/**
* @param IRequest $request
* @return bool
*/
public static function isBrowserRequest(IRequest $request)
{
if ($request->getMethod() !== 'GET') {
return false;
}
return $request->isUserAgent([Request::USER_AGENT_IE, Request::USER_AGENT_MS_EDGE, Request::USER_AGENT_CHROME, Request::USER_AGENT_FIREFOX, Request::USER_AGENT_SAFARI]);
}
public function __construct(IRequest $request, $baseUri)
{
$this->request = $request;
$this->baseUri = $baseUri;
$root = new RootCollection();
$this->server = new \OCA\DAV\Connector\Sabre\Server($root);
// Backends
$authBackend = new Auth(\OC::$server->getSession(), \OC::$server->getUserSession());
// Set URL explicitly due to reverse-proxy situations
$this->server->httpRequest->setUrl($this->request->getRequestUri());
$this->server->setBaseUri($this->baseUri);
$this->server->addPlugin(new BlockLegacyClientPlugin(\OC::$server->getConfig()));
$this->server->addPlugin(new Plugin($authBackend, 'ownCloud'));
$this->server->addPlugin(new \Sabre\DAVACL\Plugin());
$this->server->addPlugin(new \Sabre\CardDAV\Plugin());
// Finder on OS X requires Class 2 WebDAV support (locking), since we do
// not provide locking we emulate it using a fake locking plugin.
if ($request->isUserAgent(['/WebDAVFS/'])) {
$this->server->addPlugin(new \OCA\DAV\Connector\Sabre\FakeLockerPlugin());
}
// wait with registering these until auth is handled and the filesystem is setup
$this->server->on('beforeMethod', function () {
// custom properties plugin must be the last one
$user = \OC::$server->getUserSession()->getUser();
if (!is_null($user)) {
$this->server->addPlugin(new \Sabre\DAV\PropertyStorage\Plugin(new CustomPropertiesBackend($this->server->tree, \OC::$server->getDatabaseConnection(), \OC::$server->getUserSession()->getUser())));
}
});
}
public function __construct(IRequest $request, $baseUri)
{
$this->request = $request;
$this->baseUri = $baseUri;
$logger = \OC::$server->getLogger();
$mailer = \OC::$server->getMailer();
$dispatcher = \OC::$server->getEventDispatcher();
$root = new RootCollection();
$this->server = new \OCA\DAV\Connector\Sabre\Server($root);
// Backends
$authBackend = new Auth(\OC::$server->getSession(), \OC::$server->getUserSession(), \OC::$server->getRequest());
// Set URL explicitly due to reverse-proxy situations
$this->server->httpRequest->setUrl($this->request->getRequestUri());
$this->server->setBaseUri($this->baseUri);
$this->server->addPlugin(new BlockLegacyClientPlugin(\OC::$server->getConfig()));
$authPlugin = new Plugin($authBackend, 'ownCloud');
$this->server->addPlugin($authPlugin);
// allow setup of additional auth backends
$event = new SabrePluginEvent($this->server);
$dispatcher->dispatch('OCA\\DAV\\Connector\\Sabre::authInit', $event);
$this->server->addPlugin(new \OCA\DAV\Connector\Sabre\DummyGetResponsePlugin());
$this->server->addPlugin(new \OCA\DAV\Connector\Sabre\ExceptionLoggerPlugin('webdav', $logger));
$this->server->addPlugin(new \OCA\DAV\Connector\Sabre\LockPlugin());
$this->server->addPlugin(new \Sabre\DAV\Sync\Plugin());
// acl
$acl = new DavAclPlugin();
$acl->defaultUsernamePath = 'principals/users';
$this->server->addPlugin($acl);
// calendar plugins
$this->server->addPlugin(new \Sabre\CalDAV\Plugin());
$this->server->addPlugin(new \Sabre\CalDAV\ICSExportPlugin());
$this->server->addPlugin(new \Sabre\CalDAV\Schedule\Plugin());
$this->server->addPlugin(new IMipPlugin($mailer, $logger));
$this->server->addPlugin(new \Sabre\CalDAV\Subscriptions\Plugin());
$this->server->addPlugin(new \Sabre\CalDAV\Notifications\Plugin());
$this->server->addPlugin(new DAV\Sharing\Plugin($authBackend, \OC::$server->getRequest()));
// addressbook plugins
$this->server->addPlugin(new \OCA\DAV\CardDAV\Plugin());
// system tags plugins
$this->server->addPlugin(new \OCA\DAV\SystemTag\SystemTagPlugin(\OC::$server->getSystemTagManager(), \OC::$server->getGroupManager(), \OC::$server->getUserSession()));
// comments plugin
$this->server->addPlugin(new \OCA\DAV\Comments\CommentsPlugin(\OC::$server->getCommentsManager(), \OC::$server->getUserSession()));
// Some WebDAV clients do require Class 2 WebDAV support (locking), since
// we do not provide locking we emulate it using a fake locking plugin.
if ($request->isUserAgent(['/WebDAVFS/', '/Microsoft Office OneNote 2013/'])) {
$this->server->addPlugin(new \OCA\DAV\Connector\Sabre\FakeLockerPlugin());
}
// wait with registering these until auth is handled and the filesystem is setup
$this->server->on('beforeMethod', function () {
// custom properties plugin must be the last one
$user = \OC::$server->getUserSession()->getUser();
if (!is_null($user)) {
$view = \OC\Files\Filesystem::getView();
$this->server->addPlugin(new FilesPlugin($this->server->tree, $view));
$this->server->addPlugin(new \Sabre\DAV\PropertyStorage\Plugin(new CustomPropertiesBackend($this->server->tree, \OC::$server->getDatabaseConnection(), \OC::$server->getUserSession()->getUser())));
}
});
}
/**
* @param string $baseUri
* @param string $requestUri
* @param BackendInterface $authBackend
* @param callable $viewCallBack callback that should return the view for the dav endpoint
* @return Server
*/
public function createServer($baseUri, $requestUri, BackendInterface $authBackend, callable $viewCallBack)
{
// Fire up server
$objectTree = new \OCA\DAV\Connector\Sabre\ObjectTree();
$server = new \OCA\DAV\Connector\Sabre\Server($objectTree);
// Set URL explicitly due to reverse-proxy situations
$server->httpRequest->setUrl($requestUri);
$server->setBaseUri($baseUri);
// Load plugins
$defaults = new \OC_Defaults();
$server->addPlugin(new \OCA\DAV\Connector\Sabre\MaintenancePlugin($this->config));
$server->addPlugin(new \OCA\DAV\Connector\Sabre\BlockLegacyClientPlugin($this->config));
$server->addPlugin(new \Sabre\DAV\Auth\Plugin($authBackend, $defaults->getName()));
// FIXME: The following line is a workaround for legacy components relying on being able to send a GET to /
$server->addPlugin(new \OCA\DAV\Connector\Sabre\DummyGetResponsePlugin());
$server->addPlugin(new \OCA\DAV\Connector\Sabre\ExceptionLoggerPlugin('webdav', $this->logger));
$server->addPlugin(new \OCA\DAV\Connector\Sabre\LockPlugin());
// Some WebDAV clients do require Class 2 WebDAV support (locking), since
// we do not provide locking we emulate it using a fake locking plugin.
if ($this->request->isUserAgent(['/WebDAVFS/', '/Microsoft Office OneNote 2013/', '/Microsoft-WebDAV-MiniRedir/'])) {
$server->addPlugin(new \OCA\DAV\Connector\Sabre\FakeLockerPlugin());
}
if (BrowserErrorPagePlugin::isBrowserRequest($this->request)) {
$server->addPlugin(new BrowserErrorPagePlugin());
}
// wait with registering these until auth is handled and the filesystem is setup
$server->on('beforeMethod', function () use($server, $objectTree, $viewCallBack) {
// ensure the skeleton is copied
$userFolder = \OC::$server->getUserFolder();
/** @var \OC\Files\View $view */
$view = $viewCallBack($server);
$rootInfo = $view->getFileInfo('');
// Create ownCloud Dir
if ($rootInfo->getType() === 'dir') {
$root = new \OCA\DAV\Connector\Sabre\Directory($view, $rootInfo, $objectTree);
} else {
$root = new \OCA\DAV\Connector\Sabre\File($view, $rootInfo);
}
$objectTree->init($root, $view, $this->mountManager);
$server->addPlugin(new \OCA\DAV\Connector\Sabre\FilesPlugin($objectTree, $view, $this->config, false, !$this->config->getSystemValue('debug', false)));
$server->addPlugin(new \OCA\DAV\Connector\Sabre\QuotaPlugin($view));
if ($this->userSession->isLoggedIn()) {
$server->addPlugin(new \OCA\DAV\Connector\Sabre\TagsPlugin($objectTree, $this->tagManager));
$server->addPlugin(new \OCA\DAV\Connector\Sabre\SharesPlugin($objectTree, $this->userSession, $userFolder, \OC::$server->getShareManager()));
$server->addPlugin(new \OCA\DAV\Connector\Sabre\CommentPropertiesPlugin(\OC::$server->getCommentsManager(), $this->userSession));
$server->addPlugin(new \OCA\DAV\Connector\Sabre\FilesReportPlugin($objectTree, $view, \OC::$server->getSystemTagManager(), \OC::$server->getSystemTagObjectMapper(), $this->userSession, \OC::$server->getGroupManager(), $userFolder));
// custom properties plugin must be the last one
$server->addPlugin(new \Sabre\DAV\PropertyStorage\Plugin(new \OCA\DAV\Connector\Sabre\CustomPropertiesBackend($objectTree, $this->databaseConnection, $this->userSession->getUser())));
}
$server->addPlugin(new \OCA\DAV\Connector\Sabre\CopyEtagHeaderPlugin());
}, 30);
// priority 30: after auth (10) and acl(20), before lock(50) and handling the request
return $server;
}
public function __construct(IRequest $request, $baseUri)
{
$this->request = $request;
$this->baseUri = $baseUri;
$logger = \OC::$server->getLogger();
$dispatcher = \OC::$server->getEventDispatcher();
$root = new RootCollection();
$this->server = new \OCA\DAV\Connector\Sabre\Server($root);
// Backends
$authBackend = new Auth(\OC::$server->getSession(), \OC::$server->getUserSession());
// Set URL explicitly due to reverse-proxy situations
$this->server->httpRequest->setUrl($this->request->getRequestUri());
$this->server->setBaseUri($this->baseUri);
$this->server->addPlugin(new BlockLegacyClientPlugin(\OC::$server->getConfig()));
$this->server->addPlugin(new Plugin($authBackend, 'ownCloud'));
$this->server->addPlugin(new \OCA\DAV\Connector\Sabre\DummyGetResponsePlugin());
$this->server->addPlugin(new \OCA\DAV\Connector\Sabre\ExceptionLoggerPlugin('webdav', $logger));
$this->server->addPlugin(new \OCA\DAV\Connector\Sabre\LockPlugin());
$this->server->addPlugin(new \OCA\DAV\Connector\Sabre\ListenerPlugin($dispatcher));
$this->server->addPlugin(new \Sabre\DAV\Sync\Plugin());
// acl
$acl = new \Sabre\DAVACL\Plugin();
$acl->defaultUsernamePath = 'principals/users';
$this->server->addPlugin($acl);
// calendar plugins
$this->server->addPlugin(new \Sabre\CalDAV\Plugin());
$this->server->addPlugin(new \Sabre\CalDAV\ICSExportPlugin());
$senderEmail = \OCP\Util::getDefaultEmailAddress('no-reply');
$this->server->addPlugin(new \Sabre\CalDAV\Schedule\Plugin());
$this->server->addPlugin(new \Sabre\CalDAV\Schedule\IMipPlugin($senderEmail));
$this->server->addPlugin(new \Sabre\CalDAV\SharingPlugin());
$this->server->addPlugin(new \Sabre\CalDAV\Subscriptions\Plugin());
$this->server->addPlugin(new \Sabre\CalDAV\Notifications\Plugin());
$this->server->addPlugin(new CardDAV\Sharing\Plugin($authBackend, \OC::$server->getRequest()));
// addressbook plugins
$this->server->addPlugin(new \OCA\DAV\CardDAV\Plugin());
// system tags plugins
$this->server->addPlugin(new \OCA\DAV\SystemTag\SystemTagPlugin(\OC::$server->getSystemTagManager()));
// Finder on OS X requires Class 2 WebDAV support (locking), since we do
// not provide locking we emulate it using a fake locking plugin.
if ($request->isUserAgent(['/WebDAVFS/'])) {
$this->server->addPlugin(new \OCA\DAV\Connector\Sabre\FakeLockerPlugin());
}
// wait with registering these until auth is handled and the filesystem is setup
$this->server->on('beforeMethod', function () {
// custom properties plugin must be the last one
$user = \OC::$server->getUserSession()->getUser();
if (!is_null($user)) {
$this->server->addPlugin(new \Sabre\DAV\PropertyStorage\Plugin(new CustomPropertiesBackend($this->server->tree, \OC::$server->getDatabaseConnection(), \OC::$server->getUserSession()->getUser())));
}
});
}
/**
* @param string $baseUri
* @param string $requestUri
* @param BackendInterface $authBackend
* @param callable $viewCallBack callback that should return the view for the dav endpoint
* @return Server
*/
public function createServer($baseUri, $requestUri, BackendInterface $authBackend, callable $viewCallBack)
{
// Fire up server
$objectTree = new \OC\Connector\Sabre\ObjectTree();
$server = new \OC\Connector\Sabre\Server($objectTree);
// Set URL explicitly due to reverse-proxy situations
$server->httpRequest->setUrl($requestUri);
$server->setBaseUri($baseUri);
// Load plugins
$defaults = new \OC_Defaults();
$server->addPlugin(new \OC\Connector\Sabre\MaintenancePlugin($this->config));
$server->addPlugin(new \OC\Connector\Sabre\BlockLegacyClientPlugin($this->config));
$server->addPlugin(new \Sabre\DAV\Auth\Plugin($authBackend, $defaults->getName()));
// FIXME: The following line is a workaround for legacy components relying on being able to send a GET to /
$server->addPlugin(new \OC\Connector\Sabre\DummyGetResponsePlugin());
$server->addPlugin(new \OC\Connector\Sabre\ExceptionLoggerPlugin('webdav', $this->logger));
$server->addPlugin(new \OC\Connector\Sabre\LockPlugin($objectTree));
$server->addPlugin(new \OC\Connector\Sabre\ListenerPlugin($this->dispatcher));
// Finder on OS X requires Class 2 WebDAV support (locking), since we do
// not provide locking we emulate it using a fake locking plugin.
if ($this->request->isUserAgent(['/WebDAVFS/'])) {
$server->addPlugin(new \OC\Connector\Sabre\FakeLockerPlugin());
}
// wait with registering these until auth is handled and the filesystem is setup
$server->on('beforeMethod', function () use($server, $objectTree, $viewCallBack) {
/** @var \OC\Files\View $view */
$view = $viewCallBack();
$rootInfo = $view->getFileInfo('');
// Create ownCloud Dir
if ($rootInfo->getType() === 'dir') {
$root = new \OC\Connector\Sabre\Directory($view, $rootInfo);
} else {
$root = new \OC\Connector\Sabre\File($view, $rootInfo);
}
$objectTree->init($root, $view, $this->mountManager);
$server->addPlugin(new \OC\Connector\Sabre\FilesPlugin($objectTree, $view));
$server->addPlugin(new \OC\Connector\Sabre\QuotaPlugin($view));
if ($this->userSession->isLoggedIn()) {
$server->addPlugin(new \OC\Connector\Sabre\TagsPlugin($objectTree, $this->tagManager));
// custom properties plugin must be the last one
$server->addPlugin(new \Sabre\DAV\PropertyStorage\Plugin(new \OC\Connector\Sabre\CustomPropertiesBackend($objectTree, $this->databaseConnection, $this->userSession->getUser())));
}
$server->addPlugin(new \OC\Connector\Sabre\CopyEtagHeaderPlugin());
}, 30);
// priority 30: after auth (10) and acl(20), before lock(50) and handling the request
return $server;
}
/**
* Checks whether a CSRF check is required on the request
*
* @return bool
*/
private function requiresCSRFCheck()
{
// GET requires no check at all
if ($this->request->getMethod() === 'GET') {
return false;
}
// Official ownCloud clients require no checks
if ($this->request->isUserAgent([Request::USER_AGENT_OWNCLOUD_DESKTOP, Request::USER_AGENT_OWNCLOUD_ANDROID, Request::USER_AGENT_OWNCLOUD_IOS])) {
return false;
}
// If not logged-in no check is required
if (!$this->userSession->isLoggedIn()) {
return false;
}
// POST always requires a check
if ($this->request->getMethod() === 'POST') {
return true;
}
// If logged-in AND DAV authenticated no check is required
if ($this->userSession->isLoggedIn() && $this->isDavAuthenticated($this->userSession->getUser()->getUID())) {
return false;
}
return true;
}
/**
* @NoCSRFRequired
* @NoAdminRequired
*
* @param string $dir
* @param string $view
* @return TemplateResponse
* @throws \OCP\Files\NotFoundException
*/
public function index($dir = '', $view = '')
{
$nav = new \OCP\Template('files', 'appnavigation', '');
// Load the files we need
\OCP\Util::addStyle('files', 'files');
\OCP\Util::addStyle('files', 'upload');
\OCP\Util::addStyle('files', 'mobile');
\OCP\Util::addscript('files', 'app');
\OCP\Util::addscript('files', 'file-upload');
\OCP\Util::addscript('files', 'newfilemenu');
\OCP\Util::addscript('files', 'jquery.iframe-transport');
\OCP\Util::addscript('files', 'jquery.fileupload');
\OCP\Util::addscript('files', 'jquery-visibility');
\OCP\Util::addscript('files', 'fileinfomodel');
\OCP\Util::addscript('files', 'filesummary');
\OCP\Util::addscript('files', 'breadcrumb');
\OCP\Util::addscript('files', 'filelist');
\OCP\Util::addscript('files', 'search');
\OCP\Util::addScript('files', 'favoritesfilelist');
\OCP\Util::addScript('files', 'tagsplugin');
\OCP\Util::addScript('files', 'favoritesplugin');
\OCP\Util::addScript('files', 'detailfileinfoview');
\OCP\Util::addScript('files', 'detailtabview');
\OCP\Util::addScript('files', 'mainfileinfodetailview');
\OCP\Util::addScript('files', 'detailsview');
\OCP\Util::addStyle('files', 'detailsView');
\OC_Util::addVendorScript('core', 'handlebars/handlebars');
\OCP\Util::addscript('files', 'fileactions');
\OCP\Util::addscript('files', 'fileactionsmenu');
\OCP\Util::addscript('files', 'files');
\OCP\Util::addscript('files', 'keyboardshortcuts');
\OCP\Util::addscript('files', 'navigation');
// if IE8 and "?dir=path&view=someview" was specified, reformat the URL to use a hash like "#?dir=path&view=someview"
$isIE8 = $this->request->isUserAgent([Request::USER_AGENT_IE_8]);
if ($isIE8 && ($dir !== '' || $view !== '')) {
$dir = !empty($dir) ? $dir : '/';
$view = !empty($view) ? $view : 'files';
$hash = '#?dir=' . \OCP\Util::encodePath($dir);
if ($view !== 'files') {
$hash .= '&view=' . urlencode($view);
}
return new RedirectResponse($this->urlGenerator->linkToRoute('files.view.index') . $hash);
}
// mostly for the home storage's free space
// FIXME: Make non static
$storageInfo = $this->getStorageInfo();
\OCA\Files\App::getNavigationManager()->add(['id' => 'favorites', 'appname' => 'files', 'script' => 'simplelist.php', 'order' => 5, 'name' => $this->l10n->t('Favorites')]);
$navItems = \OCA\Files\App::getNavigationManager()->getAll();
usort($navItems, function ($item1, $item2) {
return $item1['order'] - $item2['order'];
});
$nav->assign('navigationItems', $navItems);
$contentItems = [];
// render the container content for every navigation item
foreach ($navItems as $item) {
$content = '';
if (isset($item['script'])) {
$content = $this->renderScript($item['appname'], $item['script']);
}
$contentItem = [];
$contentItem['id'] = $item['id'];
$contentItem['content'] = $content;
$contentItems[] = $contentItem;
}
$this->eventDispatcher->dispatch('OCA\\Files::loadAdditionalScripts');
$params = [];
$params['usedSpacePercent'] = (int) $storageInfo['relative'];
$params['owner'] = $storageInfo['owner'];
$params['ownerDisplayName'] = $storageInfo['ownerDisplayName'];
$params['isPublic'] = false;
$params['mailNotificationEnabled'] = $this->config->getAppValue('core', 'shareapi_allow_mail_notification', 'no');
$params['mailPublicNotificationEnabled'] = $this->config->getAppValue('core', 'shareapi_allow_public_notification', 'no');
$params['allowShareWithLink'] = $this->config->getAppValue('core', 'shareapi_allow_links', 'yes');
$params['appNavigation'] = $nav;
$params['appContents'] = $contentItems;
$this->navigationManager->setActiveEntry('files_index');
$response = new TemplateResponse($this->appName, 'index', $params);
$policy = new ContentSecurityPolicy();
$policy->addAllowedFrameDomain('\'self\'');
$response->setContentSecurityPolicy($policy);
return $response;
}
/**
* Add headers to file download
*
* @param RequestInterface $request
* @param ResponseInterface $response
*/
function httpGet(RequestInterface $request, ResponseInterface $response)
{
// Only handle valid files
$node = $this->tree->getNodeForPath($request->getPath());
if (!$node instanceof IFile) {
return;
}
// adds a 'Content-Disposition: attachment' header
if ($this->downloadAttachment) {
$filename = $node->getName();
if ($this->request->isUserAgent([\OC\AppFramework\Http\Request::USER_AGENT_IE, \OC\AppFramework\Http\Request::USER_AGENT_ANDROID_MOBILE_CHROME, \OC\AppFramework\Http\Request::USER_AGENT_FREEBOX])) {
$response->addHeader('Content-Disposition', 'attachment; filename="' . rawurlencode($filename) . '"');
} else {
$response->addHeader('Content-Disposition', 'attachment; filename*=UTF-8\'\'' . rawurlencode($filename) . '; filename="' . rawurlencode($filename) . '"');
}
}
if ($node instanceof \OCA\DAV\Connector\Sabre\File) {
//Add OC-Checksum header
/** @var $node File */
$checksum = $node->getChecksum();
if ($checksum !== null && $checksum !== '') {
$response->addHeader('OC-Checksum', $checksum);
}
}
}
