public function method_GET()
{
$this->assert(BeeHub::PRIV_READ_CONTENT);
// You can request the POST authentication code through the system
// collection with a 'POST_auth_code' query field set. However, this is only
// allowed when using HTTPS
if (isset($_GET['POST_auth_code'])) {
return BeeHub::getAuth()->getPostAuthCode();
}
$this->include_view();
}
public function method_POST(&$headers)
{
$displayname = $_POST['displayname'];
$description = $_POST['description'];
$group_name = $_POST['group_name'];
$user_sponsor = BeeHub::getAuth()->current_user()->user_prop(BeeHub::PROP_SPONSOR);
// If you don't have a (default) sponsor, you're not allowed to add a group
if (empty($user_sponsor)) {
throw DAV::forbidden("Only users with a sponsor are allowed to create groups");
}
// Group name must be one of the following characters a-zA-Z0-9_-., starting with an alphanumeric character and must be between 1 and 255 characters long and can't be one of the forbidden names
if (empty($displayname) || in_array(strtolower($group_name), BeeHub::$FORBIDDEN_GROUP_NAMES) || !preg_match('/^[a-zA-Z0-9]{1}[a-zA-Z0-9_\\-\\.]{0,254}$/D', $group_name)) {
throw new DAV_Status(DAV::HTTP_BAD_REQUEST, 'Group name has the wrong format. The name can be a maximum of 255 characters long and should start with an alphanumeric character, followed by alphanumeric characters or one of the following: _-.');
}
// Check if the group name doesn't exist
$collection = BeeHub::getNoSQL()->groups;
$result = $collection->findOne(array('name' => $group_name), array('name' => true));
if (!is_null($result)) {
// Duplicate key: bad request!
throw new DAV_Status(DAV::HTTP_CONFLICT, "Group name already exists, please choose a different group name!");
}
$groupdir = DAV::unslashify(BeeHub::$CONFIG['environment']['datadir']) . DIRECTORY_SEPARATOR . $group_name;
// Check for existing groupdir
if (file_exists($groupdir)) {
throw new DAV_Status(DAV::HTTP_INTERNAL_SERVER_ERROR);
}
// Store in the database
$collection->insert(array('name' => $group_name));
// Fetch the group and store extra properties
$group = DAV::$REGISTRY->resource(BeeHub::GROUPS_PATH . $group_name);
$group->user_set(DAV::PROP_DISPLAYNAME, $displayname);
if (!empty($description)) {
$group->user_set(BeeHub::PROP_DESCRIPTION, $description);
}
$group->storeProperties();
// Add the current user as admin of the group
$group->change_memberships(basename($this->user_prop_current_user_principal()), BeeHub_Group::USER_ACCEPT);
$group->change_memberships(basename($this->user_prop_current_user_principal()), BeeHub_Group::ADMIN_ACCEPT);
$group->change_memberships(basename($this->user_prop_current_user_principal()), BeeHub_Group::SET_ADMIN);
// And create a group directory
if (!mkdir($groupdir)) {
throw new DAV_Status(DAV::HTTP_INTERNAL_SERVER_ERROR);
}
// And create the directory in the database
$document = array('path' => $group_name, 'depth' => 1, 'collection' => true);
$filesCollection = BeeHub::getNoSQL()->files;
$filesCollection->save($document);
$groupdir_resource = DAV::$REGISTRY->resource('/' . $group_name);
$groupdir_resource->user_set(BeeHub::PROP_SPONSOR, $user_sponsor);
$groupdir_resource->user_set(DAV::PROP_ACL, '[["' . BeeHub::GROUPS_PATH . $group->name . '",false,["DAV: read", "DAV: write"],false]]');
$groupdir_resource->storeProperties();
// Group created, redirect to the group page
DAV::redirect(DAV::HTTP_SEE_OTHER, BeeHub::GROUPS_PATH . $group->name);
}
private function internal_create_member($name, $collection = false)
{
$this->assert(DAVACL::PRIV_WRITE_CONTENT);
$path = $this->path . $name;
$localPath = BeeHub::localPath($path);
$cups = $this->current_user_principals();
// Determine the sponsor
$user = BeeHub::getAuth()->current_user();
if (!is_null($user)) {
$user_sponsors = $user->user_prop_sponsor_membership();
}
if (is_null($user) || count($user_sponsors) == 0) {
// If the user doesn't have any sponsors, he/she can't create files and directories
throw DAV::forbidden("You need to be logged in and have at least one sponsor to upload files");
}
$sponsor = $this->user_prop(BeeHub::PROP_SPONSOR);
// The default is the directory sponsor
if (!in_array($sponsor, $user_sponsors)) {
//But a user can only create files sponsored by his own sponsors
$sponsor = $user->user_prop(BeeHub::PROP_SPONSOR);
}
// Create the subdirectory or file
if (file_exists($localPath)) {
throw DAV::forbidden();
}
$result = $collection ? @mkdir($localPath) : touch($localPath);
if (!$result) {
throw new DAV_Status(DAV::HTTP_INTERNAL_SERVER_ERROR);
}
// And create the object in the database
$unslashifiedPath = \DAV::unslashify($path);
if (substr($unslashifiedPath, 0, 1) === '/') {
$unslashifiedPath = substr($unslashifiedPath, 1);
}
$document = array('path' => $unslashifiedPath, 'depth' => substr_count($unslashifiedPath, '/') + 1);
if ($collection) {
$document['collection'] = true;
}
$filesCollection = BeeHub::getNoSQL()->files;
$filesCollection->save($document);
// And set the attributes
$new_resource = DAV::$REGISTRY->resource($path);
if (!$collection) {
$new_resource->user_set(DAV::PROP_GETETAG, BeeHub::ETag());
}
$new_resource->user_set(DAV::PROP_OWNER, $this->user_prop_current_user_principal());
$new_resource->user_set(BeeHub::PROP_SPONSOR, $sponsor);
$new_resource->storeProperties();
return $new_resource;
}
$i = $i + 1;
}
?>
</div>
</div>
<!-- End join tab -->
<!-- Create tab -->
<br/>
<div id="bh-gss-panel-create" class="tab-pane fade">
<form id="bh-gss-create-form" class="form-horizontal" action="<?php
echo BeeHub::SPONSORS_PATH;
?>
" method="post">
<input type="hidden" name="POST_auth_code" value="<?php
echo DAV::xmlescape(BeeHub::getAuth()->getPostAuthCode());
?>
" />
<div class="control-group">
<label class="control-label" for="bh-gss-name">Sponsor name</label>
<div class="controls">
<input type="text" id="bh-gss-name" name="sponsor_name" required>
</div>
</div>
<div class="control-group">
<label class="control-label" for="bh-gss-display-name">Display name</label>
<div class="controls">
<input type="text" id="bh-gss-display-name" name="displayname" required>
</div>
</div>
<div class="control-group">
// We need SimpleSamlPHP
require_once BeeHub::$CONFIG['environment']['simplesamlphp'] . 'lib' . DIRECTORY_SEPARATOR . '_autoload.php';
if (isset($_SERVER['HTTP_ORIGIN']) && !empty($_SERVER['HTTP_ORIGIN']) && parse_url($_SERVER['HTTP_ORIGIN'], PHP_URL_HOST) != $_SERVER['SERVER_NAME']) {
die('Cross Origin Resourc Sharing prohibited!');
}
DAV::$PROTECTED_PROPERTIES[DAV::PROP_GROUP_MEMBER_SET] = true;
DAV::$ACL_PROPERTIES[BeeHub::PROP_SPONSOR] = 'sponsor';
DAV::addSupported_Properties(BeeHub::PROP_SPONSOR, 'sponsor');
BeeHub::handle_method_spoofing();
DAV::$REGISTRY = BeeHub_Registry::inst();
DAV::$LOCKPROVIDER = BeeHub_Lock_Provider::inst();
DAV::$ACLPROVIDER = BeeHub_ACL_Provider::inst();
DAV::$UNAUTHORIZED = array(BeeHub::getAuth(), 'unauthorized');
// In case of POST requests, we can already check the POST authentication code
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (!BeeHub::getAuth()->checkPostAuthCode()) {
throw new DAV_Status(DAV::HTTP_FORBIDDEN, 'POST authentication code (POST_auth_code) was incorrect. The correct code can be obtained with a GET request to /system/?POST_auth_code');
}
}
// Prepare test environments if needed
if (APPLICATION_ENV === BeeHub::ENVIRONMENT_TEST && isset($_GET['test'])) {
if (substr($_SERVER['REQUEST_URI'], 0, 19) !== '/foo/client_tests/?') {
header('Location: /foo/client_tests/?' . $_SERVER['QUERY_STRING']);
die;
}
define('RUN_CLIENT_TESTS', true);
} else {
define('RUN_CLIENT_TESTS', false);
}
// If we want to run the client tests, load the test configuration and reset the storage backend (of the test environment)
if (APPLICATION_ENV === BeeHub::ENVIRONMENT_TEST) {
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
namespace nl\surfsara\beehub\install;
\define('nl\\surfsara\\beehub\\install\\DEFAULT_SPONSOR_NAME', 'e-infra');
\define('nl\\surfsara\\beehub\\install\\DEFAULT_SPONSOR_DISPLAYNAME', 'e-Infra');
\define('nl\\surfsara\\beehub\\install\\DEFAULT_SPONSOR_DESCRIPTION', 'e-Infra supports the development and hosting of BeeHub. For now, all BeeHub users are sponsored by e-Infra');
\define('nl\\surfsara\\beehub\\install\\ADMIN_GROUP_DISPLAYNAME', 'Administrators');
\define('nl\\surfsara\\beehub\\install\\ADMIN_GROUP_DESCRIPTION', 'Administrators can manage BeeHub');
if (isset($_GET['POST_auth_code'])) {
print \BeeHub::getAuth()->getPostAuthCode();
exit;
} elseif ($_SERVER['REQUEST_METHOD'] !== 'POST') {
exit;
}
\ob_start();
print "Checking PHP configuration:\n";
$notGood = false;
// PHP should be version 5.4 or higher
$version = \explode('.', \phpversion());
print 'PHP version should be > 5.4 ...';
if ($version[0] < 5 || $version[0] == 5 && $version[1] < 4) {
print 'WRONG (actual value: ' . \phpversion() . "\n";
$notGood = true;
} else {
print "ok\n";
public function is_requested($user = null)
{
$this->init_props();
if (is_null($user)) {
$user = BeeHub::getAuth()->current_user();
} elseif (!$user instanceof BeeHub_User) {
$user = BeeHub::user($user);
}
return ($tmp = @$this->users[$user->path]) && !$tmp['is_accepted'];
}
public function testMethod_COPYWithoutCollectionSponsor()
{
$bar = new \BeeHub_Directory('/bar/');
$bar->set_acl(array(new \DAVACL_Element_ace('/system/users/jane', false, array(\DAVACL::PRIV_READ, \DAVACL::PRIV_WRITE), false)));
$this->setCurrentUser('/system/users/jane');
$this->obj->method_COPY('/bar/directory/');
$newDirectory = \DAV::$REGISTRY->resource('/bar/directory/');
$this->assertNull($newDirectory->user_prop_getetag());
$this->assertSame('/system/users/jane', $newDirectory->user_prop_owner());
$this->assertSame(\BeeHub::getAuth()->current_user()->user_prop_sponsor(), $newDirectory->user_prop_sponsor());
$this->assertSame(array(), $newDirectory->user_prop_acl_internal());
$this->assertSame($this->obj->user_prop('test_namespace test_property'), $newDirectory->user_prop('test_namespace test_property'));
}
/**
* @see DAVACL_Resource::user_set_owner()
*/
protected function user_set_owner($owner)
{
// The owner should exist and be visible
if (!($owner = DAV::$REGISTRY->resource($owner)) || !$owner->isVisible() || !$owner instanceof BeeHub_User) {
throw new DAV_Status(DAV::HTTP_BAD_REQUEST, DAV::COND_RECOGNIZED_PRINCIPAL);
}
// You should be authenticated
if (!($cup = $this->user_prop_current_user_principal()) || !($cup = DAV::$REGISTRY->resource($cup))) {
throw DAV::forbidden();
}
// Get the sponsor of this resource
if ($sponsor = $this->user_prop_sponsor()) {
$sponsor = DAV::$REGISTRY->resource($sponsor);
} else {
// There is no sponsor set for this file. How can that be?
throw new DAV_Status(DAV::HTTP_INTERNAL_SERVER_ERROR, 'There is no sponsor set for this file!');
}
// If you are owner, and the new owner is sponsored by the resource sponsor
if ($this->user_prop_owner() === $cup->path && in_array($owner->path, $sponsor->user_prop_group_member_set())) {
return $this->user_set(DAV::PROP_OWNER, $owner->path);
}
// If you are not the owner, you can become owner if you have write
// privileges on both the resource itself as its parent collection
if ($this->user_prop_owner() !== $cup->path && $owner->path === $cup->path && $this->collection() instanceof BeeHub_Directory) {
$this->assert(BeeHub::PRIV_READ_CONTENT);
$this->assert(DAVACL::PRIV_READ_ACL);
$this->assert(DAVACL::PRIV_WRITE_CONTENT);
$this->collection()->assert(DAVACL::PRIV_WRITE_CONTENT);
// If the user is not sponsored by the resource sponsor, we have to change
// the resource sponsor
if (!in_array($this->user_prop_sponsor(), BeeHub::getAuth()->current_user()->user_prop_sponsor_membership())) {
// If the user is sponsored by the collection sponsor, then let's take
// that sponsor
if (!in_array($this->collection()->user_prop_sponsor(), BeeHub::getAuth()->current_user()->user_prop_sponsor_membership())) {
// Else take the default sponsor of the user
if (!$cup->user_prop_sponsor()) {
throw DAV::forbidden();
} else {
$this->user_set(BeeHub::PROP_SPONSOR, $cup->user_prop_sponsor());
}
} else {
$this->user_set(BeeHub::PROP_SPONSOR, $this->collection()->user_prop_sponsor());
}
}
return $this->user_set(DAV::PROP_OWNER, $owner->path);
}
// If the owner still isn't changed, you are not allowed to do so
throw DAV::forbidden();
}
/**
* @return boolean is the current user an administrator?
*/
public function wheel()
{
$user = BeeHub::getAuth()->current_user();
return !is_null($user) && in_array(BeeHub::$CONFIG['namespace']['admin_group'], $user->user_prop_group_membership());
}
public function method_COPY($path)
{
$this->assert(BeeHub::PRIV_READ_CONTENT);
$this->assert(DAVACL::PRIV_READ_ACL);
$destinationResource = DAV::$REGISTRY->resource($path);
$parent = DAV::$REGISTRY->resource(dirname($path));
if (!$parent) {
throw new DAV_Status(DAV::HTTP_CONFLICT, 'Unable to COPY to unexisting collection');
}
if (!$parent instanceof BeeHub_Directory) {
throw new DAV_Status(DAV::HTTP_FORBIDDEN);
}
if ($destinationResource instanceof DAVACL_Resource) {
$destinationResource->assert(DAVACL::PRIV_WRITE_CONTENT);
$destinationResource->assert(DAVACL::PRIV_WRITE_ACL);
$parent->method_DELETE(basename($path));
} else {
$parent->assert(DAVACL::PRIV_WRITE_CONTENT);
}
// Determine the sponsor
$user = BeeHub::getAuth()->current_user();
$user_sponsors = $user->user_prop_sponsor_membership();
if (count($user_sponsors) === 0) {
// If the user doesn't have any sponsors, he/she can't create files and directories
throw DAV::forbidden();
}
$localPath = BeeHub::localPath($path);
exec('cp ' . BeeHub::escapeshellarg($this->localPath) . ' ' . BeeHub::escapeshellarg($localPath));
// And copy the attributes
$new_resource = new BeeHub_File($path);
foreach ($this->stored_props as $prop => $value) {
if (!in_array($prop, array(DAV::PROP_OWNER, BeeHub::PROP_SPONSOR, DAV::PROP_ACL, DAV::PROP_GETETAG, DAV::PROP_LOCKDISCOVERY))) {
$new_resource->user_set($prop, $value);
}
}
$sponsor = $parent->user_prop_sponsor();
// The default is the directory sponsor
if (!in_array($sponsor, $user_sponsors)) {
//But a user can only create files sponsored by his own sponsors
$sponsor = $user->user_prop(BeeHub::PROP_SPONSOR);
}
// And set the new properties
$new_resource->user_set(DAV::PROP_OWNER, $this->user_prop_current_user_principal());
$new_resource->user_set(BeeHub::PROP_SPONSOR, $sponsor);
$new_resource->user_set(DAV::PROP_GETETAG, BeeHub::ETag());
$new_resource->storeProperties();
}
/**
* Handles the form to register a new user. No authentication required.
* @see DAV_Resource::method_POST()
*/
public function method_POST(&$headers)
{
$displayname = $_POST['displayname'];
$email = $_POST['email'];
$password = !empty($_POST['password']) ? $_POST['password'] : null;
$user_name = $_POST['user_name'];
// User name must be one of the following characters a-zA-Z0-9_-., starting with an alphanumeric character and must be between 1 and 255 characters long
if (empty($displayname) || !preg_match('/^[a-zA-Z0-9]{1}[a-zA-Z0-9_\\-\\.]{0,254}$/D', $user_name)) {
throw new DAV_Status(DAV::HTTP_BAD_REQUEST, 'User name has the wrong format. The name can be a maximum of 255 characters long and should start with an alphanumeric character, followed by alphanumeric character, followed by alphanumeric characters or one of the following: _-.');
}
// Check if the username doesn't exist
$collection = BeeHub::getNoSQL()->users;
$result = $collection->findOne(array('name' => $user_name), array('name' => true));
if (!is_null($result)) {
// Duplicate key: bad request!
throw new DAV_Status(DAV::HTTP_CONFLICT, "User name already exists, please choose a different user name!");
}
$userdir = DAV::unslashify(BeeHub::$CONFIG['environment']['datadir']) . DIRECTORY_SEPARATOR . 'home' . DIRECTORY_SEPARATOR . $user_name;
// Check for existing userdir
if (file_exists($userdir)) {
throw new DAV_Status(DAV::HTTP_INTERNAL_SERVER_ERROR);
}
// Store in the database
$collection->insert(array('name' => $user_name));
// Fetch the user and store extra properties
$user = DAV::$REGISTRY->resource(BeeHub::USERS_PATH . $user_name);
$user->set_password($password);
$user->user_set(DAV::PROP_DISPLAYNAME, $displayname);
$user->user_set(BeeHub::PROP_EMAIL, $email);
// Just to be clear: the above lines will have to be deleted somewhere in the future, but the lines below should stay
$auth = BeeHub::getAuth();
if ($auth->simpleSaml()->isAuthenticated()) {
$surfId = $auth->simpleSaml()->getAuthData("saml:sp:NameID");
$surfId = $surfId['Value'];
$attributes = $auth->simpleSaml()->getAttributes();
$surfconext_description = @$attributes['urn:mace:terena.org:attribute-def:schacHomeOrganization'][0];
if (empty($surfconext_description)) {
$surfconext_description = 'Unknown account';
}
$user->user_set(BeeHub::PROP_SURFCONEXT, $surfId);
$user->user_set(BeeHub::PROP_SURFCONEXT_DESCRIPTION, $surfconext_description);
}
$user->storeProperties();
// TODO: This should not be hard coded, a new user should not have a sponsor but request one after his account is created, but I want to inform the user about his through the not-yet-existing notification system
$sponsor = DAV::$REGISTRY->resource('/system/sponsors/e-infra');
$sponsor->change_memberships($user_name, BeeHub_Sponsor::USER_ACCEPT);
$sponsor->change_memberships($user_name, BeeHub_Sponsor::ADMIN_ACCEPT);
// And create a user directory
if (!mkdir($userdir)) {
throw new DAV_Status(DAV::HTTP_INTERNAL_SERVER_ERROR);
}
// And create the directory in the database
$document = array('path' => 'home/' . $user_name, 'depth' => 2, 'collection' => true);
$filesCollection = BeeHub::getNoSQL()->files;
$filesCollection->save($document);
$userdir_resource = DAV::$REGISTRY->resource('/home/' . $user_name);
$userdir_resource->user_set(DAV::PROP_OWNER, $user->path);
// TODO: this should not be hard coded. When a users is accepted by his/her first sponsor, this should automatically be set.
$userdir_resource->user_set(BeeHub::PROP_SPONSOR, '/system/sponsors/e-infra');
$userdir_resource->storeProperties();
// Show the confirmation
$this->include_view('new_user_confirmation', array('email_address' => $email));
}
<?php
$footer = '
<script type="text/javascript" src="/system/js/plugins/jquery.cookie.js"></script>
<script type="text/javascript" src="/system/js/plugins/tablesorter/js/jquery.tablesorter.js"></script>
<script type="text/javascript" src="/system/js/plugins/tablesorter/js/jquery.tablesorter.widgets.js"></script>
<script type="text/javascript" src="/system/js/directory.js"></script>
<script type="text/javascript" src="/system/js/directory_controller.js"></script>
<script type="text/javascript" src="/system/js/directory_view.js"></script>
<script type="text/javascript" src="/system/js/directory_view_content.js"></script>
<script type="text/javascript" src="/system/js/directory_view_tree.js"></script>
<script type="text/javascript" src="/system/js/directory_view_dialog.js"></script>
<script type="text/javascript" src="/system/js/directory_view_acl.js"></script>
<script type="text/javascript" src="/system/js/directory_resource.js"></script>
<script type="text/javascript">
nl.sara.beehub.currentUserPath = \'' . BeeHub::getAuth()->current_user()->path . '\';
</script>
';
// If the directory ($this) is not writable nor any of the files in it, then you
// won't be able to upload anything to this directory. So disable the button.
try {
$this->assert(DAVACL::PRIV_WRITE_CONTENT);
} catch (DAV_Status $e) {
if (!$writableFiles) {
$footer .= '
<script type="text/javascript">
$( function() {
$( \'.bh-dir-content-upload\' )
.unbind( \'click\' )
// .removeClass( \'bh-dir-content-upload\' )
.attr( \'disabled\', \'disabled\' );
if (RUN_CLIENT_TESTS) {
?>
</div> <!-- End qunit-fixture -->
<script src="/system/tests/resources/qunit.js"></script>
<script src="/system/tests/resources/mock.js"></script>
<?php
}
?>
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.9.0/jquery.min.js"></script>
<script type="text/javascript" src="/system/js/jquery-ui.js"></script>
<script type="text/javascript" src="/system/bootstrap/js/bootstrap.js"></script>
<script type="text/javascript" src="/system/js/webdavlib.js"></script>
<script type="text/javascript" src="/system/js/beehub.js"></script>
<script type="text/javascript">
nl.sara.beehub.postAuth = '<?php
echo BeeHub::getAuth()->getPostAuthCode();
?>
';
</script>
<script type="text/javascript" src="/system/js/server/principals.js"></script>
<script type="text/javascript">
nl.sara.beehub.show_notifications(<?php
echo json_encode(BeeHub::notifications(BeeHub_Auth::inst()));
?>
);
<?php
echo intval(@$_GET['show_notifications']) === 1 ? '$("#notification_button").dropdown("toggle");' : '';
?>
</script>
<?php
echo isset($footer) ? $footer : '';
