Mirrors
/
nextcloud-server
mirror of https://github.com/nextcloud/server
3
0
Fork 0
Code Releases Activity
Browse Source

implementation of the federated share provider

remotes/origin/users-ajaxloadgroups
Bjoern Schiessle 10 years ago
committed by Björn Schießle
parent
9eef38c593
commit
9079388e02
11 changed files with 1250 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 1
      .gitignore
  2. 27
      apps/federatedfilesharing/appinfo/app.php
  3. 14
      apps/federatedfilesharing/appinfo/info.xml
  4. 184
      apps/federatedfilesharing/lib/addresshandler.php
  5. 556
      apps/federatedfilesharing/lib/federatedshareprovider.php
  6. 144
      apps/federatedfilesharing/lib/notifications.php
  7. 61
      apps/federatedfilesharing/lib/tokenhandler.php
  8. 198
      apps/federatedfilesharing/tests/lib/addressHandlerTest.php
  9. 62
      apps/federatedfilesharing/tests/lib/tokenHandlerTest.php
  10. 3
      core/shipped.json
  11. 1
      tests/enable_all.php

1
.gitignore
View File

@ -13,6 +13,7 @@
!/apps/dav
!/apps/files
!/apps/federation
!/apps/federatedfilesharing
!/apps/encryption
!/apps/files_external
!/apps/files_sharing

27
apps/federatedfilesharing/appinfo/app.php
View File

@ -0,0 +1,27 @@
<?php
/**
* @author Björn Schießle <schiessle@owncloud.com>
*
* @copyright Copyright (c) 2016, ownCloud, Inc.
* @license AGPL-3.0
*
* This code is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License, version 3,
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License, version 3,
* along with this program. If not, see <http://www.gnu.org/licenses/>
*
*/
namespace OCA\FederatedFileSharing\AppInfo;
use OCP\AppFramework\App;
new App('federatedfilesharing');

14
apps/federatedfilesharing/appinfo/info.xml
View File

@ -0,0 +1,14 @@
<?xml version="1.0"?>
<info>
<id>federatedfilesharing</id>
<name>Federated File Sharing</name>
<description>Provide federated file sharing across ownCloud servers</description>
<licence>AGPL</licence>
<author>Bjoern Schiessle, Roeland Jago Douma</author>
<version>0.1.0</version>
<namespace>FederatedFileSharing</namespace>
<category>other</category>
<dependencies>
<owncloud min-version="9.0" max-version="9.0" />
</dependencies>
</info>

184
apps/federatedfilesharing/lib/addresshandler.php
View File

@ -0,0 +1,184 @@
<?php
/**
* @author Björn Schießle <schiessle@owncloud.com>
*
* @copyright Copyright (c) 2016, ownCloud, Inc.
* @license AGPL-3.0
*
* This code is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License, version 3,
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License, version 3,
* along with this program. If not, see <http://www.gnu.org/licenses/>
*
*/
namespace OCA\FederatedFileSharing;
use OC\HintException;
use OCP\IL10N;
use OCP\IURLGenerator;
/**
* Class AddressHandler - parse, modify and construct federated sharing addresses
*
* @package OCA\FederatedFileSharing
*/
class AddressHandler {
/** @var IL10N */
private $l;
/** @var IURLGenerator */
private $urlGenerator;
/**
* AddressHandler constructor.
*
* @param IURLGenerator $urlGenerator
* @param IL10N $il10n
*/
public function __construct(
IURLGenerator $urlGenerator,
IL10N $il10n
) {
$this->l = $il10n;
$this->urlGenerator = $urlGenerator;
}
/**
* split user and remote from federated cloud id
*
* @param string $address federated share address
* @return array [user, remoteURL]
* @throws HintException
*/
public function splitUserRemote($address) {
if (strpos($address, '@') === false) {
$hint = $this->l->t('Invalid Federated Cloud ID');
throw new HintException('Invalid Federated Cloud ID', $hint);
}
// Find the first character that is not allowed in user names
$id = str_replace('\\', '/', $address);
$posSlash = strpos($id, '/');
$posColon = strpos($id, ':');
if ($posSlash === false && $posColon === false) {
$invalidPos = strlen($id);
} else if ($posSlash === false) {
$invalidPos = $posColon;
} else if ($posColon === false) {
$invalidPos = $posSlash;
} else {
$invalidPos = min($posSlash, $posColon);
}
// Find the last @ before $invalidPos
$pos = $lastAtPos = 0;
while ($lastAtPos !== false && $lastAtPos <= $invalidPos) {
$pos = $lastAtPos;
$lastAtPos = strpos($id, '@', $pos + 1);
}
if ($pos !== false) {
$user = substr($id, 0, $pos);
$remote = substr($id, $pos + 1);
$remote = $this->fixRemoteURL($remote);
if (!empty($user) && !empty($remote)) {
return array($user, $remote);
}
}
$hint = $this->l->t('Invalid Federated Cloud ID');
throw new HintException('Invalid Federated Cloud ID', $hint);
}
/**
* generate remote URL part of federated ID
*
* @return string url of the current server
*/
public function generateRemoteURL() {
$url = $this->urlGenerator->getAbsoluteURL('/');
return $url;
}
/**
* check if two federated cloud IDs refer to the same user
*
* @param string $user1
* @param string $server1
* @param string $user2
* @param string $server2
* @return bool true if both users and servers are the same
*/
public function compareAddresses($user1, $server1, $user2, $server2) {
$normalizedServer1 = strtolower($this->removeProtocolFromUrl($server1));
$normalizedServer2 = strtolower($this->removeProtocolFromUrl($server2));
if (rtrim($normalizedServer1, '/') === rtrim($normalizedServer2, '/')) {
// FIXME this should be a method in the user management instead
\OCP\Util::emitHook(
'\OCA\Files_Sharing\API\Server2Server',
'preLoginNameUsedAsUserName',
array('uid' => &$user1)
);
\OCP\Util::emitHook(
'\OCA\Files_Sharing\API\Server2Server',
'preLoginNameUsedAsUserName',
array('uid' => &$user2)
);
if ($user1 === $user2) {
return true;
}
}
return false;
}
/**
* remove protocol from URL
*
* @param string $url
* @return string
*/
public function removeProtocolFromUrl($url) {
if (strpos($url, 'https://') === 0) {
return substr($url, strlen('https://'));
} else if (strpos($url, 'http://') === 0) {
return substr($url, strlen('http://'));
}
return $url;
}
/**
* Strips away a potential file names and trailing slashes:
* - http://localhost
* - http://localhost/
* - http://localhost/index.php
* - http://localhost/index.php/s/{shareToken}
*
* all return: http://localhost
*
* @param string $remote
* @return string
*/
protected function fixRemoteURL($remote) {
$remote = str_replace('\\', '/', $remote);
if ($fileNamePosition = strpos($remote, '/index.php')) {
$remote = substr($remote, 0, $fileNamePosition);
}
$remote = rtrim($remote, '/');
return $remote;
}
}

556
apps/federatedfilesharing/lib/federatedshareprovider.php
View File

@ -0,0 +1,556 @@
<?php
/**
* @author Björn Schießle <schiessle@owncloud.com>
*
* @copyright Copyright (c) 2016, ownCloud, Inc.
* @license AGPL-3.0
*
* This code is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License, version 3,
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License, version 3,
* along with this program. If not, see <http://www.gnu.org/licenses/>
*
*/
namespace OCA\FederatedFileSharing;
use OC\Share20\Share;
use OCP\Files\IRootFolder;
use OCP\IL10N;
use OCP\ILogger;
use OCP\Share\IShare;
use OCP\Share\IShareProvider;
use OC\Share20\Exception\InvalidShare;
use OCP\Share\Exceptions\ShareNotFound;
use OCP\Files\NotFoundException;
use OCP\IDBConnection;
use OCP\Files\Node;
/**
* Class FederatedShareProvider
*
* @package OCA\FederatedFileSharing
*/
class FederatedShareProvider implements IShareProvider {
const SHARE_TYPE_REMOTE = 6;
/** @var IDBConnection */
private $dbConnection;
/** @var AddressHandler */
private $addressHandler;
/** @var Notifications */
private $notifications;
/** @var TokenHandler */
private $tokenHandler;
/** @var IL10N */
private $l;
/** @var ILogger */
private $logger;
/** @var IRootFolder */
private $rootFolder;
/**
* DefaultShareProvider constructor.
*
* @param IDBConnection $connection
* @param AddressHandler $addressHandler
* @param Notifications $notifications
* @param TokenHandler $tokenHandler
* @param IL10N $l10n
* @param ILogger $logger
* @param IRootFolder $rootFolder
*/
public function __construct(
IDBConnection $connection,
AddressHandler $addressHandler,
Notifications $notifications,
TokenHandler $tokenHandler,
IL10N $l10n,
ILogger $logger,
IRootFolder $rootFolder
) {
$this->dbConnection = $connection;
$this->addressHandler = $addressHandler;
$this->notifications = $notifications;
$this->tokenHandler = $tokenHandler;
$this->l = $l10n;
$this->logger = $logger;
$this->rootFolder = $rootFolder;
}
/**
* Return the identifier of this provider.
*
* @return string Containing only [a-zA-Z0-9]
*/
public function identifier() {
return 'ocFederatedSharing';
}
/**
* Share a path
*
* @param IShare $share
* @return IShare The share object
* @throws ShareNotFound
* @throws \Exception
*/
public function create(IShare $share) {
$shareWith = $share->getSharedWith();
$itemSource = $share->getNodeId();
$itemType = $share->getNodeType();
$uidOwner = $share->getShareOwner();
$permissions = $share->getPermissions();
$sharedBy = $share->getSharedBy();
/*
* Check if file is not already shared with the remote user
*/
$alreadyShared = $this->getSharedWith($shareWith, self::SHARE_TYPE_REMOTE, $share->getNode(), 1, 0);
if (!empty($alreadyShared)) {
$message = 'Sharing %s failed, because this item is already shared with %s';
$message_t = $this->l->t('Sharing %s failed, because this item is already shared with %s', array($share->getNode()->getName(), $shareWith));
$this->logger->debug(sprintf($message, $share->getNode()->getName(), $shareWith), ['app' => 'Federated File Sharing']);
throw new \Exception($message_t);
}
// don't allow federated shares if source and target server are the same
list($user, $remote) = $this->addressHandler->splitUserRemote($shareWith);
$currentServer = $this->addressHandler->generateRemoteURL();
$currentUser = $sharedBy;
if ($this->addressHandler->compareAddresses($user, $remote, $currentUser, $currentServer)) {
$message = 'Not allowed to create a federated share with the same user.';
$message_t = $this->l->t('Not allowed to create a federated share with the same user');
$this->logger->debug($message, ['app' => 'Federated File Sharing']);
throw new \Exception($message_t);
}
$token = $this->tokenHandler->generateToken();
$shareWith = $user . '@' . $remote;
$shareId = $this->addShareToDB($itemSource, $itemType, $shareWith, $sharedBy, $uidOwner, $permissions, $token);
$send = $this->notifications->sendRemoteShare(
$token,
$shareWith,
$share->getNode()->getName(),
$shareId,
$share->getSharedBy()
);
$data = $this->getRawShare($shareId);
$share = $this->createShare($data);
if ($send === false) {
$this->delete($share);
$message_t = $this->l->t('Sharing %s failed, could not find %s, maybe the server is currently unreachable.',
[$share->getNode()->getName(), $shareWith]);
throw new \Exception($message_t);
}
return $share;
}
/**
* add share to the database and return the ID
*
* @param int $itemSource
* @param string $itemType
* @param string $shareWith
* @param string $sharedBy
* @param string $uidOwner
* @param int $permissions
* @param string $token
* @return int
*/
private function addShareToDB($itemSource, $itemType, $shareWith, $sharedBy, $uidOwner, $permissions, $token) {
$qb = $this->dbConnection->getQueryBuilder();
$qb->insert('share')
->setValue('share_type', $qb->createNamedParameter(self::SHARE_TYPE_REMOTE))
->setValue('item_type', $qb->createNamedParameter($itemType))
->setValue('item_source', $qb->createNamedParameter($itemSource))
->setValue('file_source', $qb->createNamedParameter($itemSource))
->setValue('share_with', $qb->createNamedParameter($shareWith))
->setValue('uid_owner', $qb->createNamedParameter($uidOwner))
->setValue('uid_initiator', $qb->createNamedParameter($sharedBy))
->setValue('permissions', $qb->createNamedParameter($permissions))
->setValue('token', $qb->createNamedParameter($token))
->setValue('stime', $qb->createNamedParameter(time()));
$qb->execute();
$id = $qb->getLastInsertId();
return (int)$id;
}
/**
* Update a share
*
* @param IShare $share
* @return IShare The share object
*/
public function update(IShare $share) {
/*
* We allow updating the permissions of federated shares
*/
$qb = $this->dbConnection->getQueryBuilder();
$qb->update('share')
->where($qb->expr()->eq('id', $qb->createNamedParameter($share->getId())))
->set('permissions', $qb->createNamedParameter($share->getPermissions()))
->execute();
return $share;
}
/**
* @inheritdoc
*/
public function move(IShare $share, $recipient) {
/*
* This function does nothing yet as it is just for outgoing
* federated shares.
*/
return $share;
}
/**
* Get all children of this share
*
* @param IShare $parent
* @return IShare[]
*/
public function getChildren(IShare $parent) {
$children = [];
$qb = $this->dbConnection->getQueryBuilder();
$qb->select('*')
->from('share')
->where($qb->expr()->eq('parent', $qb->createNamedParameter($parent->getId())))
->andWhere($qb->expr()->eq('share_type', $qb->createNamedParameter(self::SHARE_TYPE_REMOTE)))
->orderBy('id');
$cursor = $qb->execute();
while($data = $cursor->fetch()) {
$children[] = $this->createShare($data);
}
$cursor->closeCursor();
return $children;
}
/**
* Delete a share
*
* @param IShare $share
*/
public function delete(IShare $share) {
$qb = $this->dbConnection->getQueryBuilder();
$qb->delete('share')
->where($qb->expr()->eq('id', $qb->createNamedParameter($share->getId())));
$qb->execute();
list(, $remote) = $this->addressHandler->splitUserRemote($share->getSharedWith());
$this->notifications->sendRemoteUnShare($remote, $share->getId(), $share->getToken());
}
/**
* @inheritdoc
*/
public function deleteFromSelf(IShare $share, $recipient) {
// nothing to do here. Technically deleteFromSelf in the context of federated
// shares is a umount of a external storage. This is handled here
// apps/files_sharing/lib/external/manager.php
// TODO move this code over to this app
return;
}
/**
* @inheritdoc
*/
public function getSharesBy($userId, $shareType, $node, $reshares, $limit, $offset) {
$qb = $this->dbConnection->getQueryBuilder();
$qb->select('*')
->from('share');
$qb->andWhere($qb->expr()->eq('share_type', $qb->createNamedParameter(self::SHARE_TYPE_REMOTE)));
/**
* Reshares for this user are shares where they are the owner.
*/
if ($reshares === false) {
//Special case for old shares created via the web UI
$or1 = $qb->expr()->andX(
$qb->expr()->eq('uid_owner', $qb->createNamedParameter($userId)),
$qb->expr()->isNull('uid_initiator')
);
$qb->andWhere(
$qb->expr()->orX(
$qb->expr()->eq('uid_initiator', $qb->createNamedParameter($userId)),
$or1
)
);
} else {
$qb->andWhere(
$qb->expr()->orX(
$qb->expr()->eq('uid_owner', $qb->createNamedParameter($userId)),
$qb->expr()->eq('uid_initiator', $qb->createNamedParameter($userId))
)
);
}
if ($node !== null) {
$qb->andWhere($qb->expr()->eq('file_source', $qb->createNamedParameter($node->getId())));
}
if ($limit !== -1) {
$qb->setMaxResults($limit);
}
$qb->setFirstResult($offset);
$qb->orderBy('id');
$cursor = $qb->execute();
$shares = [];
while($data = $cursor->fetch()) {
$shares[] = $this->createShare($data);
}
$cursor->closeCursor();
return $shares;
}
/**
* @inheritdoc
*/
public function getShareById($id, $recipientId = null) {
$qb = $this->dbConnection->getQueryBuilder();
$qb->select('*')
->from('share')
->where($qb->expr()->eq('id', $qb->createNamedParameter($id)))
->andWhere($qb->expr()->eq('share_type', $qb->createNamedParameter(self::SHARE_TYPE_REMOTE)));
$cursor = $qb->execute();
$data = $cursor->fetch();
$cursor->closeCursor();
if ($data === false) {
throw new ShareNotFound();
}
try {
$share = $this->createShare($data);
} catch (InvalidShare $e) {
throw new ShareNotFound();
}
return $share;
}
/**
* Get shares for a given path
*
* @param \OCP\Files\Node $path
* @return IShare[]
*/
public function getSharesByPath(Node $path) {
$qb = $this->dbConnection->getQueryBuilder();
$cursor = $qb->select('*')
->from('share')
->andWhere($qb->expr()->eq('file_source', $qb->createNamedParameter($path->getId())))
->andWhere($qb->expr()->eq('share_type', $qb->createNamedParameter(self::SHARE_TYPE_REMOTE)))
->execute();
$shares = [];
while($data = $cursor->fetch()) {
$shares[] = $this->createShare($data);
}
$cursor->closeCursor();
return $shares;
}
/**
* @inheritdoc
*/
public function getSharedWith($userId, $shareType, $node, $limit, $offset) {
/** @var IShare[] $shares */
$shares = [];
//Get shares directly with this user
$qb = $this->dbConnection->getQueryBuilder();
$qb->select('*')
->from('share');
// Order by id
$qb->orderBy('id');
// Set limit and offset
if ($limit !== -1) {
$qb->setMaxResults($limit);
}
$qb->setFirstResult($offset);
$qb->where($qb->expr()->eq('share_type', $qb->createNamedParameter(self::SHARE_TYPE_REMOTE)));
$qb->andWhere($qb->expr()->eq('share_with', $qb->createNamedParameter($userId)));
// Filter by node if provided
if ($node !== null) {
$qb->andWhere($qb->expr()->eq('file_source', $qb->createNamedParameter($node->getId())));
}
$cursor = $qb->execute();
while($data = $cursor->fetch()) {
$shares[] = $this->createShare($data);
}
$cursor->closeCursor();
return $shares;
}
/**
* Get a share by token
*
* @param string $token
* @return IShare
* @throws ShareNotFound
*/
public function getShareByToken($token) {
$qb = $this->dbConnection->getQueryBuilder();
$cursor = $qb->select('*')
->from('share')
->where($qb->expr()->eq('share_type', $qb->createNamedParameter(self::SHARE_TYPE_REMOTE)))
->andWhere($qb->expr()->eq('token', $qb->createNamedParameter($token)))
->execute();
$data = $cursor->fetch();
if ($data === false) {
throw new ShareNotFound();
}
try {
$share = $this->createShare($data);
} catch (InvalidShare $e) {
throw new ShareNotFound();
}
return $share;
}
/**
* get database row of a give share
*
* @param $id
* @return array
* @throws ShareNotFound
*/
private function getRawShare($id) {
// Now fetch the inserted share and create a complete share object
$qb = $this->dbConnection->getQueryBuilder();
$qb->select('*')
->from('share')
->where($qb->expr()->eq('id', $qb->createNamedParameter($id)));
$cursor = $qb->execute();
$data = $cursor->fetch();
$cursor->closeCursor();
if ($data === false) {
throw new ShareNotFound;
}
return $data;
}
/**
* Create a share object from an database row
*
* @param array $data
* @return IShare
* @throws InvalidShare
* @throws ShareNotFound
*/
private function createShare($data) {
$share = new Share($this->rootFolder);
$share->setId((int)$data['id'])
->setShareType((int)$data['share_type'])
->setPermissions((int)$data['permissions'])
->setTarget($data['file_target'])
->setMailSend((bool)$data['mail_send'])
->setToken($data['token']);
$shareTime = new \DateTime();
$shareTime->setTimestamp((int)$data['stime']);
$share->setShareTime($shareTime);
$share->setSharedWith($data['share_with']);
if ($data['uid_initiator'] !== null) {
$share->setShareOwner($data['uid_owner']);
$share->setSharedBy($data['uid_initiator']);
} else {
//OLD SHARE
$share->setSharedBy($data['uid_owner']);
$path = $this->getNode($share->getSharedBy(), (int)$data['file_source']);
$owner = $path->getOwner();
$share->setShareOwner($owner->getUID());
}
$share->setNodeId((int)$data['file_source']);
$share->setNodeType($data['item_type']);
$share->setProviderId($this->identifier());
return $share;
}
/**
* Get the node with file $id for $user
*
* @param string $userId
* @param int $id
* @return \OCP\Files\File|\OCP\Files\Folder
* @throws InvalidShare
*/
private function getNode($userId, $id) {
try {
$userFolder = $this->rootFolder->getUserFolder($userId);
} catch (NotFoundException $e) {
throw new InvalidShare();
}
$nodes = $userFolder->getById($id);
if (empty($nodes)) {
throw new InvalidShare();
}
return $nodes[0];
}
}

144
apps/federatedfilesharing/lib/notifications.php
View File

@ -0,0 +1,144 @@
<?php
/**
* @author Björn Schießle <schiessle@owncloud.com>
*
* @copyright Copyright (c) 2016, ownCloud, Inc.
* @license AGPL-3.0
*
* This code is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License, version 3,
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License, version 3,
* along with this program. If not, see <http://www.gnu.org/licenses/>
*
*/
namespace OCA\FederatedFileSharing;
use OCP\Http\Client\IClientService;
class Notifications {
const BASE_PATH_TO_SHARE_API = '/ocs/v1.php/cloud/shares';
const RESPONSE_FORMAT = 'json'; // default response format for ocs calls
/** @var AddressHandler */
private $addressHandler;
/** @var IClientService */
private $httpClientService;
/**
* Notifications constructor.
*
* @param AddressHandler $addressHandler
* @param IClientService $httpClientService
*/
public function __construct(
AddressHandler $addressHandler,
IClientService $httpClientService
) {
$this->addressHandler = $addressHandler;
$this->httpClientService = $httpClientService;
}
/**
* send server-to-server share to remote server
*
* @param string $token
* @param string $shareWith
* @param string $name
* @param int $remote_id
* @param string $owner
* @return bool
*/
public function sendRemoteShare($token, $shareWith, $name, $remote_id, $owner) {
list($user, $remote) = $this->addressHandler->splitUserRemote($shareWith);
if ($user && $remote) {
$url = $remote . self::BASE_PATH_TO_SHARE_API . '?format=' . self::RESPONSE_FORMAT;
$local = $this->addressHandler->generateRemoteURL();
$fields = array(
'shareWith' => $user,
'token' => $token,
'name' => $name,
'remoteId' => $remote_id,
'owner' => $owner,
'remote' => $local,
);
$url = $this->addressHandler->removeProtocolFromUrl($url);
$result = $this->tryHttpPost($url, $fields);
$status = json_decode($result['result'], true);
if ($result['success'] && $status['ocs']['meta']['statuscode'] === 100) {
\OC_Hook::emit('OCP\Share', 'federated_share_added', ['server' => $remote]);
return true;
}
}
return false;
}
/**
* send server-to-server unshare to remote server
*
* @param string $remote url
* @param int $id share id
* @param string $token
* @return bool
*/
public function sendRemoteUnShare($remote, $id, $token) {
$url = rtrim($remote, '/') . self::BASE_PATH_TO_SHARE_API . '/' . $id . '/unshare?format=' . self::RESPONSE_FORMAT;
$fields = array('token' => $token, 'format' => 'json');
$url = $this->addressHandler->removeProtocolFromUrl($url);
$result = $this->tryHttpPost($url, $fields);
$status = json_decode($result['result'], true);
return ($result['success'] && $status['ocs']['meta']['statuscode'] === 100);
}
/**
* try http post first with https and then with http as a fallback
*
* @param string $url
* @param array $fields post parameters
* @return array
*/
private function tryHttpPost($url, array $fields) {
$client = $this->httpClientService->newClient();
$protocol = 'https://';
$result = [
'success' => false,
'result' => '',
];
$try = 0;
while ($result['success'] === false && $try < 2) {
try {
$response = $client->post($protocol . $url, [
'body' => $fields
]);
$result['result'] = $response->getBody();
$result['success'] = true;
break;
} catch (\Exception $e) {
$try++;
$protocol = 'http://';
}
}
return $result;
}
}

61
apps/federatedfilesharing/lib/tokenhandler.php
View File

@ -0,0 +1,61 @@
<?php
/**
* @author Björn Schießle <schiessle@owncloud.com>
*
* @copyright Copyright (c) 2016, ownCloud, Inc.
* @license AGPL-3.0
*
* This code is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License, version 3,
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License, version 3,
* along with this program. If not, see <http://www.gnu.org/licenses/>
*
*/
namespace OCA\FederatedFileSharing;
use OCP\Security\ISecureRandom;
/**
* Class TokenHandler
*
* @package OCA\FederatedFileSharing
*/
class TokenHandler {
const TOKEN_LENGTH = 15;
/** @var ISecureRandom */
private $secureRandom;
/**
* TokenHandler constructor.
*
* @param ISecureRandom $secureRandom
*/
public function __construct(ISecureRandom $secureRandom) {
$this->secureRandom = $secureRandom;
}
/**
* generate to token used to authenticate federated shares
*
* @return string
*/
public function generateToken() {
$token = $this->secureRandom->generate(
self::TOKEN_LENGTH,
ISecureRandom::CHAR_LOWER . ISecureRandom::CHAR_UPPER . ISecureRandom::CHAR_DIGITS);
return $token;
}
}

198
apps/federatedfilesharing/tests/lib/addressHandlerTest.php
View File

@ -0,0 +1,198 @@
<?php
/**
* @author Björn Schießle <schiessle@owncloud.com>
*
* @copyright Copyright (c) 2016, ownCloud, Inc.
* @license AGPL-3.0
*
* This code is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License, version 3,
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License, version 3,
* along with this program. If not, see <http://www.gnu.org/licenses/>
*
*/
namespace OCA\FederatedFileSharing\Tests\lib;
use OCA\FederatedFileSharing\AddressHandler;
use OCP\IL10N;
use OCP\IURLGenerator;
use Test\TestCase;
class AddressHandlerTest extends TestCase {
/** @var AddressHandler */
private $addressHandler;
/** @var IURLGenerator | \PHPUnit_Framework_MockObject_MockObject */
private $urlGenerator;
/** @var IL10N | \PHPUnit_Framework_MockObject_MockObject */
private $il10n;
public function setUp() {
parent::setUp();
$this->urlGenerator = $this->getMock('OCP\IURLGenerator');
$this->il10n = $this->getMock('OCP\IL10N');
$this->addressHandler = new AddressHandler($this->urlGenerator, $this->il10n);
}
public function dataTestSplitUserRemote() {
$userPrefix = ['user@name', 'username'];
$protocols = ['', 'http://', 'https://'];
$remotes = [
'localhost',
'local.host',
'dev.local.host',
'dev.local.host/path',
'dev.local.host/at@inpath',
'127.0.0.1',
'::1',
'::192.0.2.128',
'::192.0.2.128/at@inpath',
];
$testCases = [];
foreach ($userPrefix as $user) {
foreach ($remotes as $remote) {
foreach ($protocols as $protocol) {
$baseUrl = $user . '@' . $protocol . $remote;
$testCases[] = [$baseUrl, $user, $protocol . $remote];
$testCases[] = [$baseUrl . '/', $user, $protocol . $remote];
$testCases[] = [$baseUrl . '/index.php', $user, $protocol . $remote];
$testCases[] = [$baseUrl . '/index.php/s/token', $user, $protocol . $remote];
}
}
}
return $testCases;
}
/**
* @dataProvider dataTestSplitUserRemote
*
* @param string $remote
* @param string $expectedUser
* @param string $expectedUrl
*/
public function testSplitUserRemote($remote, $expectedUser, $expectedUrl) {
list($remoteUser, $remoteUrl) = $this->addressHandler->splitUserRemote($remote);
$this->assertSame($expectedUser, $remoteUser);
$this->assertSame($expectedUrl, $remoteUrl);
}
public function dataTestSplitUserRemoteError() {
return array(
// Invalid path
array('user@'),
// Invalid user
array('@server'),
array('us/er@server'),
array('us:er@server'),
// Invalid splitting
array('user'),
array(''),
array('us/erserver'),
array('us:erserver'),
);
}
/**
* @dataProvider dataTestSplitUserRemoteError
*
* @param string $id
* @expectedException \OC\HintException
*/
public function testSplitUserRemoteError($id) {
$this->addressHandler->splitUserRemote($id);
}
/**
* @dataProvider dataTestCompareAddresses
*
* @param string $user1
* @param string $server1
* @param string $user2
* @param string $server2
* @param bool $expected
*/
public function testCompareAddresses($user1, $server1, $user2, $server2, $expected) {
$this->assertSame($expected,
$this->addressHandler->compareAddresses($user1, $server1, $user2, $server2)
);
}
public function dataTestCompareAddresses() {
return [
['user1', 'http://server1', 'user1', 'http://server1', true],
['user1', 'https://server1', 'user1', 'http://server1', true],
['user1', 'http://serVer1', 'user1', 'http://server1', true],
['user1', 'http://server1/', 'user1', 'http://server1', true],
['user1', 'server1', 'user1', 'http://server1', true],
['user1', 'http://server1', 'user1', 'http://server2', false],
['user1', 'https://server1', 'user1', 'http://server2', false],
['user1', 'http://serVer1', 'user1', 'http://serer2', false],
['user1', 'http://server1/', 'user1', 'http://server2', false],
['user1', 'server1', 'user1', 'http://server2', false],
['user1', 'http://server1', 'user2', 'http://server1', false],
['user1', 'https://server1', 'user2', 'http://server1', false],
['user1', 'http://serVer1', 'user2', 'http://server1', false],
['user1', 'http://server1/', 'user2', 'http://server1', false],
['user1', 'server1', 'user2', 'http://server1', false],
];
}
/**
* @dataProvider dataTestRemoveProtocolFromUrl
*
* @param string $url
* @param string $expectedResult
*/
public function testRemoveProtocolFromUrl($url, $expectedResult) {
$result = $this->addressHandler->removeProtocolFromUrl($url);
$this->assertSame($expectedResult, $result);
}
public function dataTestRemoveProtocolFromUrl() {
return [
['http://owncloud.org', 'owncloud.org'],
['https://owncloud.org', 'owncloud.org'],
['owncloud.org', 'owncloud.org'],
];
}
/**
* @dataProvider dataTestFixRemoteUrl
*
* @param string $url
* @param string $expected
*/
public function testFixRemoteUrl($url, $expected) {
$this->assertSame($expected,
$this->invokePrivate($this->addressHandler, 'fixRemoteURL', [$url])
);
}
public function dataTestFixRemoteUrl() {
return [
['http://localhost', 'http://localhost'],
['http://localhost/', 'http://localhost'],
['http://localhost/index.php', 'http://localhost'],
['http://localhost/index.php/s/AShareToken', 'http://localhost'],
];
}
}

62
apps/federatedfilesharing/tests/lib/tokenHandlerTest.php
View File

@ -0,0 +1,62 @@
<?php
/**
* @author Björn Schießle <schiessle@owncloud.com>
*
* @copyright Copyright (c) 2016, ownCloud, Inc.
* @license AGPL-3.0
*
* This code is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License, version 3,
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License, version 3,
* along with this program. If not, see <http://www.gnu.org/licenses/>
*
*/
namespace OCA\FederatedFileSharing\Tests\lib;
use OCA\FederatedFileSharing\TokenHandler;
use OCP\Security\ISecureRandom;
use Test\TestCase;
class TokenHandlerTest extends TestCase {
/** @var TokenHandler */
private $tokenHandler;
/** @var ISecureRandom | \PHPUnit_Framework_MockObject_MockObject */
private $secureRandom;
/** @var int */
private $expectedTokenLength = 15;
public function setUp() {
parent::setUp();
$this->secureRandom = $this->getMock('OCP\Security\ISecureRandom');
$this->tokenHandler = new TokenHandler($this->secureRandom);
}
public function testGenerateToken() {
$this->secureRandom->expects($this->once())->method('generate')
->with(
$this->expectedTokenLength,
ISecureRandom::CHAR_LOWER . ISecureRandom::CHAR_UPPER . ISecureRandom::CHAR_DIGITS
)
->willReturn(true);
$this->assertTrue($this->tokenHandler->generateToken());
}
}

3
core/shipped.json
View File

@ -35,7 +35,8 @@
"user_ldap",
"user_shibboleth",
"windows_network_drive",
"workflow"
"workflow",
"federatedfilesharing"
],
"alwaysEnabled": [
"files",

1
tests/enable_all.php
View File

@ -23,3 +23,4 @@ enableApp('user_ldap');
enableApp('files_versions');
enableApp('provisioning_api');
enableApp('federation');
enableApp('federatedfilesharing');
Write Preview
Loading…
Cancel
Save