/**
* Get the template for a specific activity-event in the activities
*
* @param array $activity An array with all the activity data in it
* @return string
*/
public function show($activity)
{
$tmpl = new Template('activity', 'stream.item');
$tmpl->assign('formattedDate', $this->dateTimeFormatter->formatDateTime($activity['timestamp']));
$tmpl->assign('formattedTimestamp', Template::relative_modified_date($activity['timestamp']));
if (strpos($activity['subjectformatted']['markup']['trimmed'], '<a ') !== false) {
// We do not link the subject as we create links for the parameters instead
$activity['link'] = '';
}
$tmpl->assign('event', $activity);
if ($activity['file']) {
$this->view->chroot('/' . $activity['affecteduser'] . '/files');
$exist = $this->view->file_exists($activity['file']);
$is_dir = $this->view->is_dir($activity['file']);
$tmpl->assign('previewLink', $this->getPreviewLink($activity['file'], $is_dir));
// show a preview image if the file still exists
$mimeType = Files::getMimeType($activity['file']);
if ($mimeType && !$is_dir && $this->preview->isMimeSupported($mimeType) && $exist) {
$tmpl->assign('previewImageLink', $this->urlGenerator->linkToRoute('core_ajax_preview', array('file' => $activity['file'], 'x' => 150, 'y' => 150)));
} else {
$mimeTypeIcon = Template::mimetype_icon($is_dir ? 'dir' : $mimeType);
$mimeTypeIcon = substr($mimeTypeIcon, -4) === '.png' ? substr($mimeTypeIcon, 0, -4) . '.svg' : $mimeTypeIcon;
$tmpl->assign('previewImageLink', $mimeTypeIcon);
$tmpl->assign('previewLinkIsDir', true);
}
}
return $tmpl->fetchPage();
}
public function setRSSToken($rssToken)
{
if ($rssToken) {
$this->rssLink = $this->URLGenerator->getAbsoluteURL($this->URLGenerator->linkToRoute('activity.rss', array('token' => $rssToken)));
} else {
$this->rssLink = '';
}
}
/**
* Get all items for the users we want to send an email to
*
* @return array Notification data (user => array of rows from the table)
*/
public function getLinkList()
{
$topEntries = [['id' => 'all', 'name' => (string) $this->l->t('All Activities'), 'url' => $this->URLGenerator->linkToRoute('activity.Activities.showList')]];
if ($this->user && $this->userSettings->getUserSetting($this->user, 'setting', 'self')) {
$topEntries[] = ['id' => 'self', 'name' => (string) $this->l->t('Activities by you'), 'url' => $this->URLGenerator->linkToRoute('activity.Activities.showList', array('filter' => 'self'))];
$topEntries[] = ['id' => 'by', 'name' => (string) $this->l->t('Activities by others'), 'url' => $this->URLGenerator->linkToRoute('activity.Activities.showList', array('filter' => 'by'))];
}
$additionalEntries = $this->activityManager->getNavigation();
$topEntries = array_merge($topEntries, $additionalEntries['top']);
return array('top' => $topEntries, 'apps' => $additionalEntries['apps']);
}
/**
* Redirects the client to an error page
*
* @param string $message
* @param int $code
*
* @return RedirectResponse
*/
private function redirectToErrorPage($message, $code)
{
$url = $this->urlGenerator->linkToRoute($this->appName . '.page.error_page', ['code' => $code]);
$response = new RedirectResponse($url);
$response->addCookie('galleryErrorMessage', $message);
return $response;
}
private function createPublicUrl($parameter)
{
$route = 'myapp.author_api.do_something';
$parameters = array('id' => $parameter);
$url = $this->urlGenerator->linkToRoute($route, $parameters);
return new RedirectResponse($url);
}
/**
* Redirects to the file list and highlight the given file id
*
* @param string $fileId file id to show
* @return RedirectResponse redirect response or not found response
* @throws \OCP\Files\NotFoundException
*
* @NoCSRFRequired
* @NoAdminRequired
*/
public function showFile($fileId)
{
$uid = $this->userSession->getUser()->getUID();
$baseFolder = $this->rootFolder->get($uid . '/files/');
$files = $baseFolder->getById($fileId);
$params = [];
if (empty($files) && $this->appManager->isEnabledForUser('files_trashbin')) {
$baseFolder = $this->rootFolder->get($uid . '/files_trashbin/files/');
$files = $baseFolder->getById($fileId);
$params['view'] = 'trashbin';
}
if (!empty($files)) {
$file = current($files);
if ($file instanceof Folder) {
// set the full path to enter the folder
$params['dir'] = $baseFolder->getRelativePath($file->getPath());
} else {
// set parent path as dir
$params['dir'] = $baseFolder->getRelativePath($file->getParent()->getPath());
// and scroll to the entry
$params['scrollto'] = $file->getName();
}
return new RedirectResponse($this->urlGenerator->linkToRoute('files.view.index', $params));
}
throw new \OCP\Files\NotFoundException();
}
/**
* @NoAdminRequired
* @NoCSRFRequired
* @CORS
*
* Sends the file matching the fileId
*
* @param int $fileId the ID of the file we want to download
* @param string|null $filename
*
* @return ImageResponse|RedirectResponse
*/
public function download($fileId, $filename = null)
{
$download = $this->getDownload($fileId, $filename);
if (!$download) {
$url = $this->urlGenerator->linkToRoute($this->appName . '.page.error_page', ['message' => 'There was a problem accessing the file', 'code' => Http::STATUS_NOT_FOUND]);
return new RedirectResponse($url);
}
return new ImageResponse($download);
}
/**
* @param $uri
* @param $context
* @return HTMLPurifier_URI
*/
private function filterHttp(&$uri, $context)
{
$originalURL = urlencode($uri->scheme . '://' . $uri->host . $uri->path);
if ($uri->query !== null) {
$originalURL = $originalURL . urlencode('?' . $uri->query);
}
// Get the HTML attribute
$element = $context->get('CurrentAttr');
// If element is of type "href" it is most likely a link that should get redirected
// otherwise it's an element that we send through our proxy
if ($element === 'href') {
$uri = new \HTMLPurifier_URI(Util::getServerProtocol(), null, Util::getServerHost(), null, $this->urlGenerator->linkToRoute('mail.proxy.redirect'), 'src=' . $originalURL, null);
return $uri;
} else {
$uri = new \HTMLPurifier_URI(Util::getServerProtocol(), null, Util::getServerHost(), null, $this->urlGenerator->linkToRoute('mail.proxy.proxy'), 'src=' . $originalURL . '&requesttoken=' . \OC::$server->getSession()->get('requesttoken'), null);
return $uri;
}
}
/**
* @param IURLGenerator $urlGenerator
* @param string $appName
* @param \Exception $exception
*
* @return RedirectResponse
*/
public function htmlError($urlGenerator, $appName, Exception $exception)
{
$message = $exception->getMessage();
$code = $this->getHttpStatusCode($exception);
$url = $urlGenerator->linkToRoute($appName . '.page.error_page', ['code' => $code]);
$response = new RedirectResponse($url);
$response->addCookie('galleryErrorMessage', $message);
return $response;
}
public function afterException($controller, $methodName, Exception $exception)
{
if ($exception instanceof TwoFactorAuthRequiredException) {
return new RedirectResponse($this->urlGenerator->linkToRoute('core.TwoFactorChallenge.selectChallenge', ['redirect_url' => urlencode($this->request->server['REQUEST_URI'])]));
}
if ($exception instanceof UserAlreadyLoggedInException) {
return new RedirectResponse($this->urlGenerator->linkToRoute('files.view.index'));
}
}
/**
* Get all items for the users we want to send an email to
*
* @return array Notification data (user => array of rows from the table)
*/
public function getLinkList()
{
$topEntries = array(array('id' => 'all', 'name' => (string) $this->l->t('All Activities'), 'url' => $this->URLGenerator->linkToRoute('activity.Activities.showList')), array('id' => 'self', 'name' => (string) $this->l->t('Activities by you'), 'url' => $this->URLGenerator->linkToRoute('activity.Activities.showList', array('filter' => 'self'))), array('id' => 'by', 'name' => (string) $this->l->t('Activities by others'), 'url' => $this->URLGenerator->linkToRoute('activity.Activities.showList', array('filter' => 'by'))), array('id' => 'shares', 'name' => (string) $this->l->t('Shares'), 'url' => $this->URLGenerator->linkToRoute('activity.Activities.showList', array('filter' => 'shares'))));
$appFilterEntries = array(array('id' => 'files', 'name' => (string) $this->l->t('Files'), 'url' => $this->URLGenerator->linkToRoute('activity.Activities.showList', array('filter' => 'files'))));
$additionalEntries = $this->activityManager->getNavigation();
$topEntries = array_merge($topEntries, $additionalEntries['top']);
$appFilterEntries = array_merge($appFilterEntries, $additionalEntries['apps']);
return array('top' => $topEntries, 'apps' => $appFilterEntries);
}
public function testDownloadWithWrongId()
{
$fileId = 99999;
$filename = null;
$this->mockGetResourceFromId($fileId, false);
$redirect = new RedirectResponse($this->urlGenerator->linkToRoute($this->appName . '.page.error_page'));
$response = $this->controller->download($fileId, $filename);
$this->assertEquals($redirect->getRedirectURL(), $response->getRedirectURL());
}
/**
* @PublicPage
* @NoCSRFRequired
*
* Shows the albums and pictures or redirects to the download location the token gives access to
*
* @param string $token
* @param null|string $filename
*
* @return TemplateResponse|ImageResponse|RedirectResponse
*/
public function publicIndex($token, $filename)
{
$node = $this->environment->getSharedNode();
if ($node->getType() === 'dir') {
return $this->showPublicPage($token);
} else {
$url = $this->urlGenerator->linkToRoute($this->appName . '.files_public.download', ['token' => $token, 'fileId' => $node->getId(), 'filename' => $filename]);
return new RedirectResponse($url);
}
}
/**
* @NoAdminRequired
* @NoCSRFRequired
*
* @throws \Exception If the URL is not valid.
* @return TemplateResponse
*/
public function redirect()
{
$templateName = 'redirect';
$route = 'mail.page.index';
$mailURL = $this->urlGenerator->linkToRoute($route);
$url = $this->request->getParam('src');
$authorizedRedirect = false;
if (strpos($url, 'http://') !== 0 && strpos($url, 'https://') !== 0) {
throw new \Exception('URL is not valid.', 1);
}
// If the request has a referrer from this domain redirect the user without interaction
// this is there to prevent an open redirector.
// Since we can't prevent the referrer from being added with a HTTP only header we rely on an
// additional JS file here.
if (parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST) === Util::getServerHostName()) {
Util::addScript('mail', 'autoredirect');
$authorizedRedirect = true;
}
$params = ['authorizedRedirect' => $authorizedRedirect, 'url' => $url, 'urlHost' => parse_url($url, PHP_URL_HOST), 'mailURL' => $mailURL];
return new TemplateResponse($this->appName, $templateName, $params, 'guest');
}
/**
* @param array $attr
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return array
*/
public function transform($attr, $config, $context)
{
if ($context->get('CurrentToken')->name !== 'img' || !isset($attr['src'])) {
return $attr;
}
// Block tracking pixels
if (isset($attr['width']) && isset($attr['height']) && (int) $attr['width'] < 5 && (int) $attr['height'] < 5) {
// Replace with a transparent png in case it's important for the layout
$attr['src'] = Util::imagePath('mail', 'blocked-image.png');
$attr = $this->setDisplayNone($attr);
return $attr;
}
// Do not block images attached to the email
$url = $this->parser->parse($attr['src']);
if ($url->host === Util::getServerHostName() && $url->path === $this->urlGenerator->linkToRoute('mail.proxy.proxy')) {
$attr['data-original-src'] = $attr['src'];
$attr['src'] = Util::imagePath('mail', 'blocked-image.png');
$attr = $this->setDisplayNone($attr);
}
return $attr;
}
/**
* @param string $path
* @param bool $isDir
* @param string $view
* @return string
*/
protected function getPreviewLink($path, $isDir, $view)
{
$params = ['dir' => $path];
if (!$isDir) {
$params['dir'] = substr_count($path, '/') === 1 ? '/' : dirname($path);
$params['scrollto'] = basename($path);
}
if ($view !== '') {
$params['view'] = $view;
}
return $this->urlGenerator->linkToRoute('files.view.index', $params);
}
/**
* Downloads the file associated with a token
*
* @param File $file
* @param string|null $filename
*
* @return ImageResponse|RedirectResponse
*/
private function downloadFile($file, $filename)
{
try {
$download = $this->downloadService->downloadFile($file);
if (is_null($filename)) {
$filename = $file->getName();
}
$download['name'] = $filename;
return new ImageResponse($download);
} catch (ServiceException $exception) {
$url = $this->urlGenerator->linkToRoute($this->appName . '.page.error_page', ['message' => $exception->getMessage(), 'code' => Http::STATUS_NOT_FOUND]);
return new RedirectResponse($url);
}
}
/**
* @NoAdminRequired
* @NoCSRFRequired
* @UseSession
*
* @param string $challengeProviderId
* @param string $challenge
* @param string $redirect_url
* @return RedirectResponse
*/
public function solveChallenge($challengeProviderId, $challenge, $redirect_url = null)
{
$user = $this->userSession->getUser();
$provider = $this->twoFactorManager->getProvider($user, $challengeProviderId);
if (is_null($provider)) {
return new RedirectResponse($this->urlGenerator->linkToRoute('core.TwoFactorChallenge.selectChallenge'));
}
if ($this->twoFactorManager->verifyChallenge($challengeProviderId, $user, $challenge)) {
if (!is_null($redirect_url)) {
return new RedirectResponse($this->urlGenerator->getAbsoluteURL(urldecode($redirect_url)));
}
return new RedirectResponse($this->urlGenerator->linkToRoute('files.view.index'));
}
$this->session->set('two_factor_auth_error', true);
return new RedirectResponse($this->urlGenerator->linkToRoute('core.TwoFactorChallenge.showChallenge', ['challengeProviderId' => $provider->getId(), 'redirect_url' => $redirect_url]));
}
/**
* @NoAdminRequired
* @NoCSRFRequired
* @CORS
*
* Sends the file matching the fileId
*
* In case of error we send an HTML error page
* We need to keep the session open in order to be able to send the error message to the error
* page
*
* @param int $fileId the ID of the file we want to download
* @param string|null $filename
*
* @return ImageResponse
*/
public function download($fileId, $filename = null)
{
try {
$download = $this->getDownload($fileId, $filename);
} catch (ServiceException $exception) {
$code = $this->getHttpStatusCode($exception);
$url = $this->urlGenerator->linkToRoute($this->appName . '.page.error_page', ['code' => $code]);
// Don't set a cookie for the error message, we don't want it in the API
return new RedirectResponse($url);
}
// That's the only exception out of all the image media types
if ($download['mimetype'] === 'image/svg+xml') {
$download['mimetype'] = 'text/plain';
}
return new ImageResponse($download);
}
/**
* @NoAdminRequired
* @NoCSRFRequired
*
* @param string $src
*
* @throws \Exception If the URL is not valid.
* @return TemplateResponse
*/
public function redirect($src)
{
$authorizedRedirect = false;
if (strpos($src, 'http://') !== 0 && strpos($src, 'https://') !== 0) {
throw new Exception('URL is not valid.', 1);
}
// If the request has a referrer from this domain redirect the user without interaction
// this is there to prevent an open redirector.
// Since we can't prevent the referrer from being added with a HTTP only header we rely on an
// additional JS file here.
if (parse_url($this->referrer, PHP_URL_HOST) === $this->hostname) {
$authorizedRedirect = true;
}
$params = ['authorizedRedirect' => $authorizedRedirect, 'url' => $src, 'urlHost' => parse_url($src, PHP_URL_HOST), 'mailURL' => $this->urlGenerator->linkToRoute('mail.page.index')];
return new TemplateResponse($this->appName, 'redirect', $params, 'guest');
}
/**
* @NoAdminRequired
*
* Sends the file matching the fileId
*
* @param int $fileId the ID of the file we want to download
* @param string|null $filename
*
* @return ImageResponse
*/
public function download($fileId, $filename = null)
{
try {
$download = $this->getDownload($fileId, $filename);
} catch (ServiceException $exception) {
$code = $this->getHttpStatusCode($exception);
$url = $this->urlGenerator->linkToRoute($this->appName . '.page.error_page', ['code' => $code]);
$response = new RedirectResponse($url);
$response->addCookie('galleryErrorMessage', $exception->getMessage());
return $response;
}
// That's the only exception out of all the image media types we serve
if ($download['mimetype'] === 'image/svg+xml') {
$download['mimetype'] = 'text/plain';
}
return new ImageResponse($download);
}
/**
* @param int $id
* @param string $authorId
* @param int $timeStamp
*/
protected function createPublicity($id, $authorId, $timeStamp)
{
$users = $this->userManager->search('');
$event = $this->activityManager->generateEvent();
$event->setApp('announcementcenter')->setType('announcementcenter')->setAuthor($authorId)->setTimestamp($timeStamp)->setSubject('announcementsubject#' . $id, [$authorId])->setMessage('announcementmessage#' . $id, [$authorId])->setObject('announcement', $id);
$dateTime = new \DateTime();
$dateTime->setTimestamp($timeStamp);
$notification = $this->notificationManager->createNotification();
$notification->setApp('announcementcenter')->setDateTime($dateTime)->setObject('announcement', $id)->setSubject('announced', [$authorId])->setLink($this->urlGenerator->linkToRoute('announcementcenter.page.index'));
foreach ($users as $user) {
$event->setAffectedUser($user->getUID());
$this->activityManager->publish($event);
if ($authorId !== $user->getUID()) {
$notification->setUser($user->getUID());
$this->notificationManager->notify($notification);
}
}
}
/**
* @NoAdminRequired
* @NoCSRFRequired
*
* @param string $uri
* @return TemplateResponse renders the compose page
*/
public function compose($uri)
{
$parts = parse_url($uri);
$params = ['mailto' => $parts['path']];
if (isset($parts['query'])) {
$parts = explode('&', $parts['query']);
foreach ($parts as $part) {
$pair = explode('=', $part, 2);
$params[strtolower($pair[0])] = urldecode($pair[1]);
}
}
array_walk($params, function (&$value, $key) {
$value = "{$key}=" . urlencode($value);
});
$hashParams = '#' . implode('&', $params);
$baseUrl = $this->urlGenerator->linkToRoute("mail.page.index");
return new RedirectResponse($baseUrl . $hashParams);
}
/**
* If an SecurityException is being caught, ajax requests return a JSON error
* response and non ajax requests redirect to the index
* @param Controller $controller the controller that is being called
* @param string $methodName the name of the method that will be called on
* the controller
* @param \Exception $exception the thrown exception
* @throws \Exception the passed in exception if it can't handle it
* @return Response a Response object or null in case that the exception could not be handled
*/
public function afterException($controller, $methodName, \Exception $exception)
{
if ($exception instanceof SecurityException) {
if (stripos($this->request->getHeader('Accept'), 'html') === false) {
$response = new JSONResponse(array('message' => $exception->getMessage()), $exception->getCode());
} else {
if ($exception instanceof NotLoggedInException) {
$url = $this->urlGenerator->linkToRoute('core.login.showLoginForm', ['redirect_url' => urlencode($this->request->server['REQUEST_URI'])]);
$response = new RedirectResponse($url);
} else {
$response = new TemplateResponse('core', '403', ['file' => $exception->getMessage()], 'guest');
$response->setStatus($exception->getCode());
}
}
$this->logger->debug($exception->getMessage());
return $response;
}
throw $exception;
}
/**
* @PublicPage
* @UseSession
*
* @param string $user
* @param string $password
* @param string $redirect_url
* @return RedirectResponse
*/
public function tryLogin($user, $password, $redirect_url)
{
$originalUser = $user;
// TODO: Add all the insane error handling
/* @var $loginResult IUser */
$loginResult = $this->userManager->checkPassword($user, $password);
if ($loginResult === false) {
$users = $this->userManager->getByEmail($user);
// we only allow login by email if unique
if (count($users) === 1) {
$user = $users[0]->getUID();
$loginResult = $this->userManager->checkPassword($user, $password);
}
}
if ($loginResult === false) {
$this->session->set('loginMessages', [['invalidpassword']]);
// Read current user and append if possible - we need to return the unmodified user otherwise we will leak the login name
$args = !is_null($user) ? ['user' => $originalUser] : [];
return new RedirectResponse($this->urlGenerator->linkToRoute('core.login.showLoginForm', $args));
}
// TODO: remove password checks from above and let the user session handle failures
// requires https://github.com/owncloud/core/pull/24616
$this->userSession->login($user, $password);
$this->userSession->createSessionToken($this->request, $loginResult->getUID(), $user, $password);
if ($this->twoFactorManager->isTwoFactorAuthenticated($loginResult)) {
$this->twoFactorManager->prepareTwoFactorLogin($loginResult);
if (!is_null($redirect_url)) {
return new RedirectResponse($this->urlGenerator->linkToRoute('core.TwoFactorChallenge.selectChallenge', ['redirect_url' => $redirect_url]));
}
return new RedirectResponse($this->urlGenerator->linkToRoute('core.TwoFactorChallenge.selectChallenge'));
}
if (!is_null($redirect_url) && $this->userSession->isLoggedIn()) {
$location = $this->urlGenerator->getAbsoluteURL(urldecode($redirect_url));
// Deny the redirect if the URL contains a @
// This prevents unvalidated redirects like ?redirect_url=:user@domain.com
if (strpos($location, '@') === false) {
return new RedirectResponse($location);
}
}
return new RedirectResponse($this->urlGenerator->linkToRoute('files.view.index'));
}
/**
* @param string $owner
* @param int $fileId
* @param string $filePath
* @return array
*/
protected function getPreview($owner, $fileId, $filePath)
{
$info = $this->infoCache->getInfoById($owner, $fileId, $filePath);
if (!$info['exists'] || $info['view'] !== '') {
return $this->getPreviewFromPath($filePath);
}
$preview = ['link' => $this->getPreviewLink($info['path'], $info['is_dir']), 'source' => '', 'isMimeTypeIcon' => true];
// show a preview image if the file still exists
if ($info['is_dir']) {
$preview['source'] = $this->getPreviewPathFromMimeType('dir');
} else {
$this->view->chroot('/' . $owner . '/files');
$fileInfo = $this->view->getFileInfo($info['path']);
if ($this->preview->isAvailable($fileInfo)) {
$preview['isMimeTypeIcon'] = false;
$preview['source'] = $this->urlGenerator->linkToRoute('core_ajax_preview', ['file' => $info['path'], 'c' => $this->view->getETag($info['path']), 'x' => 150, 'y' => 150]);
} else {
$preview['source'] = $this->getPreviewPathFromMimeType($fileInfo->getMimetype());
}
}
return $preview;
}
/**
* @param string $owner
* @param int $fileId
* @param string $filePath
* @return array
*/
protected function getPreview($owner, $fileId, $filePath)
{
$this->view->chroot('/' . $owner . '/files');
$path = $this->view->getPath($fileId);
if ($path === null || $path === '' || !$this->view->file_exists($path)) {
return $this->getPreviewFromPath($filePath);
}
$is_dir = $this->view->is_dir($path);
$preview = ['link' => $this->getPreviewLink($path, $is_dir), 'source' => '', 'isMimeTypeIcon' => true];
// show a preview image if the file still exists
if ($is_dir) {
$preview['source'] = $this->getPreviewPathFromMimeType('dir');
} else {
$fileInfo = $this->view->getFileInfo($path);
if ($this->preview->isAvailable($fileInfo)) {
$preview['isMimeTypeIcon'] = false;
$preview['source'] = $this->urlGenerator->linkToRoute('core_ajax_preview', ['file' => $path, 'c' => $this->view->getETag($path), 'x' => 150, 'y' => 150]);
} else {
$preview['source'] = $this->getPreviewPathFromMimeType($fileInfo->getMimetype());
}
}
return $preview;
}
/**
* @return RedirectResponse
*/
public function rescanFailedIntegrityCheck()
{
$this->checker->runInstanceVerification();
return new RedirectResponse($this->urlGenerator->linkToRoute('settings_admin'));
}
public function getAlbumWithUri(IURLGenerator $urlGenerator)
{
return array('id' => $this->albumId, 'uri' => $urlGenerator->linkToRoute('music.api.album', array('albumIdOrSlug' => $this->albumId)));
}
public function getUri(IURLGenerator $urlGenerator)
{
return $urlGenerator->linkToRoute('music.api.artist', array('artistIdOrSlug' => $this->id));
}
