244 lines
6.8 KiB
PHP
244 lines
6.8 KiB
PHP
<?php
|
|
/**
|
|
* @copyright Copyright (c) 2016, ownCloud, Inc.
|
|
*
|
|
* @author Arthur Schiwon <blizzz@arthur-schiwon.de>
|
|
* @author Bjoern Schiessle <bjoern@schiessle.org>
|
|
* @author Björn Schießle <bjoern@schiessle.org>
|
|
* @author Christoph Wurst <christoph@winzerhof-wurst.at>
|
|
* @author Joas Schilling <coding@schilljs.com>
|
|
* @author Lukas Reschke <lukas@statuscode.ch>
|
|
* @author Morris Jobke <hey@morrisjobke.de>
|
|
* @author Robin Appelman <robin@icewind.nl>
|
|
* @author Roeland Jago Douma <roeland@famdouma.nl>
|
|
*
|
|
* @license AGPL-3.0
|
|
*
|
|
* This code is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU Affero General Public License, version 3,
|
|
* as published by the Free Software Foundation.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU Affero General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Affero General Public License, version 3,
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>
|
|
*
|
|
*/
|
|
|
|
namespace OCA\Federation\BackgroundJob;
|
|
|
|
use GuzzleHttp\Exception\ClientException;
|
|
use GuzzleHttp\Exception\RequestException;
|
|
use OCA\Federation\TrustedServers;
|
|
use OCP\AppFramework\Http;
|
|
use OCP\AppFramework\Utility\ITimeFactory;
|
|
use OCP\BackgroundJob\IJobList;
|
|
use OCP\BackgroundJob\Job;
|
|
use OCP\Http\Client\IClient;
|
|
use OCP\Http\Client\IClientService;
|
|
use OCP\Http\Client\IResponse;
|
|
use OCP\ILogger;
|
|
use OCP\IURLGenerator;
|
|
use OCP\OCS\IDiscoveryService;
|
|
|
|
/**
|
|
* Class GetSharedSecret
|
|
*
|
|
* request shared secret from remote Nextcloud
|
|
*
|
|
* @package OCA\Federation\Backgroundjob
|
|
*/
|
|
class GetSharedSecret extends Job {
|
|
|
|
/** @var IClient */
|
|
private $httpClient;
|
|
|
|
/** @var IJobList */
|
|
private $jobList;
|
|
|
|
/** @var IURLGenerator */
|
|
private $urlGenerator;
|
|
|
|
/** @var TrustedServers */
|
|
private $trustedServers;
|
|
|
|
/** @var IDiscoveryService */
|
|
private $ocsDiscoveryService;
|
|
|
|
/** @var ILogger */
|
|
private $logger;
|
|
|
|
/** @var bool */
|
|
protected $retainJob = false;
|
|
|
|
private $defaultEndPoint = '/ocs/v2.php/apps/federation/api/v1/shared-secret';
|
|
|
|
/** @var int 30 day = 2592000sec */
|
|
private $maxLifespan = 2592000;
|
|
|
|
/**
|
|
* RequestSharedSecret constructor.
|
|
*
|
|
* @param IClientService $httpClientService
|
|
* @param IURLGenerator $urlGenerator
|
|
* @param IJobList $jobList
|
|
* @param TrustedServers $trustedServers
|
|
* @param ILogger $logger
|
|
* @param IDiscoveryService $ocsDiscoveryService
|
|
* @param ITimeFactory $timeFactory
|
|
*/
|
|
public function __construct(
|
|
IClientService $httpClientService,
|
|
IURLGenerator $urlGenerator,
|
|
IJobList $jobList,
|
|
TrustedServers $trustedServers,
|
|
ILogger $logger,
|
|
IDiscoveryService $ocsDiscoveryService,
|
|
ITimeFactory $timeFactory
|
|
) {
|
|
parent::__construct($timeFactory);
|
|
$this->logger = $logger;
|
|
$this->httpClient = $httpClientService->newClient();
|
|
$this->jobList = $jobList;
|
|
$this->urlGenerator = $urlGenerator;
|
|
$this->ocsDiscoveryService = $ocsDiscoveryService;
|
|
$this->trustedServers = $trustedServers;
|
|
}
|
|
|
|
/**
|
|
* run the job, then remove it from the joblist
|
|
*
|
|
* @param IJobList $jobList
|
|
* @param ILogger|null $logger
|
|
*/
|
|
public function execute(IJobList $jobList, ILogger $logger = null) {
|
|
$target = $this->argument['url'];
|
|
// only execute if target is still in the list of trusted domains
|
|
if ($this->trustedServers->isTrustedServer($target)) {
|
|
$this->parentExecute($jobList, $logger);
|
|
}
|
|
|
|
$jobList->remove($this, $this->argument);
|
|
|
|
if ($this->retainJob) {
|
|
$this->reAddJob($this->argument);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* call execute() method of parent
|
|
*
|
|
* @param IJobList $jobList
|
|
* @param ILogger $logger
|
|
*/
|
|
protected function parentExecute($jobList, $logger = null) {
|
|
parent::execute($jobList, $logger);
|
|
}
|
|
|
|
protected function run($argument) {
|
|
$target = $argument['url'];
|
|
$created = isset($argument['created']) ? (int)$argument['created'] : $this->time->getTime();
|
|
$currentTime = $this->time->getTime();
|
|
$source = $this->urlGenerator->getAbsoluteURL('/');
|
|
$source = rtrim($source, '/');
|
|
$token = $argument['token'];
|
|
|
|
// kill job after 30 days of trying
|
|
$deadline = $currentTime - $this->maxLifespan;
|
|
if ($created < $deadline) {
|
|
$this->retainJob = false;
|
|
$this->trustedServers->setServerStatus($target,TrustedServers::STATUS_FAILURE);
|
|
return;
|
|
}
|
|
|
|
$endPoints = $this->ocsDiscoveryService->discover($target, 'FEDERATED_SHARING');
|
|
$endPoint = isset($endPoints['shared-secret']) ? $endPoints['shared-secret'] : $this->defaultEndPoint;
|
|
|
|
// make sure that we have a well formatted url
|
|
$url = rtrim($target, '/') . '/' . trim($endPoint, '/');
|
|
|
|
$result = null;
|
|
try {
|
|
$result = $this->httpClient->get(
|
|
$url,
|
|
[
|
|
'query' =>
|
|
[
|
|
'url' => $source,
|
|
'token' => $token,
|
|
'format' => 'json',
|
|
],
|
|
'timeout' => 3,
|
|
'connect_timeout' => 3,
|
|
]
|
|
);
|
|
|
|
$status = $result->getStatusCode();
|
|
} catch (ClientException $e) {
|
|
$status = $e->getCode();
|
|
if ($status === Http::STATUS_FORBIDDEN) {
|
|
$this->logger->info($target . ' refused to exchange a shared secret with you.', ['app' => 'federation']);
|
|
} else {
|
|
$this->logger->info($target . ' responded with a ' . $status . ' containing: ' . $e->getMessage(), ['app' => 'federation']);
|
|
}
|
|
} catch (RequestException $e) {
|
|
$status = -1; // There is no status code if we could not connect
|
|
$this->logger->logException($e, [
|
|
'message' => 'Could not connect to ' . $target,
|
|
'level' => ILogger::INFO,
|
|
'app' => 'federation',
|
|
]);
|
|
} catch (\Throwable $e) {
|
|
$status = Http::STATUS_INTERNAL_SERVER_ERROR;
|
|
$this->logger->logException($e, ['app' => 'federation']);
|
|
}
|
|
|
|
// if we received a unexpected response we try again later
|
|
if (
|
|
$status !== Http::STATUS_OK
|
|
&& $status !== Http::STATUS_FORBIDDEN
|
|
) {
|
|
$this->retainJob = true;
|
|
}
|
|
|
|
if ($status === Http::STATUS_OK && $result instanceof IResponse) {
|
|
$body = $result->getBody();
|
|
$result = json_decode($body, true);
|
|
if (isset($result['ocs']['data']['sharedSecret'])) {
|
|
$this->trustedServers->addSharedSecret(
|
|
$target,
|
|
$result['ocs']['data']['sharedSecret']
|
|
);
|
|
} else {
|
|
$this->logger->error(
|
|
'remote server "' . $target . '"" does not return a valid shared secret. Received data: ' . $body,
|
|
['app' => 'federation']
|
|
);
|
|
$this->trustedServers->setServerStatus($target, TrustedServers::STATUS_FAILURE);
|
|
}
|
|
}
|
|
}
|
|
|
|
/**
|
|
* re-add background job
|
|
*
|
|
* @param array $argument
|
|
*/
|
|
protected function reAddJob(array $argument) {
|
|
$url = $argument['url'];
|
|
$created = isset($argument['created']) ? (int)$argument['created'] : $this->time->getTime();
|
|
$token = $argument['token'];
|
|
$this->jobList->add(
|
|
GetSharedSecret::class,
|
|
[
|
|
'url' => $url,
|
|
'token' => $token,
|
|
'created' => $created
|
|
]
|
|
);
|
|
}
|
|
}
|