mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #988 from nextcloud/ocs_federation 

Move OCSAuthAPI to AppFramework
This commit is contained in:
Morris Jobke 2016-08-30 08:49:05 +02:00 committed by GitHub
parent c481210e2b b6520827f7
commit dd2482e2c2
3 changed files with 82 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
apps/federation/appinfo/routes.php
View File

@ -41,8 +41,18 @@ $application->registerRoutes(
'url' => '/auto-add-servers', 'url' => '/auto-add-servers',
'verb' => 'POST' 'verb' => 'POST'
], ],
] ],
'ocs' => [
[
'name' => 'OCSAuthAPI#getSharedSecret',
'url' => '/api/v1/shared-secret',
'verb' => 'GET',
],
[
'name' => 'OCSAuthAPI#requestSharedSecret',
'url' => '/api/v1/request-shared-secret',
'verb' => 'POST',
],
],
] ]
); );
$application->registerOCSApi();

60
apps/federation/lib/API/OCSAuthAPI.php → apps/federation/lib/Controller/OCSAuthAPIController.php
View File

@ -25,11 +25,13 @@
*/ */
namespace OCA\Federation\API; namespace OCA\Federation\Controller;
use OCA\Federation\DbHandler; use OCA\Federation\DbHandler;
use OCA\Federation\TrustedServers; use OCA\Federation\TrustedServers;
use OCP\AppFramework\Http; use OCP\AppFramework\Http;
use OCP\AppFramework\OCS\OCSForbiddenException;
use OCP\AppFramework\OCSController;
use OCP\BackgroundJob\IJobList; use OCP\BackgroundJob\IJobList;
use OCP\ILogger; use OCP\ILogger;
use OCP\IRequest; use OCP\IRequest;
@ -40,12 +42,9 @@ use OCP\Security\ISecureRandom;
* *
* OCS API end-points to exchange shared secret between two connected ownClouds * OCS API end-points to exchange shared secret between two connected ownClouds
* *
* @package OCA\Federation\API * @package OCA\Federation\Controller
*/ */
class OCSAuthAPI { class OCSAuthAPIController extends OCSController{
/** @var IRequest */
private $request;
/** @var ISecureRandom */ /** @var ISecureRandom */
private $secureRandom; private $secureRandom;
@ -65,6 +64,7 @@ class OCSAuthAPI {
/** /**
* OCSAuthAPI constructor. * OCSAuthAPI constructor.
* *
* @param string $appName
* @param IRequest $request * @param IRequest $request
* @param ISecureRandom $secureRandom * @param ISecureRandom $secureRandom
* @param IJobList $jobList * @param IJobList $jobList
@ -73,6 +73,7 @@ class OCSAuthAPI {
* @param ILogger $logger * @param ILogger $logger
*/ */
public function __construct( public function __construct(
$appName,
IRequest $request, IRequest $request,
ISecureRandom $secureRandom, ISecureRandom $secureRandom,
IJobList $jobList, IJobList $jobList,
@ -80,7 +81,8 @@ class OCSAuthAPI {
DbHandler $dbHandler, DbHandler $dbHandler,
ILogger $logger ILogger $logger
) { ) {
$this->request = $request; parent::__construct($appName, $request);
$this->secureRandom = $secureRandom; $this->secureRandom = $secureRandom;
$this->jobList = $jobList; $this->jobList = $jobList;
$this->trustedServers = $trustedServers; $this->trustedServers = $trustedServers;
@ -89,18 +91,20 @@ class OCSAuthAPI {
} }
/** /**
* @NoCSRFRequired
* @PublicPage
*
* request received to ask remote server for a shared secret * request received to ask remote server for a shared secret
* *
* @return \OC_OCS_Result * @param string $url
* @param string $token
* @return Http\DataResponse
* @throws OCSForbiddenException
*/ */
public function requestSharedSecret() { public function requestSharedSecret($url, $token) {
$url = $this->request->getParam('url');
$token = $this->request->getParam('token');
if ($this->trustedServers->isTrustedServer($url) === false) { if ($this->trustedServers->isTrustedServer($url) === false) {
$this->logger->error('remote server not trusted (' . $url . ') while requesting shared secret', ['app' => 'federation']); $this->logger->error('remote server not trusted (' . $url . ') while requesting shared secret', ['app' => 'federation']);
return new \OC_OCS_Result(null, HTTP::STATUS_FORBIDDEN); throw new OCSForbiddenException();
} }
// if both server initiated the exchange of the shared secret the greater // if both server initiated the exchange of the shared secret the greater
@ -111,7 +115,7 @@ class OCSAuthAPI {
'remote server (' . $url . ') presented lower token. We will initiate the exchange of the shared secret.', 'remote server (' . $url . ') presented lower token. We will initiate the exchange of the shared secret.',
['app' => 'federation'] ['app' => 'federation']
); );
return new \OC_OCS_Result(null, HTTP::STATUS_FORBIDDEN); throw new OCSForbiddenException();
} }
// we ask for the shared secret so we no longer have to ask the other server // we ask for the shared secret so we no longer have to ask the other server
@ -131,23 +135,24 @@ class OCSAuthAPI {
] ]
); );
return new \OC_OCS_Result(null, Http::STATUS_OK); return new Http\DataResponse();
} }
/** /**
* @NoCSRFRequired
* @PublicPage
*
* create shared secret and return it * create shared secret and return it
* *
* @return \OC_OCS_Result * @param string $url
* @param string $token
* @return Http\DataResponse
* @throws OCSForbiddenException
*/ */
public function getSharedSecret() { public function getSharedSecret($url, $token) {
$url = $this->request->getParam('url');
$token = $this->request->getParam('token');
if ($this->trustedServers->isTrustedServer($url) === false) { if ($this->trustedServers->isTrustedServer($url) === false) {
$this->logger->error('remote server not trusted (' . $url . ') while getting shared secret', ['app' => 'federation']); $this->logger->error('remote server not trusted (' . $url . ') while getting shared secret', ['app' => 'federation']);
return new \OC_OCS_Result(null, HTTP::STATUS_FORBIDDEN); throw new OCSForbiddenException();
} }
if ($this->isValidToken($url, $token) === false) { if ($this->isValidToken($url, $token) === false) {
@ -156,7 +161,7 @@ class OCSAuthAPI {
'remote server (' . $url . ') didn\'t send a valid token (got "' . $token . '" but expected "'. $expectedToken . '") while getting shared secret', 'remote server (' . $url . ') didn\'t send a valid token (got "' . $token . '" but expected "'. $expectedToken . '") while getting shared secret',
['app' => 'federation'] ['app' => 'federation']
); );
return new \OC_OCS_Result(null, HTTP::STATUS_FORBIDDEN); throw new OCSForbiddenException();
} }
$sharedSecret = $this->secureRandom->generate(32); $sharedSecret = $this->secureRandom->generate(32);
@ -165,8 +170,9 @@ class OCSAuthAPI {
// reset token after the exchange of the shared secret was successful // reset token after the exchange of the shared secret was successful
$this->dbHandler->addToken($url, ''); $this->dbHandler->addToken($url, '');
return new \OC_OCS_Result(['sharedSecret' => $sharedSecret], Http::STATUS_OK); return new Http\DataResponse([
'sharedSecret' => $sharedSecret
]);
} }
protected function isValidToken($url, $token) { protected function isValidToken($url, $token) {

70
apps/federation/tests/API/OCSAuthAPITest.php → apps/federation/tests/Controller/OCSAuthAPIControllerTest.php
View File

@ -22,20 +22,21 @@
*/ */
namespace OCA\Federation\Tests\API; namespace OCA\Federation\Tests\Controller;
use OC\BackgroundJob\JobList; use OC\BackgroundJob\JobList;
use OCA\Federation\API\OCSAuthAPI; use OCA\Federation\Controller\OCSAuthAPIController;
use OCA\Federation\DbHandler; use OCA\Federation\DbHandler;
use OCA\Federation\TrustedServers; use OCA\Federation\TrustedServers;
use OCP\AppFramework\Http; use OCP\AppFramework\Http;
use OCP\AppFramework\OCS\OCSForbiddenException;
use OCP\ILogger; use OCP\ILogger;
use OCP\IRequest; use OCP\IRequest;
use OCP\Security\ISecureRandom; use OCP\Security\ISecureRandom;
use Test\TestCase; use Test\TestCase;
class OCSAuthAPITest extends TestCase { class OCSAuthAPIControllerTest extends TestCase {
/** @var \PHPUnit_Framework_MockObject_MockObject | IRequest */ /** @var \PHPUnit_Framework_MockObject_MockObject | IRequest */
private $request; private $request;
@ -55,14 +56,14 @@ class OCSAuthAPITest extends TestCase {
/** @var \PHPUnit_Framework_MockObject_MockObject | ILogger */ /** @var \PHPUnit_Framework_MockObject_MockObject | ILogger */
private $logger; private $logger;
/** @var OCSAuthApi */ /** @var OCSAuthAPIController */
private $ocsAuthApi; private $ocsAuthApi;
public function setUp() { public function setUp() {
parent::setUp(); parent::setUp();
$this->request = $this->getMock('OCP\IRequest'); $this->request = $this->getMockBuilder('OCP\IRequest')->getMock();
$this->secureRandom = $this->getMock('OCP\Security\ISecureRandom'); $this->secureRandom = $this->getMockBuilder('OCP\Security\ISecureRandom')->getMock();
$this->trustedServers = $this->getMockBuilder('OCA\Federation\TrustedServers') $this->trustedServers = $this->getMockBuilder('OCA\Federation\TrustedServers')
->disableOriginalConstructor()->getMock(); ->disableOriginalConstructor()->getMock();
$this->dbHandler = $this->getMockBuilder('OCA\Federation\DbHandler') $this->dbHandler = $this->getMockBuilder('OCA\Federation\DbHandler')
@ -72,7 +73,8 @@ class OCSAuthAPITest extends TestCase {
$this->logger = $this->getMockBuilder('OCP\ILogger') $this->logger = $this->getMockBuilder('OCP\ILogger')
->disableOriginalConstructor()->getMock(); ->disableOriginalConstructor()->getMock();
$this->ocsAuthApi = new OCSAuthAPI( $this->ocsAuthApi = new OCSAuthAPIController(
'federation',
$this->request, $this->request,
$this->secureRandom, $this->secureRandom,
$this->jobList, $this->jobList,
@ -89,21 +91,19 @@ class OCSAuthAPITest extends TestCase {
* @param string $token * @param string $token
* @param string $localToken * @param string $localToken
* @param bool $isTrustedServer * @param bool $isTrustedServer
* @param int $expected * @param bool $ok
*/ */
public function testRequestSharedSecret($token, $localToken, $isTrustedServer, $expected) { public function testRequestSharedSecret($token, $localToken, $isTrustedServer, $ok) {
$url = 'url'; $url = 'url';
$this->request->expects($this->at(0))->method('getParam')->with('url')->willReturn($url);
$this->request->expects($this->at(1))->method('getParam')->with('token')->willReturn($token);
$this->trustedServers $this->trustedServers
->expects($this->once()) ->expects($this->once())
->method('isTrustedServer')->with($url)->willReturn($isTrustedServer); ->method('isTrustedServer')->with($url)->willReturn($isTrustedServer);
$this->dbHandler->expects($this->any()) $this->dbHandler->expects($this->any())
->method('getToken')->with($url)->willReturn($localToken); ->method('getToken')->with($url)->willReturn($localToken);
if ($expected === Http::STATUS_OK) { if ($ok) {
$this->jobList->expects($this->once())->method('add') $this->jobList->expects($this->once())->method('add')
->with('OCA\Federation\BackgroundJob\GetSharedSecret', ['url' => $url, 'token' => $token]); ->with('OCA\Federation\BackgroundJob\GetSharedSecret', ['url' => $url, 'token' => $token]);
$this->jobList->expects($this->once())->method('remove') $this->jobList->expects($this->once())->method('remove')
@ -113,15 +113,19 @@ class OCSAuthAPITest extends TestCase {
$this->jobList->expects($this->never())->method('remove'); $this->jobList->expects($this->never())->method('remove');
} }
$result = $this->ocsAuthApi->requestSharedSecret(); try {
$this->assertSame($expected, $result->getStatusCode()); $this->ocsAuthApi->requestSharedSecret($url, $token);
$this->assertTrue($ok);
} catch (OCSForbiddenException $e) {
$this->assertFalse($ok);
}
} }
public function dataTestRequestSharedSecret() { public function dataTestRequestSharedSecret() {
return [ return [
['token2', 'token1', true, Http::STATUS_OK], ['token2', 'token1', true, true],
['token1', 'token2', false, Http::STATUS_FORBIDDEN], ['token1', 'token2', false, false],
['token1', 'token2', true, Http::STATUS_FORBIDDEN], ['token1', 'token2', true, false],
]; ];
} }
@ -130,20 +134,18 @@ class OCSAuthAPITest extends TestCase {
* *
* @param bool $isTrustedServer * @param bool $isTrustedServer
* @param bool $isValidToken * @param bool $isValidToken
* @param int $expected * @param bool $ok
*/ */
public function testGetSharedSecret($isTrustedServer, $isValidToken, $expected) { public function testGetSharedSecret($isTrustedServer, $isValidToken, $ok) {
$url = 'url'; $url = 'url';
$token = 'token'; $token = 'token';
$this->request->expects($this->at(0))->method('getParam')->with('url')->willReturn($url); /** @var OCSAuthAPIController | \PHPUnit_Framework_MockObject_MockObject $ocsAuthApi */
$this->request->expects($this->at(1))->method('getParam')->with('token')->willReturn($token); $ocsAuthApi = $this->getMockBuilder('OCA\Federation\Controller\OCSAuthAPIController')
/** @var OCSAuthAPI | \PHPUnit_Framework_MockObject_MockObject $ocsAuthApi */
$ocsAuthApi = $this->getMockBuilder('OCA\Federation\API\OCSAuthAPI')
->setConstructorArgs( ->setConstructorArgs(
[ [
'federation',
$this->request, $this->request,
$this->secureRandom, $this->secureRandom,
$this->jobList, $this->jobList,
@ -159,7 +161,7 @@ class OCSAuthAPITest extends TestCase {
$ocsAuthApi->expects($this->any()) $ocsAuthApi->expects($this->any())
->method('isValidToken')->with($url, $token)->willReturn($isValidToken); ->method('isValidToken')->with($url, $token)->willReturn($isValidToken);
if($expected === Http::STATUS_OK) { if($ok) {
$this->secureRandom->expects($this->once())->method('generate')->with(32) $this->secureRandom->expects($this->once())->method('generate')->with(32)
->willReturn('secret'); ->willReturn('secret');
$this->trustedServers->expects($this->once()) $this->trustedServers->expects($this->once())
@ -173,22 +175,22 @@ class OCSAuthAPITest extends TestCase {
$this->dbHandler->expects($this->never())->method('addToken'); $this->dbHandler->expects($this->never())->method('addToken');
} }
$result = $ocsAuthApi->getSharedSecret(); try {
$result = $ocsAuthApi->getSharedSecret($url, $token);
$this->assertSame($expected, $result->getStatusCode()); $this->assertTrue($ok);
if ($expected === Http::STATUS_OK) {
$data = $result->getData(); $data = $result->getData();
$this->assertSame('secret', $data['sharedSecret']); $this->assertSame('secret', $data['sharedSecret']);
} catch (OCSForbiddenException $e) {
$this->assertFalse($ok);
} }
} }
public function dataTestGetSharedSecret() { public function dataTestGetSharedSecret() {
return [ return [
[true, true, Http::STATUS_OK], [true, true, true],
[false, true, Http::STATUS_FORBIDDEN], [false, true, false],
[true, false, Http::STATUS_FORBIDDEN], [true, false, false],
[false, false, Http::STATUS_FORBIDDEN], [false, false, false],
]; ];
} }