public static function sendEmail($args)
{
if (OC_User::userExists($_POST['user'])) {
$token = hash('sha256', OC_Util::generate_random_bytes(30) . OC_Config::getValue('passwordsalt', ''));
OC_Preferences::setValue($_POST['user'], 'owncloud', 'lostpassword', hash('sha256', $token));
// Hash the token again to prevent timing attacks
$email = OC_Preferences::getValue($_POST['user'], 'settings', 'email', '');
if (!empty($email)) {
$link = OC_Helper::linkToRoute('core_lostpassword_reset', array('user' => $_POST['user'], 'token' => $token));
$link = OC_Helper::makeURLAbsolute($link);
$tmpl = new OC_Template('core/lostpassword', 'email');
$tmpl->assign('link', $link, false);
$msg = $tmpl->fetchPage();
$l = OC_L10N::get('core');
$from = 'lostpassword-noreply@' . OCP\Util::getServerHost();
OC_Mail::send($email, $_POST['user'], $l->t('ownCloud password reset'), $msg, $from, 'ownCloud');
echo 'Mailsent';
self::displayLostPasswordPage(false, true);
} else {
self::displayLostPasswordPage(true, false);
}
} else {
self::displayLostPasswordPage(true, false);
}
}
public static function sendEmail($args)
{
$isEncrypted = OC_App::isEnabled('files_encryption');
if (!$isEncrypted || isset($_POST['continue'])) {
$continue = true;
} else {
$continue = false;
}
if (OC_User::userExists($_POST['user']) && $continue) {
$token = hash('sha256', OC_Util::generate_random_bytes(30) . OC_Config::getValue('passwordsalt', ''));
OC_Preferences::setValue($_POST['user'], 'owncloud', 'lostpassword', hash('sha256', $token));
// Hash the token again to prevent timing attacks
$email = OC_Preferences::getValue($_POST['user'], 'settings', 'email', '');
if (!empty($email)) {
$link = OC_Helper::linkToRoute('core_lostpassword_reset', array('user' => $_POST['user'], 'token' => $token));
$link = OC_Helper::makeURLAbsolute($link);
$tmpl = new OC_Template('core/lostpassword', 'email');
$tmpl->assign('link', $link, false);
$msg = $tmpl->fetchPage();
$l = OC_L10N::get('core');
$from = OCP\Util::getDefaultEmailAddress('lostpassword-noreply');
try {
OC_Mail::send($email, $_POST['user'], $l->t('ownCloud password reset'), $msg, $from, 'ownCloud');
} catch (Exception $e) {
OC_Template::printErrorPage('A problem occurs during sending the e-mail please contact your administrator.');
}
self::displayLostPasswordPage(false, true);
} else {
self::displayLostPasswordPage(true, false);
}
} else {
self::displayLostPasswordPage(true, false);
}
}
/**
* Share an item, adds an entry into the database
* @param $source The source location of the item
* @param $uid_shared_with The user or group to share the item with
* @param $permissions The permissions, use the constants WRITE and DELETE
*/
public function __construct($source, $uid_shared_with, $permissions)
{
$uid_owner = OC_User::getUser();
$query = OC_DB::prepare("INSERT INTO *PREFIX*sharing VALUES(?,?,?,?,?)");
if ($uid_shared_with == self::PUBLICLINK) {
$token = sha1("{$uid_shared_with}-{$source}");
$query->execute(array($uid_owner, self::PUBLICLINK, $source, $token, $permissions));
$this->token = $token;
} else {
if (OC_Group::groupExists($uid_shared_with)) {
$gid = $uid_shared_with;
$uid_shared_with = OC_Group::usersInGroup($gid);
// Remove the owner from the list of users in the group
$uid_shared_with = array_diff($uid_shared_with, array($uid_owner));
} else {
if (OC_User::userExists($uid_shared_with)) {
$gid = null;
$uid_shared_with = array($uid_shared_with);
} else {
throw new Exception($uid_shared_with . " is not a user");
}
}
foreach ($uid_shared_with as $uid) {
// Check if this item is already shared with the user
$checkSource = OC_DB::prepare("SELECT source FROM *PREFIX*sharing WHERE source = ? AND uid_shared_with " . self::getUsersAndGroups($uid));
$resultCheckSource = $checkSource->execute(array($source, $uid))->fetchAll();
// TODO Check if the source is inside a folder
if (count($resultCheckSource) > 0 && !isset($gid)) {
throw new Exception("This item is already shared with " . $uid);
}
// Check if the target already exists for the user, if it does append a number to the name
$sharedFolder = "/" . $uid . "/files/Shared";
$target = $sharedFolder . "/" . basename($source);
if (self::getSource($target)) {
if ($pos = strrpos($target, ".")) {
$name = substr($target, 0, $pos);
$ext = substr($target, $pos);
} else {
$name = $target;
$ext = "";
}
$counter = 1;
while ($checkTarget !== false) {
$newTarget = $name . "_" . $counter . $ext;
$checkTarget = self::getSource($newTarget);
$counter++;
}
$target = $newTarget;
}
if (isset($gid)) {
$uid = $uid . "@" . $gid;
}
$query->execute(array($uid_owner, $uid, $source, $target, $permissions));
// Clear the folder size cache for the 'Shared' folder
$clearFolderSize = OC_DB::prepare("DELETE FROM *PREFIX*foldersize WHERE path = ?");
$clearFolderSize->execute(array($sharedFolder));
}
}
}
/**
* Returns a specific principal, specified by it's path.
* The returned structure should be the exact same as from
* getPrincipalsByPrefix.
*
* @param string $path
* @return array
*/
public function getPrincipalByPath($path)
{
list($prefix, $name) = explode('/', $path);
if ($prefix == 'principals' && OC_User::userExists($name)) {
return array('uri' => 'principals/' . $name, '{DAV:}displayname' => $name);
}
return null;
}
public static function post_login($parameters)
{
$uid = $parameters['uid'];
$samlBackend = new OC_USER_SAML();
if ($samlBackend->auth->isAuthenticated()) {
$attributes = $samlBackend->auth->getAttributes();
if (array_key_exists($samlBackend->usernameMapping, $attributes) && $attributes[$samlBackend->usernameMapping][0] == $uid) {
$attributes = $samlBackend->auth->getAttributes();
if (array_key_exists($samlBackend->mailMapping, $attributes)) {
$saml_email = $attributes[$samlBackend->mailMapping][0];
}
if (array_key_exists($samlBackend->groupMapping, $attributes)) {
$saml_groups = $attributes[$samlBackend->groupMapping];
} else {
if (!empty($samlBackend->defaultGroup)) {
$saml_groups = array($samlBackend->defaultGroup);
OC_Log::write('saml', 'Using default group "' . $samlBackend->defaultGroup . '" for the user: '******'/[^a-zA-Z0-9 _\\.@\\-]/', $uid)) {
OC_Log::write('saml', 'Invalid username "' . $uid . '", allowed chars "a-zA-Z0-9" and "_.@-" ', OC_Log::DEBUG);
return false;
} else {
$random_password = random_password();
OC_Log::write('saml', 'Creating new user: '******'saml', 'Updating data of the user: ' . $uid, OC_Log::DEBUG);
if (isset($saml_email)) {
update_mail($uid, $saml_email);
}
if (isset($saml_groups)) {
update_groups($uid, $saml_groups, $samlBackend->protectedGroups, false);
}
}
}
return true;
}
}
return false;
}
/**
* Returns a specific principal, specified by it's path.
* The returned structure should be the exact same as from
* getPrincipalsByPrefix.
*
* @param string $path
* @return array
*/
public function getPrincipalByPath($path)
{
list($prefix, $name) = explode('/', $path);
if ($prefix == 'principals' && OC_User::userExists($name)) {
$principal = array('uri' => 'principals/' . $name, '{DAV:}displayname' => $name);
$email = \OCP\Config::getUserValue($user, 'settings', 'email');
if ($email) {
$principal['{http://sabredav.org/ns}email-address'] = $email;
}
return $principal;
}
return null;
}
protected function loginWithEncryption($user = '')
{
\OC_Util::tearDownFS();
\OC_User::setUserId('');
// needed for fully logout
\OC::$server->getUserSession()->setUser(null);
Filesystem::tearDown();
\OC_User::setUserId($user);
$this->postLogin();
\OC_Util::setupFS($user);
if (\OC_User::userExists($user)) {
\OC::$server->getUserFolder($user);
}
}
public static function getUserPrivatekey($parameters)
{
$user = OC_User::getUser();
if (OC_User::isAdminUser($user) or $user == $parameters['user']) {
if (OC_User::userExists($user)) {
// calculate the disc space
$txt = 'this is the private key of ' . $parameters['user'];
echo $txt;
} else {
return new OC_OCS_Result(null, 300, 'User does not exist');
}
} else {
return new OC_OCS_Result('null', 300, 'You don´t have permission to access this ressource.');
}
}
public function testGetUserOnNonExistingUser()
{
$user = $this->generateUsers();
\OC_Group::addToGroup($user, 'admin');
self::loginAsUser($user);
$params = array();
$params['userid'] = $this->getUniqueID();
while (\OC_User::userExists($params['userid'])) {
$params['userid'] = $this->getUniqueID();
}
$result = \OCA\provisioning_API\Users::getUser($params);
$this->assertInstanceOf('OC_OCS_Result', $result);
$this->assertFalse($result->succeeded());
$this->assertEquals(\OCP\API::RESPOND_NOT_FOUND, $result->getStatusCode());
}
public static function webDavLogin($userID, $password)
{
$config = \OC::$server->getSystemConfig();
RequestManager::init($config->getValue("sso_portal_url"), $config->getValue("sso_requests"));
$authInfo = WebDavAuthInfo::get($userID, $password);
$userInfo = RequestManager::getRequest(ISingleSignOnRequest::INFO);
$userInfo->setup(array("action" => "webDavLogin"));
if (!$userInfo->send($authInfo)) {
return;
}
if ($config->getValue("sso_multiple_region")) {
self::redirectRegion($userInfo, $config->getValue("sso_regions"), $config->getValue("sso_owncloud_url"));
}
if (!\OC_User::userExists($userInfo->getUserId())) {
return self::firstLogin($userInfo, $authInfo);
}
if ($authInfo) {
return self::login($userInfo, $authInfo);
}
return false;
}
/**
* gets user info
*
* exposes the quota of an user:
* <data>
* <quota>
* <free>1234</free>
* <used>4321</used>
* <total>5555</total>
* <ralative>0.78</ralative>
* </quota>
* </data>
*
* @param array $parameters should contain parameter 'userid' which identifies
* the user from whom the information will be returned
*/
public static function getUser($parameters)
{
$return = array();
// Check if they are viewing information on themselves
if ($parameters['userid'] === OC_User::getUser()) {
// Self lookup
$storage = OC_Helper::getStorageInfo('/');
$return['quota'] = array('free' => $storage['free'], 'used' => $storage['used'], 'total' => $storage['total'], 'relative' => $storage['relative']);
}
if (OC_User::isAdminUser(OC_User::getUser()) || OC_Subadmin::isUserAccessible(OC_User::getUser(), $parameters['userid'])) {
if (OC_User::userExists($parameters['userid'])) {
// Is an admin/subadmin so can see display name
$return['displayname'] = OC_User::getDisplayName($parameters['userid']);
} else {
return new OC_OCS_Result(null, 101);
}
}
if (count($return)) {
return new OC_OCS_Result($return);
} else {
// No permission to view this user data
return new OC_OCS_Result(null, 997);
}
}
protected static function tryRememberLogin()
{
if (!isset($_COOKIE["oc_remember_login"]) || !isset($_COOKIE["oc_token"]) || !isset($_COOKIE["oc_username"]) || !$_COOKIE["oc_remember_login"]) {
return false;
}
OC_App::loadApps(array('authentication'));
if (defined("DEBUG") && DEBUG) {
OC_Log::write('core', 'Trying to login from cookie', OC_Log::DEBUG);
}
// confirm credentials in cookie
if (isset($_COOKIE['oc_token']) && OC_User::userExists($_COOKIE['oc_username'])) {
// delete outdated cookies
self::cleanupLoginTokens($_COOKIE['oc_username']);
// get stored tokens
$tokens = OC_Preferences::getKeys($_COOKIE['oc_username'], 'login_token');
// test cookies token against stored tokens
if (in_array($_COOKIE['oc_token'], $tokens, true)) {
// replace successfully used token with a new one
OC_Preferences::deleteKey($_COOKIE['oc_username'], 'login_token', $_COOKIE['oc_token']);
$token = OC_Util::generate_random_bytes(32);
OC_Preferences::setValue($_COOKIE['oc_username'], 'login_token', $token, time());
OC_User::setMagicInCookie($_COOKIE['oc_username'], $token);
// login
OC_User::setUserId($_COOKIE['oc_username']);
OC_Util::redirectToDefaultPage();
// doesn't return
}
// if you reach this point you have changed your password
// or you are an attacker
// we can not delete tokens here because users may reach
// this point multiple times after a password change
OC_Log::write('core', 'Authentication cookie rejected for user ' . $_COOKIE['oc_username'], OC_Log::WARN);
}
OC_User::unsetMagicInCookie();
return true;
}
/**
* @brief Add a user to a group
* @param $uid Name of the user to add to group
* @param $gid Name of the group in which add the user
* @returns true/false
*
* Adds a user to a group.
*/
public static function addToGroup($uid, $gid)
{
// Does the user exist?
if (!OC_User::userExists($uid)) {
return false;
}
// Does the group exist?
if (!OC_Group::groupExists($gid)) {
return false;
}
// Go go go
$run = true;
OC_Hook::emit("OC_Group", "pre_addToGroup", array("run" => &$run, "uid" => $uid, "gid" => $gid));
if ($run && self::$_backend->addToGroup($uid, $gid)) {
OC_Hook::emit("OC_Group", "post_addToGroup", array("uid" => $uid, "gid" => $gid));
return true;
} else {
return false;
}
}
/**
* Share an item with a user, group, or via private link
* @param string $itemType
* @param string $itemSource
* @param int $shareType SHARE_TYPE_USER, SHARE_TYPE_GROUP, or SHARE_TYPE_LINK
* @param string $shareWith User or group the item is being shared with
* @param int $permissions CRUDS
* @param string $itemSourceName
* @param \DateTime $expirationDate
* @return boolean|string Returns true on success or false on failure, Returns token on success for links
* @throws \Exception
*/
public static function shareItem($itemType, $itemSource, $shareType, $shareWith, $permissions, $itemSourceName = null, \DateTime $expirationDate = null)
{
$uidOwner = \OC_User::getUser();
$shareWithinGroupOnly = self::shareWithGroupMembersOnly();
$l = \OC_L10N::get('lib');
if (is_null($itemSourceName)) {
$itemSourceName = $itemSource;
}
// check if file can be shared
if ($itemType === 'file' or $itemType === 'folder') {
$path = \OC\Files\Filesystem::getPath($itemSource);
// verify that the file exists before we try to share it
if (!$path) {
$message = 'Sharing %s failed, because the file does not exist';
$message_t = $l->t('Sharing %s failed, because the file does not exist', array($itemSourceName));
\OC_Log::write('OCP\\Share', sprintf($message, $itemSourceName), \OC_Log::ERROR);
throw new \Exception($message_t);
}
// verify that the user has share permission
if (!\OC\Files\Filesystem::isSharable($path)) {
$message = 'You are not allowed to share %s';
$message_t = $l->t('You are not allowed to share %s', array($itemSourceName));
\OC_Log::write('OCP\\Share', sprintf($message, $itemSourceName), \OC_Log::ERROR);
throw new \Exception($message_t);
}
}
//verify that we don't share a folder which already contains a share mount point
if ($itemType === 'folder') {
$path = '/' . $uidOwner . '/files' . \OC\Files\Filesystem::getPath($itemSource) . '/';
$mountManager = \OC\Files\Filesystem::getMountManager();
$mounts = $mountManager->findIn($path);
foreach ($mounts as $mount) {
if ($mount->getStorage()->instanceOfStorage('\\OCA\\Files_Sharing\\ISharedStorage')) {
$message = 'Sharing "' . $itemSourceName . '" failed, because it contains files shared with you!';
\OC_Log::write('OCP\\Share', $message, \OC_Log::ERROR);
throw new \Exception($message);
}
}
}
// single file shares should never have delete permissions
if ($itemType === 'file') {
$permissions = (int) $permissions & ~\OCP\PERMISSION_DELETE;
}
// Verify share type and sharing conditions are met
if ($shareType === self::SHARE_TYPE_USER) {
if ($shareWith == $uidOwner) {
$message = 'Sharing %s failed, because the user %s is the item owner';
$message_t = $l->t('Sharing %s failed, because the user %s is the item owner', array($itemSourceName, $shareWith));
\OC_Log::write('OCP\\Share', sprintf($message, $itemSourceName, $shareWith), \OC_Log::ERROR);
throw new \Exception($message_t);
}
if (!\OC_User::userExists($shareWith)) {
$message = 'Sharing %s failed, because the user %s does not exist';
$message_t = $l->t('Sharing %s failed, because the user %s does not exist', array($itemSourceName, $shareWith));
\OC_Log::write('OCP\\Share', sprintf($message, $itemSourceName, $shareWith), \OC_Log::ERROR);
throw new \Exception($message_t);
}
if ($shareWithinGroupOnly) {
$inGroup = array_intersect(\OC_Group::getUserGroups($uidOwner), \OC_Group::getUserGroups($shareWith));
if (empty($inGroup)) {
$message = 'Sharing %s failed, because the user ' . '%s is not a member of any groups that %s is a member of';
$message_t = $l->t('Sharing %s failed, because the user %s is not a member of any groups that %s is a member of', array($itemSourceName, $shareWith, $uidOwner));
\OC_Log::write('OCP\\Share', sprintf($message, $itemSourceName, $shareWith, $uidOwner), \OC_Log::ERROR);
throw new \Exception($message_t);
}
}
// Check if the item source is already shared with the user, either from the same owner or a different user
if ($checkExists = self::getItems($itemType, $itemSource, self::$shareTypeUserAndGroups, $shareWith, null, self::FORMAT_NONE, null, 1, true, true)) {
// Only allow the same share to occur again if it is the same
// owner and is not a user share, this use case is for increasing
// permissions for a specific user
if ($checkExists['uid_owner'] != $uidOwner || $checkExists['share_type'] == $shareType) {
$message = 'Sharing %s failed, because this item is already shared with %s';
$message_t = $l->t('Sharing %s failed, because this item is already shared with %s', array($itemSourceName, $shareWith));
\OC_Log::write('OCP\\Share', sprintf($message, $itemSourceName, $shareWith), \OC_Log::ERROR);
throw new \Exception($message_t);
}
}
} else {
if ($shareType === self::SHARE_TYPE_GROUP) {
if (!\OC_Group::groupExists($shareWith)) {
$message = 'Sharing %s failed, because the group %s does not exist';
$message_t = $l->t('Sharing %s failed, because the group %s does not exist', array($itemSourceName, $shareWith));
\OC_Log::write('OCP\\Share', sprintf($message, $itemSourceName, $shareWith), \OC_Log::ERROR);
throw new \Exception($message_t);
}
if ($shareWithinGroupOnly && !\OC_Group::inGroup($uidOwner, $shareWith)) {
$message = 'Sharing %s failed, because ' . '%s is not a member of the group %s';
$message_t = $l->t('Sharing %s failed, because %s is not a member of the group %s', array($itemSourceName, $uidOwner, $shareWith));
\OC_Log::write('OCP\\Share', sprintf($message, $itemSourceName, $uidOwner, $shareWith), \OC_Log::ERROR);
throw new \Exception($message_t);
}
// Check if the item source is already shared with the group, either from the same owner or a different user
// The check for each user in the group is done inside the put() function
if ($checkExists = self::getItems($itemType, $itemSource, self::SHARE_TYPE_GROUP, $shareWith, null, self::FORMAT_NONE, null, 1, true, true)) {
// Only allow the same share to occur again if it is the same
// owner and is not a group share, this use case is for increasing
// permissions for a specific user
if ($checkExists['uid_owner'] != $uidOwner || $checkExists['share_type'] == $shareType) {
$message = 'Sharing %s failed, because this item is already shared with %s';
$message_t = $l->t('Sharing %s failed, because this item is already shared with %s', array($itemSourceName, $shareWith));
\OC_Log::write('OCP\\Share', sprintf($message, $itemSourceName, $shareWith), \OC_Log::ERROR);
throw new \Exception($message_t);
}
}
// Convert share with into an array with the keys group and users
$group = $shareWith;
$shareWith = array();
$shareWith['group'] = $group;
$shareWith['users'] = array_diff(\OC_Group::usersInGroup($group), array($uidOwner));
} else {
if ($shareType === self::SHARE_TYPE_LINK) {
$updateExistingShare = false;
if (\OC_Appconfig::getValue('core', 'shareapi_allow_links', 'yes') == 'yes') {
// when updating a link share
// FIXME Don't delete link if we update it
if ($checkExists = self::getItems($itemType, $itemSource, self::SHARE_TYPE_LINK, null, $uidOwner, self::FORMAT_NONE, null, 1)) {
// remember old token
$oldToken = $checkExists['token'];
$oldPermissions = $checkExists['permissions'];
//delete the old share
Helper::delete($checkExists['id']);
$updateExistingShare = true;
}
// Generate hash of password - same method as user passwords
if (!empty($shareWith)) {
$forcePortable = CRYPT_BLOWFISH != 1;
$hasher = new \PasswordHash(8, $forcePortable);
$shareWith = $hasher->HashPassword($shareWith . \OC_Config::getValue('passwordsalt', ''));
} else {
// reuse the already set password, but only if we change permissions
// otherwise the user disabled the password protection
if ($checkExists && (int) $permissions !== (int) $oldPermissions) {
$shareWith = $checkExists['share_with'];
}
}
if (\OCP\Util::isPublicLinkPasswordRequired() && empty($shareWith)) {
$message = 'You need to provide a password to create a public link, only protected links are allowed';
$message_t = $l->t('You need to provide a password to create a public link, only protected links are allowed');
\OC_Log::write('OCP\\Share', $message, \OC_Log::ERROR);
throw new \Exception($message_t);
}
if ($updateExistingShare === false && self::isDefaultExpireDateEnabled() && empty($expirationDate)) {
$expirationDate = Helper::calcExpireDate();
}
// Generate token
if (isset($oldToken)) {
$token = $oldToken;
} else {
$token = \OC_Util::generateRandomBytes(self::TOKEN_LENGTH);
}
$result = self::put($itemType, $itemSource, $shareType, $shareWith, $uidOwner, $permissions, null, $token, $itemSourceName, $expirationDate);
if ($result) {
return $token;
} else {
return false;
}
}
$message = 'Sharing %s failed, because sharing with links is not allowed';
$message_t = $l->t('Sharing %s failed, because sharing with links is not allowed', array($itemSourceName));
\OC_Log::write('OCP\\Share', sprintf($message, $itemSourceName), \OC_Log::ERROR);
throw new \Exception($message_t);
return false;
} else {
// Future share types need to include their own conditions
$message = 'Share type %s is not valid for %s';
$message_t = $l->t('Share type %s is not valid for %s', array($shareType, $itemSource));
\OC_Log::write('OCP\\Share', sprintf($message, $shareType, $itemSource), \OC_Log::ERROR);
throw new \Exception($message_t);
}
}
}
// Put the item into the database
return self::put($itemType, $itemSource, $shareType, $shareWith, $uidOwner, $permissions, null, null, $itemSourceName, $expirationDate);
}
/**
* Share an item with a user, group, or via private link
* @param string $itemType
* @param string $itemSource
* @param int $shareType SHARE_TYPE_USER, SHARE_TYPE_GROUP, or SHARE_TYPE_LINK
* @param string $shareWith User or group the item is being shared with
* @param int $permissions CRUDS
* @param string $itemSourceName
* @param \DateTime $expirationDate
* @param bool $passwordChanged
* @return boolean|string Returns true on success or false on failure, Returns token on success for links
* @throws \OC\HintException when the share type is remote and the shareWith is invalid
* @throws \Exception
*/
public static function shareItem($itemType, $itemSource, $shareType, $shareWith, $permissions, $itemSourceName = null, \DateTime $expirationDate = null, $passwordChanged = null)
{
$backend = self::getBackend($itemType);
$l = \OC::$server->getL10N('lib');
if ($backend->isShareTypeAllowed($shareType) === false) {
$message = 'Sharing %s failed, because the backend does not allow shares from type %i';
$message_t = $l->t('Sharing %s failed, because the backend does not allow shares from type %i', array($itemSourceName, $shareType));
\OCP\Util::writeLog('OCP\\Share', sprintf($message, $itemSourceName, $shareType), \OCP\Util::DEBUG);
throw new \Exception($message_t);
}
$uidOwner = \OC_User::getUser();
$shareWithinGroupOnly = self::shareWithGroupMembersOnly();
if (is_null($itemSourceName)) {
$itemSourceName = $itemSource;
}
$itemName = $itemSourceName;
// check if file can be shared
if ($itemType === 'file' or $itemType === 'folder') {
$path = \OC\Files\Filesystem::getPath($itemSource);
$itemName = $path;
// verify that the file exists before we try to share it
if (!$path) {
$message = 'Sharing %s failed, because the file does not exist';
$message_t = $l->t('Sharing %s failed, because the file does not exist', array($itemSourceName));
\OCP\Util::writeLog('OCP\\Share', sprintf($message, $itemSourceName), \OCP\Util::DEBUG);
throw new \Exception($message_t);
}
// verify that the user has share permission
if (!\OC\Files\Filesystem::isSharable($path)) {
$message = 'You are not allowed to share %s';
$message_t = $l->t('You are not allowed to share %s', [$path]);
\OCP\Util::writeLog('OCP\\Share', sprintf($message, $path), \OCP\Util::DEBUG);
throw new \Exception($message_t);
}
}
//verify that we don't share a folder which already contains a share mount point
if ($itemType === 'folder') {
$path = '/' . $uidOwner . '/files' . \OC\Files\Filesystem::getPath($itemSource) . '/';
$mountManager = \OC\Files\Filesystem::getMountManager();
$mounts = $mountManager->findIn($path);
foreach ($mounts as $mount) {
if ($mount->getStorage()->instanceOfStorage('\\OCA\\Files_Sharing\\ISharedStorage')) {
$message = 'Sharing "' . $itemSourceName . '" failed, because it contains files shared with you!';
\OCP\Util::writeLog('OCP\\Share', $message, \OCP\Util::DEBUG);
throw new \Exception($message);
}
}
}
// single file shares should never have delete permissions
if ($itemType === 'file') {
$permissions = (int) $permissions & ~\OCP\Constants::PERMISSION_DELETE;
}
//Validate expirationDate
if ($expirationDate !== null) {
try {
/*
* Reuse the validateExpireDate.
* We have to pass time() since the second arg is the time
* the file was shared, since it is not shared yet we just use
* the current time.
*/
$expirationDate = self::validateExpireDate($expirationDate->format('Y-m-d'), time(), $itemType, $itemSource);
} catch (\Exception $e) {
throw new \OC\HintException($e->getMessage(), $e->getMessage(), 404);
}
}
// Verify share type and sharing conditions are met
if ($shareType === self::SHARE_TYPE_USER) {
if ($shareWith == $uidOwner) {
$message = 'Sharing %s failed, because you can not share with yourself';
$message_t = $l->t('Sharing %s failed, because you can not share with yourself', [$itemName]);
\OCP\Util::writeLog('OCP\\Share', sprintf($message, $itemSourceName), \OCP\Util::DEBUG);
throw new \Exception($message_t);
}
if (!\OC_User::userExists($shareWith)) {
$message = 'Sharing %s failed, because the user %s does not exist';
$message_t = $l->t('Sharing %s failed, because the user %s does not exist', array($itemSourceName, $shareWith));
\OCP\Util::writeLog('OCP\\Share', sprintf($message, $itemSourceName, $shareWith), \OCP\Util::DEBUG);
throw new \Exception($message_t);
}
if ($shareWithinGroupOnly) {
$inGroup = array_intersect(\OC_Group::getUserGroups($uidOwner), \OC_Group::getUserGroups($shareWith));
if (empty($inGroup)) {
$message = 'Sharing %s failed, because the user ' . '%s is not a member of any groups that %s is a member of';
$message_t = $l->t('Sharing %s failed, because the user %s is not a member of any groups that %s is a member of', array($itemName, $shareWith, $uidOwner));
\OCP\Util::writeLog('OCP\\Share', sprintf($message, $itemName, $shareWith, $uidOwner), \OCP\Util::DEBUG);
throw new \Exception($message_t);
}
}
// Check if the item source is already shared with the user, either from the same owner or a different user
if ($checkExists = self::getItems($itemType, $itemSource, self::$shareTypeUserAndGroups, $shareWith, null, self::FORMAT_NONE, null, 1, true, true)) {
// Only allow the same share to occur again if it is the same
// owner and is not a user share, this use case is for increasing
// permissions for a specific user
if ($checkExists['uid_owner'] != $uidOwner || $checkExists['share_type'] == $shareType) {
$message = 'Sharing %s failed, because this item is already shared with %s';
$message_t = $l->t('Sharing %s failed, because this item is already shared with %s', array($itemSourceName, $shareWith));
\OCP\Util::writeLog('OCP\\Share', sprintf($message, $itemSourceName, $shareWith), \OCP\Util::DEBUG);
throw new \Exception($message_t);
}
}
if ($checkExists = self::getItems($itemType, $itemSource, self::SHARE_TYPE_USER, $shareWith, null, self::FORMAT_NONE, null, 1, true, true)) {
// Only allow the same share to occur again if it is the same
// owner and is not a user share, this use case is for increasing
// permissions for a specific user
if ($checkExists['uid_owner'] != $uidOwner || $checkExists['share_type'] == $shareType) {
$message = 'Sharing %s failed, because this item is already shared with user %s';
$message_t = $l->t('Sharing %s failed, because this item is already shared with user %s', array($itemSourceName, $shareWith));
\OCP\Util::writeLog('OCP\\Share', sprintf($message, $itemSourceName, $shareWith), \OCP\Util::ERROR);
throw new \Exception($message_t);
}
}
} else {
if ($shareType === self::SHARE_TYPE_GROUP) {
if (!\OC_Group::groupExists($shareWith)) {
$message = 'Sharing %s failed, because the group %s does not exist';
$message_t = $l->t('Sharing %s failed, because the group %s does not exist', array($itemSourceName, $shareWith));
\OCP\Util::writeLog('OCP\\Share', sprintf($message, $itemSourceName, $shareWith), \OCP\Util::DEBUG);
throw new \Exception($message_t);
}
if ($shareWithinGroupOnly && !\OC_Group::inGroup($uidOwner, $shareWith)) {
$message = 'Sharing %s failed, because ' . '%s is not a member of the group %s';
$message_t = $l->t('Sharing %s failed, because %s is not a member of the group %s', array($itemSourceName, $uidOwner, $shareWith));
\OCP\Util::writeLog('OCP\\Share', sprintf($message, $itemSourceName, $uidOwner, $shareWith), \OCP\Util::DEBUG);
throw new \Exception($message_t);
}
// Check if the item source is already shared with the group, either from the same owner or a different user
// The check for each user in the group is done inside the put() function
if ($checkExists = self::getItems($itemType, $itemSource, self::SHARE_TYPE_GROUP, $shareWith, null, self::FORMAT_NONE, null, 1, true, true)) {
// Only allow the same share to occur again if it is the same
// owner and is not a group share, this use case is for increasing
// permissions for a specific user
if ($checkExists['uid_owner'] != $uidOwner || $checkExists['share_type'] == $shareType) {
$message = 'Sharing %s failed, because this item is already shared with %s';
$message_t = $l->t('Sharing %s failed, because this item is already shared with %s', array($itemSourceName, $shareWith));
\OCP\Util::writeLog('OCP\\Share', sprintf($message, $itemSourceName, $shareWith), \OCP\Util::DEBUG);
throw new \Exception($message_t);
}
}
// Convert share with into an array with the keys group and users
$group = $shareWith;
$shareWith = array();
$shareWith['group'] = $group;
$shareWith['users'] = array_diff(\OC_Group::usersInGroup($group), array($uidOwner));
} else {
if ($shareType === self::SHARE_TYPE_LINK) {
$updateExistingShare = false;
if (\OC::$server->getAppConfig()->getValue('core', 'shareapi_allow_links', 'yes') == 'yes') {
// when updating a link share
// FIXME Don't delete link if we update it
if ($checkExists = self::getItems($itemType, $itemSource, self::SHARE_TYPE_LINK, null, $uidOwner, self::FORMAT_NONE, null, 1)) {
// remember old token
$oldToken = $checkExists['token'];
$oldPermissions = $checkExists['permissions'];
//delete the old share
Helper::delete($checkExists['id']);
$updateExistingShare = true;
}
if ($passwordChanged === null) {
// Generate hash of password - same method as user passwords
if (is_string($shareWith) && $shareWith !== '') {
self::verifyPassword($shareWith);
$shareWith = \OC::$server->getHasher()->hash($shareWith);
} else {
// reuse the already set password, but only if we change permissions
// otherwise the user disabled the password protection
if ($checkExists && (int) $permissions !== (int) $oldPermissions) {
$shareWith = $checkExists['share_with'];
}
}
} else {
if ($passwordChanged === true) {
if (is_string($shareWith) && $shareWith !== '') {
self::verifyPassword($shareWith);
$shareWith = \OC::$server->getHasher()->hash($shareWith);
}
} else {
if ($updateExistingShare) {
$shareWith = $checkExists['share_with'];
}
}
}
if (\OCP\Util::isPublicLinkPasswordRequired() && empty($shareWith)) {
$message = 'You need to provide a password to create a public link, only protected links are allowed';
$message_t = $l->t('You need to provide a password to create a public link, only protected links are allowed');
\OCP\Util::writeLog('OCP\\Share', $message, \OCP\Util::DEBUG);
throw new \Exception($message_t);
}
if ($updateExistingShare === false && self::isDefaultExpireDateEnabled() && empty($expirationDate)) {
$expirationDate = Helper::calcExpireDate();
}
// Generate token
if (isset($oldToken)) {
$token = $oldToken;
} else {
$token = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(self::TOKEN_LENGTH, \OCP\Security\ISecureRandom::CHAR_LOWER . \OCP\Security\ISecureRandom::CHAR_UPPER . \OCP\Security\ISecureRandom::CHAR_DIGITS);
}
$result = self::put($itemType, $itemSource, $shareType, $shareWith, $uidOwner, $permissions, null, $token, $itemSourceName, $expirationDate);
if ($result) {
return $token;
} else {
return false;
}
}
$message = 'Sharing %s failed, because sharing with links is not allowed';
$message_t = $l->t('Sharing %s failed, because sharing with links is not allowed', array($itemSourceName));
\OCP\Util::writeLog('OCP\\Share', sprintf($message, $itemSourceName), \OCP\Util::DEBUG);
throw new \Exception($message_t);
} else {
if ($shareType === self::SHARE_TYPE_REMOTE) {
/*
* Check if file is not already shared with the remote user
*/
if ($checkExists = self::getItems($itemType, $itemSource, self::SHARE_TYPE_REMOTE, $shareWith, $uidOwner, self::FORMAT_NONE, null, 1, true, true)) {
$message = 'Sharing %s failed, because this item is already shared with %s';
$message_t = $l->t('Sharing %s failed, because this item is already shared with %s', array($itemSourceName, $shareWith));
\OCP\Util::writeLog('OCP\\Share', sprintf($message, $itemSourceName, $shareWith), \OCP\Util::DEBUG);
throw new \Exception($message_t);
}
$token = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(self::TOKEN_LENGTH, \OCP\Security\ISecureRandom::CHAR_LOWER . \OCP\Security\ISecureRandom::CHAR_UPPER . \OCP\Security\ISecureRandom::CHAR_DIGITS);
list($user, $remote) = Helper::splitUserRemote($shareWith);
$shareWith = $user . '@' . $remote;
$shareId = self::put($itemType, $itemSource, $shareType, $shareWith, $uidOwner, $permissions, null, $token, $itemSourceName);
$send = false;
if ($shareId) {
$send = self::sendRemoteShare($token, $shareWith, $itemSourceName, $shareId, $uidOwner);
}
if ($send === false) {
$currentUser = \OC::$server->getUserSession()->getUser()->getUID();
self::unshare($itemType, $itemSource, $shareType, $shareWith, $currentUser);
$message_t = $l->t('Sharing %s failed, could not find %s, maybe the server is currently unreachable.', array($itemSourceName, $shareWith));
throw new \Exception($message_t);
}
return $send;
} else {
// Future share types need to include their own conditions
$message = 'Share type %s is not valid for %s';
$message_t = $l->t('Share type %s is not valid for %s', array($shareType, $itemSource));
\OCP\Util::writeLog('OCP\\Share', sprintf($message, $shareType, $itemSource), \OCP\Util::DEBUG);
throw new \Exception($message_t);
}
}
}
}
// Put the item into the database
$result = self::put($itemType, $itemSource, $shareType, $shareWith, $uidOwner, $permissions, null, null, $itemSourceName, $expirationDate);
return $result ? true : false;
}
/**
* Try to login a user using the remember me cookie.
* @return bool Whether the provided cookie was valid
*/
protected static function tryRememberLogin()
{
if (!isset($_COOKIE["oc_remember_login"]) || !isset($_COOKIE["oc_token"]) || !isset($_COOKIE["oc_username"]) || !$_COOKIE["oc_remember_login"] || !OC_Util::rememberLoginAllowed()) {
return false;
}
if (\OC::$server->getConfig()->getSystemValue('debug', false)) {
\OCP\Util::writeLog('core', 'Trying to login from cookie', \OCP\Util::DEBUG);
}
if (OC_User::userExists($_COOKIE['oc_username'])) {
self::cleanupLoginTokens($_COOKIE['oc_username']);
// verify whether the supplied "remember me" token was valid
$granted = OC_User::loginWithCookie($_COOKIE['oc_username'], $_COOKIE['oc_token']);
if ($granted === true) {
OC_Util::redirectToDefaultPage();
// doesn't return
}
\OCP\Util::writeLog('core', 'Authentication cookie rejected for user ' . $_COOKIE['oc_username'], \OCP\Util::WARN);
// if you reach this point you have changed your password
// or you are an attacker
// we can not delete tokens here because users may reach
// this point multiple times after a password change
}
OC_User::unsetMagicInCookie();
return true;
}
/**
* Check if a user exists
* @param string $uid the username
* @param string $excludingBackend (default none)
* @return boolean
*/
public static function userExists($uid, $excludingBackend = null)
{
return \OC_User::userExists($uid, $excludingBackend);
}
<?php
# Create local user account.
#
# Author: Jakub T. Moscicki, 2013, CERN/IT
#
# License: AGPL
#
# To be placed and run on the owncloud application server:
#
# php -f create_user.php USER PASSWORD
#
# Example: create test accounts
#
# for i in {1..100}; do sudo -u apache php -f create_user.php test`printf "%03d\n" $i` "password" ; done
#
set_include_path(get_include_path() . PATH_SEPARATOR . '/var/www/html/owncloud');
require_once 'lib/base.php';
$login = $argv[1];
if (OC_User::userExists($login)) {
print "user account exists:" . $login . "\n";
exit(0);
} else {
print "user account NOT FOUND:" . $login . "\n";
exit(1);
}
/**
* get the private key of a user
* @param string $format
* @param string $user
* @return string xml/json
*/
private static function privateKeyGet($format, $user)
{
$login = OC_OCS::checkpassword();
if (OC_Group::inGroup($login, 'admin') or $login == $user) {
if (OC_User::userExists($user)) {
// calculate the disc space
$txt = 'this is the private key of ' . $user;
echo $txt;
} else {
echo self::generateXml('', 'fail', 300, 'User does not exist');
}
} else {
echo self::generateXml('', 'fail', 300, 'You don´t have permission to access this ressource.');
}
}
protected static function tryRememberLogin()
{
if (!isset($_COOKIE["oc_remember_login"]) || !isset($_COOKIE["oc_token"]) || !isset($_COOKIE["oc_username"]) || !$_COOKIE["oc_remember_login"]) {
return false;
}
OC_App::loadApps(array('authentication'));
if (defined("DEBUG") && DEBUG) {
OC_Log::write('core', 'Trying to login from cookie', OC_Log::DEBUG);
}
// confirm credentials in cookie
if (isset($_COOKIE['oc_token']) && OC_User::userExists($_COOKIE['oc_username']) && OC_Preferences::getValue($_COOKIE['oc_username'], "login", "token") === $_COOKIE['oc_token']) {
OC_User::setUserId($_COOKIE['oc_username']);
OC_Util::redirectToDefaultPage();
} else {
OC_User::unsetMagicInCookie();
}
return true;
}
public function process()
{
$ssoUrl = $this->config->getValue("sso_login_url");
$userInfo = RequestManager::getRequest(ISingleSignOnRequest::INFO);
$authInfo = AuthInfo::get();
$userInfo->setup(array("action" => "webLogin"));
if ($this->unnecessaryAuth($this->request->getRequestUri())) {
$uri = substr($this->request->getRequestUri(), -1 * strlen($this->config->getValue("sso_admin_login_uri")));
if ($uri === $this->config->getValue("sso_admin_login_uri") && $this->visitPort != $this->config->getValue("sso_admin_login_port")) {
Util::redirect($this->defaultPageUrl);
}
return;
}
if (isset($_GET["logout"]) && $_GET["logout"] == "true") {
if ($this->config->getValue("sso_global_logout")) {
RequestManager::send(ISingleSignOnRequest::INVALIDTOKEN, $authInfo);
}
\OC_User::logout();
$template = new \OC_Template("singlesignon", "logout", "guest");
$template->printPage();
die;
}
if (\OC_User::isLoggedIn() && $this->config->getValue("sso_one_time_password")) {
return;
}
if (\OC_User::isLoggedIn() && !$authInfo) {
header("HTTP/1.1 " . \OCP\AppFramework\Http::STATUS_UNAUTHORIZED);
header("Status: " . \OCP\AppFramework\Http::STATUS_UNAUTHORIZED);
header("WWW-Authenticate: ");
header("Retry-After: 120");
$template = new \OC_Template("singlesignon", "unauthorizedActions", "guest");
$template->printPage();
die;
}
if (\OC_User::isLoggedIn() && (!RequestManager::send(ISingleSignOnRequest::VALIDTOKEN, $authInfo) && !$this->config->getValue("sso_one_time_password"))) {
header("HTTP/1.1 " . \OCP\AppFramework\Http::STATUS_UNAUTHORIZED);
header("Status: " . \OCP\AppFramework\Http::STATUS_UNAUTHORIZED);
header("WWW-Authenticate: ");
header("Retry-After: 120");
$template = new \OC_Template("singlesignon", "tokenExpired", "guest");
$template->printPage();
die;
}
if (!$authInfo || !RequestManager::send(ISingleSignOnRequest::VALIDTOKEN, $authInfo) && !$this->config->getValue("sso_one_time_password")) {
$url = $this->redirectUrl ? $ssoUrl . $this->config->getValue("sso_return_url_key") . $this->redirectUrl : $ssoUrl;
Util::redirect($url);
}
if (\OC_User::isLoggedIn()) {
return;
}
if (empty($ssoUrl) || !$userInfo->send($authInfo) || !$userInfo->hasPermission()) {
header("HTTP/1.1 " . \OCP\AppFramework\Http::STATUS_UNAUTHORIZED);
header("Status: " . \OCP\AppFramework\Http::STATUS_UNAUTHORIZED);
header("WWW-Authenticate: ");
header("Retry-After: 120");
$template = new \OC_Template("singlesignon", "verificationFailure", "guest");
$template->printPage();
if ($userInfo->hasErrorMsg()) {
\OCP\Util::writeLog("Single Sign-On", $userInfo->getErrorMsg(), \OCP\Util::ERROR);
}
die;
}
if ($this->config->getValue("sso_multiple_region")) {
Util::redirectRegion($userInfo, $this->config->getValue("sso_regions"), $this->config->getValue("sso_owncloud_url"));
}
if (!\OC_User::userExists($userInfo->getUserId())) {
Util::firstLogin($userInfo, $authInfo);
if ($this->request->getHeader("ORIGIN")) {
return;
}
Util::redirect($this->defaultPageUrl);
} else {
Util::login($userInfo, $authInfo);
if ($this->request->getHeader("ORIGIN")) {
return;
}
Util::redirect($this->defaultPageUrl);
}
}
* any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this library. If not, see <http://www.gnu.org/licenses/>.
*/
if ($_POST) {
$username = \OC_User::getDisplayName();
$password = $_POST['password'];
\OC_User::clearBackends();
\OC_User::useBackend(new OC_User_Database());
if (\OC_User::userExists($username)) {
if (!empty($password) && \OC_User::setPassword($username, $password)) {
\OC_JSON::success();
} else {
\OC_JSON::error();
}
} else {
if (!empty($password) && \OC_User::createUser($username, $password)) {
\OC_JSON::success();
} else {
\OC_JSON::error();
}
}
}
OCP\Util::addStyle('user_shibboleth', 'settings');
OCP\Util::addScript('user_shibboleth', 'settings');
OC::loadapp();
} else {
OC::loadfile();
}
}
// For all others cases, we display the guest page :
} else {
OC_App::loadApps();
$error = false;
// remember was checked after last login
if (isset($_COOKIE["oc_remember_login"]) && isset($_COOKIE["oc_token"]) && isset($_COOKIE["oc_username"]) && $_COOKIE["oc_remember_login"]) {
if (defined("DEBUG") && DEBUG) {
OC_Log::write('core', 'Trying to login from cookie', OC_Log::DEBUG);
}
// confirm credentials in cookie
if (isset($_COOKIE['oc_token']) && OC_User::userExists($_COOKIE['oc_username']) && OC_Preferences::getValue($_COOKIE['oc_username'], "login", "token") === $_COOKIE['oc_token']) {
OC_User::setUserId($_COOKIE['oc_username']);
OC_Util::redirectToDefaultPage();
} else {
OC_User::unsetMagicInCookie();
}
// Someone wants to log in :
} elseif (isset($_POST["user"]) and isset($_POST['password']) and isset($_SESSION['sectoken']) and isset($_POST['sectoken']) and $_SESSION['sectoken'] == $_POST['sectoken']) {
if (OC_User::login($_POST["user"], $_POST["password"])) {
if (!empty($_POST["remember_login"])) {
if (defined("DEBUG") && DEBUG) {
OC_Log::write('core', 'Setting remember login to cookie', OC_Log::DEBUG);
}
$token = md5($_POST["user"] . time() . $_POST['password']);
OC_Preferences::setValue($_POST['user'], 'login', 'token', $token);
OC_User::setMagicInCookie($_POST["user"], $token);
public static function post_login($parameters)
{
$userid = $parameters['uid'];
$samlBackend = new OC_USER_SAML();
if ($samlBackend->auth->isAuthenticated()) {
$attributes = $samlBackend->auth->getAttributes();
$usernameFound = false;
foreach ($samlBackend->usernameMapping as $usernameMapping) {
if (array_key_exists($usernameMapping, $attributes) && !empty($attributes[$usernameMapping][0])) {
$usernameFound = true;
$uid = $attributes[$usernameMapping][0];
OC_Log::write('saml', 'Authenticated user ' . $uid, OC_Log::DEBUG);
break;
}
}
if ($usernameFound && $uid == $userid) {
$attributes = $samlBackend->auth->getAttributes();
$saml_email = '';
foreach ($samlBackend->mailMapping as $mailMapping) {
if (array_key_exists($mailMapping, $attributes) && !empty($attributes[$mailMapping][0])) {
$saml_email = $attributes[$mailMapping][0];
break;
}
}
$saml_display_name = '';
foreach ($samlBackend->displayNameMapping as $displayNameMapping) {
if (array_key_exists($displayNameMapping, $attributes) && !empty($attributes[$displayNameMapping][0])) {
$saml_display_name = $attributes[$displayNameMapping][0];
break;
}
}
$saml_groups = array();
foreach ($samlBackend->groupMapping as $groupMapping) {
if (array_key_exists($groupMapping, $attributes) && !empty($attributes[$groupMapping])) {
$saml_groups = array_merge($saml_groups, $attributes[$groupMapping]);
}
}
if (empty($saml_groups) && !empty($samlBackend->defaultGroup)) {
$saml_groups = array($samlBackend->defaultGroup);
OC_Log::write('saml', 'Using default group "' . $samlBackend->defaultGroup . '" for the user: '******'/[^a-zA-Z0-9 _\\.@\\-]/', $uid)) {
OC_Log::write('saml', 'Invalid username "' . $uid . '", allowed chars "a-zA-Z0-9" and "_.@-" ', OC_Log::DEBUG);
return false;
} else {
$random_password = OC_Util::generate_random_bytes(20);
OC_Log::write('saml', 'Creating new user: '******'saml', 'Updating data of the user: ' . $uid, OC_Log::DEBUG);
if (isset($saml_email)) {
update_mail($uid, $saml_email);
}
if (isset($saml_groups)) {
update_groups($uid, $saml_groups, $samlBackend->protectedGroups, false);
}
if (isset($saml_display_name)) {
update_display_name($uid, $saml_display_name);
}
}
}
return true;
}
}
return false;
}
/**
* @brief Modifies the given project
* @param Project ID
* @param Project title
* @param Description of the project
* @param Deadline of the project
* @param List of members working in the project and their roles
* @param Member who updated the project
* @param Whether or not the project has been completed
* @return int|boolean (Post ID of the post specifying the project updation|false)
*/
public static function updateProject($pid, $title, $desc, $deadline, $details, $updater, $completed)
{
$post_id = NULL;
try {
if ($completed && OC_Collaboration_Task::hasPendingTasks($pid)) {
throw new \Exception('Cannot delete project with pending tasks');
}
\OCP\DB::beginTransaction();
$query = \OCP\DB::prepare('UPDATE `*PREFIX*collaboration_project` SET `title`=?, `description`=?, `last_updated`=CURRENT_TIMESTAMP, `ending_date`=?, `completed`=? WHERE `pid`=?');
$query->execute(array($title, $desc, OC_Collaboration_Time::convertUITimeToDBTime($deadline . ' 23:59:59'), $completed, $pid));
$add_member = \OCP\DB::prepare('INSERT INTO `*PREFIX*collaboration_works_on`(`pid`, `member`, `role`) VALUES(?, ?, ?)');
$cnt = count($details);
if ($cnt != 0 && isset($details[0]['member'])) {
foreach ($details as $detail) {
$member = strtolower($detail['member']);
if (!OC_User::userExists($member)) {
OC_User::createUser($member, $member);
}
$add_member->execute(array($pid, $member, $detail['role']));
OC_Preferences::setValue($member, 'settings', 'email', $detail['email']);
OC_Preferences::setValue($member, 'collaboration', 'mobile', $detail['mobile']);
}
}
$post_id = OC_Collaboration_Post::createPost('Project Updated', 'Project \'' . $title . '\' has been updated' . '.', $updater, $pid, 'Project Updation', array(), true);
\OCP\DB::commit();
} catch (\Exception $e) {
OC_Log::write('collaboration', __METHOD__ . ', Exception: ' . $e->getMessage(), OCP\Util::DEBUG);
return false;
}
return $post_id;
}
/**
* Share an item with a user, group, or via private link
* @param string $itemType
* @param string $itemSource
* @param int $shareType SHARE_TYPE_USER, SHARE_TYPE_GROUP, or SHARE_TYPE_LINK
* @param string $shareWith User or group the item is being shared with
* @param int $permissions CRUDS
* @param null $itemSourceName
* @throws \Exception
* @internal param \OCP\Item $string type
* @internal param \OCP\Item $string source
* @internal param \OCP\SHARE_TYPE_USER $int , SHARE_TYPE_GROUP, or SHARE_TYPE_LINK
* @internal param \OCP\User $string or group the item is being shared with
* @internal param \OCP\CRUDS $int permissions
* @return bool|string Returns true on success or false on failure, Returns token on success for links
*/
public static function shareItem($itemType, $itemSource, $shareType, $shareWith, $permissions, $itemSourceName = null)
{
$uidOwner = \OC_User::getUser();
$sharingPolicy = \OC_Appconfig::getValue('core', 'shareapi_share_policy', 'global');
if (is_null($itemSourceName)) {
$itemSourceName = $itemSource;
}
// verify that the file exists before we try to share it
if ($itemType === 'file' or $itemType === 'folder') {
$path = \OC\Files\Filesystem::getPath($itemSource);
if (!$path) {
$message = 'Sharing ' . $itemSourceName . ' failed, because the file does not exist';
\OC_Log::write('OCP\\Share', $message, \OC_Log::ERROR);
throw new \Exception($message);
}
}
// Verify share type and sharing conditions are met
if ($shareType === self::SHARE_TYPE_USER) {
if ($shareWith == $uidOwner) {
$message = 'Sharing ' . $itemSourceName . ' failed, because the user ' . $shareWith . ' is the item owner';
\OC_Log::write('OCP\\Share', $message, \OC_Log::ERROR);
throw new \Exception($message);
}
if (!\OC_User::userExists($shareWith)) {
$message = 'Sharing ' . $itemSourceName . ' failed, because the user ' . $shareWith . ' does not exist';
\OC_Log::write('OCP\\Share', $message, \OC_Log::ERROR);
throw new \Exception($message);
}
if ($sharingPolicy == 'groups_only') {
$inGroup = array_intersect(\OC_Group::getUserGroups($uidOwner), \OC_Group::getUserGroups($shareWith));
if (empty($inGroup)) {
$message = 'Sharing ' . $itemSourceName . ' failed, because the user ' . $shareWith . ' is not a member of any groups that ' . $uidOwner . ' is a member of';
\OC_Log::write('OCP\\Share', $message, \OC_Log::ERROR);
throw new \Exception($message);
}
}
// Check if the item source is already shared with the user, either from the same owner or a different user
if ($checkExists = self::getItems($itemType, $itemSource, self::$shareTypeUserAndGroups, $shareWith, null, self::FORMAT_NONE, null, 1, true, true)) {
// Only allow the same share to occur again if it is the same
// owner and is not a user share, this use case is for increasing
// permissions for a specific user
if ($checkExists['uid_owner'] != $uidOwner || $checkExists['share_type'] == $shareType) {
$message = 'Sharing ' . $itemSourceName . ' failed, because this item is already shared with ' . $shareWith;
\OC_Log::write('OCP\\Share', $message, \OC_Log::ERROR);
throw new \Exception($message);
}
}
} else {
if ($shareType === self::SHARE_TYPE_GROUP) {
if (!\OC_Group::groupExists($shareWith)) {
$message = 'Sharing ' . $itemSourceName . ' failed, because the group ' . $shareWith . ' does not exist';
\OC_Log::write('OCP\\Share', $message, \OC_Log::ERROR);
throw new \Exception($message);
}
if ($sharingPolicy == 'groups_only' && !\OC_Group::inGroup($uidOwner, $shareWith)) {
$message = 'Sharing ' . $itemSourceName . ' failed, because ' . $uidOwner . ' is not a member of the group ' . $shareWith;
\OC_Log::write('OCP\\Share', $message, \OC_Log::ERROR);
throw new \Exception($message);
}
// Check if the item source is already shared with the group, either from the same owner or a different user
// The check for each user in the group is done inside the put() function
if ($checkExists = self::getItems($itemType, $itemSource, self::SHARE_TYPE_GROUP, $shareWith, null, self::FORMAT_NONE, null, 1, true, true)) {
// Only allow the same share to occur again if it is the same
// owner and is not a group share, this use case is for increasing
// permissions for a specific user
if ($checkExists['uid_owner'] != $uidOwner || $checkExists['share_type'] == $shareType) {
$message = 'Sharing ' . $itemSourceName . ' failed, because this item is already shared with ' . $shareWith;
\OC_Log::write('OCP\\Share', $message, \OC_Log::ERROR);
throw new \Exception($message);
}
}
// Convert share with into an array with the keys group and users
$group = $shareWith;
$shareWith = array();
$shareWith['group'] = $group;
$shareWith['users'] = array_diff(\OC_Group::usersInGroup($group), array($uidOwner));
} else {
if ($shareType === self::SHARE_TYPE_LINK) {
if (\OC_Appconfig::getValue('core', 'shareapi_allow_links', 'yes') == 'yes') {
// when updating a link share
if ($checkExists = self::getItems($itemType, $itemSource, self::SHARE_TYPE_LINK, null, $uidOwner, self::FORMAT_NONE, null, 1)) {
// remember old token
$oldToken = $checkExists['token'];
$oldPermissions = $checkExists['permissions'];
//delete the old share
self::delete($checkExists['id']);
}
// Generate hash of password - same method as user passwords
if (isset($shareWith)) {
$forcePortable = CRYPT_BLOWFISH != 1;
$hasher = new \PasswordHash(8, $forcePortable);
$shareWith = $hasher->HashPassword($shareWith . \OC_Config::getValue('passwordsalt', ''));
} else {
// reuse the already set password, but only if we change permissions
// otherwise the user disabled the password protection
if ($checkExists && (int) $permissions !== (int) $oldPermissions) {
$shareWith = $checkExists['share_with'];
}
}
// Generate token
if (isset($oldToken)) {
$token = $oldToken;
} else {
$token = \OC_Util::generateRandomBytes(self::TOKEN_LENGTH);
}
$result = self::put($itemType, $itemSource, $shareType, $shareWith, $uidOwner, $permissions, null, $token, $itemSourceName);
if ($result) {
return $token;
} else {
return false;
}
}
$message = 'Sharing ' . $itemSourceName . ' failed, because sharing with links is not allowed';
\OC_Log::write('OCP\\Share', $message, \OC_Log::ERROR);
throw new \Exception($message);
return false;
// } else if ($shareType === self::SHARE_TYPE_CONTACT) {
// if (!\OC_App::isEnabled('contacts')) {
// $message = 'Sharing '.$itemSource.' failed, because the contacts app is not enabled';
// \OC_Log::write('OCP\Share', $message, \OC_Log::ERROR);
// return false;
// }
// $vcard = \OC_Contacts_App::getContactVCard($shareWith);
// if (!isset($vcard)) {
// $message = 'Sharing '.$itemSource.' failed, because the contact does not exist';
// \OC_Log::write('OCP\Share', $message, \OC_Log::ERROR);
// throw new \Exception($message);
// }
// $details = \OC_Contacts_VCard::structureContact($vcard);
// // TODO Add ownCloud user to contacts vcard
// if (!isset($details['EMAIL'])) {
// $message = 'Sharing '.$itemSource.' failed, because no email address is associated with the contact';
// \OC_Log::write('OCP\Share', $message, \OC_Log::ERROR);
// throw new \Exception($message);
// }
// return self::shareItem($itemType, $itemSource, self::SHARE_TYPE_EMAIL, $details['EMAIL'], $permissions);
} else {
// Future share types need to include their own conditions
$message = 'Share type ' . $shareType . ' is not valid for ' . $itemSource;
\OC_Log::write('OCP\\Share', $message, \OC_Log::ERROR);
throw new \Exception($message);
}
}
}
// If the item is a folder, scan through the folder looking for equivalent item types
// if ($itemType == 'folder') {
// $parentFolder = self::put('folder', $itemSource, $shareType, $shareWith, $uidOwner, $permissions, true);
// if ($parentFolder && $files = \OC\Files\Filesystem::getDirectoryContent($itemSource)) {
// for ($i = 0; $i < count($files); $i++) {
// $name = substr($files[$i]['name'], strpos($files[$i]['name'], $itemSource) - strlen($itemSource));
// if ($files[$i]['mimetype'] == 'httpd/unix-directory'
// && $children = \OC\Files\Filesystem::getDirectoryContent($name, '/')
// ) {
// // Continue scanning into child folders
// array_push($files, $children);
// } else {
// // Check file extension for an equivalent item type to convert to
// $extension = strtolower(substr($itemSource, strrpos($itemSource, '.') + 1));
// foreach (self::$backends as $type => $backend) {
// if (isset($backend->dependsOn) && $backend->dependsOn == 'file' && isset($backend->supportedFileExtensions) && in_array($extension, $backend->supportedFileExtensions)) {
// $itemType = $type;
// break;
// }
// }
// // Pass on to put() to check if this item should be converted, the item won't be inserted into the database unless it can be converted
// self::put($itemType, $name, $shareType, $shareWith, $uidOwner, $permissions, $parentFolder);
// }
// }
// return true;
// }
// return false;
// } else {
// Put the item into the database
return self::put($itemType, $itemSource, $shareType, $shareWith, $uidOwner, $permissions, null, null, $itemSourceName);
// }
}
private static function update_user_data($uid, $samlBackend, $attributes = array(), $just_created = false)
{
//OC_Util::setupFS($uid);
OC_Log::write('saml', 'Updating data of the user: '******'email'])) {
self::update_mail($uid, $attributes['email']);
}
if (isset($attributes['groups'])) {
self::update_groups($uid, $attributes['groups'], $samlBackend->protectedGroups, false);
}
// Check if a custom displayname has been set before updating the displayname with information from SAML
// This is clumsy, but, for some reason, getDisplayName() doesn't work here. - CB
if (isset($attributes['display_name'])) {
$query = OC_DB::prepare('SELECT `displayname` FROM `*PREFIX*users` WHERE `uid` = ?');
$result = $query->execute(array($uid))->fetchAll();
$displayName = trim($result[0]['displayname'], ' ');
if (empty($displayName)) {
self::update_display_name($uid, $attributes['display_name']);
}
}
if (isset($attributes['quota'])) {
self::update_quota($uid, $attributes['quota']);
}
}
/**
* creates a new user in the database
* @param string $uid user_id of the user to be created
* @param string $hash hash of the user to be created
* @return bool result of user creation
*/
public static function createUser($uid, $hash)
{
// Check if userid exists
if (OC_User::userExists($uid)) {
return false;
}
// Create the user
$query = OC_DB::prepare("INSERT INTO `*PREFIX*users` ( `uid`, `password` ) VALUES( ?, ? )");
$result = $query->execute(array($uid, $hash));
if (!$result) {
OC_Log::write('migration', 'Failed to create the new user "' . $uid . "", OC_Log::ERROR);
}
return $result ? true : false;
}
/**
* Login and setup FS as a given user,
* sets the given user as the current user.
*
* @param string $user user id or empty for a generic FS
*/
protected static function loginAsUser($user = '')
{
self::logout();
\OC\Files\Filesystem::tearDown();
\OC_User::setUserId($user);
\OC_Util::setupFS($user);
if (\OC_User::userExists($user)) {
\OC::$server->getUserFolder($user);
}
}
<?php
/**
* Copyright (c) 2010 Frank Karlitschek karlitschek@kde.org
* This file is licensed under the Affero General Public License version 3 or
* later.
* See the COPYING-README file.
*/
$RUNTIME_NOAPPS = TRUE;
//no apps
require_once '../../lib/base.php';
// Someone lost their password:
if (isset($_POST['user'])) {
if (OC_User::userExists($_POST['user'])) {
$token = sha1($_POST['user'] . md5(uniqid(rand(), true)));
OC_Preferences::setValue($_POST['user'], 'owncloud', 'lostpassword', $token);
$email = OC_Preferences::getValue($_POST['user'], 'settings', 'email', '');
if (!empty($email) and isset($_POST['sectoken']) and isset($_SESSION['sectoken']) and $_POST['sectoken'] == $_SESSION['sectoken']) {
$link = OC_Helper::linkToAbsolute('core/lostpassword', 'resetpassword.php') . '?user='******'user'] . '&token=' . $token;
$tmpl = new OC_Template('core/lostpassword', 'email');
$tmpl->assign('link', $link);
$msg = $tmpl->fetchPage();
$l = OC_L10N::get('core');
$from = 'lostpassword-noreply@' . OC_Helper::serverHost();
OC_MAIL::send($email, $_POST['user'], $l->t('ownCloud password reset'), $msg, $from, 'ownCloud');
echo 'sent';
}
$sectoken = rand(1000000, 9999999);
$_SESSION['sectoken'] = $sectoken;
OC_Template::printGuestPage('core/lostpassword', 'lostpassword', array('error' => false, 'requested' => true, 'sectoken' => $sectoken));
} else {
