2012-07-29 01:40:11 +04:00
|
|
|
<?php
|
2015-10-05 21:54:56 +03:00
|
|
|
/**
|
|
|
|
* @author Bart Visscher <bartv@thisnet.nl>
|
|
|
|
* @author Bernhard Posselt <dev@bernhard-posselt.com>
|
|
|
|
* @author Björn Schießle <schiessle@owncloud.com>
|
|
|
|
* @author Joas Schilling <nickvergessen@owncloud.com>
|
|
|
|
* @author Jörn Friedrich Dreyer <jfd@butonic.de>
|
|
|
|
* @author Lukas Reschke <lukas@owncloud.com>
|
|
|
|
* @author Michael Gapczynski <GapczynskiM@gmail.com>
|
|
|
|
* @author Morris Jobke <hey@morrisjobke.de>
|
|
|
|
* @author Robin Appelman <icewind@owncloud.com>
|
|
|
|
* @author Thomas Müller <thomas.mueller@tmit.eu>
|
|
|
|
* @author Tom Needham <tom@owncloud.com>
|
|
|
|
* @author Vincent Petry <pvince81@owncloud.com>
|
|
|
|
*
|
2016-01-12 17:02:16 +03:00
|
|
|
* @copyright Copyright (c) 2016, ownCloud, Inc.
|
2015-10-05 21:54:56 +03:00
|
|
|
* @license AGPL-3.0
|
|
|
|
*
|
|
|
|
* This code is free software: you can redistribute it and/or modify
|
|
|
|
* it under the terms of the GNU Affero General Public License, version 3,
|
|
|
|
* as published by the Free Software Foundation.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU Affero General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU Affero General Public License, version 3,
|
|
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>
|
|
|
|
*
|
|
|
|
*/
|
2015-08-03 17:05:50 +03:00
|
|
|
use OCP\API;
|
|
|
|
use OCP\AppFramework\Http;
|
|
|
|
|
2012-07-29 01:40:11 +04:00
|
|
|
/**
|
2015-03-26 13:44:34 +03:00
|
|
|
* @author Bart Visscher <bartv@thisnet.nl>
|
|
|
|
* @author Bernhard Posselt <dev@bernhard-posselt.com>
|
|
|
|
* @author Björn Schießle <schiessle@owncloud.com>
|
2015-06-25 12:43:55 +03:00
|
|
|
* @author Joas Schilling <nickvergessen@owncloud.com>
|
2015-03-26 13:44:34 +03:00
|
|
|
* @author Jörn Friedrich Dreyer <jfd@butonic.de>
|
|
|
|
* @author Lukas Reschke <lukas@owncloud.com>
|
|
|
|
* @author Michael Gapczynski <GapczynskiM@gmail.com>
|
|
|
|
* @author Morris Jobke <hey@morrisjobke.de>
|
|
|
|
* @author Robin Appelman <icewind@owncloud.com>
|
|
|
|
* @author Thomas Müller <thomas.mueller@tmit.eu>
|
|
|
|
* @author Tom Needham <tom@owncloud.com>
|
|
|
|
* @author Vincent Petry <pvince81@owncloud.com>
|
|
|
|
*
|
|
|
|
* @copyright Copyright (c) 2015, ownCloud, Inc.
|
|
|
|
* @license AGPL-3.0
|
|
|
|
*
|
|
|
|
* This code is free software: you can redistribute it and/or modify
|
|
|
|
* it under the terms of the GNU Affero General Public License, version 3,
|
|
|
|
* as published by the Free Software Foundation.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU Affero General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU Affero General Public License, version 3,
|
|
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>
|
|
|
|
*
|
|
|
|
*/
|
2015-02-26 13:37:37 +03:00
|
|
|
|
2012-07-29 01:50:40 +04:00
|
|
|
class OC_API {
|
2012-08-03 04:02:31 +04:00
|
|
|
|
2012-09-13 13:41:20 +04:00
|
|
|
/**
|
|
|
|
* API authentication levels
|
|
|
|
*/
|
2015-04-18 10:17:58 +03:00
|
|
|
|
|
|
|
/** @deprecated Use \OCP\API::GUEST_AUTH instead */
|
2012-09-13 13:41:20 +04:00
|
|
|
const GUEST_AUTH = 0;
|
2015-04-18 10:17:58 +03:00
|
|
|
|
|
|
|
/** @deprecated Use \OCP\API::USER_AUTH instead */
|
2012-09-13 13:41:20 +04:00
|
|
|
const USER_AUTH = 1;
|
2015-04-18 10:17:58 +03:00
|
|
|
|
|
|
|
/** @deprecated Use \OCP\API::SUBADMIN_AUTH instead */
|
2012-09-13 13:41:20 +04:00
|
|
|
const SUBADMIN_AUTH = 2;
|
2015-04-18 10:17:58 +03:00
|
|
|
|
|
|
|
/** @deprecated Use \OCP\API::ADMIN_AUTH instead */
|
2012-09-13 13:41:20 +04:00
|
|
|
const ADMIN_AUTH = 3;
|
2014-01-13 15:27:05 +04:00
|
|
|
|
2013-01-25 16:48:59 +04:00
|
|
|
/**
|
|
|
|
* API Response Codes
|
|
|
|
*/
|
2015-04-18 10:17:58 +03:00
|
|
|
|
|
|
|
/** @deprecated Use \OCP\API::RESPOND_UNAUTHORISED instead */
|
2013-01-25 16:48:59 +04:00
|
|
|
const RESPOND_UNAUTHORISED = 997;
|
2015-04-18 10:17:58 +03:00
|
|
|
|
|
|
|
/** @deprecated Use \OCP\API::RESPOND_SERVER_ERROR instead */
|
2013-01-25 16:48:59 +04:00
|
|
|
const RESPOND_SERVER_ERROR = 996;
|
2015-04-18 10:17:58 +03:00
|
|
|
|
|
|
|
/** @deprecated Use \OCP\API::RESPOND_NOT_FOUND instead */
|
2013-01-25 16:48:59 +04:00
|
|
|
const RESPOND_NOT_FOUND = 998;
|
2015-04-18 10:17:58 +03:00
|
|
|
|
|
|
|
/** @deprecated Use \OCP\API::RESPOND_UNKNOWN_ERROR instead */
|
2013-01-25 16:48:59 +04:00
|
|
|
const RESPOND_UNKNOWN_ERROR = 999;
|
2014-01-13 15:27:05 +04:00
|
|
|
|
2012-07-29 01:50:40 +04:00
|
|
|
/**
|
2012-12-31 19:47:15 +04:00
|
|
|
* api actions
|
|
|
|
*/
|
2012-07-30 14:56:21 +04:00
|
|
|
protected static $actions = array();
|
2013-10-21 20:58:46 +04:00
|
|
|
private static $logoutRequired = false;
|
2014-12-17 22:22:51 +03:00
|
|
|
private static $isLoggedIn = false;
|
2014-01-13 15:27:05 +04:00
|
|
|
|
2012-07-29 01:50:40 +04:00
|
|
|
/**
|
2012-12-31 19:47:15 +04:00
|
|
|
* registers an api call
|
|
|
|
* @param string $method the http method
|
|
|
|
* @param string $url the url to match
|
|
|
|
* @param callable $action the function to run
|
|
|
|
* @param string $app the id of the app registering the call
|
|
|
|
* @param int $authLevel the level of authentication required for the call
|
|
|
|
* @param array $defaults
|
|
|
|
* @param array $requirements
|
|
|
|
*/
|
2014-01-13 15:27:05 +04:00
|
|
|
public static function register($method, $url, $action, $app,
|
2015-08-03 17:05:50 +03:00
|
|
|
$authLevel = API::USER_AUTH,
|
2012-08-01 01:26:15 +04:00
|
|
|
$defaults = array(),
|
2012-12-31 19:47:15 +04:00
|
|
|
$requirements = array()) {
|
2012-07-29 01:50:40 +04:00
|
|
|
$name = strtolower($method).$url;
|
2012-07-30 22:52:47 +04:00
|
|
|
$name = str_replace(array('/', '{', '}'), '_', $name);
|
2012-12-31 19:47:15 +04:00
|
|
|
if(!isset(self::$actions[$name])) {
|
2014-07-01 18:45:00 +04:00
|
|
|
$oldCollection = OC::$server->getRouter()->getCurrentCollection();
|
2014-03-10 17:06:47 +04:00
|
|
|
OC::$server->getRouter()->useCollection('ocs');
|
|
|
|
OC::$server->getRouter()->create($name, $url)
|
2012-08-01 00:34:35 +04:00
|
|
|
->method($method)
|
2013-06-28 19:25:10 +04:00
|
|
|
->defaults($defaults)
|
|
|
|
->requirements($requirements)
|
2012-07-29 01:50:40 +04:00
|
|
|
->action('OC_API', 'call');
|
|
|
|
self::$actions[$name] = array();
|
2014-07-01 18:45:00 +04:00
|
|
|
OC::$server->getRouter()->useCollection($oldCollection);
|
2012-07-29 01:50:40 +04:00
|
|
|
}
|
2013-01-25 16:48:59 +04:00
|
|
|
self::$actions[$name][] = array('app' => $app, 'action' => $action, 'authlevel' => $authLevel);
|
2012-07-29 01:50:40 +04:00
|
|
|
}
|
2014-01-13 15:27:05 +04:00
|
|
|
|
2012-07-29 01:50:40 +04:00
|
|
|
/**
|
2012-12-31 19:47:15 +04:00
|
|
|
* handles an api call
|
|
|
|
* @param array $parameters
|
|
|
|
*/
|
|
|
|
public static function call($parameters) {
|
2015-02-27 15:05:57 +03:00
|
|
|
$request = \OC::$server->getRequest();
|
2015-03-01 13:46:39 +03:00
|
|
|
$method = $request->getMethod();
|
2015-02-27 15:05:57 +03:00
|
|
|
|
2012-09-17 16:08:17 +04:00
|
|
|
// Prepare the request variables
|
2015-03-01 13:46:39 +03:00
|
|
|
if($method === 'PUT') {
|
2015-02-27 15:05:57 +03:00
|
|
|
$parameters['_put'] = $request->getParams();
|
2015-03-01 13:46:39 +03:00
|
|
|
} else if($method === 'DELETE') {
|
2015-02-27 15:05:57 +03:00
|
|
|
$parameters['_delete'] = $request->getParams();
|
2012-09-17 16:08:17 +04:00
|
|
|
}
|
2012-07-30 23:03:41 +04:00
|
|
|
$name = $parameters['_route'];
|
2013-01-25 16:48:59 +04:00
|
|
|
// Foreach registered action
|
|
|
|
$responses = array();
|
|
|
|
foreach(self::$actions[$name] as $action) {
|
|
|
|
// Check authentication and availability
|
2013-04-27 20:45:23 +04:00
|
|
|
if(!self::isAuthorised($action)) {
|
2013-01-25 16:48:59 +04:00
|
|
|
$responses[] = array(
|
|
|
|
'app' => $action['app'],
|
2015-08-03 17:05:50 +03:00
|
|
|
'response' => new OC_OCS_Result(null, API::RESPOND_UNAUTHORISED, 'Unauthorised'),
|
2013-11-14 02:46:24 +04:00
|
|
|
'shipped' => OC_App::isShipped($action['app']),
|
2013-01-25 16:48:59 +04:00
|
|
|
);
|
|
|
|
continue;
|
2013-01-14 23:30:39 +04:00
|
|
|
}
|
2013-01-25 16:48:59 +04:00
|
|
|
if(!is_callable($action['action'])) {
|
|
|
|
$responses[] = array(
|
|
|
|
'app' => $action['app'],
|
2015-08-03 17:05:50 +03:00
|
|
|
'response' => new OC_OCS_Result(null, API::RESPOND_NOT_FOUND, 'Api method not found'),
|
2013-11-14 02:46:24 +04:00
|
|
|
'shipped' => OC_App::isShipped($action['app']),
|
2013-01-25 16:48:59 +04:00
|
|
|
);
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
// Run the action
|
|
|
|
$responses[] = array(
|
|
|
|
'app' => $action['app'],
|
|
|
|
'response' => call_user_func($action['action'], $parameters),
|
2013-11-14 02:46:24 +04:00
|
|
|
'shipped' => OC_App::isShipped($action['app']),
|
2013-01-25 16:48:59 +04:00
|
|
|
);
|
2012-12-13 01:04:23 +04:00
|
|
|
}
|
2013-01-25 16:48:59 +04:00
|
|
|
$response = self::mergeResponses($responses);
|
2014-03-12 03:35:19 +04:00
|
|
|
$format = self::requestedFormat();
|
2013-10-21 20:58:46 +04:00
|
|
|
if (self::$logoutRequired) {
|
|
|
|
OC_User::logout();
|
|
|
|
}
|
2013-05-02 16:51:53 +04:00
|
|
|
|
|
|
|
self::respond($response, $format);
|
2012-07-29 01:50:40 +04:00
|
|
|
}
|
2014-01-13 15:27:05 +04:00
|
|
|
|
2013-01-25 16:48:59 +04:00
|
|
|
/**
|
|
|
|
* merge the returned result objects into one response
|
|
|
|
* @param array $responses
|
2016-02-17 16:21:07 +03:00
|
|
|
* @return OC_OCS_Result
|
2013-01-25 16:48:59 +04:00
|
|
|
*/
|
2013-11-14 02:46:24 +04:00
|
|
|
public static function mergeResponses($responses) {
|
2014-03-28 14:25:55 +04:00
|
|
|
// Sort into shipped and third-party
|
2013-01-25 16:48:59 +04:00
|
|
|
$shipped = array(
|
2013-02-09 16:50:19 +04:00
|
|
|
'succeeded' => array(),
|
2013-01-25 16:48:59 +04:00
|
|
|
'failed' => array(),
|
|
|
|
);
|
|
|
|
$thirdparty = array(
|
|
|
|
'succeeded' => array(),
|
|
|
|
'failed' => array(),
|
|
|
|
);
|
2013-01-14 23:30:39 +04:00
|
|
|
|
2013-01-25 16:48:59 +04:00
|
|
|
foreach($responses as $response) {
|
2013-11-14 02:46:24 +04:00
|
|
|
if($response['shipped'] || ($response['app'] === 'core')) {
|
2013-01-25 16:48:59 +04:00
|
|
|
if($response['response']->succeeded()) {
|
2013-11-14 02:46:24 +04:00
|
|
|
$shipped['succeeded'][$response['app']] = $response;
|
2013-01-25 16:48:59 +04:00
|
|
|
} else {
|
2013-11-14 02:46:24 +04:00
|
|
|
$shipped['failed'][$response['app']] = $response;
|
2013-01-25 16:48:59 +04:00
|
|
|
}
|
|
|
|
} else {
|
|
|
|
if($response['response']->succeeded()) {
|
2013-11-14 02:46:24 +04:00
|
|
|
$thirdparty['succeeded'][$response['app']] = $response;
|
2013-01-25 16:48:59 +04:00
|
|
|
} else {
|
2013-11-14 02:46:24 +04:00
|
|
|
$thirdparty['failed'][$response['app']] = $response;
|
2013-01-25 16:48:59 +04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2013-05-02 16:36:16 +04:00
|
|
|
|
2013-01-25 16:48:59 +04:00
|
|
|
// Remove any error responses if there is one shipped response that succeeded
|
2013-11-14 05:14:37 +04:00
|
|
|
if(!empty($shipped['failed'])) {
|
2013-01-25 16:48:59 +04:00
|
|
|
// Which shipped response do we use if they all failed?
|
|
|
|
// They may have failed for different reasons (different status codes)
|
2014-03-28 14:25:55 +04:00
|
|
|
// Which response code should we return?
|
2015-04-18 11:30:02 +03:00
|
|
|
// Maybe any that are not \OCP\API::RESPOND_SERVER_ERROR
|
2013-11-14 05:19:46 +04:00
|
|
|
// Merge failed responses if more than one
|
|
|
|
$data = array();
|
|
|
|
foreach($shipped['failed'] as $failure) {
|
|
|
|
$data = array_merge_recursive($data, $failure['response']->getData());
|
|
|
|
}
|
|
|
|
$picked = reset($shipped['failed']);
|
|
|
|
$code = $picked['response']->getStatusCode();
|
2014-01-13 15:27:05 +04:00
|
|
|
$meta = $picked['response']->getMeta();
|
2015-08-10 22:33:50 +03:00
|
|
|
$headers = $picked['response']->getHeaders();
|
|
|
|
$response = new OC_OCS_Result($data, $code, $meta['message'], $headers);
|
2013-11-14 05:19:46 +04:00
|
|
|
return $response;
|
2013-11-14 05:14:37 +04:00
|
|
|
} elseif(!empty($shipped['succeeded'])) {
|
|
|
|
$responses = array_merge($shipped['succeeded'], $thirdparty['succeeded']);
|
2013-05-02 16:36:16 +04:00
|
|
|
} elseif(!empty($thirdparty['failed'])) {
|
2013-11-14 05:21:54 +04:00
|
|
|
// Merge failed responses if more than one
|
|
|
|
$data = array();
|
|
|
|
foreach($thirdparty['failed'] as $failure) {
|
|
|
|
$data = array_merge_recursive($data, $failure['response']->getData());
|
|
|
|
}
|
|
|
|
$picked = reset($thirdparty['failed']);
|
|
|
|
$code = $picked['response']->getStatusCode();
|
2014-01-13 15:27:05 +04:00
|
|
|
$meta = $picked['response']->getMeta();
|
2015-08-10 22:33:50 +03:00
|
|
|
$headers = $picked['response']->getHeaders();
|
|
|
|
$response = new OC_OCS_Result($data, $code, $meta['message'], $headers);
|
2013-11-14 05:21:54 +04:00
|
|
|
return $response;
|
2013-05-02 16:36:16 +04:00
|
|
|
} else {
|
2013-11-13 04:45:49 +04:00
|
|
|
$responses = $thirdparty['succeeded'];
|
2013-01-25 16:48:59 +04:00
|
|
|
}
|
|
|
|
// Merge the successful responses
|
2015-08-10 22:33:50 +03:00
|
|
|
$data = [];
|
|
|
|
$codes = [];
|
|
|
|
$header = [];
|
2013-05-02 16:36:16 +04:00
|
|
|
|
2014-04-21 17:44:54 +04:00
|
|
|
foreach($responses as $response) {
|
2013-11-14 02:46:24 +04:00
|
|
|
if($response['shipped']) {
|
|
|
|
$data = array_merge_recursive($response['response']->getData(), $data);
|
2013-01-25 16:48:59 +04:00
|
|
|
} else {
|
2013-11-14 02:46:24 +04:00
|
|
|
$data = array_merge_recursive($data, $response['response']->getData());
|
2013-01-25 16:48:59 +04:00
|
|
|
}
|
2015-08-10 22:33:50 +03:00
|
|
|
$header = array_merge_recursive($header, $response['response']->getHeaders());
|
|
|
|
$codes[] = ['code' => $response['response']->getStatusCode(),
|
|
|
|
'meta' => $response['response']->getMeta()];
|
2013-01-25 16:48:59 +04:00
|
|
|
}
|
2013-11-13 04:45:49 +04:00
|
|
|
|
|
|
|
// Use any non 100 status codes
|
|
|
|
$statusCode = 100;
|
2014-01-13 15:27:05 +04:00
|
|
|
$statusMessage = null;
|
2013-11-13 04:45:49 +04:00
|
|
|
foreach($codes as $code) {
|
2014-01-13 15:27:05 +04:00
|
|
|
if($code['code'] != 100) {
|
|
|
|
$statusCode = $code['code'];
|
|
|
|
$statusMessage = $code['meta']['message'];
|
2013-11-13 04:45:49 +04:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-08-10 22:33:50 +03:00
|
|
|
return new OC_OCS_Result($data, $statusCode, $statusMessage, $header);
|
2013-01-25 16:48:59 +04:00
|
|
|
}
|
2014-01-13 15:27:05 +04:00
|
|
|
|
2012-09-13 13:41:20 +04:00
|
|
|
/**
|
|
|
|
* authenticate the api call
|
|
|
|
* @param array $action the action details as supplied to OC_API::register()
|
|
|
|
* @return bool
|
|
|
|
*/
|
2012-12-31 19:47:15 +04:00
|
|
|
private static function isAuthorised($action) {
|
2012-09-13 13:41:20 +04:00
|
|
|
$level = $action['authlevel'];
|
2012-12-31 19:47:15 +04:00
|
|
|
switch($level) {
|
2015-08-03 17:05:50 +03:00
|
|
|
case API::GUEST_AUTH:
|
2012-09-13 13:41:20 +04:00
|
|
|
// Anyone can access
|
|
|
|
return true;
|
2015-08-03 17:05:50 +03:00
|
|
|
case API::USER_AUTH:
|
2012-09-13 13:41:20 +04:00
|
|
|
// User required
|
2012-09-13 19:18:38 +04:00
|
|
|
return self::loginUser();
|
2015-08-03 17:05:50 +03:00
|
|
|
case API::SUBADMIN_AUTH:
|
2012-09-13 13:41:20 +04:00
|
|
|
// Check for subadmin
|
2012-09-13 19:18:38 +04:00
|
|
|
$user = self::loginUser();
|
2012-12-31 19:47:15 +04:00
|
|
|
if(!$user) {
|
2012-09-13 19:18:38 +04:00
|
|
|
return false;
|
|
|
|
} else {
|
2015-10-27 16:09:45 +03:00
|
|
|
$userObject = \OC::$server->getUserSession()->getUser();
|
|
|
|
if($userObject === null) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
$isSubAdmin = \OC::$server->getGroupManager()->getSubAdmin()->isSubAdmin($userObject);
|
2013-02-09 16:00:44 +04:00
|
|
|
$admin = OC_User::isAdminUser($user);
|
2015-10-27 16:09:45 +03:00
|
|
|
if($isSubAdmin || $admin) {
|
2012-09-14 17:41:06 +04:00
|
|
|
return true;
|
|
|
|
} else {
|
|
|
|
return false;
|
|
|
|
}
|
2012-09-13 19:18:38 +04:00
|
|
|
}
|
2015-08-03 17:05:50 +03:00
|
|
|
case API::ADMIN_AUTH:
|
2012-09-13 13:41:20 +04:00
|
|
|
// Check for admin
|
2012-09-13 19:18:38 +04:00
|
|
|
$user = self::loginUser();
|
2012-12-31 19:47:15 +04:00
|
|
|
if(!$user) {
|
2012-09-13 19:18:38 +04:00
|
|
|
return false;
|
|
|
|
} else {
|
2013-02-09 16:00:44 +04:00
|
|
|
return OC_User::isAdminUser($user);
|
2012-09-13 19:18:38 +04:00
|
|
|
}
|
2012-09-13 13:41:20 +04:00
|
|
|
default:
|
|
|
|
// oops looks like invalid level supplied
|
|
|
|
return false;
|
|
|
|
}
|
2014-01-13 15:27:05 +04:00
|
|
|
}
|
|
|
|
|
2012-09-13 13:41:20 +04:00
|
|
|
/**
|
2012-09-13 19:18:38 +04:00
|
|
|
* http basic auth
|
2016-02-17 18:13:37 +03:00
|
|
|
* @return string|false (username, or false on failure)
|
2012-09-13 13:41:20 +04:00
|
|
|
*/
|
2014-12-17 22:22:51 +03:00
|
|
|
private static function loginUser() {
|
|
|
|
if(self::$isLoggedIn === true) {
|
|
|
|
return \OC_User::getUser();
|
|
|
|
}
|
2014-03-07 23:00:34 +04:00
|
|
|
|
2014-03-07 23:06:06 +04:00
|
|
|
// reuse existing login
|
|
|
|
$loggedIn = OC_User::isLoggedIn();
|
2014-03-28 14:25:55 +04:00
|
|
|
if ($loggedIn === true) {
|
|
|
|
$ocsApiRequest = isset($_SERVER['HTTP_OCS_APIREQUEST']) ? $_SERVER['HTTP_OCS_APIREQUEST'] === 'true' : false;
|
|
|
|
if ($ocsApiRequest) {
|
2014-03-07 23:00:34 +04:00
|
|
|
|
2014-03-28 14:25:55 +04:00
|
|
|
// initialize the user's filesystem
|
|
|
|
\OC_Util::setUpFS(\OC_User::getUser());
|
2014-12-17 22:22:51 +03:00
|
|
|
self::$isLoggedIn = true;
|
2014-03-07 23:00:34 +04:00
|
|
|
|
2014-03-28 14:25:55 +04:00
|
|
|
return OC_User::getUser();
|
|
|
|
}
|
|
|
|
return false;
|
2014-03-07 23:06:06 +04:00
|
|
|
}
|
2014-03-07 23:00:34 +04:00
|
|
|
|
2014-03-28 14:25:55 +04:00
|
|
|
// basic auth - because OC_User::login will create a new session we shall only try to login
|
|
|
|
// if user and pass are set
|
|
|
|
if(isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW']) ) {
|
|
|
|
$authUser = $_SERVER['PHP_AUTH_USER'];
|
|
|
|
$authPw = $_SERVER['PHP_AUTH_PW'];
|
|
|
|
$return = OC_User::login($authUser, $authPw);
|
|
|
|
if ($return === true) {
|
|
|
|
self::$logoutRequired = true;
|
2013-11-08 14:24:19 +04:00
|
|
|
|
2014-03-28 14:25:55 +04:00
|
|
|
// initialize the user's filesystem
|
|
|
|
\OC_Util::setUpFS(\OC_User::getUser());
|
2014-12-17 22:22:51 +03:00
|
|
|
self::$isLoggedIn = true;
|
2013-11-08 14:24:19 +04:00
|
|
|
|
2016-03-07 13:17:33 +03:00
|
|
|
/**
|
|
|
|
* Add DAV authenticated. This should in an ideal world not be
|
|
|
|
* necessary but the iOS App reads cookies from anywhere instead
|
|
|
|
* only the DAV endpoint.
|
|
|
|
* This makes sure that the cookies will be valid for the whole scope
|
|
|
|
* @see https://github.com/owncloud/core/issues/22893
|
|
|
|
*/
|
|
|
|
\OC::$server->getSession()->set(
|
|
|
|
\OCA\DAV\Connector\Sabre\Auth::DAV_AUTHENTICATED,
|
|
|
|
\OC::$server->getUserSession()->getUser()->getUID()
|
|
|
|
);
|
|
|
|
|
2014-12-17 22:33:22 +03:00
|
|
|
return \OC_User::getUser();
|
2014-03-28 14:25:55 +04:00
|
|
|
}
|
2013-10-21 20:58:46 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
return false;
|
2012-09-13 13:41:20 +04:00
|
|
|
}
|
2014-01-13 15:27:05 +04:00
|
|
|
|
2012-07-29 01:50:40 +04:00
|
|
|
/**
|
2012-12-31 19:47:15 +04:00
|
|
|
* respond to a call
|
2013-01-25 16:48:59 +04:00
|
|
|
* @param OC_OCS_Result $result
|
2012-12-31 19:47:15 +04:00
|
|
|
* @param string $format the format xml|json
|
|
|
|
*/
|
2014-06-30 17:37:38 +04:00
|
|
|
public static function respond($result, $format='xml') {
|
2016-02-15 17:38:37 +03:00
|
|
|
$request = \OC::$server->getRequest();
|
|
|
|
|
2013-01-25 16:48:59 +04:00
|
|
|
// Send 401 headers if unauthorised
|
2015-08-03 17:05:50 +03:00
|
|
|
if($result->getStatusCode() === API::RESPOND_UNAUTHORISED) {
|
2016-02-15 17:38:37 +03:00
|
|
|
// If request comes from JS return dummy auth request
|
|
|
|
if($request->getHeader('X-Requested-With') === 'XMLHttpRequest') {
|
|
|
|
header('WWW-Authenticate: DummyBasic realm="Authorisation Required"');
|
|
|
|
} else {
|
|
|
|
header('WWW-Authenticate: Basic realm="Authorisation Required"');
|
|
|
|
}
|
2013-01-25 16:48:59 +04:00
|
|
|
header('HTTP/1.0 401 Unauthorized');
|
|
|
|
}
|
2015-08-03 17:05:50 +03:00
|
|
|
|
2015-08-07 14:12:43 +03:00
|
|
|
foreach($result->getHeaders() as $name => $value) {
|
|
|
|
header($name . ': ' . $value);
|
|
|
|
}
|
|
|
|
|
2015-08-06 01:01:56 +03:00
|
|
|
$meta = $result->getMeta();
|
|
|
|
$data = $result->getData();
|
2016-02-15 17:38:37 +03:00
|
|
|
if (self::isV2($request)) {
|
2015-08-03 17:05:50 +03:00
|
|
|
$statusCode = self::mapStatusCodes($result->getStatusCode());
|
|
|
|
if (!is_null($statusCode)) {
|
2015-08-06 01:01:56 +03:00
|
|
|
$meta['statuscode'] = $statusCode;
|
2015-08-03 17:05:50 +03:00
|
|
|
OC_Response::setStatus($statusCode);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-08-03 22:03:11 +03:00
|
|
|
self::setContentType($format);
|
2015-08-06 01:01:56 +03:00
|
|
|
$body = self::renderResult($format, $meta, $data);
|
2015-08-03 22:03:11 +03:00
|
|
|
echo $body;
|
2012-07-29 01:50:40 +04:00
|
|
|
}
|
2012-08-01 21:48:51 +04:00
|
|
|
|
2014-02-06 19:30:58 +04:00
|
|
|
/**
|
|
|
|
* @param XMLWriter $writer
|
|
|
|
*/
|
2012-12-31 19:47:15 +04:00
|
|
|
private static function toXML($array, $writer) {
|
2012-08-01 21:48:51 +04:00
|
|
|
foreach($array as $k => $v) {
|
2013-01-25 16:48:59 +04:00
|
|
|
if ($k[0] === '@') {
|
|
|
|
$writer->writeAttribute(substr($k, 1), $v);
|
|
|
|
continue;
|
|
|
|
} else if (is_numeric($k)) {
|
2012-08-02 19:48:09 +04:00
|
|
|
$k = 'element';
|
|
|
|
}
|
2013-01-25 16:48:59 +04:00
|
|
|
if(is_array($v)) {
|
2012-08-01 21:48:51 +04:00
|
|
|
$writer->startElement($k);
|
|
|
|
self::toXML($v, $writer);
|
|
|
|
$writer->endElement();
|
|
|
|
} else {
|
|
|
|
$writer->writeElement($k, $v);
|
|
|
|
}
|
|
|
|
}
|
2012-09-14 17:41:06 +04:00
|
|
|
}
|
2014-01-13 15:27:05 +04:00
|
|
|
|
2014-03-12 03:35:19 +04:00
|
|
|
/**
|
|
|
|
* @return string
|
|
|
|
*/
|
|
|
|
public static function requestedFormat() {
|
|
|
|
$formats = array('json', 'xml');
|
|
|
|
|
|
|
|
$format = !empty($_GET['format']) && in_array($_GET['format'], $formats) ? $_GET['format'] : 'xml';
|
|
|
|
return $format;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Based on the requested format the response content type is set
|
2016-02-17 16:21:07 +03:00
|
|
|
* @param string $format
|
2014-03-12 03:35:19 +04:00
|
|
|
*/
|
2015-08-03 22:03:11 +03:00
|
|
|
public static function setContentType($format = null) {
|
|
|
|
$format = is_null($format) ? self::requestedFormat() : $format;
|
2014-03-12 03:35:19 +04:00
|
|
|
if ($format === 'xml') {
|
|
|
|
header('Content-type: text/xml; charset=UTF-8');
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
if ($format === 'json') {
|
|
|
|
header('Content-Type: application/json; charset=utf-8');
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
header('Content-Type: application/octet-stream; charset=utf-8');
|
|
|
|
}
|
|
|
|
|
2015-08-03 17:05:50 +03:00
|
|
|
/**
|
2015-10-13 00:39:16 +03:00
|
|
|
* @param \OCP\IRequest $request
|
|
|
|
* @return bool
|
2015-08-03 17:05:50 +03:00
|
|
|
*/
|
2015-10-13 00:39:16 +03:00
|
|
|
protected static function isV2(\OCP\IRequest $request) {
|
2015-08-03 17:05:50 +03:00
|
|
|
$script = $request->getScriptName();
|
2014-03-12 03:35:19 +04:00
|
|
|
|
2015-10-13 00:39:16 +03:00
|
|
|
return substr($script, -11) === '/ocs/v2.php';
|
2015-08-03 17:05:50 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @param integer $sc
|
2015-08-05 12:23:29 +03:00
|
|
|
* @return int
|
2015-08-03 17:05:50 +03:00
|
|
|
*/
|
|
|
|
public static function mapStatusCodes($sc) {
|
|
|
|
switch ($sc) {
|
|
|
|
case API::RESPOND_NOT_FOUND:
|
|
|
|
return Http::STATUS_NOT_FOUND;
|
|
|
|
case API::RESPOND_SERVER_ERROR:
|
|
|
|
return Http::STATUS_INTERNAL_SERVER_ERROR;
|
|
|
|
case API::RESPOND_UNKNOWN_ERROR:
|
|
|
|
return Http::STATUS_INTERNAL_SERVER_ERROR;
|
|
|
|
case API::RESPOND_UNAUTHORISED:
|
|
|
|
// already handled for v1
|
|
|
|
return null;
|
|
|
|
case 100:
|
|
|
|
return Http::STATUS_OK;
|
|
|
|
}
|
|
|
|
// any 2xx, 4xx and 5xx will be used as is
|
|
|
|
if ($sc >= 200 && $sc < 600) {
|
|
|
|
return $sc;
|
|
|
|
}
|
|
|
|
|
2015-08-05 18:49:44 +03:00
|
|
|
return Http::STATUS_BAD_REQUEST;
|
2015-08-03 17:05:50 +03:00
|
|
|
}
|
2015-08-03 22:03:11 +03:00
|
|
|
|
|
|
|
/**
|
|
|
|
* @param string $format
|
|
|
|
* @return string
|
|
|
|
*/
|
2015-08-06 01:01:56 +03:00
|
|
|
public static function renderResult($format, $meta, $data) {
|
2015-08-03 22:03:11 +03:00
|
|
|
$response = array(
|
|
|
|
'ocs' => array(
|
2015-08-06 01:01:56 +03:00
|
|
|
'meta' => $meta,
|
|
|
|
'data' => $data,
|
2015-08-03 22:03:11 +03:00
|
|
|
),
|
|
|
|
);
|
|
|
|
if ($format == 'json') {
|
|
|
|
return OC_JSON::encode($response);
|
|
|
|
}
|
|
|
|
|
|
|
|
$writer = new XMLWriter();
|
|
|
|
$writer->openMemory();
|
|
|
|
$writer->setIndent(true);
|
|
|
|
$writer->startDocument();
|
|
|
|
self::toXML($response, $writer);
|
|
|
|
$writer->endDocument();
|
|
|
|
return $writer->outputMemory(true);
|
|
|
|
}
|
2012-07-30 23:03:41 +04:00
|
|
|
}
|