Dolibarr / dolibarr

htdocs/includes/sabre/sabre/dav/lib/DAV/Locks/Plugin.php

Indentation +523 added lines, -523 removed lines

@@ -24,527 +24,527 @@
  */
 class Plugin extends DAV\ServerPlugin
 {
-    /**
-     * locksBackend.
-     *
-     * @var Backend\BackendInterface
-     */
-    protected $locksBackend;
-
-    /**
-     * server.
-     *
-     * @var DAV\Server
-     */
-    protected $server;
-
-    /**
-     * __construct.
-     */
-    public function __construct(Backend\BackendInterface $locksBackend)
-    {
-        $this->locksBackend = $locksBackend;
-    }
-
-    /**
-     * Initializes the plugin.
-     *
-     * This method is automatically called by the Server class after addPlugin.
-     */
-    public function initialize(DAV\Server $server)
-    {
-        $this->server = $server;
-
-        $this->server->xml->elementMap['{DAV:}lockinfo'] = 'Sabre\\DAV\\Xml\\Request\\Lock';
-
-        $server->on('method:LOCK', [$this, 'httpLock']);
-        $server->on('method:UNLOCK', [$this, 'httpUnlock']);
-        $server->on('validateTokens', [$this, 'validateTokens']);
-        $server->on('propFind', [$this, 'propFind']);
-        $server->on('afterUnbind', [$this, 'afterUnbind']);
-    }
-
-    /**
-     * Returns a plugin name.
-     *
-     * Using this name other plugins will be able to access other plugins
-     * using Sabre\DAV\Server::getPlugin
-     *
-     * @return string
-     */
-    public function getPluginName()
-    {
-        return 'locks';
-    }
-
-    /**
-     * This method is called after most properties have been found
-     * it allows us to add in any Lock-related properties.
-     */
-    public function propFind(DAV\PropFind $propFind, DAV\INode $node)
-    {
-        $propFind->handle('{DAV:}supportedlock', function () {
-            return new DAV\Xml\Property\SupportedLock();
-        });
-        $propFind->handle('{DAV:}lockdiscovery', function () use ($propFind) {
-            return new DAV\Xml\Property\LockDiscovery(
-                $this->getLocks($propFind->getPath())
-            );
-        });
-    }
-
-    /**
-     * Use this method to tell the server this plugin defines additional
-     * HTTP methods.
-     *
-     * This method is passed a uri. It should only return HTTP methods that are
-     * available for the specified uri.
-     *
-     * @param string $uri
-     *
-     * @return array
-     */
-    public function getHTTPMethods($uri)
-    {
-        return ['LOCK', 'UNLOCK'];
-    }
-
-    /**
-     * Returns a list of features for the HTTP OPTIONS Dav: header.
-     *
-     * In this case this is only the number 2. The 2 in the Dav: header
-     * indicates the server supports locks.
-     *
-     * @return array
-     */
-    public function getFeatures()
-    {
-        return [2];
-    }
-
-    /**
-     * Returns all lock information on a particular uri.
-     *
-     * This function should return an array with Sabre\DAV\Locks\LockInfo objects. If there are no locks on a file, return an empty array.
-     *
-     * Additionally there is also the possibility of locks on parent nodes, so we'll need to traverse every part of the tree
-     * If the $returnChildLocks argument is set to true, we'll also traverse all the children of the object
-     * for any possible locks and return those as well.
-     *
-     * @param string $uri
-     * @param bool   $returnChildLocks
-     *
-     * @return array
-     */
-    public function getLocks($uri, $returnChildLocks = false)
-    {
-        return $this->locksBackend->getLocks($uri, $returnChildLocks);
-    }
-
-    /**
-     * Locks an uri.
-     *
-     * The WebDAV lock request can be operated to either create a new lock on a file, or to refresh an existing lock
-     * If a new lock is created, a full XML body should be supplied, containing information about the lock such as the type
-     * of lock (shared or exclusive) and the owner of the lock
-     *
-     * If a lock is to be refreshed, no body should be supplied and there should be a valid If header containing the lock
-     *
-     * Additionally, a lock can be requested for a non-existent file. In these case we're obligated to create an empty file as per RFC4918:S7.3
-     *
-     * @return bool
-     */
-    public function httpLock(RequestInterface $request, ResponseInterface $response)
-    {
-        $uri = $request->getPath();
-
-        $existingLocks = $this->getLocks($uri);
-
-        if ($body = $request->getBodyAsString()) {
-            // This is a new lock request
-
-            $existingLock = null;
-            // Checking if there's already non-shared locks on the uri.
-            foreach ($existingLocks as $existingLock) {
-                if (LockInfo::EXCLUSIVE === $existingLock->scope) {
-                    throw new DAV\Exception\ConflictingLock($existingLock);
-                }
-            }
-
-            $lockInfo = $this->parseLockRequest($body);
-            $lockInfo->depth = $this->server->getHTTPDepth();
-            $lockInfo->uri = $uri;
-            if ($existingLock && LockInfo::SHARED != $lockInfo->scope) {
-                throw new DAV\Exception\ConflictingLock($existingLock);
-            }
-        } else {
-            // Gonna check if this was a lock refresh.
-            $existingLocks = $this->getLocks($uri);
-            $conditions = $this->server->getIfConditions($request);
-            $found = null;
-
-            foreach ($existingLocks as $existingLock) {
-                foreach ($conditions as $condition) {
-                    foreach ($condition['tokens'] as $token) {
-                        if ($token['token'] === 'opaquelocktoken:'.$existingLock->token) {
-                            $found = $existingLock;
-                            break 3;
-                        }
-                    }
-                }
-            }
-
-            // If none were found, this request is in error.
-            if (is_null($found)) {
-                if ($existingLocks) {
-                    throw new DAV\Exception\Locked(reset($existingLocks));
-                } else {
-                    throw new DAV\Exception\BadRequest('An xml body is required for lock requests');
-                }
-            }
-
-            // This must have been a lock refresh
-            $lockInfo = $found;
-
-            // The resource could have been locked through another uri.
-            if ($uri != $lockInfo->uri) {
-                $uri = $lockInfo->uri;
-            }
-        }
-
-        if ($timeout = $this->getTimeoutHeader()) {
-            $lockInfo->timeout = $timeout;
-        }
-
-        $newFile = false;
-
-        // If we got this far.. we should go check if this node actually exists. If this is not the case, we need to create it first
-        try {
-            $this->server->tree->getNodeForPath($uri);
-
-            // We need to call the beforeWriteContent event for RFC3744
-            // Edit: looks like this is not used, and causing problems now.
-            //
-            // See Issue 222
-            // $this->server->emit('beforeWriteContent',array($uri));
-        } catch (DAV\Exception\NotFound $e) {
-            // It didn't, lets create it
-            $this->server->createFile($uri, fopen('php://memory', 'r'));
-            $newFile = true;
-        }
-
-        $this->lockNode($uri, $lockInfo);
-
-        $response->setHeader('Content-Type', 'application/xml; charset=utf-8');
-        $response->setHeader('Lock-Token', '<opaquelocktoken:'.$lockInfo->token.'>');
-        $response->setStatus($newFile ? 201 : 200);
-        $response->setBody($this->generateLockResponse($lockInfo));
-
-        // Returning false will interrupt the event chain and mark this method
-        // as 'handled'.
-        return false;
-    }
-
-    /**
-     * Unlocks a uri.
-     *
-     * This WebDAV method allows you to remove a lock from a node. The client should provide a valid locktoken through the Lock-token http header
-     * The server should return 204 (No content) on success
-     */
-    public function httpUnlock(RequestInterface $request, ResponseInterface $response)
-    {
-        $lockToken = $request->getHeader('Lock-Token');
-
-        // If the locktoken header is not supplied, we need to throw a bad request exception
-        if (!$lockToken) {
-            throw new DAV\Exception\BadRequest('No lock token was supplied');
-        }
-        $path = $request->getPath();
-        $locks = $this->getLocks($path);
-
-        // Windows sometimes forgets to include < and > in the Lock-Token
-        // header
-        if ('<' !== $lockToken[0]) {
-            $lockToken = '<'.$lockToken.'>';
-        }
-
-        foreach ($locks as $lock) {
-            if ('<opaquelocktoken:'.$lock->token.'>' == $lockToken) {
-                $this->unlockNode($path, $lock);
-                $response->setHeader('Content-Length', '0');
-                $response->setStatus(204);
-
-                // Returning false will break the method chain, and mark the
-                // method as 'handled'.
-                return false;
-            }
-        }
-
-        // If we got here, it means the locktoken was invalid
-        throw new DAV\Exception\LockTokenMatchesRequestUri();
-    }
-
-    /**
-     * This method is called after a node is deleted.
-     *
-     * We use this event to clean up any locks that still exist on the node.
-     *
-     * @param string $path
-     */
-    public function afterUnbind($path)
-    {
-        $locks = $this->getLocks($path, $includeChildren = true);
-        foreach ($locks as $lock) {
-            // don't delete a lock on a parent dir
-            if (0 !== strpos($lock->uri, $path)) {
-                continue;
-            }
-            $this->unlockNode($path, $lock);
-        }
-    }
-
-    /**
-     * Locks a uri.
-     *
-     * All the locking information is supplied in the lockInfo object. The object has a suggested timeout, but this can be safely ignored
-     * It is important that if the existing timeout is ignored, the property is overwritten, as this needs to be sent back to the client
-     *
-     * @param string $uri
-     *
-     * @return bool
-     */
-    public function lockNode($uri, LockInfo $lockInfo)
-    {
-        if (!$this->server->emit('beforeLock', [$uri, $lockInfo])) {
-            return;
-        }
-
-        return $this->locksBackend->lock($uri, $lockInfo);
-    }
-
-    /**
-     * Unlocks a uri.
-     *
-     * This method removes a lock from a uri. It is assumed all the supplied information is correct and verified
-     *
-     * @param string $uri
-     *
-     * @return bool
-     */
-    public function unlockNode($uri, LockInfo $lockInfo)
-    {
-        if (!$this->server->emit('beforeUnlock', [$uri, $lockInfo])) {
-            return;
-        }
-
-        return $this->locksBackend->unlock($uri, $lockInfo);
-    }
-
-    /**
-     * Returns the contents of the HTTP Timeout header.
-     *
-     * The method formats the header into an integer.
-     *
-     * @return int
-     */
-    public function getTimeoutHeader()
-    {
-        $header = $this->server->httpRequest->getHeader('Timeout');
-
-        if ($header) {
-            if (0 === stripos($header, 'second-')) {
-                $header = (int) (substr($header, 7));
-            } elseif (0 === stripos($header, 'infinite')) {
-                $header = LockInfo::TIMEOUT_INFINITE;
-            } else {
-                throw new DAV\Exception\BadRequest('Invalid HTTP timeout header');
-            }
-        } else {
-            $header = 0;
-        }
-
-        return $header;
-    }
-
-    /**
-     * Generates the response for successful LOCK requests.
-     *
-     * @return string
-     */
-    protected function generateLockResponse(LockInfo $lockInfo)
-    {
-        return $this->server->xml->write('{DAV:}prop', [
-            '{DAV:}lockdiscovery' => new DAV\Xml\Property\LockDiscovery([$lockInfo]),
-        ], $this->server->getBaseUri());
-    }
-
-    /**
-     * The validateTokens event is triggered before every request.
-     *
-     * It's a moment where this plugin can check all the supplied lock tokens
-     * in the If: header, and check if they are valid.
-     *
-     * In addition, it will also ensure that it checks any missing lokens that
-     * must be present in the request, and reject requests without the proper
-     * tokens.
-     *
-     * @param mixed $conditions
-     */
-    public function validateTokens(RequestInterface $request, &$conditions)
-    {
-        // First we need to gather a list of locks that must be satisfied.
-        $mustLocks = [];
-        $method = $request->getMethod();
-
-        // Methods not in that list are operations that doesn't alter any
-        // resources, and we don't need to check the lock-states for.
-        switch ($method) {
-            case 'DELETE':
-                $mustLocks = array_merge($mustLocks, $this->getLocks(
-                    $request->getPath(),
-                    true
-                ));
-                break;
-            case 'MKCOL':
-            case 'MKCALENDAR':
-            case 'PROPPATCH':
-            case 'PUT':
-            case 'PATCH':
-                $mustLocks = array_merge($mustLocks, $this->getLocks(
-                    $request->getPath(),
-                    false
-                ));
-                break;
-            case 'MOVE':
-                $mustLocks = array_merge($mustLocks, $this->getLocks(
-                    $request->getPath(),
-                    true
-                ));
-                $mustLocks = array_merge($mustLocks, $this->getLocks(
-                    $this->server->calculateUri($request->getHeader('Destination')),
-                    false
-                ));
-                break;
-            case 'COPY':
-                $mustLocks = array_merge($mustLocks, $this->getLocks(
-                    $this->server->calculateUri($request->getHeader('Destination')),
-                    false
-                ));
-                break;
-            case 'LOCK':
-                //Temporary measure.. figure out later why this is needed
-                // Here we basically ignore all incoming tokens...
-                foreach ($conditions as $ii => $condition) {
-                    foreach ($condition['tokens'] as $jj => $token) {
-                        $conditions[$ii]['tokens'][$jj]['validToken'] = true;
-                    }
-                }
-
-                return;
-        }
-
-        // It's possible that there's identical locks, because of shared
-        // parents. We're removing the duplicates here.
-        $tmp = [];
-        foreach ($mustLocks as $lock) {
-            $tmp[$lock->token] = $lock;
-        }
-        $mustLocks = array_values($tmp);
-
-        foreach ($conditions as $kk => $condition) {
-            foreach ($condition['tokens'] as $ii => $token) {
-                // Lock tokens always start with opaquelocktoken:
-                if ('opaquelocktoken:' !== substr($token['token'], 0, 16)) {
-                    continue;
-                }
-
-                $checkToken = substr($token['token'], 16);
-                // Looping through our list with locks.
-                foreach ($mustLocks as $jj => $mustLock) {
-                    if ($mustLock->token == $checkToken) {
-                        // We have a match!
-                        // Removing this one from mustlocks
-                        unset($mustLocks[$jj]);
-
-                        // Marking the condition as valid.
-                        $conditions[$kk]['tokens'][$ii]['validToken'] = true;
-
-                        // Advancing to the next token
-                        continue 2;
-                    }
-                }
-
-                // If we got here, it means that there was a
-                // lock-token, but it was not in 'mustLocks'.
-                //
-                // This is an edge-case, as it could mean that token
-                // was specified with a url that was not 'required' to
-                // check. So we're doing one extra lookup to make sure
-                // we really don't know this token.
-                //
-                // This also gets triggered when the user specified a
-                // lock-token that was expired.
-                $oddLocks = $this->getLocks($condition['uri']);
-                foreach ($oddLocks as $oddLock) {
-                    if ($oddLock->token === $checkToken) {
-                        // We have a hit!
-                        $conditions[$kk]['tokens'][$ii]['validToken'] = true;
-                        continue 2;
-                    }
-                }
-
-                // If we get all the way here, the lock-token was
-                // really unknown.
-            }
-        }
-
-        // If there's any locks left in the 'mustLocks' array, it means that
-        // the resource was locked and we must block it.
-        if ($mustLocks) {
-            throw new DAV\Exception\Locked(reset($mustLocks));
-        }
-    }
-
-    /**
-     * Parses a webdav lock xml body, and returns a new Sabre\DAV\Locks\LockInfo object.
-     *
-     * @param string $body
-     *
-     * @return LockInfo
-     */
-    protected function parseLockRequest($body)
-    {
-        $result = $this->server->xml->expect(
-            '{DAV:}lockinfo',
-            $body
-        );
-
-        $lockInfo = new LockInfo();
-
-        $lockInfo->owner = $result->owner;
-        $lockInfo->token = DAV\UUIDUtil::getUUID();
-        $lockInfo->scope = $result->scope;
-
-        return $lockInfo;
-    }
-
-    /**
-     * Returns a bunch of meta-data about the plugin.
-     *
-     * Providing this information is optional, and is mainly displayed by the
-     * Browser plugin.
-     *
-     * The description key in the returned array may contain html and will not
-     * be sanitized.
-     *
-     * @return array
-     */
-    public function getPluginInfo()
-    {
-        return [
-            'name' => $this->getPluginName(),
-            'description' => 'The locks plugin turns this server into a class-2 WebDAV server and adds support for LOCK and UNLOCK',
-            'link' => 'http://sabre.io/dav/locks/',
-        ];
-    }
+	/**
+	 * locksBackend.
+	 *
+	 * @var Backend\BackendInterface
+	 */
+	protected $locksBackend;
+
+	/**
+	 * server.
+	 *
+	 * @var DAV\Server
+	 */
+	protected $server;
+
+	/**
+	 * __construct.
+	 */
+	public function __construct(Backend\BackendInterface $locksBackend)
+	{
+		$this->locksBackend = $locksBackend;
+	}
+
+	/**
+	 * Initializes the plugin.
+	 *
+	 * This method is automatically called by the Server class after addPlugin.
+	 */
+	public function initialize(DAV\Server $server)
+	{
+		$this->server = $server;
+
+		$this->server->xml->elementMap['{DAV:}lockinfo'] = 'Sabre\\DAV\\Xml\\Request\\Lock';
+
+		$server->on('method:LOCK', [$this, 'httpLock']);
+		$server->on('method:UNLOCK', [$this, 'httpUnlock']);
+		$server->on('validateTokens', [$this, 'validateTokens']);
+		$server->on('propFind', [$this, 'propFind']);
+		$server->on('afterUnbind', [$this, 'afterUnbind']);
+	}
+
+	/**
+	 * Returns a plugin name.
+	 *
+	 * Using this name other plugins will be able to access other plugins
+	 * using Sabre\DAV\Server::getPlugin
+	 *
+	 * @return string
+	 */
+	public function getPluginName()
+	{
+		return 'locks';
+	}
+
+	/**
+	 * This method is called after most properties have been found
+	 * it allows us to add in any Lock-related properties.
+	 */
+	public function propFind(DAV\PropFind $propFind, DAV\INode $node)
+	{
+		$propFind->handle('{DAV:}supportedlock', function () {
+			return new DAV\Xml\Property\SupportedLock();
+		});
+		$propFind->handle('{DAV:}lockdiscovery', function () use ($propFind) {
+			return new DAV\Xml\Property\LockDiscovery(
+				$this->getLocks($propFind->getPath())
+			);
+		});
+	}
+
+	/**
+	 * Use this method to tell the server this plugin defines additional
+	 * HTTP methods.
+	 *
+	 * This method is passed a uri. It should only return HTTP methods that are
+	 * available for the specified uri.
+	 *
+	 * @param string $uri
+	 *
+	 * @return array
+	 */
+	public function getHTTPMethods($uri)
+	{
+		return ['LOCK', 'UNLOCK'];
+	}
+
+	/**
+	 * Returns a list of features for the HTTP OPTIONS Dav: header.
+	 *
+	 * In this case this is only the number 2. The 2 in the Dav: header
+	 * indicates the server supports locks.
+	 *
+	 * @return array
+	 */
+	public function getFeatures()
+	{
+		return [2];
+	}
+
+	/**
+	 * Returns all lock information on a particular uri.
+	 *
+	 * This function should return an array with Sabre\DAV\Locks\LockInfo objects. If there are no locks on a file, return an empty array.
+	 *
+	 * Additionally there is also the possibility of locks on parent nodes, so we'll need to traverse every part of the tree
+	 * If the $returnChildLocks argument is set to true, we'll also traverse all the children of the object
+	 * for any possible locks and return those as well.
+	 *
+	 * @param string $uri
+	 * @param bool   $returnChildLocks
+	 *
+	 * @return array
+	 */
+	public function getLocks($uri, $returnChildLocks = false)
+	{
+		return $this->locksBackend->getLocks($uri, $returnChildLocks);
+	}
+
+	/**
+	 * Locks an uri.
+	 *
+	 * The WebDAV lock request can be operated to either create a new lock on a file, or to refresh an existing lock
+	 * If a new lock is created, a full XML body should be supplied, containing information about the lock such as the type
+	 * of lock (shared or exclusive) and the owner of the lock
+	 *
+	 * If a lock is to be refreshed, no body should be supplied and there should be a valid If header containing the lock
+	 *
+	 * Additionally, a lock can be requested for a non-existent file. In these case we're obligated to create an empty file as per RFC4918:S7.3
+	 *
+	 * @return bool
+	 */
+	public function httpLock(RequestInterface $request, ResponseInterface $response)
+	{
+		$uri = $request->getPath();
+
+		$existingLocks = $this->getLocks($uri);
+
+		if ($body = $request->getBodyAsString()) {
+			// This is a new lock request
+
+			$existingLock = null;
+			// Checking if there's already non-shared locks on the uri.
+			foreach ($existingLocks as $existingLock) {
+				if (LockInfo::EXCLUSIVE === $existingLock->scope) {
+					throw new DAV\Exception\ConflictingLock($existingLock);
+				}
+			}
+
+			$lockInfo = $this->parseLockRequest($body);
+			$lockInfo->depth = $this->server->getHTTPDepth();
+			$lockInfo->uri = $uri;
+			if ($existingLock && LockInfo::SHARED != $lockInfo->scope) {
+				throw new DAV\Exception\ConflictingLock($existingLock);
+			}
+		} else {
+			// Gonna check if this was a lock refresh.
+			$existingLocks = $this->getLocks($uri);
+			$conditions = $this->server->getIfConditions($request);
+			$found = null;
+
+			foreach ($existingLocks as $existingLock) {
+				foreach ($conditions as $condition) {
+					foreach ($condition['tokens'] as $token) {
+						if ($token['token'] === 'opaquelocktoken:'.$existingLock->token) {
+							$found = $existingLock;
+							break 3;
+						}
+					}
+				}
+			}
+
+			// If none were found, this request is in error.
+			if (is_null($found)) {
+				if ($existingLocks) {
+					throw new DAV\Exception\Locked(reset($existingLocks));
+				} else {
+					throw new DAV\Exception\BadRequest('An xml body is required for lock requests');
+				}
+			}
+
+			// This must have been a lock refresh
+			$lockInfo = $found;
+
+			// The resource could have been locked through another uri.
+			if ($uri != $lockInfo->uri) {
+				$uri = $lockInfo->uri;
+			}
+		}
+
+		if ($timeout = $this->getTimeoutHeader()) {
+			$lockInfo->timeout = $timeout;
+		}
+
+		$newFile = false;
+
+		// If we got this far.. we should go check if this node actually exists. If this is not the case, we need to create it first
+		try {
+			$this->server->tree->getNodeForPath($uri);
+
+			// We need to call the beforeWriteContent event for RFC3744
+			// Edit: looks like this is not used, and causing problems now.
+			//
+			// See Issue 222
+			// $this->server->emit('beforeWriteContent',array($uri));
+		} catch (DAV\Exception\NotFound $e) {
+			// It didn't, lets create it
+			$this->server->createFile($uri, fopen('php://memory', 'r'));
+			$newFile = true;
+		}
+
+		$this->lockNode($uri, $lockInfo);
+
+		$response->setHeader('Content-Type', 'application/xml; charset=utf-8');
+		$response->setHeader('Lock-Token', '<opaquelocktoken:'.$lockInfo->token.'>');
+		$response->setStatus($newFile ? 201 : 200);
+		$response->setBody($this->generateLockResponse($lockInfo));
+
+		// Returning false will interrupt the event chain and mark this method
+		// as 'handled'.
+		return false;
+	}
+
+	/**
+	 * Unlocks a uri.
+	 *
+	 * This WebDAV method allows you to remove a lock from a node. The client should provide a valid locktoken through the Lock-token http header
+	 * The server should return 204 (No content) on success
+	 */
+	public function httpUnlock(RequestInterface $request, ResponseInterface $response)
+	{
+		$lockToken = $request->getHeader('Lock-Token');
+
+		// If the locktoken header is not supplied, we need to throw a bad request exception
+		if (!$lockToken) {
+			throw new DAV\Exception\BadRequest('No lock token was supplied');
+		}
+		$path = $request->getPath();
+		$locks = $this->getLocks($path);
+
+		// Windows sometimes forgets to include < and > in the Lock-Token
+		// header
+		if ('<' !== $lockToken[0]) {
+			$lockToken = '<'.$lockToken.'>';
+		}
+
+		foreach ($locks as $lock) {
+			if ('<opaquelocktoken:'.$lock->token.'>' == $lockToken) {
+				$this->unlockNode($path, $lock);
+				$response->setHeader('Content-Length', '0');
+				$response->setStatus(204);
+
+				// Returning false will break the method chain, and mark the
+				// method as 'handled'.
+				return false;
+			}
+		}
+
+		// If we got here, it means the locktoken was invalid
+		throw new DAV\Exception\LockTokenMatchesRequestUri();
+	}
+
+	/**
+	 * This method is called after a node is deleted.
+	 *
+	 * We use this event to clean up any locks that still exist on the node.
+	 *
+	 * @param string $path
+	 */
+	public function afterUnbind($path)
+	{
+		$locks = $this->getLocks($path, $includeChildren = true);
+		foreach ($locks as $lock) {
+			// don't delete a lock on a parent dir
+			if (0 !== strpos($lock->uri, $path)) {
+				continue;
+			}
+			$this->unlockNode($path, $lock);
+		}
+	}
+
+	/**
+	 * Locks a uri.
+	 *
+	 * All the locking information is supplied in the lockInfo object. The object has a suggested timeout, but this can be safely ignored
+	 * It is important that if the existing timeout is ignored, the property is overwritten, as this needs to be sent back to the client
+	 *
+	 * @param string $uri
+	 *
+	 * @return bool
+	 */
+	public function lockNode($uri, LockInfo $lockInfo)
+	{
+		if (!$this->server->emit('beforeLock', [$uri, $lockInfo])) {
+			return;
+		}
+
+		return $this->locksBackend->lock($uri, $lockInfo);
+	}
+
+	/**
+	 * Unlocks a uri.
+	 *
+	 * This method removes a lock from a uri. It is assumed all the supplied information is correct and verified
+	 *
+	 * @param string $uri
+	 *
+	 * @return bool
+	 */
+	public function unlockNode($uri, LockInfo $lockInfo)
+	{
+		if (!$this->server->emit('beforeUnlock', [$uri, $lockInfo])) {
+			return;
+		}
+
+		return $this->locksBackend->unlock($uri, $lockInfo);
+	}
+
+	/**
+	 * Returns the contents of the HTTP Timeout header.
+	 *
+	 * The method formats the header into an integer.
+	 *
+	 * @return int
+	 */
+	public function getTimeoutHeader()
+	{
+		$header = $this->server->httpRequest->getHeader('Timeout');
+
+		if ($header) {
+			if (0 === stripos($header, 'second-')) {
+				$header = (int) (substr($header, 7));
+			} elseif (0 === stripos($header, 'infinite')) {
+				$header = LockInfo::TIMEOUT_INFINITE;
+			} else {
+				throw new DAV\Exception\BadRequest('Invalid HTTP timeout header');
+			}
+		} else {
+			$header = 0;
+		}
+
+		return $header;
+	}
+
+	/**
+	 * Generates the response for successful LOCK requests.
+	 *
+	 * @return string
+	 */
+	protected function generateLockResponse(LockInfo $lockInfo)
+	{
+		return $this->server->xml->write('{DAV:}prop', [
+			'{DAV:}lockdiscovery' => new DAV\Xml\Property\LockDiscovery([$lockInfo]),
+		], $this->server->getBaseUri());
+	}
+
+	/**
+	 * The validateTokens event is triggered before every request.
+	 *
+	 * It's a moment where this plugin can check all the supplied lock tokens
+	 * in the If: header, and check if they are valid.
+	 *
+	 * In addition, it will also ensure that it checks any missing lokens that
+	 * must be present in the request, and reject requests without the proper
+	 * tokens.
+	 *
+	 * @param mixed $conditions
+	 */
+	public function validateTokens(RequestInterface $request, &$conditions)
+	{
+		// First we need to gather a list of locks that must be satisfied.
+		$mustLocks = [];
+		$method = $request->getMethod();
+
+		// Methods not in that list are operations that doesn't alter any
+		// resources, and we don't need to check the lock-states for.
+		switch ($method) {
+			case 'DELETE':
+				$mustLocks = array_merge($mustLocks, $this->getLocks(
+					$request->getPath(),
+					true
+				));
+				break;
+			case 'MKCOL':
+			case 'MKCALENDAR':
+			case 'PROPPATCH':
+			case 'PUT':
+			case 'PATCH':
+				$mustLocks = array_merge($mustLocks, $this->getLocks(
+					$request->getPath(),
+					false
+				));
+				break;
+			case 'MOVE':
+				$mustLocks = array_merge($mustLocks, $this->getLocks(
+					$request->getPath(),
+					true
+				));
+				$mustLocks = array_merge($mustLocks, $this->getLocks(
+					$this->server->calculateUri($request->getHeader('Destination')),
+					false
+				));
+				break;
+			case 'COPY':
+				$mustLocks = array_merge($mustLocks, $this->getLocks(
+					$this->server->calculateUri($request->getHeader('Destination')),
+					false
+				));
+				break;
+			case 'LOCK':
+				//Temporary measure.. figure out later why this is needed
+				// Here we basically ignore all incoming tokens...
+				foreach ($conditions as $ii => $condition) {
+					foreach ($condition['tokens'] as $jj => $token) {
+						$conditions[$ii]['tokens'][$jj]['validToken'] = true;
+					}
+				}
+
+				return;
+		}
+
+		// It's possible that there's identical locks, because of shared
+		// parents. We're removing the duplicates here.
+		$tmp = [];
+		foreach ($mustLocks as $lock) {
+			$tmp[$lock->token] = $lock;
+		}
+		$mustLocks = array_values($tmp);
+
+		foreach ($conditions as $kk => $condition) {
+			foreach ($condition['tokens'] as $ii => $token) {
+				// Lock tokens always start with opaquelocktoken:
+				if ('opaquelocktoken:' !== substr($token['token'], 0, 16)) {
+					continue;
+				}
+
+				$checkToken = substr($token['token'], 16);
+				// Looping through our list with locks.
+				foreach ($mustLocks as $jj => $mustLock) {
+					if ($mustLock->token == $checkToken) {
+						// We have a match!
+						// Removing this one from mustlocks
+						unset($mustLocks[$jj]);
+
+						// Marking the condition as valid.
+						$conditions[$kk]['tokens'][$ii]['validToken'] = true;
+
+						// Advancing to the next token
+						continue 2;
+					}
+				}
+
+				// If we got here, it means that there was a
+				// lock-token, but it was not in 'mustLocks'.
+				//
+				// This is an edge-case, as it could mean that token
+				// was specified with a url that was not 'required' to
+				// check. So we're doing one extra lookup to make sure
+				// we really don't know this token.
+				//
+				// This also gets triggered when the user specified a
+				// lock-token that was expired.
+				$oddLocks = $this->getLocks($condition['uri']);
+				foreach ($oddLocks as $oddLock) {
+					if ($oddLock->token === $checkToken) {
+						// We have a hit!
+						$conditions[$kk]['tokens'][$ii]['validToken'] = true;
+						continue 2;
+					}
+				}
+
+				// If we get all the way here, the lock-token was
+				// really unknown.
+			}
+		}
+
+		// If there's any locks left in the 'mustLocks' array, it means that
+		// the resource was locked and we must block it.
+		if ($mustLocks) {
+			throw new DAV\Exception\Locked(reset($mustLocks));
+		}
+	}
+
+	/**
+	 * Parses a webdav lock xml body, and returns a new Sabre\DAV\Locks\LockInfo object.
+	 *
+	 * @param string $body
+	 *
+	 * @return LockInfo
+	 */
+	protected function parseLockRequest($body)
+	{
+		$result = $this->server->xml->expect(
+			'{DAV:}lockinfo',
+			$body
+		);
+
+		$lockInfo = new LockInfo();
+
+		$lockInfo->owner = $result->owner;
+		$lockInfo->token = DAV\UUIDUtil::getUUID();
+		$lockInfo->scope = $result->scope;
+
+		return $lockInfo;
+	}
+
+	/**
+	 * Returns a bunch of meta-data about the plugin.
+	 *
+	 * Providing this information is optional, and is mainly displayed by the
+	 * Browser plugin.
+	 *
+	 * The description key in the returned array may contain html and will not
+	 * be sanitized.
+	 *
+	 * @return array
+	 */
+	public function getPluginInfo()
+	{
+		return [
+			'name' => $this->getPluginName(),
+			'description' => 'The locks plugin turns this server into a class-2 WebDAV server and adds support for LOCK and UNLOCK',
+			'link' => 'http://sabre.io/dav/locks/',
+		];
+	}
 }

htdocs/includes/sabre/sabre/dav/lib/DAV/Locks/Backend/BackendInterface.php

Indentation +31 added lines, -31 removed lines

@@ -16,37 +16,37 @@
  */
 interface BackendInterface
 {
-    /**
-     * Returns a list of Sabre\DAV\Locks\LockInfo objects.
-     *
-     * This method should return all the locks for a particular uri, including
-     * locks that might be set on a parent uri.
-     *
-     * If returnChildLocks is set to true, this method should also look for
-     * any locks in the subtree of the uri for locks.
-     *
-     * @param string $uri
-     * @param bool   $returnChildLocks
-     *
-     * @return array
-     */
-    public function getLocks($uri, $returnChildLocks);
+	/**
+	 * Returns a list of Sabre\DAV\Locks\LockInfo objects.
+	 *
+	 * This method should return all the locks for a particular uri, including
+	 * locks that might be set on a parent uri.
+	 *
+	 * If returnChildLocks is set to true, this method should also look for
+	 * any locks in the subtree of the uri for locks.
+	 *
+	 * @param string $uri
+	 * @param bool   $returnChildLocks
+	 *
+	 * @return array
+	 */
+	public function getLocks($uri, $returnChildLocks);
 
-    /**
-     * Locks a uri.
-     *
-     * @param string $uri
-     *
-     * @return bool
-     */
-    public function lock($uri, Locks\LockInfo $lockInfo);
+	/**
+	 * Locks a uri.
+	 *
+	 * @param string $uri
+	 *
+	 * @return bool
+	 */
+	public function lock($uri, Locks\LockInfo $lockInfo);
 
-    /**
-     * Removes a lock from a uri.
-     *
-     * @param string $uri
-     *
-     * @return bool
-     */
-    public function unlock($uri, Locks\LockInfo $lockInfo);
+	/**
+	 * Removes a lock from a uri.
+	 *
+	 * @param string $uri
+	 *
+	 * @return bool
+	 */
+	public function unlock($uri, Locks\LockInfo $lockInfo);
 }

htdocs/includes/sabre/sabre/dav/lib/DAV/Locks/Backend/File.php

Indentation +158 added lines, -158 removed lines

@@ -21,162 +21,162 @@
  */
 class File extends AbstractBackend
 {
-    /**
-     * The storage file.
-     *
-     * @var string
-     */
-    private $locksFile;
-
-    /**
-     * Constructor.
-     *
-     * @param string $locksFile path to file
-     */
-    public function __construct($locksFile)
-    {
-        $this->locksFile = $locksFile;
-    }
-
-    /**
-     * Returns a list of Sabre\DAV\Locks\LockInfo objects.
-     *
-     * This method should return all the locks for a particular uri, including
-     * locks that might be set on a parent uri.
-     *
-     * If returnChildLocks is set to true, this method should also look for
-     * any locks in the subtree of the uri for locks.
-     *
-     * @param string $uri
-     * @param bool   $returnChildLocks
-     *
-     * @return array
-     */
-    public function getLocks($uri, $returnChildLocks)
-    {
-        $newLocks = [];
-
-        $locks = $this->getData();
-
-        foreach ($locks as $lock) {
-            if ($lock->uri === $uri ||
-                //deep locks on parents
-                (0 != $lock->depth && 0 === strpos($uri, $lock->uri.'/')) ||
-
-                // locks on children
-                ($returnChildLocks && (0 === strpos($lock->uri, $uri.'/')))) {
-                $newLocks[] = $lock;
-            }
-        }
-
-        // Checking if we can remove any of these locks
-        foreach ($newLocks as $k => $lock) {
-            if (time() > $lock->timeout + $lock->created) {
-                unset($newLocks[$k]);
-            }
-        }
-
-        return $newLocks;
-    }
-
-    /**
-     * Locks a uri.
-     *
-     * @param string $uri
-     *
-     * @return bool
-     */
-    public function lock($uri, LockInfo $lockInfo)
-    {
-        // We're making the lock timeout 30 minutes
-        $lockInfo->timeout = 1800;
-        $lockInfo->created = time();
-        $lockInfo->uri = $uri;
-
-        $locks = $this->getData();
-
-        foreach ($locks as $k => $lock) {
-            if (
-                ($lock->token == $lockInfo->token) ||
-                (time() > $lock->timeout + $lock->created)
-            ) {
-                unset($locks[$k]);
-            }
-        }
-        $locks[] = $lockInfo;
-        $this->putData($locks);
-
-        return true;
-    }
-
-    /**
-     * Removes a lock from a uri.
-     *
-     * @param string $uri
-     *
-     * @return bool
-     */
-    public function unlock($uri, LockInfo $lockInfo)
-    {
-        $locks = $this->getData();
-        foreach ($locks as $k => $lock) {
-            if ($lock->token == $lockInfo->token) {
-                unset($locks[$k]);
-                $this->putData($locks);
-
-                return true;
-            }
-        }
-
-        return false;
-    }
-
-    /**
-     * Loads the lockdata from the filesystem.
-     *
-     * @return array
-     */
-    protected function getData()
-    {
-        if (!file_exists($this->locksFile)) {
-            return [];
-        }
-
-        // opening up the file, and creating a shared lock
-        $handle = fopen($this->locksFile, 'r');
-        flock($handle, LOCK_SH);
-
-        // Reading data until the eof
-        $data = stream_get_contents($handle);
-
-        // We're all good
-        flock($handle, LOCK_UN);
-        fclose($handle);
-
-        // Unserializing and checking if the resource file contains data for this file
-        $data = unserialize($data);
-        if (!$data) {
-            return [];
-        }
-
-        return $data;
-    }
-
-    /**
-     * Saves the lockdata.
-     */
-    protected function putData(array $newData)
-    {
-        // opening up the file, and creating an exclusive lock
-        $handle = fopen($this->locksFile, 'a+');
-        flock($handle, LOCK_EX);
-
-        // We can only truncate and rewind once the lock is acquired.
-        ftruncate($handle, 0);
-        rewind($handle);
-
-        fwrite($handle, serialize($newData));
-        flock($handle, LOCK_UN);
-        fclose($handle);
-    }
+	/**
+	 * The storage file.
+	 *
+	 * @var string
+	 */
+	private $locksFile;
+
+	/**
+	 * Constructor.
+	 *
+	 * @param string $locksFile path to file
+	 */
+	public function __construct($locksFile)
+	{
+		$this->locksFile = $locksFile;
+	}
+
+	/**
+	 * Returns a list of Sabre\DAV\Locks\LockInfo objects.
+	 *
+	 * This method should return all the locks for a particular uri, including
+	 * locks that might be set on a parent uri.
+	 *
+	 * If returnChildLocks is set to true, this method should also look for
+	 * any locks in the subtree of the uri for locks.
+	 *
+	 * @param string $uri
+	 * @param bool   $returnChildLocks
+	 *
+	 * @return array
+	 */
+	public function getLocks($uri, $returnChildLocks)
+	{
+		$newLocks = [];
+
+		$locks = $this->getData();
+
+		foreach ($locks as $lock) {
+			if ($lock->uri === $uri ||
+				//deep locks on parents
+				(0 != $lock->depth && 0 === strpos($uri, $lock->uri.'/')) ||
+
+				// locks on children
+				($returnChildLocks && (0 === strpos($lock->uri, $uri.'/')))) {
+				$newLocks[] = $lock;
+			}
+		}
+
+		// Checking if we can remove any of these locks
+		foreach ($newLocks as $k => $lock) {
+			if (time() > $lock->timeout + $lock->created) {
+				unset($newLocks[$k]);
+			}
+		}
+
+		return $newLocks;
+	}
+
+	/**
+	 * Locks a uri.
+	 *
+	 * @param string $uri
+	 *
+	 * @return bool
+	 */
+	public function lock($uri, LockInfo $lockInfo)
+	{
+		// We're making the lock timeout 30 minutes
+		$lockInfo->timeout = 1800;
+		$lockInfo->created = time();
+		$lockInfo->uri = $uri;
+
+		$locks = $this->getData();
+
+		foreach ($locks as $k => $lock) {
+			if (
+				($lock->token == $lockInfo->token) ||
+				(time() > $lock->timeout + $lock->created)
+			) {
+				unset($locks[$k]);
+			}
+		}
+		$locks[] = $lockInfo;
+		$this->putData($locks);
+
+		return true;
+	}
+
+	/**
+	 * Removes a lock from a uri.
+	 *
+	 * @param string $uri
+	 *
+	 * @return bool
+	 */
+	public function unlock($uri, LockInfo $lockInfo)
+	{
+		$locks = $this->getData();
+		foreach ($locks as $k => $lock) {
+			if ($lock->token == $lockInfo->token) {
+				unset($locks[$k]);
+				$this->putData($locks);
+
+				return true;
+			}
+		}
+
+		return false;
+	}
+
+	/**
+	 * Loads the lockdata from the filesystem.
+	 *
+	 * @return array
+	 */
+	protected function getData()
+	{
+		if (!file_exists($this->locksFile)) {
+			return [];
+		}
+
+		// opening up the file, and creating a shared lock
+		$handle = fopen($this->locksFile, 'r');
+		flock($handle, LOCK_SH);
+
+		// Reading data until the eof
+		$data = stream_get_contents($handle);
+
+		// We're all good
+		flock($handle, LOCK_UN);
+		fclose($handle);
+
+		// Unserializing and checking if the resource file contains data for this file
+		$data = unserialize($data);
+		if (!$data) {
+			return [];
+		}
+
+		return $data;
+	}
+
+	/**
+	 * Saves the lockdata.
+	 */
+	protected function putData(array $newData)
+	{
+		// opening up the file, and creating an exclusive lock
+		$handle = fopen($this->locksFile, 'a+');
+		flock($handle, LOCK_EX);
+
+		// We can only truncate and rewind once the lock is acquired.
+		ftruncate($handle, 0);
+		rewind($handle);
+
+		fwrite($handle, serialize($newData));
+		flock($handle, LOCK_UN);
+		fclose($handle);
+	}
 }

htdocs/includes/sabre/sabre/dav/lib/DAV/Locks/Backend/PDO.php

Indentation +151 added lines, -151 removed lines

@@ -18,155 +18,155 @@
  */
 class PDO extends AbstractBackend
 {
-    /**
-     * The PDO tablename this backend uses.
-     *
-     * @var string
-     */
-    public $tableName = 'locks';
-
-    /**
-     * The PDO connection object.
-     *
-     * @var pdo
-     */
-    protected $pdo;
-
-    /**
-     * Constructor.
-     */
-    public function __construct(\PDO $pdo)
-    {
-        $this->pdo = $pdo;
-    }
-
-    /**
-     * Returns a list of Sabre\DAV\Locks\LockInfo objects.
-     *
-     * This method should return all the locks for a particular uri, including
-     * locks that might be set on a parent uri.
-     *
-     * If returnChildLocks is set to true, this method should also look for
-     * any locks in the subtree of the uri for locks.
-     *
-     * @param string $uri
-     * @param bool   $returnChildLocks
-     *
-     * @return array
-     */
-    public function getLocks($uri, $returnChildLocks)
-    {
-        // NOTE: the following 10 lines or so could be easily replaced by
-        // pure sql. MySQL's non-standard string concatenation prevents us
-        // from doing this though.
-        $query = 'SELECT owner, token, timeout, created, scope, depth, uri FROM '.$this->tableName.' WHERE (created > (? - timeout)) AND ((uri = ?)';
-        $params = [time(), $uri];
-
-        // We need to check locks for every part in the uri.
-        $uriParts = explode('/', $uri);
-
-        // We already covered the last part of the uri
-        array_pop($uriParts);
-
-        $currentPath = '';
-
-        foreach ($uriParts as $part) {
-            if ($currentPath) {
-                $currentPath .= '/';
-            }
-            $currentPath .= $part;
-
-            $query .= ' OR (depth!=0 AND uri = ?)';
-            $params[] = $currentPath;
-        }
-
-        if ($returnChildLocks) {
-            $query .= ' OR (uri LIKE ?)';
-            $params[] = $uri.'/%';
-        }
-        $query .= ')';
-
-        $stmt = $this->pdo->prepare($query);
-        $stmt->execute($params);
-        $result = $stmt->fetchAll();
-
-        $lockList = [];
-        foreach ($result as $row) {
-            $lockInfo = new LockInfo();
-            $lockInfo->owner = $row['owner'];
-            $lockInfo->token = $row['token'];
-            $lockInfo->timeout = $row['timeout'];
-            $lockInfo->created = $row['created'];
-            $lockInfo->scope = $row['scope'];
-            $lockInfo->depth = $row['depth'];
-            $lockInfo->uri = $row['uri'];
-            $lockList[] = $lockInfo;
-        }
-
-        return $lockList;
-    }
-
-    /**
-     * Locks a uri.
-     *
-     * @param string $uri
-     *
-     * @return bool
-     */
-    public function lock($uri, LockInfo $lockInfo)
-    {
-        // We're making the lock timeout 30 minutes
-        $lockInfo->timeout = 30 * 60;
-        $lockInfo->created = time();
-        $lockInfo->uri = $uri;
-
-        $locks = $this->getLocks($uri, false);
-        $exists = false;
-        foreach ($locks as $lock) {
-            if ($lock->token == $lockInfo->token) {
-                $exists = true;
-            }
-        }
-
-        if ($exists) {
-            $stmt = $this->pdo->prepare('UPDATE '.$this->tableName.' SET owner = ?, timeout = ?, scope = ?, depth = ?, uri = ?, created = ? WHERE token = ?');
-            $stmt->execute([
-                $lockInfo->owner,
-                $lockInfo->timeout,
-                $lockInfo->scope,
-                $lockInfo->depth,
-                $uri,
-                $lockInfo->created,
-                $lockInfo->token,
-            ]);
-        } else {
-            $stmt = $this->pdo->prepare('INSERT INTO '.$this->tableName.' (owner,timeout,scope,depth,uri,created,token) VALUES (?,?,?,?,?,?,?)');
-            $stmt->execute([
-                $lockInfo->owner,
-                $lockInfo->timeout,
-                $lockInfo->scope,
-                $lockInfo->depth,
-                $uri,
-                $lockInfo->created,
-                $lockInfo->token,
-            ]);
-        }
-
-        return true;
-    }
-
-    /**
-     * Removes a lock from a uri.
-     *
-     * @param string $uri
-     *
-     * @return bool
-     */
-    public function unlock($uri, LockInfo $lockInfo)
-    {
-        $stmt = $this->pdo->prepare('DELETE FROM '.$this->tableName.' WHERE uri = ? AND token = ?');
-        $stmt->execute([$uri, $lockInfo->token]);
-
-        return 1 === $stmt->rowCount();
-    }
+	/**
+	 * The PDO tablename this backend uses.
+	 *
+	 * @var string
+	 */
+	public $tableName = 'locks';
+
+	/**
+	 * The PDO connection object.
+	 *
+	 * @var pdo
+	 */
+	protected $pdo;
+
+	/**
+	 * Constructor.
+	 */
+	public function __construct(\PDO $pdo)
+	{
+		$this->pdo = $pdo;
+	}
+
+	/**
+	 * Returns a list of Sabre\DAV\Locks\LockInfo objects.
+	 *
+	 * This method should return all the locks for a particular uri, including
+	 * locks that might be set on a parent uri.
+	 *
+	 * If returnChildLocks is set to true, this method should also look for
+	 * any locks in the subtree of the uri for locks.
+	 *
+	 * @param string $uri
+	 * @param bool   $returnChildLocks
+	 *
+	 * @return array
+	 */
+	public function getLocks($uri, $returnChildLocks)
+	{
+		// NOTE: the following 10 lines or so could be easily replaced by
+		// pure sql. MySQL's non-standard string concatenation prevents us
+		// from doing this though.
+		$query = 'SELECT owner, token, timeout, created, scope, depth, uri FROM '.$this->tableName.' WHERE (created > (? - timeout)) AND ((uri = ?)';
+		$params = [time(), $uri];
+
+		// We need to check locks for every part in the uri.
+		$uriParts = explode('/', $uri);
+
+		// We already covered the last part of the uri
+		array_pop($uriParts);
+
+		$currentPath = '';
+
+		foreach ($uriParts as $part) {
+			if ($currentPath) {
+				$currentPath .= '/';
+			}
+			$currentPath .= $part;
+
+			$query .= ' OR (depth!=0 AND uri = ?)';
+			$params[] = $currentPath;
+		}
+
+		if ($returnChildLocks) {
+			$query .= ' OR (uri LIKE ?)';
+			$params[] = $uri.'/%';
+		}
+		$query .= ')';
+
+		$stmt = $this->pdo->prepare($query);
+		$stmt->execute($params);
+		$result = $stmt->fetchAll();
+
+		$lockList = [];
+		foreach ($result as $row) {
+			$lockInfo = new LockInfo();
+			$lockInfo->owner = $row['owner'];
+			$lockInfo->token = $row['token'];
+			$lockInfo->timeout = $row['timeout'];
+			$lockInfo->created = $row['created'];
+			$lockInfo->scope = $row['scope'];
+			$lockInfo->depth = $row['depth'];
+			$lockInfo->uri = $row['uri'];
+			$lockList[] = $lockInfo;
+		}
+
+		return $lockList;
+	}
+
+	/**
+	 * Locks a uri.
+	 *
+	 * @param string $uri
+	 *
+	 * @return bool
+	 */
+	public function lock($uri, LockInfo $lockInfo)
+	{
+		// We're making the lock timeout 30 minutes
+		$lockInfo->timeout = 30 * 60;
+		$lockInfo->created = time();
+		$lockInfo->uri = $uri;
+
+		$locks = $this->getLocks($uri, false);
+		$exists = false;
+		foreach ($locks as $lock) {
+			if ($lock->token == $lockInfo->token) {
+				$exists = true;
+			}
+		}
+
+		if ($exists) {
+			$stmt = $this->pdo->prepare('UPDATE '.$this->tableName.' SET owner = ?, timeout = ?, scope = ?, depth = ?, uri = ?, created = ? WHERE token = ?');
+			$stmt->execute([
+				$lockInfo->owner,
+				$lockInfo->timeout,
+				$lockInfo->scope,
+				$lockInfo->depth,
+				$uri,
+				$lockInfo->created,
+				$lockInfo->token,
+			]);
+		} else {
+			$stmt = $this->pdo->prepare('INSERT INTO '.$this->tableName.' (owner,timeout,scope,depth,uri,created,token) VALUES (?,?,?,?,?,?,?)');
+			$stmt->execute([
+				$lockInfo->owner,
+				$lockInfo->timeout,
+				$lockInfo->scope,
+				$lockInfo->depth,
+				$uri,
+				$lockInfo->created,
+				$lockInfo->token,
+			]);
+		}
+
+		return true;
+	}
+
+	/**
+	 * Removes a lock from a uri.
+	 *
+	 * @param string $uri
+	 *
+	 * @return bool
+	 */
+	public function unlock($uri, LockInfo $lockInfo)
+	{
+		$stmt = $this->pdo->prepare('DELETE FROM '.$this->tableName.' WHERE uri = ? AND token = ?');
+		$stmt->execute([$uri, $lockInfo->token]);
+
+		return 1 === $stmt->rowCount();
+	}
 }

htdocs/includes/sabre/sabre/dav/lib/DAV/Locks/LockInfo.php

Indentation +54 added lines, -54 removed lines

@@ -16,67 +16,67 @@
  */
 class LockInfo
 {
-    /**
-     * A shared lock.
-     */
-    const SHARED = 1;
+	/**
+	 * A shared lock.
+	 */
+	const SHARED = 1;
 
-    /**
-     * An exclusive lock.
-     */
-    const EXCLUSIVE = 2;
+	/**
+	 * An exclusive lock.
+	 */
+	const EXCLUSIVE = 2;
 
-    /**
-     * A never expiring timeout.
-     */
-    const TIMEOUT_INFINITE = -1;
+	/**
+	 * A never expiring timeout.
+	 */
+	const TIMEOUT_INFINITE = -1;
 
-    /**
-     * The owner of the lock.
-     *
-     * @var string
-     */
-    public $owner;
+	/**
+	 * The owner of the lock.
+	 *
+	 * @var string
+	 */
+	public $owner;
 
-    /**
-     * The locktoken.
-     *
-     * @var string
-     */
-    public $token;
+	/**
+	 * The locktoken.
+	 *
+	 * @var string
+	 */
+	public $token;
 
-    /**
-     * How long till the lock is expiring.
-     *
-     * @var int
-     */
-    public $timeout;
+	/**
+	 * How long till the lock is expiring.
+	 *
+	 * @var int
+	 */
+	public $timeout;
 
-    /**
-     * UNIX Timestamp of when this lock was created.
-     *
-     * @var int
-     */
-    public $created;
+	/**
+	 * UNIX Timestamp of when this lock was created.
+	 *
+	 * @var int
+	 */
+	public $created;
 
-    /**
-     * Exclusive or shared lock.
-     *
-     * @var int
-     */
-    public $scope = self::EXCLUSIVE;
+	/**
+	 * Exclusive or shared lock.
+	 *
+	 * @var int
+	 */
+	public $scope = self::EXCLUSIVE;
 
-    /**
-     * Depth of lock, can be 0 or Sabre\DAV\Server::DEPTH_INFINITY.
-     */
-    public $depth = 0;
+	/**
+	 * Depth of lock, can be 0 or Sabre\DAV\Server::DEPTH_INFINITY.
+	 */
+	public $depth = 0;
 
-    /**
-     * The uri this lock locks.
-     *
-     * TODO: This value is not always set
-     *
-     * @var mixed
-     */
-    public $uri;
+	/**
+	 * The uri this lock locks.
+	 *
+	 * TODO: This value is not always set
+	 *
+	 * @var mixed
+	 */
+	public $uri;
 }

htdocs/includes/sabre/sabre/dav/lib/DAV/IProperties.php

Indentation +27 added lines, -27 removed lines

@@ -15,32 +15,32 @@
  */
 interface IProperties extends INode
 {
-    /**
-     * Updates properties on this node.
-     *
-     * This method received a PropPatch object, which contains all the
-     * information about the update.
-     *
-     * To update specific properties, call the 'handle' method on this object.
-     * Read the PropPatch documentation for more information.
-     */
-    public function propPatch(PropPatch $propPatch);
+	/**
+	 * Updates properties on this node.
+	 *
+	 * This method received a PropPatch object, which contains all the
+	 * information about the update.
+	 *
+	 * To update specific properties, call the 'handle' method on this object.
+	 * Read the PropPatch documentation for more information.
+	 */
+	public function propPatch(PropPatch $propPatch);
 
-    /**
-     * Returns a list of properties for this nodes.
-     *
-     * The properties list is a list of propertynames the client requested,
-     * encoded in clark-notation {xmlnamespace}tagname
-     *
-     * If the array is empty, it means 'all properties' were requested.
-     *
-     * Note that it's fine to liberally give properties back, instead of
-     * conforming to the list of requested properties.
-     * The Server class will filter out the extra.
-     *
-     * @param array $properties
-     *
-     * @return array
-     */
-    public function getProperties($properties);
+	/**
+	 * Returns a list of properties for this nodes.
+	 *
+	 * The properties list is a list of propertynames the client requested,
+	 * encoded in clark-notation {xmlnamespace}tagname
+	 *
+	 * If the array is empty, it means 'all properties' were requested.
+	 *
+	 * Note that it's fine to liberally give properties back, instead of
+	 * conforming to the list of requested properties.
+	 * The Server class will filter out the extra.
+	 *
+	 * @param array $properties
+	 *
+	 * @return array
+	 */
+	public function getProperties($properties);
 }

htdocs/includes/sabre/sabre/dav/lib/DAV/Auth/Plugin.php

Indentation +226 added lines, -226 removed lines

@@ -26,230 +26,230 @@
  */
 class Plugin extends ServerPlugin
 {
-    /**
-     * By default this plugin will require that the user is authenticated,
-     * and refuse any access if the user is not authenticated.
-     *
-     * If this setting is set to false, we let the user through, whether they
-     * are authenticated or not.
-     *
-     * This is useful if you want to allow both authenticated and
-     * unauthenticated access to your server.
-     *
-     * @param bool
-     */
-    public $autoRequireLogin = true;
-
-    /**
-     * authentication backends.
-     */
-    protected $backends;
-
-    /**
-     * The currently logged in principal. Will be `null` if nobody is currently
-     * logged in.
-     *
-     * @var string|null
-     */
-    protected $currentPrincipal;
-
-    /**
-     * Creates the authentication plugin.
-     *
-     * @param Backend\BackendInterface $authBackend
-     */
-    public function __construct(Backend\BackendInterface $authBackend = null)
-    {
-        if (!is_null($authBackend)) {
-            $this->addBackend($authBackend);
-        }
-    }
-
-    /**
-     * Adds an authentication backend to the plugin.
-     */
-    public function addBackend(Backend\BackendInterface $authBackend)
-    {
-        $this->backends[] = $authBackend;
-    }
-
-    /**
-     * Initializes the plugin. This function is automatically called by the server.
-     */
-    public function initialize(Server $server)
-    {
-        $server->on('beforeMethod:*', [$this, 'beforeMethod'], 10);
-    }
-
-    /**
-     * Returns a plugin name.
-     *
-     * Using this name other plugins will be able to access other plugins
-     * using DAV\Server::getPlugin
-     *
-     * @return string
-     */
-    public function getPluginName()
-    {
-        return 'auth';
-    }
-
-    /**
-     * Returns the currently logged-in principal.
-     *
-     * This will return a string such as:
-     *
-     * principals/username
-     * principals/users/username
-     *
-     * This method will return null if nobody is logged in.
-     *
-     * @return string|null
-     */
-    public function getCurrentPrincipal()
-    {
-        return $this->currentPrincipal;
-    }
-
-    /**
-     * This method is called before any HTTP method and forces users to be authenticated.
-     */
-    public function beforeMethod(RequestInterface $request, ResponseInterface $response)
-    {
-        if ($this->currentPrincipal) {
-            // We already have authentication information. This means that the
-            // event has already fired earlier, and is now likely fired for a
-            // sub-request.
-            //
-            // We don't want to authenticate users twice, so we simply don't do
-            // anything here. See Issue #700 for additional reasoning.
-            //
-            // This is not a perfect solution, but will be fixed once the
-            // "currently authenticated principal" is information that's not
-            // not associated with the plugin, but rather per-request.
-            //
-            // See issue #580 for more information about that.
-            return;
-        }
-
-        $authResult = $this->check($request, $response);
-
-        if ($authResult[0]) {
-            // Auth was successful
-            $this->currentPrincipal = $authResult[1];
-            $this->loginFailedReasons = null;
-
-            return;
-        }
-
-        // If we got here, it means that no authentication backend was
-        // successful in authenticating the user.
-        $this->currentPrincipal = null;
-        $this->loginFailedReasons = $authResult[1];
-
-        if ($this->autoRequireLogin) {
-            $this->challenge($request, $response);
-            throw new NotAuthenticated(implode(', ', $authResult[1]));
-        }
-    }
-
-    /**
-     * Checks authentication credentials, and logs the user in if possible.
-     *
-     * This method returns an array. The first item in the array is a boolean
-     * indicating if login was successful.
-     *
-     * If login was successful, the second item in the array will contain the
-     * current principal url/path of the logged in user.
-     *
-     * If login was not successful, the second item in the array will contain a
-     * an array with strings. The strings are a list of reasons why login was
-     * unsuccessful. For every auth backend there will be one reason, so usually
-     * there's just one.
-     *
-     * @return array
-     */
-    public function check(RequestInterface $request, ResponseInterface $response)
-    {
-        if (!$this->backends) {
-            throw new \Sabre\DAV\Exception('No authentication backends were configured on this server.');
-        }
-        $reasons = [];
-        foreach ($this->backends as $backend) {
-            $result = $backend->check(
-                $request,
-                $response
-            );
-
-            if (!is_array($result) || 2 !== count($result) || !is_bool($result[0]) || !is_string($result[1])) {
-                throw new \Sabre\DAV\Exception('The authentication backend did not return a correct value from the check() method.');
-            }
-
-            if ($result[0]) {
-                $this->currentPrincipal = $result[1];
-                // Exit early
-                return [true, $result[1]];
-            }
-            $reasons[] = $result[1];
-        }
-
-        return [false, $reasons];
-    }
-
-    /**
-     * This method sends authentication challenges to the user.
-     *
-     * This method will for example cause a HTTP Basic backend to set a
-     * WWW-Authorization header, indicating to the client that it should
-     * authenticate.
-     */
-    public function challenge(RequestInterface $request, ResponseInterface $response)
-    {
-        foreach ($this->backends as $backend) {
-            $backend->challenge($request, $response);
-        }
-    }
-
-    /**
-     * List of reasons why login failed for the last login operation.
-     *
-     * @var string[]|null
-     */
-    protected $loginFailedReasons;
-
-    /**
-     * Returns a list of reasons why login was unsuccessful.
-     *
-     * This method will return the login failed reasons for the last login
-     * operation. One for each auth backend.
-     *
-     * This method returns null if the last authentication attempt was
-     * successful, or if there was no authentication attempt yet.
-     *
-     * @return string[]|null
-     */
-    public function getLoginFailedReasons()
-    {
-        return $this->loginFailedReasons;
-    }
-
-    /**
-     * Returns a bunch of meta-data about the plugin.
-     *
-     * Providing this information is optional, and is mainly displayed by the
-     * Browser plugin.
-     *
-     * The description key in the returned array may contain html and will not
-     * be sanitized.
-     *
-     * @return array
-     */
-    public function getPluginInfo()
-    {
-        return [
-            'name' => $this->getPluginName(),
-            'description' => 'Generic authentication plugin',
-            'link' => 'http://sabre.io/dav/authentication/',
-        ];
-    }
+	/**
+	 * By default this plugin will require that the user is authenticated,
+	 * and refuse any access if the user is not authenticated.
+	 *
+	 * If this setting is set to false, we let the user through, whether they
+	 * are authenticated or not.
+	 *
+	 * This is useful if you want to allow both authenticated and
+	 * unauthenticated access to your server.
+	 *
+	 * @param bool
+	 */
+	public $autoRequireLogin = true;
+
+	/**
+	 * authentication backends.
+	 */
+	protected $backends;
+
+	/**
+	 * The currently logged in principal. Will be `null` if nobody is currently
+	 * logged in.
+	 *
+	 * @var string|null
+	 */
+	protected $currentPrincipal;
+
+	/**
+	 * Creates the authentication plugin.
+	 *
+	 * @param Backend\BackendInterface $authBackend
+	 */
+	public function __construct(Backend\BackendInterface $authBackend = null)
+	{
+		if (!is_null($authBackend)) {
+			$this->addBackend($authBackend);
+		}
+	}
+
+	/**
+	 * Adds an authentication backend to the plugin.
+	 */
+	public function addBackend(Backend\BackendInterface $authBackend)
+	{
+		$this->backends[] = $authBackend;
+	}
+
+	/**
+	 * Initializes the plugin. This function is automatically called by the server.
+	 */
+	public function initialize(Server $server)
+	{
+		$server->on('beforeMethod:*', [$this, 'beforeMethod'], 10);
+	}
+
+	/**
+	 * Returns a plugin name.
+	 *
+	 * Using this name other plugins will be able to access other plugins
+	 * using DAV\Server::getPlugin
+	 *
+	 * @return string
+	 */
+	public function getPluginName()
+	{
+		return 'auth';
+	}
+
+	/**
+	 * Returns the currently logged-in principal.
+	 *
+	 * This will return a string such as:
+	 *
+	 * principals/username
+	 * principals/users/username
+	 *
+	 * This method will return null if nobody is logged in.
+	 *
+	 * @return string|null
+	 */
+	public function getCurrentPrincipal()
+	{
+		return $this->currentPrincipal;
+	}
+
+	/**
+	 * This method is called before any HTTP method and forces users to be authenticated.
+	 */
+	public function beforeMethod(RequestInterface $request, ResponseInterface $response)
+	{
+		if ($this->currentPrincipal) {
+			// We already have authentication information. This means that the
+			// event has already fired earlier, and is now likely fired for a
+			// sub-request.
+			//
+			// We don't want to authenticate users twice, so we simply don't do
+			// anything here. See Issue #700 for additional reasoning.
+			//
+			// This is not a perfect solution, but will be fixed once the
+			// "currently authenticated principal" is information that's not
+			// not associated with the plugin, but rather per-request.
+			//
+			// See issue #580 for more information about that.
+			return;
+		}
+
+		$authResult = $this->check($request, $response);
+
+		if ($authResult[0]) {
+			// Auth was successful
+			$this->currentPrincipal = $authResult[1];
+			$this->loginFailedReasons = null;
+
+			return;
+		}
+
+		// If we got here, it means that no authentication backend was
+		// successful in authenticating the user.
+		$this->currentPrincipal = null;
+		$this->loginFailedReasons = $authResult[1];
+
+		if ($this->autoRequireLogin) {
+			$this->challenge($request, $response);
+			throw new NotAuthenticated(implode(', ', $authResult[1]));
+		}
+	}
+
+	/**
+	 * Checks authentication credentials, and logs the user in if possible.
+	 *
+	 * This method returns an array. The first item in the array is a boolean
+	 * indicating if login was successful.
+	 *
+	 * If login was successful, the second item in the array will contain the
+	 * current principal url/path of the logged in user.
+	 *
+	 * If login was not successful, the second item in the array will contain a
+	 * an array with strings. The strings are a list of reasons why login was
+	 * unsuccessful. For every auth backend there will be one reason, so usually
+	 * there's just one.
+	 *
+	 * @return array
+	 */
+	public function check(RequestInterface $request, ResponseInterface $response)
+	{
+		if (!$this->backends) {
+			throw new \Sabre\DAV\Exception('No authentication backends were configured on this server.');
+		}
+		$reasons = [];
+		foreach ($this->backends as $backend) {
+			$result = $backend->check(
+				$request,
+				$response
+			);
+
+			if (!is_array($result) || 2 !== count($result) || !is_bool($result[0]) || !is_string($result[1])) {
+				throw new \Sabre\DAV\Exception('The authentication backend did not return a correct value from the check() method.');
+			}
+
+			if ($result[0]) {
+				$this->currentPrincipal = $result[1];
+				// Exit early
+				return [true, $result[1]];
+			}
+			$reasons[] = $result[1];
+		}
+
+		return [false, $reasons];
+	}
+
+	/**
+	 * This method sends authentication challenges to the user.
+	 *
+	 * This method will for example cause a HTTP Basic backend to set a
+	 * WWW-Authorization header, indicating to the client that it should
+	 * authenticate.
+	 */
+	public function challenge(RequestInterface $request, ResponseInterface $response)
+	{
+		foreach ($this->backends as $backend) {
+			$backend->challenge($request, $response);
+		}
+	}
+
+	/**
+	 * List of reasons why login failed for the last login operation.
+	 *
+	 * @var string[]|null
+	 */
+	protected $loginFailedReasons;
+
+	/**
+	 * Returns a list of reasons why login was unsuccessful.
+	 *
+	 * This method will return the login failed reasons for the last login
+	 * operation. One for each auth backend.
+	 *
+	 * This method returns null if the last authentication attempt was
+	 * successful, or if there was no authentication attempt yet.
+	 *
+	 * @return string[]|null
+	 */
+	public function getLoginFailedReasons()
+	{
+		return $this->loginFailedReasons;
+	}
+
+	/**
+	 * Returns a bunch of meta-data about the plugin.
+	 *
+	 * Providing this information is optional, and is mainly displayed by the
+	 * Browser plugin.
+	 *
+	 * The description key in the returned array may contain html and will not
+	 * be sanitized.
+	 *
+	 * @return array
+	 */
+	public function getPluginInfo()
+	{
+		return [
+			'name' => $this->getPluginName(),
+			'description' => 'Generic authentication plugin',
+			'link' => 'http://sabre.io/dav/authentication/',
+		];
+	}
 }

htdocs/includes/sabre/sabre/dav/lib/DAV/Auth/Backend/Apache.php

Indentation +66 added lines, -66 removed lines

@@ -21,73 +21,73 @@
  */
 class Apache implements BackendInterface
 {
-    /**
-     * This is the prefix that will be used to generate principal urls.
-     *
-     * @var string
-     */
-    protected $principalPrefix = 'principals/';
+	/**
+	 * This is the prefix that will be used to generate principal urls.
+	 *
+	 * @var string
+	 */
+	protected $principalPrefix = 'principals/';
 
-    /**
-     * When this method is called, the backend must check if authentication was
-     * successful.
-     *
-     * The returned value must be one of the following
-     *
-     * [true, "principals/username"]
-     * [false, "reason for failure"]
-     *
-     * If authentication was successful, it's expected that the authentication
-     * backend returns a so-called principal url.
-     *
-     * Examples of a principal url:
-     *
-     * principals/admin
-     * principals/user1
-     * principals/users/joe
-     * principals/uid/123457
-     *
-     * If you don't use WebDAV ACL (RFC3744) we recommend that you simply
-     * return a string such as:
-     *
-     * principals/users/[username]
-     *
-     * @return array
-     */
-    public function check(RequestInterface $request, ResponseInterface $response)
-    {
-        $remoteUser = $request->getRawServerValue('REMOTE_USER');
-        if (is_null($remoteUser)) {
-            $remoteUser = $request->getRawServerValue('REDIRECT_REMOTE_USER');
-        }
-        if (is_null($remoteUser)) {
-            $remoteUser = $request->getRawServerValue('PHP_AUTH_USER');
-        }
-        if (is_null($remoteUser)) {
-            return [false, 'No REMOTE_USER, REDIRECT_REMOTE_USER, or PHP_AUTH_USER property was found in the PHP $_SERVER super-global. This likely means your server is not configured correctly'];
-        }
+	/**
+	 * When this method is called, the backend must check if authentication was
+	 * successful.
+	 *
+	 * The returned value must be one of the following
+	 *
+	 * [true, "principals/username"]
+	 * [false, "reason for failure"]
+	 *
+	 * If authentication was successful, it's expected that the authentication
+	 * backend returns a so-called principal url.
+	 *
+	 * Examples of a principal url:
+	 *
+	 * principals/admin
+	 * principals/user1
+	 * principals/users/joe
+	 * principals/uid/123457
+	 *
+	 * If you don't use WebDAV ACL (RFC3744) we recommend that you simply
+	 * return a string such as:
+	 *
+	 * principals/users/[username]
+	 *
+	 * @return array
+	 */
+	public function check(RequestInterface $request, ResponseInterface $response)
+	{
+		$remoteUser = $request->getRawServerValue('REMOTE_USER');
+		if (is_null($remoteUser)) {
+			$remoteUser = $request->getRawServerValue('REDIRECT_REMOTE_USER');
+		}
+		if (is_null($remoteUser)) {
+			$remoteUser = $request->getRawServerValue('PHP_AUTH_USER');
+		}
+		if (is_null($remoteUser)) {
+			return [false, 'No REMOTE_USER, REDIRECT_REMOTE_USER, or PHP_AUTH_USER property was found in the PHP $_SERVER super-global. This likely means your server is not configured correctly'];
+		}
 
-        return [true, $this->principalPrefix.$remoteUser];
-    }
+		return [true, $this->principalPrefix.$remoteUser];
+	}
 
-    /**
-     * This method is called when a user could not be authenticated, and
-     * authentication was required for the current request.
-     *
-     * This gives you the opportunity to set authentication headers. The 401
-     * status code will already be set.
-     *
-     * In this case of Basic Auth, this would for example mean that the
-     * following header needs to be set:
-     *
-     * $response->addHeader('WWW-Authenticate', 'Basic realm=SabreDAV');
-     *
-     * Keep in mind that in the case of multiple authentication backends, other
-     * WWW-Authenticate headers may already have been set, and you'll want to
-     * append your own WWW-Authenticate header instead of overwriting the
-     * existing one.
-     */
-    public function challenge(RequestInterface $request, ResponseInterface $response)
-    {
-    }
+	/**
+	 * This method is called when a user could not be authenticated, and
+	 * authentication was required for the current request.
+	 *
+	 * This gives you the opportunity to set authentication headers. The 401
+	 * status code will already be set.
+	 *
+	 * In this case of Basic Auth, this would for example mean that the
+	 * following header needs to be set:
+	 *
+	 * $response->addHeader('WWW-Authenticate', 'Basic realm=SabreDAV');
+	 *
+	 * Keep in mind that in the case of multiple authentication backends, other
+	 * WWW-Authenticate headers may already have been set, and you'll want to
+	 * append your own WWW-Authenticate header instead of overwriting the
+	 * existing one.
+	 */
+	public function challenge(RequestInterface $request, ResponseInterface $response)
+	{
+	}
 }

htdocs/includes/sabre/sabre/dav/lib/DAV/Auth/Backend/BackendInterface.php

Indentation +45 added lines, -45 removed lines

@@ -16,50 +16,50 @@
  */
 interface BackendInterface
 {
-    /**
-     * When this method is called, the backend must check if authentication was
-     * successful.
-     *
-     * The returned value must be one of the following
-     *
-     * [true, "principals/username"]
-     * [false, "reason for failure"]
-     *
-     * If authentication was successful, it's expected that the authentication
-     * backend returns a so-called principal url.
-     *
-     * Examples of a principal url:
-     *
-     * principals/admin
-     * principals/user1
-     * principals/users/joe
-     * principals/uid/123457
-     *
-     * If you don't use WebDAV ACL (RFC3744) we recommend that you simply
-     * return a string such as:
-     *
-     * principals/users/[username]
-     *
-     * @return array
-     */
-    public function check(RequestInterface $request, ResponseInterface $response);
+	/**
+	 * When this method is called, the backend must check if authentication was
+	 * successful.
+	 *
+	 * The returned value must be one of the following
+	 *
+	 * [true, "principals/username"]
+	 * [false, "reason for failure"]
+	 *
+	 * If authentication was successful, it's expected that the authentication
+	 * backend returns a so-called principal url.
+	 *
+	 * Examples of a principal url:
+	 *
+	 * principals/admin
+	 * principals/user1
+	 * principals/users/joe
+	 * principals/uid/123457
+	 *
+	 * If you don't use WebDAV ACL (RFC3744) we recommend that you simply
+	 * return a string such as:
+	 *
+	 * principals/users/[username]
+	 *
+	 * @return array
+	 */
+	public function check(RequestInterface $request, ResponseInterface $response);
 
-    /**
-     * This method is called when a user could not be authenticated, and
-     * authentication was required for the current request.
-     *
-     * This gives you the opportunity to set authentication headers. The 401
-     * status code will already be set.
-     *
-     * In this case of Basic Auth, this would for example mean that the
-     * following header needs to be set:
-     *
-     * $response->addHeader('WWW-Authenticate', 'Basic realm=SabreDAV');
-     *
-     * Keep in mind that in the case of multiple authentication backends, other
-     * WWW-Authenticate headers may already have been set, and you'll want to
-     * append your own WWW-Authenticate header instead of overwriting the
-     * existing one.
-     */
-    public function challenge(RequestInterface $request, ResponseInterface $response);
+	/**
+	 * This method is called when a user could not be authenticated, and
+	 * authentication was required for the current request.
+	 *
+	 * This gives you the opportunity to set authentication headers. The 401
+	 * status code will already be set.
+	 *
+	 * In this case of Basic Auth, this would for example mean that the
+	 * following header needs to be set:
+	 *
+	 * $response->addHeader('WWW-Authenticate', 'Basic realm=SabreDAV');
+	 *
+	 * Keep in mind that in the case of multiple authentication backends, other
+	 * WWW-Authenticate headers may already have been set, and you'll want to
+	 * append your own WWW-Authenticate header instead of overwriting the
+	 * existing one.
+	 */
+	public function challenge(RequestInterface $request, ResponseInterface $response);
 }