Exemplo n.º 1
0
 /**
  * Handles POST requests for tree operations not handled in the SabreDAV parent clas
  *
  * @param RequestInterface $request
  * @param ResponseInterface $response
  * @return bool
  */
 public function httpPOSTExtra(RequestInterface $request, ResponseInterface $response)
 {
     $contentType = $request->getHeader('Content-Type');
     list($contentType) = explode(';', $contentType);
     if ($contentType !== 'application/x-www-form-urlencoded' && $contentType !== 'multipart/form-data') {
         return;
     }
     $postVars = $request->getPostData();
     if (!isset($postVars['sabreActionExtra'])) {
         return;
     }
     $uri = $request->getPath();
     switch ($postVars['sabreActionExtra']) {
         case 'del':
             if (isset($postVars['path'])) {
                 // Using basename() because we won't allow slashes
                 list(, $Name) = \Sabre\HTTP\URLUtil::splitPath(trim($postVars['path']));
                 if (!empty($Name) && $this->config->browserplugin_enable_delete === true) {
                     $this->server->tree->delete($uri . '/' . $Name);
                 }
             }
             break;
     }
     $response->setHeader('Location', $request->getUrl());
     $response->setStatus(302);
     return false;
 }
Exemplo n.º 2
0
 /**
  * Intercepts GET requests on addressbook urls ending with ?export.
  *
  * @param RequestInterface $request
  * @param ResponseInterface $response
  * @return bool
  */
 function httpGet(RequestInterface $request, ResponseInterface $response)
 {
     $queryParams = $request->getQueryParameters();
     if (!array_key_exists('export', $queryParams)) {
         return;
     }
     $path = $request->getPath();
     $node = $this->server->tree->getNodeForPath($path);
     if (!$node instanceof IAddressBook) {
         return;
     }
     $this->server->transactionType = 'get-addressbook-export';
     // Checking ACL, if available.
     if ($aclPlugin = $this->server->getPlugin('acl')) {
         $aclPlugin->checkPrivileges($path, '{DAV:}read');
     }
     $nodes = $this->server->getPropertiesForPath($path, ['{' . Plugin::NS_CARDDAV . '}address-data'], 1);
     $format = 'text/directory';
     $output = null;
     $filenameExtension = null;
     switch ($format) {
         case 'text/directory':
             $output = $this->generateVCF($nodes);
             $filenameExtension = '.vcf';
             break;
     }
     $filename = preg_replace('/[^a-zA-Z0-9-_ ]/um', '', $node->getName());
     $filename .= '-' . date('Y-m-d') . $filenameExtension;
     $response->setHeader('Content-Disposition', 'attachment; filename="' . $filename . '"');
     $response->setHeader('Content-Type', $format);
     $response->setStatus(200);
     $response->setBody($output);
     // Returning false to break the event chain
     return false;
 }
Exemplo n.º 3
0
 /**
  * After method, copy the "Etag" header to "OC-Etag" header.
  *
  * @param RequestInterface $request request
  * @param ResponseInterface $response response
  */
 public function afterMethod(RequestInterface $request, ResponseInterface $response)
 {
     $eTag = $response->getHeader('Etag');
     if (!empty($eTag)) {
         $response->setHeader('OC-ETag', $eTag);
     }
 }
Exemplo n.º 4
0
 /**
  * Intercepts GET requests on addressbook urls ending with ?photo.
  *
  * @param RequestInterface $request
  * @param ResponseInterface $response
  * @return bool|void
  */
 function httpGet(RequestInterface $request, ResponseInterface $response)
 {
     $queryParams = $request->getQueryParameters();
     // TODO: in addition to photo we should also add logo some point in time
     if (!array_key_exists('photo', $queryParams)) {
         return true;
     }
     $path = $request->getPath();
     $node = $this->server->tree->getNodeForPath($path);
     if (!$node instanceof Card) {
         return true;
     }
     $this->server->transactionType = 'carddav-image-export';
     // Checking ACL, if available.
     if ($aclPlugin = $this->server->getPlugin('acl')) {
         /** @var \Sabre\DAVACL\Plugin $aclPlugin */
         $aclPlugin->checkPrivileges($path, '{DAV:}read');
     }
     if ($result = $this->getPhoto($node)) {
         $response->setHeader('Content-Type', $result['Content-Type']);
         $response->setStatus(200);
         $response->setBody($result['body']);
         // Returning false to break the event chain
         return false;
     }
     return true;
 }
Exemplo n.º 5
0
 /**
  * @param RequestInterface $request
  * @param ResponseInterface $response
  * @return false
  */
 function httpGet(RequestInterface $request, ResponseInterface $response)
 {
     $string = 'This is the WebDAV interface. It can only be accessed by ' . 'WebDAV clients such as the WebDAV Nav sync client.';
     $stream = fopen('php://memory', 'r+');
     fwrite($stream, $string);
     rewind($stream);
     $response->setBody($stream);
     return false;
 }
Exemplo n.º 6
0
 /**
  * Plugin that adds a 'Content-Disposition: attachment' header to all files
  * delivered by SabreDAV.
  * @param RequestInterface $request
  * @param ResponseInterface $response
  */
 function httpGet(RequestInterface $request, ResponseInterface $response)
 {
     // Only handle valid files
     $node = $this->tree->getNodeForPath($request->getPath());
     if (!$node instanceof IFile) {
         return;
     }
     $response->addHeader('Content-Disposition', 'attachment');
 }
Exemplo n.º 7
0
 /**
  * Generates the davmount response
  *
  * @param string $uri absolute uri
  * @return void
  */
 function davMount(ResponseInterface $response, $uri)
 {
     $response->setStatus(200);
     $response->setHeader('Content-Type', 'application/davmount+xml');
     ob_start();
     echo '<?xml version="1.0"?>', "\n";
     echo "<dm:mount xmlns:dm=\"http://purl.org/NET/webdav/mount\">\n";
     echo "  <dm:url>", htmlspecialchars($uri, ENT_NOQUOTES, 'UTF-8'), "</dm:url>\n";
     echo "</dm:mount>";
     $response->setBody(ob_get_clean());
 }
Exemplo n.º 8
0
 /**
  * We intercept this to handle POST requests on calendars.
  *
  * @param RequestInterface $request
  * @param ResponseInterface $response
  * @return null|bool
  */
 function httpPost(RequestInterface $request, ResponseInterface $response)
 {
     $path = $request->getPath();
     // Only handling xml
     $contentType = $request->getHeader('Content-Type');
     if (strpos($contentType, 'application/xml') === false && strpos($contentType, 'text/xml') === false) {
         return;
     }
     // Making sure the node exists
     try {
         $node = $this->server->tree->getNodeForPath($path);
     } catch (NotFound $e) {
         return;
     }
     // CSRF protection
     $this->protectAgainstCSRF();
     $requestBody = $request->getBodyAsString();
     // If this request handler could not deal with this POST request, it
     // will return 'null' and other plugins get a chance to handle the
     // request.
     //
     // However, we already requested the full body. This is a problem,
     // because a body can only be read once. This is why we preemptively
     // re-populated the request body with the existing data.
     $request->setBody($requestBody);
     $dom = XMLUtil::loadDOMDocument($requestBody);
     $documentType = XMLUtil::toClarkNotation($dom->firstChild);
     switch ($documentType) {
         // Dealing with the 'share' document, which modified invitees on a
         // calendar.
         case '{' . \Sabre\CardDAV\Plugin::NS_CARDDAV . '}share':
             // We can only deal with IShareableCalendar objects
             if (!$node instanceof IShareableAddressBook) {
                 return;
             }
             $this->server->transactionType = 'post-calendar-share';
             // Getting ACL info
             $acl = $this->server->getPlugin('acl');
             // If there's no ACL support, we allow everything
             if ($acl) {
                 $acl->checkPrivileges($path, '{DAV:}write');
             }
             $mutations = $this->parseShareRequest($dom);
             $node->updateShares($mutations[0], $mutations[1]);
             $response->setStatus(200);
             // Adding this because sending a response body may cause issues,
             // and I wanted some type of indicator the response was handled.
             $response->setHeader('X-Sabre-Status', 'everything-went-well');
             // Breaking the event chain
             return false;
     }
 }
 /**
  * Intercepts GET requests on addressbook urls ending with ?export.
  *
  * @param RequestInterface $request
  * @param ResponseInterface $response
  * @return bool
  */
 function httpGet(RequestInterface $request, ResponseInterface $response)
 {
     $queryParams = $request->getQueryParameters();
     if (!array_key_exists('export', $queryParams)) {
         return;
     }
     $path = $request->getPath();
     $node = $this->server->tree->getNodeForPath($path);
     if (!$node instanceof IAddressBook) {
         return;
     }
     $this->server->transactionType = 'get-addressbook-export';
     // Checking ACL, if available.
     if ($aclPlugin = $this->server->getPlugin('acl')) {
         $aclPlugin->checkPrivileges($path, '{DAV:}read');
     }
     $response->setHeader('Content-Type', 'text/directory');
     $response->setStatus(200);
     $nodes = $this->server->getPropertiesForPath($path, ['{' . Plugin::NS_CARDDAV . '}address-data'], 1);
     $response->setBody($this->generateVCF($nodes));
     // Returning false to break the event chain
     return false;
 }
Exemplo n.º 10
0
 /**
  * This event is triggered after GET requests.
  *
  * This is used to transform data into jCal, if this was requested.
  *
  * @param RequestInterface $request
  * @param ResponseInterface $response
  * @return void
  */
 function httpAfterGet(RequestInterface $request, ResponseInterface $response)
 {
     if (strpos($response->getHeader('Content-Type'), 'text/vcard') === false) {
         return;
     }
     $target = $this->negotiateVCard($request->getHeader('Accept'), $mimeType);
     $newBody = $this->convertVCard($response->getBody(), $target);
     $response->setBody($newBody);
     $response->setHeader('Content-Type', $mimeType . '; charset=utf-8');
     $response->setHeader('Content-Length', strlen($newBody));
 }
Exemplo n.º 11
0
 /**
  * WebDAV HTTP COPY method
  *
  * This method copies one uri to a different uri, and works much like the MOVE request
  * A lot of the actual request processing is done in getCopyMoveInfo
  *
  * @param RequestInterface $request
  * @param ResponseInterface $response
  * @return bool
  */
 function httpCopy(RequestInterface $request, ResponseInterface $response)
 {
     $path = $request->getPath();
     $copyInfo = $this->server->getCopyAndMoveInfo($request);
     if ($copyInfo['destinationExists']) {
         if (!$this->server->emit('beforeUnbind', [$copyInfo['destination']])) {
             return false;
         }
         $this->server->tree->delete($copyInfo['destination']);
     }
     if (!$this->server->emit('beforeBind', [$copyInfo['destination']])) {
         return false;
     }
     $this->server->tree->copy($path, $copyInfo['destination']);
     $this->server->emit('afterBind', [$copyInfo['destination']]);
     // If a resource was overwritten we should send a 204, otherwise a 201
     $response->setHeader('Content-Length', '0');
     $response->setStatus($copyInfo['destinationExists'] ? 204 : 201);
     // Sending back false will interupt the event chain and tell the server
     // we've handled this method.
     return false;
 }
Exemplo n.º 12
0
 /**
  * This event is triggered after GET requests.
  *
  * This is used to transform data into jCal, if this was requested.
  *
  * @param RequestInterface $request
  * @param ResponseInterface $response
  * @return void
  */
 function httpAfterGet(RequestInterface $request, ResponseInterface $response)
 {
     if (strpos($response->getHeader('Content-Type'), 'text/calendar') === false) {
         return;
     }
     $result = HTTP\Util::negotiate($request->getHeader('Accept'), ['text/calendar', 'application/calendar+json']);
     if ($result !== 'application/calendar+json') {
         // Do nothing
         return;
     }
     // Transforming.
     $vobj = VObject\Reader::read($response->getBody());
     $jsonBody = json_encode($vobj->jsonSerialize());
     $response->setBody($jsonBody);
     $response->setHeader('Content-Type', 'application/calendar+json');
     $response->setHeader('Content-Length', strlen($jsonBody));
 }
Exemplo n.º 13
0
 /**
  * This method is responsible for generating the actual, full response.
  *
  * @param string $path
  * @param DateTime|null $start
  * @param DateTime|null $end
  * @param bool $expand
  * @param string $componentType
  * @param string $format
  * @param array $properties
  * @param ResponseInterface $response
  */
 protected function generateResponse($path, $start, $end, $expand, $componentType, $format, $properties, ResponseInterface $response)
 {
     $calDataProp = '{' . Plugin::NS_CALDAV . '}calendar-data';
     $blobs = [];
     if ($start || $end || $componentType) {
         // If there was a start or end filter, we need to enlist
         // calendarQuery for speed.
         $calendarNode = $this->server->tree->getNodeForPath($path);
         $queryResult = $calendarNode->calendarQuery(['name' => 'VCALENDAR', 'comp-filters' => [['name' => $componentType, 'comp-filters' => [], 'prop-filters' => [], 'is-not-defined' => false, 'time-range' => ['start' => $start, 'end' => $end]]], 'prop-filters' => [], 'is-not-defined' => false, 'time-range' => null]);
         // queryResult is just a list of base urls. We need to prefix the
         // calendar path.
         $queryResult = array_map(function ($item) use($path) {
             return $path . '/' . $item;
         }, $queryResult);
         $nodes = $this->server->getPropertiesForMultiplePaths($queryResult, [$calDataProp]);
         unset($queryResult);
     } else {
         $nodes = $this->server->getPropertiesForPath($path, [$calDataProp], 1);
     }
     // Flattening the arrays
     foreach ($nodes as $node) {
         if (isset($node[200][$calDataProp])) {
             $blobs[$node['href']] = $node[200][$calDataProp];
         }
     }
     unset($nodes);
     $mergedCalendar = $this->mergeObjects($properties, $blobs);
     if ($expand) {
         $calendarTimeZone = null;
         // We're expanding, and for that we need to figure out the
         // calendar's timezone.
         $tzProp = '{' . Plugin::NS_CALDAV . '}calendar-timezone';
         $tzResult = $this->server->getProperties($path, [$tzProp]);
         if (isset($tzResult[$tzProp])) {
             // This property contains a VCALENDAR with a single
             // VTIMEZONE.
             $vtimezoneObj = VObject\Reader::read($tzResult[$tzProp]);
             $calendarTimeZone = $vtimezoneObj->VTIMEZONE->getTimeZone();
             // Destroy circular references to PHP will GC the object.
             $vtimezoneObj->destroy();
             unset($vtimezoneObj);
         } else {
             // Defaulting to UTC.
             $calendarTimeZone = new DateTimeZone('UTC');
         }
         $mergedCalendar->expand($start, $end, $calendarTimeZone);
     }
     $response->setHeader('Content-Type', $format);
     switch ($format) {
         case 'text/calendar':
             $mergedCalendar = $mergedCalendar->serialize();
             break;
         case 'application/calendar+json':
             $mergedCalendar = json_encode($mergedCalendar->jsonSerialize());
             break;
     }
     $response->setStatus(200);
     $response->setBody($mergedCalendar);
 }
Exemplo n.º 14
0
 /**
  * Unlocks a uri
  *
  * This WebDAV method allows you to remove a lock from a node. The client should provide a valid locktoken through the Lock-token http header
  * The server should return 204 (No content) on success
  *
  * @param RequestInterface $request
  * @param ResponseInterface $response
  * @return void
  */
 function httpUnlock(RequestInterface $request, ResponseInterface $response)
 {
     $lockToken = $request->getHeader('Lock-Token');
     // If the locktoken header is not supplied, we need to throw a bad request exception
     if (!$lockToken) {
         throw new DAV\Exception\BadRequest('No lock token was supplied');
     }
     $path = $request->getPath();
     $locks = $this->getLocks($path);
     // Windows sometimes forgets to include < and > in the Lock-Token
     // header
     if ($lockToken[0] !== '<') {
         $lockToken = '<' . $lockToken . '>';
     }
     foreach ($locks as $lock) {
         if ('<opaquelocktoken:' . $lock->token . '>' == $lockToken) {
             $this->unlockNode($path, $lock);
             $response->setHeader('Content-Length', '0');
             $response->setStatus(204);
             // Returning false will break the method chain, and mark the
             // method as 'handled'.
             return false;
         }
     }
     // If we got here, it means the locktoken was invalid
     throw new DAV\Exception\LockTokenMatchesRequestUri();
 }
Exemplo n.º 15
0
 /**
  * Handles POST requests for tree operations.
  *
  * @param RequestInterface $request
  * @param ResponseInterface $response
  * @return bool
  */
 function httpPOST(RequestInterface $request, ResponseInterface $response)
 {
     $contentType = $request->getHeader('Content-Type');
     list($contentType) = explode(';', $contentType);
     if ($contentType !== 'application/x-www-form-urlencoded' && $contentType !== 'multipart/form-data') {
         return;
     }
     $postVars = $request->getPostData();
     if (!isset($postVars['sabreAction'])) {
         return;
     }
     $uri = $request->getPath();
     if ($this->server->emit('onBrowserPostAction', [$uri, $postVars['sabreAction'], $postVars])) {
         switch ($postVars['sabreAction']) {
             case 'mkcol':
                 if (isset($postVars['name']) && trim($postVars['name'])) {
                     // Using basename() because we won't allow slashes
                     list(, $folderName) = URLUtil::splitPath(trim($postVars['name']));
                     $this->server->createDirectory($uri . '/' . $folderName);
                 }
                 break;
                 // @codeCoverageIgnoreStart
             // @codeCoverageIgnoreStart
             case 'put':
                 if ($_FILES) {
                     $file = current($_FILES);
                 } else {
                     break;
                 }
                 list(, $newName) = URLUtil::splitPath(trim($file['name']));
                 if (isset($postVars['name']) && trim($postVars['name'])) {
                     $newName = trim($postVars['name']);
                 }
                 // Making sure we only have a 'basename' component
                 list(, $newName) = URLUtil::splitPath($newName);
                 if (is_uploaded_file($file['tmp_name'])) {
                     $this->server->createFile($uri . '/' . $newName, fopen($file['tmp_name'], 'r'));
                 }
                 break;
                 // @codeCoverageIgnoreEnd
         }
     }
     $response->setHeader('Location', $request->getUrl());
     $response->setStatus(302);
     return false;
 }
Exemplo n.º 16
0
 /**
  * This method is responsible for parsing a free-busy query request and
  * returning it's result.
  *
  * @param IOutbox $outbox
  * @param VObject\Component $vObject
  * @param RequestInterface $request
  * @param ResponseInterface $response
  * @return string
  */
 protected function handleFreeBusyRequest(IOutbox $outbox, VObject\Component $vObject, RequestInterface $request, ResponseInterface $response)
 {
     $vFreeBusy = $vObject->VFREEBUSY;
     $organizer = $vFreeBusy->organizer;
     $organizer = (string) $organizer;
     // Validating if the organizer matches the owner of the inbox.
     $owner = $outbox->getOwner();
     $caldavNS = '{' . self::NS_CALDAV . '}';
     $uas = $caldavNS . 'calendar-user-address-set';
     $props = $this->server->getProperties($owner, [$uas]);
     if (empty($props[$uas]) || !in_array($organizer, $props[$uas]->getHrefs())) {
         throw new Forbidden('The organizer in the request did not match any of the addresses for the owner of this inbox');
     }
     if (!isset($vFreeBusy->ATTENDEE)) {
         throw new BadRequest('You must at least specify 1 attendee');
     }
     $attendees = [];
     foreach ($vFreeBusy->ATTENDEE as $attendee) {
         $attendees[] = (string) $attendee;
     }
     if (!isset($vFreeBusy->DTSTART) || !isset($vFreeBusy->DTEND)) {
         throw new BadRequest('DTSTART and DTEND must both be specified');
     }
     $startRange = $vFreeBusy->DTSTART->getDateTime();
     $endRange = $vFreeBusy->DTEND->getDateTime();
     $results = [];
     foreach ($attendees as $attendee) {
         $results[] = $this->getFreeBusyForEmail($attendee, $startRange, $endRange, $vObject);
     }
     $dom = new \DOMDocument('1.0', 'utf-8');
     $dom->formatOutput = true;
     $scheduleResponse = $dom->createElement('cal:schedule-response');
     foreach ($this->server->xmlNamespaces as $namespace => $prefix) {
         $scheduleResponse->setAttribute('xmlns:' . $prefix, $namespace);
     }
     $dom->appendChild($scheduleResponse);
     foreach ($results as $result) {
         $xresponse = $dom->createElement('cal:response');
         $recipient = $dom->createElement('cal:recipient');
         $recipientHref = $dom->createElement('d:href');
         $recipientHref->appendChild($dom->createTextNode($result['href']));
         $recipient->appendChild($recipientHref);
         $xresponse->appendChild($recipient);
         $reqStatus = $dom->createElement('cal:request-status');
         $reqStatus->appendChild($dom->createTextNode($result['request-status']));
         $xresponse->appendChild($reqStatus);
         if (isset($result['calendar-data'])) {
             $calendardata = $dom->createElement('cal:calendar-data');
             $calendardata->appendChild($dom->createTextNode(str_replace("\r\n", "\n", $result['calendar-data']->serialize())));
             $xresponse->appendChild($calendardata);
         }
         $scheduleResponse->appendChild($xresponse);
     }
     $response->setStatus(200);
     $response->setHeader('Content-Type', 'application/xml');
     $response->setBody($dom->saveXML());
 }
Exemplo n.º 17
0
 /**
  * @param RequestInterface $request
  * @param ResponseInterface $response
  * @return array
  * @throws NotAuthenticated
  */
 private function auth(RequestInterface $request, ResponseInterface $response)
 {
     $forcedLogout = false;
     if (!$this->request->passesCSRFCheck() && $this->requiresCSRFCheck()) {
         // In case of a fail with POST we need to recheck the credentials
         if ($this->request->getMethod() === 'POST') {
             $forcedLogout = true;
         } else {
             $response->setStatus(401);
             throw new \Sabre\DAV\Exception\NotAuthenticated('CSRF check not passed.');
         }
     }
     if ($forcedLogout) {
         $this->userSession->logout();
     } else {
         if ($this->twoFactorManager->needsSecondFactor()) {
             throw new \Sabre\DAV\Exception\NotAuthenticated('2FA challenge not passed.');
         }
         if (\OC_User::handleApacheAuth() || $this->userSession->isLoggedIn() && is_null($this->session->get(self::DAV_AUTHENTICATED)) || $this->userSession->isLoggedIn() && $this->session->get(self::DAV_AUTHENTICATED) === $this->userSession->getUser()->getUID() && $request->getHeader('Authorization') === null) {
             $user = $this->userSession->getUser()->getUID();
             \OC_Util::setupFS($user);
             $this->currentUser = $user;
             $this->session->close();
             return [true, $this->principalPrefix . $user];
         }
     }
     if (!$this->userSession->isLoggedIn() && in_array('XMLHttpRequest', explode(',', $request->getHeader('X-Requested-With')))) {
         // do not re-authenticate over ajax, use dummy auth name to prevent browser popup
         $response->addHeader('WWW-Authenticate', 'DummyBasic realm="' . $this->realm . '"');
         $response->setStatus(401);
         throw new \Sabre\DAV\Exception\NotAuthenticated('Cannot authenticate over ajax calls');
     }
     $data = parent::check($request, $response);
     if ($data[0] === true) {
         $startPos = strrpos($data[1], '/') + 1;
         $user = $this->userSession->getUser()->getUID();
         $data[1] = substr_replace($data[1], $user, $startPos);
     }
     return $data;
 }
Exemplo n.º 18
0
 /**
  * We intercept this to handle POST requests on calendars.
  *
  * @param RequestInterface $request
  * @param ResponseInterface $response
  * @return null|bool
  */
 function httpPost(RequestInterface $request, ResponseInterface $response)
 {
     $path = $request->getPath();
     // Only handling xml
     $contentType = $request->getHeader('Content-Type');
     if (strpos($contentType, 'application/xml') === false && strpos($contentType, 'text/xml') === false) {
         return;
     }
     // Making sure the node exists
     try {
         $node = $this->server->tree->getNodeForPath($path);
     } catch (DAV\Exception\NotFound $e) {
         return;
     }
     $requestBody = $request->getBodyAsString();
     // If this request handler could not deal with this POST request, it
     // will return 'null' and other plugins get a chance to handle the
     // request.
     //
     // However, we already requested the full body. This is a problem,
     // because a body can only be read once. This is why we preemptively
     // re-populated the request body with the existing data.
     $request->setBody($requestBody);
     $dom = DAV\XMLUtil::loadDOMDocument($requestBody);
     $documentType = DAV\XMLUtil::toClarkNotation($dom->firstChild);
     switch ($documentType) {
         // Dealing with the 'share' document, which modified invitees on a
         // calendar.
         case '{' . Plugin::NS_CALENDARSERVER . '}share':
             // We can only deal with IShareableCalendar objects
             if (!$node instanceof IShareableCalendar) {
                 return;
             }
             $this->server->transactionType = 'post-calendar-share';
             // Getting ACL info
             $acl = $this->server->getPlugin('acl');
             // If there's no ACL support, we allow everything
             if ($acl) {
                 $acl->checkPrivileges($path, '{DAV:}write');
             }
             $mutations = $this->parseShareRequest($dom);
             $node->updateShares($mutations[0], $mutations[1]);
             $response->setStatus(200);
             // Adding this because sending a response body may cause issues,
             // and I wanted some type of indicator the response was handled.
             $response->setHeader('X-Sabre-Status', 'everything-went-well');
             // Breaking the event chain
             return false;
             // The invite-reply document is sent when the user replies to an
             // invitation of a calendar share.
         // The invite-reply document is sent when the user replies to an
         // invitation of a calendar share.
         case '{' . Plugin::NS_CALENDARSERVER . '}invite-reply':
             // This only works on the calendar-home-root node.
             if (!$node instanceof CalendarHome) {
                 return;
             }
             $this->server->transactionType = 'post-invite-reply';
             // Getting ACL info
             $acl = $this->server->getPlugin('acl');
             // If there's no ACL support, we allow everything
             if ($acl) {
                 $acl->checkPrivileges($path, '{DAV:}write');
             }
             $message = $this->parseInviteReplyRequest($dom);
             $url = $node->shareReply($message['href'], $message['status'], $message['calendarUri'], $message['inReplyTo'], $message['summary']);
             $response->setStatus(200);
             // Adding this because sending a response body may cause issues,
             // and I wanted some type of indicator the response was handled.
             $response->setHeader('X-Sabre-Status', 'everything-went-well');
             if ($url) {
                 $dom = new \DOMDocument('1.0', 'UTF-8');
                 $dom->formatOutput = true;
                 $root = $dom->createElement('cs:shared-as');
                 foreach ($this->server->xmlNamespaces as $namespace => $prefix) {
                     $root->setAttribute('xmlns:' . $prefix, $namespace);
                 }
                 $dom->appendChild($root);
                 $href = new DAV\Property\Href($url);
                 $href->serialize($this->server, $root);
                 $response->setHeader('Content-Type', 'application/xml');
                 $response->setBody($dom->saveXML());
             }
             // Breaking the event chain
             return false;
         case '{' . Plugin::NS_CALENDARSERVER . '}publish-calendar':
             // We can only deal with IShareableCalendar objects
             if (!$node instanceof IShareableCalendar) {
                 return;
             }
             $this->server->transactionType = 'post-publish-calendar';
             // Getting ACL info
             $acl = $this->server->getPlugin('acl');
             // If there's no ACL support, we allow everything
             if ($acl) {
                 $acl->checkPrivileges($path, '{DAV:}write');
             }
             $node->setPublishStatus(true);
             // iCloud sends back the 202, so we will too.
             $response->setStatus(202);
             // Adding this because sending a response body may cause issues,
             // and I wanted some type of indicator the response was handled.
             $response->setHeader('X-Sabre-Status', 'everything-went-well');
             // Breaking the event chain
             return false;
         case '{' . Plugin::NS_CALENDARSERVER . '}unpublish-calendar':
             // We can only deal with IShareableCalendar objects
             if (!$node instanceof IShareableCalendar) {
                 return;
             }
             $this->server->transactionType = 'post-unpublish-calendar';
             // Getting ACL info
             $acl = $this->server->getPlugin('acl');
             // If there's no ACL support, we allow everything
             if ($acl) {
                 $acl->checkPrivileges($path, '{DAV:}write');
             }
             $node->setPublishStatus(false);
             $response->setStatus(200);
             // Adding this because sending a response body may cause issues,
             // and I wanted some type of indicator the response was handled.
             $response->setHeader('X-Sabre-Status', 'everything-went-well');
             // Breaking the event chain
             return false;
     }
 }
Exemplo n.º 19
0
 /**
  * This method is responsible for handling the 'ACL' event.
  *
  * @param RequestInterface $request
  * @param ResponseInterface $response
  * @return bool
  */
 function httpAcl(RequestInterface $request, ResponseInterface $response)
 {
     $path = $request->getPath();
     $body = $request->getBodyAsString();
     $dom = DAV\XMLUtil::loadDOMDocument($body);
     $newAcl = Property\Acl::unserialize($dom->firstChild, $this->server->propertyMap)->getPrivileges();
     // Normalizing urls
     foreach ($newAcl as $k => $newAce) {
         $newAcl[$k]['principal'] = $this->server->calculateUri($newAce['principal']);
     }
     $node = $this->server->tree->getNodeForPath($path);
     if (!$node instanceof IACL) {
         throw new DAV\Exception\MethodNotAllowed('This node does not support the ACL method');
     }
     $oldAcl = $this->getACL($node);
     $supportedPrivileges = $this->getFlatPrivilegeSet($node);
     /* Checking if protected principals from the existing principal set are
        not overwritten. */
     foreach ($oldAcl as $oldAce) {
         if (!isset($oldAce['protected']) || !$oldAce['protected']) {
             continue;
         }
         $found = false;
         foreach ($newAcl as $newAce) {
             if ($newAce['privilege'] === $oldAce['privilege'] && $newAce['principal'] === $oldAce['principal'] && $newAce['protected']) {
                 $found = true;
             }
         }
         if (!$found) {
             throw new Exception\AceConflict('This resource contained a protected {DAV:}ace, but this privilege did not occur in the ACL request');
         }
     }
     foreach ($newAcl as $newAce) {
         // Do we recognize the privilege
         if (!isset($supportedPrivileges[$newAce['privilege']])) {
             throw new Exception\NotSupportedPrivilege('The privilege you specified (' . $newAce['privilege'] . ') is not recognized by this server');
         }
         if ($supportedPrivileges[$newAce['privilege']]['abstract']) {
             throw new Exception\NoAbstract('The privilege you specified (' . $newAce['privilege'] . ') is an abstract privilege');
         }
         // Looking up the principal
         try {
             $principal = $this->server->tree->getNodeForPath($newAce['principal']);
         } catch (DAV\Exception\NotFound $e) {
             throw new Exception\NotRecognizedPrincipal('The specified principal (' . $newAce['principal'] . ') does not exist');
         }
         if (!$principal instanceof IPrincipal) {
             throw new Exception\NotRecognizedPrincipal('The specified uri (' . $newAce['principal'] . ') is not a principal');
         }
     }
     $node->setACL($newAcl);
     $response->setStatus(200);
     // Breaking the event chain, because we handled this method.
     return false;
 }
Exemplo n.º 20
0
 /**
  * Handles POST requests for tree operations.
  *
  * @param RequestInterface $request
  * @param ResponseInterface $response
  * @return bool
  */
 function httpPOST(RequestInterface $request, ResponseInterface $response)
 {
     $contentType = $request->getHeader('Content-Type');
     list($contentType) = explode(';', $contentType);
     if ($contentType !== 'application/x-www-form-urlencoded' && $contentType !== 'multipart/form-data') {
         return;
     }
     $postVars = $request->getPostData();
     if (!isset($postVars['sabreAction'])) {
         return;
     }
     $uri = $request->getPath();
     if ($this->server->emit('onBrowserPostAction', [$uri, $postVars['sabreAction'], $postVars])) {
         switch ($postVars['sabreAction']) {
             case 'mkcol':
                 if (isset($postVars['name']) && trim($postVars['name'])) {
                     // Using basename() because we won't allow slashes
                     list(, $folderName) = URLUtil::splitPath(trim($postVars['name']));
                     if (isset($postVars['resourceType'])) {
                         $resourceType = explode(',', $postVars['resourceType']);
                     } else {
                         $resourceType = ['{DAV:}collection'];
                     }
                     $properties = [];
                     foreach ($postVars as $varName => $varValue) {
                         // Any _POST variable in clark notation is treated
                         // like a property.
                         if ($varName[0] === '{') {
                             // PHP will convert any dots to underscores.
                             // This leaves us with no way to differentiate
                             // the two.
                             // Therefore we replace the string *DOT* with a
                             // real dot. * is not allowed in uris so we
                             // should be good.
                             $varName = str_replace('*DOT*', '.', $varName);
                             $properties[$varName] = $varValue;
                         }
                     }
                     $mkCol = new MkCol($resourceType, $properties);
                     $this->server->createCollection($uri . '/' . $folderName, $mkCol);
                 }
                 break;
                 // @codeCoverageIgnoreStart
             // @codeCoverageIgnoreStart
             case 'put':
                 if ($_FILES) {
                     $file = current($_FILES);
                 } else {
                     break;
                 }
                 list(, $newName) = URLUtil::splitPath(trim($file['name']));
                 if (isset($postVars['name']) && trim($postVars['name'])) {
                     $newName = trim($postVars['name']);
                 }
                 // Making sure we only have a 'basename' component
                 list(, $newName) = URLUtil::splitPath($newName);
                 if (is_uploaded_file($file['tmp_name'])) {
                     $this->server->createFile($uri . '/' . $newName, fopen($file['tmp_name'], 'r'));
                 }
                 break;
                 // @codeCoverageIgnoreEnd
         }
     }
     $response->setHeader('Location', $request->getUrl());
     $response->setStatus(302);
     return false;
 }
Exemplo n.º 21
0
 /**
  * @param RequestInterface $request
  * @param ResponseInterface $response
  * @return array
  */
 private function auth(RequestInterface $request, ResponseInterface $response)
 {
     if (\OC_User::handleApacheAuth() || $this->userSession->isLoggedIn() && is_null($this->session->get(self::DAV_AUTHENTICATED)) || $this->userSession->isLoggedIn() && $this->session->get(self::DAV_AUTHENTICATED) === $this->userSession->getUser()->getUID() && $request->getHeader('Authorization') === null) {
         $user = $this->userSession->getUser()->getUID();
         \OC_Util::setupFS($user);
         $this->currentUser = $user;
         $this->session->close();
         return [true, $this->principalPrefix . $user];
     }
     if (!$this->userSession->isLoggedIn() && in_array('XMLHttpRequest', explode(',', $request->getHeader('X-Requested-With')))) {
         // do not re-authenticate over ajax, use dummy auth name to prevent browser popup
         $response->addHeader('WWW-Authenticate', 'DummyBasic realm="' . $this->realm . '"');
         $response->setStatus(401);
         throw new \Sabre\DAV\Exception\NotAuthenticated('Cannot authenticate over ajax calls');
     }
     return parent::check($request, $response);
 }
Exemplo n.º 22
0
 /**
  * We intercept this to handle POST requests on calendars.
  *
  * @param RequestInterface $request
  * @param ResponseInterface $response
  * @return null|bool
  */
 function httpPost(RequestInterface $request, ResponseInterface $response)
 {
     $path = $request->getPath();
     // Only handling xml
     $contentType = $request->getHeader('Content-Type');
     if (strpos($contentType, 'application/xml') === false && strpos($contentType, 'text/xml') === false) {
         return;
     }
     // Making sure the node exists
     try {
         $node = $this->server->tree->getNodeForPath($path);
     } catch (DAV\Exception\NotFound $e) {
         return;
     }
     $requestBody = $request->getBodyAsString();
     // If this request handler could not deal with this POST request, it
     // will return 'null' and other plugins get a chance to handle the
     // request.
     //
     // However, we already requested the full body. This is a problem,
     // because a body can only be read once. This is why we preemptively
     // re-populated the request body with the existing data.
     $request->setBody($requestBody);
     $message = $this->server->xml->parse($requestBody, $request->getUrl(), $documentType);
     switch ($documentType) {
         // Dealing with the 'share' document, which modified invitees on a
         // calendar.
         case '{' . Plugin::NS_CALENDARSERVER . '}share':
             // We can only deal with IShareableCalendar objects
             if (!$node instanceof IShareableCalendar) {
                 return;
             }
             $this->server->transactionType = 'post-calendar-share';
             // Getting ACL info
             $acl = $this->server->getPlugin('acl');
             // If there's no ACL support, we allow everything
             if ($acl) {
                 $acl->checkPrivileges($path, '{DAV:}write');
             }
             $node->updateShares($message->set, $message->remove);
             $response->setStatus(200);
             // Adding this because sending a response body may cause issues,
             // and I wanted some type of indicator the response was handled.
             $response->setHeader('X-Sabre-Status', 'everything-went-well');
             // Breaking the event chain
             return false;
             // The invite-reply document is sent when the user replies to an
             // invitation of a calendar share.
         // The invite-reply document is sent when the user replies to an
         // invitation of a calendar share.
         case '{' . Plugin::NS_CALENDARSERVER . '}invite-reply':
             // This only works on the calendar-home-root node.
             if (!$node instanceof CalendarHome) {
                 return;
             }
             $this->server->transactionType = 'post-invite-reply';
             // Getting ACL info
             $acl = $this->server->getPlugin('acl');
             // If there's no ACL support, we allow everything
             if ($acl) {
                 $acl->checkPrivileges($path, '{DAV:}write');
             }
             $url = $node->shareReply($message->href, $message->status, $message->calendarUri, $message->inReplyTo, $message->summary);
             $response->setStatus(200);
             // Adding this because sending a response body may cause issues,
             // and I wanted some type of indicator the response was handled.
             $response->setHeader('X-Sabre-Status', 'everything-went-well');
             if ($url) {
                 $writer = $this->server->xml->getWriter($this->server->getBaseUri());
                 $writer->openMemory();
                 $writer->startDocument();
                 $writer->startElement('{' . Plugin::NS_CALENDARSERVER . '}shared-as');
                 $writer->write(new Href($url));
                 $writer->endElement();
                 $response->setHeader('Content-Type', 'application/xml');
                 $response->setBody($writer->outputMemory());
             }
             // Breaking the event chain
             return false;
         case '{' . Plugin::NS_CALENDARSERVER . '}publish-calendar':
             // We can only deal with IShareableCalendar objects
             if (!$node instanceof IShareableCalendar) {
                 return;
             }
             $this->server->transactionType = 'post-publish-calendar';
             // Getting ACL info
             $acl = $this->server->getPlugin('acl');
             // If there's no ACL support, we allow everything
             if ($acl) {
                 $acl->checkPrivileges($path, '{DAV:}write');
             }
             $node->setPublishStatus(true);
             // iCloud sends back the 202, so we will too.
             $response->setStatus(202);
             // Adding this because sending a response body may cause issues,
             // and I wanted some type of indicator the response was handled.
             $response->setHeader('X-Sabre-Status', 'everything-went-well');
             // Breaking the event chain
             return false;
         case '{' . Plugin::NS_CALENDARSERVER . '}unpublish-calendar':
             // We can only deal with IShareableCalendar objects
             if (!$node instanceof IShareableCalendar) {
                 return;
             }
             $this->server->transactionType = 'post-unpublish-calendar';
             // Getting ACL info
             $acl = $this->server->getPlugin('acl');
             // If there's no ACL support, we allow everything
             if ($acl) {
                 $acl->checkPrivileges($path, '{DAV:}write');
             }
             $node->setPublishStatus(false);
             $response->setStatus(200);
             // Adding this because sending a response body may cause issues,
             // and I wanted some type of indicator the response was handled.
             $response->setHeader('X-Sabre-Status', 'everything-went-well');
             // Breaking the event chain
             return false;
     }
 }
 /**
  * This method handles the PROPFIND method.
  *
  * It's a very lazy method, it won't bother checking the request body
  * for which properties were requested, and just sends back a default
  * set of properties.
  *
  * @param RequestInterface $request
  * @param ResponseInterface $hR
  * @param string $tempLocation
  * @return bool
  */
 function httpPropfind(RequestInterface $request, ResponseInterface $hR, $tempLocation)
 {
     if (!file_exists($tempLocation)) {
         return;
     }
     $hR->setHeader('X-Sabre-Temp', 'true');
     $hR->setStatus(207);
     $hR->setHeader('Content-Type', 'application/xml; charset=utf-8');
     $properties = ['href' => $request->getPath(), 200 => ['{DAV:}getlastmodified' => new Xml\Property\GetLastModified(filemtime($tempLocation)), '{DAV:}getcontentlength' => filesize($tempLocation), '{DAV:}resourcetype' => new Xml\Property\ResourceType(null), '{' . Server::NS_SABREDAV . '}tempFile' => true]];
     $data = $this->server->generateMultiStatus([$properties]);
     $hR->setBody($data);
     return false;
 }
Exemplo n.º 24
0
 /**
  * POST operation on system tag collections
  *
  * @param RequestInterface $request request object
  * @param ResponseInterface $response response object
  * @return null|false
  */
 public function httpPost(RequestInterface $request, ResponseInterface $response)
 {
     $path = $request->getPath();
     // Making sure the node exists
     try {
         $node = $this->server->tree->getNodeForPath($path);
     } catch (NotFound $e) {
         return null;
     }
     if ($node instanceof SystemTagsByIdCollection || $node instanceof SystemTagsObjectMappingCollection) {
         $data = $request->getBodyAsString();
         $tag = $this->createTag($data, $request->getHeader('Content-Type'));
         if ($node instanceof SystemTagsObjectMappingCollection) {
             // also add to collection
             $node->createFile($tag->getId());
             $url = $request->getBaseUrl() . 'systemtags/';
         } else {
             $url = $request->getUrl();
         }
         if ($url[strlen($url) - 1] !== '/') {
             $url .= '/';
         }
         $response->setHeader('Content-Location', $url . $tag->getId());
         // created
         $response->setStatus(201);
         return false;
     }
 }
Exemplo n.º 25
0
 /**
  * Fakes a successful LOCK
  *
  * @param RequestInterface $request
  * @param ResponseInterface $response
  * @return bool
  */
 public function fakeUnlockProvider(RequestInterface $request, ResponseInterface $response)
 {
     $response->setStatus(204);
     $response->setHeader('Content-Length', '0');
     return false;
 }
Exemplo n.º 26
0
 /**
  * This method is called when a user could not be authenticated, and
  * authentication was required for the current request.
  *
  * This gives you the opportunity to set authentication headers. The 401
  * status code will already be set.
  *
  * In this case of Basic Auth, this would for example mean that the
  * following header needs to be set:
  *
  * $response->addHeader('WWW-Authenticate', 'Basic realm=SabreDAV');
  *
  * Keep in mind that in the case of multiple authentication backends, other
  * WWW-Authenticate headers may already have been set, and you'll want to
  * append your own WWW-Authenticate header instead of overwriting the
  * existing one.
  *
  * @param RequestInterface $request
  * @param ResponseInterface $response
  * @return void
  */
 function challenge(RequestInterface $request, ResponseInterface $response)
 {
     $auth = new HTTP\Auth\Digest($this->realm, $request, $response);
     $auth->init();
     $oldStatus = $response->getStatus() ?: 200;
     $auth->requireLogin();
     // Preventing the digest utility from modifying the http status code,
     // this should be handled by the main plugin.
     $response->setStatus($oldStatus);
 }
Exemplo n.º 27
0
    /**
     * This method checks the main HTTP preconditions.
     *
     * Currently these are:
     *   * If-Match
     *   * If-None-Match
     *   * If-Modified-Since
     *   * If-Unmodified-Since
     *
     * The method will return true if all preconditions are met
     * The method will return false, or throw an exception if preconditions
     * failed. If false is returned the operation should be aborted, and
     * the appropriate HTTP response headers are already set.
     *
     * Normally this method will throw 412 Precondition Failed for failures
     * related to If-None-Match, If-Match and If-Unmodified Since. It will
     * set the status to 304 Not Modified for If-Modified_since.
     *
     * @param RequestInterface $request
     * @param ResponseInterface $response
     * @return bool
     */
    function checkPreconditions(RequestInterface $request, ResponseInterface $response) {

        $path = $request->getPath();
        $node = null;
        $lastMod = null;
        $etag = null;

        if ($ifMatch = $request->getHeader('If-Match')) {

            // If-Match contains an entity tag. Only if the entity-tag
            // matches we are allowed to make the request succeed.
            // If the entity-tag is '*' we are only allowed to make the
            // request succeed if a resource exists at that url.
            try {
                $node = $this->tree->getNodeForPath($path);
            } catch (Exception\NotFound $e) {
                throw new Exception\PreconditionFailed('An If-Match header was specified and the resource did not exist', 'If-Match');
            }

            // Only need to check entity tags if they are not *
            if ($ifMatch !== '*') {

                // There can be multiple ETags
                $ifMatch = explode(',', $ifMatch);
                $haveMatch = false;
                foreach ($ifMatch as $ifMatchItem) {

                    // Stripping any extra spaces
                    $ifMatchItem = trim($ifMatchItem, ' ');

                    $etag = $node instanceof IFile ? $node->getETag() : null;
                    if ($etag === $ifMatchItem) {
                        $haveMatch = true;
                    } else {
                        // Evolution has a bug where it sometimes prepends the "
                        // with a \. This is our workaround.
                        if (str_replace('\\"', '"', $ifMatchItem) === $etag) {
                            $haveMatch = true;
                        }
                    }

                }
                if (!$haveMatch) {
                    if ($etag) $response->setHeader('ETag', $etag);
                     throw new Exception\PreconditionFailed('An If-Match header was specified, but none of the specified the ETags matched.', 'If-Match');
                }
            }
        }

        if ($ifNoneMatch = $request->getHeader('If-None-Match')) {

            // The If-None-Match header contains an ETag.
            // Only if the ETag does not match the current ETag, the request will succeed
            // The header can also contain *, in which case the request
            // will only succeed if the entity does not exist at all.
            $nodeExists = true;
            if (!$node) {
                try {
                    $node = $this->tree->getNodeForPath($path);
                } catch (Exception\NotFound $e) {
                    $nodeExists = false;
                }
            }
            if ($nodeExists) {
                $haveMatch = false;
                if ($ifNoneMatch === '*') $haveMatch = true;
                else {

                    // There might be multiple ETags
                    $ifNoneMatch = explode(',', $ifNoneMatch);
                    $etag = $node instanceof IFile ? $node->getETag() : null;

                    foreach ($ifNoneMatch as $ifNoneMatchItem) {

                        // Stripping any extra spaces
                        $ifNoneMatchItem = trim($ifNoneMatchItem, ' ');

                        if ($etag === $ifNoneMatchItem) $haveMatch = true;

                    }

                }

                if ($haveMatch) {
                    if ($etag) $response->setHeader('ETag', $etag);
                    if ($request->getMethod() === 'GET') {
                        $response->setStatus(304);
                        return false;
                    } else {
                        throw new Exception\PreconditionFailed('An If-None-Match header was specified, but the ETag matched (or * was specified).', 'If-None-Match');
                    }
                }
            }

        }

        if (!$ifNoneMatch && ($ifModifiedSince = $request->getHeader('If-Modified-Since'))) {

            // The If-Modified-Since header contains a date. We
            // will only return the entity if it has been changed since
            // that date. If it hasn't been changed, we return a 304
            // header
            // Note that this header only has to be checked if there was no If-None-Match header
            // as per the HTTP spec.
            $date = HTTP\Util::parseHTTPDate($ifModifiedSince);

            if ($date) {
                if (is_null($node)) {
                    $node = $this->tree->getNodeForPath($path);
                }
                $lastMod = $node->getLastModified();
                if ($lastMod) {
                    $lastMod = new \DateTime('@' . $lastMod);
                    if ($lastMod <= $date) {
                        $response->setStatus(304);
                        $response->setHeader('Last-Modified', HTTP\Util::toHTTPDate($lastMod));
                        return false;
                    }
                }
            }
        }

        if ($ifUnmodifiedSince = $request->getHeader('If-Unmodified-Since')) {

            // The If-Unmodified-Since will allow allow the request if the
            // entity has not changed since the specified date.
            $date = HTTP\Util::parseHTTPDate($ifUnmodifiedSince);

            // We must only check the date if it's valid
            if ($date) {
                if (is_null($node)) {
                    $node = $this->tree->getNodeForPath($path);
                }
                $lastMod = $node->getLastModified();
                if ($lastMod) {
                    $lastMod = new \DateTime('@' . $lastMod);
                    if ($lastMod > $date) {
                        throw new Exception\PreconditionFailed('An If-Unmodified-Since header was specified, but the entity has been changed since the specified date.', 'If-Unmodified-Since');
                    }
                }
            }

        }

        // Now the hardest, the If: header. The If: header can contain multiple
        // urls, ETags and so-called 'state tokens'.
        //
        // Examples of state tokens include lock-tokens (as defined in rfc4918)
        // and sync-tokens (as defined in rfc6578).
        //
        // The only proper way to deal with these, is to emit events, that a
        // Sync and Lock plugin can pick up.
        $ifConditions = $this->getIfConditions($request);

        foreach ($ifConditions as $kk => $ifCondition) {
            foreach ($ifCondition['tokens'] as $ii => $token) {
                $ifConditions[$kk]['tokens'][$ii]['validToken'] = false;
            }
        }

        // Plugins are responsible for validating all the tokens.
        // If a plugin deemed a token 'valid', it will set 'validToken' to
        // true.
        $this->emit('validateTokens', [ $request, &$ifConditions ]);

        // Now we're going to analyze the result.

        // Every ifCondition needs to validate to true, so we exit as soon as
        // we have an invalid condition.
        foreach ($ifConditions as $ifCondition) {

            $uri = $ifCondition['uri'];
            $tokens = $ifCondition['tokens'];

            // We only need 1 valid token for the condition to succeed.
            foreach ($tokens as $token) {

                $tokenValid = $token['validToken'] || !$token['token'];

                $etagValid = false;
                if (!$token['etag']) {
                    $etagValid = true;
                }
                // Checking the ETag, only if the token was already deamed
                // valid and there is one.
                if ($token['etag'] && $tokenValid) {

                    // The token was valid, and there was an ETag. We must
                    // grab the current ETag and check it.
                    $node = $this->tree->getNodeForPath($uri);
                    $etagValid = $node instanceof IFile && $node->getETag() == $token['etag'];

                }


                if (($tokenValid && $etagValid) ^ $token['negate']) {
                    // Both were valid, so we can go to the next condition.
                    continue 2;
                }


            }

            // If we ended here, it means there was no valid ETag + token
            // combination found for the current condition. This means we fail!
            throw new Exception\PreconditionFailed('Failed to find a valid token/etag combination for ' . $uri, 'If');

        }

        return true;

    }
Exemplo n.º 28
0
 /**
  * This event is triggered before the usual GET request handler.
  *
  * We use this to intercept GET calls to notification nodes, and return the
  * proper response.
  *
  * @param RequestInterface $request
  * @param ResponseInterface $response
  * @return void
  */
 function httpGet(RequestInterface $request, ResponseInterface $response)
 {
     $path = $request->getPath();
     try {
         $node = $this->server->tree->getNodeForPath($path);
     } catch (DAV\Exception\NotFound $e) {
         return;
     }
     if (!$node instanceof INode) {
         return;
     }
     $dom = new \DOMDocument('1.0', 'UTF-8');
     $dom->formatOutput = true;
     $root = $dom->createElement('cs:notification');
     foreach ($this->server->xmlNamespaces as $namespace => $prefix) {
         $root->setAttribute('xmlns:' . $prefix, $namespace);
     }
     $dom->appendChild($root);
     $node->getNotificationType()->serializeBody($this->server, $root);
     $response->setHeader('Content-Type', 'application/xml');
     $response->setHeader('ETag', $node->getETag());
     $response->setStatus(200);
     $response->setBody($dom->saveXML());
     // Return false to break the event chain.
     return false;
 }
Exemplo n.º 29
0
 /**
  * Patch an uri
  *
  * The WebDAV patch request can be used to modify only a part of an
  * existing resource. If the resource does not exist yet and the first
  * offset is not 0, the request fails
  *
  * @param RequestInterface $request
  * @param ResponseInterface $response
  * @return void
  */
 function httpPatch(RequestInterface $request, ResponseInterface $response)
 {
     $path = $request->getPath();
     // Get the node. Will throw a 404 if not found
     $node = $this->server->tree->getNodeForPath($path);
     if (!$node instanceof IFile && !$node instanceof IPatchSupport) {
         throw new DAV\Exception\MethodNotAllowed('The target resource does not support the PATCH method.');
     }
     $range = $this->getHTTPUpdateRange($request);
     if (!$range) {
         throw new DAV\Exception\BadRequest('No valid "X-Update-Range" found in the headers');
     }
     $contentType = strtolower($request->getHeader('Content-Type'));
     if ($contentType != 'application/x-sabredav-partialupdate') {
         throw new DAV\Exception\UnsupportedMediaType('Unknown Content-Type header "' . $contentType . '"');
     }
     $len = $this->server->httpRequest->getHeader('Content-Length');
     if (!$len) {
         throw new DAV\Exception\LengthRequired('A Content-Length header is required');
     }
     switch ($range[0]) {
         case self::RANGE_START:
             // Calculate the end-range if it doesn't exist.
             if (!$range[2]) {
                 $range[2] = $range[1] + $len - 1;
             } else {
                 if ($range[2] < $range[1]) {
                     throw new DAV\Exception\RequestedRangeNotSatisfiable('The end offset (' . $range[2] . ') is lower than the start offset (' . $range[1] . ')');
                 }
                 if ($range[2] - $range[1] + 1 != $len) {
                     throw new DAV\Exception\RequestedRangeNotSatisfiable('Actual data length (' . $len . ') is not consistent with begin (' . $range[1] . ') and end (' . $range[2] . ') offsets');
                 }
             }
             break;
     }
     if (!$this->server->emit('beforeWriteContent', [$path, $node, null])) {
         return;
     }
     $body = $this->server->httpRequest->getBody();
     if ($node instanceof IPatchSupport) {
         $etag = $node->patch($body, $range[0], isset($range[1]) ? $range[1] : null);
     } else {
         // The old interface
         switch ($range[0]) {
             case self::RANGE_APPEND:
                 throw new DAV\Exception\NotImplemented('This node does not support the append syntax. Please upgrade it to IPatchSupport');
             case self::RANGE_START:
                 $etag = $node->putRange($body, $range[1]);
                 break;
             case self::RANGE_END:
                 throw new DAV\Exception\NotImplemented('This node does not support the end-range syntax. Please upgrade it to IPatchSupport');
                 break;
         }
     }
     $this->server->emit('afterWriteContent', [$path, $node]);
     $response->setHeader('Content-Length', '0');
     if ($etag) {
         $response->setHeader('ETag', $etag);
     }
     $response->setStatus(204);
     // Breaks the event chain
     return false;
 }
Exemplo n.º 30
0
 /**
  * POST operation on Comments collections
  *
  * @param RequestInterface $request request object
  * @param ResponseInterface $response response object
  * @return null|false
  */
 public function httpPost(RequestInterface $request, ResponseInterface $response)
 {
     $path = $request->getPath();
     $node = $this->server->tree->getNodeForPath($path);
     if (!$node instanceof EntityCollection) {
         return null;
     }
     $data = $request->getBodyAsString();
     $comment = $this->createComment($node->getName(), $node->getId(), $data, $request->getHeader('Content-Type'));
     // update read marker for the current user/poster to avoid
     // having their own comments marked as unread
     $node->setReadMarker(null);
     $url = $request->getUrl() . '/' . urlencode($comment->getId());
     $response->setHeader('Content-Location', $url);
     // created
     $response->setStatus(201);
     return false;
 }