adding core_unhosted app

apps/core_unhosted/admin.php

@@ -0,0 +1,50 @@
+<?php
+
+/**
+* ownCloud app for using your OwnCloud on the unhosted web
+*
+* @author Michiel de Jong
+* Some parts are from the files_publiclink app, and thus:
+* @copyright 2010 Robin Appelman icewind1991@gmail.com
+*
+* This library is free software; you can redistribute it and/or
+* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
+* License as published by the Free Software Foundation; either
+* version 3 of the License, or any later version.
+*
+* This library is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
+*
+* You should have received a copy of the GNU Affero General Public
+* License along with this library.  If not, see <http://www.gnu.org/licenses/>.
+*
+*/
+
+
+// Init owncloud
+require_once('../../lib/base.php');
+require_once( 'lib_unhosted.php' );
+require( 'template.php' );
+
+// Check if we are a user
+if( !OC_USER::isLoggedIn()){
+//var_export($_COOKIE);
+//var_export($_SESSION);
+//die('get a cookie!');
+	header( "Location: ".OC_HELPER::linkTo( "index.php" ));
+	exit();
+}
+
+OC_APP::setActiveNavigationEntry( "unhosted_web_administration" );
+
+OC_UTIL::addStyle( 'unhosted_web', 'admin' );
+OC_UTIL::addScript( 'unhosted_web', 'admin' );
+
+// return template
+$tmpl = new OC_TEMPLATE( "unhosted_web", "admin", "admin" );
+$tmpl->assign( 'tokens', OC_UnhostedWeb::getAllTokens());
+$tmpl->printPage();
+
+?>

apps/core_unhosted/ajax/deletetoken.php

@@ -0,0 +1,12 @@
+<?php
+$RUNTIME_NOAPPS=true; //no need to load the apps
+
+require_once '../../../lib/base.php';
+
+require_once '../lib_unhosted.php';
+
+$token=$_GET['token'];
+if(OC_User::isLoggedIn()) {
+	OC_UnhostedWeb::deleteToken($token);
+}
+?>

apps/core_unhosted/ajax/link.php

@@ -0,0 +1,49 @@
+<?php
+// We send json data
+header( "Content-Type: application/jsonrequest" );
+header("Access-Control-Allow-Origin: https://myfavouritesandwich.org");
+header('Access-Control-Max-Age: 3600');
+header('Access-Control-Allow-Methods: OPTIONS, POST');
+
+try {
+	if($_POST['secret'] && $_POST['userAddress'] && $_POST['dataScope'] && $_POST['secret']=='XRlc2FuZHdpY2gub3JnIiwiZW1haWwiOiJhc2RmYXNkZkB1b') {
+		// Init owncloud
+		require_once('../../../lib/base.php');
+		require_once('../lib_unhosted.php');
+
+		$ownCloudDetails = array(
+			'url' => 'https://myfavouritesandwich.org:444/',
+			'usr' => $_POST['userAddress'],//this is not necessarily the case, you could also use one owncloud user and many user addresses on it
+			'pwd' => OC_User::generatePassword(),
+			);
+		$storage = array(
+			'dataScope' => $_POST['dataScope'],
+			'storageType' => 'http://unhosted.org/spec/dav/0.1',
+			'davUrl' => 'https://myfavouritesandwich.org:444/apps/unhosted_web/compat.php/'.$ownCloudDetails['usr'].'/unhosted/',
+			'userAddress' => $_POST['userAddress'],//here, it refers to the user sent to DAV in the basic auth
+			);
+		if(OC_User::userExists($ownCloudDetails['usr'])){
+			$message = 'account reopened';
+			$result = OC_User::setPassword($ownCloudDetails['usr'], $ownCloudDetails['pwd']);
+		} else {
+			$message = 'account created';
+			$result = OC_User::createUser($ownCloudDetails['usr'], $ownCloudDetails['pwd']);
+		}
+		if($result) {
+			$storage['davToken'] = OC_UnhostedWeb::createDataScope(
+				'https://myfavouritesandwich.org/',
+				$ownCloudDetails['usr'], $storage['dataScope']);
+			echo json_encode(array('ownCloudDetails' => $ownCloudDetails, 'storage' => $storage));
+			exit();
+		} else {
+			echo json_encode( array( "status" => "error", "data" => "couldn't ", "ownCloudDetails" => $ownCloudDetails));
+			exit();
+		}
+	} else {
+		echo json_encode( array( "status" => "error", "data" => "post not ok"));
+	}	
+} catch(Exception $e) {
+	echo json_encode( array( "status" => "error", "data" => $e));
+}
+echo json_encode( array( "status" => "error", "data" => array( "message" => "Computer says 'no'" )));
+?>

apps/core_unhosted/appinfo/database.xml

@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="ISO-8859-1" ?>
+<database>
+	 <name>*dbname*</name>
+	 <create>true</create>
+	 <overwrite>false</overwrite>
+	 <charset>latin1</charset>
+	 <table>
+		<name>*dbprefix*authtoken</name>
+		<declaration>
+			<field>
+				<name>token</name>
+				<type>text</type>
+				<default></default>
+				<notnull>true</notnull>
+				<length>40</length>
+			</field>
+			<field>
+				<name>appUrl</name>
+				<type>text</type>
+				<default></default>
+				<notnull>true</notnull>
+				<length>128</length>
+			</field>
+			<field>
+				<name>user</name>
+				<type>text</type>
+				<default></default>
+				<notnull>true</notnull>
+				<length>64</length>
+			 </field>
+			<field>
+				<name>dataScope</name>
+				<type>text</type>
+				<default></default>
+				<notnull>true</notnull>
+				<length>64</length>
+			 </field>
+			<field>
+				<name>userAddress</name>
+				<type>text</type>
+				<default></default>
+				<notnull>true</notnull>
+				<length>64</length>
+			 </field>
+			<index>
+				<name>a_app_unhostedweb_user</name>
+				<unique>true</unique>
+				<field>
+					<name>user</name>
+					<sorting>ascending</sorting>
+				</field>
+				<field>
+					<name>token</name>
+					<sorting>ascending</sorting>
+				</field>
+			</index>
+		</declaration>
+	</table>
+</database>

apps/core_unhosted/appinfo/info.xml

@@ -0,0 +1,10 @@
+<?xml version="1.0"?>
+<info>
+	<id>core_unhosted</id>
+	<name>Unhosted Web</name>
+	<description>On websites that allow unhosted accounts, use your owncloud as the storage for your user data</description>
+	<version>0.1</version>
+	<licence>AGPL</licence>
+	<author>Michiel de Jong</author>
+	<require>2</require>
+</info>

apps/core_unhosted/compat.php

@@ -0,0 +1,110 @@
+<?php
+
+/**
+* ownCloud
+*
+* Original:
+* @author Frank Karlitschek
+* @copyright 2010 Frank Karlitschek karlitschek@kde.org
+* 
+* Adapted:
+* @author Michiel de Jong, 2011
+*
+* This library is free software; you can redistribute it and/or
+* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
+* License as published by the Free Software Foundation; either
+* version 3 of the License, or any later version.
+*
+* This library is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
+*
+* You should have received a copy of the GNU Affero General Public
+* License along with this library.  If not, see <http://www.gnu.org/licenses/>.
+*
+*/
+
+
+// Do not load FS ...
+$RUNTIME_NOSETUPFS = true;
+
+require_once('../../lib/base.php');
+require_once('Sabre/autoload.php');
+require_once('lib_unhosted.php');
+require_once('oauth_ro_auth.php');
+
+ini_set('default_charset', 'UTF-8');
+#ini_set('error_reporting', '');
+@ob_clean();
+
+//allow use as unhosted storage for other websites
+if(isset($_SERVER['HTTP_ORIGIN'])) {
+	header('Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN']);
+	header('Access-Control-Max-Age: 3600');
+	header('Access-Control-Allow-Methods: OPTIONS, GET, PUT, DELETE, PROPFIND');
+  	header('Access-Control-Allow-Headers: Authorization');
+} else {
+	header('Access-Control-Allow-Origin: *');
+}
+
+$path = substr($_SERVER["REQUEST_URI"], strlen($_SERVER["SCRIPT_NAME"]));
+$pathParts =  explode('/', $path);
+// for webdav:
+// 0/     1       /   2    /   3  /   4     /    5     /   6     / 7
+//  /$ownCloudUser/unhosted/webdav/$userHost/$userName/$dataScope/$key
+// for oauth:
+// 0/      1      /  2     /  3  / 4
+//  /$ownCloudUser/unhosted/oauth/auth
+
+if(count($pathParts) >= 8 && $pathParts[0] == '' && $pathParts[2] == 'unhosted' && $pathParts[3] == 'webdav') {
+	list($dummy0, $ownCloudUser, $dummy2, $dummy3, $userHost, $userName, $dataScope) = $pathParts;
+
+	OC_Util::setupFS($ownCloudUser);
+
+	// Create ownCloud Dir
+	$publicDir = new OC_Connector_Sabre_Directory('');
+	$server = new Sabre_DAV_Server($publicDir);
+
+	// Path to our script
+	$server->setBaseUri("$WEBROOT/apps/core_unhosted/compat.php/$ownCloudUser");
+
+	// Auth backend
+	$authBackend = new OC_Connector_Sabre_Auth_ro_oauth(OC_UnhostedWeb::getValidTokens($ownCloudUser, $userName.'@'.$userHost, $dataScope));
+
+	$authPlugin = new Sabre_DAV_Auth_Plugin($authBackend,'ownCloud');//should use $validTokens here
+	$server->addPlugin($authPlugin);
+
+	// Also make sure there is a 'data' directory, writable by the server. This directory is used to store information about locks
+	$lockBackend = new OC_Connector_Sabre_Locks();
+	$lockPlugin = new Sabre_DAV_Locks_Plugin($lockBackend);
+	$server->addPlugin($lockPlugin);
+
+	// And off we go!
+	$server->exec();
+} else if(count($pathParts) >= 4 && $pathParts[0] == '' && $pathParts[2] == 'unhosted' && $pathParts[3] == 'oauth2' && $pathParts[4] = 'auth') {
+	if(isset($_POST['allow'])) {
+		//TODO: input checking. these explodes may fail to produces the desired arrays:
+		$ownCloudUser = $pathParts[1];
+		foreach($_GET as $k => $v) {
+			if($k=='user_address'){
+				$userAddress=$v;
+			} else if($k=='redirect_uri'){
+				$appUrl=$v;
+			} else if($k=='scope'){
+				$dataScope=$v;
+			}
+		}
+		if(OC_User::getUser() == $ownCloudUser) {
+			//TODO: check if this can be faked by editing the cookie in firebug!
+			$token=OC_UnhostedWeb::createDataScope($appUrl, $userAddress, $dataScope);
+			header('Location: '.$_GET['redirect_uri'].'#access_token='.$token.'&token_type=unhosted');
+		} else {
+			die('not logged in: '.var_export($pathParts, true));
+		}
+	} else {
+		echo '<form method="POST"><input name="allow" type="submit" value="Allow this web app to store stuff on your owncloud."></form>';
+	}
+} else {
+	die('not webdav and not oauth. dont know what to do '.var_export($pathParts, true));
+}

apps/core_unhosted/css/admin.css

@@ -0,0 +1,2 @@
+td.path{min-width:200px}
+td.expire{width:120px}

apps/core_unhosted/js/admin.js

@@ -0,0 +1,16 @@
+$(document).ready(function() {
+	$("button.revoke").live('click', function( event ) {
+		event.preventDefault();
+		var token=$(this).attr('data-token');
+		var data="token="+token;
+		$.ajax({
+			type: 'GET',
+			url: 'ajax/deletetoken.php',
+			cache: false,
+			data: data,
+			success: function(){
+				$('#'+token).remove();
+			}
+		});
+	});
+});

apps/core_unhosted/lib_unhosted.php

@@ -0,0 +1,86 @@
+<?php
+
+class OC_UnhostedWeb {
+	public static function getValidTokens($ownCloudUser, $userAddress, $dataScope) {
+		$user=OC_DB::escape($ownCloudUser);
+		$userAddress=OC_DB::escape($userAddress);
+		$dataScope=OC_DB::escape($dataScope);
+		$query=OC_DB::prepare("SELECT token,appUrl FROM *PREFIX*authtoken WHERE user=? AND userAddress=? AND dataScope=? LIMIT 100");
+		$result=$query->execute(array($user,$userAddress,$dataScope));
+		if( PEAR::isError($result)) {
+			$entry = 'DB Error: "'.$result->getMessage().'"<br />';
+			$entry .= 'Offending command was: '.$result->getDebugInfo().'<br />';
+			error_log( $entry );
+			die( $entry );
+		}
+		$ret = array();
+		while($row=$result->fetchRow()){
+			$ret[$row['token']]=$userAddress;
+		}
+		return $ret;
+	}
+
+	public static function getAllTokens() {
+		$user=OC_User::getUser();
+		$query=OC_DB::prepare("SELECT token,appUrl,userAddress,dataScope FROM *PREFIX*authtoken WHERE user=? LIMIT 100");
+		$result=$query->execute(array($user));
+		if( PEAR::isError($result)) {
+			$entry = 'DB Error: "'.$result->getMessage().'"<br />';
+			$entry .= 'Offending command was: '.$result->getDebugInfo().'<br />';
+			error_log( $entry );
+			die( $entry );
+		}
+		$ret = array();
+		while($row=$result->fetchRow()){
+			$ret[$row['token']] = array(
+				'appUrl' => $row['appurl'],
+				'userAddress' => $row['useraddress'],
+				'dataScope' => $row['datascope'],
+			);
+		}
+		return $ret;
+	}
+
+	public static function deleteToken($token) {
+		$user=OC_User::getUser();
+		$token=OC_DB::escape($token);
+		$query=OC_DB::prepare("DELETE FROM *PREFIX*authtoken WHERE token=? AND user=?");
+		$result=$query->execute(array($token,$user));
+		if( PEAR::isError($result)) {
+			$entry = 'DB Error: "'.$result->getMessage().'"<br />';
+			$entry .= 'Offending command was: '.$result->getDebugInfo().'<br />';
+			error_log( $entry );
+			die( $entry );
+		}
+	}
+	private static function addToken($token, $appUrl, $userAddress, $dataScope){
+		$user=OC_User::getUser();
+		$token=OC_DB::escape($token);
+		$appUrl=OC_DB::escape($appUrl);
+		$userAddress=OC_DB::escape($userAddress);
+		$dataScope=OC_DB::escape($dataScope);
+		$query=OC_DB::prepare("INSERT INTO *PREFIX*authtoken (`token`,`appUrl`,`user`,`userAddress`,`dataScope`) VALUES(?,?,?,?,?)");
+		$result=$query->execute(array($token,$appUrl,$user,$userAddress,$dataScope));
+		if( PEAR::isError($result)) {
+			$entry = 'DB Error: "'.$result->getMessage().'"<br />';
+			$entry .= 'Offending command was: '.$result->getDebugInfo().'<br />';
+			error_log( $entry );
+			die( $entry );
+		}
+	}
+	public static function createDataScope($appUrl, $userAddress, $dataScope){
+		$token=uniqid();
+		self::addToken($token, $appUrl, $userAddress, $dataScope);
+		//TODO: input checking on $userAddress and $dataScope
+		list($userName, $userHost) = explode('@', $userAddress);
+		OC_Util::setupFS(OC_User::getUser());
+		$scopePathParts = array('unhosted', 'webdav', $userHost, $userName, $dataScope);
+		for($i=0;$i<=count($scopePathParts);$i++){
+			$thisPath = '/'.implode('/', array_slice($scopePathParts, 0, $i));
+			if(!OC_Filesystem::file_exists($thisPath)) {
+				OC_Filesystem::mkdir($thisPath);
+			}
+		}
+		return $token;
+	}
+}

apps/core_unhosted/oauth_ro_auth.php

@@ -0,0 +1,73 @@
+<?php
+/**
+ * HTTP Basic authentication backend class
+ *
+ * This class can be used by authentication objects wishing to use HTTP Basic
+ * Most of the digest logic is handled, implementors just need to worry about
+ * the validateUserPass method.
+ *
+ * @package Sabre
+ * @subpackage DAV
+ * @copyright Copyright (C) 2007-2011 Rooftop Solutions. All rights reserved.
+ * @author James David Low (http://jameslow.com/)
+ * @author Evert Pot (http://www.rooftopsolutions.nl/) 
+ * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License
+ */
+class OC_Connector_Sabre_Auth_ro_oauth extends Sabre_DAV_Auth_Backend_AbstractBasic {
+	private $validTokens;
+
+	public function __construct($validTokensArg) {
+		$this->validTokens = $validTokensArg;
+	}
+
+	/**
+	 * Validates a username and password
+	 *
+	 * This method should return true or false depending on if login
+	 * succeeded.
+	 *
+	 * @return bool
+	 */
+	protected function validateUserPass($username, $password){
+		//always give read-only:
+		if(in_array($_SERVER['REQUEST_METHOD'], array('GET', 'HEAD', 'OPTIONS'))) {
+			OC_Util::setUpFS();
+			return true;
+		} else if(isset($this->validTokens[$password]) && $this->validTokens[$password] == $username) {
+			OC_Util::setUpFS();
+			return true;
+		} else {
+var_export($_SERVER);
+var_export($this->validTokens);
+die('not getting in with "'.$username.'"/"'.$password.'"!');
+			return false;	
+		}
+	}
+
+	//overwriting this to make it not automatically fail if no auth header is found:
+	public function authenticate(Sabre_DAV_Server $server,$realm) {
+		$auth = new Sabre_HTTP_BasicAuth();
+		$auth->setHTTPRequest($server->httpRequest);
+		$auth->setHTTPResponse($server->httpResponse);
+		$auth->setRealm($realm);
+		$userpass = $auth->getUserPass();
+		if (!$userpass) {
+			if(in_array($_SERVER['REQUEST_METHOD'], array('GET', 'HEAD', 'OPTIONS'))) {
+				$userpass = array('', '');
+			} else {
+				$auth->requireLogin();
+				throw new Sabre_DAV_Exception_NotAuthenticated('No basic authentication headers were found');
+			}
+		}
+
+		// Authenticates the user
+		if (!$this->validateUserPass($userpass[0],$userpass[1])) {
+			$auth->requireLogin();
+			throw new Sabre_DAV_Exception_NotAuthenticated('Username or password does not match');
+		}
+		$this->currentUser = $userpass[0];
+		return true;
+	}
+
+} 
+

apps/core_unhosted/templates/admin.php

@@ -0,0 +1,19 @@
+<table id='tokenlist'>
+	<thead>
+		<tr>
+			<td class='appUrl'><?php echo $l->t( 'App-Url' ); ?></td>
+			<td class='userAddress'><?php echo $l->t( 'User-Address' ); ?></td>
+			<td class='token'><?php echo $l->t( 'Token' ); ?></td>
+		</tr>
+	</thead>
+	<tbody>
+		<?php foreach($_['tokens'] as $token=>$details):?>
+			<tr class='token' id='<?php echo $token;?>'>
+				<td class='appUrl'><?php echo $details['appUrl'];?></td>
+				<td class='userAddress'><?php echo $details['userAddress'];?></td>
+				<td class='token'><?php echo $token;?></td>
+				<td><button class='revoke fancybutton' data-token='<?php echo $token;?>'><?php echo $l->t( 'Revoke' ); ?></button></td>
+			</tr>
+		<?php endforeach;?>
+	</tbody>
+</table>

apps/core_unhosted/templates/breadcrumb.php

@@ -0,0 +1,4 @@
+	<a href="<?php echo link_to("files_publiclink", "get.php?token=".$_['token']); ?>"><img src="<?php echo image_path("", "actions/go-home.png"); ?>" alt="Root" /></a>
+	<?php foreach($_["breadcrumb"] as $crumb): ?>
+		<a href="<?php echo link_to("files_publiclink", "get.php?token=".$_['token']."&path=".$crumb["dir"]); ?>"><?php echo htmlspecialchars($crumb["name"]); ?></a>
+	<?php endforeach; ?>

apps/core_unhosted/templates/files.php

@@ -0,0 +1,9 @@
+		<?php foreach($_["files"] as $file): ?>
+			<tr>
+				<td class="selection"><input type="checkbox" /></td>
+				<td class="filename"><a style="background-image:url(<?php if($file["type"] == "dir") echo mimetype_icon("dir"); else echo mimetype_icon($file["mime"]); ?>)" href="<?php if($file["type"] == "dir") echo link_to("files_publiclink", "get.php?token=".$_['token']."&path=".$file["directory"]."/".$file["name"]); else echo link_to("files_publiclink", "get.php?token=".$_['token']."&path=".$file["directory"]."/".$file["name"]); ?>" title=""><?php echo htmlspecialchars($file["name"]); ?></a></td>
+				<td class="filesize"><?php echo human_file_size($file["size"]); ?></td>
+				<td class="date"><?php if($file["type"] != "dir") echo $file["date"]; ?></td>
+				<td class="fileaction"><a href="" title=""><img src="images/drop-arrow.png" alt="+" /></a></td>
+			</tr>
+		<?php endforeach; ?>