/**
* add server to the list of trusted ownCloud servers
*
* @param $url
* @return int server id
*/
public function addServer($url)
{
$url = $this->updateProtocol($url);
$result = $this->dbHandler->addServer($url);
if ($result) {
$token = $this->secureRandom->getMediumStrengthGenerator()->generate(16);
$this->dbHandler->addToken($url, $token);
$this->jobList->add('OCA\\Federation\\BackgroundJob\\RequestSharedSecret', ['url' => $url, 'token' => $token]);
}
return $result;
}
/**
* @param string $user
* @throws \Exception
*/
protected function sendEmail($user)
{
if (!$this->userManager->userExists($user)) {
throw new \Exception($this->l10n->t('Couldn\'t send reset email. Please make sure your username is correct.'));
}
$email = $this->config->getUserValue($user, 'settings', 'email');
if (empty($email)) {
throw new \Exception($this->l10n->t('Couldn\'t send reset email because there is no ' . 'email address for this username. Please ' . 'contact your administrator.'));
}
$token = $this->secureRandom->getMediumStrengthGenerator()->generate(21, ISecureRandom::CHAR_DIGITS . ISecureRandom::CHAR_LOWER . ISecureRandom::CHAR_UPPER);
$this->config->setUserValue($user, 'owncloud', 'lostpassword', $token);
$link = $this->urlGenerator->linkToRouteAbsolute('core.lost.resetform', array('userId' => $user, 'token' => $token));
$tmpl = new \OC_Template('core/lostpassword', 'email');
$tmpl->assign('link', $link, false);
$msg = $tmpl->fetchPage();
try {
$message = $this->mailer->createMessage();
$message->setTo([$email => $user]);
$message->setSubject($this->l10n->t('%s password reset', [$this->defaults->getName()]));
$message->setPlainBody($msg);
$message->setFrom([$this->from => $this->defaults->getName()]);
$this->mailer->send($message);
} catch (\Exception $e) {
throw new \Exception($this->l10n->t('Couldn\'t send reset email. Please contact your administrator.'));
}
}
/**
* @param IConfig $config
* @param ICrypto $crypto
* @param ISecureRandom $random
* @param IRequest $request
*/
public function __construct(IConfig $config, ICrypto $crypto, ISecureRandom $random, IRequest $request)
{
$this->crypto = $crypto;
$this->config = $config;
$this->random = $random;
if (!is_null($request->getCookie(self::COOKIE_NAME))) {
$this->passphrase = $request->getCookie(self::COOKIE_NAME);
} else {
$this->passphrase = $this->random->getMediumStrengthGenerator()->generate(128);
$secureCookie = $request->getServerProtocol() === 'https';
// FIXME: Required for CI
if (!defined('PHPUNIT_RUN')) {
setcookie(self::COOKIE_NAME, $this->passphrase, 0, \OC::$WEBROOT, '', $secureCookie, true);
}
}
}
/**
* create shared secret and return it
*
* @return \OC_OCS_Result
*/
public function getSharedSecret()
{
$url = $this->request->getParam('url');
$token = $this->request->getParam('token');
if ($this->trustedServers->isTrustedServer($url) === false || $this->isValidToken($url, $token) === false) {
return new \OC_OCS_Result(null, HTTP::STATUS_FORBIDDEN);
}
$sharedSecret = $this->secureRandom->getMediumStrengthGenerator()->generate(32);
$this->trustedServers->addSharedSecret($url, $sharedSecret);
// reset token after the exchange of the shared secret was successful
$this->dbHandler->addToken($url, '');
return new \OC_OCS_Result(['sharedSecret' => $sharedSecret], Http::STATUS_OK);
}
/**
* create shared secret and return it
*
* @return \OC_OCS_Result
*/
public function getSharedSecret()
{
$url = $this->request->getParam('url');
$token = $this->request->getParam('token');
if ($this->trustedServers->isTrustedServer($url) === false) {
$this->logger->log(\OCP\Util::ERROR, 'remote server not trusted (' . $url . ') while getting shared secret');
return new \OC_OCS_Result(null, HTTP::STATUS_FORBIDDEN);
}
if ($this->isValidToken($url, $token) === false) {
$this->logger->log(\OCP\Util::ERROR, 'remote server (' . $url . ') didn\'t send a valid token (got ' . $token . ') while getting shared secret');
return new \OC_OCS_Result(null, HTTP::STATUS_FORBIDDEN);
}
$sharedSecret = $this->secureRandom->getMediumStrengthGenerator()->generate(32);
$this->trustedServers->addSharedSecret($url, $sharedSecret);
// reset token after the exchange of the shared secret was successful
$this->dbHandler->addToken($url, '');
return new \OC_OCS_Result(['sharedSecret' => $sharedSecret], Http::STATUS_OK);
}
/**
* generate one time password for the user and store it in a array
*
* @param string $uid
* @return string password
*/
protected function generateOneTimePassword($uid)
{
$password = $this->secureRandom->getMediumStrengthGenerator()->generate(8);
$this->userPasswords[$uid] = $password;
return $password;
}
/**
* @param $options
* @return array
*/
public function install($options)
{
$l = $this->l10n;
$error = array();
$dbType = $options['dbtype'];
if (empty($options['adminlogin'])) {
$error[] = $l->t('Set an admin username.');
}
if (empty($options['adminpass'])) {
$error[] = $l->t('Set an admin password.');
}
if (empty($options['directory'])) {
$options['directory'] = \OC::$SERVERROOT . "/data";
}
if (!isset(self::$dbSetupClasses[$dbType])) {
$dbType = 'sqlite';
}
$username = htmlspecialchars_decode($options['adminlogin']);
$password = htmlspecialchars_decode($options['adminpass']);
$dataDir = htmlspecialchars_decode($options['directory']);
$class = self::$dbSetupClasses[$dbType];
/** @var \OC\Setup\AbstractDatabase $dbSetup */
$dbSetup = new $class($l, 'db_structure.xml', $this->config, $this->logger, $this->random);
$error = array_merge($error, $dbSetup->validate($options));
// validate the data directory
if (!is_dir($dataDir) and !mkdir($dataDir) or !is_writable($dataDir)) {
$error[] = $l->t("Can't create or write into the data directory %s", array($dataDir));
}
if (count($error) != 0) {
return $error;
}
$request = \OC::$server->getRequest();
//no errors, good
if (isset($options['trusted_domains']) && is_array($options['trusted_domains'])) {
$trustedDomains = $options['trusted_domains'];
} else {
$trustedDomains = [$request->getInsecureServerHost()];
}
if (\OC_Util::runningOnWindows()) {
$dataDir = rtrim(realpath($dataDir), '\\');
}
//use sqlite3 when available, otherwise sqlite2 will be used.
if ($dbType == 'sqlite' and class_exists('SQLite3')) {
$dbType = 'sqlite3';
}
//generate a random salt that is used to salt the local user passwords
$salt = $this->random->getLowStrengthGenerator()->generate(30);
// generate a secret
$secret = $this->random->getMediumStrengthGenerator()->generate(48);
//write the config file
$this->config->setSystemValues(['passwordsalt' => $salt, 'secret' => $secret, 'trusted_domains' => $trustedDomains, 'datadirectory' => $dataDir, 'overwrite.cli.url' => $request->getServerProtocol() . '://' . $request->getInsecureServerHost() . \OC::$WEBROOT, 'dbtype' => $dbType, 'version' => implode('.', \OC_Util::getVersion())]);
try {
$dbSetup->initialize($options);
$dbSetup->setupDatabase($username);
} catch (\OC\DatabaseSetupException $e) {
$error[] = array('error' => $e->getMessage(), 'hint' => $e->getHint());
return $error;
} catch (Exception $e) {
$error[] = array('error' => 'Error while trying to create admin user: '******'hint' => '');
return $error;
}
//create the user and group
$user = null;
try {
$user = \OC::$server->getUserManager()->createUser($username, $password);
if (!$user) {
$error[] = "User <{$username}> could not be created.";
}
} catch (Exception $exception) {
$error[] = $exception->getMessage();
}
if (count($error) == 0) {
$config = \OC::$server->getConfig();
$config->setAppValue('core', 'installedat', microtime(true));
$config->setAppValue('core', 'lastupdatedat', microtime(true));
$group = \OC::$server->getGroupManager()->createGroup('admin');
$group->addUser($user);
\OC_User::login($username, $password);
//guess what this does
\OC_Installer::installShippedApps();
// create empty file in data dir, so we can later find
// out that this is indeed an ownCloud data directory
file_put_contents($config->getSystemValue('datadirectory', \OC::$SERVERROOT . '/data') . '/.ocdata', '');
// Update .htaccess files
Setup::updateHtaccess();
Setup::protectDataDirectory();
//try to write logtimezone
if (date_default_timezone_get()) {
$config->setSystemValue('logtimezone', date_default_timezone_get());
}
//and we are done
$config->setSystemValue('installed', true);
}
return $error;
}
