/**
* @param ILogger $logger
* @param IUserSession $userSession
* @param Crypt $crypt
* @param KeyManager $keyManager
*/
public function __construct(ILogger $logger, IUserSession $userSession, Crypt $crypt, KeyManager $keyManager)
{
$this->logger = $logger;
$this->user = $userSession && $userSession->isLoggedIn() ? $userSession->getUser()->getUID() : false;
$this->crypt = $crypt;
$this->keyManager = $keyManager;
}
/**
* @param ILogger $logger
* @param IUserSession $userSession
* @param IConfig $config
*/
public function __construct(ILogger $logger, IUserSession $userSession, IConfig $config)
{
$this->logger = $logger;
$this->user = $userSession && $userSession->isLoggedIn() ? $userSession->getUser() : false;
$this->config = $config;
$this->supportedKeyFormats = ['hash', 'password'];
}
/**
* Creates a new tag
*
* @param string $data JSON encoded string containing the properties of the tag to create
* @param string $contentType content type of the data
* @return ISystemTag newly created system tag
*
* @throws BadRequest if a field was missing
* @throws Conflict if a tag with the same properties already exists
* @throws UnsupportedMediaType if the content type is not supported
*/
private function createTag($data, $contentType = 'application/json')
{
if (explode(';', $contentType)[0] === 'application/json') {
$data = json_decode($data, true);
} else {
throw new UnsupportedMediaType();
}
if (!isset($data['name'])) {
throw new BadRequest('Missing "name" attribute');
}
$tagName = $data['name'];
$userVisible = true;
$userAssignable = true;
if (isset($data['userVisible'])) {
$userVisible = (bool) $data['userVisible'];
}
if (isset($data['userAssignable'])) {
$userAssignable = (bool) $data['userAssignable'];
}
if ($userVisible === false || $userAssignable === false) {
if (!$this->userSession->isLoggedIn() || !$this->groupManager->isAdmin($this->userSession->getUser()->getUID())) {
throw new BadRequest('Not sufficient permissions');
}
}
try {
return $this->tagManager->createTag($tagName, $userVisible, $userAssignable);
} catch (TagAlreadyExistsException $e) {
throw new Conflict('Tag already exists', 0, $e);
}
}
/**
* Get the user we need to use
*
* Either the user is logged in, or we try to get it from the token
*
* @return string
* @throws \UnexpectedValueException If the token is invalid, does not exist or is not unique
*/
public function getCurrentUserId()
{
if (!$this->session->isLoggedIn()) {
return $this->getUserFromToken();
} else {
return $this->session->getUser()->getUID();
}
}
/**
* @param ILogger $logger
* @param IUserSession $userSession
* @param IConfig $config
* @param IL10N $l
*/
public function __construct(ILogger $logger, IUserSession $userSession, IConfig $config, IL10N $l)
{
$this->logger = $logger;
$this->user = $userSession && $userSession->isLoggedIn() ? $userSession->getUser()->getUID() : '"no user given"';
$this->config = $config;
$this->l = $l;
$this->supportedKeyFormats = ['hash', 'password'];
}
/**
* Util constructor.
*
* @param View $files
* @param Crypt $crypt
* @param ILogger $logger
* @param IUserSession $userSession
* @param IConfig $config
*/
public function __construct(View $files, Crypt $crypt, ILogger $logger, IUserSession $userSession, IConfig $config)
{
$this->files = $files;
$this->crypt = $crypt;
$this->logger = $logger;
$this->user = $userSession && $userSession->isLoggedIn() ? $userSession->getUser() : false;
$this->config = $config;
}
/**
* @param IUserSession $user
* @param Crypt $crypt
* @param ISecureRandom $random
* @param KeyManager $keyManager
* @param IConfig $config
* @param IStorage $keyStorage
* @param IFile $file
* @param View $view
*/
public function __construct(IUserSession $user, Crypt $crypt, ISecureRandom $random, KeyManager $keyManager, IConfig $config, IStorage $keyStorage, IFile $file, View $view)
{
$this->user = $user && $user->isLoggedIn() ? $user->getUser() : false;
$this->crypt = $crypt;
$this->random = $random;
$this->keyManager = $keyManager;
$this->config = $config;
$this->keyStorage = $keyStorage;
$this->view = $view;
$this->file = $file;
}
/**
* @param string $baseUri
* @param string $requestUri
* @param BackendInterface $authBackend
* @param callable $viewCallBack callback that should return the view for the dav endpoint
* @return Server
*/
public function createServer($baseUri, $requestUri, BackendInterface $authBackend, callable $viewCallBack)
{
// Fire up server
$objectTree = new \OCA\DAV\Connector\Sabre\ObjectTree();
$server = new \OCA\DAV\Connector\Sabre\Server($objectTree);
// Set URL explicitly due to reverse-proxy situations
$server->httpRequest->setUrl($requestUri);
$server->setBaseUri($baseUri);
// Load plugins
$defaults = new \OC_Defaults();
$server->addPlugin(new \OCA\DAV\Connector\Sabre\MaintenancePlugin($this->config));
$server->addPlugin(new \OCA\DAV\Connector\Sabre\BlockLegacyClientPlugin($this->config));
$server->addPlugin(new \Sabre\DAV\Auth\Plugin($authBackend, $defaults->getName()));
// FIXME: The following line is a workaround for legacy components relying on being able to send a GET to /
$server->addPlugin(new \OCA\DAV\Connector\Sabre\DummyGetResponsePlugin());
$server->addPlugin(new \OCA\DAV\Connector\Sabre\ExceptionLoggerPlugin('webdav', $this->logger));
$server->addPlugin(new \OCA\DAV\Connector\Sabre\LockPlugin());
// Some WebDAV clients do require Class 2 WebDAV support (locking), since
// we do not provide locking we emulate it using a fake locking plugin.
if ($this->request->isUserAgent(['/WebDAVFS/', '/Microsoft Office OneNote 2013/', '/Microsoft-WebDAV-MiniRedir/'])) {
$server->addPlugin(new \OCA\DAV\Connector\Sabre\FakeLockerPlugin());
}
if (BrowserErrorPagePlugin::isBrowserRequest($this->request)) {
$server->addPlugin(new BrowserErrorPagePlugin());
}
// wait with registering these until auth is handled and the filesystem is setup
$server->on('beforeMethod', function () use($server, $objectTree, $viewCallBack) {
// ensure the skeleton is copied
$userFolder = \OC::$server->getUserFolder();
/** @var \OC\Files\View $view */
$view = $viewCallBack($server);
$rootInfo = $view->getFileInfo('');
// Create ownCloud Dir
if ($rootInfo->getType() === 'dir') {
$root = new \OCA\DAV\Connector\Sabre\Directory($view, $rootInfo, $objectTree);
} else {
$root = new \OCA\DAV\Connector\Sabre\File($view, $rootInfo);
}
$objectTree->init($root, $view, $this->mountManager);
$server->addPlugin(new \OCA\DAV\Connector\Sabre\FilesPlugin($objectTree, $view, $this->config, false, !$this->config->getSystemValue('debug', false)));
$server->addPlugin(new \OCA\DAV\Connector\Sabre\QuotaPlugin($view));
if ($this->userSession->isLoggedIn()) {
$server->addPlugin(new \OCA\DAV\Connector\Sabre\TagsPlugin($objectTree, $this->tagManager));
$server->addPlugin(new \OCA\DAV\Connector\Sabre\SharesPlugin($objectTree, $this->userSession, $userFolder, \OC::$server->getShareManager()));
$server->addPlugin(new \OCA\DAV\Connector\Sabre\CommentPropertiesPlugin(\OC::$server->getCommentsManager(), $this->userSession));
$server->addPlugin(new \OCA\DAV\Connector\Sabre\FilesReportPlugin($objectTree, $view, \OC::$server->getSystemTagManager(), \OC::$server->getSystemTagObjectMapper(), $this->userSession, \OC::$server->getGroupManager(), $userFolder));
// custom properties plugin must be the last one
$server->addPlugin(new \Sabre\DAV\PropertyStorage\Plugin(new \OCA\DAV\Connector\Sabre\CustomPropertiesBackend($objectTree, $this->databaseConnection, $this->userSession->getUser())));
}
$server->addPlugin(new \OCA\DAV\Connector\Sabre\CopyEtagHeaderPlugin());
}, 30);
// priority 30: after auth (10) and acl(20), before lock(50) and handling the request
return $server;
}
/**
* @param \Sabre\DAV\Server $server
* @param $realm
* @return bool
*/
private function auth(\Sabre\DAV\Server $server, $realm)
{
if (\OC_User::handleApacheAuth() || $this->userSession->isLoggedIn() && is_null($this->session->get(self::DAV_AUTHENTICATED))) {
$user = $this->userSession->getUser()->getUID();
\OC_Util::setupFS($user);
$this->currentUser = $user;
$this->session->close();
return true;
}
return parent::authenticate($server, $realm);
}
/**
* @param string $appName
* @param IRequest $request an instance of the request
* @param IUserSession $userSession
*/
public function __construct($appName, IRequest $request, IUserSession $userSession)
{
parent::__construct($appName, $request);
if ($userSession->isLoggedIn()) {
$user = $userSession->getUser();
if ($user) {
$this->user = $user;
} else {
//TODO - throw exception
}
}
}
/**
* @PublicPage
* @NoCSRFRequired
* @UseSession
*
* @param string $user
* @param string $redirect_url
* @param string $remember_login
*
* @return TemplateResponse
*/
public function showLoginForm($user, $redirect_url, $remember_login)
{
if ($this->userSession->isLoggedIn()) {
return new RedirectResponse(\OC_Util::getDefaultPageUrl());
}
$parameters = array();
$loginMessages = $this->session->get('loginMessages');
$errors = [];
$messages = [];
if (is_array($loginMessages)) {
list($errors, $messages) = $loginMessages;
}
$this->session->remove('loginMessages');
foreach ($errors as $value) {
$parameters[$value] = true;
}
$parameters['messages'] = $messages;
if (!is_null($user) && $user !== '') {
$parameters['loginName'] = $user;
$parameters['user_autofocus'] = false;
} else {
$parameters['loginName'] = '';
$parameters['user_autofocus'] = true;
}
if (!empty($redirect_url)) {
$parameters['redirect_url'] = $redirect_url;
}
$parameters['canResetPassword'] = true;
if (!$this->config->getSystemValue('lost_password_link')) {
if (!is_null($user) && $user !== '') {
$userObj = $this->userManager->get($user);
if ($userObj instanceof IUser) {
$parameters['canResetPassword'] = $userObj->canChangePassword();
}
}
}
$parameters['alt_login'] = \OC_App::getAlternativeLogIns();
$parameters['rememberLoginAllowed'] = \OC_Util::rememberLoginAllowed();
$parameters['rememberLoginState'] = !empty($remember_login) ? $remember_login : 0;
if (!is_null($user) && $user !== '') {
$parameters['loginName'] = $user;
$parameters['user_autofocus'] = false;
} else {
$parameters['loginName'] = '';
$parameters['user_autofocus'] = true;
}
return new TemplateResponse($this->appName, 'login', $parameters, 'guest');
}
/**
* @param string $baseUri
* @param string $requestUri
* @param BackendInterface $authBackend
* @param callable $viewCallBack callback that should return the view for the dav endpoint
* @return Server
*/
public function createServer($baseUri, $requestUri, BackendInterface $authBackend, callable $viewCallBack)
{
// Fire up server
$objectTree = new \OC\Connector\Sabre\ObjectTree();
$server = new \OC\Connector\Sabre\Server($objectTree);
// Set URL explicitly due to reverse-proxy situations
$server->httpRequest->setUrl($requestUri);
$server->setBaseUri($baseUri);
// Load plugins
$defaults = new \OC_Defaults();
$server->addPlugin(new \OC\Connector\Sabre\MaintenancePlugin($this->config));
$server->addPlugin(new \OC\Connector\Sabre\BlockLegacyClientPlugin($this->config));
$server->addPlugin(new \Sabre\DAV\Auth\Plugin($authBackend, $defaults->getName()));
// FIXME: The following line is a workaround for legacy components relying on being able to send a GET to /
$server->addPlugin(new \OC\Connector\Sabre\DummyGetResponsePlugin());
$server->addPlugin(new \OC\Connector\Sabre\ExceptionLoggerPlugin('webdav', $this->logger));
$server->addPlugin(new \OC\Connector\Sabre\LockPlugin($objectTree));
$server->addPlugin(new \OC\Connector\Sabre\ListenerPlugin($this->dispatcher));
// Finder on OS X requires Class 2 WebDAV support (locking), since we do
// not provide locking we emulate it using a fake locking plugin.
if ($this->request->isUserAgent(['/WebDAVFS/'])) {
$server->addPlugin(new \OC\Connector\Sabre\FakeLockerPlugin());
}
// wait with registering these until auth is handled and the filesystem is setup
$server->on('beforeMethod', function () use($server, $objectTree, $viewCallBack) {
/** @var \OC\Files\View $view */
$view = $viewCallBack();
$rootInfo = $view->getFileInfo('');
// Create ownCloud Dir
if ($rootInfo->getType() === 'dir') {
$root = new \OC\Connector\Sabre\Directory($view, $rootInfo);
} else {
$root = new \OC\Connector\Sabre\File($view, $rootInfo);
}
$objectTree->init($root, $view, $this->mountManager);
$server->addPlugin(new \OC\Connector\Sabre\FilesPlugin($objectTree, $view));
$server->addPlugin(new \OC\Connector\Sabre\QuotaPlugin($view));
if ($this->userSession->isLoggedIn()) {
$server->addPlugin(new \OC\Connector\Sabre\TagsPlugin($objectTree, $this->tagManager));
// custom properties plugin must be the last one
$server->addPlugin(new \Sabre\DAV\PropertyStorage\Plugin(new \OC\Connector\Sabre\CustomPropertiesBackend($objectTree, $this->databaseConnection, $this->userSession->getUser())));
}
$server->addPlugin(new \OC\Connector\Sabre\CopyEtagHeaderPlugin());
}, 30);
// priority 30: after auth (10) and acl(20), before lock(50) and handling the request
return $server;
}
/**
* @param RequestInterface $request
* @param ResponseInterface $response
* @return array
*/
private function auth(RequestInterface $request, ResponseInterface $response)
{
if (\OC_User::handleApacheAuth() || $this->userSession->isLoggedIn() && is_null($this->session->get(self::DAV_AUTHENTICATED)) || $this->userSession->isLoggedIn() && $this->session->get(self::DAV_AUTHENTICATED) === $this->userSession->getUser()->getUID() && $request->getHeader('Authorization') === null) {
$user = $this->userSession->getUser()->getUID();
\OC_Util::setupFS($user);
$this->currentUser = $user;
$this->session->close();
return [true, $this->principalPrefix . $user];
}
if (!$this->userSession->isLoggedIn() && in_array('XMLHttpRequest', explode(',', $request->getHeader('X-Requested-With')))) {
// do not re-authenticate over ajax, use dummy auth name to prevent browser popup
$response->addHeader('WWW-Authenticate', 'DummyBasic realm="' . $this->realm . '"');
$response->setStatus(401);
throw new \Sabre\DAV\Exception\NotAuthenticated('Cannot authenticate over ajax calls');
}
return parent::check($request, $response);
}
/**
* @param \Sabre\DAV\Server $server
* @param string $realm
* @return bool
*/
private function auth(\Sabre\DAV\Server $server, $realm)
{
if (\OC_User::handleApacheAuth() || $this->userSession->isLoggedIn() && is_null($this->session->get(self::DAV_AUTHENTICATED))) {
$user = $this->userSession->getUser()->getUID();
\OC_Util::setupFS($user);
$this->currentUser = $user;
$this->session->close();
return true;
}
if ($server->httpRequest->getHeader('X-Requested-With') === 'XMLHttpRequest') {
// do not re-authenticate over ajax, use dummy auth name to prevent browser popup
$server->httpResponse->addHeader('WWW-Authenticate', 'DummyBasic realm="' . $realm . '"');
$server->httpResponse->setStatus(401);
throw new \Sabre\DAV\Exception\NotAuthenticated('Cannot authenticate over ajax calls');
}
return parent::authenticate($server, $realm);
}
/**
* @param RequestInterface $request
* @param ResponseInterface $response
* @return array
* @throws NotAuthenticated
*/
private function auth(RequestInterface $request, ResponseInterface $response)
{
$forcedLogout = false;
if (!$this->request->passesCSRFCheck() && $this->requiresCSRFCheck()) {
// In case of a fail with POST we need to recheck the credentials
if ($this->request->getMethod() === 'POST') {
$forcedLogout = true;
} else {
$response->setStatus(401);
throw new \Sabre\DAV\Exception\NotAuthenticated('CSRF check not passed.');
}
}
if ($forcedLogout) {
$this->userSession->logout();
} else {
if (\OC_User::handleApacheAuth() || $this->userSession->isLoggedIn() && is_null($this->session->get(self::DAV_AUTHENTICATED)) || $this->userSession->isLoggedIn() && $this->session->get(self::DAV_AUTHENTICATED) === $this->userSession->getUser()->getUID() && $request->getHeader('Authorization') === null) {
$user = $this->userSession->getUser()->getUID();
\OC_Util::setupFS($user);
$this->currentUser = $user;
$this->session->close();
return [true, $this->principalPrefix . $user];
}
}
if (!$this->userSession->isLoggedIn() && in_array('XMLHttpRequest', explode(',', $request->getHeader('X-Requested-With')))) {
// do not re-authenticate over ajax, use dummy auth name to prevent browser popup
$response->addHeader('WWW-Authenticate', 'DummyBasic realm="' . $this->realm . '"');
$response->setStatus(401);
throw new \Sabre\DAV\Exception\NotAuthenticated('Cannot authenticate over ajax calls');
}
$data = parent::check($request, $response);
if ($data[0] === true) {
$startPos = strrpos($data[1], '/') + 1;
$user = $this->userSession->getUser()->getUID();
$data[1] = substr_replace($data[1], $user, $startPos);
}
return $data;
}
/**
* @param IStorage $keyStorage
* @param Crypt $crypt
* @param IConfig $config
* @param IUserSession $userSession
* @param Session $session
* @param ILogger $log
* @param Util $util
*/
public function __construct(IStorage $keyStorage, Crypt $crypt, IConfig $config, IUserSession $userSession, Session $session, ILogger $log, Util $util)
{
$this->util = $util;
$this->session = $session;
$this->keyStorage = $keyStorage;
$this->crypt = $crypt;
$this->config = $config;
$this->log = $log;
$this->recoveryKeyId = $this->config->getAppValue('encryption', 'recoveryKeyId');
if (empty($this->recoveryKeyId)) {
$this->recoveryKeyId = 'recoveryKey_' . substr(md5(time()), 0, 8);
$this->config->setAppValue('encryption', 'recoveryKeyId', $this->recoveryKeyId);
}
$this->publicShareKeyId = $this->config->getAppValue('encryption', 'publicShareKeyId');
if (empty($this->publicShareKeyId)) {
$this->publicShareKeyId = 'pubShare_' . substr(md5(time()), 0, 8);
$this->config->setAppValue('encryption', 'publicShareKeyId', $this->publicShareKeyId);
}
$this->masterKeyId = $this->config->getAppValue('encryption', 'masterKeyId');
if (empty($this->masterKeyId)) {
$this->masterKeyId = 'master_' . substr(md5(time()), 0, 8);
$this->config->setAppValue('encryption', 'masterKeyId', $this->masterKeyId);
}
$this->keyId = $userSession && $userSession->isLoggedIn() ? $userSession->getUser()->getUID() : false;
$this->log = $log;
}
/**
* @param IStorage $keyStorage
* @param Crypt $crypt
* @param IConfig $config
* @param IUserSession $userSession
* @param Session $session
* @param ILogger $log
* @param Util $util
*/
public function __construct(IStorage $keyStorage, Crypt $crypt, IConfig $config, IUserSession $userSession, Session $session, ILogger $log, Util $util)
{
$this->util = $util;
$this->session = $session;
$this->keyStorage = $keyStorage;
$this->crypt = $crypt;
$this->config = $config;
$this->log = $log;
$this->recoveryKeyId = $this->config->getAppValue('encryption', 'recoveryKeyId');
if (empty($this->recoveryKeyId)) {
$this->recoveryKeyId = 'recoveryKey_' . substr(md5(time()), 0, 8);
$this->config->setAppValue('encryption', 'recoveryKeyId', $this->recoveryKeyId);
}
$this->publicShareKeyId = $this->config->getAppValue('encryption', 'publicShareKeyId');
if (empty($this->publicShareKeyId)) {
$this->publicShareKeyId = 'pubShare_' . substr(md5(time()), 0, 8);
$this->config->setAppValue('encryption', 'publicShareKeyId', $this->publicShareKeyId);
}
$shareKey = $this->getPublicShareKey();
if (empty($shareKey)) {
$keyPair = $this->crypt->createKeyPair();
// Save public key
$this->keyStorage->setSystemUserKey($this->publicShareKeyId . '.publicKey', $keyPair['publicKey']);
// Encrypt private key empty passphrase
$encryptedKey = $this->crypt->symmetricEncryptFileContent($keyPair['privateKey'], '');
$this->keyStorage->setSystemUserKey($this->publicShareKeyId . '.privateKey', $encryptedKey);
}
$this->keyId = $userSession && $userSession->isLoggedIn() ? $userSession->getUser()->getUID() : false;
$this->log = $log;
}
/**
* @param ILogger $logger
* @param IUserSession $userSession
* @param IConfig $config
*/
public function __construct(ILogger $logger, IUserSession $userSession, IConfig $config)
{
$this->logger = $logger;
$this->user = $userSession && $userSession->isLoggedIn() ? $userSession->getUser() : false;
$this->config = $config;
}
