From 03c79ac24fdda8c32177aaf25851a4ad069e6517 Mon Sep 17 00:00:00 2001 From: Robin Appelman Date: Tue, 19 Jan 2016 16:57:20 +0100 Subject: [PATCH] remove custom controler for user provided password auth --- apps/files_external/appinfo/routes.php | 7 +- .../controller/usercredentialscontroller.php | 99 ------------------- .../userglobalstoragescontroller.php | 50 +++++++++- apps/files_external/js/settings.js | 36 +------ .../files_external/lib/auth/iuserprovided.php | 36 +++++++ .../lib/auth/password/userprovided.php | 9 +- apps/files_external/lib/storageconfig.php | 1 + 7 files changed, 97 insertions(+), 141 deletions(-) delete mode 100644 apps/files_external/controller/usercredentialscontroller.php create mode 100644 apps/files_external/lib/auth/iuserprovided.php diff --git a/apps/files_external/appinfo/routes.php b/apps/files_external/appinfo/routes.php index b30ad0a854..c3149a300c 100644 --- a/apps/files_external/appinfo/routes.php +++ b/apps/files_external/appinfo/routes.php @@ -44,12 +44,7 @@ namespace OCA\Files_External\AppInfo; 'url' => '/ajax/public_key.php', 'verb' => 'POST', 'requirements' => array() - ), - [ - 'name' => 'UserCredentials#store', - 'url' => '/usercredentials/{storageId}', - 'verb' => 'PUT' - ] + ) ) ) ); diff --git a/apps/files_external/controller/usercredentialscontroller.php b/apps/files_external/controller/usercredentialscontroller.php deleted file mode 100644 index 5153189d9c..0000000000 --- a/apps/files_external/controller/usercredentialscontroller.php +++ /dev/null @@ -1,99 +0,0 @@ - - * - * @copyright Copyright (c) 2015, ownCloud, Inc. - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see - * - */ - -namespace OCA\Files_External\Controller; - -use OCA\Calendar\Sabre\Backend; -use OCA\Files_External\Lib\Auth\AuthMechanism; -use OCA\Files_External\Lib\Auth\Password\UserProvided; -use OCA\Files_external\Lib\StorageConfig; -use OCA\Files_External\Service\UserGlobalStoragesService; -use OCP\AppFramework\Controller; -use OCP\AppFramework\Http; -use OCP\AppFramework\Http\DataResponse; -use OCP\IL10N; -use OCP\IRequest; -use OCP\IUserSession; - -class UserCredentialsController extends StoragesController { - /** - * @var UserProvided - */ - private $authMechanism; - - /** - * @var IUserSession - */ - private $userSession; - - /** - * @var UserGlobalStoragesService - */ - private $globalStoragesService; - - public function __construct( - $appName, IRequest $request, - UserProvided $authMechanism, - IUserSession $userSession, - IL10N $l10n, - UserGlobalStoragesService $globalStoragesService - ) { - parent::__construct($appName, $request, $l10n, $globalStoragesService); - $this->authMechanism = $authMechanism; - $this->userSession = $userSession; - $this->globalStoragesService = $globalStoragesService; - } - - /** - * @param int $storageId - * @param string $username - * @param string $password - * - * @NoAdminRequired - * @return DataResponse - */ - public function store($storageId, $username, $password) { - $this->authMechanism->saveCredentials($this->userSession->getUser(), $storageId, $username, $password); - - $storage = $this->globalStoragesService->getStorage($storageId); - - $this->updateStorageStatus($storage); - - $storage->setBackendOptions([]); - $storage->setMountOptions([]); - $this->manipulateStorageConfig($storage); - - - return new DataResponse( - $storage, - Http::STATUS_OK - ); - } - - protected function manipulateStorageConfig(StorageConfig $storage) { - /** @var AuthMechanism */ - $authMechanism = $storage->getAuthMechanism(); - $authMechanism->manipulateStorageConfig($storage, $this->userSession->getUser()); - /** @var Backend */ - $backend = $storage->getBackend(); - $backend->manipulateStorageConfig($storage, $this->userSession->getUser()); - } -} diff --git a/apps/files_external/controller/userglobalstoragescontroller.php b/apps/files_external/controller/userglobalstoragescontroller.php index 97b5c90e20..5031d3c46b 100644 --- a/apps/files_external/controller/userglobalstoragescontroller.php +++ b/apps/files_external/controller/userglobalstoragescontroller.php @@ -22,12 +22,12 @@ namespace OCA\Files_External\Controller; use OCA\Files_External\Lib\Auth\AuthMechanism; +use OCA\Files_External\Lib\Auth\IUserProvided; use OCA\Files_External\Lib\Auth\Password\UserProvided; use OCA\Files_External\Lib\InsufficientDataForMeaningfulAnswerException; use \OCP\IRequest; use \OCP\IL10N; use \OCP\AppFramework\Http\DataResponse; -use \OCP\AppFramework\Controller; use \OCP\AppFramework\Http; use \OCA\Files_external\Service\UserGlobalStoragesService; use \OCA\Files_external\NotFoundException; @@ -129,6 +129,54 @@ class UserGlobalStoragesController extends StoragesController { ); } + /** + * Update an external storage entry. + * Only allows setting user provided backend fields + * + * @param int $id storage id + * @param array $backendOptions backend-specific options + * + * @return DataResponse + * + * @NoAdminRequired + */ + public function update( + $id, + $backendOptions + ) { + try { + $storage = $this->service->getStorage($id); + $authMechanism = $storage->getAuthMechanism(); + if ($authMechanism instanceof IUserProvided) { + $authMechanism->saveBackendOptions($this->userSession->getUser(), $id, $backendOptions); + $authMechanism->manipulateStorageConfig($storage, $this->userSession->getUser()); + } else { + return new DataResponse( + [ + 'message' => (string)$this->l10n->t('Storage with id "%i" is not user editable', array($id)) + ], + Http::STATUS_FORBIDDEN + ); + } + } catch (NotFoundException $e) { + return new DataResponse( + [ + 'message' => (string)$this->l10n->t('Storage with id "%i" not found', array($id)) + ], + Http::STATUS_NOT_FOUND + ); + } + + $this->updateStorageStatus($storage); + $this->sanitizeStorage($storage); + + return new DataResponse( + $storage, + Http::STATUS_OK + ); + + } + /** * Remove sensitive data from a StorageConfig before returning it to the user * diff --git a/apps/files_external/js/settings.js b/apps/files_external/js/settings.js index 52b46db6cc..94d0fc2f5a 100644 --- a/apps/files_external/js/settings.js +++ b/apps/files_external/js/settings.js @@ -447,34 +447,7 @@ var UserGlobalStorageConfig = function (id) { UserGlobalStorageConfig.prototype = _.extend({}, StorageConfig.prototype, /** @lends OCA.External.Settings.UserStorageConfig.prototype */ { - _url: 'apps/files_external/userglobalstorages', - - /** - * Creates or saves the storage. - * - * @param {Function} [options.success] success callback, receives result as argument - * @param {Function} [options.error] error callback - */ - save: function (options) { - var self = this; - var url = OC.generateUrl('apps/files_external/usercredentials/{id}', {id: this.id}); - - $.ajax({ - type: 'PUT', - url: url, - contentType: 'application/json', - data: JSON.stringify({ - username: this.backendOptions.user, - password: this.backendOptions.password - }), - success: function (result) { - if (_.isFunction(options.success)) { - options.success(result); - } - }, - error: options.error - }); - } + _url: 'apps/files_external/userglobalstorages' }); /** @@ -914,9 +887,10 @@ MountConfigListView.prototype = _.extend({ var onCompletion = jQuery.Deferred(); $.each(result, function(i, storageParams) { var storageConfig; - var isUserProvidedAuth = storageParams.authMechanism === 'password::userprovided'; + console.log(storageParams); + var isUserGlobal = storageParams.type === 'system' && self._isPersonal; storageParams.mountPoint = storageParams.mountPoint.substr(1); // trim leading slash - if (isUserProvidedAuth) { + if (isUserGlobal) { storageConfig = new UserGlobalStorageConfig(); } else { storageConfig = new self._storageConfigClass(); @@ -935,7 +909,7 @@ MountConfigListView.prototype = _.extend({ $tr.find('.mountOptionsToggle, .remove').empty(); $tr.find('input:not(.user_provided), select:not(.user_provided)').attr('disabled', 'disabled'); - if (isUserProvidedAuth) { + if (isUserGlobal) { $tr.find('.configuration').find(':not(.user_provided)').remove(); } else { // userglobal storages do not expose configuration data diff --git a/apps/files_external/lib/auth/iuserprovided.php b/apps/files_external/lib/auth/iuserprovided.php new file mode 100644 index 0000000000..6b7eab4e2a --- /dev/null +++ b/apps/files_external/lib/auth/iuserprovided.php @@ -0,0 +1,36 @@ + + * + * @copyright Copyright (c) 2015, ownCloud, Inc. + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see + * + */ + +namespace OCA\Files_External\Lib\Auth; + +use OCP\IUser; + +/** + * For auth mechanisms where the user needs to provide credentials + */ +interface IUserProvided { + /** + * @param IUser $user the user for which to save the user provided options + * @param int $mountId the mount id to save the options for + * @param array $options the user provided options + */ + public function saveBackendOptions(IUser $user, $mountId, array $options); +} diff --git a/apps/files_external/lib/auth/password/userprovided.php b/apps/files_external/lib/auth/password/userprovided.php index 1c2cc0a6d9..e1c1352022 100644 --- a/apps/files_external/lib/auth/password/userprovided.php +++ b/apps/files_external/lib/auth/password/userprovided.php @@ -21,6 +21,7 @@ namespace OCA\Files_External\Lib\Auth\Password; +use OCA\Files_External\Lib\Auth\IUserProvided; use OCA\Files_External\Lib\DefinitionParameter; use OCA\Files_External\Service\BackendService; use OCP\IL10N; @@ -34,7 +35,7 @@ use OCA\Files_External\Lib\InsufficientDataForMeaningfulAnswerException; /** * User provided Username and Password */ -class UserProvided extends AuthMechanism { +class UserProvided extends AuthMechanism implements IUserProvided { const CREDENTIALS_IDENTIFIER_PREFIX = 'password::userprovided/'; @@ -62,10 +63,10 @@ class UserProvided extends AuthMechanism { return self::CREDENTIALS_IDENTIFIER_PREFIX . $storageId; } - public function saveCredentials(IUser $user, $id, $username, $password) { + public function saveBackendOptions(IUser $user, $id, array $options) { $this->credentialsManager->store($user->getUID(), $this->getCredentialsIdentifier($id), [ - 'user' => $username, - 'password' => $password + 'user' => $options['user'], // explicitly copy the fields we want instead of just passing the entire $options array + 'password' => $options['password'] // this way we prevent users from being able to modify any other field ]); } diff --git a/apps/files_external/lib/storageconfig.php b/apps/files_external/lib/storageconfig.php index 33646e603c..7f71689384 100644 --- a/apps/files_external/lib/storageconfig.php +++ b/apps/files_external/lib/storageconfig.php @@ -406,6 +406,7 @@ class StorageConfig implements \JsonSerializable { if (!is_null($this->statusMessage)) { $result['statusMessage'] = $this->statusMessage; } + $result['type'] = ($this->getType() === self::MOUNT_TYPE_PERSONAl) ? 'personal': 'system'; return $result; } }