/**
* Discover the actual data and do some naive caching to ensure that the data
* is not requested multiple times.
*
* If no valid discovery data is found the ownCloud defaults are returned.
*
* @param string $remote
* @return array
*/
private function discover($remote)
{
// Check if something is in the cache
if ($cacheData = $this->cache->get($remote)) {
return json_decode($cacheData, true);
}
// Default response body
$discoveredServices = ['webdav' => '/public.php/webdav', 'share' => '/ocs/v1.php/cloud/shares'];
// Read the data from the response body
try {
$response = $this->client->get($remote . '/ocs-provider/');
if ($response->getStatusCode() === 200) {
$decodedService = json_decode($response->getBody(), true);
if (is_array($decodedService)) {
$endpoints = ['webdav', 'share'];
foreach ($endpoints as $endpoint) {
if (isset($decodedService['services']['FEDERATED_SHARING']['endpoints'][$endpoint])) {
$endpointUrl = (string) $decodedService['services']['FEDERATED_SHARING']['endpoints'][$endpoint];
if ($this->isSafeUrl($endpointUrl)) {
$discoveredServices[$endpoint] = $endpointUrl;
}
}
}
}
}
} catch (ClientException $e) {
// Don't throw any exception since exceptions are handled before
} catch (ConnectException $e) {
// Don't throw any exception since exceptions are handled before
}
// Write into cache
$this->cache->set($remote, json_encode($discoveredServices));
return $discoveredServices;
}
protected function run($argument)
{
$target = $argument['url'];
$source = $this->urlGenerator->getAbsoluteURL('/');
$source = rtrim($source, '/');
$token = $argument['token'];
try {
$result = $this->httpClient->get($target . $this->endPoint, ['query' => ['url' => $source, 'token' => $token], 'timeout' => 3, 'connect_timeout' => 3]);
$status = $result->getStatusCode();
} catch (ClientException $e) {
$status = $e->getCode();
$this->logger->logException($e);
}
// if we received a unexpected response we try again later
if ($status !== Http::STATUS_OK && $status !== Http::STATUS_FORBIDDEN) {
$this->jobList->add('OCA\\Federation\\BackgroundJob\\GetSharedSecret', $argument);
} else {
// reset token if we received a valid response
$this->dbHandler->addToken($target, '');
}
if ($status === Http::STATUS_OK) {
$body = $result->getBody();
$result = json_decode($body, true);
if (isset($result['ocs']['data']['sharedSecret'])) {
$this->trustedServers->addSharedSecret($target, $result['ocs']['data']['sharedSecret']);
} else {
$this->logger->error('remote server "' . $target . '"" does not return a valid shared secret', ['app' => 'federation']);
$this->trustedServers->setServerStatus($target, TrustedServers::STATUS_FAILURE);
}
}
}
protected function run($argument)
{
$target = $argument['url'];
$source = $this->urlGenerator->getAbsoluteURL('/');
$source = rtrim($source, '/');
$token = $argument['token'];
try {
$result = $this->httpClient->post($target . $this->endPoint, ['body' => ['url' => $source, 'token' => $token], 'timeout' => 3, 'connect_timeout' => 3]);
$status = $result->getStatusCode();
} catch (ClientException $e) {
$status = $e->getCode();
$this->logger->logException($e);
} catch (\Exception $e) {
$status = HTTP::STATUS_INTERNAL_SERVER_ERROR;
$this->logger->logException($e);
}
// if we received a unexpected response we try again later
if ($status !== Http::STATUS_OK && $status !== Http::STATUS_FORBIDDEN) {
$this->jobList->add('OCA\\Federation\\BackgroundJob\\RequestSharedSecret', $argument);
}
if ($status === Http::STATUS_FORBIDDEN) {
// clear token if remote server refuses to ask for shared secret
$this->dbHandler->addToken($target, '');
}
}
public function testWithMaliciousEndpointCached()
{
$response = $this->getMock('\\OCP\\Http\\Client\\IResponse');
$response->expects($this->once())->method('getStatusCode')->willReturn(200);
$response->expects($this->once())->method('getBody')->willReturn('{"version":2,"services":{"PRIVATE_DATA":{"version":1,"endpoints":{"store":"\\/ocs\\/v2.php\\/privatedata\\/setattribute","read":"\\/ocs\\/v2.php\\/privatedata\\/getattribute","delete":"\\/ocs\\/v2.php\\/privatedata\\/deleteattribute"}},"SHARING":{"version":1,"endpoints":{"share":"\\/ocs\\/v2.php\\/apps\\/files_sharing\\/api\\/v1\\/shares"}},"FEDERATED_SHARING":{"version":1,"endpoints":{"share":"\\/ocs\\/v2.php\\/cl@oud\\/MyCustomShareEndpoint","webdav":"\\/public.php\\/MyC:ustomEndpoint\\/"}},"ACTIVITY":{"version":1,"endpoints":{"list":"\\/ocs\\/v2.php\\/cloud\\/activity"}},"PROVISIONING":{"version":1,"endpoints":{"user":"******","groups":"\\/ocs\\/v2.php\\/cloud\\/groups","apps":"\\/ocs\\/v2.php\\/cloud\\/apps"}}}}');
$this->client->expects($this->once())->method('get')->with('https://myhost.com/ocs-provider/', [])->willReturn($response);
$this->cache->expects($this->at(0))->method('get')->with('https://myhost.com')->willReturn(null);
$this->cache->expects($this->at(1))->method('set')->with('https://myhost.com', '{"webdav":"\\/public.php\\/webdav","share":"\\/ocs\\/v1.php\\/cloud\\/shares"}');
$this->cache->expects($this->at(2))->method('get')->with('https://myhost.com')->willReturn('{"webdav":"\\/public.php\\/webdav","share":"\\/ocs\\/v1.php\\/cloud\\/shares"}');
$this->assertSame('/public.php/webdav', $this->discoveryManager->getWebDavEndpoint('https://myhost.com'));
$this->assertSame('/ocs/v1.php/cloud/shares', $this->discoveryManager->getShareEndpoint('https://myhost.com'));
}
protected function run($argument)
{
$target = $argument['url'];
$source = $this->urlGenerator->getAbsoluteURL('/');
$source = rtrim($source, '/');
$token = $argument['token'];
$result = null;
try {
$result = $this->httpClient->get($target . $this->endPoint, ['query' => ['url' => $source, 'token' => $token], 'timeout' => 3, 'connect_timeout' => 3]);
$status = $result->getStatusCode();
} catch (ClientException $e) {
$status = $e->getCode();
if ($status === Http::STATUS_FORBIDDEN) {
$this->logger->info($target . ' refused to exchange a shared secret with you.', ['app' => 'federation']);
} else {
$this->logger->logException($e, ['app' => 'federation']);
}
} catch (\Exception $e) {
$status = Http::STATUS_INTERNAL_SERVER_ERROR;
$this->logger->logException($e, ['app' => 'federation']);
}
// if we received a unexpected response we try again later
if ($status !== Http::STATUS_OK && $status !== Http::STATUS_FORBIDDEN) {
$this->retainJob = true;
} else {
// reset token if we received a valid response
$this->dbHandler->addToken($target, '');
}
if ($status === Http::STATUS_OK && $result instanceof IResponse) {
$body = $result->getBody();
$result = json_decode($body, true);
if (isset($result['ocs']['data']['sharedSecret'])) {
$this->trustedServers->addSharedSecret($target, $result['ocs']['data']['sharedSecret']);
} else {
$this->logger->error('remote server "' . $target . '"" does not return a valid shared secret', ['app' => 'federation']);
$this->trustedServers->setServerStatus($target, TrustedServers::STATUS_FAILURE);
}
}
}