Merge pull request #10285 from nextcloud/anonymous-options-13

[13] Add sabre plugin to allow anonymous options requests to the dav root

apps/dav/composer/composer/autoload_classmap.php

@@ -74,6 +74,7 @@ return array(
     'OCA\\DAV\\Comments\\RootCollection' => $baseDir . '/../lib/Comments/RootCollection.php',
     'OCA\\DAV\\Connector\\LegacyDAVACL' => $baseDir . '/../lib/Connector/LegacyDAVACL.php',
     'OCA\\DAV\\Connector\\PublicAuth' => $baseDir . '/../lib/Connector/PublicAuth.php',
+    'OCA\\DAV\\Connector\\Sabre\\AnonymousOptionsPlugin' => $baseDir . '/../lib/Connector/Sabre/AnonymousOptionsPlugin.php',
     'OCA\\DAV\\Connector\\Sabre\\AppEnabledPlugin' => $baseDir . '/../lib/Connector/Sabre/AppEnabledPlugin.php',
     'OCA\\DAV\\Connector\\Sabre\\Auth' => $baseDir . '/../lib/Connector/Sabre/Auth.php',
     'OCA\\DAV\\Connector\\Sabre\\BearerAuth' => $baseDir . '/../lib/Connector/Sabre/BearerAuth.php',
@@ -122,6 +123,7 @@ return array(
     'OCA\\DAV\\Files\\BrowserErrorPagePlugin' => $baseDir . '/../lib/Files/BrowserErrorPagePlugin.php',
     'OCA\\DAV\\Files\\FileSearchBackend' => $baseDir . '/../lib/Files/FileSearchBackend.php',
     'OCA\\DAV\\Files\\FilesHome' => $baseDir . '/../lib/Files/FilesHome.php',
+    'OCA\\DAV\\Files\\LazySearchBackend' => $baseDir . '/../lib/Files/LazySearchBackend.php',
     'OCA\\DAV\\Files\\RootCollection' => $baseDir . '/../lib/Files/RootCollection.php',
     'OCA\\DAV\\Files\\Sharing\\FilesDropPlugin' => $baseDir . '/../lib/Files/Sharing/FilesDropPlugin.php',
     'OCA\\DAV\\Files\\Sharing\\PublicLinkCheckPlugin' => $baseDir . '/../lib/Files/Sharing/PublicLinkCheckPlugin.php',

apps/dav/composer/composer/autoload_static.php

@@ -89,6 +89,7 @@ class ComposerStaticInitDAV
         'OCA\\DAV\\Comments\\RootCollection' => __DIR__ . '/..' . '/../lib/Comments/RootCollection.php',
         'OCA\\DAV\\Connector\\LegacyDAVACL' => __DIR__ . '/..' . '/../lib/Connector/LegacyDAVACL.php',
         'OCA\\DAV\\Connector\\PublicAuth' => __DIR__ . '/..' . '/../lib/Connector/PublicAuth.php',
+        'OCA\\DAV\\Connector\\Sabre\\AnonymousOptionsPlugin' => __DIR__ . '/..' . '/../lib/Connector/Sabre/AnonymousOptionsPlugin.php',
         'OCA\\DAV\\Connector\\Sabre\\AppEnabledPlugin' => __DIR__ . '/..' . '/../lib/Connector/Sabre/AppEnabledPlugin.php',
         'OCA\\DAV\\Connector\\Sabre\\Auth' => __DIR__ . '/..' . '/../lib/Connector/Sabre/Auth.php',
         'OCA\\DAV\\Connector\\Sabre\\BearerAuth' => __DIR__ . '/..' . '/../lib/Connector/Sabre/BearerAuth.php',
@@ -137,6 +138,7 @@ class ComposerStaticInitDAV
         'OCA\\DAV\\Files\\BrowserErrorPagePlugin' => __DIR__ . '/..' . '/../lib/Files/BrowserErrorPagePlugin.php',
         'OCA\\DAV\\Files\\FileSearchBackend' => __DIR__ . '/..' . '/../lib/Files/FileSearchBackend.php',
         'OCA\\DAV\\Files\\FilesHome' => __DIR__ . '/..' . '/../lib/Files/FilesHome.php',
+        'OCA\\DAV\\Files\\LazySearchBackend' => __DIR__ . '/..' . '/../lib/Files/LazySearchBackend.php',
         'OCA\\DAV\\Files\\RootCollection' => __DIR__ . '/..' . '/../lib/Files/RootCollection.php',
         'OCA\\DAV\\Files\\Sharing\\FilesDropPlugin' => __DIR__ . '/..' . '/../lib/Files/Sharing/FilesDropPlugin.php',
         'OCA\\DAV\\Files\\Sharing\\PublicLinkCheckPlugin' => __DIR__ . '/..' . '/../lib/Files/Sharing/PublicLinkCheckPlugin.php',

apps/dav/lib/Connector/Sabre/AnonymousOptionsPlugin.php

@@ -0,0 +1,66 @@
+<?php
+/**
+ * @copyright Copyright (c) 2018 Robin Appelman <robin@icewind.nl>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OCA\DAV\Connector\Sabre;
+
+use Sabre\DAV\CorePlugin;
+use Sabre\DAV\FS\Directory;
+use Sabre\DAV\ServerPlugin;
+use Sabre\DAV\Tree;
+use Sabre\HTTP\RequestInterface;
+use Sabre\HTTP\ResponseInterface;
+
+class AnonymousOptionsPlugin extends ServerPlugin {
+
+	/**
+	 * @var \Sabre\DAV\Server
+	 */
+	private $server;
+
+	/**
+	 * @param \Sabre\DAV\Server $server
+	 * @return void
+	 */
+	public function initialize(\Sabre\DAV\Server $server) {
+		$this->server = $server;
+		// before auth
+		$this->server->on('beforeMethod', [$this, 'handleAnonymousOptions'], 9);
+	}
+
+	/**
+	 * @throws \Sabre\DAV\Exception\Forbidden
+	 * @return bool
+	 */
+	public function handleAnonymousOptions(RequestInterface $request, ResponseInterface $response) {
+		if ($request->getMethod() === 'OPTIONS' && $request->getPath() === '') {
+			/** @var CorePlugin $corePlugin */
+			$corePlugin = $this->server->getPlugin('core');
+			// setup a fake tree for anonymous access
+			$this->server->tree = new Tree(new Directory(''));
+			$corePlugin->httpOptions($request, $response);
+			$this->server->emit('afterMethod', [$request, $response]);
+			$this->server->emit('afterMethod:OPTIONS', [$request, $response]);
+
+			$this->server->sapi->sendResponse($response);
+			return false;
+		}
+	}
+}

apps/dav/lib/Connector/Sabre/ServerFactory.php

@@ -111,6 +111,7 @@ class ServerFactory {
 		// Load plugins
 		$server->addPlugin(new \OCA\DAV\Connector\Sabre\MaintenancePlugin($this->config));
 		$server->addPlugin(new \OCA\DAV\Connector\Sabre\BlockLegacyClientPlugin($this->config));
+		$server->addPlugin(new \OCA\DAV\Connector\Sabre\AnonymousOptionsPlugin());
 		$server->addPlugin($authPlugin);
 		// FIXME: The following line is a workaround for legacy components relying on being able to send a GET to /
 		$server->addPlugin(new \OCA\DAV\Connector\Sabre\DummyGetResponsePlugin());

apps/dav/lib/Files/LazySearchBackend.php

@@ -0,0 +1,72 @@
+<?php
+/**
+ * @copyright Copyright (c) 2018 Robin Appelman <robin@icewind.nl>
+ *
+ * @author Robin Appelman <robin@icewind.nl>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OCA\DAV\Files;
+
+use SearchDAV\Backend\ISearchBackend;
+use SearchDAV\XML\BasicSearch;
+
+class LazySearchBackend implements ISearchBackend {
+	/**
+	 * @var ISearchBackend $backend
+	 */
+	private $backend = null;
+
+	public function setBackend(ISearchBackend $backend) {
+		$this->backend = $backend;
+	}
+
+	public function getArbiterPath() {
+		if ($this->backend) {
+			return $this->backend->getArbiterPath();
+		} else {
+			return '';
+		}
+	}
+
+	public function isValidScope($href, $depth, $path) {
+		if ($this->backend) {
+			return $this->backend->getArbiterPath();
+		} else {
+			return false;
+		}
+	}
+
+	public function getPropertyDefinitionsForScope($href, $path) {
+		if ($this->backend) {
+			return $this->backend->getPropertyDefinitionsForScope($href, $path);
+		} else {
+			return [];
+		}
+	}
+
+	public function search(BasicSearch $query) {
+		if ($this->backend) {
+			return $this->backend->search($query);
+		} else {
+			return [];
+		}
+	}
+
+
+}

apps/dav/lib/Server.php

@@ -54,6 +54,8 @@ use OCA\DAV\DAV\PublicAuth;
 use OCA\DAV\DAV\CustomPropertiesBackend;
 use OCA\DAV\Connector\Sabre\QuotaPlugin;
 use OCA\DAV\Files\BrowserErrorPagePlugin;
+use OCA\DAV\Connector\Sabre\AnonymousOptionsPlugin;
+use OCA\DAV\Files\LazySearchBackend;
 use OCA\DAV\SystemTag\SystemTagPlugin;
 use OCA\DAV\Upload\ChunkingPlugin;
 use OCP\IRequest;
@@ -101,6 +103,7 @@ class Server {
 		$this->server->setBaseUri($this->baseUri);
 
 		$this->server->addPlugin(new BlockLegacyClientPlugin(\OC::$server->getConfig()));
+		$this->server->addPlugin(new AnonymousOptionsPlugin());
 		$authPlugin = new Plugin();
 		$authPlugin->addBackend(new PublicAuth());
 		$this->server->addPlugin($authPlugin);
@@ -195,8 +198,11 @@ class Server {
 			$this->server->addPlugin(new BrowserErrorPagePlugin());
 		}
 
+		$lazySearchBackend = new LazySearchBackend();
+		$this->server->addPlugin(new SearchPlugin($lazySearchBackend));
+
 		// wait with registering these until auth is handled and the filesystem is setup
-		$this->server->on('beforeMethod', function () use ($root) {
+		$this->server->on('beforeMethod', function () use ($root, $lazySearchBackend) {
 			// custom properties plugin must be the last one
 			$userSession = \OC::$server->getUserSession();
 			$user = $userSession->getUser();
@@ -255,13 +261,13 @@ class Server {
 						\OC::$server->getGroupManager(),
 						$userFolder
 					));
-					$this->server->addPlugin(new SearchPlugin(new \OCA\DAV\Files\FileSearchBackend(
+					$lazySearchBackend->setBackend(new \OCA\DAV\Files\FileSearchBackend(
 						$this->server->tree,
 						$user,
 						\OC::$server->getRootFolder(),
 						\OC::$server->getShareManager(),
 						$view
-					)));
+					));
 				}
 				$this->server->addPlugin(new \OCA\DAV\CalDAV\BirthdayCalendar\EnablePlugin(
 					\OC::$server->getConfig(),

apps/dav/tests/unit/DAV/AnonymousOptionsTest.php

@@ -0,0 +1,71 @@
+<?php
+/**
+ * @copyright Copyright (c) 2018 Robin Appelman <robin@icewind.nl>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OCA\DAV\tests\unit\DAV;
+
+use OCA\DAV\Connector\Sabre\AnonymousOptionsPlugin;
+use Sabre\DAV\Auth\Backend\BasicCallBack;
+use Sabre\DAV\Auth\Plugin;
+use Sabre\DAV\Server;
+use Sabre\HTTP\ResponseInterface;
+use Sabre\HTTP\Sapi;
+use Test\TestCase;
+
+class AnonymousOptionsTest extends TestCase {
+	private function sendRequest($method, $path) {
+		$server = new Server();
+		$server->addPlugin(new AnonymousOptionsPlugin());
+		$server->addPlugin(new Plugin(new BasicCallBack(function() {
+			return false;
+		})));
+
+		$server->httpRequest->setMethod($method);
+		$server->httpRequest->setUrl($path);
+
+		$server->sapi = new SapiMock();
+		$server->exec();
+		return $server->httpResponse;
+	}
+
+	public function testAnonymousOptionsRoot() {
+		$response = $this->sendRequest('OPTIONS', '');
+
+		$this->assertEquals(200, $response->getStatus());
+	}
+
+	public function testAnonymousOptionsNonRoot() {
+		$response = $this->sendRequest('OPTIONS', 'foo');
+
+		$this->assertEquals(401, $response->getStatus());
+	}
+}
+
+class SapiMock extends Sapi {
+	/**
+	 * Overriding this so nothing is ever echo'd.
+	 *
+	 * @return void
+	 */
+	static function sendResponse(ResponseInterface $response) {
+
+	}
+
+}