public function method_GET() { $this->assert(BeeHub::PRIV_READ_CONTENT); // You can request the POST authentication code through the system // collection with a 'POST_auth_code' query field set. However, this is only // allowed when using HTTPS if (isset($_GET['POST_auth_code'])) { return BeeHub::getAuth()->getPostAuthCode(); } $this->include_view(); }
public function method_POST(&$headers) { $displayname = $_POST['displayname']; $description = $_POST['description']; $group_name = $_POST['group_name']; $user_sponsor = BeeHub::getAuth()->current_user()->user_prop(BeeHub::PROP_SPONSOR); // If you don't have a (default) sponsor, you're not allowed to add a group if (empty($user_sponsor)) { throw DAV::forbidden("Only users with a sponsor are allowed to create groups"); } // Group name must be one of the following characters a-zA-Z0-9_-., starting with an alphanumeric character and must be between 1 and 255 characters long and can't be one of the forbidden names if (empty($displayname) || in_array(strtolower($group_name), BeeHub::$FORBIDDEN_GROUP_NAMES) || !preg_match('/^[a-zA-Z0-9]{1}[a-zA-Z0-9_\\-\\.]{0,254}$/D', $group_name)) { throw new DAV_Status(DAV::HTTP_BAD_REQUEST, 'Group name has the wrong format. The name can be a maximum of 255 characters long and should start with an alphanumeric character, followed by alphanumeric characters or one of the following: _-.'); } // Check if the group name doesn't exist $collection = BeeHub::getNoSQL()->groups; $result = $collection->findOne(array('name' => $group_name), array('name' => true)); if (!is_null($result)) { // Duplicate key: bad request! throw new DAV_Status(DAV::HTTP_CONFLICT, "Group name already exists, please choose a different group name!"); } $groupdir = DAV::unslashify(BeeHub::$CONFIG['environment']['datadir']) . DIRECTORY_SEPARATOR . $group_name; // Check for existing groupdir if (file_exists($groupdir)) { throw new DAV_Status(DAV::HTTP_INTERNAL_SERVER_ERROR); } // Store in the database $collection->insert(array('name' => $group_name)); // Fetch the group and store extra properties $group = DAV::$REGISTRY->resource(BeeHub::GROUPS_PATH . $group_name); $group->user_set(DAV::PROP_DISPLAYNAME, $displayname); if (!empty($description)) { $group->user_set(BeeHub::PROP_DESCRIPTION, $description); } $group->storeProperties(); // Add the current user as admin of the group $group->change_memberships(basename($this->user_prop_current_user_principal()), BeeHub_Group::USER_ACCEPT); $group->change_memberships(basename($this->user_prop_current_user_principal()), BeeHub_Group::ADMIN_ACCEPT); $group->change_memberships(basename($this->user_prop_current_user_principal()), BeeHub_Group::SET_ADMIN); // And create a group directory if (!mkdir($groupdir)) { throw new DAV_Status(DAV::HTTP_INTERNAL_SERVER_ERROR); } // And create the directory in the database $document = array('path' => $group_name, 'depth' => 1, 'collection' => true); $filesCollection = BeeHub::getNoSQL()->files; $filesCollection->save($document); $groupdir_resource = DAV::$REGISTRY->resource('/' . $group_name); $groupdir_resource->user_set(BeeHub::PROP_SPONSOR, $user_sponsor); $groupdir_resource->user_set(DAV::PROP_ACL, '[["' . BeeHub::GROUPS_PATH . $group->name . '",false,["DAV: read", "DAV: write"],false]]'); $groupdir_resource->storeProperties(); // Group created, redirect to the group page DAV::redirect(DAV::HTTP_SEE_OTHER, BeeHub::GROUPS_PATH . $group->name); }
private function internal_create_member($name, $collection = false) { $this->assert(DAVACL::PRIV_WRITE_CONTENT); $path = $this->path . $name; $localPath = BeeHub::localPath($path); $cups = $this->current_user_principals(); // Determine the sponsor $user = BeeHub::getAuth()->current_user(); if (!is_null($user)) { $user_sponsors = $user->user_prop_sponsor_membership(); } if (is_null($user) || count($user_sponsors) == 0) { // If the user doesn't have any sponsors, he/she can't create files and directories throw DAV::forbidden("You need to be logged in and have at least one sponsor to upload files"); } $sponsor = $this->user_prop(BeeHub::PROP_SPONSOR); // The default is the directory sponsor if (!in_array($sponsor, $user_sponsors)) { //But a user can only create files sponsored by his own sponsors $sponsor = $user->user_prop(BeeHub::PROP_SPONSOR); } // Create the subdirectory or file if (file_exists($localPath)) { throw DAV::forbidden(); } $result = $collection ? @mkdir($localPath) : touch($localPath); if (!$result) { throw new DAV_Status(DAV::HTTP_INTERNAL_SERVER_ERROR); } // And create the object in the database $unslashifiedPath = \DAV::unslashify($path); if (substr($unslashifiedPath, 0, 1) === '/') { $unslashifiedPath = substr($unslashifiedPath, 1); } $document = array('path' => $unslashifiedPath, 'depth' => substr_count($unslashifiedPath, '/') + 1); if ($collection) { $document['collection'] = true; } $filesCollection = BeeHub::getNoSQL()->files; $filesCollection->save($document); // And set the attributes $new_resource = DAV::$REGISTRY->resource($path); if (!$collection) { $new_resource->user_set(DAV::PROP_GETETAG, BeeHub::ETag()); } $new_resource->user_set(DAV::PROP_OWNER, $this->user_prop_current_user_principal()); $new_resource->user_set(BeeHub::PROP_SPONSOR, $sponsor); $new_resource->storeProperties(); return $new_resource; }
$i = $i + 1; } ?> </div> </div> <!-- End join tab --> <!-- Create tab --> <br/> <div id="bh-gss-panel-create" class="tab-pane fade"> <form id="bh-gss-create-form" class="form-horizontal" action="<?php echo BeeHub::SPONSORS_PATH; ?> " method="post"> <input type="hidden" name="POST_auth_code" value="<?php echo DAV::xmlescape(BeeHub::getAuth()->getPostAuthCode()); ?> " /> <div class="control-group"> <label class="control-label" for="bh-gss-name">Sponsor name</label> <div class="controls"> <input type="text" id="bh-gss-name" name="sponsor_name" required> </div> </div> <div class="control-group"> <label class="control-label" for="bh-gss-display-name">Display name</label> <div class="controls"> <input type="text" id="bh-gss-display-name" name="displayname" required> </div> </div> <div class="control-group">
// We need SimpleSamlPHP require_once BeeHub::$CONFIG['environment']['simplesamlphp'] . 'lib' . DIRECTORY_SEPARATOR . '_autoload.php'; if (isset($_SERVER['HTTP_ORIGIN']) && !empty($_SERVER['HTTP_ORIGIN']) && parse_url($_SERVER['HTTP_ORIGIN'], PHP_URL_HOST) != $_SERVER['SERVER_NAME']) { die('Cross Origin Resourc Sharing prohibited!'); } DAV::$PROTECTED_PROPERTIES[DAV::PROP_GROUP_MEMBER_SET] = true; DAV::$ACL_PROPERTIES[BeeHub::PROP_SPONSOR] = 'sponsor'; DAV::addSupported_Properties(BeeHub::PROP_SPONSOR, 'sponsor'); BeeHub::handle_method_spoofing(); DAV::$REGISTRY = BeeHub_Registry::inst(); DAV::$LOCKPROVIDER = BeeHub_Lock_Provider::inst(); DAV::$ACLPROVIDER = BeeHub_ACL_Provider::inst(); DAV::$UNAUTHORIZED = array(BeeHub::getAuth(), 'unauthorized'); // In case of POST requests, we can already check the POST authentication code if ($_SERVER['REQUEST_METHOD'] === 'POST') { if (!BeeHub::getAuth()->checkPostAuthCode()) { throw new DAV_Status(DAV::HTTP_FORBIDDEN, 'POST authentication code (POST_auth_code) was incorrect. The correct code can be obtained with a GET request to /system/?POST_auth_code'); } } // Prepare test environments if needed if (APPLICATION_ENV === BeeHub::ENVIRONMENT_TEST && isset($_GET['test'])) { if (substr($_SERVER['REQUEST_URI'], 0, 19) !== '/foo/client_tests/?') { header('Location: /foo/client_tests/?' . $_SERVER['QUERY_STRING']); die; } define('RUN_CLIENT_TESTS', true); } else { define('RUN_CLIENT_TESTS', false); } // If we want to run the client tests, load the test configuration and reset the storage backend (of the test environment) if (APPLICATION_ENV === BeeHub::ENVIRONMENT_TEST) {
* * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ namespace nl\surfsara\beehub\install; \define('nl\\surfsara\\beehub\\install\\DEFAULT_SPONSOR_NAME', 'e-infra'); \define('nl\\surfsara\\beehub\\install\\DEFAULT_SPONSOR_DISPLAYNAME', 'e-Infra'); \define('nl\\surfsara\\beehub\\install\\DEFAULT_SPONSOR_DESCRIPTION', 'e-Infra supports the development and hosting of BeeHub. For now, all BeeHub users are sponsored by e-Infra'); \define('nl\\surfsara\\beehub\\install\\ADMIN_GROUP_DISPLAYNAME', 'Administrators'); \define('nl\\surfsara\\beehub\\install\\ADMIN_GROUP_DESCRIPTION', 'Administrators can manage BeeHub'); if (isset($_GET['POST_auth_code'])) { print \BeeHub::getAuth()->getPostAuthCode(); exit; } elseif ($_SERVER['REQUEST_METHOD'] !== 'POST') { exit; } \ob_start(); print "Checking PHP configuration:\n"; $notGood = false; // PHP should be version 5.4 or higher $version = \explode('.', \phpversion()); print 'PHP version should be > 5.4 ...'; if ($version[0] < 5 || $version[0] == 5 && $version[1] < 4) { print 'WRONG (actual value: ' . \phpversion() . "\n"; $notGood = true; } else { print "ok\n";
public function is_requested($user = null) { $this->init_props(); if (is_null($user)) { $user = BeeHub::getAuth()->current_user(); } elseif (!$user instanceof BeeHub_User) { $user = BeeHub::user($user); } return ($tmp = @$this->users[$user->path]) && !$tmp['is_accepted']; }
public function testMethod_COPYWithoutCollectionSponsor() { $bar = new \BeeHub_Directory('/bar/'); $bar->set_acl(array(new \DAVACL_Element_ace('/system/users/jane', false, array(\DAVACL::PRIV_READ, \DAVACL::PRIV_WRITE), false))); $this->setCurrentUser('/system/users/jane'); $this->obj->method_COPY('/bar/directory/'); $newDirectory = \DAV::$REGISTRY->resource('/bar/directory/'); $this->assertNull($newDirectory->user_prop_getetag()); $this->assertSame('/system/users/jane', $newDirectory->user_prop_owner()); $this->assertSame(\BeeHub::getAuth()->current_user()->user_prop_sponsor(), $newDirectory->user_prop_sponsor()); $this->assertSame(array(), $newDirectory->user_prop_acl_internal()); $this->assertSame($this->obj->user_prop('test_namespace test_property'), $newDirectory->user_prop('test_namespace test_property')); }
/** * @see DAVACL_Resource::user_set_owner() */ protected function user_set_owner($owner) { // The owner should exist and be visible if (!($owner = DAV::$REGISTRY->resource($owner)) || !$owner->isVisible() || !$owner instanceof BeeHub_User) { throw new DAV_Status(DAV::HTTP_BAD_REQUEST, DAV::COND_RECOGNIZED_PRINCIPAL); } // You should be authenticated if (!($cup = $this->user_prop_current_user_principal()) || !($cup = DAV::$REGISTRY->resource($cup))) { throw DAV::forbidden(); } // Get the sponsor of this resource if ($sponsor = $this->user_prop_sponsor()) { $sponsor = DAV::$REGISTRY->resource($sponsor); } else { // There is no sponsor set for this file. How can that be? throw new DAV_Status(DAV::HTTP_INTERNAL_SERVER_ERROR, 'There is no sponsor set for this file!'); } // If you are owner, and the new owner is sponsored by the resource sponsor if ($this->user_prop_owner() === $cup->path && in_array($owner->path, $sponsor->user_prop_group_member_set())) { return $this->user_set(DAV::PROP_OWNER, $owner->path); } // If you are not the owner, you can become owner if you have write // privileges on both the resource itself as its parent collection if ($this->user_prop_owner() !== $cup->path && $owner->path === $cup->path && $this->collection() instanceof BeeHub_Directory) { $this->assert(BeeHub::PRIV_READ_CONTENT); $this->assert(DAVACL::PRIV_READ_ACL); $this->assert(DAVACL::PRIV_WRITE_CONTENT); $this->collection()->assert(DAVACL::PRIV_WRITE_CONTENT); // If the user is not sponsored by the resource sponsor, we have to change // the resource sponsor if (!in_array($this->user_prop_sponsor(), BeeHub::getAuth()->current_user()->user_prop_sponsor_membership())) { // If the user is sponsored by the collection sponsor, then let's take // that sponsor if (!in_array($this->collection()->user_prop_sponsor(), BeeHub::getAuth()->current_user()->user_prop_sponsor_membership())) { // Else take the default sponsor of the user if (!$cup->user_prop_sponsor()) { throw DAV::forbidden(); } else { $this->user_set(BeeHub::PROP_SPONSOR, $cup->user_prop_sponsor()); } } else { $this->user_set(BeeHub::PROP_SPONSOR, $this->collection()->user_prop_sponsor()); } } return $this->user_set(DAV::PROP_OWNER, $owner->path); } // If the owner still isn't changed, you are not allowed to do so throw DAV::forbidden(); }
/** * @return boolean is the current user an administrator? */ public function wheel() { $user = BeeHub::getAuth()->current_user(); return !is_null($user) && in_array(BeeHub::$CONFIG['namespace']['admin_group'], $user->user_prop_group_membership()); }
public function method_COPY($path) { $this->assert(BeeHub::PRIV_READ_CONTENT); $this->assert(DAVACL::PRIV_READ_ACL); $destinationResource = DAV::$REGISTRY->resource($path); $parent = DAV::$REGISTRY->resource(dirname($path)); if (!$parent) { throw new DAV_Status(DAV::HTTP_CONFLICT, 'Unable to COPY to unexisting collection'); } if (!$parent instanceof BeeHub_Directory) { throw new DAV_Status(DAV::HTTP_FORBIDDEN); } if ($destinationResource instanceof DAVACL_Resource) { $destinationResource->assert(DAVACL::PRIV_WRITE_CONTENT); $destinationResource->assert(DAVACL::PRIV_WRITE_ACL); $parent->method_DELETE(basename($path)); } else { $parent->assert(DAVACL::PRIV_WRITE_CONTENT); } // Determine the sponsor $user = BeeHub::getAuth()->current_user(); $user_sponsors = $user->user_prop_sponsor_membership(); if (count($user_sponsors) === 0) { // If the user doesn't have any sponsors, he/she can't create files and directories throw DAV::forbidden(); } $localPath = BeeHub::localPath($path); exec('cp ' . BeeHub::escapeshellarg($this->localPath) . ' ' . BeeHub::escapeshellarg($localPath)); // And copy the attributes $new_resource = new BeeHub_File($path); foreach ($this->stored_props as $prop => $value) { if (!in_array($prop, array(DAV::PROP_OWNER, BeeHub::PROP_SPONSOR, DAV::PROP_ACL, DAV::PROP_GETETAG, DAV::PROP_LOCKDISCOVERY))) { $new_resource->user_set($prop, $value); } } $sponsor = $parent->user_prop_sponsor(); // The default is the directory sponsor if (!in_array($sponsor, $user_sponsors)) { //But a user can only create files sponsored by his own sponsors $sponsor = $user->user_prop(BeeHub::PROP_SPONSOR); } // And set the new properties $new_resource->user_set(DAV::PROP_OWNER, $this->user_prop_current_user_principal()); $new_resource->user_set(BeeHub::PROP_SPONSOR, $sponsor); $new_resource->user_set(DAV::PROP_GETETAG, BeeHub::ETag()); $new_resource->storeProperties(); }
/** * Handles the form to register a new user. No authentication required. * @see DAV_Resource::method_POST() */ public function method_POST(&$headers) { $displayname = $_POST['displayname']; $email = $_POST['email']; $password = !empty($_POST['password']) ? $_POST['password'] : null; $user_name = $_POST['user_name']; // User name must be one of the following characters a-zA-Z0-9_-., starting with an alphanumeric character and must be between 1 and 255 characters long if (empty($displayname) || !preg_match('/^[a-zA-Z0-9]{1}[a-zA-Z0-9_\\-\\.]{0,254}$/D', $user_name)) { throw new DAV_Status(DAV::HTTP_BAD_REQUEST, 'User name has the wrong format. The name can be a maximum of 255 characters long and should start with an alphanumeric character, followed by alphanumeric character, followed by alphanumeric characters or one of the following: _-.'); } // Check if the username doesn't exist $collection = BeeHub::getNoSQL()->users; $result = $collection->findOne(array('name' => $user_name), array('name' => true)); if (!is_null($result)) { // Duplicate key: bad request! throw new DAV_Status(DAV::HTTP_CONFLICT, "User name already exists, please choose a different user name!"); } $userdir = DAV::unslashify(BeeHub::$CONFIG['environment']['datadir']) . DIRECTORY_SEPARATOR . 'home' . DIRECTORY_SEPARATOR . $user_name; // Check for existing userdir if (file_exists($userdir)) { throw new DAV_Status(DAV::HTTP_INTERNAL_SERVER_ERROR); } // Store in the database $collection->insert(array('name' => $user_name)); // Fetch the user and store extra properties $user = DAV::$REGISTRY->resource(BeeHub::USERS_PATH . $user_name); $user->set_password($password); $user->user_set(DAV::PROP_DISPLAYNAME, $displayname); $user->user_set(BeeHub::PROP_EMAIL, $email); // Just to be clear: the above lines will have to be deleted somewhere in the future, but the lines below should stay $auth = BeeHub::getAuth(); if ($auth->simpleSaml()->isAuthenticated()) { $surfId = $auth->simpleSaml()->getAuthData("saml:sp:NameID"); $surfId = $surfId['Value']; $attributes = $auth->simpleSaml()->getAttributes(); $surfconext_description = @$attributes['urn:mace:terena.org:attribute-def:schacHomeOrganization'][0]; if (empty($surfconext_description)) { $surfconext_description = 'Unknown account'; } $user->user_set(BeeHub::PROP_SURFCONEXT, $surfId); $user->user_set(BeeHub::PROP_SURFCONEXT_DESCRIPTION, $surfconext_description); } $user->storeProperties(); // TODO: This should not be hard coded, a new user should not have a sponsor but request one after his account is created, but I want to inform the user about his through the not-yet-existing notification system $sponsor = DAV::$REGISTRY->resource('/system/sponsors/e-infra'); $sponsor->change_memberships($user_name, BeeHub_Sponsor::USER_ACCEPT); $sponsor->change_memberships($user_name, BeeHub_Sponsor::ADMIN_ACCEPT); // And create a user directory if (!mkdir($userdir)) { throw new DAV_Status(DAV::HTTP_INTERNAL_SERVER_ERROR); } // And create the directory in the database $document = array('path' => 'home/' . $user_name, 'depth' => 2, 'collection' => true); $filesCollection = BeeHub::getNoSQL()->files; $filesCollection->save($document); $userdir_resource = DAV::$REGISTRY->resource('/home/' . $user_name); $userdir_resource->user_set(DAV::PROP_OWNER, $user->path); // TODO: this should not be hard coded. When a users is accepted by his/her first sponsor, this should automatically be set. $userdir_resource->user_set(BeeHub::PROP_SPONSOR, '/system/sponsors/e-infra'); $userdir_resource->storeProperties(); // Show the confirmation $this->include_view('new_user_confirmation', array('email_address' => $email)); }
<?php $footer = ' <script type="text/javascript" src="/system/js/plugins/jquery.cookie.js"></script> <script type="text/javascript" src="/system/js/plugins/tablesorter/js/jquery.tablesorter.js"></script> <script type="text/javascript" src="/system/js/plugins/tablesorter/js/jquery.tablesorter.widgets.js"></script> <script type="text/javascript" src="/system/js/directory.js"></script> <script type="text/javascript" src="/system/js/directory_controller.js"></script> <script type="text/javascript" src="/system/js/directory_view.js"></script> <script type="text/javascript" src="/system/js/directory_view_content.js"></script> <script type="text/javascript" src="/system/js/directory_view_tree.js"></script> <script type="text/javascript" src="/system/js/directory_view_dialog.js"></script> <script type="text/javascript" src="/system/js/directory_view_acl.js"></script> <script type="text/javascript" src="/system/js/directory_resource.js"></script> <script type="text/javascript"> nl.sara.beehub.currentUserPath = \'' . BeeHub::getAuth()->current_user()->path . '\'; </script> '; // If the directory ($this) is not writable nor any of the files in it, then you // won't be able to upload anything to this directory. So disable the button. try { $this->assert(DAVACL::PRIV_WRITE_CONTENT); } catch (DAV_Status $e) { if (!$writableFiles) { $footer .= ' <script type="text/javascript"> $( function() { $( \'.bh-dir-content-upload\' ) .unbind( \'click\' ) // .removeClass( \'bh-dir-content-upload\' ) .attr( \'disabled\', \'disabled\' );
if (RUN_CLIENT_TESTS) { ?> </div> <!-- End qunit-fixture --> <script src="/system/tests/resources/qunit.js"></script> <script src="/system/tests/resources/mock.js"></script> <?php } ?> <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.9.0/jquery.min.js"></script> <script type="text/javascript" src="/system/js/jquery-ui.js"></script> <script type="text/javascript" src="/system/bootstrap/js/bootstrap.js"></script> <script type="text/javascript" src="/system/js/webdavlib.js"></script> <script type="text/javascript" src="/system/js/beehub.js"></script> <script type="text/javascript"> nl.sara.beehub.postAuth = '<?php echo BeeHub::getAuth()->getPostAuthCode(); ?> '; </script> <script type="text/javascript" src="/system/js/server/principals.js"></script> <script type="text/javascript"> nl.sara.beehub.show_notifications(<?php echo json_encode(BeeHub::notifications(BeeHub_Auth::inst())); ?> ); <?php echo intval(@$_GET['show_notifications']) === 1 ? '$("#notification_button").dropdown("toggle");' : ''; ?> </script> <?php echo isset($footer) ? $footer : '';