<fieldset class="personalblock"> <?php echo '<img src="../apps/remoteStorage/remoteStorage.png" style="width:16px"> ' . '<strong>' . $l->t('remoteStorage') . '</strong> user address: ' . OCP\USER::getUser() . '@' . $_SERVER['SERVER_NAME'] . ' (<a href="http://unhosted.org/">more info</a>)'; ?> <p><em>Apps that currently have access to your ownCloud:</em></p> <script> function revokeToken(token) { var xhr = new XMLHttpRequest(); xhr.open('POST', '/apps/remoteStorage/ajax/revokeToken.php', true); xhr.send(token); } </script> <ul> <?php foreach (OC_remoteStorage::getAllTokens() as $token => $details) { echo '<li onmouseover="' . 'document.getElementById(\'revoke_' . $token . '\').style.display=\'inline\';"' . 'onmouseout="document.getElementById(\'revoke_' . $token . '\').style.display=\'none\';"' . '> <strong>' . $details['appUrl'] . '</strong>: ' . $details['categories'] . ' <a href="#" title="Revoke" class="action" style="display:none" id="revoke_' . $token . '" onclick="' . 'revokeToken(\'' . $token . '\');this.parentNode.style.display=\'none\';"' . '><img src="/core/img/actions/delete.svg"></a></li>' . "\n"; } ?> </ul> </fieldset>
if ($k == 'redirect_uri') { $appUrlParts = explode('/', $v); $appUrl = $appUrlParts[2]; //bit dodgy i guess } else { if ($k == 'scope') { $categories = $v; } } } } $currUser = OC_User::getUser(); if ($currUser == $ownCloudUser) { if (isset($_POST['allow'])) { //TODO: check if this can be faked by editing the cookie in firebug! $token = OC_remoteStorage::createCategories($appUrl, $categories); header('Location: ' . $_GET['redirect_uri'] . '#access_token=' . $token . '&token_type=bearer'); } else { ?> <!DOCTYPE html> <html> <head> <title>ownCloud</title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <link rel="shortcut icon" href="../../../core/img/favicon.png" /><link rel="apple-touch-icon-precomposed" href="../../../core/img/favicon-touch.png" /> <link rel="stylesheet" href="../../../core/css/styles.css" type="text/css" media="screen" /> <link rel="stylesheet" href="../auth.css" type="text/css" media="screen" /> </head> <body id="body-login"> <div id="login"> <header>
} else { header('Access-Control-Allow-Origin: *'); } $path = substr($_SERVER["REQUEST_URI"], strlen($_SERVER["SCRIPT_NAME"])); $pathParts = explode('/', $path); // for webdav: // 0/ 1 / 2 / 3... // /$ownCloudUser/remoteStorage/$category/ if (count($pathParts) >= 3 && $pathParts[0] == '') { list($dummy, $ownCloudUser, $dummy2, $category) = $pathParts; OC_Util::setupFS($ownCloudUser); // Create ownCloud Dir $publicDir = new OC_Connector_Sabre_Directory(''); $server = new Sabre_DAV_Server($publicDir); // Path to our script $server->setBaseUri(OC::$WEBROOT . "/apps/remoteStorage/WebDAV.php/{$ownCloudUser}"); // Auth backend $authBackend = new OC_Connector_Sabre_Auth_ro_oauth(OC_remoteStorage::getValidTokens($ownCloudUser, $category), $category); $authPlugin = new Sabre_DAV_Auth_Plugin($authBackend, 'ownCloud'); //should use $validTokens here $server->addPlugin($authPlugin); // Also make sure there is a 'data' directory, writable by the server. This directory is used to store information about locks $lockBackend = new OC_Connector_Sabre_Locks(); $lockPlugin = new Sabre_DAV_Locks_Plugin($lockBackend); $server->addPlugin($lockPlugin); // And off we go! $server->exec(); } else { //die('not the right address format '.var_export($pathParts, true)); die('not the right address format'); }
} else { if ($k == 'scope') { $categories = htmlentities($v); } } } } $currUser = OCP\USER::getUser(); if ($userId && $appUrl && $categories) { if ($currUser == $userId) { if (isset($_POST['allow'])) { //TODO: check if this can be faked by editing the cookie in firebug! $token = OC_remoteStorage::createCategories($appUrl, $categories); header('Location: ' . $_GET['redirect_uri'] . '#access_token=' . $token . '&token_type=bearer'); } else { if ($existingToken = OC_remoteStorage::getTokenFor($appUrl, $categories)) { header('Location: ' . $_GET['redirect_uri'] . '#access_token=' . $existingToken . '&token_type=bearer'); } else { //params ok, logged in ok, but need to click Allow still: $appUrlParts = explode('/', $_GET['redirect_uri']); $host = $appUrlParts[2]; $categories = explode(',', $_GET['scope']); OCP\Util::addStyle('', 'auth'); OCP\Template::printGuestPage('remoteStorage', 'auth', array('host' => $host, 'categories' => $categories)); } } //end 'need to click Allow still' } else { //login not ok if ($currUser) { die('You are logged in as ' . $currUser . ' instead of ' . htmlentities($userId));
* * Original: * @author Frank Karlitschek * @copyright 2010 Frank Karlitschek karlitschek@kde.org * * Adapted: * @author Michiel de Jong, 2012 * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE * License as published by the Free Software Foundation; either * version 3 of the License, or any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU AFFERO GENERAL PUBLIC LICENSE for more details. * * You should have received a copy of the GNU Affero General Public * License along with this library. If not, see <http://www.gnu.org/licenses/>. * */ // Do not load FS ... $RUNTIME_NOSETUPFS = true; OCP\App::checkAppEnabled('remoteStorage'); require_once 'remoteStorage/lib_remoteStorage.php'; ini_set('default_charset', 'UTF-8'); #ini_set('error_reporting', ''); @ob_clean(); echo OC_remoteStorage::deleteToken(file_get_contents("php://input"));
foreach ($_GET as $k => $v) { if ($k == 'user_address') { $userAddress = $v; } else { if ($k == 'redirect_uri') { $appUrl = $v; } else { if ($k == 'scope') { $dataScope = $v; } } } } if (OC_User::getUser() == $ownCloudUser) { //TODO: check if this can be faked by editing the cookie in firebug! $token = OC_remoteStorage::createDataScope($appUrl, $userAddress, $dataScope); header('Location: ' . $_GET['redirect_uri'] . '#access_token=' . $token . '&token_type=remoteStorage'); } else { if ($_SERVER['HTTPS']) { $url = "https://"; } else { $url = "http://"; } $url .= $_SERVER['SERVER_NAME']; $url .= substr($_SERVER['SCRIPT_NAME'], 0, -strlen('apps/remoteStorage/compat.php')); die('Please ' . '<input type="submit" onclick="' . "window.open('{$url}','Close me!','height=600,width=300');" . '" value="log in">' . ', close the pop-up, and ' . '<form method="POST"><input name="allow" type="submit" value="Try again"></form>'); } } else { echo '<form method="POST"><input name="allow" type="submit" value="Allow this web app to store stuff on your owncloud."></form>'; } } else {