Remove LockdownManager

Signed-off-by: Gary Kim <gary@garykim.dev>

lib/private/Files/Filesystem.php

@@ -62,7 +62,6 @@ namespace OC\Files;
 use OC\Cache\CappedMemoryCache;
 use OC\Files\Config\MountProviderCollection;
 use OC\Files\Mount\MountPoint;
-use OC\Lockdown\Filesystem\NullStorage;
 use OCP\Files\Config\IMountProvider;
 use OCP\Files\NotFoundException;
 use OCP\Files\Storage\IStorageFactory;

lib/private/Lockdown/Filesystem/NullCache.php

@@ -1,125 +0,0 @@
-<?php
-/**
- * @copyright Copyright (c) 2016, Robin Appelman <robin@icewind.nl>
- *
- * @author Robin Appelman <robin@icewind.nl>
- *
- * @license GNU AGPL version 3 or any later version
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
- */
-
-namespace OC\Lockdown\Filesystem;
-
-use OC\Files\Cache\CacheEntry;
-use OCP\Constants;
-use OCP\Files\Cache\ICache;
-use OCP\Files\FileInfo;
-use OCP\Files\Search\ISearchQuery;
-
-class NullCache implements ICache {
-	public function getNumericStorageId() {
-		return -1;
-	}
-
-	public function get($file) {
-		return $file !== '' ? null :
-			new CacheEntry([
-				'fileid' => -1,
-				'parent' => -1,
-				'name' => '',
-				'path' => '',
-				'size' => '0',
-				'mtime' => time(),
-				'storage_mtime' => time(),
-				'etag' => '',
-				'mimetype' => FileInfo::MIMETYPE_FOLDER,
-				'mimepart' => 'httpd',
-				'permissions' => Constants::PERMISSION_READ
-			]);
-	}
-
-	public function getFolderContents($folder) {
-		return [];
-	}
-
-	public function getFolderContentsById($fileId) {
-		return [];
-	}
-
-	public function put($file, array $data) {
-		throw new \OC\ForbiddenException('This request is not allowed to access the filesystem');
-	}
-
-	public function insert($file, array $data) {
-		throw new \OC\ForbiddenException('This request is not allowed to access the filesystem');
-	}
-
-	public function update($id, array $data) {
-		throw new \OC\ForbiddenException('This request is not allowed to access the filesystem');
-	}
-
-	public function getId($file) {
-		return -1;
-	}
-
-	public function getParentId($file) {
-		return -1;
-	}
-
-	public function inCache($file) {
-		return $file === '';
-	}
-
-	public function remove($file) {
-		throw new \OC\ForbiddenException('This request is not allowed to access the filesystem');
-	}
-
-	public function move($source, $target) {
-		throw new \OC\ForbiddenException('This request is not allowed to access the filesystem');
-	}
-
-	public function moveFromCache(ICache $sourceCache, $sourcePath, $targetPath) {
-		throw new \OC\ForbiddenException('This request is not allowed to access the filesystem');
-	}
-
-	public function getStatus($file) {
-		return ICache::COMPLETE;
-	}
-
-	public function search($pattern) {
-		return [];
-	}
-
-	public function searchByMime($mimetype) {
-		return [];
-	}
-
-	public function searchQuery(ISearchQuery $query) {
-		return [];
-	}
-
-	public function getIncomplete() {
-		return [];
-	}
-
-	public function getPathById($id) {
-		return '';
-	}
-
-	public function normalize($path) {
-		return $path;
-	}
-}

lib/private/Lockdown/Filesystem/NullStorage.php

@@ -1,184 +0,0 @@
-<?php
-/**
- * @copyright Copyright (c) 2016, Robin Appelman <robin@icewind.nl>
- *
- * @author Lukas Reschke <lukas@statuscode.ch>
- * @author Robin Appelman <robin@icewind.nl>
- *
- * @license GNU AGPL version 3 or any later version
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
- */
-
-namespace OC\Lockdown\Filesystem;
-
-use Icewind\Streams\IteratorDirectory;
-use OC\Files\FileInfo;
-use OC\Files\Storage\Common;
-use OCP\Files\Storage\IStorage;
-
-class NullStorage extends Common {
-	public function __construct($parameters) {
-		parent::__construct($parameters);
-	}
-
-	public function getId() {
-		return 'null';
-	}
-
-	public function mkdir($path) {
-		throw new \OC\ForbiddenException('This request is not allowed to access the filesystem');
-	}
-
-	public function rmdir($path) {
-		throw new \OC\ForbiddenException('This request is not allowed to access the filesystem');
-	}
-
-	public function opendir($path) {
-		return new IteratorDirectory([]);
-	}
-
-	public function is_dir($path) {
-		return $path === '';
-	}
-
-	public function is_file($path) {
-		return false;
-	}
-
-	public function stat($path) {
-		throw new \OC\ForbiddenException('This request is not allowed to access the filesystem');
-	}
-
-	public function filetype($path) {
-		return ($path === '') ? 'dir' : false;
-	}
-
-	public function filesize($path) {
-		throw new \OC\ForbiddenException('This request is not allowed to access the filesystem');
-	}
-
-	public function isCreatable($path) {
-		return false;
-	}
-
-	public function isReadable($path) {
-		return $path === '';
-	}
-
-	public function isUpdatable($path) {
-		return false;
-	}
-
-	public function isDeletable($path) {
-		return false;
-	}
-
-	public function isSharable($path) {
-		return false;
-	}
-
-	public function getPermissions($path) {
-		return null;
-	}
-
-	public function file_exists($path) {
-		return $path === '';
-	}
-
-	public function filemtime($path) {
-		return ($path === '') ? time() : false;
-	}
-
-	public function file_get_contents($path) {
-		throw new \OC\ForbiddenException('This request is not allowed to access the filesystem');
-	}
-
-	public function file_put_contents($path, $data) {
-		throw new \OC\ForbiddenException('This request is not allowed to access the filesystem');
-	}
-
-	public function unlink($path) {
-		throw new \OC\ForbiddenException('This request is not allowed to access the filesystem');
-	}
-
-	public function rename($path1, $path2) {
-		throw new \OC\ForbiddenException('This request is not allowed to access the filesystem');
-	}
-
-	public function copy($path1, $path2) {
-		throw new \OC\ForbiddenException('This request is not allowed to access the filesystem');
-	}
-
-	public function fopen($path, $mode) {
-		throw new \OC\ForbiddenException('This request is not allowed to access the filesystem');
-	}
-
-	public function getMimeType($path) {
-		throw new \OC\ForbiddenException('This request is not allowed to access the filesystem');
-	}
-
-	public function hash($type, $path, $raw = false) {
-		throw new \OC\ForbiddenException('This request is not allowed to access the filesystem');
-	}
-
-	public function free_space($path) {
-		return FileInfo::SPACE_UNKNOWN;
-	}
-
-	public function touch($path, $mtime = null) {
-		throw new \OC\ForbiddenException('This request is not allowed to access the filesystem');
-	}
-
-	public function getLocalFile($path) {
-		return false;
-	}
-
-	public function hasUpdated($path, $time) {
-		return false;
-	}
-
-	public function getETag($path) {
-		return '';
-	}
-
-	public function isLocal() {
-		return false;
-	}
-
-	public function getDirectDownload($path) {
-		return false;
-	}
-
-	public function copyFromStorage(IStorage $sourceStorage, $sourceInternalPath, $targetInternalPath, $preserveMtime = false) {
-		throw new \OC\ForbiddenException('This request is not allowed to access the filesystem');
-	}
-
-	public function moveFromStorage(IStorage $sourceStorage, $sourceInternalPath, $targetInternalPath) {
-		throw new \OC\ForbiddenException('This request is not allowed to access the filesystem');
-	}
-
-	public function test() {
-		return true;
-	}
-
-	public function getOwner($path) {
-		return null;
-	}
-
-	public function getCache($path = '', $storage = null) {
-		return new NullCache();
-	}
-}

lib/private/Lockdown/LockdownManager.php

@@ -1,83 +0,0 @@
-<?php
-/**
- * @copyright Copyright (c) 2016, Robin Appelman <robin@icewind.nl>
- *
- * @author Robin Appelman <robin@icewind.nl>
- *
- * @license GNU AGPL version 3 or any later version
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
- */
-
-namespace OC\Lockdown;
-
-use OC\Authentication\Token\IToken;
-use OCP\ISession;
-use OCP\Lockdown\ILockdownManager;
-
-class LockdownManager implements ILockdownManager {
-	/** @var ISession */
-	private $sessionCallback;
-
-	private $enabled = false;
-
-	/** @var array|null */
-	private $scope;
-
-	/**
-	 * LockdownManager constructor.
-	 *
-	 * @param callable $sessionCallback we need to inject the session lazily to avoid dependency loops
-	 */
-	public function __construct(callable $sessionCallback) {
-		$this->sessionCallback = $sessionCallback;
-	}
-
-
-	public function enable() {
-		$this->enabled = true;
-	}
-
-	/**
-	 * @return ISession
-	 */
-	private function getSession() {
-		$callback = $this->sessionCallback;
-		return $callback();
-	}
-
-	private function getScopeAsArray() {
-		if (!$this->scope) {
-			$session = $this->getSession();
-			$sessionScope = $session->get('token_scope');
-			if ($sessionScope) {
-				$this->scope = $sessionScope;
-			}
-		}
-		return $this->scope;
-	}
-
-	public function setToken(IToken $token) {
-		$this->scope = $token->getScopeAsArray();
-		$session = $this->getSession();
-		$session->set('token_scope', $this->scope);
-		$this->enable();
-	}
-
-	public function canAccessFilesystem() {
-		$scope = $this->getScopeAsArray();
-		return !$scope || $scope['filesystem'];
-	}
-}

lib/private/Server.php

@@ -102,7 +102,6 @@ use OC\IntegrityCheck\Helpers\FileAccessHelper;
 use OC\Lock\DBLockingProvider;
 use OC\Lock\MemcacheLockingProvider;
 use OC\Lock\NoopLockingProvider;
-use OC\Lockdown\LockdownManager;
 use OC\Log\LogFactory;
 use OC\Log\PsrLoggerAdapter;
 use OC\Mail\Mailer;
@@ -491,7 +490,6 @@ class Server extends ServerContainer implements IServerContainer {
 				$defaultTokenProvider,
 				$c->getConfig(),
 				$c->getSecureRandom(),
-				$c->getLockdownManager(),
 				$c->getLogger(),
 				$c->query(IEventDispatcher::class)
 			);
@@ -1267,12 +1265,6 @@ class Server extends ServerContainer implements IServerContainer {
 			);
 		});
 
-		$this->registerService('LockdownManager', function (Server $c) {
-			return new LockdownManager(function () use ($c) {
-				return $c->getSession();
-			});
-		});
-
 		$this->registerService(\OCP\OCS\IDiscoveryService::class, function (Server $c) {
 			return new DiscoveryService($c->getMemCacheFactory(), $c->getHTTPClientService());
 		});
@@ -2168,13 +2160,6 @@ class Server extends ServerContainer implements IServerContainer {
 		return $factory->get($app);
 	}
 
-	/**
-	 * @return \OCP\Lockdown\ILockdownManager
-	 */
-	public function getLockdownManager() {
-		return $this->query('LockdownManager');
-	}
-
 	/**
 	 * @return \OCP\Federation\ICloudIdManager
 	 */

lib/private/User/Session.php

@@ -59,7 +59,6 @@ use OCP\IRequest;
 use OCP\ISession;
 use OCP\IUser;
 use OCP\IUserSession;
-use OCP\Lockdown\ILockdownManager;
 use OCP\Security\ISecureRandom;
 use OCP\Session\Exceptions\SessionNotAvailableException;
 use OCP\User\Events\PostLoginEvent;
@@ -111,9 +110,6 @@ class Session implements IUserSession, Emitter {
 	/** @var ISecureRandom */
 	private $random;
 
-	/** @var ILockdownManager  */
-	private $lockdownManager;
-
 	/** @var ILogger */
 	private $logger;
 	/** @var IEventDispatcher */
@@ -126,7 +122,6 @@ class Session implements IUserSession, Emitter {
 	 * @param IProvider $tokenProvider
 	 * @param IConfig $config
 	 * @param ISecureRandom $random
-	 * @param ILockdownManager $lockdownManager
 	 * @param ILogger $logger
 	 */
 	public function __construct(Manager $manager,
@@ -135,7 +130,6 @@ class Session implements IUserSession, Emitter {
 								$tokenProvider,
 								IConfig $config,
 								ISecureRandom $random,
-								ILockdownManager $lockdownManager,
 								ILogger $logger,
 								IEventDispatcher $dispatcher
 	) {
@@ -145,7 +139,6 @@ class Session implements IUserSession, Emitter {
 		$this->tokenProvider = $tokenProvider;
 		$this->config = $config;
 		$this->random = $random;
-		$this->lockdownManager = $lockdownManager;
 		$this->logger = $logger;
 		$this->dispatcher = $dispatcher;
 	}
@@ -391,7 +384,6 @@ class Session implements IUserSession, Emitter {
 		$isToken = isset($loginDetails['token']) && $loginDetails['token'] instanceof IToken;
 		if ($isToken) {
 			$this->setToken($loginDetails['token']->getId());
-			$this->lockdownManager->setToken($loginDetails['token']);
 			$firstTimeLogin = false;
 		} else {
 			$this->setToken(null);
@@ -790,9 +782,6 @@ class Session implements IUserSession, Emitter {
 			return false;
 		}
 
-		// Update token scope
-		$this->lockdownManager->setToken($dbToken);
-
 		$this->tokenProvider->updateTokenActivity($dbToken);
 
 		return true;
@@ -875,7 +864,6 @@ class Session implements IUserSession, Emitter {
 		$this->setUser($user);
 		$this->setLoginName($token->getLoginName());
 		$this->setToken($token->getId());
-		$this->lockdownManager->setToken($token);
 		$user->updateLastLoginTimestamp();
 		$password = null;
 		try {

lib/public/Lockdown/ILockdownManager.php

@@ -1,54 +0,0 @@
-<?php
-/**
- * @copyright Copyright (c) 2016, Robin Appelman <robin@icewind.nl>
- *
- * @author Robin Appelman <robin@icewind.nl>
- *
- * @license GNU AGPL version 3 or any later version
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
- */
-
-namespace OCP\Lockdown;
-
-use OC\Authentication\Token\IToken;
-
-/**
- * @since 9.2
- */
-interface ILockdownManager {
-	/**
-	 * Enable the lockdown restrictions
-	 *
-	 * @since 9.2
-	 */
-	public function enable();
-
-	/**
-	 * Set the active token to get the restrictions from and enable the lockdown
-	 *
-	 * @param IToken $token
-	 * @since 9.2
-	 */
-	public function setToken(IToken $token);
-
-	/**
-	 * Check whether or not filesystem access is allowed
-	 *
-	 * @return bool
-	 * @since 9.2
-	 */
-	public function canAccessFilesystem();
-}