Remove LockdownManager
Signed-off-by: Gary Kim <gary@garykim.dev>
This commit is contained in:
Gary Kim
parent
74e577876c
commit
e0565302f3
|
|
@ -62,7 +62,6 @@ namespace OC\Files;
|
|||
use OC\Cache\CappedMemoryCache;
|
||||
use OC\Files\Config\MountProviderCollection;
|
||||
use OC\Files\Mount\MountPoint;
|
||||
use OC\Lockdown\Filesystem\NullStorage;
|
||||
use OCP\Files\Config\IMountProvider;
|
||||
use OCP\Files\NotFoundException;
|
||||
use OCP\Files\Storage\IStorageFactory;
|
||||
|
|
|
|||
|
|
@ -1,125 +0,0 @@
|
|||
<?php
|
||||
/**
|
||||
* @copyright Copyright (c) 2016, Robin Appelman <robin@icewind.nl>
|
||||
*
|
||||
* @author Robin Appelman <robin@icewind.nl>
|
||||
*
|
||||
* @license GNU AGPL version 3 or any later version
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as
|
||||
* published by the Free Software Foundation, either version 3 of the
|
||||
* License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*
|
||||
*/
|
||||
|
||||
namespace OC\Lockdown\Filesystem;
|
||||
|
||||
use OC\Files\Cache\CacheEntry;
|
||||
use OCP\Constants;
|
||||
use OCP\Files\Cache\ICache;
|
||||
use OCP\Files\FileInfo;
|
||||
use OCP\Files\Search\ISearchQuery;
|
||||
|
||||
class NullCache implements ICache {
|
||||
public function getNumericStorageId() {
|
||||
return -1;
|
||||
}
|
||||
|
||||
public function get($file) {
|
||||
return $file !== '' ? null :
|
||||
new CacheEntry([
|
||||
'fileid' => -1,
|
||||
'parent' => -1,
|
||||
'name' => '',
|
||||
'path' => '',
|
||||
'size' => '0',
|
||||
'mtime' => time(),
|
||||
'storage_mtime' => time(),
|
||||
'etag' => '',
|
||||
'mimetype' => FileInfo::MIMETYPE_FOLDER,
|
||||
'mimepart' => 'httpd',
|
||||
'permissions' => Constants::PERMISSION_READ
|
||||
]);
|
||||
}
|
||||
|
||||
public function getFolderContents($folder) {
|
||||
return [];
|
||||
}
|
||||
|
||||
public function getFolderContentsById($fileId) {
|
||||
return [];
|
||||
}
|
||||
|
||||
public function put($file, array $data) {
|
||||
throw new \OC\ForbiddenException('This request is not allowed to access the filesystem');
|
||||
}
|
||||
|
||||
public function insert($file, array $data) {
|
||||
throw new \OC\ForbiddenException('This request is not allowed to access the filesystem');
|
||||
}
|
||||
|
||||
public function update($id, array $data) {
|
||||
throw new \OC\ForbiddenException('This request is not allowed to access the filesystem');
|
||||
}
|
||||
|
||||
public function getId($file) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
public function getParentId($file) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
public function inCache($file) {
|
||||
return $file === '';
|
||||
}
|
||||
|
||||
public function remove($file) {
|
||||
throw new \OC\ForbiddenException('This request is not allowed to access the filesystem');
|
||||
}
|
||||
|
||||
public function move($source, $target) {
|
||||
throw new \OC\ForbiddenException('This request is not allowed to access the filesystem');
|
||||
}
|
||||
|
||||
public function moveFromCache(ICache $sourceCache, $sourcePath, $targetPath) {
|
||||
throw new \OC\ForbiddenException('This request is not allowed to access the filesystem');
|
||||
}
|
||||
|
||||
public function getStatus($file) {
|
||||
return ICache::COMPLETE;
|
||||
}
|
||||
|
||||
public function search($pattern) {
|
||||
return [];
|
||||
}
|
||||
|
||||
public function searchByMime($mimetype) {
|
||||
return [];
|
||||
}
|
||||
|
||||
public function searchQuery(ISearchQuery $query) {
|
||||
return [];
|
||||
}
|
||||
|
||||
public function getIncomplete() {
|
||||
return [];
|
||||
}
|
||||
|
||||
public function getPathById($id) {
|
||||
return '';
|
||||
}
|
||||
|
||||
public function normalize($path) {
|
||||
return $path;
|
||||
}
|
||||
}
|
||||
|
|
@ -1,184 +0,0 @@
|
|||
<?php
|
||||
/**
|
||||
* @copyright Copyright (c) 2016, Robin Appelman <robin@icewind.nl>
|
||||
*
|
||||
* @author Lukas Reschke <lukas@statuscode.ch>
|
||||
* @author Robin Appelman <robin@icewind.nl>
|
||||
*
|
||||
* @license GNU AGPL version 3 or any later version
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as
|
||||
* published by the Free Software Foundation, either version 3 of the
|
||||
* License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*
|
||||
*/
|
||||
|
||||
namespace OC\Lockdown\Filesystem;
|
||||
|
||||
use Icewind\Streams\IteratorDirectory;
|
||||
use OC\Files\FileInfo;
|
||||
use OC\Files\Storage\Common;
|
||||
use OCP\Files\Storage\IStorage;
|
||||
|
||||
class NullStorage extends Common {
|
||||
public function __construct($parameters) {
|
||||
parent::__construct($parameters);
|
||||
}
|
||||
|
||||
public function getId() {
|
||||
return 'null';
|
||||
}
|
||||
|
||||
public function mkdir($path) {
|
||||
throw new \OC\ForbiddenException('This request is not allowed to access the filesystem');
|
||||
}
|
||||
|
||||
public function rmdir($path) {
|
||||
throw new \OC\ForbiddenException('This request is not allowed to access the filesystem');
|
||||
}
|
||||
|
||||
public function opendir($path) {
|
||||
return new IteratorDirectory([]);
|
||||
}
|
||||
|
||||
public function is_dir($path) {
|
||||
return $path === '';
|
||||
}
|
||||
|
||||
public function is_file($path) {
|
||||
return false;
|
||||
}
|
||||
|
||||
public function stat($path) {
|
||||
throw new \OC\ForbiddenException('This request is not allowed to access the filesystem');
|
||||
}
|
||||
|
||||
public function filetype($path) {
|
||||
return ($path === '') ? 'dir' : false;
|
||||
}
|
||||
|
||||
public function filesize($path) {
|
||||
throw new \OC\ForbiddenException('This request is not allowed to access the filesystem');
|
||||
}
|
||||
|
||||
public function isCreatable($path) {
|
||||
return false;
|
||||
}
|
||||
|
||||
public function isReadable($path) {
|
||||
return $path === '';
|
||||
}
|
||||
|
||||
public function isUpdatable($path) {
|
||||
return false;
|
||||
}
|
||||
|
||||
public function isDeletable($path) {
|
||||
return false;
|
||||
}
|
||||
|
||||
public function isSharable($path) {
|
||||
return false;
|
||||
}
|
||||
|
||||
public function getPermissions($path) {
|
||||
return null;
|
||||
}
|
||||
|
||||
public function file_exists($path) {
|
||||
return $path === '';
|
||||
}
|
||||
|
||||
public function filemtime($path) {
|
||||
return ($path === '') ? time() : false;
|
||||
}
|
||||
|
||||
public function file_get_contents($path) {
|
||||
throw new \OC\ForbiddenException('This request is not allowed to access the filesystem');
|
||||
}
|
||||
|
||||
public function file_put_contents($path, $data) {
|
||||
throw new \OC\ForbiddenException('This request is not allowed to access the filesystem');
|
||||
}
|
||||
|
||||
public function unlink($path) {
|
||||
throw new \OC\ForbiddenException('This request is not allowed to access the filesystem');
|
||||
}
|
||||
|
||||
public function rename($path1, $path2) {
|
||||
throw new \OC\ForbiddenException('This request is not allowed to access the filesystem');
|
||||
}
|
||||
|
||||
public function copy($path1, $path2) {
|
||||
throw new \OC\ForbiddenException('This request is not allowed to access the filesystem');
|
||||
}
|
||||
|
||||
public function fopen($path, $mode) {
|
||||
throw new \OC\ForbiddenException('This request is not allowed to access the filesystem');
|
||||
}
|
||||
|
||||
public function getMimeType($path) {
|
||||
throw new \OC\ForbiddenException('This request is not allowed to access the filesystem');
|
||||
}
|
||||
|
||||
public function hash($type, $path, $raw = false) {
|
||||
throw new \OC\ForbiddenException('This request is not allowed to access the filesystem');
|
||||
}
|
||||
|
||||
public function free_space($path) {
|
||||
return FileInfo::SPACE_UNKNOWN;
|
||||
}
|
||||
|
||||
public function touch($path, $mtime = null) {
|
||||
throw new \OC\ForbiddenException('This request is not allowed to access the filesystem');
|
||||
}
|
||||
|
||||
public function getLocalFile($path) {
|
||||
return false;
|
||||
}
|
||||
|
||||
public function hasUpdated($path, $time) {
|
||||
return false;
|
||||
}
|
||||
|
||||
public function getETag($path) {
|
||||
return '';
|
||||
}
|
||||
|
||||
public function isLocal() {
|
||||
return false;
|
||||
}
|
||||
|
||||
public function getDirectDownload($path) {
|
||||
return false;
|
||||
}
|
||||
|
||||
public function copyFromStorage(IStorage $sourceStorage, $sourceInternalPath, $targetInternalPath, $preserveMtime = false) {
|
||||
throw new \OC\ForbiddenException('This request is not allowed to access the filesystem');
|
||||
}
|
||||
|
||||
public function moveFromStorage(IStorage $sourceStorage, $sourceInternalPath, $targetInternalPath) {
|
||||
throw new \OC\ForbiddenException('This request is not allowed to access the filesystem');
|
||||
}
|
||||
|
||||
public function test() {
|
||||
return true;
|
||||
}
|
||||
|
||||
public function getOwner($path) {
|
||||
return null;
|
||||
}
|
||||
|
||||
public function getCache($path = '', $storage = null) {
|
||||
return new NullCache();
|
||||
}
|
||||
}
|
||||
|
|
@ -1,83 +0,0 @@
|
|||
<?php
|
||||
/**
|
||||
* @copyright Copyright (c) 2016, Robin Appelman <robin@icewind.nl>
|
||||
*
|
||||
* @author Robin Appelman <robin@icewind.nl>
|
||||
*
|
||||
* @license GNU AGPL version 3 or any later version
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as
|
||||
* published by the Free Software Foundation, either version 3 of the
|
||||
* License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*
|
||||
*/
|
||||
|
||||
namespace OC\Lockdown;
|
||||
|
||||
use OC\Authentication\Token\IToken;
|
||||
use OCP\ISession;
|
||||
use OCP\Lockdown\ILockdownManager;
|
||||
|
||||
class LockdownManager implements ILockdownManager {
|
||||
/** @var ISession */
|
||||
private $sessionCallback;
|
||||
|
||||
private $enabled = false;
|
||||
|
||||
/** @var array|null */
|
||||
private $scope;
|
||||
|
||||
/**
|
||||
* LockdownManager constructor.
|
||||
*
|
||||
* @param callable $sessionCallback we need to inject the session lazily to avoid dependency loops
|
||||
*/
|
||||
public function __construct(callable $sessionCallback) {
|
||||
$this->sessionCallback = $sessionCallback;
|
||||
}
|
||||
|
||||
|
||||
public function enable() {
|
||||
$this->enabled = true;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return ISession
|
||||
*/
|
||||
private function getSession() {
|
||||
$callback = $this->sessionCallback;
|
||||
return $callback();
|
||||
}
|
||||
|
||||
private function getScopeAsArray() {
|
||||
if (!$this->scope) {
|
||||
$session = $this->getSession();
|
||||
$sessionScope = $session->get('token_scope');
|
||||
if ($sessionScope) {
|
||||
$this->scope = $sessionScope;
|
||||
}
|
||||
}
|
||||
return $this->scope;
|
||||
}
|
||||
|
||||
public function setToken(IToken $token) {
|
||||
$this->scope = $token->getScopeAsArray();
|
||||
$session = $this->getSession();
|
||||
$session->set('token_scope', $this->scope);
|
||||
$this->enable();
|
||||
}
|
||||
|
||||
public function canAccessFilesystem() {
|
||||
$scope = $this->getScopeAsArray();
|
||||
return !$scope || $scope['filesystem'];
|
||||
}
|
||||
}
|
||||
|
|
@ -102,7 +102,6 @@ use OC\IntegrityCheck\Helpers\FileAccessHelper;
|
|||
use OC\Lock\DBLockingProvider;
|
||||
use OC\Lock\MemcacheLockingProvider;
|
||||
use OC\Lock\NoopLockingProvider;
|
||||
use OC\Lockdown\LockdownManager;
|
||||
use OC\Log\LogFactory;
|
||||
use OC\Log\PsrLoggerAdapter;
|
||||
use OC\Mail\Mailer;
|
||||
|
|
@ -491,7 +490,6 @@ class Server extends ServerContainer implements IServerContainer {
|
|||
$defaultTokenProvider,
|
||||
$c->getConfig(),
|
||||
$c->getSecureRandom(),
|
||||
$c->getLockdownManager(),
|
||||
$c->getLogger(),
|
||||
$c->query(IEventDispatcher::class)
|
||||
);
|
||||
|
|
@ -1267,12 +1265,6 @@ class Server extends ServerContainer implements IServerContainer {
|
|||
);
|
||||
});
|
||||
|
||||
$this->registerService('LockdownManager', function (Server $c) {
|
||||
return new LockdownManager(function () use ($c) {
|
||||
return $c->getSession();
|
||||
});
|
||||
});
|
||||
|
||||
$this->registerService(\OCP\OCS\IDiscoveryService::class, function (Server $c) {
|
||||
return new DiscoveryService($c->getMemCacheFactory(), $c->getHTTPClientService());
|
||||
});
|
||||
|
|
@ -2168,13 +2160,6 @@ class Server extends ServerContainer implements IServerContainer {
|
|||
return $factory->get($app);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return \OCP\Lockdown\ILockdownManager
|
||||
*/
|
||||
public function getLockdownManager() {
|
||||
return $this->query('LockdownManager');
|
||||
}
|
||||
|
||||
/**
|
||||
* @return \OCP\Federation\ICloudIdManager
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -59,7 +59,6 @@ use OCP\IRequest;
|
|||
use OCP\ISession;
|
||||
use OCP\IUser;
|
||||
use OCP\IUserSession;
|
||||
use OCP\Lockdown\ILockdownManager;
|
||||
use OCP\Security\ISecureRandom;
|
||||
use OCP\Session\Exceptions\SessionNotAvailableException;
|
||||
use OCP\User\Events\PostLoginEvent;
|
||||
|
|
@ -111,9 +110,6 @@ class Session implements IUserSession, Emitter {
|
|||
/** @var ISecureRandom */
|
||||
private $random;
|
||||
|
||||
/** @var ILockdownManager */
|
||||
private $lockdownManager;
|
||||
|
||||
/** @var ILogger */
|
||||
private $logger;
|
||||
/** @var IEventDispatcher */
|
||||
|
|
@ -126,7 +122,6 @@ class Session implements IUserSession, Emitter {
|
|||
* @param IProvider $tokenProvider
|
||||
* @param IConfig $config
|
||||
* @param ISecureRandom $random
|
||||
* @param ILockdownManager $lockdownManager
|
||||
* @param ILogger $logger
|
||||
*/
|
||||
public function __construct(Manager $manager,
|
||||
|
|
@ -135,7 +130,6 @@ class Session implements IUserSession, Emitter {
|
|||
$tokenProvider,
|
||||
IConfig $config,
|
||||
ISecureRandom $random,
|
||||
ILockdownManager $lockdownManager,
|
||||
ILogger $logger,
|
||||
IEventDispatcher $dispatcher
|
||||
) {
|
||||
|
|
@ -145,7 +139,6 @@ class Session implements IUserSession, Emitter {
|
|||
$this->tokenProvider = $tokenProvider;
|
||||
$this->config = $config;
|
||||
$this->random = $random;
|
||||
$this->lockdownManager = $lockdownManager;
|
||||
$this->logger = $logger;
|
||||
$this->dispatcher = $dispatcher;
|
||||
}
|
||||
|
|
@ -391,7 +384,6 @@ class Session implements IUserSession, Emitter {
|
|||
$isToken = isset($loginDetails['token']) && $loginDetails['token'] instanceof IToken;
|
||||
if ($isToken) {
|
||||
$this->setToken($loginDetails['token']->getId());
|
||||
$this->lockdownManager->setToken($loginDetails['token']);
|
||||
$firstTimeLogin = false;
|
||||
} else {
|
||||
$this->setToken(null);
|
||||
|
|
@ -790,9 +782,6 @@ class Session implements IUserSession, Emitter {
|
|||
return false;
|
||||
}
|
||||
|
||||
// Update token scope
|
||||
$this->lockdownManager->setToken($dbToken);
|
||||
|
||||
$this->tokenProvider->updateTokenActivity($dbToken);
|
||||
|
||||
return true;
|
||||
|
|
@ -875,7 +864,6 @@ class Session implements IUserSession, Emitter {
|
|||
$this->setUser($user);
|
||||
$this->setLoginName($token->getLoginName());
|
||||
$this->setToken($token->getId());
|
||||
$this->lockdownManager->setToken($token);
|
||||
$user->updateLastLoginTimestamp();
|
||||
$password = null;
|
||||
try {
|
||||
|
|
|
|||
|
|
@ -1,54 +0,0 @@
|
|||
<?php
|
||||
/**
|
||||
* @copyright Copyright (c) 2016, Robin Appelman <robin@icewind.nl>
|
||||
*
|
||||
* @author Robin Appelman <robin@icewind.nl>
|
||||
*
|
||||
* @license GNU AGPL version 3 or any later version
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as
|
||||
* published by the Free Software Foundation, either version 3 of the
|
||||
* License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*
|
||||
*/
|
||||
|
||||
namespace OCP\Lockdown;
|
||||
|
||||
use OC\Authentication\Token\IToken;
|
||||
|
||||
/**
|
||||
* @since 9.2
|
||||
*/
|
||||
interface ILockdownManager {
|
||||
/**
|
||||
* Enable the lockdown restrictions
|
||||
*
|
||||
* @since 9.2
|
||||
*/
|
||||
public function enable();
|
||||
|
||||
/**
|
||||
* Set the active token to get the restrictions from and enable the lockdown
|
||||
*
|
||||
* @param IToken $token
|
||||
* @since 9.2
|
||||
*/
|
||||
public function setToken(IToken $token);
|
||||
|
||||
/**
|
||||
* Check whether or not filesystem access is allowed
|
||||
*
|
||||
* @return bool
|
||||
* @since 9.2
|
||||
*/
|
||||
public function canAccessFilesystem();
|
||||
}
|
||||
Loading…
Reference in New Issue