/**
* This runs all the security checks before a method call. The
* security checks are determined by inspecting the controller method
* annotations
* @param string/Controller $controller the controllername or string
* @param string $methodName the name of the method
* @throws AmpacheException when a security check fails
*/
public function beforeController($controller, $methodName)
{
// get annotations from comments
$annotationReader = new MethodAnnotationReader($controller, $methodName);
$this->isAmpacheCall = $annotationReader->hasAnnotation('AmpacheAPI');
// don't try to authenticate for the handshake request
if ($this->isAmpacheCall && $this->request['action'] !== 'handshake') {
$token = $this->request['auth'];
if ($token !== null && $token !== '') {
$user = $this->mapper->find($token);
if ($user !== false && array_key_exists('user_id', $user)) {
// setup the filesystem for the user - actual login isn't really needed
\OC_Util::setupFS($user['user_id']);
$this->ampacheUser->setUserId($user['user_id']);
return;
}
} else {
// for ping action without token the version information is provided
if ($this->request['action'] === 'ping') {
return;
}
}
throw new AmpacheException('Invalid Login', 401);
}
}
protected function execute(InputInterface $input, OutputInterface $output)
{
if (!$input->getOption('debug')) {
$this->scanner->listen('\\OCA\\Music\\Utility\\Scanner', 'update', function ($path) use($output) {
$output->writeln("Scanning <info>{$path}</info>");
});
}
$inputPath = $input->getOption('path');
$path = false;
if ($inputPath) {
$path = '/' . trim($inputPath, '/');
list(, $user, ) = explode('/', $path, 3);
$users = array($user);
} else {
if ($input->getOption('all')) {
$users = $this->userManager->search('');
} else {
$users = $input->getArgument('user_id');
}
}
foreach ($users as $user) {
if (is_object($user)) {
$user = $user->getUID();
}
\OC_Util::tearDownFS();
\OC_Util::setupFS($user);
$output->writeln("Start scan for <info>{$user}</info>");
$this->scanner->rescan($user, true, $path ? $path : $this->resolveUserFolder($user), $input->getOption('debug'), $output);
}
}
public function authenticate(Sabre_DAV_Server $server, $realm)
{
$config = array("introspectionEndpoint" => $this->introspectionEndpoint, "realm" => $realm);
try {
$resourceServer = new RemoteResourceServer($config);
$tokenIntrospection = $resourceServer->verifyRequest(apache_request_headers(), $_GET);
$this->currentUser = $tokenIntrospection->getSub();
OC_User::setUserid($this->currentUser);
OC_Util::setupFS($this->currentUser);
return true;
} catch (RemoteResourceServerException $e) {
switch ($e->getMessage()) {
case "insufficient_entitlement":
case "insufficient_scope":
$server->httpResponse->setHeader('WWW-Authenticate', $e->getAuthenticateHeader());
throw new Sabre_DAV_Exception_Forbidden($e->getDescription());
case "invalid_request":
throw new Sabre_DAV_Exception_NotAuthenticated($e->getDescription());
case "invalid_token":
case "no_token":
$server->httpResponse->setHeader('WWW-Authenticate', $e->getAuthenticateHeader());
throw new Sabre_DAV_Exception_NotAuthenticated($e->getDescription());
case "internal_server_error":
throw new Sabre_DAV_Exception($e->getDescription());
}
}
}
/**
* @brief reads jpegPhoto and set is as avatar if available
* @param $uid string ownCloud user name
* @param $dn string the user's LDAP DN
* @return void
*/
private function updateAvatar($uid, $dn)
{
$hasLoggedIn = \OCP\Config::getUserValue($uid, 'user_ldap', 'firstLoginAccomplished', 0);
$lastChecked = \OCP\Config::getUserValue($uid, 'user_ldap', 'lastJpegPhotoLookup', 0);
if ($hasLoggedIn !== '1' || time() - intval($lastChecked) < 86400) {
//update only once a day
return;
}
$avatarImage = $this->getAvatarImage($uid, $dn);
if ($avatarImage === false) {
//not set, nothing left to do;
return;
}
$image = new \OCP\Image();
$image->loadFromBase64(base64_encode($avatarImage));
if (!$image->valid()) {
\OCP\Util::writeLog('user_ldap', 'jpegPhoto data invalid for ' . $dn, \OCP\Util::ERROR);
return;
}
//make sure it is a square and not bigger than 128x128
$size = min(array($image->width(), $image->height(), 128));
if (!$image->centerCrop($size)) {
\OCP\Util::writeLog('user_ldap', 'croping image for avatar failed for ' . $dn, \OCP\Util::ERROR);
return;
}
if (!\OC\Files\Filesystem::$loaded) {
\OC_Util::setupFS($uid);
}
$avatarManager = \OC::$server->getAvatarManager();
$avatar = $avatarManager->getAvatar($uid);
$avatar->set($image);
}
public static function getByShareToken($token)
{
$linkItem = \OCP\Share::getShareByToken($token);
if (is_array($linkItem) && isset($linkItem['uid_owner'])) {
// seems to be a valid share
$rootLinkItem = \OCP\Share::resolveReShare($linkItem);
$fileOwner = $rootLinkItem['uid_owner'];
} else {
throw new \Exception('This file was probably unshared');
}
if (!isset($rootLinkItem['path']) && isset($rootLinkItem['file_target'])) {
$rootLinkItem['path'] = 'files/' . $rootLinkItem['file_target'];
}
$file = new File($rootLinkItem['file_source'], array($rootLinkItem));
if (isset($rootLinkItem['uid_owner'])) {
\OC_Util::tearDownFS();
\OC_Util::setupFS($rootLinkItem['uid_owner']);
$file->setOwner($rootLinkItem['uid_owner']);
$file->setPath('/files' . \OC\Files\Filesystem::getPath($linkItem['file_source']));
}
if (isset($linkItem['share_with']) && !empty($linkItem['share_with'])) {
$file->setPasswordProtected(true);
}
return $file;
}
public function authenticate(Sabre_DAV_Server $server, $realm)
{
$config = array("tokenInfoEndpoint" => $this->tokenInfoEndpoint, "throwException" => TRUE, "resourceServerRealm" => $realm);
$authorizationHeader = $server->httpRequest->getHeader('Authorization');
// Apache could prefix environment variables with REDIRECT_ when urls
// are passed through mod_rewrite
if (!$authorizationHeader) {
$authorizationHeader = $server->httpRequest->getRawServerValue('REDIRECT_HTTP_AUTHORIZATION');
}
try {
$resourceServer = new RemoteResourceServer($config);
$resourceServer->verifyAuthorizationHeader($authorizationHeader);
if ($this->useResourceOwnerId) {
// when using the user_id
$this->currentUser = $resourceServer->getResourceOwnerId();
} else {
// when using a (SAML) attribute
$attributes = $resourceServer->getAttributes();
$this->currentUser = $attributes[$this->userIdAttributeName][0];
}
OC_Util::setupFS($this->currentUser);
return true;
} catch (RemoteResourceServerException $e) {
$server->httpResponse->setHeader('WWW-Authenticate', $e->getAuthenticateHeader());
// FIXME: do we need to set the status here explicitly, or does the
// Exception below take care of this?
$server->httpResponse->sendStatus($e->getResponseCode());
if ("403" === $e->getResponseCode()) {
throw new Sabre_DAV_Exception_Forbidden($e->getDescription());
} else {
throw new Sabre_DAV_Exception_NotAuthenticated($e->getDescription());
}
}
}
protected function tearDown()
{
\OC_User::setIncognitoMode(false);
// Set old user
\OC_User::setUserId($this->oldUser);
\OC_Util::setupFS($this->oldUser);
parent::tearDown();
}
public function setUp()
{
parent::setUp();
$this->userId = $this->getUniqueID();
$this->createUser($this->userId, 'pass');
$this->registerMount($this->userId, new Temporary(), '/' . $this->userId . '/files/');
\OC_Util::setupFS($this->userId);
$this->view = new View();
$this->root = new Root(Filesystem::getMountManager(), $this->view, \OC::$server->getUserManager()->get($this->userId));
}
/**
* Override function here. We want to cache authentication cookies
* in the syncing client to avoid HTTP-401 roundtrips.
* If the sync client supplies the cookies, then OC_User::isLoggedIn()
* will return true and we can see this WebDAV request as already authenticated,
* even if there are no HTTP Basic Auth headers.
* In other case, just fallback to the parent implementation.
*
* @return bool
*/
public function authenticate(Sabre_DAV_Server $server, $realm)
{
if (OC_User::handleApacheAuth() || OC_User::isLoggedIn()) {
$user = OC_User::getUser();
OC_Util::setupFS($user);
$this->currentUser = $user;
return true;
}
return parent::authenticate($server, $realm);
}
function setUp()
{
$this->username = OC_Util::generateRandomBytes(20);
OC_User::createUser($this->username, OC_Util::generateRandomBytes(20));
\OC_Util::tearDownFS();
\OC_User::setUserId('');
\OC\Files\Filesystem::tearDown();
\OC_Util::setupFS($this->username);
$this->user = \OC::$server->getUserManager()->get($this->username);
$this->certificateManager = new CertificateManager($this->user);
}
/**
* Generates a test user and sets up their file system
* @return string the test users id
*/
public function generateUser()
{
$username = uniqid();
\OC_User::createUser($username, 'password');
\OC_Util::tearDownFS();
\OC_User::setUserId('');
\OC\Files\Filesystem::tearDown();
\OC_Util::setupFS($username);
$this->users[] = $username;
return $username;
}
protected function setUp()
{
parent::setUp();
$this->username = $this->getUniqueID('', 20);
OC_User::createUser($this->username, $this->getUniqueID('', 20));
\OC_Util::tearDownFS();
\OC_User::setUserId('');
\OC\Files\Filesystem::tearDown();
\OC_Util::setupFS($this->username);
$this->certificateManager = new CertificateManager($this->username, new \OC\Files\View());
}
/**
* Act on behalf on trash item owner
* @param string $user
* @return boolean
*/
protected function setupFS($user)
{
\OC_Util::tearDownFS();
\OC_Util::setupFS($user);
// Check if this user has a versions directory
$view = new \OC\Files\View('/' . $user);
if (!$view->is_dir('/files_versions')) {
return false;
}
return true;
}
public function handle()
{
$userManager = \OC::$server->getUserManager();
if (!$userManager->userExists($this->user)) {
// User has been deleted already
return;
}
\OC_Util::setupFS($this->user);
Storage::expire($this->fileName, $this->versionsSize, $this->neededSpace);
\OC_Util::tearDownFS();
}
protected function tearDown()
{
\OC_Util::tearDownFS();
\OC_User::setUserId('');
Filesystem::tearDown();
\OC_User::deleteUser($this->user);
\OC_User::setIncognitoMode(false);
\OC::$server->getSession()->set('public_link_authenticated', '');
// Set old user
\OC_User::setUserId($this->oldUser);
\OC_Util::setupFS($this->oldUser);
}
public function handle()
{
$userManager = \OC::$server->getUserManager();
if (!$userManager->userExists($this->user)) {
// User has been deleted already
return;
}
\OC_Util::tearDownFS();
\OC_Util::setupFS($this->user);
Trashbin::expire($this->trashBinSize, $this->user);
\OC_Util::tearDownFS();
}
/**
* get all storages for $dir
*
* @param string $dir
* @return \OC\Files\Mount\MountPoint[]
*/
protected function getMounts($dir)
{
//TODO: move to the node based fileapi once that's done
\OC_Util::tearDownFS();
\OC_Util::setupFS($this->user);
$mountManager = Filesystem::getMountManager();
$mounts = $mountManager->findIn($dir);
$mounts[] = $mountManager->find($dir);
$mounts = array_reverse($mounts);
//start with the mount of $dir
return $mounts;
}
/**
* @brief Startup encryption backend upon user login
* @note This method should never be called for users using client side encryption
*/
public static function login($params)
{
$l = new \OC_L10N('files_encryption');
//check if all requirements are met
if (!Helper::checkRequirements()) {
$error_msg = $l->t("Missing requirements.");
$hint = $l->t('Please make sure that PHP 5.3.3 or newer is installed and that the OpenSSL PHP extension is enabled and configured properly. For now, the encryption app has been disabled.');
\OC_App::disable('files_encryption');
\OCP\Util::writeLog('Encryption library', $error_msg . ' ' . $hint, \OCP\Util::ERROR);
\OCP\Template::printErrorPage($error_msg, $hint);
}
$view = new \OC_FilesystemView('/');
// ensure filesystem is loaded
if (!\OC\Files\Filesystem::$loaded) {
\OC_Util::setupFS($params['uid']);
}
$util = new Util($view, $params['uid']);
// setup user, if user not ready force relogin
if (Helper::setupUser($util, $params['password']) === false) {
return false;
}
$encryptedKey = Keymanager::getPrivateKey($view, $params['uid']);
$privateKey = Crypt::decryptPrivateKey($encryptedKey, $params['password']);
if ($privateKey === false) {
\OCP\Util::writeLog('Encryption library', 'Private key for user "' . $params['uid'] . '" is not valid! Maybe the user password was changed from outside if so please change it back to gain access', \OCP\Util::ERROR);
}
$session = new \OCA\Encryption\Session($view);
$session->setPrivateKey($privateKey);
// Check if first-run file migration has already been performed
$ready = false;
if ($util->getMigrationStatus() === Util::MIGRATION_OPEN) {
$ready = $util->beginMigration();
}
// If migration not yet done
if ($ready) {
$userView = new \OC_FilesystemView('/' . $params['uid']);
// Set legacy encryption key if it exists, to support
// depreciated encryption system
if ($userView->file_exists('encryption.key') && ($encLegacyKey = $userView->file_get_contents('encryption.key'))) {
$plainLegacyKey = Crypt::legacyDecrypt($encLegacyKey, $params['password']);
$session->setLegacyKey($plainLegacyKey);
}
// Encrypt existing user files:
// This serves to upgrade old versions of the encryption
// app (see appinfo/spec.txt)
if ($util->encryptAll('/' . $params['uid'] . '/' . 'files', $session->getLegacyKey(), $params['password'])) {
\OC_Log::write('Encryption library', 'Encryption of existing files belonging to "' . $params['uid'] . '" completed', \OC_Log::INFO);
}
// Register successful migration in DB
$util->finishMigration();
}
return true;
}
protected function setupForUser($name, $password)
{
\OC_Util::tearDownFS();
\OC_Util::setupFS($name);
$container = $this->encryptionApp->getContainer();
/** @var KeyManager $keyManager */
$keyManager = $container->query('KeyManager');
/** @var Setup $userSetup */
$userSetup = $container->query('UserSetup');
$userSetup->setupUser($name, $password);
$keyManager->init($name, $password);
}
/**
* @brief Startup encryption backend upon user login
* @note This method should never be called for users using client side encryption
*/
public static function login($params)
{
if (\OCP\App::isEnabled('files_encryption') === false) {
return true;
}
$l = new \OC_L10N('files_encryption');
$view = new \OC_FilesystemView('/');
// ensure filesystem is loaded
if (!\OC\Files\Filesystem::$loaded) {
\OC_Util::setupFS($params['uid']);
}
$privateKey = \OCA\Encryption\Keymanager::getPrivateKey($view, $params['uid']);
// if no private key exists, check server configuration
if (!$privateKey) {
//check if all requirements are met
if (!Helper::checkRequirements() || !Helper::checkConfiguration()) {
$error_msg = $l->t("Missing requirements.");
$hint = $l->t('Please make sure that PHP 5.3.3 or newer is installed and that OpenSSL together with the PHP extension is enabled and configured properly. For now, the encryption app has been disabled.');
\OC_App::disable('files_encryption');
\OCP\Util::writeLog('Encryption library', $error_msg . ' ' . $hint, \OCP\Util::ERROR);
\OCP\Template::printErrorPage($error_msg, $hint);
}
}
$util = new Util($view, $params['uid']);
// setup user, if user not ready force relogin
if (Helper::setupUser($util, $params['password']) === false) {
return false;
}
$session = $util->initEncryption($params);
// Check if first-run file migration has already been performed
$ready = false;
if ($util->getMigrationStatus() === Util::MIGRATION_OPEN) {
$ready = $util->beginMigration();
}
// If migration not yet done
if ($ready) {
$userView = new \OC_FilesystemView('/' . $params['uid']);
// Set legacy encryption key if it exists, to support
// depreciated encryption system
if ($userView->file_exists('encryption.key') && ($encLegacyKey = $userView->file_get_contents('encryption.key'))) {
$plainLegacyKey = Crypt::legacyDecrypt($encLegacyKey, $params['password']);
$session->setLegacyKey($plainLegacyKey);
}
// Encrypt existing user files:
if ($util->encryptAll('/' . $params['uid'] . '/' . 'files', $session->getLegacyKey(), $params['password'])) {
\OC_Log::write('Encryption library', 'Encryption of existing files belonging to "' . $params['uid'] . '" completed', \OC_Log::INFO);
}
// Register successful migration in DB
$util->finishMigration();
}
return true;
}
/**
* Authenticates the user based on the current request.
*
* If authentication is successful, true must be returned.
* If authentication fails, an exception must be thrown.
*
* @param \Sabre\DAV\Server $server
* @param string $realm
* @return boolean|null
*/
function authenticate(\Sabre\DAV\Server $server, $realm)
{
$userSession = \OC::$server->getUserSession();
$result = $userSession->login($this->user, $this->password);
if ($result) {
//we need to pass the user name, which may differ from login name
$user = $userSession->getUser()->getUID();
\OC_Util::setupFS($user);
//trigger creation of user home and /files folder
\OC::$server->getUserFolder($user);
}
return $result;
}
protected function setUp()
{
parent::setUp();
$this->username = $this->getUniqueID('', 20);
OC_User::createUser($this->username, $this->getUniqueID('', 20));
\OC_Util::tearDownFS();
\OC_User::setUserId('');
\OC\Files\Filesystem::tearDown();
\OC_Util::setupFS($this->username);
$config = $this->getMock('OCP\\IConfig');
$config->expects($this->any())->method('getSystemValue')->with('installed', false)->willReturn(true);
$this->certificateManager = new CertificateManager($this->username, new \OC\Files\View(), $config);
}
/**
* Find mounts by storage id
*
* @param string $id
* @return Mount[]
*/
public function findByStorageId($id)
{
\OC_Util::setupFS();
if (strlen($id) > 64) {
$id = md5($id);
}
$result = array();
foreach ($this->mounts as $mount) {
if ($mount->getStorageId() === $id) {
$result[] = $mount;
}
}
return $result;
}
/**
* When this method is called, the backend must check if authentication was
* successful.
*
* The returned value must be one of the following
*
* [true, "principals/username"]
* [false, "reason for failure"]
*
* If authentication was successful, it's expected that the authentication
* backend returns a so-called principal url.
*
* Examples of a principal url:
*
* principals/admin
* principals/user1
* principals/users/joe
* principals/uid/123457
*
* If you don't use WebDAV ACL (RFC3744) we recommend that you simply
* return a string such as:
*
* principals/users/[username]
*
* @param RequestInterface $request
* @param ResponseInterface $response
* @return array
*/
function check(RequestInterface $request, ResponseInterface $response)
{
$userSession = \OC::$server->getUserSession();
$result = $userSession->login($this->user, $this->password);
if ($result) {
//we need to pass the user name, which may differ from login name
$user = $userSession->getUser()->getUID();
\OC_Util::setupFS($user);
//trigger creation of user home and /files folder
\OC::$server->getUserFolder($user);
return [true, "principals/{$user}"];
}
return [false, "login failed"];
}
public function setUp()
{
$this->request = $this->getMockBuilder('\\OCP\\IRequest')->disableOriginalConstructor()->getMock();
$this->settings = $this->getMockBuilder('\\OCP\\IConfig')->disableOriginalConstructor()->getMock();
$this->l10n = $this->getMockBuilder('\\OCP\\IL10N')->disableOriginalConstructor()->getMock();
$this->controller = new DocumentController($this->appName, $this->request, $this->settings, $this->l10n, $this->uid);
$userManager = \OC::$server->getUserManager();
$userSession = \OC::$server->getUserSession();
if (!$userManager->userExists($this->uid)) {
$userManager->createUser($this->uid, $this->password);
\OC::$server->getUserFolder($this->uid);
}
$userSession->login($this->uid, $this->password);
\OC_Util::setupFS();
}
/**
* Sets up the filesystem and user for public sharing
* @param string $token string share token
* @param string $relativePath optional path relative to the share
* @param string $password optional password
* @return array
*/
public static function setupFromToken($token, $relativePath = null, $password = null)
{
\OC_User::setIncognitoMode(true);
$linkItem = \OCP\Share::getShareByToken($token, !$password);
if ($linkItem === false || $linkItem['item_type'] !== 'file' && $linkItem['item_type'] !== 'folder') {
\OC_Response::setStatus(404);
\OCP\Util::writeLog('core-preview', 'Passed token parameter is not valid', \OCP\Util::DEBUG);
exit;
}
if (!isset($linkItem['uid_owner']) || !isset($linkItem['file_source'])) {
\OC_Response::setStatus(500);
\OCP\Util::writeLog('core-preview', 'Passed token seems to be valid, but it does not contain all necessary information . ("' . $token . '")', \OCP\Util::WARN);
exit;
}
$rootLinkItem = \OCP\Share::resolveReShare($linkItem);
$path = null;
if (isset($rootLinkItem['uid_owner'])) {
\OCP\JSON::checkUserExists($rootLinkItem['uid_owner']);
\OC_Util::tearDownFS();
\OC_Util::setupFS($rootLinkItem['uid_owner']);
}
try {
$path = Filesystem::getPath($linkItem['file_source']);
} catch (NotFoundException $e) {
\OCP\Util::writeLog('share', 'could not resolve linkItem', \OCP\Util::DEBUG);
\OC_Response::setStatus(404);
\OCP\JSON::error(array('success' => false));
exit;
}
if (!isset($linkItem['item_type'])) {
\OCP\Util::writeLog('share', 'No item type set for share id: ' . $linkItem['id'], \OCP\Util::ERROR);
\OC_Response::setStatus(404);
\OCP\JSON::error(array('success' => false));
exit;
}
if (isset($linkItem['share_with']) && (int) $linkItem['share_type'] === \OCP\Share::SHARE_TYPE_LINK) {
if (!self::authenticate($linkItem, $password)) {
\OC_Response::setStatus(403);
\OCP\JSON::error(array('success' => false));
exit;
}
}
$basePath = $path;
if ($relativePath !== null && Filesystem::isReadable($basePath . $relativePath)) {
$path .= Filesystem::normalizePath($relativePath);
}
return array('linkItem' => $linkItem, 'basePath' => $basePath, 'realPath' => $path);
}
public static function createDataScope($appUrl, $userAddress, $dataScope)
{
$token = uniqid();
self::addToken($token, $appUrl, $userAddress, $dataScope);
//TODO: input checking on $userAddress and $dataScope
list($userName, $userHost) = explode('@', $userAddress);
OC_Util::setupFS(OC_User::getUser());
$scopePathParts = array('remoteStorage', 'webdav', $userHost, $userName, $dataScope);
for ($i = 0; $i <= count($scopePathParts); $i++) {
$thisPath = '/' . implode('/', array_slice($scopePathParts, 0, $i));
if (!OC_Filesystem::file_exists($thisPath)) {
OC_Filesystem::mkdir($thisPath);
}
}
return $token;
}
/**
* Validates a username and password
*
* This method should return true or false depending on if login
* succeeded.
*
* @return bool
*/
protected function validateUserPass($username, $password)
{
if (OC_User::isLoggedIn()) {
OC_Util::setupFS($username);
return true;
} else {
OC_Util::setUpFS();
//login hooks may need early access to the filesystem
if (OC_User::login($username, $password)) {
OC_Util::setUpFS(OC_User::getUser());
return true;
} else {
return false;
}
}
}
public static function createCategories($appUrl, $categories)
{
$token = uniqid();
OC_Util::setupFS(OC_User::getUser());
self::addToken($token, $appUrl, $categories);
foreach (explode(',', $categories) as $category) {
//TODO: input checking on $category
$scopePathParts = array('remoteStorage', $category);
for ($i = 0; $i <= count($scopePathParts); $i++) {
$thisPath = '/' . implode('/', array_slice($scopePathParts, 0, $i));
if (!OC_Filesystem::file_exists($thisPath)) {
OC_Filesystem::mkdir($thisPath);
}
}
}
return base64_encode('remoteStorage:' . $token);
}
/**
* @param string $userId
* @return \OCP\Files\Folder
* @throws SetUpException
*/
public function setUpUserHome($userId = null)
{
if (is_null($userId)) {
$user = $this->userSession->getUser();
} else {
$user = $this->userManager->get($userId);
}
if (is_null($user) || !$this->userManager->userExists($user->getUID())) {
throw new SetUpException('could not set up user home for ' . json_encode($user));
}
if ($user !== $this->userSession->getUser()) {
\OC_Util::tearDownFS();
$this->userSession->setUser($user);
}
\OC_Util::setupFS($user->getUID());
return $this->getOrCreateSubFolder($this->rootFolder, '/' . $user->getUID());
}
