Merge branch 'master' of gitorious.org:owncloud/owncloud
This commit is contained in:
commit
1940bc3dc0
|
@ -0,0 +1,5 @@
|
|||
<?php
|
||||
OC_App::register( array(
|
||||
'order' => 10,
|
||||
'id' => 'unhosted',
|
||||
'name' => 'Unhosted Web' ));
|
|
@ -0,0 +1,59 @@
|
|||
<?xml version="1.0" encoding="ISO-8859-1" ?>
|
||||
<database>
|
||||
<name>*dbname*</name>
|
||||
<create>true</create>
|
||||
<overwrite>false</overwrite>
|
||||
<charset>latin1</charset>
|
||||
<table>
|
||||
<name>*dbprefix*authtoken</name>
|
||||
<declaration>
|
||||
<field>
|
||||
<name>token</name>
|
||||
<type>text</type>
|
||||
<default></default>
|
||||
<notnull>true</notnull>
|
||||
<length>40</length>
|
||||
</field>
|
||||
<field>
|
||||
<name>appUrl</name>
|
||||
<type>text</type>
|
||||
<default></default>
|
||||
<notnull>true</notnull>
|
||||
<length>128</length>
|
||||
</field>
|
||||
<field>
|
||||
<name>user</name>
|
||||
<type>text</type>
|
||||
<default></default>
|
||||
<notnull>true</notnull>
|
||||
<length>64</length>
|
||||
</field>
|
||||
<field>
|
||||
<name>dataScope</name>
|
||||
<type>text</type>
|
||||
<default></default>
|
||||
<notnull>true</notnull>
|
||||
<length>64</length>
|
||||
</field>
|
||||
<field>
|
||||
<name>userAddress</name>
|
||||
<type>text</type>
|
||||
<default></default>
|
||||
<notnull>true</notnull>
|
||||
<length>64</length>
|
||||
</field>
|
||||
<index>
|
||||
<name>a_app_unhostedweb_user</name>
|
||||
<unique>true</unique>
|
||||
<field>
|
||||
<name>user</name>
|
||||
<sorting>ascending</sorting>
|
||||
</field>
|
||||
<field>
|
||||
<name>token</name>
|
||||
<sorting>ascending</sorting>
|
||||
</field>
|
||||
</index>
|
||||
</declaration>
|
||||
</table>
|
||||
</database>
|
|
@ -0,0 +1,10 @@
|
|||
<?xml version="1.0"?>
|
||||
<info>
|
||||
<id>unhosted</id>
|
||||
<name>Unhosted Web</name>
|
||||
<description>On websites that allow unhosted accounts, use your owncloud as the storage for your user data</description>
|
||||
<version>0.1</version>
|
||||
<licence>AGPL</licence>
|
||||
<author>Michiel de Jong</author>
|
||||
<require>2</require>
|
||||
</info>
|
|
@ -0,0 +1,110 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* ownCloud
|
||||
*
|
||||
* Original:
|
||||
* @author Frank Karlitschek
|
||||
* @copyright 2010 Frank Karlitschek karlitschek@kde.org
|
||||
*
|
||||
* Adapted:
|
||||
* @author Michiel de Jong, 2011
|
||||
*
|
||||
* This library is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
|
||||
* License as published by the Free Software Foundation; either
|
||||
* version 3 of the License, or any later version.
|
||||
*
|
||||
* This library is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public
|
||||
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
|
||||
*
|
||||
*/
|
||||
|
||||
|
||||
// Do not load FS ...
|
||||
$RUNTIME_NOSETUPFS = true;
|
||||
|
||||
require_once('../../lib/base.php');
|
||||
require_once('Sabre/autoload.php');
|
||||
require_once('lib_unhosted.php');
|
||||
require_once('oauth_ro_auth.php');
|
||||
|
||||
ini_set('default_charset', 'UTF-8');
|
||||
#ini_set('error_reporting', '');
|
||||
@ob_clean();
|
||||
|
||||
//allow use as unhosted storage for other websites
|
||||
if(isset($_SERVER['HTTP_ORIGIN'])) {
|
||||
header('Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN']);
|
||||
header('Access-Control-Max-Age: 3600');
|
||||
header('Access-Control-Allow-Methods: OPTIONS, GET, PUT, DELETE, PROPFIND');
|
||||
header('Access-Control-Allow-Headers: Authorization');
|
||||
} else {
|
||||
header('Access-Control-Allow-Origin: *');
|
||||
}
|
||||
|
||||
$path = substr($_SERVER["REQUEST_URI"], strlen($_SERVER["SCRIPT_NAME"]));
|
||||
$pathParts = explode('/', $path);
|
||||
// for webdav:
|
||||
// 0/ 1 / 2 / 3 / 4 / 5 / 6 / 7
|
||||
// /$ownCloudUser/unhosted/webdav/$userHost/$userName/$dataScope/$key
|
||||
// for oauth:
|
||||
// 0/ 1 / 2 / 3 / 4
|
||||
// /$ownCloudUser/unhosted/oauth/auth
|
||||
|
||||
if(count($pathParts) >= 8 && $pathParts[0] == '' && $pathParts[2] == 'unhosted' && $pathParts[3] == 'webdav') {
|
||||
list($dummy0, $ownCloudUser, $dummy2, $dummy3, $userHost, $userName, $dataScope) = $pathParts;
|
||||
|
||||
OC_Util::setupFS($ownCloudUser);
|
||||
|
||||
// Create ownCloud Dir
|
||||
$publicDir = new OC_Connector_Sabre_Directory('');
|
||||
$server = new Sabre_DAV_Server($publicDir);
|
||||
|
||||
// Path to our script
|
||||
$server->setBaseUri("$WEBROOT/apps/core_unhosted/compat.php/$ownCloudUser");
|
||||
|
||||
// Auth backend
|
||||
$authBackend = new OC_Connector_Sabre_Auth_ro_oauth(OC_UnhostedWeb::getValidTokens($ownCloudUser, $userName.'@'.$userHost, $dataScope));
|
||||
|
||||
$authPlugin = new Sabre_DAV_Auth_Plugin($authBackend,'ownCloud');//should use $validTokens here
|
||||
$server->addPlugin($authPlugin);
|
||||
|
||||
// Also make sure there is a 'data' directory, writable by the server. This directory is used to store information about locks
|
||||
$lockBackend = new OC_Connector_Sabre_Locks();
|
||||
$lockPlugin = new Sabre_DAV_Locks_Plugin($lockBackend);
|
||||
$server->addPlugin($lockPlugin);
|
||||
|
||||
// And off we go!
|
||||
$server->exec();
|
||||
} else if(count($pathParts) >= 4 && $pathParts[0] == '' && $pathParts[2] == 'unhosted' && $pathParts[3] == 'oauth2' && $pathParts[4] = 'auth') {
|
||||
if(isset($_POST['allow'])) {
|
||||
//TODO: input checking. these explodes may fail to produces the desired arrays:
|
||||
$ownCloudUser = $pathParts[1];
|
||||
foreach($_GET as $k => $v) {
|
||||
if($k=='user_address'){
|
||||
$userAddress=$v;
|
||||
} else if($k=='redirect_uri'){
|
||||
$appUrl=$v;
|
||||
} else if($k=='scope'){
|
||||
$dataScope=$v;
|
||||
}
|
||||
}
|
||||
if(OC_User::getUser() == $ownCloudUser) {
|
||||
//TODO: check if this can be faked by editing the cookie in firebug!
|
||||
$token=OC_UnhostedWeb::createDataScope($appUrl, $userAddress, $dataScope);
|
||||
header('Location: '.$_GET['redirect_uri'].'#access_token='.$token.'&token_type=unhosted');
|
||||
} else {
|
||||
die('not logged in: '.var_export($pathParts, true));
|
||||
}
|
||||
} else {
|
||||
echo '<form method="POST"><input name="allow" type="submit" value="Allow this web app to store stuff on your owncloud."></form>';
|
||||
}
|
||||
} else {
|
||||
die('not webdav and not oauth. dont know what to do '.var_export($pathParts, true));
|
||||
}
|
|
@ -0,0 +1,86 @@
|
|||
<?php
|
||||
|
||||
class OC_UnhostedWeb {
|
||||
public static function getValidTokens($ownCloudUser, $userAddress, $dataScope) {
|
||||
$user=OC_DB::escape($ownCloudUser);
|
||||
$userAddress=OC_DB::escape($userAddress);
|
||||
$dataScope=OC_DB::escape($dataScope);
|
||||
$query=OC_DB::prepare("SELECT token,appUrl FROM *PREFIX*authtoken WHERE user=? AND userAddress=? AND dataScope=? LIMIT 100");
|
||||
$result=$query->execute(array($user,$userAddress,$dataScope));
|
||||
if( PEAR::isError($result)) {
|
||||
$entry = 'DB Error: "'.$result->getMessage().'"<br />';
|
||||
$entry .= 'Offending command was: '.$result->getDebugInfo().'<br />';
|
||||
error_log( $entry );
|
||||
die( $entry );
|
||||
}
|
||||
$ret = array();
|
||||
while($row=$result->fetchRow()){
|
||||
$ret[$row['token']]=$userAddress;
|
||||
}
|
||||
return $ret;
|
||||
}
|
||||
|
||||
public static function getAllTokens() {
|
||||
$user=OC_User::getUser();
|
||||
$query=OC_DB::prepare("SELECT token,appUrl,userAddress,dataScope FROM *PREFIX*authtoken WHERE user=? LIMIT 100");
|
||||
$result=$query->execute(array($user));
|
||||
if( PEAR::isError($result)) {
|
||||
$entry = 'DB Error: "'.$result->getMessage().'"<br />';
|
||||
$entry .= 'Offending command was: '.$result->getDebugInfo().'<br />';
|
||||
error_log( $entry );
|
||||
die( $entry );
|
||||
}
|
||||
$ret = array();
|
||||
while($row=$result->fetchRow()){
|
||||
$ret[$row['token']] = array(
|
||||
'appUrl' => $row['appurl'],
|
||||
'userAddress' => $row['useraddress'],
|
||||
'dataScope' => $row['datascope'],
|
||||
);
|
||||
}
|
||||
return $ret;
|
||||
}
|
||||
|
||||
public static function deleteToken($token) {
|
||||
$user=OC_User::getUser();
|
||||
$token=OC_DB::escape($token);
|
||||
$query=OC_DB::prepare("DELETE FROM *PREFIX*authtoken WHERE token=? AND user=?");
|
||||
$result=$query->execute(array($token,$user));
|
||||
if( PEAR::isError($result)) {
|
||||
$entry = 'DB Error: "'.$result->getMessage().'"<br />';
|
||||
$entry .= 'Offending command was: '.$result->getDebugInfo().'<br />';
|
||||
error_log( $entry );
|
||||
die( $entry );
|
||||
}
|
||||
}
|
||||
private static function addToken($token, $appUrl, $userAddress, $dataScope){
|
||||
$user=OC_User::getUser();
|
||||
$token=OC_DB::escape($token);
|
||||
$appUrl=OC_DB::escape($appUrl);
|
||||
$userAddress=OC_DB::escape($userAddress);
|
||||
$dataScope=OC_DB::escape($dataScope);
|
||||
$query=OC_DB::prepare("INSERT INTO *PREFIX*authtoken (`token`,`appUrl`,`user`,`userAddress`,`dataScope`) VALUES(?,?,?,?,?)");
|
||||
$result=$query->execute(array($token,$appUrl,$user,$userAddress,$dataScope));
|
||||
if( PEAR::isError($result)) {
|
||||
$entry = 'DB Error: "'.$result->getMessage().'"<br />';
|
||||
$entry .= 'Offending command was: '.$result->getDebugInfo().'<br />';
|
||||
error_log( $entry );
|
||||
die( $entry );
|
||||
}
|
||||
}
|
||||
public static function createDataScope($appUrl, $userAddress, $dataScope){
|
||||
$token=uniqid();
|
||||
self::addToken($token, $appUrl, $userAddress, $dataScope);
|
||||
//TODO: input checking on $userAddress and $dataScope
|
||||
list($userName, $userHost) = explode('@', $userAddress);
|
||||
OC_Util::setupFS(OC_User::getUser());
|
||||
$scopePathParts = array('unhosted', 'webdav', $userHost, $userName, $dataScope);
|
||||
for($i=0;$i<=count($scopePathParts);$i++){
|
||||
$thisPath = '/'.implode('/', array_slice($scopePathParts, 0, $i));
|
||||
if(!OC_Filesystem::file_exists($thisPath)) {
|
||||
OC_Filesystem::mkdir($thisPath);
|
||||
}
|
||||
}
|
||||
return $token;
|
||||
}
|
||||
}
|
|
@ -0,0 +1,73 @@
|
|||
<?php
|
||||
/**
|
||||
* HTTP Basic authentication backend class
|
||||
*
|
||||
* This class can be used by authentication objects wishing to use HTTP Basic
|
||||
* Most of the digest logic is handled, implementors just need to worry about
|
||||
* the validateUserPass method.
|
||||
*
|
||||
* @package Sabre
|
||||
* @subpackage DAV
|
||||
* @copyright Copyright (C) 2007-2011 Rooftop Solutions. All rights reserved.
|
||||
* @author James David Low (http://jameslow.com/)
|
||||
* @author Evert Pot (http://www.rooftopsolutions.nl/)
|
||||
* @license http://code.google.com/p/sabredav/wiki/License Modified BSD License
|
||||
*/
|
||||
class OC_Connector_Sabre_Auth_ro_oauth extends Sabre_DAV_Auth_Backend_AbstractBasic {
|
||||
private $validTokens;
|
||||
|
||||
public function __construct($validTokensArg) {
|
||||
$this->validTokens = $validTokensArg;
|
||||
}
|
||||
|
||||
/**
|
||||
* Validates a username and password
|
||||
*
|
||||
* This method should return true or false depending on if login
|
||||
* succeeded.
|
||||
*
|
||||
* @return bool
|
||||
*/
|
||||
protected function validateUserPass($username, $password){
|
||||
//always give read-only:
|
||||
if(in_array($_SERVER['REQUEST_METHOD'], array('GET', 'HEAD', 'OPTIONS'))) {
|
||||
OC_Util::setUpFS();
|
||||
return true;
|
||||
} else if(isset($this->validTokens[$password]) && $this->validTokens[$password] == $username) {
|
||||
OC_Util::setUpFS();
|
||||
return true;
|
||||
} else {
|
||||
var_export($_SERVER);
|
||||
var_export($this->validTokens);
|
||||
die('not getting in with "'.$username.'"/"'.$password.'"!');
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
//overwriting this to make it not automatically fail if no auth header is found:
|
||||
public function authenticate(Sabre_DAV_Server $server,$realm) {
|
||||
$auth = new Sabre_HTTP_BasicAuth();
|
||||
$auth->setHTTPRequest($server->httpRequest);
|
||||
$auth->setHTTPResponse($server->httpResponse);
|
||||
$auth->setRealm($realm);
|
||||
$userpass = $auth->getUserPass();
|
||||
if (!$userpass) {
|
||||
if(in_array($_SERVER['REQUEST_METHOD'], array('GET', 'HEAD', 'OPTIONS'))) {
|
||||
$userpass = array('', '');
|
||||
} else {
|
||||
$auth->requireLogin();
|
||||
throw new Sabre_DAV_Exception_NotAuthenticated('No basic authentication headers were found');
|
||||
}
|
||||
}
|
||||
|
||||
// Authenticates the user
|
||||
if (!$this->validateUserPass($userpass[0],$userpass[1])) {
|
||||
$auth->requireLogin();
|
||||
throw new Sabre_DAV_Exception_NotAuthenticated('Username or password does not match');
|
||||
}
|
||||
$this->currentUser = $userpass[0];
|
||||
return true;
|
||||
}
|
||||
|
||||
}
|
||||
|
Loading…
Reference in New Issue