diff --git a/apps/cloud_federation_api/appinfo/routes.php b/apps/cloud_federation_api/appinfo/routes.php index d70b06f821c48..ced6368f239ba 100644 --- a/apps/cloud_federation_api/appinfo/routes.php +++ b/apps/cloud_federation_api/appinfo/routes.php @@ -6,6 +6,7 @@ * @copyright Copyright (c) 2020 Joas Schilling * * @author Joas Schilling + * @author Maxence Lange * * @license GNU AGPL version 3 or any later version * @@ -27,15 +28,22 @@ 'routes' => [ [ 'name' => 'RequestHandler#addShare', - 'url' => '/ocm/shares', + 'url' => '/shares', 'verb' => 'POST', - 'root' => '', + 'root' => '/ocm', ], [ 'name' => 'RequestHandler#receiveNotification', - 'url' => '/ocm/notifications', + 'url' => '/notifications', 'verb' => 'POST', - 'root' => '', + 'root' => '/ocm', ], + // 1.1.0 +// [ +// 'name' => 'RequestHandler#inviteAccepted', +// 'url' => '/invite-accepted', +// 'verb' => 'POST', +// 'root' => '/ocm', +// ] ], ]; diff --git a/apps/cloud_federation_api/lib/Capabilities.php b/apps/cloud_federation_api/lib/Capabilities.php index f1398661ebe00..e17374c08f739 100644 --- a/apps/cloud_federation_api/lib/Capabilities.php +++ b/apps/cloud_federation_api/lib/Capabilities.php @@ -1,9 +1,13 @@ * * @author Bjoern Schiessle * @author Kate Döen + * @author Maxence Lange * * @license GNU AGPL version 3 or any later version * @@ -23,16 +27,20 @@ */ namespace OCA\CloudFederationAPI; +use OC\OCM\Model\OCMProvider; +use OC\OCM\Model\OCMResource; use OCP\Capabilities\ICapability; use OCP\IURLGenerator; +use OCP\OCM\IOCMDiscoveryService; class Capabilities implements ICapability { - /** @var IURLGenerator */ - private $urlGenerator; + public const API_VERSION = '1.0-proposal1'; - public function __construct(IURLGenerator $urlGenerator) { - $this->urlGenerator = $urlGenerator; + public function __construct( + private IURLGenerator $urlGenerator, + private IOCMDiscoveryService $discoveryService + ) { } /** @@ -55,23 +63,19 @@ public function __construct(IURLGenerator $urlGenerator) { */ public function getCapabilities() { $url = $this->urlGenerator->linkToRouteAbsolute('cloud_federation_api.requesthandlercontroller.addShare'); - $capabilities = ['ocm' => - [ - 'enabled' => true, - 'apiVersion' => '1.0-proposal1', - 'endPoint' => substr($url, 0, strrpos($url, '/')), - 'resourceTypes' => [ - [ - 'name' => 'file', - 'shareTypes' => ['user', 'group'], - 'protocols' => [ - 'webdav' => '/public.php/webdav/', - ] - ], - ] - ] - ]; - return $capabilities; + $provider = new OCMProvider(); + $provider->setEnabled(true); + $provider->setApiVersion(self::API_VERSION); + $provider->setEndPoint(substr($url, 0, strrpos($url, '/'))); + + $resource = new OCMResource(); + $resource->setName('file') + ->setShareTypes(['user', 'group']) + ->setProtocols(['webdav' => '/public.php/webdav/']); + + $provider->setResourceTypes([$resource]); + + return ['ocm' => $provider]; } } diff --git a/apps/cloud_federation_api/lib/Controller/RequestHandlerController.php b/apps/cloud_federation_api/lib/Controller/RequestHandlerController.php index 416dca67160d6..0af0cfd606f76 100644 --- a/apps/cloud_federation_api/lib/Controller/RequestHandlerController.php +++ b/apps/cloud_federation_api/lib/Controller/RequestHandlerController.php @@ -30,6 +30,7 @@ use OCP\AppFramework\Controller; use OCP\AppFramework\Http; use OCP\AppFramework\Http\JSONResponse; +use OCP\AppFramework\Http\Response; use OCP\Federation\Exceptions\ActionNotSupportedException; use OCP\Federation\Exceptions\AuthenticationFailedException; use OCP\Federation\Exceptions\BadRequestException; @@ -56,51 +57,20 @@ */ class RequestHandlerController extends Controller { - /** @var LoggerInterface */ - private $logger; - /** @var IUserManager */ - private $userManager; - - /** @var IGroupManager */ - private $groupManager; - - /** @var IURLGenerator */ - private $urlGenerator; - - /** @var ICloudFederationProviderManager */ - private $cloudFederationProviderManager; - - /** @var Config */ - private $config; - - /** @var ICloudFederationFactory */ - private $factory; - - /** @var ICloudIdManager */ - private $cloudIdManager; - - public function __construct($appName, - IRequest $request, - LoggerInterface $logger, - IUserManager $userManager, - IGroupManager $groupManager, - IURLGenerator $urlGenerator, - ICloudFederationProviderManager $cloudFederationProviderManager, - Config $config, - ICloudFederationFactory $factory, - ICloudIdManager $cloudIdManager + public function __construct( + string $appName, + IRequest $request, + private LoggerInterface $logger, + private IUserManager $userManager, + private IGroupManager $groupManager, + private IURLGenerator $urlGenerator, + private ICloudFederationProviderManager $cloudFederationProviderManager, + private Config $config, + private ICloudFederationFactory $factory, + private ICloudIdManager $cloudIdManager ) { parent::__construct($appName, $request); - - $this->logger = $logger; - $this->userManager = $userManager; - $this->groupManager = $groupManager; - $this->urlGenerator = $urlGenerator; - $this->cloudFederationProviderManager = $cloudFederationProviderManager; - $this->config = $config; - $this->factory = $factory; - $this->cloudIdManager = $cloudIdManager; } /** @@ -314,6 +284,19 @@ public function receiveNotification($notificationType, $resourceType, $providerI return new JSONResponse($result,Http::STATUS_CREATED); } + +// OCM 1.1.0 +// /** +// * +// * @NoCSRFRequired +// * @PublicPage +// * @BruteForceProtection(action=federatedShareInvite) +// */ +// public function inviteAccepted(): Response { +// return new Response([]); +// } + + /** * map login name to internal LDAP UID if a LDAP backend is in use * diff --git a/apps/files_sharing/lib/Controller/ExternalSharesController.php b/apps/files_sharing/lib/Controller/ExternalSharesController.php index 4cd09423eaa69..ed58cb4635254 100644 --- a/apps/files_sharing/lib/Controller/ExternalSharesController.php +++ b/apps/files_sharing/lib/Controller/ExternalSharesController.php @@ -134,14 +134,14 @@ public function testRemote($remote) { } if ( - $this->testUrl('https://' . $remote . '/ocs-provider/') || - $this->testUrl('https://' . $remote . '/ocs-provider/index.php') || + $this->testUrl('https://' . $remote . '/ocm-provider/') || + $this->testUrl('https://' . $remote . '/ocm-provider/index.php') || $this->testUrl('https://' . $remote . '/status.php', true) ) { return new DataResponse('https'); } elseif ( - $this->testUrl('http://' . $remote . '/ocs-provider/') || - $this->testUrl('http://' . $remote . '/ocs-provider/index.php') || + $this->testUrl('http://' . $remote . '/ocm-provider/') || + $this->testUrl('http://' . $remote . '/ocm-provider/index.php') || $this->testUrl('http://' . $remote . '/status.php', true) ) { return new DataResponse('http'); diff --git a/apps/files_sharing/lib/External/Storage.php b/apps/files_sharing/lib/External/Storage.php index 9e6c169e14006..8765c3ea8baf5 100644 --- a/apps/files_sharing/lib/External/Storage.php +++ b/apps/files_sharing/lib/External/Storage.php @@ -29,6 +29,7 @@ * along with this program. If not, see * */ + namespace OCA\Files_Sharing\External; use GuzzleHttp\Exception\ClientException; @@ -36,8 +37,8 @@ use GuzzleHttp\Exception\RequestException; use OC\Files\Storage\DAV; use OC\ForbiddenException; -use OCA\Files_Sharing\ISharedStorage; use OCA\Files_Sharing\External\Manager as ExternalShareManager; +use OCA\Files_Sharing\ISharedStorage; use OCP\AppFramework\Http; use OCP\Constants; use OCP\Federation\ICloudId; @@ -46,8 +47,11 @@ use OCP\Files\Storage\IReliableEtagStorage; use OCP\Files\StorageInvalidException; use OCP\Files\StorageNotAvailableException; -use OCP\Http\Client\LocalServerException; use OCP\Http\Client\IClientService; +use OCP\Http\Client\LocalServerException; +use OCP\OCM\Exceptions\OCMArgumentException; +use OCP\OCM\Exceptions\OCMProviderException; +use OCP\OCM\IOCMDiscoveryService; class Storage extends DAV implements ISharedStorage, IDisableEncryptionStorage, IReliableEtagStorage { /** @var ICloudId */ @@ -67,37 +71,42 @@ class Storage extends DAV implements ISharedStorage, IDisableEncryptionStorage, private $manager; /** - * @param array{HttpClientService: IClientService, manager: ExternalShareManager, cloudId: ICloudId, mountpoint: string, token: string, password: ?string}|array $options + * @param array{HttpClientService: IClientService, manager: ExternalShareManager, cloudId: ICloudId, + * mountpoint: string, token: string, password: ?string}|array $options */ public function __construct($options) { $this->memcacheFactory = \OC::$server->getMemCacheFactory(); $this->httpClient = $options['HttpClientService']; - $this->manager = $options['manager']; $this->cloudId = $options['cloudId']; - $discoveryService = \OC::$server->query(\OCP\OCS\IDiscoveryService::class); + $discoveryService = \OCP\Server::get(IOCMDiscoveryService::class); - [$protocol, $remote] = explode('://', $this->cloudId->getRemote()); - if (str_contains($remote, '/')) { - [$host, $root] = explode('/', $remote, 2); - } else { - $host = $remote; - $root = ''; + // use default path to webdav if not found on discovery + try { + $ocmProvider = $discoveryService->discover($this->cloudId->getRemote()); + $webDavEndpoint = $ocmProvider->extractProtocolUrl('file', 'webdav'); + } catch (OCMProviderException|OCMArgumentException $e) { + $webDavEndpoint = '/public.php/webdav'; + } + + // in case remote NC is on a sub folder and using deprecated ocm provider + $tmpPath = rtrim(parse_url($this->cloudId->getRemote(), PHP_URL_PATH), '/'); + if (!str_starts_with($webDavEndpoint, $tmpPath)) { + $webDavEndpoint = $tmpPath . $webDavEndpoint; } - $secure = $protocol === 'https'; - $federatedSharingEndpoints = $discoveryService->discover($this->cloudId->getRemote(), 'FEDERATED_SHARING'); - $webDavEndpoint = isset($federatedSharingEndpoints['webdav']) ? $federatedSharingEndpoints['webdav'] : '/public.php/webdav'; - $root = rtrim($root, '/') . $webDavEndpoint; + $this->mountPoint = $options['mountpoint']; $this->token = $options['token']; - parent::__construct([ - 'secure' => $secure, - 'host' => $host, - 'root' => $root, - 'user' => $options['token'], - 'password' => (string)$options['password'] - ]); + parent::__construct( + [ + 'secure' => (parse_url($ocmProvider->getEndPoint(), PHP_URL_SCHEME) === 'https'), + 'host' => parse_url($ocmProvider->getEndPoint(), PHP_URL_HOST), + 'root' => $webDavEndpoint, + 'user' => $options['token'], + 'password' => (string)$options['password'] + ] + ); } public function getWatcher($path = '', $storage = null) { @@ -108,6 +117,7 @@ public function getWatcher($path = '', $storage = null) { $this->watcher = new Watcher($storage); $this->watcher->setPolicy(\OC\Files\Cache\Watcher::CHECK_ONCE); } + return $this->watcher; } @@ -133,6 +143,7 @@ public function getPassword(): ?string { /** * Get id of the mount point. + * * @return string */ public function getId() { @@ -143,12 +154,14 @@ public function getCache($path = '', $storage = null) { if (is_null($this->cache)) { $this->cache = new Cache($this, $this->cloudId); } + return $this->cache; } /** * @param string $path * @param \OC\Files\Storage\Storage $storage + * * @return \OCA\Files_Sharing\External\Scanner */ public function getScanner($path = '', $storage = null) { @@ -158,6 +171,7 @@ public function getScanner($path = '', $storage = null) { if (!isset($this->scanner)) { $this->scanner = new Scanner($storage); } + return $this->scanner; } @@ -166,9 +180,10 @@ public function getScanner($path = '', $storage = null) { * * @param string $path * @param int $time - * @throws \OCP\Files\StorageNotAvailableException - * @throws \OCP\Files\StorageInvalidException + * * @return bool + * @throws \OCP\Files\StorageInvalidException + * @throws \OCP\Files\StorageNotAvailableException */ public function hasUpdated($path, $time) { // since for owncloud webdav servers we can rely on etag propagation we only need to check the root of the storage @@ -255,9 +270,9 @@ public function file_exists($path) { */ protected function testRemote(): bool { try { - return $this->testRemoteUrl($this->getRemote() . '/ocs-provider/index.php') - || $this->testRemoteUrl($this->getRemote() . '/ocs-provider/') - || $this->testRemoteUrl($this->getRemote() . '/status.php'); + return $this->testRemoteUrl($this->getRemote() . '/ocm-provider/index.php') + || $this->testRemoteUrl($this->getRemote() . '/ocm-provider/') + || $this->testRemoteUrl($this->getRemote() . '/status.php'); } catch (\Exception $e) { return false; } @@ -287,6 +302,7 @@ private function testRemoteUrl(string $url): bool { } $cache->set($url, $returnValue, 60 * 60 * 24); + return $returnValue; } @@ -300,6 +316,7 @@ public function remoteIsOwnCloud(): bool { if (defined('PHPUNIT_RUN') || !$this->testRemoteUrl($this->getRemote() . '/status.php')) { return false; } + return true; } @@ -360,6 +377,7 @@ public function isSharable($path): bool { if (\OCP\Util::isSharingDisabledForUser() || !\OC\Share\Share::isResharingAllowed()) { return false; } + return (bool)($this->getPermissions($path) & Constants::PERMISSION_SHARE); } @@ -370,7 +388,9 @@ public function getPermissions($path): int { $permissions = (int)$response['{http://open-collaboration-services.org/ns}share-permissions']; } elseif (isset($response['{http://open-cloud-mesh.org/ns}share-permissions'])) { // permissions provided by the OCM API - $permissions = $this->ocmPermissions2ncPermissions($response['{http://open-collaboration-services.org/ns}share-permissions'], $path); + $permissions = $this->ocmPermissions2ncPermissions( + $response['{http://open-collaboration-services.org/ns}share-permissions'], $path + ); } elseif (isset($response['{http://owncloud.org/ns}permissions'])) { return $this->parsePermissions($response['{http://owncloud.org/ns}permissions']); } else { @@ -390,6 +410,7 @@ public function needsPartFile() { * * @param string $ocmPermissions json encoded OCM permissions * @param string $path path to file + * * @return int */ protected function ocmPermissions2ncPermissions(string $ocmPermissions, string $path): int { diff --git a/build/files-checker.php b/build/files-checker.php index 0befaed968e22..ceb3367485cef 100644 --- a/build/files-checker.php +++ b/build/files-checker.php @@ -79,7 +79,6 @@ 'jest.config.ts', 'lib', 'occ', - 'ocm-provider', 'ocs', 'ocs-provider', 'package-lock.json', diff --git a/core/Controller/OCMController.php b/core/Controller/OCMController.php new file mode 100644 index 0000000000000..63c76267bd1ad --- /dev/null +++ b/core/Controller/OCMController.php @@ -0,0 +1,82 @@ + + * + * @author Maxence Lange + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + * + */ + +namespace OC\Core\Controller; + +use Exception; +use OCP\AppFramework\Controller; +use OCP\AppFramework\Http; +use OCP\AppFramework\Http\DataResponse; +use OCP\AppFramework\Http\Response; +use OCP\IConfig; +use OCP\IRequest; +use OCP\Server; +use Psr\Log\LoggerInterface; + +class OCMController extends Controller { + + public function __construct( + IRequest $request, + private IConfig $config, + private LoggerInterface $logger + ) { + parent::__construct('core', $request); + } + + /** + * @PublicPage + * @NoCSRFRequired + * + * @return Response + */ + public function discovery(): Response { + try { + $cap = Server::get( + $this->config->getAppValue( + 'core', + 'ocm_providers', + '\OCA\CloudFederationAPI\Capabilities' + ) + ); + + return new DataResponse( + $cap->getCapabilities()['ocm'] ?? ['enabled' => false], + Http::STATUS_OK, + [ + 'X-NEXTCLOUD-OCM-PROVIDERS' => true, + 'Content-Type' => 'application/json' + ] + ); + } catch (Exception $e) { + $this->logger->error('issue during OCM discovery request', ['exception' => $e]); + + return new DataResponse( + ['message' => '/ocm-provider/ not supported'], + Http::STATUS_NOT_FOUND + ); + } + } +} diff --git a/core/routes.php b/core/routes.php index 4790f32af3230..3ce1102a37f6b 100644 --- a/core/routes.php +++ b/core/routes.php @@ -13,6 +13,7 @@ * @author John Molakvoæ * @author Julius Härtl * @author Lukas Reschke + * @author Maxence Lange * @author Michael Weimann * @author Roeland Jago Douma * @author Thomas Müller @@ -103,6 +104,9 @@ // Well known requests https://tools.ietf.org/html/rfc5785 ['name' => 'WellKnown#handle', 'url' => '.well-known/{service}'], + // OCM Provider requests https://github.com/cs3org/OCM-API + ['name' => 'OCM#discovery', 'url' => '/ocm-provider/'], + // Unsupported browser ['name' => 'UnsupportedBrowser#index', 'url' => 'unsupported'], ], diff --git a/lib/composer/composer/autoload_classmap.php b/lib/composer/composer/autoload_classmap.php index 89ae83e83e455..66b747189bf74 100644 --- a/lib/composer/composer/autoload_classmap.php +++ b/lib/composer/composer/autoload_classmap.php @@ -1054,6 +1054,7 @@ 'OC\\Core\\Controller\\LostController' => $baseDir . '/core/Controller/LostController.php', 'OC\\Core\\Controller\\NavigationController' => $baseDir . '/core/Controller/NavigationController.php', 'OC\\Core\\Controller\\OCJSController' => $baseDir . '/core/Controller/OCJSController.php', + 'OC\\Core\\Controller\\OCMController' => $baseDir . '/core/Controller/OCMController.php', 'OC\\Core\\Controller\\OCSController' => $baseDir . '/core/Controller/OCSController.php', 'OC\\Core\\Controller\\PreviewController' => $baseDir . '/core/Controller/PreviewController.php', 'OC\\Core\\Controller\\ProfileApiController' => $baseDir . '/core/Controller/ProfileApiController.php', diff --git a/lib/composer/composer/autoload_static.php b/lib/composer/composer/autoload_static.php index 0480448a1b8ef..ed9f4700700e9 100644 --- a/lib/composer/composer/autoload_static.php +++ b/lib/composer/composer/autoload_static.php @@ -1087,6 +1087,7 @@ class ComposerStaticInit749170dad3f5e7f9ca158f5a9f04f6a2 'OC\\Core\\Controller\\LostController' => __DIR__ . '/../../..' . '/core/Controller/LostController.php', 'OC\\Core\\Controller\\NavigationController' => __DIR__ . '/../../..' . '/core/Controller/NavigationController.php', 'OC\\Core\\Controller\\OCJSController' => __DIR__ . '/../../..' . '/core/Controller/OCJSController.php', + 'OC\\Core\\Controller\\OCMController' => __DIR__ . '/../../..' . '/core/Controller/OCMController.php', 'OC\\Core\\Controller\\OCSController' => __DIR__ . '/../../..' . '/core/Controller/OCSController.php', 'OC\\Core\\Controller\\PreviewController' => __DIR__ . '/../../..' . '/core/Controller/PreviewController.php', 'OC\\Core\\Controller\\ProfileApiController' => __DIR__ . '/../../..' . '/core/Controller/ProfileApiController.php', diff --git a/lib/private/Federation/CloudFederationProviderManager.php b/lib/private/Federation/CloudFederationProviderManager.php index b11c4060ab4f2..fd5eb48f174dc 100644 --- a/lib/private/Federation/CloudFederationProviderManager.php +++ b/lib/private/Federation/CloudFederationProviderManager.php @@ -1,9 +1,13 @@ * * @author Bjoern Schiessle * @author Christoph Wurst + * @author Maxence Lange * * @license GNU AGPL version 3 or any later version * @@ -21,6 +25,7 @@ * along with this program. If not, see . * */ + namespace OC\Federation; use OC\AppFramework\Http; @@ -32,6 +37,7 @@ use OCP\Federation\ICloudFederationShare; use OCP\Federation\ICloudIdManager; use OCP\Http\Client\IClientService; +use OCP\IConfig; use Psr\Log\LoggerInterface; /** @@ -42,41 +48,21 @@ * @package OC\Federation */ class CloudFederationProviderManager implements ICloudFederationProviderManager { - /** @var array list of available cloud federation providers */ - private $cloudFederationProvider; - - /** @var IAppManager */ - private $appManager; - - /** @var IClientService */ - private $httpClientService; - - /** @var ICloudIdManager */ - private $cloudIdManager; - private LoggerInterface $logger; - - /** @var array cache OCM end-points */ - private $ocmEndPoints = []; - - private $supportedAPIVersion = '1.0-proposal1'; - - /** - * CloudFederationProviderManager constructor. - * - * @param IAppManager $appManager - * @param IClientService $httpClientService - * @param ICloudIdManager $cloudIdManager - */ - public function __construct(IAppManager $appManager, - IClientService $httpClientService, - ICloudIdManager $cloudIdManager, - LoggerInterface $logger) { - $this->cloudFederationProvider = []; - $this->appManager = $appManager; - $this->httpClientService = $httpClientService; - $this->cloudIdManager = $cloudIdManager; - $this->logger = $logger; + /** @var array list of available cloud federation providers */ + private array $cloudFederationProvider = []; + private array $ocmEndPoints = []; + private array $supportedAPIVersion = [ + '1.0-proposal1' + ]; + + public function __construct( + private IConfig $config, + private IAppManager $appManager, + private IClientService $httpClientService, + private ICloudIdManager $cloudIdManager, + private LoggerInterface $logger + ) { } @@ -107,7 +93,8 @@ public function removeCloudFederationProvider($providerId) { /** * get a list of all cloudFederationProviders * - * @return array [resourceType => ['resourceType' => $resourceType, 'displayName' => $displayName, 'callback' => callback]] + * @return array [resourceType => ['resourceType' => $resourceType, 'displayName' => $displayName, + * 'callback' => callback]] */ public function getAllCloudFederationProviders() { return $this->cloudFederationProvider; @@ -117,6 +104,7 @@ public function getAllCloudFederationProviders() { * get a specific cloud federation provider * * @param string $resourceType + * * @return ICloudFederationProvider * @throws ProviderDoesNotExistsException */ @@ -140,12 +128,14 @@ public function sendShare(ICloudFederationShare $share) { $response = $client->post($ocmEndPoint . '/shares', [ 'body' => json_encode($share->getShare()), 'headers' => ['content-type' => 'application/json'], + 'verify' => !$this->config->getSystemValueBool('sharing.federation.allowSelfSignedCertificates', false), 'timeout' => 10, 'connect_timeout' => 10, ]); if ($response->getStatusCode() === Http::STATUS_CREATED) { $result = json_decode($response->getBody(), true); + return (is_array($result)) ? $result : []; } } catch (\Exception $e) { @@ -165,6 +155,7 @@ public function sendShare(ICloudFederationShare $share) { /** * @param string $url * @param ICloudFederationNotification $notification + * * @return array|false */ public function sendNotification($url, ICloudFederationNotification $notification) { @@ -179,16 +170,21 @@ public function sendNotification($url, ICloudFederationNotification $notificatio $response = $client->post($ocmEndPoint . '/notifications', [ 'body' => json_encode($notification->getMessage()), 'headers' => ['content-type' => 'application/json'], + 'verify' => !$this->config->getSystemValueBool('sharing.federation.allowSelfSignedCertificates', false), 'timeout' => 10, 'connect_timeout' => 10, ]); if ($response->getStatusCode() === Http::STATUS_CREATED) { $result = json_decode($response->getBody(), true); + return (is_array($result)) ? $result : []; } } catch (\Exception $e) { // log the error and return false - $this->logger->error('error while sending notification for federated share: ' . $e->getMessage(), ['exception' => $e]); + $this->logger->error( + 'error while sending notification for federated share: ' . $e->getMessage(), + ['exception' => $e] + ); } return false; @@ -202,36 +198,40 @@ public function sendNotification($url, ICloudFederationNotification $notificatio public function isReady() { return $this->appManager->isEnabledForUser('cloud_federation_api'); } + /** * check if server supports the new OCM api and ask for the correct end-point * * @param string $url full base URL of the cloud server + * * @return string */ - protected function getOCMEndPoint($url) { - if (isset($this->ocmEndPoints[$url])) { + protected function getOCMEndPoint(string $url): string { + $url = rtrim($url, '/'); + if (array_key_exists($url, $this->ocmEndPoints)) { return $this->ocmEndPoints[$url]; } + $this->ocmEndPoints[$url] = ''; $client = $this->httpClientService->newClient(); try { - $response = $client->get($url . '/ocm-provider/', ['timeout' => 10, 'connect_timeout' => 10]); + $response = $client->get( + $url . '/ocm-provider/', + [ + 'timeout' => 10, + 'connect_timeout' => 10, + 'verify' => !$this->config->getSystemValueBool('sharing.federation.allowSelfSignedCertificates', false) + ] + ); + $result = $response->getBody(); + $result = json_decode($result, true); + + if (in_array($result['apiVersion'] ?? '', $this->supportedAPIVersion)) { + $this->ocmEndPoints[$url] = $result['endPoint'] ?? ''; + } } catch (\Exception $e) { - $this->ocmEndPoints[$url] = ''; - return ''; - } - - $result = $response->getBody(); - $result = json_decode($result, true); - - $supportedVersion = isset($result['apiVersion']) && $result['apiVersion'] === $this->supportedAPIVersion; - - if (isset($result['endPoint']) && $supportedVersion) { - $this->ocmEndPoints[$url] = $result['endPoint']; - return $result['endPoint']; } - $this->ocmEndPoints[$url] = ''; - return ''; + return $this->ocmEndPoints[$url]; } } diff --git a/lib/private/OCM/Model/OCMProvider.php b/lib/private/OCM/Model/OCMProvider.php new file mode 100644 index 0000000000000..e05930a07746f --- /dev/null +++ b/lib/private/OCM/Model/OCMProvider.php @@ -0,0 +1,212 @@ + + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + * + */ + +namespace OC\OCM\Model; + +use JsonSerializable; +use OCP\OCM\Exceptions\OCMArgumentException; +use OCP\OCM\IOCMProvider; + +class OCMProvider implements IOCMProvider, JsonSerializable { + private string $url; + private bool $enabled = false; + private string $apiVersion = ''; + private string $endPoint = ''; + /** @var OCMResource[] */ + private array $resourceTypes = []; + + public function __construct(string $url = '') { + $this->url = $url; + } + + public function getUrl(): string { + return $this->url; + } + + /** + * @param bool $enabled + * + * @return OCMProvider + */ + public function setEnabled(bool $enabled): self { + $this->enabled = $enabled; + + return $this; + } + + /** + * @return bool + */ + public function isEnabled(): bool { + return $this->enabled; + } + + /** + * @param string $apiVersion + */ + public function setApiVersion(string $apiVersion): self { + $this->apiVersion = $apiVersion; + + return $this; + } + + /** + * @return string + */ + public function getApiVersion(): string { + return $this->apiVersion; + } + + /** + * @param string $endPoint + */ + public function setEndPoint(string $endPoint): self { + if ($this->isSafeUrl($endPoint)) { + $this->endPoint = $endPoint; + } + + return $this; + } + + /** + * @return string + */ + public function getEndPoint(): string { + return $this->endPoint; + } + + /** + * @param OCMResource[] $resourceTypes + * + * @return OCMProvider + */ + public function setResourceTypes(array $resourceTypes): self { + $this->resourceTypes = $resourceTypes; + + return $this; + } + + /** + * @return OCMResource[] + */ + public function getResourceTypes(): array { + return $this->resourceTypes; + } + + /** + * @return bool + */ + public function looksValid(): bool { + if ($this->getUrl() !== '' + && parse_url($this->getUrl(), PHP_URL_HOST) !== + parse_url($this->getEndPoint(), PHP_URL_HOST)) { + return false; + } + + return ($this->getApiVersion() !== '' && $this->getEndPoint() !== ''); + } + + /** + * @param string $url + * + * @return bool + */ + protected function isSafeUrl(string $url): bool { + return (bool)preg_match('/^[\/\.\-A-Za-z0-9]+$/', $url); + } + + /** + * @param string $resourceName + * @param string $protocol + * + * @return string + * @throws OCMArgumentException + */ + public function extractProtocolUrl(string $resourceName, string $protocol): string { + $url = $this->extractProtocolEntry($resourceName, $protocol); + if (!$this->isSafeUrl($url)) { + throw new OCMArgumentException('url does not looks safe'); + } + + return $url; + } + + /** + * @param string $resourceName + * @param string $protocol + * + * @return string + * @throws OCMArgumentException + */ + public function extractProtocolEntry(string $resourceName, string $protocol): string { + foreach ($this->getResourceTypes() as $resource) { + if ($resource->getName() === $resourceName) { + $entry = $resource->getProtocols()[$protocol] ?? null; + if (is_null($entry)) { + throw new OCMArgumentException('protocol not found'); + } + + return (string)$entry; + } + } + + throw new OCMArgumentException('resource not found'); + } + + /** + * import data from an array + * + * @param array|null $data + * + * @return self + * @see self::jsonSerialize() + */ + public function import(?array $data): self { + if (is_null($data)) { + return $this; + } + + $this->setEnabled(is_bool($data['enabled'] ?? '') ? $data['enabled'] : false) + ->setApiVersion((string)$data['apiVersion'] ?? '') + ->setEndPoint($data['endPoint'] ?? ''); + + $resources = []; + foreach (($data['resourceTypes'] ?? []) as $resourceData) { + $resource = new OCMResource(); + $resources[] = $resource->import($resourceData); + } + $this->setResourceTypes($resources); + + return $this; + } + + public function jsonSerialize(): array { + return [ + 'enabled' => $this->isEnabled(), + 'apiVersion' => $this->getApiVersion(), + 'endPoint' => $this->getEndPoint(), + 'resourceTypes' => $this->getResourceTypes() + ]; + } +} diff --git a/lib/private/OCM/Model/OCMResource.php b/lib/private/OCM/Model/OCMResource.php new file mode 100644 index 0000000000000..1a2a1a2e592d3 --- /dev/null +++ b/lib/private/OCM/Model/OCMResource.php @@ -0,0 +1,110 @@ + + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + * + */ + +namespace OC\OCM\Model; + +use JsonSerializable; +use OCP\OCM\IOCMResource; + +class OCMResource implements IOCMResource, JsonSerializable { + private string $name = ''; + private array $shareTypes = []; + private array $protocols = []; + + /** + * @param string $name + * + * @return OCMResource + */ + public function setName(string $name): self { + $this->name = $name; + + return $this; + } + + /** + * @return string + */ + public function getName(): string { + return $this->name; + } + + /** + * @param array $shareTypes + * + * @return OCMResource + */ + public function setShareTypes(array $shareTypes): self { + $this->shareTypes = $shareTypes; + + return $this; + } + + /** + * @return array + */ + public function getShareTypes(): array { + return $this->shareTypes; + } + + /** + * @param array $protocols + * + * @return $this + */ + public function setProtocols(array $protocols): self { + $this->protocols = $protocols; + + return $this; + } + + /** + * @return array + */ + public function getProtocols(): array { + return $this->protocols; + } + + /** + * import data from an array + * + * @see self::jsonSerialize() + * @param array $data + * + * @return self + */ + public function import(array $data): self { + return $this->setName((string)$data['name'] ?? '') + ->setShareTypes($data['shareTypes'] ?? []) + ->setProtocols($data['protocols'] ?? []); + } + + public function jsonSerialize(): array { + return [ + 'name' => $this->getName(), + 'shareTypes' => $this->getShareTypes(), + 'protocols' => $this->getProtocols() + ]; + } +} diff --git a/lib/private/OCM/OCMDiscoveryService.php b/lib/private/OCM/OCMDiscoveryService.php new file mode 100644 index 0000000000000..df0172b14185f --- /dev/null +++ b/lib/private/OCM/OCMDiscoveryService.php @@ -0,0 +1,110 @@ + + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + * + */ + +namespace OC\OCM; + +use OC\OCM\Model\OCMProvider; +use OCP\AppFramework\Http; +use OCP\Http\Client\IClientService; +use OCP\ICache; +use OCP\ICacheFactory; +use OCP\IConfig; +use OCP\OCM\Exceptions\OCMProviderException; +use OCP\OCM\IOCMDiscoveryService; +use OCP\OCM\IOCMProvider; +use Psr\Log\LoggerInterface; + +class OCMDiscoveryService implements IOCMDiscoveryService { + private ICache $cache; + + public function __construct( + ICacheFactory $cacheFactory, + private IClientService $clientService, + private IConfig $config, + private LoggerInterface $logger + ) { + $this->cache = $cacheFactory->createDistributed('ocm-discovery'); + } + + + /** + * @param string $remote + * @param bool $skipCache + * + * @return IOCMProvider + * @throws OCMProviderException + */ + public function discover(string $remote, bool $skipCache = false): IOCMProvider { + $remote = rtrim($remote, '/'); + $provider = new OCMProvider($remote); + + if (!$skipCache) { + $provider->import(json_decode($this->cache->get($remote) ?? '', true)); + if ($provider->looksValid()) { + return $provider; // if cache looks valid, we use it + } + } + + $client = $this->clientService->newClient(); + try { + $response = $client->get( + $remote . '/ocm-provider/', + [ + 'timeout' => 10, + 'verify' => !$this->config->getSystemValueBool('sharing.federation.allowSelfSignedCertificates'), + 'connect_timeout' => 10, + ] + ); + + if ($response->getStatusCode() === Http::STATUS_OK) { + $body = $response->getBody(); + $provider->import(json_decode($body, true)); + $this->cache->set($remote, $body, 60 * 60 * 24); + } + } catch (\Exception $e) { + $this->logger->warning('error while discovering ocm provider', [ + 'exception' => $e, + 'remote' => $remote + ]); + } + + if (!$provider->looksValid()) { + throw new OCMProviderException('remote provider does not look valid'); + } + + return $provider; + } + + /** + * Returns whether the specified URL includes only safe characters, if not + * returns false + * + * @param string $url + * + * @return bool + */ + protected function isSafeUrl(string $url): bool { + return (bool)preg_match('/^[\/\.\-A-Za-z0-9]+$/', $url); + } +} diff --git a/lib/private/OCS/DiscoveryService.php b/lib/private/OCS/DiscoveryService.php index 8f98ff7d5aeb7..1cec0f7717e3b 100644 --- a/lib/private/OCS/DiscoveryService.php +++ b/lib/private/OCS/DiscoveryService.php @@ -75,7 +75,6 @@ public function discover(string $remote, string $service, bool $skipCache = fals } } } - $discoveredServices = []; // query the remote server for available services diff --git a/lib/private/Server.php b/lib/private/Server.php index 03c03e1b6ed4a..ae6e98f399fb8 100644 --- a/lib/private/Server.php +++ b/lib/private/Server.php @@ -125,6 +125,7 @@ use OC\Metadata\IMetadataManager; use OC\Metadata\MetadataManager; use OC\Notification\Manager; +use OC\OCM\OCMDiscoveryService; use OC\OCS\DiscoveryService; use OC\Preview\GeneratorHelper; use OC\Preview\IMagickSupport; @@ -235,6 +236,7 @@ use OCP\Lockdown\ILockdownManager; use OCP\Log\ILogFactory; use OCP\Mail\IMailer; +use OCP\OCM\IOCMDiscoveryService; use OCP\Remote\Api\IApiFactory; use OCP\Remote\IInstanceFactory; use OCP\RichObjectStrings\IValidator; @@ -1364,6 +1366,7 @@ public function __construct($webRoot, \OC\Config $config) { $c->get(IClientService::class) ); }); + $this->registerAlias(IOCMDiscoveryService::class, OCMDiscoveryService::class); $this->registerService(ICloudIdManager::class, function (ContainerInterface $c) { return new CloudIdManager( @@ -1379,6 +1382,7 @@ public function __construct($webRoot, \OC\Config $config) { $this->registerService(ICloudFederationProviderManager::class, function (ContainerInterface $c) { return new CloudFederationProviderManager( + $c->get(\OCP\IConfig::class), $c->get(IAppManager::class), $c->get(IClientService::class), $c->get(ICloudIdManager::class), diff --git a/lib/public/OCM/Exceptions/OCMArgumentException.php b/lib/public/OCM/Exceptions/OCMArgumentException.php new file mode 100644 index 0000000000000..8a3f1c03fee82 --- /dev/null +++ b/lib/public/OCM/Exceptions/OCMArgumentException.php @@ -0,0 +1,31 @@ + + * + * @author Maxence Lange + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + * + */ +namespace OCP\OCM\Exceptions; + +use Exception; + +class OCMArgumentException extends Exception { +} diff --git a/lib/public/OCM/Exceptions/OCMProviderException.php b/lib/public/OCM/Exceptions/OCMProviderException.php new file mode 100644 index 0000000000000..3257177d0049e --- /dev/null +++ b/lib/public/OCM/Exceptions/OCMProviderException.php @@ -0,0 +1,31 @@ + + * + * @author Maxence Lange + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + * + */ +namespace OCP\OCM\Exceptions; + +use Exception; + +class OCMProviderException extends Exception { +} diff --git a/lib/public/OCM/IOCMDiscoveryService.php b/lib/public/OCM/IOCMDiscoveryService.php new file mode 100644 index 0000000000000..099180095e169 --- /dev/null +++ b/lib/public/OCM/IOCMDiscoveryService.php @@ -0,0 +1,50 @@ + + * + * @author Maxence Lange + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + * + */ + +namespace OCP\OCM; + +use OCP\OCM\Exceptions\OCMProviderException; + +/** + * Discover remote OCM services + * + * @since 28.0.0 + */ +interface IOCMDiscoveryService { + /** + * Discover remote OCM services + * + * If no valid discovery data is found the defaults are returned + * + * @param string $remote + * @param bool $skipCache + * + * @return IOCMProvider + * @throws OCMProviderException + * @since 28.0.0 + */ + public function discover(string $remote, bool $skipCache = false): IOCMProvider; +} diff --git a/lib/public/OCM/IOCMProvider.php b/lib/public/OCM/IOCMProvider.php new file mode 100644 index 0000000000000..8dfba533c7409 --- /dev/null +++ b/lib/public/OCM/IOCMProvider.php @@ -0,0 +1,121 @@ + + * + * @author Maxence Lange + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + * + */ + +namespace OCP\OCM; + +use OC\OCM\Model\OCMResource; +use OCP\OCM\Exceptions\OCMArgumentException; + +/** + * @since 28.0.0 + */ +interface IOCMProvider { + + /** + * @return string + */ + public function getUrl(): string; + + /** + * @param bool $enabled + * + * @return self + */ + public function setEnabled(bool $enabled): self; + + /** + * @return bool + */ + public function isEnabled(): bool; + + /** + * @param string $apiVersion + * + * @return self + */ + public function setApiVersion(string $apiVersion): self; + + /** + * @return string + */ + public function getApiVersion(): string; + + /** + * @param string $endPoint + * + * @return self + */ + public function setEndPoint(string $endPoint): self; + + /** + * @return string + */ + public function getEndPoint(): string; + + /** + * @param OCMResource[] $resourceTypes + * + * @return self + */ + public function setResourceTypes(array $resourceTypes): self; + + /** + * @return IOCMResource[] + */ + public function getResourceTypes(): array; + + /** + * @return bool + */ + public function looksValid(): bool; + + /** + * @param string $resourceName + * @param string $protocol + * + * @return string + * @throws OCMArgumentException + */ + public function extractProtocolUrl(string $resourceName, string $protocol): string; + + /** + * @param string $resourceName + * @param string $protocol + * + * @return string + * @throws OCMArgumentException + */ + public function extractProtocolEntry(string $resourceName, string $protocol): string; + + /** + * import data from an array + * + * @param array $data + * + * @return self + */ + public function import(array $data): self; +} diff --git a/lib/public/OCM/IOCMResource.php b/lib/public/OCM/IOCMResource.php new file mode 100644 index 0000000000000..d3c401a9ff6e2 --- /dev/null +++ b/lib/public/OCM/IOCMResource.php @@ -0,0 +1,80 @@ + + * + * @author Maxence Lange + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + * + */ + +namespace OCP\OCM; + +/** + * @since 28.0.0 + */ +interface IOCMResource { + + /** + * @param string $name + * + * @return self + */ + public function setName(string $name): self; + + /** + * @return string + */ + public function getName(): string; + + /** + * @param array $shareTypes + * + * @return self + */ + public function setShareTypes(array $shareTypes): self; + + /** + * @return array + */ + public function getShareTypes(): array; + + /** + * @param array $protocols + * + * @return self + */ + public function setProtocols(array $protocols): self; + + /** + * @return array + */ + public function getProtocols(): array; + + /** + * import data from an array + * + * @param array $data + * + * @return self + */ + public function import(array $data): self; + + +} diff --git a/ocm-provider/index.php b/ocm-provider/index.php deleted file mode 100644 index 1b90fd5366560..0000000000000 --- a/ocm-provider/index.php +++ /dev/null @@ -1,40 +0,0 @@ - - * - * @license GNU AGPL version 3 or any later version - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as - * published by the Free Software Foundation, either version 3 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see . - * - */ - - -require_once __DIR__ . '/../lib/base.php'; - -header('Content-Type: application/json'); - -$server = \OC::$server; - -$isEnabled = $server->getAppManager()->isEnabledForUser('cloud_federation_api'); - -if ($isEnabled) { - // Make sure the routes are loaded - \OC_App::loadApp('cloud_federation_api'); - $capabilities = new OCA\CloudFederationAPI\Capabilities($server->getURLGenerator()); - header('Content-Type: application/json'); - echo json_encode($capabilities->getCapabilities()['ocm']); -} else { - header($_SERVER["SERVER_PROTOCOL"]." 501 Not Implemented", true, 501); - exit("501 Not Implemented"); -} diff --git a/psalm.xml b/psalm.xml index 87cecf3e2d294..075e5e538bc4d 100644 --- a/psalm.xml +++ b/psalm.xml @@ -43,7 +43,6 @@ -