Example #1
0
 public function __construct(IRequest $request, $baseUri)
 {
     $this->request = $request;
     $this->baseUri = $baseUri;
     $root = new RootCollection();
     $this->server = new \OCA\DAV\Connector\Sabre\Server($root);
     // Backends
     $authBackend = new Auth(\OC::$server->getSession(), \OC::$server->getUserSession());
     // Set URL explicitly due to reverse-proxy situations
     $this->server->httpRequest->setUrl($this->request->getRequestUri());
     $this->server->setBaseUri($this->baseUri);
     $this->server->addPlugin(new BlockLegacyClientPlugin(\OC::$server->getConfig()));
     $this->server->addPlugin(new Plugin($authBackend, 'ownCloud'));
     $this->server->addPlugin(new \Sabre\DAVACL\Plugin());
     $this->server->addPlugin(new \Sabre\CardDAV\Plugin());
     // Finder on OS X requires Class 2 WebDAV support (locking), since we do
     // not provide locking we emulate it using a fake locking plugin.
     if ($request->isUserAgent(['/WebDAVFS/'])) {
         $this->server->addPlugin(new \OCA\DAV\Connector\Sabre\FakeLockerPlugin());
     }
     // wait with registering these until auth is handled and the filesystem is setup
     $this->server->on('beforeMethod', function () {
         // custom properties plugin must be the last one
         $user = \OC::$server->getUserSession()->getUser();
         if (!is_null($user)) {
             $this->server->addPlugin(new \Sabre\DAV\PropertyStorage\Plugin(new CustomPropertiesBackend($this->server->tree, \OC::$server->getDatabaseConnection(), \OC::$server->getUserSession()->getUser())));
         }
     });
 }
 /**
  * @param IRequest $request
  * @return bool
  */
 public static function isBrowserRequest(IRequest $request)
 {
     if ($request->getMethod() !== 'GET') {
         return false;
     }
     return $request->isUserAgent([Request::USER_AGENT_IE, Request::USER_AGENT_MS_EDGE, Request::USER_AGENT_CHROME, Request::USER_AGENT_FIREFOX, Request::USER_AGENT_SAFARI]);
 }
Example #3
0
 /**
  * @param array $parameters
  * @return \OC_OCS_Result
  */
 public function setAppValue($parameters)
 {
     $app = $parameters['appid'];
     $configKey = $parameters['configkey'];
     $value = $this->request->getParam('value');
     $this->config->setAppValue($app, $configKey, $value);
     return new \OC_OCS_Result();
 }
Example #4
0
File: server.php Project: gvde/core
 public function __construct(IRequest $request, $baseUri)
 {
     $this->request = $request;
     $this->baseUri = $baseUri;
     $logger = \OC::$server->getLogger();
     $mailer = \OC::$server->getMailer();
     $dispatcher = \OC::$server->getEventDispatcher();
     $root = new RootCollection();
     $this->server = new \OCA\DAV\Connector\Sabre\Server($root);
     // Backends
     $authBackend = new Auth(\OC::$server->getSession(), \OC::$server->getUserSession(), \OC::$server->getRequest());
     // Set URL explicitly due to reverse-proxy situations
     $this->server->httpRequest->setUrl($this->request->getRequestUri());
     $this->server->setBaseUri($this->baseUri);
     $this->server->addPlugin(new BlockLegacyClientPlugin(\OC::$server->getConfig()));
     $authPlugin = new Plugin($authBackend, 'ownCloud');
     $this->server->addPlugin($authPlugin);
     // allow setup of additional auth backends
     $event = new SabrePluginEvent($this->server);
     $dispatcher->dispatch('OCA\\DAV\\Connector\\Sabre::authInit', $event);
     $this->server->addPlugin(new \OCA\DAV\Connector\Sabre\DummyGetResponsePlugin());
     $this->server->addPlugin(new \OCA\DAV\Connector\Sabre\ExceptionLoggerPlugin('webdav', $logger));
     $this->server->addPlugin(new \OCA\DAV\Connector\Sabre\LockPlugin());
     $this->server->addPlugin(new \Sabre\DAV\Sync\Plugin());
     // acl
     $acl = new DavAclPlugin();
     $acl->defaultUsernamePath = 'principals/users';
     $this->server->addPlugin($acl);
     // calendar plugins
     $this->server->addPlugin(new \Sabre\CalDAV\Plugin());
     $this->server->addPlugin(new \Sabre\CalDAV\ICSExportPlugin());
     $this->server->addPlugin(new \Sabre\CalDAV\Schedule\Plugin());
     $this->server->addPlugin(new IMipPlugin($mailer, $logger));
     $this->server->addPlugin(new \Sabre\CalDAV\Subscriptions\Plugin());
     $this->server->addPlugin(new \Sabre\CalDAV\Notifications\Plugin());
     $this->server->addPlugin(new DAV\Sharing\Plugin($authBackend, \OC::$server->getRequest()));
     // addressbook plugins
     $this->server->addPlugin(new \OCA\DAV\CardDAV\Plugin());
     // system tags plugins
     $this->server->addPlugin(new \OCA\DAV\SystemTag\SystemTagPlugin(\OC::$server->getSystemTagManager(), \OC::$server->getGroupManager(), \OC::$server->getUserSession()));
     // comments plugin
     $this->server->addPlugin(new \OCA\DAV\Comments\CommentsPlugin(\OC::$server->getCommentsManager(), \OC::$server->getUserSession()));
     // Some WebDAV clients do require Class 2 WebDAV support (locking), since
     // we do not provide locking we emulate it using a fake locking plugin.
     if ($request->isUserAgent(['/WebDAVFS/', '/Microsoft Office OneNote 2013/'])) {
         $this->server->addPlugin(new \OCA\DAV\Connector\Sabre\FakeLockerPlugin());
     }
     // wait with registering these until auth is handled and the filesystem is setup
     $this->server->on('beforeMethod', function () {
         // custom properties plugin must be the last one
         $user = \OC::$server->getUserSession()->getUser();
         if (!is_null($user)) {
             $view = \OC\Files\Filesystem::getView();
             $this->server->addPlugin(new FilesPlugin($this->server->tree, $view));
             $this->server->addPlugin(new \Sabre\DAV\PropertyStorage\Plugin(new CustomPropertiesBackend($this->server->tree, \OC::$server->getDatabaseConnection(), \OC::$server->getUserSession()->getUser())));
         }
     });
 }
 public function testLogoutWithToken()
 {
     $this->request->expects($this->once())->method('getCookie')->with('oc_token')->willReturn('MyLoginToken');
     $user = $this->getMock('\\OCP\\IUser');
     $user->expects($this->once())->method('getUID')->willReturn('JohnDoe');
     $this->userSession->expects($this->once())->method('getUser')->willReturn($user);
     $this->config->expects($this->once())->method('deleteUserValue')->with('JohnDoe', 'login_token', 'MyLoginToken');
     $this->urlGenerator->expects($this->once())->method('linkToRouteAbsolute')->with('core.login.showLoginForm')->willReturn('/login');
     $expected = new RedirectResponse('/login');
     $this->assertEquals($expected, $this->loginController->logout());
 }
Example #6
0
 public function __construct(IRequest $request, $baseUri)
 {
     $this->request = $request;
     $this->baseUri = $baseUri;
     $logger = \OC::$server->getLogger();
     $dispatcher = \OC::$server->getEventDispatcher();
     $root = new RootCollection();
     $this->server = new \OCA\DAV\Connector\Sabre\Server($root);
     // Backends
     $authBackend = new Auth(\OC::$server->getSession(), \OC::$server->getUserSession());
     // Set URL explicitly due to reverse-proxy situations
     $this->server->httpRequest->setUrl($this->request->getRequestUri());
     $this->server->setBaseUri($this->baseUri);
     $this->server->addPlugin(new BlockLegacyClientPlugin(\OC::$server->getConfig()));
     $this->server->addPlugin(new Plugin($authBackend, 'ownCloud'));
     $this->server->addPlugin(new \OCA\DAV\Connector\Sabre\DummyGetResponsePlugin());
     $this->server->addPlugin(new \OCA\DAV\Connector\Sabre\ExceptionLoggerPlugin('webdav', $logger));
     $this->server->addPlugin(new \OCA\DAV\Connector\Sabre\LockPlugin());
     $this->server->addPlugin(new \OCA\DAV\Connector\Sabre\ListenerPlugin($dispatcher));
     $this->server->addPlugin(new \Sabre\DAV\Sync\Plugin());
     // acl
     $acl = new \Sabre\DAVACL\Plugin();
     $acl->defaultUsernamePath = 'principals/users';
     $this->server->addPlugin($acl);
     // calendar plugins
     $this->server->addPlugin(new \Sabre\CalDAV\Plugin());
     $this->server->addPlugin(new \Sabre\CalDAV\ICSExportPlugin());
     $senderEmail = \OCP\Util::getDefaultEmailAddress('no-reply');
     $this->server->addPlugin(new \Sabre\CalDAV\Schedule\Plugin());
     $this->server->addPlugin(new \Sabre\CalDAV\Schedule\IMipPlugin($senderEmail));
     $this->server->addPlugin(new \Sabre\CalDAV\SharingPlugin());
     $this->server->addPlugin(new \Sabre\CalDAV\Subscriptions\Plugin());
     $this->server->addPlugin(new \Sabre\CalDAV\Notifications\Plugin());
     $this->server->addPlugin(new CardDAV\Sharing\Plugin($authBackend, \OC::$server->getRequest()));
     // addressbook plugins
     $this->server->addPlugin(new \OCA\DAV\CardDAV\Plugin());
     // system tags plugins
     $this->server->addPlugin(new \OCA\DAV\SystemTag\SystemTagPlugin(\OC::$server->getSystemTagManager()));
     // Finder on OS X requires Class 2 WebDAV support (locking), since we do
     // not provide locking we emulate it using a fake locking plugin.
     if ($request->isUserAgent(['/WebDAVFS/'])) {
         $this->server->addPlugin(new \OCA\DAV\Connector\Sabre\FakeLockerPlugin());
     }
     // wait with registering these until auth is handled and the filesystem is setup
     $this->server->on('beforeMethod', function () {
         // custom properties plugin must be the last one
         $user = \OC::$server->getUserSession()->getUser();
         if (!is_null($user)) {
             $this->server->addPlugin(new \Sabre\DAV\PropertyStorage\Plugin(new CustomPropertiesBackend($this->server->tree, \OC::$server->getDatabaseConnection(), \OC::$server->getUserSession()->getUser())));
         }
     });
 }
 public function testRestoreTrashedNote()
 {
     $file = "some-not-existing-test-file.txt";
     $timestamp = time();
     $this->request->expects($this->at(0))->method("getParam")->with("file_name")->willReturn("/Notes/{$file}");
     $this->request->expects($this->at(1))->method("getParam")->with("timestamp")->willReturn($timestamp);
     $result = $this->controller->restoreTrashedNote();
     $this->assertArrayHasKey("result", $result);
     $this->assertArrayHasKey("path", $result);
     $this->assertArrayHasKey("filename", $result);
     $this->assertFalse($result["result"]);
     $this->assertEquals($result["path"], "//{$file}.d{$timestamp}");
     $this->assertEquals($result["filename"], $file);
 }
 /**
  * request received to ask remote server for a shared secret
  *
  * @return \OC_OCS_Result
  */
 public function receiveSurveyResults()
 {
     $data = $this->request->getParam('data');
     $array = json_decode($data, true);
     if ($array === null) {
         return new \OC_OCS_Result(null, Http::STATUS_BAD_REQUEST, 'Invalid data supplied.');
     }
     try {
         $this->service->add($array);
     } catch (\Exception $e) {
         return new \OC_OCS_Result(null, Http::STATUS_BAD_REQUEST, 'Invalid data supplied.');
     }
     return new \OC_OCS_Result(null, Http::STATUS_OK);
 }
Example #9
0
 /**
  * @param IConfig $config
  * @param ICrypto $crypto
  * @param ISecureRandom $random
  * @param IRequest $request
  */
 public function __construct(IConfig $config, ICrypto $crypto, ISecureRandom $random, IRequest $request)
 {
     $this->crypto = $crypto;
     $this->config = $config;
     $this->random = $random;
     if (!is_null($request->getCookie(self::COOKIE_NAME))) {
         $this->passphrase = $request->getCookie(self::COOKIE_NAME);
     } else {
         $this->passphrase = $this->random->getMediumStrengthGenerator()->generate(128);
         $secureCookie = $request->getServerProtocol() === 'https';
         // FIXME: Required for CI
         if (!defined('PHPUNIT_RUN')) {
             setcookie(self::COOKIE_NAME, $this->passphrase, 0, \OC::$WEBROOT, '', $secureCookie, true);
         }
     }
 }
Example #10
0
 protected function mockRSSToken($requestToken, $userToken, $users)
 {
     if ($requestToken !== null) {
         $this->request->expects($this->any())->method('getParam')->with('token', '')->willReturn($requestToken);
     }
     $this->config->expects($this->any())->method('getUsersForUserValue')->with('activity', 'rsstoken', $userToken)->willReturn($users);
 }
Example #11
0
 /**
  * @param array $headers
  * @param bool $hasMoreActivities
  * @return array
  */
 protected function generateHeaders(array $headers, $hasMoreActivities)
 {
     if ($hasMoreActivities && isset($headers['X-Activity-Last-Given'])) {
         // Set the "Link" header for the next page
         $nextPageParameters = ['since' => $headers['X-Activity-Last-Given'], 'limit' => $this->limit, 'sort' => $this->sort];
         if ($this->objectType && $this->objectId) {
             $nextPageParameters['object_type'] = $this->objectType;
             $nextPageParameters['object_id'] = $this->objectId;
         }
         if ($this->request->getParam('format') !== null) {
             $nextPageParameters['format'] = $this->request->getParam('format');
         }
         $nextPage = $this->request->getServerProtocol();
         # http
         $nextPage .= '://' . $this->request->getServerHost();
         # localhost
         $nextPage .= $this->request->getScriptName();
         # /ocs/v2.php
         $nextPage .= $this->request->getPathInfo();
         # /apps/activity/api/v2/activity
         $nextPage .= '?' . http_build_query($nextPageParameters);
         $headers['Link'] = '<' . $nextPage . '>; rel="next"';
     }
     return $headers;
 }
Example #12
0
 /**
  * @dataProvider dataLoadingJSAndCSS
  * @param string $scriptName
  * @param string $pathInfo
  * @param IUser|null $user
  * @param bool $scriptsAdded
  */
 public function testLoadingJSAndCSS($scriptName, $pathInfo, $user, $scriptsAdded)
 {
     $this->request->expects($this->any())->method('getScriptName')->willReturn($scriptName);
     $this->request->expects($this->any())->method('getPathInfo')->willReturn($pathInfo);
     $this->session->expects($this->once())->method('getUser')->willReturn($user);
     \OC_Util::$scripts = [];
     \OC_Util::$styles = [];
     include __DIR__ . '/../../appinfo/app.php';
     if ($scriptsAdded) {
         $this->assertNotEmpty(\OC_Util::$scripts);
         $this->assertNotEmpty(\OC_Util::$styles);
     } else {
         $this->assertEmpty(\OC_Util::$scripts);
         $this->assertEmpty(\OC_Util::$styles);
     }
 }
Example #13
0
 public function testAddPersonalRootCertificateInvalidCertificate()
 {
     $uploadedFile = ['tmp_name' => __DIR__ . '/../../data/certificates/badCertificate.crt', 'name' => 'badCertificate.crt'];
     $this->request->expects($this->once())->method('getUploadedFile')->with('rootcert_import')->will($this->returnValue($uploadedFile));
     $this->certificateManager->expects($this->once())->method('addCertificate')->with(file_get_contents($uploadedFile['tmp_name'], 'badCertificate.crt'))->will($this->throwException(new \Exception()));
     $expected = new DataResponse('An error occurred.', Http::STATUS_UNPROCESSABLE_ENTITY);
     $this->assertEquals($expected, $this->certificateController->addPersonalRootCertificate());
 }
Example #14
0
 public function testAddGroupWithSpecialChar()
 {
     $this->request->method('getParam')->with('groupid')->willReturn('Iñtërnâtiônàlizætiøn');
     $this->groupManager->method('groupExists')->with('Iñtërnâtiônàlizætiøn')->willReturn(false);
     $this->groupManager->expects($this->once())->method('createGroup')->with('Iñtërnâtiônàlizætiøn');
     $result = $this->api->addGroup([]);
     $this->assertInstanceOf('OC_OCS_Result', $result);
     $this->assertTrue($result->succeeded());
 }
Example #15
0
 /**
  * Load the image.
  */
 protected function processImage()
 {
     // If image has already been read return
     if ($this->image instanceof Image) {
         return;
     }
     $this->image = new Image();
     \OCP\Util::writeLog('contacts', __METHOD__ . ', Content-Type: ' . $this->request->getHeader('Content-Type'), \OCP\Util::DEBUG);
     \OCP\Util::writeLog('contacts', __METHOD__ . ', Content-Length: ' . $this->request->getHeader('Content-Length'), \OCP\Util::DEBUG);
     if (substr($this->request->getHeader('Content-Type'), 0, 6) !== 'image/') {
         throw new \Exception('Only images can be used as contact photo', Http::STATUS_UNSUPPORTED_MEDIA_TYPE);
     }
     $maxSize = \OCP\Util::maxUploadFilesize('/');
     if ($this->request->getHeader('Content-Length') > $maxSize) {
         throw new \Exception(sprintf('The size of the file exceeds the maximum allowed %s', \OCP\Util::humanFileSize($maxSize)), Http::STATUS_REQUEST_ENTITY_TOO_LARGE);
     }
     $this->image->loadFromFileHandle($this->request->put);
 }
Example #16
0
 /**
  * @dataProvider dataGenerateHeaders
  *
  * @param string $sort
  * @param int $limit
  * @param string $objectType
  * @param int $objectId
  * @param string $format
  * @param array $headersIn
  * @param bool $hasMoreActivities
  * @param array $expected
  */
 public function testGenerateHeaders($sort, $limit, $objectType, $objectId, $format, array $headersIn, $hasMoreActivities, array $expected)
 {
     $this->invokePrivate($this->controller, 'sort', [$sort]);
     $this->invokePrivate($this->controller, 'limit', [$limit]);
     $this->invokePrivate($this->controller, 'objectType', [$objectType]);
     $this->invokePrivate($this->controller, 'objectId', [$objectId]);
     $this->request->expects($this->any())->method('getParam')->with('format')->willReturn($format);
     $headers = $this->invokePrivate($this->controller, 'generateHeaders', [$headersIn, $hasMoreActivities]);
     $this->assertEquals($expected, $headers);
 }
 public function testIndexWithRegularBrowser()
 {
     $this->request->expects($this->once())->method('isUserAgent')->with(['/MSIE 8.0/'])->will($this->returnValue(false));
     $this->viewController->expects($this->once())->method('getStorageInfo')->will($this->returnValue(['relative' => 123, 'owner' => 'MyName', 'ownerDisplayName' => 'MyDisplayName']));
     $this->config->expects($this->any())->method('getAppValue')->will($this->returnArgument(2));
     $nav = new Template('files', 'appnavigation');
     $nav->assign('navigationItems', [0 => ['id' => 'files', 'appname' => 'files', 'script' => 'list.php', 'order' => 0, 'name' => new \OC_L10N_String(new \OC_L10N('files'), 'All files', []), 'active' => false, 'icon' => ''], 1 => ['id' => 'favorites', 'appname' => 'files', 'script' => 'simplelist.php', 'order' => 5, 'name' => null, 'active' => false, 'icon' => ''], 2 => ['id' => 'sharingin', 'appname' => 'files_sharing', 'script' => 'list.php', 'order' => 10, 'name' => new \OC_L10N_String(new \OC_L10N('files_sharing'), 'Shared with you', []), 'active' => false, 'icon' => ''], 3 => ['id' => 'sharingout', 'appname' => 'files_sharing', 'script' => 'list.php', 'order' => 15, 'name' => new \OC_L10N_String(new \OC_L10N('files_sharing'), 'Shared with others', []), 'active' => false, 'icon' => ''], 4 => ['id' => 'sharinglinks', 'appname' => 'files_sharing', 'script' => 'list.php', 'order' => 20, 'name' => new \OC_L10N_String(new \OC_L10N('files_sharing'), 'Shared by link', []), 'active' => false, 'icon' => ''], 5 => ['id' => 'trashbin', 'appname' => 'files_trashbin', 'script' => 'list.php', 'order' => 50, 'name' => new \OC_L10N_String(new \OC_L10N('files_trashbin'), 'Deleted files', []), 'active' => false, 'icon' => '']]);
     $expected = new Http\TemplateResponse('files', 'index', ['usedSpacePercent' => 123, 'owner' => 'MyName', 'ownerDisplayName' => 'MyDisplayName', 'isPublic' => false, 'mailNotificationEnabled' => 'no', 'mailPublicNotificationEnabled' => 'no', 'allowShareWithLink' => 'yes', 'appNavigation' => $nav, 'appContents' => [0 => ['id' => 'files', 'content' => null], 1 => ['id' => 'favorites', 'content' => null], 2 => ['id' => 'sharingin', 'content' => null], 3 => ['id' => 'sharingout', 'content' => null], 4 => ['id' => 'sharinglinks', 'content' => null], 5 => ['id' => 'trashbin', 'content' => null]]]);
     $this->assertEquals($expected, $this->viewController->index('MyDir', 'MyView'));
 }
Example #18
0
 /**
  * @dataProvider dataSetLanguageFromRequest
  *
  * @param string|null $app
  * @param string $header
  * @param string|null $requestLanguage
  * @param string[] $availableLanguages
  * @param string $expected
  * @param string $expectedLang
  */
 public function testSetLanguageFromRequest($app, $header, $requestLanguage, array $availableLanguages, $expected, $expectedLang)
 {
     $factory = $this->getFactory(['findAvailableLanguages']);
     $factory->expects($this->once())->method('findAvailableLanguages')->with($app)->willReturn($availableLanguages);
     $this->request->expects($this->once())->method('getHeader')->with('ACCEPT_LANGUAGE')->willReturn($header);
     if ($requestLanguage !== null) {
         $this->invokePrivate($factory, 'requestLanguage', [$requestLanguage]);
     }
     $this->assertSame($expected, $factory->setLanguageFromRequest($app), 'Asserting returned language');
     $this->assertSame($expectedLang, $this->invokePrivate($factory, 'requestLanguage'), 'Asserting stored language');
 }
Example #19
0
 /**
  * @param string $baseUri
  * @param string $requestUri
  * @param BackendInterface $authBackend
  * @param callable $viewCallBack callback that should return the view for the dav endpoint
  * @return Server
  */
 public function createServer($baseUri, $requestUri, BackendInterface $authBackend, callable $viewCallBack)
 {
     // Fire up server
     $objectTree = new \OCA\DAV\Connector\Sabre\ObjectTree();
     $server = new \OCA\DAV\Connector\Sabre\Server($objectTree);
     // Set URL explicitly due to reverse-proxy situations
     $server->httpRequest->setUrl($requestUri);
     $server->setBaseUri($baseUri);
     // Load plugins
     $defaults = new \OC_Defaults();
     $server->addPlugin(new \OCA\DAV\Connector\Sabre\MaintenancePlugin($this->config));
     $server->addPlugin(new \OCA\DAV\Connector\Sabre\BlockLegacyClientPlugin($this->config));
     $server->addPlugin(new \Sabre\DAV\Auth\Plugin($authBackend, $defaults->getName()));
     // FIXME: The following line is a workaround for legacy components relying on being able to send a GET to /
     $server->addPlugin(new \OCA\DAV\Connector\Sabre\DummyGetResponsePlugin());
     $server->addPlugin(new \OCA\DAV\Connector\Sabre\ExceptionLoggerPlugin('webdav', $this->logger));
     $server->addPlugin(new \OCA\DAV\Connector\Sabre\LockPlugin());
     // Some WebDAV clients do require Class 2 WebDAV support (locking), since
     // we do not provide locking we emulate it using a fake locking plugin.
     if ($this->request->isUserAgent(['/WebDAVFS/', '/Microsoft Office OneNote 2013/', '/Microsoft-WebDAV-MiniRedir/'])) {
         $server->addPlugin(new \OCA\DAV\Connector\Sabre\FakeLockerPlugin());
     }
     if (BrowserErrorPagePlugin::isBrowserRequest($this->request)) {
         $server->addPlugin(new BrowserErrorPagePlugin());
     }
     // wait with registering these until auth is handled and the filesystem is setup
     $server->on('beforeMethod', function () use($server, $objectTree, $viewCallBack) {
         // ensure the skeleton is copied
         $userFolder = \OC::$server->getUserFolder();
         /** @var \OC\Files\View $view */
         $view = $viewCallBack($server);
         $rootInfo = $view->getFileInfo('');
         // Create ownCloud Dir
         if ($rootInfo->getType() === 'dir') {
             $root = new \OCA\DAV\Connector\Sabre\Directory($view, $rootInfo, $objectTree);
         } else {
             $root = new \OCA\DAV\Connector\Sabre\File($view, $rootInfo);
         }
         $objectTree->init($root, $view, $this->mountManager);
         $server->addPlugin(new \OCA\DAV\Connector\Sabre\FilesPlugin($objectTree, $view, $this->config, false, !$this->config->getSystemValue('debug', false)));
         $server->addPlugin(new \OCA\DAV\Connector\Sabre\QuotaPlugin($view));
         if ($this->userSession->isLoggedIn()) {
             $server->addPlugin(new \OCA\DAV\Connector\Sabre\TagsPlugin($objectTree, $this->tagManager));
             $server->addPlugin(new \OCA\DAV\Connector\Sabre\SharesPlugin($objectTree, $this->userSession, $userFolder, \OC::$server->getShareManager()));
             $server->addPlugin(new \OCA\DAV\Connector\Sabre\CommentPropertiesPlugin(\OC::$server->getCommentsManager(), $this->userSession));
             $server->addPlugin(new \OCA\DAV\Connector\Sabre\FilesReportPlugin($objectTree, $view, \OC::$server->getSystemTagManager(), \OC::$server->getSystemTagObjectMapper(), $this->userSession, \OC::$server->getGroupManager(), $userFolder));
             // custom properties plugin must be the last one
             $server->addPlugin(new \Sabre\DAV\PropertyStorage\Plugin(new \OCA\DAV\Connector\Sabre\CustomPropertiesBackend($objectTree, $this->databaseConnection, $this->userSession->getUser())));
         }
         $server->addPlugin(new \OCA\DAV\Connector\Sabre\CopyEtagHeaderPlugin());
     }, 30);
     // priority 30: after auth (10) and acl(20), before lock(50) and handling the request
     return $server;
 }
Example #20
0
 private function protectAgainstCSRF()
 {
     $user = $this->auth->getCurrentUser();
     if ($this->auth->isDavAuthenticated($user)) {
         return true;
     }
     if ($this->request->passesCSRFCheck()) {
         return true;
     }
     throw new BadRequest();
 }
Example #21
0
 /**
  * @param int $id
  * @return \OC_OCS_Result
  */
 public function updateShare($id)
 {
     // Try both our default and our federated provider
     $share = null;
     try {
         $share = $this->shareManager->getShareById('ocinternal:' . $id);
     } catch (\OC\Share20\Exception\ShareNotFound $e) {
         //Ignore for now
         //return new \OC_OCS_Result(null, 404, 'wrong share ID, share doesn\'t exist.');
     }
     // Could not find the share as internal share... maybe it is a federated share
     if ($share === null) {
         return \OCA\Files_Sharing\API\Local::updateShare(['id' => $id]);
     }
     if (!$this->canAccessShare($share)) {
         return new \OC_OCS_Result(null, 404, "wrong share Id, share doesn't exist.");
     }
     $permissions = $this->request->getParam('permissions', null);
     $password = $this->request->getParam('password', null);
     $publicUpload = $this->request->getParam('publicUpload', null);
     $expireDate = $this->request->getParam('expireDate', null);
     if ($permissions === null && $password === null && $publicUpload === null && $expireDate === null) {
         return new \OC_OCS_Result(null, 400, 'Wrong or no update parameter given');
     }
     if ($expireDate !== null) {
         try {
             $expireDate = $this->parseDate($expireDate);
         } catch (\Exception $e) {
             return new \OC_OCS_Result(null, 400, $e->getMessage());
         }
         $share->setExpirationDate($expireDate);
     }
     if ($permissions !== null) {
         $permissions = (int) $permissions;
         $share->setPermissions($permissions);
     }
     if ($password !== null) {
         $share->setPassword($password);
     }
     if ($publicUpload === 'true') {
         $share->setPermissions(\OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE);
     } else {
         if ($publicUpload === 'false') {
             $share->setPermissions(\OCP\Constants::PERMISSION_READ);
         }
     }
     try {
         $share = $this->shareManager->updateShare($share);
     } catch (\Exception $e) {
         return new \OC_OCS_Result(null, 400, $e->getMessage());
     }
     return new \OC_OCS_Result($this->formatShare($share));
 }
Example #22
0
File: auth.php Project: gvde/core
 public function testAuthenticateAlreadyLoggedInWithCsrfTokenForGet()
 {
     $request = $this->getMockBuilder('Sabre\\HTTP\\RequestInterface')->disableOriginalConstructor()->getMock();
     $response = $this->getMockBuilder('Sabre\\HTTP\\ResponseInterface')->disableOriginalConstructor()->getMock();
     $this->userSession->expects($this->exactly(2))->method('isLoggedIn')->will($this->returnValue(true));
     $this->session->expects($this->exactly(2))->method('get')->with('AUTHENTICATED_TO_DAV_BACKEND')->will($this->returnValue(null));
     $user = $this->getMockBuilder('\\OCP\\IUser')->disableOriginalConstructor()->getMock();
     $user->expects($this->exactly(2))->method('getUID')->will($this->returnValue('MyWrongDavUser'));
     $this->userSession->expects($this->exactly(2))->method('getUser')->will($this->returnValue($user));
     $this->request->expects($this->once())->method('passesCSRFCheck')->willReturn(true);
     $response = $this->auth->check($request, $response);
     $this->assertEquals([true, 'principals/users/MyWrongDavUser'], $response);
 }
Example #23
0
 /**
  * create shared secret and return it
  *
  * @return \OC_OCS_Result
  */
 public function getSharedSecret()
 {
     $url = $this->request->getParam('url');
     $token = $this->request->getParam('token');
     if ($this->trustedServers->isTrustedServer($url) === false || $this->isValidToken($url, $token) === false) {
         return new \OC_OCS_Result(null, HTTP::STATUS_FORBIDDEN);
     }
     $sharedSecret = $this->secureRandom->getMediumStrengthGenerator()->generate(32);
     $this->trustedServers->addSharedSecret($url, $sharedSecret);
     // reset token after the exchange of the shared secret was successful
     $this->dbHandler->addToken($url, '');
     return new \OC_OCS_Result(['sharedSecret' => $sharedSecret], Http::STATUS_OK);
 }
Example #24
0
 public function __construct(IRequest $request, $baseUri)
 {
     $this->request = $request;
     $this->baseUri = $baseUri;
     $root = new RootCollection();
     $this->server = new \OCA\DAV\Connector\Sabre\Server($root);
     // Backends
     $authBackend = new Auth(\OC::$server->getSession(), \OC::$server->getUserSession());
     // Set URL explicitly due to reverse-proxy situations
     $this->server->httpRequest->setUrl($this->request->getRequestUri());
     $this->server->setBaseUri($this->baseUri);
     $this->server->addPlugin(new BlockLegacyClientPlugin(\OC::$server->getConfig()));
     $this->server->addPlugin(new Plugin($authBackend, 'ownCloud'));
     // wait with registering these until auth is handled and the filesystem is setup
     $this->server->on('beforeMethod', function () {
         // custom properties plugin must be the last one
         $user = \OC::$server->getUserSession()->getUser();
         if (!is_null($user)) {
             $this->server->addPlugin(new \Sabre\DAV\PropertyStorage\Plugin(new CustomPropertiesBackend($this->server->tree, \OC::$server->getDatabaseConnection(), \OC::$server->getUserSession()->getUser())));
         }
     });
 }
Example #25
0
 /**
  * Get the user for the token
  *
  * @return string
  * @throws \UnexpectedValueException If the token is invalid, does not exist or is not unique
  */
 protected function getUserFromToken()
 {
     $token = (string) $this->request->getParam('token', '');
     if (strlen($token) !== 30) {
         throw new \UnexpectedValueException('The token is invalid');
     }
     $users = $this->config->getUsersForUserValue('activity', 'rsstoken', $token);
     if (sizeof($users) !== 1) {
         // No unique user found
         throw new \UnexpectedValueException('The token is invalid');
     }
     // Token found login as that user
     return array_shift($users);
 }
 public function testIndexWithRegularBrowser()
 {
     $this->request->expects($this->once())->method('isUserAgent')->with(['/MSIE 8.0/'])->will($this->returnValue(false));
     $this->viewController->expects($this->once())->method('getStorageInfo')->will($this->returnValue(['relative' => 123, 'owner' => 'MyName', 'ownerDisplayName' => 'MyDisplayName']));
     $this->config->expects($this->exactly(3))->method('getUserValue')->will($this->returnValueMap([[$this->user->getUID(), 'files', 'file_sorting', 'name', 'name'], [$this->user->getUID(), 'files', 'file_sorting_direction', 'asc', 'asc'], [$this->user->getUID(), 'files', 'show_hidden', false, false]]));
     $this->config->expects($this->any())->method('getAppValue')->will($this->returnArgument(2));
     $nav = new Template('files', 'appnavigation');
     $nav->assign('navigationItems', [['id' => 'files', 'appname' => 'files', 'script' => 'list.php', 'order' => 0, 'name' => new \OC_L10N_String(new \OC_L10N('files'), 'All files', []), 'active' => false, 'icon' => ''], ['id' => 'favorites', 'appname' => 'files', 'script' => 'simplelist.php', 'order' => 5, 'name' => null, 'active' => false, 'icon' => ''], ['id' => 'sharingin', 'appname' => 'files_sharing', 'script' => 'list.php', 'order' => 10, 'name' => new \OC_L10N_String(new \OC_L10N('files_sharing'), 'Shared with you', []), 'active' => false, 'icon' => ''], ['id' => 'sharingout', 'appname' => 'files_sharing', 'script' => 'list.php', 'order' => 15, 'name' => new \OC_L10N_String(new \OC_L10N('files_sharing'), 'Shared with others', []), 'active' => false, 'icon' => ''], ['id' => 'sharinglinks', 'appname' => 'files_sharing', 'script' => 'list.php', 'order' => 20, 'name' => new \OC_L10N_String(new \OC_L10N('files_sharing'), 'Shared by link', []), 'active' => false, 'icon' => ''], ['id' => 'systemtagsfilter', 'appname' => 'systemtags', 'script' => 'list.php', 'order' => 25, 'name' => new \OC_L10N_String(new \OC_L10N('systemtags'), 'Tags', []), 'active' => false, 'icon' => ''], ['id' => 'trashbin', 'appname' => 'files_trashbin', 'script' => 'list.php', 'order' => 50, 'name' => new \OC_L10N_String(new \OC_L10N('files_trashbin'), 'Deleted files', []), 'active' => false, 'icon' => '']]);
     $expected = new Http\TemplateResponse('files', 'index', ['usedSpacePercent' => 123, 'owner' => 'MyName', 'ownerDisplayName' => 'MyDisplayName', 'isPublic' => false, 'defaultFileSorting' => 'name', 'defaultFileSortingDirection' => 'asc', 'showHiddenFiles' => false, 'mailNotificationEnabled' => 'no', 'mailPublicNotificationEnabled' => 'no', 'allowShareWithLink' => 'yes', 'appNavigation' => $nav, 'appContents' => [['id' => 'files', 'content' => null], ['id' => 'favorites', 'content' => null], ['id' => 'sharingin', 'content' => null], ['id' => 'sharingout', 'content' => null], ['id' => 'sharinglinks', 'content' => null], ['id' => 'systemtagsfilter', 'content' => null], ['id' => 'trashbin', 'content' => null]]]);
     $policy = new Http\ContentSecurityPolicy();
     $policy->addAllowedFrameDomain('\'self\'');
     $expected->setContentSecurityPolicy($policy);
     $this->assertEquals($expected, $this->viewController->index('MyDir', 'MyView'));
 }
Example #27
0
 /**
  * creates a new group
  *
  * @param array $parameters
  * @return OC_OCS_Result
  */
 public function addGroup($parameters)
 {
     // Validate name
     $groupId = $this->request->getParam('groupid', '');
     if (empty($groupId)) {
         \OCP\Util::writeLog('provisioning_api', 'Group name not supplied', \OCP\Util::ERROR);
         return new OC_OCS_Result(null, 101, 'Invalid group name');
     }
     // Check if it exists
     if ($this->groupManager->groupExists($groupId)) {
         return new OC_OCS_Result(null, 102);
     }
     $this->groupManager->createGroup($groupId);
     return new OC_OCS_Result(null, 100);
 }
Example #28
0
 /**
  * creates a new group
  *
  * @param array $parameters
  * @return OC_OCS_Result
  */
 public function addGroup($parameters)
 {
     // Validate name
     $groupId = $this->request->getParam('groupid', '');
     if (preg_match('/[^a-zA-Z0-9 _\\.@\\-]/', $groupId) || empty($groupId)) {
         \OCP\Util::writeLog('provisioning_api', 'Attempt made to create group using invalid characters.', \OCP\Util::ERROR);
         return new OC_OCS_Result(null, 101, 'Invalid group name');
     }
     // Check if it exists
     if ($this->groupManager->groupExists($groupId)) {
         return new OC_OCS_Result(null, 102);
     }
     $this->groupManager->createGroup($groupId);
     return new OC_OCS_Result(null, 100);
 }
 /**
  * If an SecurityException is being caught, ajax requests return a JSON error
  * response and non ajax requests redirect to the index
  * @param Controller $controller the controller that is being called
  * @param string $methodName the name of the method that will be called on
  *                           the controller
  * @param \Exception $exception the thrown exception
  * @throws \Exception the passed in exception if it cant handle it
  * @return Response a Response object or null in case that the exception could not be handled
  */
 public function afterException($controller, $methodName, \Exception $exception)
 {
     if ($exception instanceof SecurityException) {
         if (stripos($this->request->getHeader('Accept'), 'html') === false) {
             $response = new JSONResponse(array('message' => $exception->getMessage()), $exception->getCode());
             $this->app->log($exception->getMessage(), 'debug');
         } else {
             // TODO: replace with link to route
             $url = $this->app->getServer()->getURLGenerator()->getAbsoluteURL('index.php');
             $response = new RedirectResponse($url);
             $this->app->log($exception->getMessage(), 'debug');
         }
         return $response;
     }
     throw $exception;
 }
Example #30
0
 public function testAuthenticateNoBasicAuthenticateHeadersProvidedWithAjaxButUserIsStillLoggedIn()
 {
     /** @var \Sabre\HTTP\RequestInterface $httpRequest */
     $httpRequest = $this->getMockBuilder('\\Sabre\\HTTP\\RequestInterface')->disableOriginalConstructor()->getMock();
     /** @var \Sabre\HTTP\ResponseInterface $httpResponse */
     $httpResponse = $this->getMockBuilder('\\Sabre\\HTTP\\ResponseInterface')->disableOriginalConstructor()->getMock();
     /** @var IUser */
     $user = $this->getMock('OCP\\IUser');
     $user->method('getUID')->willReturn('MyTestUser');
     $this->userSession->expects($this->any())->method('isLoggedIn')->will($this->returnValue(true));
     $this->userSession->expects($this->any())->method('getUser')->willReturn($user);
     $this->session->expects($this->atLeastOnce())->method('get')->with('AUTHENTICATED_TO_DAV_BACKEND')->will($this->returnValue('MyTestUser'));
     $this->request->expects($this->once())->method('getMethod')->willReturn('GET');
     $httpRequest->expects($this->atLeastOnce())->method('getHeader')->with('Authorization')->will($this->returnValue(null));
     $this->assertEquals([true, 'principals/users/MyTestUser'], $this->auth->check($httpRequest, $httpResponse));
 }