From b9e6f5e42d54fc91205f03f4b19bbf313278f476 Mon Sep 17 00:00:00 2001 From: Michiel de Jong Date: Wed, 7 Dec 2011 21:51:47 +0700 Subject: [PATCH] compliance with http://www.w3.org/community/unhosted/wiki/remoteStorage --- apps/remoteStorage/{compat.php => WebDAV.php} | 52 ++------- apps/remoteStorage/appinfo/database.xml | 9 +- apps/remoteStorage/auth.php | 100 ++++++++++++++++++ apps/remoteStorage/lib_remoteStorage.php | 30 +++--- apps/remoteStorage/oauth_ro_auth.php | 3 +- apps/user_webfinger/webfinger.php | 12 ++- 6 files changed, 135 insertions(+), 71 deletions(-) rename apps/remoteStorage/{compat.php => WebDAV.php} (53%) create mode 100644 apps/remoteStorage/auth.php diff --git a/apps/remoteStorage/compat.php b/apps/remoteStorage/WebDAV.php similarity index 53% rename from apps/remoteStorage/compat.php rename to apps/remoteStorage/WebDAV.php index 445257320c..e048d19e8f 100644 --- a/apps/remoteStorage/compat.php +++ b/apps/remoteStorage/WebDAV.php @@ -52,14 +52,11 @@ if(isset($_SERVER['HTTP_ORIGIN'])) { $path = substr($_SERVER["REQUEST_URI"], strlen($_SERVER["SCRIPT_NAME"])); $pathParts = explode('/', $path); // for webdav: -// 0/ 1 / 2 / 3 / 4 / 5 / 6 / 7 -// /$ownCloudUser/remoteStorage/webdav/$userHost/$userName/$dataScope/$key -// for oauth: -// 0/ 1 / 2 / 3 / 4 -// /$ownCloudUser/remoteStorage/oauth/auth +// 0/ 1 / 2 / 3... +// /$ownCloudUser/remoteStorage/$category/ -if(count($pathParts) >= 8 && $pathParts[0] == '' && $pathParts[2] == 'remoteStorage' && $pathParts[3] == 'webdav') { - list($dummy0, $ownCloudUser, $dummy2, $dummy3, $userHost, $userName, $dataScope) = $pathParts; +if(count($pathParts) >= 3 && $pathParts[0] == '') { + list($dummy, $ownCloudUser, $dummy2, $category) = $pathParts; OC_Util::setupFS($ownCloudUser); @@ -68,10 +65,10 @@ if(count($pathParts) >= 8 && $pathParts[0] == '' && $pathParts[2] == 'remoteStor $server = new Sabre_DAV_Server($publicDir); // Path to our script - $server->setBaseUri(OC::$WEBROOT."/apps/remoteStorage/compat.php/$ownCloudUser"); + $server->setBaseUri(OC::$WEBROOT."/apps/remoteStorage/WebDAV.php/$ownCloudUser"); // Auth backend - $authBackend = new OC_Connector_Sabre_Auth_ro_oauth(OC_remoteStorage::getValidTokens($ownCloudUser, $userName.'@'.$userHost, $dataScope)); + $authBackend = new OC_Connector_Sabre_Auth_ro_oauth(OC_remoteStorage::getValidTokens($ownCloudUser, $category)); $authPlugin = new Sabre_DAV_Auth_Plugin($authBackend,'ownCloud');//should use $validTokens here $server->addPlugin($authPlugin); @@ -83,41 +80,6 @@ if(count($pathParts) >= 8 && $pathParts[0] == '' && $pathParts[2] == 'remoteStor // And off we go! $server->exec(); -} else if(count($pathParts) >= 4 && $pathParts[0] == '' && $pathParts[2] == 'remoteStorage' && $pathParts[3] == 'oauth2' && $pathParts[4] = 'auth') { - if(isset($_POST['allow'])) { - //TODO: input checking. these explodes may fail to produces the desired arrays: - $ownCloudUser = $pathParts[1]; - foreach($_GET as $k => $v) { - if($k=='user_address'){ - $userAddress=$v; - } else if($k=='redirect_uri'){ - $appUrl=$v; - } else if($k=='scope'){ - $dataScope=$v; - } - } - if(OC_User::getUser() == $ownCloudUser) { - //TODO: check if this can be faked by editing the cookie in firebug! - $token=OC_remoteStorage::createDataScope($appUrl, $userAddress, $dataScope); - header('Location: '.$_GET['redirect_uri'].'#access_token='.$token.'&token_type=remoteStorage'); - } else { - if((isset($_SERVER['HTTPS'])) && ($_SERVER['HTTPS'])) { - $url = "https://"; - } else { - $url = "http://"; - } - $url .= $_SERVER['SERVER_NAME']; - $url .= substr($_SERVER['SCRIPT_NAME'], 0, -strlen('apps/remoteStorage/compat.php')); - die('Please ' - .'' - .', close the pop-up, and ' - .'
'); - } - } else { - echo '
'; - } } else { - die('not webdav and not oauth. dont know what to do '.var_export($pathParts, true)); + die('not the right address format '.var_export($pathParts, true)); } diff --git a/apps/remoteStorage/appinfo/database.xml b/apps/remoteStorage/appinfo/database.xml index b4e1ac7d8a..00ee494274 100644 --- a/apps/remoteStorage/appinfo/database.xml +++ b/apps/remoteStorage/appinfo/database.xml @@ -29,14 +29,7 @@ 64 - dataScope - text - - true - 64 - - - userAddress + category text true diff --git a/apps/remoteStorage/auth.php b/apps/remoteStorage/auth.php new file mode 100644 index 0000000000..85421ba3d8 --- /dev/null +++ b/apps/remoteStorage/auth.php @@ -0,0 +1,100 @@ +. +* +*/ + + +// Do not load FS ... +$RUNTIME_NOSETUPFS = true; + +require_once('../../lib/base.php'); +OC_Util::checkAppEnabled('remoteStorage'); +require_once('Sabre/autoload.php'); +require_once('lib_remoteStorage.php'); +require_once('oauth_ro_auth.php'); + +ini_set('default_charset', 'UTF-8'); +#ini_set('error_reporting', ''); +@ob_clean(); + +//allow use as remote storage for other websites +if(isset($_SERVER['HTTP_ORIGIN'])) { + header('Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN']); + header('Access-Control-Max-Age: 3600'); + header('Access-Control-Allow-Methods: OPTIONS, GET, PUT, DELETE, PROPFIND'); + header('Access-Control-Allow-Headers: Authorization, Content-Type'); +} else { + header('Access-Control-Allow-Origin: *'); +} + +$path = substr($_SERVER["REQUEST_URI"], strlen($_SERVER["SCRIPT_NAME"])); +$pathParts = explode('/', $path); +// for webdav: +// 0/ 1 / 2 / 3 / 4 / 5 / 6 / 7 +// /$ownCloudUser/remoteStorage/webdav/$userHost/$userName/$dataScope/$key +// for oauth: +// 0/ 1 / 2 / 3 / 4 +// /$ownCloudUser/remoteStorage/oauth/auth + +if(count($pathParts) == 2 && $pathParts[0] == '') { + //TODO: input checking. these explodes may fail to produces the desired arrays: + $subPathParts = explode('?', $pathParts[1]); + $ownCloudUser = $subPathParts[0]; + foreach($_GET as $k => $v) { + if($k=='user_address'){ + $userAddress=$v; + } else if($k=='redirect_uri'){ + $appUrl=$v; + } else if($k=='scope'){ + $category=$v; + } + } + $currUser = OC_User::getUser(); + if($currUser == $ownCloudUser) { + if(isset($_POST['allow'])) { + //TODO: check if this can be faked by editing the cookie in firebug! + $token=OC_remoteStorage::createCategory($appUrl, $category); + header('Location: '.$_GET['redirect_uri'].'#access_token='.$token.'&token_type=bearer'); + } else { + echo '
'; + } + } else { + if((isset($_SERVER['HTTPS'])) && ($_SERVER['HTTPS'])) { + $url = "https://"; + } else { + $url = "http://"; + } + $url .= $_SERVER['SERVER_NAME']; + $url .= substr($_SERVER['SCRIPT_NAME'], 0, -strlen('apps/remoteStorage/compat.php')); + die('You are '.($currUser?'logged in as '.$currUser.' instead of '.$ownCloudUser:'not logged in').'. Please ' + .'' + .', close the pop-up, and ' + .'
'); + } +} else { + die('please use auth.php/username?params. '.var_export($pathParts, true)); +} diff --git a/apps/remoteStorage/lib_remoteStorage.php b/apps/remoteStorage/lib_remoteStorage.php index 4bbadafe7d..4f19310904 100644 --- a/apps/remoteStorage/lib_remoteStorage.php +++ b/apps/remoteStorage/lib_remoteStorage.php @@ -1,26 +1,25 @@ execute(array($ownCloudUser,$userAddress,$dataScope)); + public static function getValidTokens($ownCloudUser, $category) { + $query=OC_DB::prepare("SELECT token,appUrl FROM *PREFIX*authtoken WHERE user=? AND category=? LIMIT 100"); + $result=$query->execute(array($ownCloudUser,$category)); $ret = array(); while($row=$result->fetchRow()){ - $ret[$row['token']]=$userAddress; + $ret[$row['token']]=true; } return $ret; } public static function getAllTokens() { $user=OC_User::getUser(); - $query=OC_DB::prepare("SELECT token,appUrl,userAddress,dataScope FROM *PREFIX*authtoken WHERE user=? LIMIT 100"); + $query=OC_DB::prepare("SELECT token,appUrl,category FROM *PREFIX*authtoken WHERE user=? LIMIT 100"); $result=$query->execute(array($user)); $ret = array(); while($row=$result->fetchRow()){ $ret[$row['token']] = array( 'appUrl' => $row['appurl'], - 'userAddress' => $row['useraddress'], - 'dataScope' => $row['datascope'], + 'category' => $row['category'], ); } return $ret; @@ -31,24 +30,23 @@ class OC_remoteStorage { $query=OC_DB::prepare("DELETE FROM *PREFIX*authtoken WHERE token=? AND user=?"); $result=$query->execute(array($token,$user)); } - private static function addToken($token, $appUrl, $userAddress, $dataScope){ + private static function addToken($token, $appUrl, $category){ $user=OC_User::getUser(); - $query=OC_DB::prepare("INSERT INTO *PREFIX*authtoken (`token`,`appUrl`,`user`,`userAddress`,`dataScope`) VALUES(?,?,?,?,?)"); - $result=$query->execute(array($token,$appUrl,$user,$userAddress,$dataScope)); + $query=OC_DB::prepare("INSERT INTO *PREFIX*authtoken (`token`,`appUrl`,`user`,`category`) VALUES(?,?,?,?)"); + $result=$query->execute(array($token,$appUrl,$user,$category)); } - public static function createDataScope($appUrl, $userAddress, $dataScope){ + public static function createCategory($appUrl, $category) { $token=uniqid(); - self::addToken($token, $appUrl, $userAddress, $dataScope); - //TODO: input checking on $userAddress and $dataScope - list($userName, $userHost) = explode('@', $userAddress); + self::addToken($token, $appUrl, $category); + //TODO: input checking on $category OC_Util::setupFS(OC_User::getUser()); - $scopePathParts = array('remoteStorage', 'webdav', $userHost, $userName, $dataScope); + $scopePathParts = array('remoteStorage', $category); for($i=0;$i<=count($scopePathParts);$i++){ $thisPath = '/'.implode('/', array_slice($scopePathParts, 0, $i)); if(!OC_Filesystem::file_exists($thisPath)) { OC_Filesystem::mkdir($thisPath); } } - return $token; + return base64_encode('remoteStorage:'.$token); } } diff --git a/apps/remoteStorage/oauth_ro_auth.php b/apps/remoteStorage/oauth_ro_auth.php index b785d85fea..5403fbe20c 100644 --- a/apps/remoteStorage/oauth_ro_auth.php +++ b/apps/remoteStorage/oauth_ro_auth.php @@ -13,6 +13,7 @@ * @author Evert Pot (http://www.rooftopsolutions.nl/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ + class OC_Connector_Sabre_Auth_ro_oauth extends Sabre_DAV_Auth_Backend_AbstractBasic { private $validTokens; @@ -52,7 +53,7 @@ die('not getting in with "'.$username.'"/"'.$password.'"!'); $auth->setRealm($realm); $userpass = $auth->getUserPass(); if (!$userpass) { - if(in_array($_SERVER['REQUEST_METHOD'], array('GET', 'HEAD', 'OPTIONS'))) { + if(in_array($_SERVER['REQUEST_METHOD'], array('OPTIONS'))) { $userpass = array('', ''); } else { $auth->requireLogin(); diff --git a/apps/user_webfinger/webfinger.php b/apps/user_webfinger/webfinger.php index 349afaba50..d695a833f3 100644 --- a/apps/user_webfinger/webfinger.php +++ b/apps/user_webfinger/webfinger.php @@ -22,10 +22,20 @@ if($_GET['q']) { if(substr($userName, 0, 5) == 'acct:') { $userName = substr($userName, 5); } +if($_SERVER['HTTPS']) { + $baseAddress = 'https://'.$_SERVER['SERVER_NAME'].'/apps/remoteStorage/'; +} else { + $baseAddress = 'http://'.$_SERVER['SERVER_NAME'].'/apps/remoteStorage/'; +} echo "<"; ?> ?xml version="1.0" encoding="UTF-8"?> - +