diff --git a/apps/remoteStorage/compat.php b/apps/remoteStorage/WebDAV.php
similarity index 53%
rename from apps/remoteStorage/compat.php
rename to apps/remoteStorage/WebDAV.php
index 445257320c..e048d19e8f 100644
--- a/apps/remoteStorage/compat.php
+++ b/apps/remoteStorage/WebDAV.php
@@ -52,14 +52,11 @@ if(isset($_SERVER['HTTP_ORIGIN'])) {
$path = substr($_SERVER["REQUEST_URI"], strlen($_SERVER["SCRIPT_NAME"]));
$pathParts = explode('/', $path);
// for webdav:
-// 0/ 1 / 2 / 3 / 4 / 5 / 6 / 7
-// /$ownCloudUser/remoteStorage/webdav/$userHost/$userName/$dataScope/$key
-// for oauth:
-// 0/ 1 / 2 / 3 / 4
-// /$ownCloudUser/remoteStorage/oauth/auth
+// 0/ 1 / 2 / 3...
+// /$ownCloudUser/remoteStorage/$category/
-if(count($pathParts) >= 8 && $pathParts[0] == '' && $pathParts[2] == 'remoteStorage' && $pathParts[3] == 'webdav') {
- list($dummy0, $ownCloudUser, $dummy2, $dummy3, $userHost, $userName, $dataScope) = $pathParts;
+if(count($pathParts) >= 3 && $pathParts[0] == '') {
+ list($dummy, $ownCloudUser, $dummy2, $category) = $pathParts;
OC_Util::setupFS($ownCloudUser);
@@ -68,10 +65,10 @@ if(count($pathParts) >= 8 && $pathParts[0] == '' && $pathParts[2] == 'remoteStor
$server = new Sabre_DAV_Server($publicDir);
// Path to our script
- $server->setBaseUri(OC::$WEBROOT."/apps/remoteStorage/compat.php/$ownCloudUser");
+ $server->setBaseUri(OC::$WEBROOT."/apps/remoteStorage/WebDAV.php/$ownCloudUser");
// Auth backend
- $authBackend = new OC_Connector_Sabre_Auth_ro_oauth(OC_remoteStorage::getValidTokens($ownCloudUser, $userName.'@'.$userHost, $dataScope));
+ $authBackend = new OC_Connector_Sabre_Auth_ro_oauth(OC_remoteStorage::getValidTokens($ownCloudUser, $category));
$authPlugin = new Sabre_DAV_Auth_Plugin($authBackend,'ownCloud');//should use $validTokens here
$server->addPlugin($authPlugin);
@@ -83,41 +80,6 @@ if(count($pathParts) >= 8 && $pathParts[0] == '' && $pathParts[2] == 'remoteStor
// And off we go!
$server->exec();
-} else if(count($pathParts) >= 4 && $pathParts[0] == '' && $pathParts[2] == 'remoteStorage' && $pathParts[3] == 'oauth2' && $pathParts[4] = 'auth') {
- if(isset($_POST['allow'])) {
- //TODO: input checking. these explodes may fail to produces the desired arrays:
- $ownCloudUser = $pathParts[1];
- foreach($_GET as $k => $v) {
- if($k=='user_address'){
- $userAddress=$v;
- } else if($k=='redirect_uri'){
- $appUrl=$v;
- } else if($k=='scope'){
- $dataScope=$v;
- }
- }
- if(OC_User::getUser() == $ownCloudUser) {
- //TODO: check if this can be faked by editing the cookie in firebug!
- $token=OC_remoteStorage::createDataScope($appUrl, $userAddress, $dataScope);
- header('Location: '.$_GET['redirect_uri'].'#access_token='.$token.'&token_type=remoteStorage');
- } else {
- if((isset($_SERVER['HTTPS'])) && ($_SERVER['HTTPS'])) {
- $url = "https://";
- } else {
- $url = "http://";
- }
- $url .= $_SERVER['SERVER_NAME'];
- $url .= substr($_SERVER['SCRIPT_NAME'], 0, -strlen('apps/remoteStorage/compat.php'));
- die('Please '
- .''
- .', close the pop-up, and '
- .'');
- }
- } else {
- echo '';
- }
} else {
- die('not webdav and not oauth. dont know what to do '.var_export($pathParts, true));
+ die('not the right address format '.var_export($pathParts, true));
}
diff --git a/apps/remoteStorage/appinfo/database.xml b/apps/remoteStorage/appinfo/database.xml
index b4e1ac7d8a..00ee494274 100644
--- a/apps/remoteStorage/appinfo/database.xml
+++ b/apps/remoteStorage/appinfo/database.xml
@@ -29,14 +29,7 @@
64
- dataScope
- text
-
- true
- 64
-
-
- userAddress
+ category
text
true
diff --git a/apps/remoteStorage/auth.php b/apps/remoteStorage/auth.php
new file mode 100644
index 0000000000..85421ba3d8
--- /dev/null
+++ b/apps/remoteStorage/auth.php
@@ -0,0 +1,100 @@
+.
+*
+*/
+
+
+// Do not load FS ...
+$RUNTIME_NOSETUPFS = true;
+
+require_once('../../lib/base.php');
+OC_Util::checkAppEnabled('remoteStorage');
+require_once('Sabre/autoload.php');
+require_once('lib_remoteStorage.php');
+require_once('oauth_ro_auth.php');
+
+ini_set('default_charset', 'UTF-8');
+#ini_set('error_reporting', '');
+@ob_clean();
+
+//allow use as remote storage for other websites
+if(isset($_SERVER['HTTP_ORIGIN'])) {
+ header('Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN']);
+ header('Access-Control-Max-Age: 3600');
+ header('Access-Control-Allow-Methods: OPTIONS, GET, PUT, DELETE, PROPFIND');
+ header('Access-Control-Allow-Headers: Authorization, Content-Type');
+} else {
+ header('Access-Control-Allow-Origin: *');
+}
+
+$path = substr($_SERVER["REQUEST_URI"], strlen($_SERVER["SCRIPT_NAME"]));
+$pathParts = explode('/', $path);
+// for webdav:
+// 0/ 1 / 2 / 3 / 4 / 5 / 6 / 7
+// /$ownCloudUser/remoteStorage/webdav/$userHost/$userName/$dataScope/$key
+// for oauth:
+// 0/ 1 / 2 / 3 / 4
+// /$ownCloudUser/remoteStorage/oauth/auth
+
+if(count($pathParts) == 2 && $pathParts[0] == '') {
+ //TODO: input checking. these explodes may fail to produces the desired arrays:
+ $subPathParts = explode('?', $pathParts[1]);
+ $ownCloudUser = $subPathParts[0];
+ foreach($_GET as $k => $v) {
+ if($k=='user_address'){
+ $userAddress=$v;
+ } else if($k=='redirect_uri'){
+ $appUrl=$v;
+ } else if($k=='scope'){
+ $category=$v;
+ }
+ }
+ $currUser = OC_User::getUser();
+ if($currUser == $ownCloudUser) {
+ if(isset($_POST['allow'])) {
+ //TODO: check if this can be faked by editing the cookie in firebug!
+ $token=OC_remoteStorage::createCategory($appUrl, $category);
+ header('Location: '.$_GET['redirect_uri'].'#access_token='.$token.'&token_type=bearer');
+ } else {
+ echo '';
+ }
+ } else {
+ if((isset($_SERVER['HTTPS'])) && ($_SERVER['HTTPS'])) {
+ $url = "https://";
+ } else {
+ $url = "http://";
+ }
+ $url .= $_SERVER['SERVER_NAME'];
+ $url .= substr($_SERVER['SCRIPT_NAME'], 0, -strlen('apps/remoteStorage/compat.php'));
+ die('You are '.($currUser?'logged in as '.$currUser.' instead of '.$ownCloudUser:'not logged in').'. Please '
+ .''
+ .', close the pop-up, and '
+ .'');
+ }
+} else {
+ die('please use auth.php/username?params. '.var_export($pathParts, true));
+}
diff --git a/apps/remoteStorage/lib_remoteStorage.php b/apps/remoteStorage/lib_remoteStorage.php
index 4bbadafe7d..4f19310904 100644
--- a/apps/remoteStorage/lib_remoteStorage.php
+++ b/apps/remoteStorage/lib_remoteStorage.php
@@ -1,26 +1,25 @@
execute(array($ownCloudUser,$userAddress,$dataScope));
+ public static function getValidTokens($ownCloudUser, $category) {
+ $query=OC_DB::prepare("SELECT token,appUrl FROM *PREFIX*authtoken WHERE user=? AND category=? LIMIT 100");
+ $result=$query->execute(array($ownCloudUser,$category));
$ret = array();
while($row=$result->fetchRow()){
- $ret[$row['token']]=$userAddress;
+ $ret[$row['token']]=true;
}
return $ret;
}
public static function getAllTokens() {
$user=OC_User::getUser();
- $query=OC_DB::prepare("SELECT token,appUrl,userAddress,dataScope FROM *PREFIX*authtoken WHERE user=? LIMIT 100");
+ $query=OC_DB::prepare("SELECT token,appUrl,category FROM *PREFIX*authtoken WHERE user=? LIMIT 100");
$result=$query->execute(array($user));
$ret = array();
while($row=$result->fetchRow()){
$ret[$row['token']] = array(
'appUrl' => $row['appurl'],
- 'userAddress' => $row['useraddress'],
- 'dataScope' => $row['datascope'],
+ 'category' => $row['category'],
);
}
return $ret;
@@ -31,24 +30,23 @@ class OC_remoteStorage {
$query=OC_DB::prepare("DELETE FROM *PREFIX*authtoken WHERE token=? AND user=?");
$result=$query->execute(array($token,$user));
}
- private static function addToken($token, $appUrl, $userAddress, $dataScope){
+ private static function addToken($token, $appUrl, $category){
$user=OC_User::getUser();
- $query=OC_DB::prepare("INSERT INTO *PREFIX*authtoken (`token`,`appUrl`,`user`,`userAddress`,`dataScope`) VALUES(?,?,?,?,?)");
- $result=$query->execute(array($token,$appUrl,$user,$userAddress,$dataScope));
+ $query=OC_DB::prepare("INSERT INTO *PREFIX*authtoken (`token`,`appUrl`,`user`,`category`) VALUES(?,?,?,?)");
+ $result=$query->execute(array($token,$appUrl,$user,$category));
}
- public static function createDataScope($appUrl, $userAddress, $dataScope){
+ public static function createCategory($appUrl, $category) {
$token=uniqid();
- self::addToken($token, $appUrl, $userAddress, $dataScope);
- //TODO: input checking on $userAddress and $dataScope
- list($userName, $userHost) = explode('@', $userAddress);
+ self::addToken($token, $appUrl, $category);
+ //TODO: input checking on $category
OC_Util::setupFS(OC_User::getUser());
- $scopePathParts = array('remoteStorage', 'webdav', $userHost, $userName, $dataScope);
+ $scopePathParts = array('remoteStorage', $category);
for($i=0;$i<=count($scopePathParts);$i++){
$thisPath = '/'.implode('/', array_slice($scopePathParts, 0, $i));
if(!OC_Filesystem::file_exists($thisPath)) {
OC_Filesystem::mkdir($thisPath);
}
}
- return $token;
+ return base64_encode('remoteStorage:'.$token);
}
}
diff --git a/apps/remoteStorage/oauth_ro_auth.php b/apps/remoteStorage/oauth_ro_auth.php
index b785d85fea..5403fbe20c 100644
--- a/apps/remoteStorage/oauth_ro_auth.php
+++ b/apps/remoteStorage/oauth_ro_auth.php
@@ -13,6 +13,7 @@
* @author Evert Pot (http://www.rooftopsolutions.nl/)
* @license http://code.google.com/p/sabredav/wiki/License Modified BSD License
*/
+
class OC_Connector_Sabre_Auth_ro_oauth extends Sabre_DAV_Auth_Backend_AbstractBasic {
private $validTokens;
@@ -52,7 +53,7 @@ die('not getting in with "'.$username.'"/"'.$password.'"!');
$auth->setRealm($realm);
$userpass = $auth->getUserPass();
if (!$userpass) {
- if(in_array($_SERVER['REQUEST_METHOD'], array('GET', 'HEAD', 'OPTIONS'))) {
+ if(in_array($_SERVER['REQUEST_METHOD'], array('OPTIONS'))) {
$userpass = array('', '');
} else {
$auth->requireLogin();
diff --git a/apps/user_webfinger/webfinger.php b/apps/user_webfinger/webfinger.php
index 349afaba50..d695a833f3 100644
--- a/apps/user_webfinger/webfinger.php
+++ b/apps/user_webfinger/webfinger.php
@@ -22,10 +22,20 @@ if($_GET['q']) {
if(substr($userName, 0, 5) == 'acct:') {
$userName = substr($userName, 5);
}
+if($_SERVER['HTTPS']) {
+ $baseAddress = 'https://'.$_SERVER['SERVER_NAME'].'/apps/remoteStorage/';
+} else {
+ $baseAddress = 'http://'.$_SERVER['SERVER_NAME'].'/apps/remoteStorage/';
+}
echo "<";
?>
?xml version="1.0" encoding="UTF-8"?>
-
+