/** * @param ILogger $logger * @param IUserSession $userSession * @param Crypt $crypt * @param KeyManager $keyManager */ public function __construct(ILogger $logger, IUserSession $userSession, Crypt $crypt, KeyManager $keyManager) { $this->logger = $logger; $this->user = $userSession && $userSession->isLoggedIn() ? $userSession->getUser()->getUID() : false; $this->crypt = $crypt; $this->keyManager = $keyManager; }
/** * @param ILogger $logger * @param IUserSession $userSession * @param IConfig $config */ public function __construct(ILogger $logger, IUserSession $userSession, IConfig $config) { $this->logger = $logger; $this->user = $userSession && $userSession->isLoggedIn() ? $userSession->getUser() : false; $this->config = $config; $this->supportedKeyFormats = ['hash', 'password']; }
/** * Creates a new tag * * @param string $data JSON encoded string containing the properties of the tag to create * @param string $contentType content type of the data * @return ISystemTag newly created system tag * * @throws BadRequest if a field was missing * @throws Conflict if a tag with the same properties already exists * @throws UnsupportedMediaType if the content type is not supported */ private function createTag($data, $contentType = 'application/json') { if (explode(';', $contentType)[0] === 'application/json') { $data = json_decode($data, true); } else { throw new UnsupportedMediaType(); } if (!isset($data['name'])) { throw new BadRequest('Missing "name" attribute'); } $tagName = $data['name']; $userVisible = true; $userAssignable = true; if (isset($data['userVisible'])) { $userVisible = (bool) $data['userVisible']; } if (isset($data['userAssignable'])) { $userAssignable = (bool) $data['userAssignable']; } if ($userVisible === false || $userAssignable === false) { if (!$this->userSession->isLoggedIn() || !$this->groupManager->isAdmin($this->userSession->getUser()->getUID())) { throw new BadRequest('Not sufficient permissions'); } } try { return $this->tagManager->createTag($tagName, $userVisible, $userAssignable); } catch (TagAlreadyExistsException $e) { throw new Conflict('Tag already exists', 0, $e); } }
/** * Get the user we need to use * * Either the user is logged in, or we try to get it from the token * * @return string * @throws \UnexpectedValueException If the token is invalid, does not exist or is not unique */ public function getCurrentUserId() { if (!$this->session->isLoggedIn()) { return $this->getUserFromToken(); } else { return $this->session->getUser()->getUID(); } }
/** * @param ILogger $logger * @param IUserSession $userSession * @param IConfig $config * @param IL10N $l */ public function __construct(ILogger $logger, IUserSession $userSession, IConfig $config, IL10N $l) { $this->logger = $logger; $this->user = $userSession && $userSession->isLoggedIn() ? $userSession->getUser()->getUID() : '"no user given"'; $this->config = $config; $this->l = $l; $this->supportedKeyFormats = ['hash', 'password']; }
/** * Util constructor. * * @param View $files * @param Crypt $crypt * @param ILogger $logger * @param IUserSession $userSession * @param IConfig $config */ public function __construct(View $files, Crypt $crypt, ILogger $logger, IUserSession $userSession, IConfig $config) { $this->files = $files; $this->crypt = $crypt; $this->logger = $logger; $this->user = $userSession && $userSession->isLoggedIn() ? $userSession->getUser() : false; $this->config = $config; }
/** * @param IUserSession $user * @param Crypt $crypt * @param ISecureRandom $random * @param KeyManager $keyManager * @param IConfig $config * @param IStorage $keyStorage * @param IFile $file * @param View $view */ public function __construct(IUserSession $user, Crypt $crypt, ISecureRandom $random, KeyManager $keyManager, IConfig $config, IStorage $keyStorage, IFile $file, View $view) { $this->user = $user && $user->isLoggedIn() ? $user->getUser() : false; $this->crypt = $crypt; $this->random = $random; $this->keyManager = $keyManager; $this->config = $config; $this->keyStorage = $keyStorage; $this->view = $view; $this->file = $file; }
/** * @param string $baseUri * @param string $requestUri * @param BackendInterface $authBackend * @param callable $viewCallBack callback that should return the view for the dav endpoint * @return Server */ public function createServer($baseUri, $requestUri, BackendInterface $authBackend, callable $viewCallBack) { // Fire up server $objectTree = new \OCA\DAV\Connector\Sabre\ObjectTree(); $server = new \OCA\DAV\Connector\Sabre\Server($objectTree); // Set URL explicitly due to reverse-proxy situations $server->httpRequest->setUrl($requestUri); $server->setBaseUri($baseUri); // Load plugins $defaults = new \OC_Defaults(); $server->addPlugin(new \OCA\DAV\Connector\Sabre\MaintenancePlugin($this->config)); $server->addPlugin(new \OCA\DAV\Connector\Sabre\BlockLegacyClientPlugin($this->config)); $server->addPlugin(new \Sabre\DAV\Auth\Plugin($authBackend, $defaults->getName())); // FIXME: The following line is a workaround for legacy components relying on being able to send a GET to / $server->addPlugin(new \OCA\DAV\Connector\Sabre\DummyGetResponsePlugin()); $server->addPlugin(new \OCA\DAV\Connector\Sabre\ExceptionLoggerPlugin('webdav', $this->logger)); $server->addPlugin(new \OCA\DAV\Connector\Sabre\LockPlugin()); // Some WebDAV clients do require Class 2 WebDAV support (locking), since // we do not provide locking we emulate it using a fake locking plugin. if ($this->request->isUserAgent(['/WebDAVFS/', '/Microsoft Office OneNote 2013/', '/Microsoft-WebDAV-MiniRedir/'])) { $server->addPlugin(new \OCA\DAV\Connector\Sabre\FakeLockerPlugin()); } if (BrowserErrorPagePlugin::isBrowserRequest($this->request)) { $server->addPlugin(new BrowserErrorPagePlugin()); } // wait with registering these until auth is handled and the filesystem is setup $server->on('beforeMethod', function () use($server, $objectTree, $viewCallBack) { // ensure the skeleton is copied $userFolder = \OC::$server->getUserFolder(); /** @var \OC\Files\View $view */ $view = $viewCallBack($server); $rootInfo = $view->getFileInfo(''); // Create ownCloud Dir if ($rootInfo->getType() === 'dir') { $root = new \OCA\DAV\Connector\Sabre\Directory($view, $rootInfo, $objectTree); } else { $root = new \OCA\DAV\Connector\Sabre\File($view, $rootInfo); } $objectTree->init($root, $view, $this->mountManager); $server->addPlugin(new \OCA\DAV\Connector\Sabre\FilesPlugin($objectTree, $view, $this->config, false, !$this->config->getSystemValue('debug', false))); $server->addPlugin(new \OCA\DAV\Connector\Sabre\QuotaPlugin($view)); if ($this->userSession->isLoggedIn()) { $server->addPlugin(new \OCA\DAV\Connector\Sabre\TagsPlugin($objectTree, $this->tagManager)); $server->addPlugin(new \OCA\DAV\Connector\Sabre\SharesPlugin($objectTree, $this->userSession, $userFolder, \OC::$server->getShareManager())); $server->addPlugin(new \OCA\DAV\Connector\Sabre\CommentPropertiesPlugin(\OC::$server->getCommentsManager(), $this->userSession)); $server->addPlugin(new \OCA\DAV\Connector\Sabre\FilesReportPlugin($objectTree, $view, \OC::$server->getSystemTagManager(), \OC::$server->getSystemTagObjectMapper(), $this->userSession, \OC::$server->getGroupManager(), $userFolder)); // custom properties plugin must be the last one $server->addPlugin(new \Sabre\DAV\PropertyStorage\Plugin(new \OCA\DAV\Connector\Sabre\CustomPropertiesBackend($objectTree, $this->databaseConnection, $this->userSession->getUser()))); } $server->addPlugin(new \OCA\DAV\Connector\Sabre\CopyEtagHeaderPlugin()); }, 30); // priority 30: after auth (10) and acl(20), before lock(50) and handling the request return $server; }
/** * @param \Sabre\DAV\Server $server * @param $realm * @return bool */ private function auth(\Sabre\DAV\Server $server, $realm) { if (\OC_User::handleApacheAuth() || $this->userSession->isLoggedIn() && is_null($this->session->get(self::DAV_AUTHENTICATED))) { $user = $this->userSession->getUser()->getUID(); \OC_Util::setupFS($user); $this->currentUser = $user; $this->session->close(); return true; } return parent::authenticate($server, $realm); }
/** * @param string $appName * @param IRequest $request an instance of the request * @param IUserSession $userSession */ public function __construct($appName, IRequest $request, IUserSession $userSession) { parent::__construct($appName, $request); if ($userSession->isLoggedIn()) { $user = $userSession->getUser(); if ($user) { $this->user = $user; } else { //TODO - throw exception } } }
/** * @PublicPage * @NoCSRFRequired * @UseSession * * @param string $user * @param string $redirect_url * @param string $remember_login * * @return TemplateResponse */ public function showLoginForm($user, $redirect_url, $remember_login) { if ($this->userSession->isLoggedIn()) { return new RedirectResponse(\OC_Util::getDefaultPageUrl()); } $parameters = array(); $loginMessages = $this->session->get('loginMessages'); $errors = []; $messages = []; if (is_array($loginMessages)) { list($errors, $messages) = $loginMessages; } $this->session->remove('loginMessages'); foreach ($errors as $value) { $parameters[$value] = true; } $parameters['messages'] = $messages; if (!is_null($user) && $user !== '') { $parameters['loginName'] = $user; $parameters['user_autofocus'] = false; } else { $parameters['loginName'] = ''; $parameters['user_autofocus'] = true; } if (!empty($redirect_url)) { $parameters['redirect_url'] = $redirect_url; } $parameters['canResetPassword'] = true; if (!$this->config->getSystemValue('lost_password_link')) { if (!is_null($user) && $user !== '') { $userObj = $this->userManager->get($user); if ($userObj instanceof IUser) { $parameters['canResetPassword'] = $userObj->canChangePassword(); } } } $parameters['alt_login'] = \OC_App::getAlternativeLogIns(); $parameters['rememberLoginAllowed'] = \OC_Util::rememberLoginAllowed(); $parameters['rememberLoginState'] = !empty($remember_login) ? $remember_login : 0; if (!is_null($user) && $user !== '') { $parameters['loginName'] = $user; $parameters['user_autofocus'] = false; } else { $parameters['loginName'] = ''; $parameters['user_autofocus'] = true; } return new TemplateResponse($this->appName, 'login', $parameters, 'guest'); }
/** * @param string $baseUri * @param string $requestUri * @param BackendInterface $authBackend * @param callable $viewCallBack callback that should return the view for the dav endpoint * @return Server */ public function createServer($baseUri, $requestUri, BackendInterface $authBackend, callable $viewCallBack) { // Fire up server $objectTree = new \OC\Connector\Sabre\ObjectTree(); $server = new \OC\Connector\Sabre\Server($objectTree); // Set URL explicitly due to reverse-proxy situations $server->httpRequest->setUrl($requestUri); $server->setBaseUri($baseUri); // Load plugins $defaults = new \OC_Defaults(); $server->addPlugin(new \OC\Connector\Sabre\MaintenancePlugin($this->config)); $server->addPlugin(new \OC\Connector\Sabre\BlockLegacyClientPlugin($this->config)); $server->addPlugin(new \Sabre\DAV\Auth\Plugin($authBackend, $defaults->getName())); // FIXME: The following line is a workaround for legacy components relying on being able to send a GET to / $server->addPlugin(new \OC\Connector\Sabre\DummyGetResponsePlugin()); $server->addPlugin(new \OC\Connector\Sabre\ExceptionLoggerPlugin('webdav', $this->logger)); $server->addPlugin(new \OC\Connector\Sabre\LockPlugin($objectTree)); $server->addPlugin(new \OC\Connector\Sabre\ListenerPlugin($this->dispatcher)); // Finder on OS X requires Class 2 WebDAV support (locking), since we do // not provide locking we emulate it using a fake locking plugin. if ($this->request->isUserAgent(['/WebDAVFS/'])) { $server->addPlugin(new \OC\Connector\Sabre\FakeLockerPlugin()); } // wait with registering these until auth is handled and the filesystem is setup $server->on('beforeMethod', function () use($server, $objectTree, $viewCallBack) { /** @var \OC\Files\View $view */ $view = $viewCallBack(); $rootInfo = $view->getFileInfo(''); // Create ownCloud Dir if ($rootInfo->getType() === 'dir') { $root = new \OC\Connector\Sabre\Directory($view, $rootInfo); } else { $root = new \OC\Connector\Sabre\File($view, $rootInfo); } $objectTree->init($root, $view, $this->mountManager); $server->addPlugin(new \OC\Connector\Sabre\FilesPlugin($objectTree, $view)); $server->addPlugin(new \OC\Connector\Sabre\QuotaPlugin($view)); if ($this->userSession->isLoggedIn()) { $server->addPlugin(new \OC\Connector\Sabre\TagsPlugin($objectTree, $this->tagManager)); // custom properties plugin must be the last one $server->addPlugin(new \Sabre\DAV\PropertyStorage\Plugin(new \OC\Connector\Sabre\CustomPropertiesBackend($objectTree, $this->databaseConnection, $this->userSession->getUser()))); } $server->addPlugin(new \OC\Connector\Sabre\CopyEtagHeaderPlugin()); }, 30); // priority 30: after auth (10) and acl(20), before lock(50) and handling the request return $server; }
/** * @param RequestInterface $request * @param ResponseInterface $response * @return array */ private function auth(RequestInterface $request, ResponseInterface $response) { if (\OC_User::handleApacheAuth() || $this->userSession->isLoggedIn() && is_null($this->session->get(self::DAV_AUTHENTICATED)) || $this->userSession->isLoggedIn() && $this->session->get(self::DAV_AUTHENTICATED) === $this->userSession->getUser()->getUID() && $request->getHeader('Authorization') === null) { $user = $this->userSession->getUser()->getUID(); \OC_Util::setupFS($user); $this->currentUser = $user; $this->session->close(); return [true, $this->principalPrefix . $user]; } if (!$this->userSession->isLoggedIn() && in_array('XMLHttpRequest', explode(',', $request->getHeader('X-Requested-With')))) { // do not re-authenticate over ajax, use dummy auth name to prevent browser popup $response->addHeader('WWW-Authenticate', 'DummyBasic realm="' . $this->realm . '"'); $response->setStatus(401); throw new \Sabre\DAV\Exception\NotAuthenticated('Cannot authenticate over ajax calls'); } return parent::check($request, $response); }
/** * @param \Sabre\DAV\Server $server * @param string $realm * @return bool */ private function auth(\Sabre\DAV\Server $server, $realm) { if (\OC_User::handleApacheAuth() || $this->userSession->isLoggedIn() && is_null($this->session->get(self::DAV_AUTHENTICATED))) { $user = $this->userSession->getUser()->getUID(); \OC_Util::setupFS($user); $this->currentUser = $user; $this->session->close(); return true; } if ($server->httpRequest->getHeader('X-Requested-With') === 'XMLHttpRequest') { // do not re-authenticate over ajax, use dummy auth name to prevent browser popup $server->httpResponse->addHeader('WWW-Authenticate', 'DummyBasic realm="' . $realm . '"'); $server->httpResponse->setStatus(401); throw new \Sabre\DAV\Exception\NotAuthenticated('Cannot authenticate over ajax calls'); } return parent::authenticate($server, $realm); }
/** * @param RequestInterface $request * @param ResponseInterface $response * @return array * @throws NotAuthenticated */ private function auth(RequestInterface $request, ResponseInterface $response) { $forcedLogout = false; if (!$this->request->passesCSRFCheck() && $this->requiresCSRFCheck()) { // In case of a fail with POST we need to recheck the credentials if ($this->request->getMethod() === 'POST') { $forcedLogout = true; } else { $response->setStatus(401); throw new \Sabre\DAV\Exception\NotAuthenticated('CSRF check not passed.'); } } if ($forcedLogout) { $this->userSession->logout(); } else { if (\OC_User::handleApacheAuth() || $this->userSession->isLoggedIn() && is_null($this->session->get(self::DAV_AUTHENTICATED)) || $this->userSession->isLoggedIn() && $this->session->get(self::DAV_AUTHENTICATED) === $this->userSession->getUser()->getUID() && $request->getHeader('Authorization') === null) { $user = $this->userSession->getUser()->getUID(); \OC_Util::setupFS($user); $this->currentUser = $user; $this->session->close(); return [true, $this->principalPrefix . $user]; } } if (!$this->userSession->isLoggedIn() && in_array('XMLHttpRequest', explode(',', $request->getHeader('X-Requested-With')))) { // do not re-authenticate over ajax, use dummy auth name to prevent browser popup $response->addHeader('WWW-Authenticate', 'DummyBasic realm="' . $this->realm . '"'); $response->setStatus(401); throw new \Sabre\DAV\Exception\NotAuthenticated('Cannot authenticate over ajax calls'); } $data = parent::check($request, $response); if ($data[0] === true) { $startPos = strrpos($data[1], '/') + 1; $user = $this->userSession->getUser()->getUID(); $data[1] = substr_replace($data[1], $user, $startPos); } return $data; }
/** * @param IStorage $keyStorage * @param Crypt $crypt * @param IConfig $config * @param IUserSession $userSession * @param Session $session * @param ILogger $log * @param Util $util */ public function __construct(IStorage $keyStorage, Crypt $crypt, IConfig $config, IUserSession $userSession, Session $session, ILogger $log, Util $util) { $this->util = $util; $this->session = $session; $this->keyStorage = $keyStorage; $this->crypt = $crypt; $this->config = $config; $this->log = $log; $this->recoveryKeyId = $this->config->getAppValue('encryption', 'recoveryKeyId'); if (empty($this->recoveryKeyId)) { $this->recoveryKeyId = 'recoveryKey_' . substr(md5(time()), 0, 8); $this->config->setAppValue('encryption', 'recoveryKeyId', $this->recoveryKeyId); } $this->publicShareKeyId = $this->config->getAppValue('encryption', 'publicShareKeyId'); if (empty($this->publicShareKeyId)) { $this->publicShareKeyId = 'pubShare_' . substr(md5(time()), 0, 8); $this->config->setAppValue('encryption', 'publicShareKeyId', $this->publicShareKeyId); } $this->masterKeyId = $this->config->getAppValue('encryption', 'masterKeyId'); if (empty($this->masterKeyId)) { $this->masterKeyId = 'master_' . substr(md5(time()), 0, 8); $this->config->setAppValue('encryption', 'masterKeyId', $this->masterKeyId); } $this->keyId = $userSession && $userSession->isLoggedIn() ? $userSession->getUser()->getUID() : false; $this->log = $log; }
/** * @param IStorage $keyStorage * @param Crypt $crypt * @param IConfig $config * @param IUserSession $userSession * @param Session $session * @param ILogger $log * @param Util $util */ public function __construct(IStorage $keyStorage, Crypt $crypt, IConfig $config, IUserSession $userSession, Session $session, ILogger $log, Util $util) { $this->util = $util; $this->session = $session; $this->keyStorage = $keyStorage; $this->crypt = $crypt; $this->config = $config; $this->log = $log; $this->recoveryKeyId = $this->config->getAppValue('encryption', 'recoveryKeyId'); if (empty($this->recoveryKeyId)) { $this->recoveryKeyId = 'recoveryKey_' . substr(md5(time()), 0, 8); $this->config->setAppValue('encryption', 'recoveryKeyId', $this->recoveryKeyId); } $this->publicShareKeyId = $this->config->getAppValue('encryption', 'publicShareKeyId'); if (empty($this->publicShareKeyId)) { $this->publicShareKeyId = 'pubShare_' . substr(md5(time()), 0, 8); $this->config->setAppValue('encryption', 'publicShareKeyId', $this->publicShareKeyId); } $shareKey = $this->getPublicShareKey(); if (empty($shareKey)) { $keyPair = $this->crypt->createKeyPair(); // Save public key $this->keyStorage->setSystemUserKey($this->publicShareKeyId . '.publicKey', $keyPair['publicKey']); // Encrypt private key empty passphrase $encryptedKey = $this->crypt->symmetricEncryptFileContent($keyPair['privateKey'], ''); $this->keyStorage->setSystemUserKey($this->publicShareKeyId . '.privateKey', $encryptedKey); } $this->keyId = $userSession && $userSession->isLoggedIn() ? $userSession->getUser()->getUID() : false; $this->log = $log; }
/** * @param ILogger $logger * @param IUserSession $userSession * @param IConfig $config */ public function __construct(ILogger $logger, IUserSession $userSession, IConfig $config) { $this->logger = $logger; $this->user = $userSession && $userSession->isLoggedIn() ? $userSession->getUser() : false; $this->config = $config; }