrl); + $userAddress=OC_DB::escape($userAddress); + $dataScope=OC_DB::escape($dataScope); + $query=OC_DB::prepare("INSERT INTO *PREFIX*authtoken (`token`,`appUrl`,`user`,`userAddress`,`dataScope`) VALUES(?,?,?,?,?)"); + $result=$query->execute(array($token,$appUrl,$user,$userAddress,$dataScope)); + if( PEAR::isError($result)) { + $entry = 'DB Error: "'.$result->getMessage().'"
'; + $entry .= 'Offending command was: '.$result->getDebugInfo().'
'; + error_log( $entry ); + die( $entry ); + } + } + public static function createDataScope($appUrl, $userAddress, $dataScope){ + $token=uniqid(); + self::addToken($token, $appUrl, $userAddress, $dataScope); + //TODO: input checking on $userAddress and $dataScope + list($userName, $userHost) = explode('@', $userAddress); + OC_Util::setupFS(OC_User::getUser()); + $scopePathParts = array('unhosted', 'webdav', $userHost, $userName, $dataScope); + for($i=0;$i<=count($scopePathParts);$i++){ + $thisPath = '/'.implode('/', array_slice($scopePathParts, 0, $i)); + if(!OC_Filesystem::file_exists($thisPath)) { + OC_Filesystem::mkdir($thisPath); + } + } + return $token; + } +} diff --git a/apps/unhosted/oauth_ro_auth.php b/apps/unhosted/oauth_ro_auth.php new file mode 100644 index 00000000000..b785d85fead --- /dev/null +++ b/apps/unhosted/oauth_ro_auth.php @@ -0,0 +1,73 @@ +validTokens = $validTokensArg; + } + + /** + * Validates a username and password + * + * This method should return true or false depending on if login + * succeeded. + * + * @return bool + */ + protected function validateUserPass($username, $password){ + //always give read-only: + if(in_array($_SERVER['REQUEST_METHOD'], array('GET', 'HEAD', 'OPTIONS'))) { + OC_Util::setUpFS(); + return true; + } else if(isset($this->validTokens[$password]) && $this->validTokens[$password] == $username) { + OC_Util::setUpFS(); + return true; + } else { +var_export($_SERVER); +var_export($this->validTokens); +die('not getting in with "'.$username.'"/"'.$password.'"!'); + return false; + } + } + + //overwriting this to make it not automatically fail if no auth header is found: + public function authenticate(Sabre_DAV_Server $server,$realm) { + $auth = new Sabre_HTTP_BasicAuth(); + $auth->setHTTPRequest($server->httpRequest); + $auth->setHTTPResponse($server->httpResponse); + $auth->setRealm($realm); + $userpass = $auth->getUserPass(); + if (!$userpass) { + if(in_array($_SERVER['REQUEST_METHOD'], array('GET', 'HEAD', 'OPTIONS'))) { + $userpass = array('', ''); + } else { + $auth->requireLogin(); + throw new Sabre_DAV_Exception_NotAuthenticated('No basic authentication headers were found'); + } + } + + // Authenticates the user + if (!$this->validateUserPass($userpass[0],$userpass[1])) { + $auth->requireLogin(); + throw new Sabre_DAV_Exception_NotAuthenticated('Username or password does not match'); + } + $this->currentUser = $userpass[0]; + return true; + } + +} + -- cgit v1.2.3