nextcloud/apps/federatedfilesharing/lib/Controller/RequestHandlerController.php

572 lines
17 KiB
PHP

<?php
/**
* @copyright Copyright (c) 2016, ownCloud, Inc.
*
* @author Arthur Schiwon <blizzz@arthur-schiwon.de>
* @author Bjoern Schiessle <bjoern@schiessle.org>
* @author Björn Schießle <bjoern@schiessle.org>
* @author Joas Schilling <coding@schilljs.com>
* @author Lukas Reschke <lukas@statuscode.ch>
* @author Morris Jobke <hey@morrisjobke.de>
* @author Robin Appelman <robin@icewind.nl>
* @author Roeland Jago Douma <roeland@famdouma.nl>
*
* @license AGPL-3.0
*
* This code is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License, version 3,
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License, version 3,
* along with this program. If not, see <http://www.gnu.org/licenses/>
*
*/
namespace OCA\FederatedFileSharing\Controller;
use OCA\Files_Sharing\Activity\Providers\RemoteShares;
use OCA\FederatedFileSharing\AddressHandler;
use OCA\FederatedFileSharing\FederatedShareProvider;
use OCA\FederatedFileSharing\Notifications;
use OCP\AppFramework\Http;
use OCP\AppFramework\OCS\OCSBadRequestException;
use OCP\AppFramework\OCS\OCSException;
use OCP\AppFramework\OCS\OCSForbiddenException;
use OCP\AppFramework\OCS\OCSNotFoundException;
use OCP\AppFramework\OCSController;
use OCP\Constants;
use OCP\Federation\Exceptions\ProviderCouldNotAddShareException;
use OCP\Federation\Exceptions\ProviderDoesNotExistsException;
use OCP\Federation\Exceptions\ShareNotFoundException;
use OCP\Federation\ICloudFederationFactory;
use OCP\Federation\ICloudFederationProviderManager;
use OCP\Federation\ICloudIdManager;
use OCP\Files\NotFoundException;
use OCP\IDBConnection;
use OCP\ILogger;
use OCP\IRequest;
use OCP\IUserManager;
use OCP\Share;
use OCP\Share\IShare;
class RequestHandlerController extends OCSController {
/** @var FederatedShareProvider */
private $federatedShareProvider;
/** @var IDBConnection */
private $connection;
/** @var Share\IManager */
private $shareManager;
/** @var Notifications */
private $notifications;
/** @var AddressHandler */
private $addressHandler;
/** @var IUserManager */
private $userManager;
/** @var string */
private $shareTable = 'share';
/** @var ICloudIdManager */
private $cloudIdManager;
/** @var ILogger */
private $logger;
/** @var ICloudFederationFactory */
private $cloudFederationFactory;
/** @var ICloudFederationProviderManager */
private $cloudFederationProviderManager;
/**
* Server2Server constructor.
*
* @param string $appName
* @param IRequest $request
* @param FederatedShareProvider $federatedShareProvider
* @param IDBConnection $connection
* @param Share\IManager $shareManager
* @param Notifications $notifications
* @param AddressHandler $addressHandler
* @param IUserManager $userManager
* @param ICloudIdManager $cloudIdManager
* @param ILogger $logger
* @param ICloudFederationFactory $cloudFederationFactory
* @param ICloudFederationProviderManager $cloudFederationProviderManager
*/
public function __construct($appName,
IRequest $request,
FederatedShareProvider $federatedShareProvider,
IDBConnection $connection,
Share\IManager $shareManager,
Notifications $notifications,
AddressHandler $addressHandler,
IUserManager $userManager,
ICloudIdManager $cloudIdManager,
ILogger $logger,
ICloudFederationFactory $cloudFederationFactory,
ICloudFederationProviderManager $cloudFederationProviderManager
) {
parent::__construct($appName, $request);
$this->federatedShareProvider = $federatedShareProvider;
$this->connection = $connection;
$this->shareManager = $shareManager;
$this->notifications = $notifications;
$this->addressHandler = $addressHandler;
$this->userManager = $userManager;
$this->cloudIdManager = $cloudIdManager;
$this->logger = $logger;
$this->cloudFederationFactory = $cloudFederationFactory;
$this->cloudFederationProviderManager = $cloudFederationProviderManager;
}
/**
* @NoCSRFRequired
* @PublicPage
*
* create a new share
*
* @return Http\DataResponse
* @throws OCSException
*/
public function createShare() {
$remote = isset($_POST['remote']) ? $_POST['remote'] : null;
$token = isset($_POST['token']) ? $_POST['token'] : null;
$name = isset($_POST['name']) ? $_POST['name'] : null;
$owner = isset($_POST['owner']) ? $_POST['owner'] : null;
$sharedBy = isset($_POST['sharedBy']) ? $_POST['sharedBy'] : null;
$shareWith = isset($_POST['shareWith']) ? $_POST['shareWith'] : null;
$remoteId = isset($_POST['remoteId']) ? (int)$_POST['remoteId'] : null;
$sharedByFederatedId = isset($_POST['sharedByFederatedId']) ? $_POST['sharedByFederatedId'] : null;
$ownerFederatedId = isset($_POST['ownerFederatedId']) ? $_POST['ownerFederatedId'] : null;
if ($ownerFederatedId === null) {
$ownerFederatedId = $this->cloudIdManager->getCloudId($owner, $this->cleanupRemote($remote))->getId();
}
// if the owner of the share and the initiator are the same user
// we also complete the federated share ID for the initiator
if ($sharedByFederatedId === null && $owner === $sharedBy) {
$sharedByFederatedId = $ownerFederatedId;
}
$share = $this->cloudFederationFactory->getCloudFederationShare(
$shareWith,
$name,
'',
$remoteId,
$ownerFederatedId,
$owner,
$sharedByFederatedId,
$sharedBy,
$token,
'user',
'file'
);
try {
$provider = $this->cloudFederationProviderManager->getCloudFederationProvider('file');
$provider->shareReceived($share);
} catch (ProviderDoesNotExistsException $e) {
throw new OCSException('Server does not support federated cloud sharing', 503);
} catch (ProviderCouldNotAddShareException $e) {
throw new OCSException($e->getMessage(), $e->getCode());
} catch (\Exception $e) {
throw new OCSException('internal server error, was not able to add share from ' . $remote, 500);
}
return new Http\DataResponse();
}
/**
* @NoCSRFRequired
* @PublicPage
*
* create re-share on behalf of another user
*
* @param int $id
* @return Http\DataResponse
* @throws OCSBadRequestException
* @throws OCSForbiddenException
* @throws OCSNotFoundException
*/
public function reShare($id) {
$token = $this->request->getParam('token', null);
$shareWith = $this->request->getParam('shareWith', null);
$permission = (int)$this->request->getParam('permission', null);
$remoteId = (int)$this->request->getParam('remoteId', null);
if ($id === null ||
$token === null ||
$shareWith === null ||
$permission === null ||
$remoteId === null
) {
throw new OCSBadRequestException();
}
$notification = [
'sharedSecret' => $token,
'shareWith' => $shareWith,
'senderId' => $remoteId,
'message' => 'Recipient of a share ask the owner to reshare the file'
];
try {
$provider = $this->cloudFederationProviderManager->getCloudFederationProvider('file');
list($newToken, $localId) = $provider->notificationReceived('REQUEST_RESHARE', $id, $notification);
return new Http\DataResponse([
'token' => $newToken,
'remoteId' => $localId
]);
} catch (ProviderDoesNotExistsException $e) {
throw new OCSException('Server does not support federated cloud sharing', 503);
} catch (ShareNotFoundException $e) {
$this->logger->debug('Share not found: ' . $e->getMessage());
} catch (ProviderCouldNotAddShareException $e) {
$this->logger->debug('Could not add reshare: ' . $e->getMessage());
throw new OCSForbiddenException();
} catch (\Exception $e) {
$this->logger->debug('internal server error, can not process notification: ' . $e->getMessage());
}
throw new OCSBadRequestException();
}
/**
* @NoCSRFRequired
* @PublicPage
*
* accept server-to-server share
*
* @param int $id
* @return Http\DataResponse
* @throws OCSException
* @throws Share\Exceptions\ShareNotFound
* @throws \OC\HintException
*/
public function acceptShare($id) {
$token = isset($_POST['token']) ? $_POST['token'] : null;
$notification = [
'sharedSecret' => $token,
'message' => 'Recipient accept the share'
];
try {
$provider = $this->cloudFederationProviderManager->getCloudFederationProvider('file');
$provider->notificationReceived('SHARE_ACCEPTED', $id, $notification);
} catch (ProviderDoesNotExistsException $e) {
throw new OCSException('Server does not support federated cloud sharing', 503);
} catch (ShareNotFoundException $e) {
$this->logger->debug('Share not found: ' . $e->getMessage());
} catch (\Exception $e) {
$this->logger->debug('internal server error, can not process notification: ' . $e->getMessage());
}
return new Http\DataResponse();
}
/**
* @NoCSRFRequired
* @PublicPage
*
* decline server-to-server share
*
* @param int $id
* @return Http\DataResponse
* @throws OCSException
*/
public function declineShare($id) {
$token = isset($_POST['token']) ? $_POST['token'] : null;
$notification = [
'sharedSecret' => $token,
'message' => 'Recipient declined the share'
];
try {
$provider = $this->cloudFederationProviderManager->getCloudFederationProvider('file');
$provider->notificationReceived('SHARE_DECLINED', $id, $notification);
} catch (ProviderDoesNotExistsException $e) {
throw new OCSException('Server does not support federated cloud sharing', 503);
} catch (ShareNotFoundException $e) {
$this->logger->debug('Share not found: ' . $e->getMessage());
} catch (\Exception $e) {
$this->logger->debug('internal server error, can not process notification: ' . $e->getMessage());
}
return new Http\DataResponse();
}
/**
* @NoCSRFRequired
* @PublicPage
*
* remove server-to-server share if it was unshared by the owner
*
* @param int $id
* @return Http\DataResponse
* @throws OCSException
*/
public function unshare($id) {
if (!$this->isS2SEnabled()) {
throw new OCSException('Server does not support federated cloud sharing', 503);
}
$token = isset($_POST['token']) ? $_POST['token'] : null;
$qb = $this->connection->getQueryBuilder();
$qb->select('*')
->from('share_external')
->where(
$qb->expr()->andX(
$qb->expr()->eq('remote_id', $qb->createNamedParameter($id)),
$qb->expr()->eq('share_token', $qb->createNamedParameter($token))
)
);
$result = $qb->execute();
$share = $result->fetch();
$result->closeCursor();
if ($token && $id && !empty($share)) {
$remote = $this->cleanupRemote($share['remote']);
$owner = $this->cloudIdManager->getCloudId($share['owner'], $remote);
$mountpoint = $share['mountpoint'];
$user = $share['user'];
$qb = $this->connection->getQueryBuilder();
$qb->delete('share_external')
->where(
$qb->expr()->andX(
$qb->expr()->eq('remote_id', $qb->createNamedParameter($id)),
$qb->expr()->eq('share_token', $qb->createNamedParameter($token))
)
);
$result = $qb->execute();
$result->closeCursor();
if ($share['accepted']) {
$path = trim($mountpoint, '/');
} else {
$path = trim($share['name'], '/');
}
$notificationManager = \OC::$server->getNotificationManager();
$notification = $notificationManager->createNotification();
$notification->setApp('files_sharing')
->setUser($share['user'])
->setObject('remote_share', (int)$share['id']);
$notificationManager->markProcessed($notification);
$event = \OC::$server->getActivityManager()->generateEvent();
$event->setApp('files_sharing')
->setType('remote_share')
->setSubject(RemoteShares::SUBJECT_REMOTE_SHARE_UNSHARED, [$owner->getId(), $path])
->setAffectedUser($user)
->setObject('remote_share', (int)$share['id'], $path);
\OC::$server->getActivityManager()->publish($event);
}
return new Http\DataResponse();
}
private function cleanupRemote($remote) {
$remote = substr($remote, strpos($remote, '://') + 3);
return rtrim($remote, '/');
}
/**
* @NoCSRFRequired
* @PublicPage
*
* federated share was revoked, either by the owner or the re-sharer
*
* @param int $id
* @return Http\DataResponse
* @throws OCSBadRequestException
*/
public function revoke($id) {
$token = $this->request->getParam('token');
$share = $this->federatedShareProvider->getShareById($id);
if ($this->verifyShare($share, $token)) {
$this->federatedShareProvider->removeShareFromTable($share);
return new Http\DataResponse();
}
throw new OCSBadRequestException();
}
/**
* get share
*
* @param int $id
* @param string $token
* @return array|bool
*/
protected function getShare($id, $token) {
$query = $this->connection->getQueryBuilder();
$query->select('*')->from($this->shareTable)
->where($query->expr()->eq('token', $query->createNamedParameter($token)))
->andWhere($query->expr()->eq('share_type', $query->createNamedParameter(FederatedShareProvider::SHARE_TYPE_REMOTE)))
->andWhere($query->expr()->eq('id', $query->createNamedParameter($id)));
$result = $query->execute()->fetchAll();
if (!empty($result) && isset($result[0])) {
return $result[0];
}
return false;
}
/**
* get file
*
* @param string $user
* @param int $fileSource
* @return array with internal path of the file and a absolute link to it
*/
private function getFile($user, $fileSource) {
\OC_Util::setupFS($user);
try {
$file = \OC\Files\Filesystem::getPath($fileSource);
} catch (NotFoundException $e) {
$file = null;
}
$args = \OC\Files\Filesystem::is_dir($file) ? array('dir' => $file) : array('dir' => dirname($file), 'scrollto' => $file);
$link = \OCP\Util::linkToAbsolute('files', 'index.php', $args);
return array($file, $link);
}
/**
* check if server-to-server sharing is enabled
*
* @param bool $incoming
* @return bool
*/
private function isS2SEnabled($incoming = false) {
$result = \OCP\App::isEnabled('files_sharing');
if ($incoming) {
$result = $result && $this->federatedShareProvider->isIncomingServer2serverShareEnabled();
} else {
$result = $result && $this->federatedShareProvider->isOutgoingServer2serverShareEnabled();
}
return $result;
}
/**
* @NoCSRFRequired
* @PublicPage
*
* update share information to keep federated re-shares in sync
*
* @param int $id
* @return Http\DataResponse
* @throws OCSBadRequestException
*/
public function updatePermissions($id) {
$token = $this->request->getParam('token', null);
$permissions = $this->request->getParam('permissions', null);
try {
$share = $this->federatedShareProvider->getShareById($id);
} catch (Share\Exceptions\ShareNotFound $e) {
throw new OCSBadRequestException();
}
$validPermission = ctype_digit($permissions);
$validToken = $this->verifyShare($share, $token);
if ($validPermission && $validToken) {
$this->updatePermissionsInDatabase($share, (int)$permissions);
} else {
throw new OCSBadRequestException();
}
return new Http\DataResponse();
}
/**
* update permissions in database
*
* @param IShare $share
* @param int $permissions
*/
protected function updatePermissionsInDatabase(IShare $share, $permissions) {
$query = $this->connection->getQueryBuilder();
$query->update('share')
->where($query->expr()->eq('id', $query->createNamedParameter($share->getId())))
->set('permissions', $query->createNamedParameter($permissions))
->execute();
}
/**
* @NoCSRFRequired
* @PublicPage
*
* change the owner of a server-to-server share
*
* @param int $id
* @return Http\DataResponse
* @throws \InvalidArgumentException
* @throws OCSException
*/
public function move($id) {
if (!$this->isS2SEnabled()) {
throw new OCSException('Server does not support federated cloud sharing', 503);
}
$token = $this->request->getParam('token');
$remote = $this->request->getParam('remote');
$newRemoteId = $this->request->getParam('remote_id', $id);
$cloudId = $this->cloudIdManager->resolveCloudId($remote);
$qb = $this->connection->getQueryBuilder();
$query = $qb->update('share_external')
->set('remote', $qb->createNamedParameter($cloudId->getRemote()))
->set('owner', $qb->createNamedParameter($cloudId->getUser()))
->set('remote_id', $qb->createNamedParameter($newRemoteId))
->where($qb->expr()->eq('remote_id', $qb->createNamedParameter($id)))
->andWhere($qb->expr()->eq('share_token', $qb->createNamedParameter($token)));
$affected = $query->execute();
if ($affected > 0) {
return new Http\DataResponse(['remote' => $cloudId->getRemote(), 'owner' => $cloudId->getUser()]);
} else {
throw new OCSBadRequestException('Share not found or token invalid');
}
}
}