/**
* @NoAdminRequired
* @NoCSRFRequired
*
* @param string $src
*
* TODO: Cache the proxied content to prevent unnecessary requests from the oC server
* The caching should also already happen in a cronjob so that the sender of the
* mail does not know whether the mail has been opened.
*
* @return ProxyDownloadResponse
*/
public function proxy($src)
{
// close the session to allow parallel downloads
$this->session->close();
$content = $this->helper->getUrlContent($src);
return new ProxyDownloadResponse($content, $src, 'application/octet-stream');
}
/**
* @NoAdminRequired
* @NoCSRFRequired
*
* TODO: Cache the proxied content to prevent unnecessary requests from the oC server
* The caching should also already happen in a cronjob so that the sender of the
* mail does not know whether the mail has been opened.
*
* @return ProxyDownloadResponse
*/
public function proxy()
{
// close the session to allow parallel downloads
$this->session->close();
$resourceURL = $this->request->getParam('src');
$content = \OC::$server->getHelper()->getUrlContent($resourceURL);
return new ProxyDownloadResponse($content, $resourceURL, 'application/octet-stream');
}
/**
* set the session object
*
* @param ISession $session
*/
public function setSession(ISession $session)
{
if ($this->session instanceof ISession) {
$this->session->close();
}
$this->session = $session;
$this->activeUser = null;
}
/**
* Close the session and release the lock, also writes all changed data in batch
*/
public function close()
{
if ($this->isModified) {
$encryptedValue = $this->crypto->encrypt(json_encode($this->sessionValues), $this->passphrase);
$this->session->set(self::encryptedSessionName, $encryptedValue);
$this->isModified = false;
}
$this->session->close();
}
/**
* @param \Sabre\DAV\Server $server
* @param $realm
* @return bool
*/
private function auth(\Sabre\DAV\Server $server, $realm)
{
if (\OC_User::handleApacheAuth() || $this->userSession->isLoggedIn() && is_null($this->session->get(self::DAV_AUTHENTICATED))) {
$user = $this->userSession->getUser()->getUID();
\OC_Util::setupFS($user);
$this->currentUser = $user;
$this->session->close();
return true;
}
return parent::authenticate($server, $realm);
}
/**
* @param RequestInterface $request
* @param ResponseInterface $response
* @return array
*/
private function auth(RequestInterface $request, ResponseInterface $response)
{
if (\OC_User::handleApacheAuth() || $this->userSession->isLoggedIn() && is_null($this->session->get(self::DAV_AUTHENTICATED)) || $this->userSession->isLoggedIn() && $this->session->get(self::DAV_AUTHENTICATED) === $this->userSession->getUser()->getUID() && $request->getHeader('Authorization') === null) {
$user = $this->userSession->getUser()->getUID();
\OC_Util::setupFS($user);
$this->currentUser = $user;
$this->session->close();
return [true, $this->principalPrefix . $user];
}
if (!$this->userSession->isLoggedIn() && in_array('XMLHttpRequest', explode(',', $request->getHeader('X-Requested-With')))) {
// do not re-authenticate over ajax, use dummy auth name to prevent browser popup
$response->addHeader('WWW-Authenticate', 'DummyBasic realm="' . $this->realm . '"');
$response->setStatus(401);
throw new \Sabre\DAV\Exception\NotAuthenticated('Cannot authenticate over ajax calls');
}
return parent::check($request, $response);
}
/**
* @param \Sabre\DAV\Server $server
* @param string $realm
* @return bool
*/
private function auth(\Sabre\DAV\Server $server, $realm)
{
if (\OC_User::handleApacheAuth() || $this->userSession->isLoggedIn() && is_null($this->session->get(self::DAV_AUTHENTICATED))) {
$user = $this->userSession->getUser()->getUID();
\OC_Util::setupFS($user);
$this->currentUser = $user;
$this->session->close();
return true;
}
if ($server->httpRequest->getHeader('X-Requested-With') === 'XMLHttpRequest') {
// do not re-authenticate over ajax, use dummy auth name to prevent browser popup
$server->httpResponse->addHeader('WWW-Authenticate', 'DummyBasic realm="' . $realm . '"');
$server->httpResponse->setStatus(401);
throw new \Sabre\DAV\Exception\NotAuthenticated('Cannot authenticate over ajax calls');
}
return parent::authenticate($server, $realm);
}
/**
* @param RequestInterface $request
* @param ResponseInterface $response
* @return array
* @throws NotAuthenticated
*/
private function auth(RequestInterface $request, ResponseInterface $response)
{
$forcedLogout = false;
if (!$this->request->passesCSRFCheck() && $this->requiresCSRFCheck()) {
// In case of a fail with POST we need to recheck the credentials
if ($this->request->getMethod() === 'POST') {
$forcedLogout = true;
} else {
$response->setStatus(401);
throw new \Sabre\DAV\Exception\NotAuthenticated('CSRF check not passed.');
}
}
if ($forcedLogout) {
$this->userSession->logout();
} else {
if ($this->twoFactorManager->needsSecondFactor()) {
throw new \Sabre\DAV\Exception\NotAuthenticated('2FA challenge not passed.');
}
if (\OC_User::handleApacheAuth() || $this->userSession->isLoggedIn() && is_null($this->session->get(self::DAV_AUTHENTICATED)) || $this->userSession->isLoggedIn() && $this->session->get(self::DAV_AUTHENTICATED) === $this->userSession->getUser()->getUID() && $request->getHeader('Authorization') === null) {
$user = $this->userSession->getUser()->getUID();
\OC_Util::setupFS($user);
$this->currentUser = $user;
$this->session->close();
return [true, $this->principalPrefix . $user];
}
}
if (!$this->userSession->isLoggedIn() && in_array('XMLHttpRequest', explode(',', $request->getHeader('X-Requested-With')))) {
// do not re-authenticate over ajax, use dummy auth name to prevent browser popup
$response->addHeader('WWW-Authenticate', 'DummyBasic realm="' . $this->realm . '"');
$response->setStatus(401);
throw new \Sabre\DAV\Exception\NotAuthenticated('Cannot authenticate over ajax calls');
}
$data = parent::check($request, $response);
if ($data[0] === true) {
$startPos = strrpos($data[1], '/') + 1;
$user = $this->userSession->getUser()->getUID();
$data[1] = substr_replace($data[1], $user, $startPos);
}
return $data;
}
/**
* Close the session and release the lock
*/
public function close()
{
$this->session->close();
}
