/**
* Decides which type of response to send
*
* @param string $message
* @param int $code
*
* @return JSONResponse|RedirectResponse|TemplateResponse
*/
private function computeResponse($message, $code)
{
$acceptHtml = stripos($this->request->getHeader('Accept'), 'html');
if ($acceptHtml === false) {
$response = $this->sendJsonResponse($message, $code);
} else {
$response = $this->sendHtmlResponse($message, $code);
}
return $response;
}
/**
* Load the image.
*/
protected function processImage()
{
// If image has already been read return
if ($this->image instanceof Image) {
return;
}
$this->image = new Image();
\OCP\Util::writeLog('contacts', __METHOD__ . ', Content-Type: ' . $this->request->getHeader('Content-Type'), \OCP\Util::DEBUG);
\OCP\Util::writeLog('contacts', __METHOD__ . ', Content-Length: ' . $this->request->getHeader('Content-Length'), \OCP\Util::DEBUG);
if (substr($this->request->getHeader('Content-Type'), 0, 6) !== 'image/') {
throw new \Exception('Only images can be used as contact photo', Http::STATUS_UNSUPPORTED_MEDIA_TYPE);
}
$maxSize = \OCP\Util::maxUploadFilesize('/');
if ($this->request->getHeader('Content-Length') > $maxSize) {
throw new \Exception(sprintf('The size of the file exceeds the maximum allowed %s', \OCP\Util::humanFileSize($maxSize)), Http::STATUS_REQUEST_ENTITY_TOO_LARGE);
}
$this->image->loadFromFileHandle($this->request->put);
}
/**
* If an SecurityException is being caught, ajax requests return a JSON error
* response and non ajax requests redirect to the index
* @param Controller $controller the controller that is being called
* @param string $methodName the name of the method that will be called on
* the controller
* @param \Exception $exception the thrown exception
* @throws \Exception the passed in exception if it cant handle it
* @return Response a Response object or null in case that the exception could not be handled
*/
public function afterException($controller, $methodName, \Exception $exception)
{
if ($exception instanceof SecurityException) {
if (stripos($this->request->getHeader('Accept'), 'html') === false) {
$response = new JSONResponse(array('message' => $exception->getMessage()), $exception->getCode());
$this->app->log($exception->getMessage(), 'debug');
} else {
// TODO: replace with link to route
$url = $this->app->getServer()->getURLGenerator()->getAbsoluteURL('index.php');
$response = new RedirectResponse($url);
$this->app->log($exception->getMessage(), 'debug');
}
return $response;
}
throw $exception;
}
/**
* If an SecurityException is being caught, ajax requests return a JSON error
* response and non ajax requests redirect to the index
* @param Controller $controller the controller that is being called
* @param string $methodName the name of the method that will be called on
* the controller
* @param \Exception $exception the thrown exception
* @throws \Exception the passed in exception if it can't handle it
* @return Response a Response object or null in case that the exception could not be handled
*/
public function afterException($controller, $methodName, \Exception $exception)
{
if ($exception instanceof SecurityException) {
if (stripos($this->request->getHeader('Accept'), 'html') === false) {
$response = new JSONResponse(array('message' => $exception->getMessage()), $exception->getCode());
} else {
if ($exception instanceof NotLoggedInException) {
$url = $this->urlGenerator->linkToRoute('core.login.showLoginForm', ['redirect_url' => urlencode($this->request->server['REQUEST_URI'])]);
$response = new RedirectResponse($url);
} else {
$response = new TemplateResponse('core', '403', ['file' => $exception->getMessage()], 'guest');
$response->setStatus($exception->getCode());
}
}
$this->logger->debug($exception->getMessage());
return $response;
}
throw $exception;
}
/**
* Validates a username and password
*
* This method should return true or false depending on if login
* succeeded.
*
* @param string $username
* @param string $password
*
* @return bool
* @throws \Sabre\DAV\Exception\NotAuthenticated
*/
protected function validateUserPass($username, $password)
{
try {
$share = $this->shareManager->getShareByToken($username);
} catch (ShareNotFound $e) {
return false;
}
$this->share = $share;
\OC_User::setIncognitoMode(true);
// check if the share is password protected
if ($share->getPassword() !== null) {
if ($share->getShareType() === \OCP\Share::SHARE_TYPE_LINK) {
if ($this->shareManager->checkPassword($share, $password)) {
return true;
} else {
if ($this->session->exists('public_link_authenticated') && $this->session->get('public_link_authenticated') === (string) $share->getId()) {
return true;
} else {
if (in_array('XMLHttpRequest', explode(',', $this->request->getHeader('X-Requested-With')))) {
// do not re-authenticate over ajax, use dummy auth name to prevent browser popup
http_response_code(401);
header('WWW-Authenticate', 'DummyBasic realm="' . $this->realm . '"');
throw new \Sabre\DAV\Exception\NotAuthenticated('Cannot authenticate over ajax calls');
}
return false;
}
}
} else {
if ($share->getShareType() === \OCP\Share::SHARE_TYPE_REMOTE) {
return true;
} else {
return false;
}
}
} else {
return true;
}
}
/**
* @param string|null $app App id or null for core
* @return string
*/
public function setLanguageFromRequest($app = null)
{
$header = $this->request->getHeader('ACCEPT_LANGUAGE');
if ($header) {
$available = $this->findAvailableLanguages($app);
// E.g. make sure that 'de' is before 'de_DE'.
sort($available);
$preferences = preg_split('/,\\s*/', strtolower($header));
foreach ($preferences as $preference) {
list($preferred_language) = explode(';', $preference);
$preferred_language = str_replace('-', '_', $preferred_language);
foreach ($available as $available_language) {
if ($preferred_language === strtolower($available_language)) {
if ($app === null && !$this->requestLanguage) {
$this->requestLanguage = $available_language;
}
return $available_language;
}
}
// Fallback from de_De to de
foreach ($available as $available_language) {
if (substr($preferred_language, 0, 2) === $available_language) {
if ($app === null && !$this->requestLanguage) {
$this->requestLanguage = $available_language;
}
return $available_language;
}
}
}
}
if (!$this->requestLanguage) {
$this->requestLanguage = 'en';
}
return 'en';
// Last try: English
}
/**
* Tries to login the user with auth token header
*
* @todo check remember me cookie
* @return boolean
*/
public function tryTokenLogin(IRequest $request)
{
$authHeader = $request->getHeader('Authorization');
if (strpos($authHeader, 'token ') === false) {
// No auth header, let's try session id
try {
$sessionId = $this->session->getId();
return $this->validateToken($sessionId);
} catch (SessionNotAvailableException $ex) {
return false;
}
} else {
$token = substr($authHeader, 6);
return $this->validateToken($token);
}
}
