protected function getUserId()
{
if (AuthService::usersEnabled()) {
return AuthService::getLoggedUser()->getId();
}
return "shared";
}
/**
* Filter the very basic keywords from the XML : AJXP_USER, AJXP_INSTALL_PATH, AJXP_DATA_PATH
* Calls the vars.filter hooks.
* @static
* @param $value
* @return mixed|string
*/
public static function filter($value)
{
if (is_string($value) && strpos($value, "AJXP_USER") !== false) {
if (AuthService::usersEnabled()) {
$loggedUser = AuthService::getLoggedUser();
if ($loggedUser != null) {
$loggedUser = $loggedUser->getId();
$value = str_replace("AJXP_USER", $loggedUser, $value);
} else {
return "";
}
} else {
$value = str_replace("AJXP_USER", "shared", $value);
}
}
if (is_string($value) && strpos($value, "AJXP_INSTALL_PATH") !== false) {
$value = str_replace("AJXP_INSTALL_PATH", AJXP_INSTALL_PATH, $value);
}
if (is_string($value) && strpos($value, "AJXP_DATA_PATH") !== false) {
$value = str_replace("AJXP_DATA_PATH", AJXP_DATA_PATH, $value);
}
$tab = array(&$value);
AJXP_Controller::applyIncludeHook("vars.filter", $tab);
return $value;
}
public function preProcess($action, $httpVars, $fileVars)
{
if (!is_array($this->pluginConf) || !isset($this->pluginConf["TO"])) {
throw new Exception("Cannot find configuration for plugin notify.phpmail-lite! Make sur the .inc file was dropped inside the /server/conf/ folder!");
}
require "lib/class.phpmailer-lite.php";
$mail = new PHPMailerLite(true);
$mail->Mailer = $this->pluginConf["MAILER"];
$mail->SetFrom($this->pluginConf["FROM"]["address"], $this->pluginConf["FROM"]["name"]);
foreach ($this->pluginConf["TO"] as $address) {
$mail->AddAddress($address["address"], $address["name"]);
}
$mail->WordWrap = 50;
// set word wrap to 50 characters
$mail->IsHTML(true);
// set email format to HTML
$mail->Subject = $this->pluginConf["SUBJECT"];
$mail->Body = str_replace("%user", AuthService::getLoggedUser()->getId(), $this->pluginConf["BODY"]);
$mail->AltBody = strip_tags($mail->Body);
if (!$mail->Send()) {
$message = "Message could not be sent. <p>";
$message .= "Mailer Error: " . $mail->ErrorInfo;
throw new Exception($message);
}
}
public function doTest()
{
$this->testedParams["Users enabled"] = AuthService::usersEnabled();
$this->testedParams["Guest enabled"] = ConfService::getCoreConf("ALLOW_GUEST_BROWSING", "auth");
$this->failedLevel = "info";
return FALSE;
}
function load()
{
$serialDir = $this->storage->getOption("USERS_DIRPATH");
$this->rights = AJXP_Utils::loadSerialFile($serialDir . "/" . $this->getId() . "/rights.ser");
$this->prefs = AJXP_Utils::loadSerialFile($serialDir . "/" . $this->getId() . "/prefs.ser");
$this->bookmarks = AJXP_Utils::loadSerialFile($serialDir . "/" . $this->getId() . "/bookmarks.ser");
if (isset($this->rights["ajxp.admin"]) && $this->rights["ajxp.admin"] === true) {
$this->setAdmin(true);
}
if (isset($this->rights["ajxp.parent_user"])) {
$this->setParent($this->rights["ajxp.parent_user"]);
}
// Load roles
if (isset($this->rights["ajxp.roles"])) {
//$allRoles = $this->storage->listRoles();
$allRoles = AuthService::getRolesList();
// Maintained as instance variable
foreach (array_keys($this->rights["ajxp.roles"]) as $roleId) {
if (isset($allRoles[$roleId])) {
$this->roles[$roleId] = $allRoles[$roleId];
} else {
unset($this->rights["ajxp.roles"][$roleId]);
}
}
}
}
public function authenticate(Sabre\DAV\Server $server, $realm)
{
//AJXP_Logger::debug("Try authentication on $realm", $server);
try {
$success = parent::authenticate($server, $realm);
} catch (Exception $e) {
$success = 0;
$errmsg = $e->getMessage();
if ($errmsg != "No digest authentication headers were found") {
$success = false;
}
}
if ($success) {
$res = AuthService::logUser($this->currentUser, null, true);
if ($res < 1) {
throw new Sabre\DAV\Exception\NotAuthenticated();
}
$this->updateCurrentUserRights(AuthService::getLoggedUser());
if (ConfService::getCoreConf("SESSION_SET_CREDENTIALS", "auth")) {
$webdavData = AuthService::getLoggedUser()->getPref("AJXP_WEBDAV_DATA");
AJXP_Safe::storeCredentials($this->currentUser, $this->_decodePassword($webdavData["PASS"], $this->currentUser));
}
} else {
if ($success === false) {
AJXP_Logger::warning(__CLASS__, "Login failed", array("user" => $this->currentUser, "error" => "Invalid WebDAV user or password"));
}
throw new Sabre\DAV\Exception\NotAuthenticated($errmsg);
}
ConfService::switchRootDir($this->repositoryId);
return true;
}
/**
* Filter the very basic keywords from the XML : AJXP_USER, AJXP_INSTALL_PATH, AJXP_DATA_PATH
* Calls the vars.filter hooks.
* @static
* @param $value
* @param AbstractAjxpUser|String $resolveUser
* @return mixed|string
*/
public static function filter($value, $resolveUser = null)
{
if (is_string($value) && strpos($value, "AJXP_USER") !== false) {
if (AuthService::usersEnabled()) {
if ($resolveUser != null) {
if (is_string($resolveUser)) {
$resolveUserId = $resolveUser;
} else {
$resolveUserId = $resolveUser->getId();
}
$value = str_replace("AJXP_USER", $resolveUserId, $value);
} else {
$loggedUser = AuthService::getLoggedUser();
if ($loggedUser != null) {
if ($loggedUser->hasParent() && $loggedUser->getResolveAsParent()) {
$loggedUserId = $loggedUser->getParent();
} else {
$loggedUserId = $loggedUser->getId();
}
$value = str_replace("AJXP_USER", $loggedUserId, $value);
} else {
return "";
}
}
} else {
$value = str_replace("AJXP_USER", "shared", $value);
}
}
if (is_string($value) && strpos($value, "AJXP_GROUP_PATH") !== false) {
if (AuthService::usersEnabled()) {
if ($resolveUser != null) {
if (is_string($resolveUser) && AuthService::userExists($resolveUser)) {
$loggedUser = ConfService::getConfStorageImpl()->createUserObject($resolveUser);
} else {
$loggedUser = $resolveUser;
}
} else {
$loggedUser = AuthService::getLoggedUser();
}
if ($loggedUser != null) {
$gPath = $loggedUser->getGroupPath();
$value = str_replace("AJXP_GROUP_PATH_FLAT", str_replace("/", "_", trim($gPath, "/")), $value);
$value = str_replace("AJXP_GROUP_PATH", $gPath, $value);
} else {
return "";
}
} else {
$value = str_replace(array("AJXP_GROUP_PATH", "AJXP_GROUP_PATH_FLAT"), "shared", $value);
}
}
if (is_string($value) && strpos($value, "AJXP_INSTALL_PATH") !== false) {
$value = str_replace("AJXP_INSTALL_PATH", AJXP_INSTALL_PATH, $value);
}
if (is_string($value) && strpos($value, "AJXP_DATA_PATH") !== false) {
$value = str_replace("AJXP_DATA_PATH", AJXP_DATA_PATH, $value);
}
$tab = array(&$value);
AJXP_Controller::applyIncludeHook("vars.filter", $tab);
return $value;
}
public function toggleDisclaimer($actionName, $httpVars, $fileVars)
{
$u = AuthService::getLoggedUser();
$u->personalRole->setParameterValue("action.disclaimer", "DISCLAIMER_ACCEPTED", $httpVars["validate"] == "true" ? "yes" : "no", AJXP_REPO_SCOPE_ALL);
if ($httpVars["validate"] == "true") {
$u->removeLock();
$u->save("superuser");
AuthService::updateUser($u);
ConfService::switchUserToActiveRepository($u);
$force = $u->mergedRole->filterParameterValue("core.conf", "DEFAULT_START_REPOSITORY", AJXP_REPO_SCOPE_ALL, -1);
$passId = -1;
if ($force != "" && $u->canSwitchTo($force) && !isset($httpVars["tmp_repository_id"]) && !isset($_SESSION["PENDING_REPOSITORY_ID"])) {
$passId = $force;
}
$res = ConfService::switchUserToActiveRepository($u, $passId);
if (!$res) {
AuthService::disconnect();
AJXP_XMLWriter::header();
AJXP_XMLWriter::requireAuth(true);
AJXP_XMLWriter::close();
}
ConfService::getInstance()->invalidateLoadedRepositories();
} else {
$u->setLock("validate_disclaimer");
$u->save("superuser");
AuthService::disconnect();
AJXP_XMLWriter::header();
AJXP_XMLWriter::requireAuth(true);
AJXP_XMLWriter::close();
}
}
public function validateRequest(sfWebRequest $request)
{
$server = $this->getOAuthServer();
$oauthRequest = $this->getOAuthRequest();
$oauthResponse = $this->getOAuthResponse();
if (!$server->verifyResourceRequest($oauthRequest, $oauthResponse)) {
$server->getResponse()->send();
throw new sfStopException();
}
$tokenData = $server->getAccessTokenData($oauthRequest, $oauthResponse);
$userId = $tokenData['user_id'];
$userService = new SystemUserService();
$user = $userService->getSystemUser($userId);
$authService = new AuthService();
$authService->setLoggedInUser($user);
$this->getAuthenticationService()->setCredentialsForUser($user, array());
}
function repositoryDataAsJS()
{
if (AuthService::usersEnabled()) {
return "";
}
require_once INSTALL_PATH . "/server/classes/class.SystemTextEncoding.php";
require_once INSTALL_PATH . "/server/classes/class.AJXP_XMLWriter.php";
return str_replace("'", "\\'", AJXP_XMLWriter::writeRepositoriesData(null));
}
/**
* Write repository data directly as javascript string
* @static
* @return mixed|string
*/
public static function repositoryDataAsJS()
{
if (AuthService::usersEnabled()) {
return "";
}
require_once AJXP_BIN_FOLDER . "/class.SystemTextEncoding.php";
require_once AJXP_BIN_FOLDER . "/class.AJXP_XMLWriter.php";
return str_replace("'", "\\'", AJXP_XMLWriter::writeRepositoriesData(null));
}
/**
* Validates a username and password
*
* This method should return true or false depending on if login
* succeeded.
*
* @param string $username
* @param string $password
* @return bool
*/
protected function validateUserPass($username, $password)
{
if (isset($this->shareData["PRESET_LOGIN"])) {
$res = \AuthService::logUser($this->shareData["PRESET_LOGIN"], $password, false, false, -1);
} else {
$res = \AuthService::logUser($this->shareData["PRELOG_USER"], "", true);
}
return $res === 1;
}
public function switchAction($action, $httpVars, $postProcessData)
{
if (!isset($this->actions[$action])) {
return false;
}
$repository = ConfService::getRepository();
if (!$repository->detectStreamWrapper(false)) {
return false;
}
$plugin = AJXP_PluginsService::findPlugin("access", $repository->getAccessType());
$streamData = $plugin->detectStreamWrapper(true);
$destStreamURL = $streamData["protocol"] . "://" . $repository->getId() . "/";
if ($action == "audio_proxy") {
$file = AJXP_Utils::decodeSecureMagic(base64_decode($httpVars["file"]));
$cType = "audio/" . array_pop(explode(".", $file));
$localName = basename($file);
header("Content-Type: " . $cType . "; name=\"" . $localName . "\"");
header("Content-Length: " . filesize($destStreamURL . $file));
$stream = fopen("php://output", "a");
call_user_func(array($streamData["classname"], "copyFileInStream"), $destStreamURL . $file, $stream);
fflush($stream);
fclose($stream);
$node = new AJXP_Node($destStreamURL . $file);
AJXP_Controller::applyHook("node.read", array($node));
//exit(1);
} else {
if ($action == "ls") {
if (!isset($httpVars["playlist"])) {
// This should not happen anyway, because of the applyCondition.
AJXP_Controller::passProcessDataThrough($postProcessData);
return;
}
// We transform the XML into XSPF
$xmlString = $postProcessData["ob_output"];
$xmlDoc = new DOMDocument();
$xmlDoc->loadXML($xmlString);
$xElement = $xmlDoc->documentElement;
header("Content-Type:application/xspf+xml;charset=UTF-8");
print '<?xml version="1.0" encoding="UTF-8"?>';
print '<playlist version="1" xmlns="http://xspf.org/ns/0/">';
print "<trackList>";
foreach ($xElement->childNodes as $child) {
$isFile = $child->getAttribute("is_file") == "true";
$label = $child->getAttribute("text");
$ar = explode(".", $label);
$ext = strtolower(end($ar));
if (!$isFile || $ext != "mp3") {
continue;
}
print "<track><location>" . AJXP_SERVER_ACCESS . "?secure_token=" . AuthService::getSecureToken() . "&get_action=audio_proxy&file=" . base64_encode($child->getAttribute("filename")) . "</location><title>" . $label . "</title></track>";
}
print "</trackList>";
AJXP_XMLWriter::close("playlist");
}
}
}
function upgradeRootRoleForWelcome()
{
$rootRole = AuthService::getRole("ROOT_ROLE");
if (!empty($rootRole)) {
echo '<br>Upgrading Root Role to let users access the new welcome page<br>';
$rootRole->setAcl("ajxp_home", "rw");
$rootRole->setParameterValue("core.conf", "DEFAULT_START_REPOSITORY", "ajxp_home");
AuthService::updateRole($rootRole);
}
}
protected function getUserId($private)
{
if (!$private) {
return AJXP_METADATA_SHAREDUSER;
}
if (AuthService::usersEnabled()) {
return AuthService::getLoggedUser()->getId();
}
return "shared";
}
public function logoutCallback($actionName, $httpVars, $fileVars)
{
AJXP_Safe::clearCredentials();
$adminUser = $this->options["AJXP_ADMIN_LOGIN"];
AuthService::disconnect();
session_write_close();
AJXP_XMLWriter::header();
AJXP_XMLWriter::loggingResult(2);
AJXP_XMLWriter::close();
}
public function testRolesStorage()
{
$r = new \AJXP_Role("phpunit_temporary_role");
$r->setAcl(0, "rw");
\AuthService::updateRole($r);
$r1 = \AuthService::getRole("phpunit_temporary_role");
$this->assertTrue(is_a($r1, "AJXP_Role"));
$this->assertEquals("rw", $r1->getAcl(0));
\AuthService::deleteRole("phpunit_temporary_role");
$r2 = \AuthService::getRole("phpunit_temporary_role");
$this->assertFalse($r2);
}
private function getTreeName()
{
$base = AJXP_SHARED_CACHE_DIR . "/trees/tree-" . ConfService::getRepository()->getId();
$secuScope = ConfService::getRepository()->securityScope();
if ($secuScope == "USER") {
$base .= "-" . AuthService::getLoggedUser()->getId();
} else {
if ($secuScope == "GROUP") {
$base .= "-" . str_replace("/", "_", AuthService::getLoggedUser()->getGroupPath());
}
}
return $base . "-full.xml";
}
public function logoutCallback($actionName, $httpVars, $fileVars)
{
AJXP_Safe::clearCredentials();
$adminUser = $this->options["ADMIN_USER"];
$subUsers = array();
unset($_SESSION["COUNT"]);
unset($_SESSION["disk"]);
AuthService::disconnect();
session_write_close();
AJXP_XMLWriter::header();
AJXP_XMLWriter::loggingResult(2);
AJXP_XMLWriter::close();
}
/**
* Updates the data
*
* The data argument is a readable stream resource.
*
* After a succesful put operation, you may choose to return an ETag. The
* etag must always be surrounded by double-quotes. These quotes must
* appear in the actual string you're returning.
*
* Clients may use the ETag from a PUT request to later on make sure that
* when they update the file, the contents haven't changed in the mean
* time.
*
* If you don't plan to store the file byte-by-byte, and you return a
* different object on a subsequent GET you are strongly recommended to not
* return an ETag, and just return null.
*
* @param resource $data
* @return string|null
*/
public function put($data)
{
// Warning, passed by ref
$p = $this->path;
if (!AuthService::getLoggedUser()->canWrite($this->repository->getId())) {
throw new \Sabre\DAV\Exception\Forbidden();
}
$this->getAccessDriver()->nodeWillChange($p, intval($_SERVER["CONTENT_LENGTH"]));
$stream = fopen($this->getUrl(), "w");
stream_copy_to_stream($data, $stream);
fclose($stream);
$toto = null;
$this->getAccessDriver()->nodeChanged($toto, $p);
return $this->getETag();
}
public function preLogUser($sessionId)
{
if ($_GET['get_action'] == "logout") {
phpCAS::logout();
return;
}
phpCAS::forceAuthentication();
$cas_user = phpCAS::getUser();
if (!$this->userExists($cas_user) && $this->autoCreateUser()) {
$this->createUser($cas_user, openssl_random_pseudo_bytes(20));
}
if ($this->userExists($cas_user)) {
AuthService::logUser($cas_user, "", true);
}
}
function tryToLogUser(&$httpVars, $isLast = false)
{
$localHttpLogin = $_SERVER["REMOTE_USER"];
$localHttpPassw = isset($_SERVER['PHP_AUTH_PW']) ? $_SERVER['PHP_AUTH_PW'] : "";
if (!isset($localHttpLogin)) {
return false;
}
if (!AuthService::userExists($localHttpLogin) && $this->pluginConf["CREATE_USER"] === true) {
AuthService::createUser($localHttpLogin, $localHttpPassw, isset($this->pluginConf["AJXP_ADMIN"]) && $this->pluginConf["AJXP_ADMIN"] == $localHttpLogin);
}
$res = AuthService::logUser($localHttpLogin, $localHttpPassw, true);
if ($res > 0) {
return true;
}
return false;
}
public function logoutCallback($actionName, $httpVars, $fileVars)
{
AJXP_Safe::clearCredentials();
$adminUser = $this->options["ADMIN_USER"];
$subUsers = array();
foreach ($_SESSION as $key => $val) {
if (substr($key, -4) === "disk" && substr($key, 0, 4) == "smb_") {
unset($_SESSION[$key]);
}
}
AuthService::disconnect();
session_write_close();
AJXP_XMLWriter::header();
AJXP_XMLWriter::loggingResult(2);
AJXP_XMLWriter::close();
}
/**
* formats the error message in representable manner
*
* For the SQL driver we will normalise the information into our table row format.
*
* @param $message String this is the message to be formatted
* @param $severity Severity level of the message: one of LOG_LEVEL_* (DEBUG,INFO,NOTICE,WARNING,ERROR)
* @return String the formatted message.
*/
function formatMessage($message, $severity)
{
// Get the user if it exists
$user = "******";
if (AuthService::usersEnabled()) {
$logged = AuthService::getLoggedUser();
if ($logged != null) {
$user = $logged->getId();
} else {
$user = "******";
}
}
$message_parts = explode("\t", $message);
$severity = strtoupper((string) $severity);
$log_row = array('logdate' => $this->toMysqlDateTime(strtotime('NOW')), 'remote_ip' => $this->inet_ptod($_SERVER['REMOTE_ADDR']), 'severity' => $severity, 'user' => $user, 'message' => $message_parts[0], 'params' => $message_parts[1]);
return $log_row;
}
public function getRegistryContributions()
{
$logged = AuthService::getLoggedUser();
if (AuthService::usersEnabled()) {
if ($logged == null) {
return $this->registryContributions;
} else {
$xmlString = AJXP_XMLWriter::getUserXml($logged, false);
}
} else {
$xmlString = AJXP_XMLWriter::getUserXml(null, false);
}
$dom = new DOMDocument();
$dom->loadXML($xmlString);
$this->registryContributions[] = $dom->documentElement;
return $this->registryContributions;
}
public function getChildren()
{
$this->children = array();
$u = AuthService::getLoggedUser();
if ($u != null) {
$repos = ConfService::getAccessibleRepositories($u);
// Refilter to make sure the driver is an AjxpWebdavProvider
foreach ($repos as $repository) {
$accessType = $repository->getAccessType();
$driver = AJXP_PluginsService::getInstance()->getPluginByTypeName("access", $accessType);
if (is_a($driver, "AjxpWrapperProvider") && $repository->getOption("AJXP_WEBDAV_DISABLED") !== true) {
$this->children[$repository->getSlug()] = new Sabre\DAV\SimpleCollection($repository->getSlug());
}
}
}
return $this->children;
}
public function receiveAction($action, $httpVars, $filesVars)
{
$provider = $this->getFilteredOption("AVATAR_PROVIDER");
$type = $this->getFilteredOption("GRAVATAR_TYPE");
if ($action == "get_avatar_url") {
$url = "";
$suffix = "";
switch ($provider) {
case "gravatar":
default:
if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') {
$url = "https://secure.gravatar.com";
} else {
$url = "http://www.gravatar.com";
}
$url .= "/avatar/";
$suffix .= "?s=80&r=g&d=" . $type;
break;
case "libravatar":
$url = "";
// Federated Servers are not supported here without libravatar.org. Should query DNS server first.
if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') {
$url = "https://seccdn.libravatar.org";
} else {
$url = "http://cdn.libravatar.org";
}
$url .= "/avatar/";
$suffix = "?s=80&d=" . $type;
break;
}
if (isset($httpVars["userid"])) {
$userid = $httpVars["userid"];
if (AuthService::usersEnabled() && AuthService::userExists($userid)) {
$confDriver = ConfService::getConfStorageImpl();
$user = $confDriver->createUserObject($userid);
$userEmail = $user->personalRole->filterParameterValue("core.conf", "email", AJXP_REPO_SCOPE_ALL, "");
if (!empty($userEmail)) {
$url .= md5(strtolower(trim($userEmail)));
}
}
}
$url .= $suffix;
print $url;
}
}
public function preLogUser($sessionId)
{
global $user;
$username = $user->data['username_clean'];
$password = md5($user->data['user_password']);
if (!$user->data['is_registered']) {
return false;
}
if (!$this->userExists($username)) {
if ($this->autoCreateUser()) {
$this->createUser($username, $password);
} else {
return false;
}
}
AuthService::logUser($username, '', true);
return true;
}
/**
* @param AJXP_Node $node
* @param string $cacheType
* @param string $details
* @return string
*/
public static function computeIdForNode($node, $cacheType, $details = '')
{
$repo = $node->getRepository();
if ($repo == null) {
return "failed-id";
}
$scope = $repo->securityScope();
$additional = "";
if ($scope === "USER") {
$additional = AuthService::getLoggedUser()->getId() . "@";
} else {
if ($scope == "GROUP") {
$additional = ltrim(str_replace("/", "__", AuthService::getLoggedUser()->getGroupPath()), "__") . "@";
}
}
$scheme = parse_url($node->getUrl(), PHP_URL_SCHEME);
return str_replace($scheme . "://", $cacheType . "://" . $additional, $node->getUrl()) . ($details ? "##" . $details : "");
}
function filterUsersPref($action, $httpVars, $fileVars)
{
if ($action != "save_user_pref") {
return;
}
$loggedUser = AuthService::getLoggedUser()->getId();
if ($loggedUser != "demo") {
return;
}
$i = 0;
while (isset($_GET["pref_name_" . $i]) && isset($_GET["pref_value_" . $i])) {
$prefName = $_GET["pref_name_" . $i];
$prefValue = stripslashes($_GET["pref_value_" . $i]);
if ($prefName == "password") {
throw new Exception("You are not allowed to change the password");
}
$i++;
}
}
