/** * Decides which type of response to send * * @param string $message * @param int $code * * @return JSONResponse|RedirectResponse|TemplateResponse */ private function computeResponse($message, $code) { $acceptHtml = stripos($this->request->getHeader('Accept'), 'html'); if ($acceptHtml === false) { $response = $this->sendJsonResponse($message, $code); } else { $response = $this->sendHtmlResponse($message, $code); } return $response; }
/** * Load the image. */ protected function processImage() { // If image has already been read return if ($this->image instanceof Image) { return; } $this->image = new Image(); \OCP\Util::writeLog('contacts', __METHOD__ . ', Content-Type: ' . $this->request->getHeader('Content-Type'), \OCP\Util::DEBUG); \OCP\Util::writeLog('contacts', __METHOD__ . ', Content-Length: ' . $this->request->getHeader('Content-Length'), \OCP\Util::DEBUG); if (substr($this->request->getHeader('Content-Type'), 0, 6) !== 'image/') { throw new \Exception('Only images can be used as contact photo', Http::STATUS_UNSUPPORTED_MEDIA_TYPE); } $maxSize = \OCP\Util::maxUploadFilesize('/'); if ($this->request->getHeader('Content-Length') > $maxSize) { throw new \Exception(sprintf('The size of the file exceeds the maximum allowed %s', \OCP\Util::humanFileSize($maxSize)), Http::STATUS_REQUEST_ENTITY_TOO_LARGE); } $this->image->loadFromFileHandle($this->request->put); }
/** * If an SecurityException is being caught, ajax requests return a JSON error * response and non ajax requests redirect to the index * @param Controller $controller the controller that is being called * @param string $methodName the name of the method that will be called on * the controller * @param \Exception $exception the thrown exception * @throws \Exception the passed in exception if it cant handle it * @return Response a Response object or null in case that the exception could not be handled */ public function afterException($controller, $methodName, \Exception $exception) { if ($exception instanceof SecurityException) { if (stripos($this->request->getHeader('Accept'), 'html') === false) { $response = new JSONResponse(array('message' => $exception->getMessage()), $exception->getCode()); $this->app->log($exception->getMessage(), 'debug'); } else { // TODO: replace with link to route $url = $this->app->getServer()->getURLGenerator()->getAbsoluteURL('index.php'); $response = new RedirectResponse($url); $this->app->log($exception->getMessage(), 'debug'); } return $response; } throw $exception; }
/** * If an SecurityException is being caught, ajax requests return a JSON error * response and non ajax requests redirect to the index * @param Controller $controller the controller that is being called * @param string $methodName the name of the method that will be called on * the controller * @param \Exception $exception the thrown exception * @throws \Exception the passed in exception if it can't handle it * @return Response a Response object or null in case that the exception could not be handled */ public function afterException($controller, $methodName, \Exception $exception) { if ($exception instanceof SecurityException) { if (stripos($this->request->getHeader('Accept'), 'html') === false) { $response = new JSONResponse(array('message' => $exception->getMessage()), $exception->getCode()); } else { if ($exception instanceof NotLoggedInException) { $url = $this->urlGenerator->linkToRoute('core.login.showLoginForm', ['redirect_url' => urlencode($this->request->server['REQUEST_URI'])]); $response = new RedirectResponse($url); } else { $response = new TemplateResponse('core', '403', ['file' => $exception->getMessage()], 'guest'); $response->setStatus($exception->getCode()); } } $this->logger->debug($exception->getMessage()); return $response; } throw $exception; }
/** * Validates a username and password * * This method should return true or false depending on if login * succeeded. * * @param string $username * @param string $password * * @return bool * @throws \Sabre\DAV\Exception\NotAuthenticated */ protected function validateUserPass($username, $password) { try { $share = $this->shareManager->getShareByToken($username); } catch (ShareNotFound $e) { return false; } $this->share = $share; \OC_User::setIncognitoMode(true); // check if the share is password protected if ($share->getPassword() !== null) { if ($share->getShareType() === \OCP\Share::SHARE_TYPE_LINK) { if ($this->shareManager->checkPassword($share, $password)) { return true; } else { if ($this->session->exists('public_link_authenticated') && $this->session->get('public_link_authenticated') === (string) $share->getId()) { return true; } else { if (in_array('XMLHttpRequest', explode(',', $this->request->getHeader('X-Requested-With')))) { // do not re-authenticate over ajax, use dummy auth name to prevent browser popup http_response_code(401); header('WWW-Authenticate', 'DummyBasic realm="' . $this->realm . '"'); throw new \Sabre\DAV\Exception\NotAuthenticated('Cannot authenticate over ajax calls'); } return false; } } } else { if ($share->getShareType() === \OCP\Share::SHARE_TYPE_REMOTE) { return true; } else { return false; } } } else { return true; } }
/** * @param string|null $app App id or null for core * @return string */ public function setLanguageFromRequest($app = null) { $header = $this->request->getHeader('ACCEPT_LANGUAGE'); if ($header) { $available = $this->findAvailableLanguages($app); // E.g. make sure that 'de' is before 'de_DE'. sort($available); $preferences = preg_split('/,\\s*/', strtolower($header)); foreach ($preferences as $preference) { list($preferred_language) = explode(';', $preference); $preferred_language = str_replace('-', '_', $preferred_language); foreach ($available as $available_language) { if ($preferred_language === strtolower($available_language)) { if ($app === null && !$this->requestLanguage) { $this->requestLanguage = $available_language; } return $available_language; } } // Fallback from de_De to de foreach ($available as $available_language) { if (substr($preferred_language, 0, 2) === $available_language) { if ($app === null && !$this->requestLanguage) { $this->requestLanguage = $available_language; } return $available_language; } } } } if (!$this->requestLanguage) { $this->requestLanguage = 'en'; } return 'en'; // Last try: English }
/** * Tries to login the user with auth token header * * @todo check remember me cookie * @return boolean */ public function tryTokenLogin(IRequest $request) { $authHeader = $request->getHeader('Authorization'); if (strpos($authHeader, 'token ') === false) { // No auth header, let's try session id try { $sessionId = $this->session->getId(); return $this->validateToken($sessionId); } catch (SessionNotAvailableException $ex) { return false; } } else { $token = substr($authHeader, 6); return $this->validateToken($token); } }