<fieldset class="personalblock">
<?php
echo '<img src="../apps/remoteStorage/remoteStorage.png" style="width:16px"> ' . '<strong>' . $l->t('remoteStorage') . '</strong> user address: ' . OCP\USER::getUser() . '@' . $_SERVER['SERVER_NAME'] . ' (<a href="http://unhosted.org/">more info</a>)';
?>
<p><em>Apps that currently have access to your ownCloud:</em></p>
<script>
function revokeToken(token) {
var xhr = new XMLHttpRequest();
xhr.open('POST', '/apps/remoteStorage/ajax/revokeToken.php', true);
xhr.send(token);
}
</script>
<ul>
<?php
foreach (OC_remoteStorage::getAllTokens() as $token => $details) {
echo '<li onmouseover="' . 'document.getElementById(\'revoke_' . $token . '\').style.display=\'inline\';"' . 'onmouseout="document.getElementById(\'revoke_' . $token . '\').style.display=\'none\';"' . '> <strong>' . $details['appUrl'] . '</strong>: ' . $details['categories'] . ' <a href="#" title="Revoke" class="action" style="display:none" id="revoke_' . $token . '" onclick="' . 'revokeToken(\'' . $token . '\');this.parentNode.style.display=\'none\';"' . '><img src="/core/img/actions/delete.svg"></a></li>' . "\n";
}
?>
</ul>
</fieldset>
if ($k == 'redirect_uri') {
$appUrlParts = explode('/', $v);
$appUrl = $appUrlParts[2];
//bit dodgy i guess
} else {
if ($k == 'scope') {
$categories = $v;
}
}
}
}
$currUser = OC_User::getUser();
if ($currUser == $ownCloudUser) {
if (isset($_POST['allow'])) {
//TODO: check if this can be faked by editing the cookie in firebug!
$token = OC_remoteStorage::createCategories($appUrl, $categories);
header('Location: ' . $_GET['redirect_uri'] . '#access_token=' . $token . '&token_type=bearer');
} else {
?>
<!DOCTYPE html>
<html>
<head>
<title>ownCloud</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="shortcut icon" href="../../../core/img/favicon.png" /><link rel="apple-touch-icon-precomposed" href="../../../core/img/favicon-touch.png" />
<link rel="stylesheet" href="../../../core/css/styles.css" type="text/css" media="screen" />
<link rel="stylesheet" href="../auth.css" type="text/css" media="screen" />
</head>
<body id="body-login">
<div id="login">
<header>
} else {
header('Access-Control-Allow-Origin: *');
}
$path = substr($_SERVER["REQUEST_URI"], strlen($_SERVER["SCRIPT_NAME"]));
$pathParts = explode('/', $path);
// for webdav:
// 0/ 1 / 2 / 3...
// /$ownCloudUser/remoteStorage/$category/
if (count($pathParts) >= 3 && $pathParts[0] == '') {
list($dummy, $ownCloudUser, $dummy2, $category) = $pathParts;
OC_Util::setupFS($ownCloudUser);
// Create ownCloud Dir
$publicDir = new OC_Connector_Sabre_Directory('');
$server = new Sabre_DAV_Server($publicDir);
// Path to our script
$server->setBaseUri(OC::$WEBROOT . "/apps/remoteStorage/WebDAV.php/{$ownCloudUser}");
// Auth backend
$authBackend = new OC_Connector_Sabre_Auth_ro_oauth(OC_remoteStorage::getValidTokens($ownCloudUser, $category), $category);
$authPlugin = new Sabre_DAV_Auth_Plugin($authBackend, 'ownCloud');
//should use $validTokens here
$server->addPlugin($authPlugin);
// Also make sure there is a 'data' directory, writable by the server. This directory is used to store information about locks
$lockBackend = new OC_Connector_Sabre_Locks();
$lockPlugin = new Sabre_DAV_Locks_Plugin($lockBackend);
$server->addPlugin($lockPlugin);
// And off we go!
$server->exec();
} else {
//die('not the right address format '.var_export($pathParts, true));
die('not the right address format');
}
} else {
if ($k == 'scope') {
$categories = htmlentities($v);
}
}
}
}
$currUser = OCP\USER::getUser();
if ($userId && $appUrl && $categories) {
if ($currUser == $userId) {
if (isset($_POST['allow'])) {
//TODO: check if this can be faked by editing the cookie in firebug!
$token = OC_remoteStorage::createCategories($appUrl, $categories);
header('Location: ' . $_GET['redirect_uri'] . '#access_token=' . $token . '&token_type=bearer');
} else {
if ($existingToken = OC_remoteStorage::getTokenFor($appUrl, $categories)) {
header('Location: ' . $_GET['redirect_uri'] . '#access_token=' . $existingToken . '&token_type=bearer');
} else {
//params ok, logged in ok, but need to click Allow still:
$appUrlParts = explode('/', $_GET['redirect_uri']);
$host = $appUrlParts[2];
$categories = explode(',', $_GET['scope']);
OCP\Util::addStyle('', 'auth');
OCP\Template::printGuestPage('remoteStorage', 'auth', array('host' => $host, 'categories' => $categories));
}
}
//end 'need to click Allow still'
} else {
//login not ok
if ($currUser) {
die('You are logged in as ' . $currUser . ' instead of ' . htmlentities($userId));
*
* Original:
* @author Frank Karlitschek
* @copyright 2010 Frank Karlitschek karlitschek@kde.org
*
* Adapted:
* @author Michiel de Jong, 2012
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
* License as published by the Free Software Foundation; either
* version 3 of the License, or any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
*
* You should have received a copy of the GNU Affero General Public
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
*
*/
// Do not load FS ...
$RUNTIME_NOSETUPFS = true;
OCP\App::checkAppEnabled('remoteStorage');
require_once 'remoteStorage/lib_remoteStorage.php';
ini_set('default_charset', 'UTF-8');
#ini_set('error_reporting', '');
@ob_clean();
echo OC_remoteStorage::deleteToken(file_get_contents("php://input"));
foreach ($_GET as $k => $v) {
if ($k == 'user_address') {
$userAddress = $v;
} else {
if ($k == 'redirect_uri') {
$appUrl = $v;
} else {
if ($k == 'scope') {
$dataScope = $v;
}
}
}
}
if (OC_User::getUser() == $ownCloudUser) {
//TODO: check if this can be faked by editing the cookie in firebug!
$token = OC_remoteStorage::createDataScope($appUrl, $userAddress, $dataScope);
header('Location: ' . $_GET['redirect_uri'] . '#access_token=' . $token . '&token_type=remoteStorage');
} else {
if ($_SERVER['HTTPS']) {
$url = "https://";
} else {
$url = "http://";
}
$url .= $_SERVER['SERVER_NAME'];
$url .= substr($_SERVER['SCRIPT_NAME'], 0, -strlen('apps/remoteStorage/compat.php'));
die('Please ' . '<input type="submit" onclick="' . "window.open('{$url}','Close me!','height=600,width=300');" . '" value="log in">' . ', close the pop-up, and ' . '<form method="POST"><input name="allow" type="submit" value="Try again"></form>');
}
} else {
echo '<form method="POST"><input name="allow" type="submit" value="Allow this web app to store stuff on your owncloud."></form>';
}
} else {
