/**
* Do security precheck for not logged in users
* @param bool callcheck - whether security token check is needed
*/
public static function preDispatchGuest($callcheck = true)
{
if ($callcheck) {
\OCP\JSON::callCheck();
}
\OCP\JSON::checkAppEnabled('documents');
}
public static function initAjaxController()
{
\OCP\JSON::checkLoggedIn();
\OCP\JSON::callCheck();
\OCP\JSON::checkAppEnabled('contacts');
\OCP\JSON::checkAppEnabled(self::APP_ID);
}
/**
* Runs all security checks
*/
public function runChecks()
{
if ($this->csrfCheck) {
\OCP\JSON::callCheck();
}
if ($this->loggedInCheck) {
\OCP\JSON::checkLoggedIn();
}
if ($this->appEnabledCheck) {
\OCP\JSON::checkAppEnabled($this->appName);
}
if ($this->isAdminCheck) {
\OCP\User::checkAdminUser();
}
}
/**
* Send a mail to test the settings
*/
public static function sendTestMail()
{
\OC_Util::checkAdminUser();
\OCP\JSON::callCheck();
$l = \OC::$server->getL10N('settings');
$email = \OC_Preferences::getValue(\OC_User::getUser(), 'settings', 'email', '');
if (!empty($email)) {
$defaults = new \OC_Defaults();
try {
\OC_Mail::send($email, \OC_User::getDisplayName(), $l->t('test email settings'), $l->t('If you received this email, the settings seem to be correct.'), \OCP\Util::getDefaultEmailAddress('no-reply'), $defaults->getName());
} catch (\Exception $e) {
$message = $l->t('A problem occurred while sending the e-mail. Please revisit your settings.');
\OC_JSON::error(array("data" => array("message" => $message)));
exit;
}
\OC_JSON::success(array("data" => array("message" => $l->t("Email sent"))));
} else {
$message = $l->t('You need to set your user email before being able to send test emails.');
\OC_JSON::error(array("data" => array("message" => $message)));
}
}
* This code is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License, version 3,
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License, version 3,
* along with this program. If not, see <http://www.gnu.org/licenses/>
*
*/
\OCP\JSON::checkAppEnabled('files_external_listing');
\OCP\JSON::checkLoggedIn();
\OCP\JSON::callCheck();
\OC_JSON::checkAdminUser();
$defaultDir = '/home';
if (\OC_Util::runningOnWindows()) {
$defaultDir = 'C:\\';
}
$localroot = OCP\Config::getAppValue('files_external_listing', 'starting_dir', $defaultDir);
if (isset($_POST['path'])) {
$path = realpath($_POST['path']);
if (strpos($path, $localroot) === 0 or empty($_POST['path'])) {
if (empty($_POST['path'])) {
$path = $localroot;
}
if (!is_dir($path)) {
//path is incorrect or is a file. Nothing to do, we work only with dirs
OCP\JSON::error(array('data' => array('message' => 'Incorrect path: ' . $_POST['path'])));
/**
* Handle the request
*/
public static function handleRequest()
{
\OC::$server->getEventLogger()->start('handle_request', 'Handle request');
$systemConfig = \OC::$server->getSystemConfig();
// load all the classpaths from the enabled apps so they are available
// in the routing files of each app
OC::loadAppClassPaths();
// Check if ownCloud is installed or in maintenance (update) mode
if (!$systemConfig->getValue('installed', false)) {
\OC::$server->getSession()->clear();
$setupHelper = new OC\Setup(\OC::$server->getConfig(), \OC::$server->getIniWrapper(), \OC::$server->getL10N('lib'), new \OC_Defaults(), \OC::$server->getLogger(), \OC::$server->getSecureRandom());
$controller = new OC\Core\Controller\SetupController($setupHelper);
$controller->run($_POST);
exit;
}
$request = \OC::$server->getRequest();
// Check if requested URL matches 'index.php/occ'
$isOccControllerRequested = preg_match('|/index\\.php$|', $request->getScriptName()) === 1 && strpos($request->getPathInfo(), '/occ/') === 0;
$requestPath = $request->getRawPathInfo();
if (substr($requestPath, -3) !== '.js') {
// we need these files during the upgrade
self::checkMaintenanceMode($request);
$needUpgrade = self::checkUpgrade(!$isOccControllerRequested);
}
// emergency app disabling
if ($requestPath === '/disableapp' && $request->getMethod() === 'POST' && (string) $request->getParam('appid') !== '') {
\OCP\JSON::callCheck();
\OCP\JSON::checkAdminUser();
$appId = (string) $request->getParam('appid');
$appId = \OC_App::cleanAppId($appId);
\OC_App::disable($appId);
\OC_JSON::success();
exit;
}
try {
// Always load authentication apps
OC_App::loadApps(['authentication']);
} catch (\OC\NeedsUpdateException $e) {
if ($isOccControllerRequested && $needUpgrade) {
OC::$server->getRouter()->match(\OC::$server->getRequest()->getRawPathInfo());
return;
}
throw $e;
}
// Load minimum set of apps
if (!self::checkUpgrade(false) && !$systemConfig->getValue('maintenance', false)) {
// For logged-in users: Load everything
if (OC_User::isLoggedIn()) {
OC_App::loadApps();
} else {
// For guests: Load only filesystem and logging
OC_App::loadApps(array('filesystem', 'logging'));
self::handleLogin($request);
}
}
if (!self::$CLI) {
try {
if (!$systemConfig->getValue('maintenance', false) && !self::checkUpgrade(false)) {
OC_App::loadApps(array('filesystem', 'logging'));
OC_App::loadApps();
}
self::checkSingleUserMode();
OC_Util::setupFS();
OC::$server->getRouter()->match(\OC::$server->getRequest()->getRawPathInfo());
return;
} catch (Symfony\Component\Routing\Exception\ResourceNotFoundException $e) {
//header('HTTP/1.0 404 Not Found');
} catch (Symfony\Component\Routing\Exception\MethodNotAllowedException $e) {
OC_Response::setStatus(405);
return;
}
}
// Handle WebDAV
if ($_SERVER['REQUEST_METHOD'] == 'PROPFIND') {
// not allowed any more to prevent people
// mounting this root directly.
// Users need to mount remote.php/webdav instead.
header('HTTP/1.1 405 Method Not Allowed');
header('Status: 405 Method Not Allowed');
return;
}
// Someone is logged in
if (OC_User::isLoggedIn()) {
OC_App::loadApps();
OC_User::setupBackends();
OC_Util::setupFS();
// FIXME
// Redirect to default application
OC_Util::redirectToDefaultPage();
} else {
// Not handled and not logged in
header('Location: ' . \OC::$server->getURLGenerator()->linkToRouteAbsolute('core.login.showLoginForm'));
}
}
/**
* ownCloud - firstrunwizard application
*
* @author Frank Karlitschek
* @copyright 2012 Frank Karlitschek frank@owncloud.org
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
* License as published by the Free Software Foundation; either
* version 3 of the License, or any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
*
* You should have received a copy of the GNU Affero General Public
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
*
*/
namespace OCA\FirstRunWizard;
use OCP\JSON;
JSON::checkLoggedIn();
JSON::checkAppEnabled('firstrunwizard');
JSON::callCheck();
$config = \OC::$server->getConfig();
$userSession = \OC::$server->getUserSession();
$firstRunConfig = new Config($config, $userSession);
$firstRunConfig->disable();
/**
* Handle the request
*/
public static function handleRequest()
{
\OC::$server->getEventLogger()->start('handle_request', 'Handle request');
$systemConfig = \OC::$server->getSystemConfig();
// load all the classpaths from the enabled apps so they are available
// in the routing files of each app
OC::loadAppClassPaths();
// Check if ownCloud is installed or in maintenance (update) mode
if (!$systemConfig->getValue('installed', false)) {
\OC::$server->getSession()->clear();
$setupHelper = new OC\Setup(\OC::$server->getConfig(), \OC::$server->getIniWrapper(), \OC::$server->getL10N('lib'), new \OC_Defaults(), \OC::$server->getLogger(), \OC::$server->getSecureRandom());
$controller = new OC\Core\Controller\SetupController($setupHelper);
$controller->run($_POST);
exit;
}
$request = \OC::$server->getRequest();
$requestPath = $request->getPathInfo();
if (substr($requestPath, -3) !== '.js') {
// we need these files during the upgrade
self::checkMaintenanceMode();
self::checkUpgrade();
}
// emergency app disabling
if ($requestPath === '/disableapp' && $request->getMethod() === 'POST' && (string) $request->getParam('appid') !== '') {
\OCP\JSON::callCheck();
\OCP\JSON::checkAdminUser();
$appId = (string) $request->getParam('appid');
$appId = \OC_App::cleanAppId($appId);
\OC_App::disable($appId);
\OC_JSON::success();
exit;
}
// Always load authentication apps
OC_App::loadApps(['authentication']);
// Load minimum set of apps
if (!self::checkUpgrade(false) && !$systemConfig->getValue('maintenance', false)) {
// For logged-in users: Load everything
if (OC_User::isLoggedIn()) {
OC_App::loadApps();
} else {
// For guests: Load only filesystem and logging
OC_App::loadApps(array('filesystem', 'logging'));
\OC_User::tryBasicAuthLogin();
}
}
if (!self::$CLI and (!isset($_GET["logout"]) or $_GET["logout"] !== 'true')) {
try {
if (!$systemConfig->getValue('maintenance', false) && !self::checkUpgrade(false)) {
OC_App::loadApps(array('filesystem', 'logging'));
OC_App::loadApps();
}
self::checkSingleUserMode();
OC_Util::setupFS();
OC::$server->getRouter()->match(\OC::$server->getRequest()->getRawPathInfo());
return;
} catch (Symfony\Component\Routing\Exception\ResourceNotFoundException $e) {
//header('HTTP/1.0 404 Not Found');
} catch (Symfony\Component\Routing\Exception\MethodNotAllowedException $e) {
OC_Response::setStatus(405);
return;
}
}
// Handle redirect URL for logged in users
if (isset($_REQUEST['redirect_url']) && OC_User::isLoggedIn()) {
$location = \OC::$server->getURLGenerator()->getAbsoluteURL(urldecode($_REQUEST['redirect_url']));
// Deny the redirect if the URL contains a @
// This prevents unvalidated redirects like ?redirect_url=:user@domain.com
if (strpos($location, '@') === false) {
header('Location: ' . $location);
return;
}
}
// Handle WebDAV
if ($_SERVER['REQUEST_METHOD'] == 'PROPFIND') {
// not allowed any more to prevent people
// mounting this root directly.
// Users need to mount remote.php/webdav instead.
header('HTTP/1.1 405 Method Not Allowed');
header('Status: 405 Method Not Allowed');
return;
}
// Redirect to index if the logout link is accessed without valid session
// this is needed to prevent "Token expired" messages while login if a session is expired
// @see https://github.com/owncloud/core/pull/8443#issuecomment-42425583
if (isset($_GET['logout']) && !OC_User::isLoggedIn()) {
header("Location: " . \OC::$server->getURLGenerator()->getAbsoluteURL('/'));
return;
}
// Someone is logged in
if (OC_User::isLoggedIn()) {
OC_App::loadApps();
OC_User::setupBackends();
OC_Util::setupFS();
if (isset($_GET["logout"]) and $_GET["logout"]) {
OC_JSON::callCheck();
if (isset($_COOKIE['oc_token'])) {
\OC::$server->getConfig()->deleteUserValue(OC_User::getUser(), 'login_token', $_COOKIE['oc_token']);
}
OC_User::logout();
// redirect to webroot and add slash if webroot is empty
header("Location: " . \OC::$server->getURLGenerator()->getAbsoluteURL('/'));
} else {
// Redirect to default application
OC_Util::redirectToDefaultPage();
}
} else {
// Not handled and not logged in
self::handleLogin();
}
}
