|
1
|
|
|
<?php |
|
2
|
|
|
/** |
|
3
|
|
|
* @copyright Copyright (c) 2017 Joas Schilling <[email protected]> |
|
4
|
|
|
* |
|
5
|
|
|
* @license GNU AGPL version 3 or any later version |
|
6
|
|
|
* |
|
7
|
|
|
* This program is free software: you can redistribute it and/or modify |
|
8
|
|
|
* it under the terms of the GNU Affero General Public License as |
|
9
|
|
|
* published by the Free Software Foundation, either version 3 of the |
|
10
|
|
|
* License, or (at your option) any later version. |
|
11
|
|
|
* |
|
12
|
|
|
* This program is distributed in the hope that it will be useful, |
|
13
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
14
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
15
|
|
|
* GNU Affero General Public License for more details. |
|
16
|
|
|
* |
|
17
|
|
|
* You should have received a copy of the GNU Affero General Public License |
|
18
|
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>. |
|
19
|
|
|
* |
|
20
|
|
|
*/ |
|
21
|
|
|
|
|
22
|
|
|
namespace OCA\Notifications\Controller; |
|
23
|
|
|
|
|
24
|
|
|
use OC\Authentication\Exceptions\InvalidTokenException; |
|
25
|
|
|
use OC\Authentication\Token\IProvider; |
|
26
|
|
|
use OC\Authentication\Token\IToken; |
|
27
|
|
|
use OC\Security\IdentityProof\Manager; |
|
28
|
|
|
use OCP\AppFramework\Http; |
|
29
|
|
|
use OCP\AppFramework\Http\DataResponse; |
|
30
|
|
|
use OCP\AppFramework\OCSController; |
|
31
|
|
|
use OCP\DB\QueryBuilder\IQueryBuilder; |
|
32
|
|
|
use OCP\IDBConnection; |
|
33
|
|
|
use OCP\IRequest; |
|
34
|
|
|
use OCP\ISession; |
|
35
|
|
|
use OCP\IUser; |
|
36
|
|
|
use OCP\IUserSession; |
|
37
|
|
|
|
|
38
|
|
|
class PushController extends OCSController { |
|
39
|
|
|
|
|
40
|
|
|
/** @var IDBConnection */ |
|
41
|
|
|
private $db; |
|
42
|
|
|
|
|
43
|
|
|
/** @var ISession */ |
|
44
|
|
|
private $session; |
|
45
|
|
|
|
|
46
|
|
|
/** @var IUserSession */ |
|
47
|
|
|
private $userSession; |
|
48
|
|
|
|
|
49
|
|
|
/** @var IProvider */ |
|
50
|
|
|
private $tokenProvider; |
|
51
|
|
|
|
|
52
|
|
|
/** @var Manager */ |
|
53
|
|
|
private $identityProof; |
|
54
|
|
|
|
|
55
|
|
|
/** |
|
56
|
|
|
* @param string $appName |
|
57
|
|
|
* @param IRequest $request |
|
58
|
|
|
* @param IDBConnection $db |
|
59
|
|
|
* @param ISession $session |
|
60
|
|
|
* @param IUserSession $userSession |
|
61
|
|
|
* @param IProvider $tokenProvider |
|
62
|
|
|
* @param Manager $identityProof |
|
63
|
|
|
*/ |
|
64
|
22 |
|
public function __construct($appName, IRequest $request, IDBConnection $db, ISession $session, IUserSession $userSession, IProvider $tokenProvider, Manager $identityProof) { |
|
65
|
22 |
|
parent::__construct($appName, $request); |
|
66
|
|
|
|
|
67
|
22 |
|
$this->db = $db; |
|
68
|
22 |
|
$this->session = $session; |
|
69
|
22 |
|
$this->userSession = $userSession; |
|
70
|
22 |
|
$this->tokenProvider = $tokenProvider; |
|
71
|
22 |
|
$this->identityProof = $identityProof; |
|
72
|
22 |
|
} |
|
73
|
|
|
|
|
74
|
|
|
/** |
|
75
|
|
|
* @NoAdminRequired |
|
76
|
|
|
* |
|
77
|
|
|
* @param string $pushTokenHash |
|
78
|
|
|
* @param string $devicePublicKey |
|
79
|
|
|
* @param string $proxyServer |
|
80
|
|
|
* @return DataResponse |
|
81
|
|
|
*/ |
|
82
|
15 |
|
public function registerDevice(string $pushTokenHash, string $devicePublicKey, string $proxyServer): DataResponse { |
|
83
|
15 |
|
$user = $this->userSession->getUser(); |
|
84
|
15 |
|
if (!$user instanceof IUser) { |
|
|
|
|
|
|
85
|
1 |
|
return new DataResponse([], Http::STATUS_UNAUTHORIZED); |
|
86
|
|
|
} |
|
87
|
|
|
|
|
88
|
14 |
|
if (!preg_match('/^([a-f0-9]{128})$/', $pushTokenHash)) { |
|
89
|
3 |
|
return new DataResponse(['message' => 'INVALID_PUSHTOKEN_HASH'], Http::STATUS_BAD_REQUEST); |
|
90
|
|
|
} |
|
91
|
|
|
|
|
92
|
|
|
if ( |
|
93
|
11 |
|
strpos($devicePublicKey, '-----BEGIN PUBLIC KEY-----' . "\n") !== 0 || |
|
94
|
10 |
|
((\strlen($devicePublicKey) !== 450 || strpos($devicePublicKey, "\n" . '-----END PUBLIC KEY-----') !== 425) && |
|
95
|
11 |
|
(\strlen($devicePublicKey) !== 451 || strpos($devicePublicKey, "\n" . '-----END PUBLIC KEY-----' . "\n") !== 425)) |
|
96
|
|
|
) { |
|
97
|
3 |
|
return new DataResponse(['message' => 'INVALID_DEVICE_KEY'], Http::STATUS_BAD_REQUEST); |
|
98
|
|
|
} |
|
99
|
|
|
|
|
100
|
|
|
if ( |
|
101
|
8 |
|
!filter_var($proxyServer, FILTER_VALIDATE_URL) || |
|
102
|
5 |
|
\strlen($proxyServer) > 256 || |
|
103
|
8 |
|
!preg_match('/^(https\:\/\/|http\:\/\/localhost(\:\d{0,5})?\/)/', $proxyServer) |
|
104
|
|
|
) { |
|
105
|
3 |
|
return new DataResponse(['message' => 'INVALID_PROXY_SERVER'], Http::STATUS_BAD_REQUEST); |
|
106
|
|
|
} |
|
107
|
|
|
|
|
108
|
5 |
|
$tokenId = $this->session->get('token-id'); |
|
109
|
5 |
|
if (!\is_int($tokenId)) { |
|
110
|
|
|
return new DataResponse(['message' => 'INVALID_SESSION_TOKEN'], Http::STATUS_BAD_REQUEST); |
|
111
|
|
|
} |
|
112
|
|
|
try { |
|
113
|
5 |
|
$token = $this->tokenProvider->getTokenById($tokenId); |
|
114
|
3 |
|
} catch (InvalidTokenException $e) { |
|
|
|
|
|
|
115
|
3 |
|
return new DataResponse(['message' => 'INVALID_SESSION_TOKEN'], Http::STATUS_BAD_REQUEST); |
|
116
|
|
|
} |
|
117
|
|
|
|
|
118
|
2 |
|
$key = $this->identityProof->getKey($user); |
|
119
|
|
|
|
|
120
|
2 |
|
$deviceIdentifier = json_encode([$user->getCloudId(), $token->getId()]); |
|
121
|
2 |
|
openssl_sign($deviceIdentifier, $signature, $key->getPrivate(), OPENSSL_ALGO_SHA512); |
|
122
|
2 |
|
$deviceIdentifier = base64_encode(hash('sha512', $deviceIdentifier, true)); |
|
123
|
|
|
|
|
124
|
2 |
|
$appType = 'unknown'; |
|
125
|
2 |
|
if ($this->request->isUserAgent([ |
|
126
|
2 |
|
IRequest::USER_AGENT_TALK_ANDROID, |
|
127
|
|
|
IRequest::USER_AGENT_TALK_IOS, |
|
128
|
|
|
])) { |
|
129
|
|
|
$appType = 'talk'; |
|
130
|
2 |
|
} else if ($this->request->isUserAgent([ |
|
131
|
2 |
|
IRequest::USER_AGENT_CLIENT_ANDROID, |
|
132
|
|
|
IRequest::USER_AGENT_CLIENT_IOS, |
|
133
|
|
|
])) { |
|
134
|
|
|
$appType = 'nextcloud'; |
|
135
|
|
|
} |
|
136
|
|
|
|
|
137
|
2 |
|
$created = $this->savePushToken($user, $token, $deviceIdentifier, $devicePublicKey, $pushTokenHash, $proxyServer, $appType); |
|
138
|
|
|
|
|
139
|
2 |
|
return new DataResponse([ |
|
140
|
2 |
|
'publicKey' => $key->getPublic(), |
|
141
|
2 |
|
'deviceIdentifier' => $deviceIdentifier, |
|
142
|
2 |
|
'signature' => base64_encode($signature), |
|
143
|
2 |
|
], $created ? Http::STATUS_CREATED : Http::STATUS_OK); |
|
144
|
|
|
} |
|
145
|
|
|
|
|
146
|
|
|
/** |
|
147
|
|
|
* @NoAdminRequired |
|
148
|
|
|
* |
|
149
|
|
|
* @return DataResponse |
|
150
|
|
|
*/ |
|
151
|
5 |
|
public function removeDevice(): DataResponse { |
|
152
|
5 |
|
$user = $this->userSession->getUser(); |
|
153
|
5 |
|
if (!$user instanceof IUser) { |
|
|
|
|
|
|
154
|
1 |
|
return new DataResponse([], Http::STATUS_UNAUTHORIZED); |
|
155
|
|
|
} |
|
156
|
|
|
|
|
157
|
4 |
|
$tokenId = $this->session->get('token-id'); |
|
158
|
|
|
try { |
|
159
|
4 |
|
$token = $this->tokenProvider->getTokenById($tokenId); |
|
160
|
2 |
|
} catch (InvalidTokenException $e) { |
|
|
|
|
|
|
161
|
2 |
|
return new DataResponse(['message' => 'INVALID_SESSION_TOKEN'], Http::STATUS_BAD_REQUEST); |
|
162
|
|
|
} |
|
163
|
|
|
|
|
164
|
2 |
|
if ($this->deletePushToken($user, $token)) { |
|
165
|
1 |
|
return new DataResponse([], Http::STATUS_ACCEPTED); |
|
166
|
|
|
} |
|
167
|
|
|
|
|
168
|
1 |
|
return new DataResponse([], Http::STATUS_OK); |
|
169
|
|
|
} |
|
170
|
|
|
|
|
171
|
|
|
/** |
|
172
|
|
|
* @param IUser $user |
|
173
|
|
|
* @param IToken $token |
|
174
|
|
|
* @param string $deviceIdentifier |
|
175
|
|
|
* @param string $devicePublicKey |
|
176
|
|
|
* @param string $pushTokenHash |
|
177
|
|
|
* @param string $proxyServer |
|
178
|
|
|
* @param string $appType |
|
179
|
|
|
* @return bool If the hash was new to the database |
|
180
|
|
|
*/ |
|
181
|
|
|
protected function savePushToken(IUser $user, IToken $token, string $deviceIdentifier, string $devicePublicKey, string $pushTokenHash, string $proxyServer, string $appType): bool { |
|
182
|
|
|
$query = $this->db->getQueryBuilder(); |
|
183
|
|
|
$query->select('*') |
|
184
|
|
|
->from('notifications_pushtokens') |
|
185
|
|
|
->where($query->expr()->eq('uid', $query->createNamedParameter($user->getUID()))) |
|
186
|
|
|
->andWhere($query->expr()->eq('token', $query->createNamedParameter($token->getId()))); |
|
187
|
|
|
$result = $query->execute(); |
|
188
|
|
|
$row = $result->fetch(); |
|
189
|
|
|
$result->closeCursor(); |
|
190
|
|
|
|
|
191
|
|
|
if (!$row) { |
|
192
|
|
|
return $this->insertPushToken($user, $token, $deviceIdentifier, $devicePublicKey, $pushTokenHash, $proxyServer, $appType); |
|
193
|
|
|
} |
|
194
|
|
|
|
|
195
|
|
|
return $this->updatePushToken($user, $token, $devicePublicKey, $pushTokenHash, $proxyServer, $appType); |
|
196
|
|
|
} |
|
197
|
|
|
|
|
198
|
|
|
/** |
|
199
|
|
|
* @param IUser $user |
|
200
|
|
|
* @param IToken $token |
|
201
|
|
|
* @param string $deviceIdentifier |
|
202
|
|
|
* @param string $devicePublicKey |
|
203
|
|
|
* @param string $pushTokenHash |
|
204
|
|
|
* @param string $proxyServer |
|
205
|
|
|
* @param string $appType |
|
206
|
|
|
* @return bool If the entry was created |
|
207
|
|
|
*/ |
|
208
|
|
|
protected function insertPushToken(IUser $user, IToken $token, string $deviceIdentifier, string $devicePublicKey, string $pushTokenHash, string $proxyServer, string $appType): bool { |
|
209
|
|
|
$devicePublicKeyHash = hash('sha512', $devicePublicKey); |
|
210
|
|
|
|
|
211
|
|
|
$query = $this->db->getQueryBuilder(); |
|
212
|
|
|
$query->insert('notifications_pushtokens') |
|
213
|
|
|
->values([ |
|
214
|
|
|
'uid' => $query->createNamedParameter($user->getUID()), |
|
215
|
|
|
'token' => $query->createNamedParameter($token->getId(), IQueryBuilder::PARAM_INT), |
|
216
|
|
|
'deviceidentifier' => $query->createNamedParameter($deviceIdentifier), |
|
217
|
|
|
'devicepublickey' => $query->createNamedParameter($devicePublicKey), |
|
218
|
|
|
'devicepublickeyhash' => $query->createNamedParameter($devicePublicKeyHash), |
|
219
|
|
|
'pushtokenhash' => $query->createNamedParameter($pushTokenHash), |
|
220
|
|
|
'proxyserver' => $query->createNamedParameter($proxyServer), |
|
221
|
|
|
'apptype' => $query->createNamedParameter($appType), |
|
222
|
|
|
]); |
|
223
|
|
|
return $query->execute() > 0; |
|
224
|
|
|
} |
|
225
|
|
|
|
|
226
|
|
|
/** |
|
227
|
|
|
* @param IUser $user |
|
228
|
|
|
* @param IToken $token |
|
229
|
|
|
* @param string $devicePublicKey |
|
230
|
|
|
* @param string $pushTokenHash |
|
231
|
|
|
* @param string $proxyServer |
|
232
|
|
|
* @param string $appType |
|
233
|
|
|
* @return bool If the entry was updated |
|
234
|
|
|
*/ |
|
235
|
|
|
protected function updatePushToken(IUser $user, IToken $token, string $devicePublicKey, string $pushTokenHash, string $proxyServer, string $appType): bool { |
|
236
|
|
|
$devicePublicKeyHash = hash('sha512', $devicePublicKey); |
|
237
|
|
|
|
|
238
|
|
|
$query = $this->db->getQueryBuilder(); |
|
239
|
|
|
$query->update('notifications_pushtokens') |
|
240
|
|
|
->set('devicepublickey', $query->createNamedParameter($devicePublicKey)) |
|
241
|
|
|
->set('devicepublickeyhash', $query->createNamedParameter($devicePublicKeyHash)) |
|
242
|
|
|
->set('pushtokenhash', $query->createNamedParameter($pushTokenHash)) |
|
243
|
|
|
->set('proxyserver', $query->createNamedParameter($proxyServer)) |
|
244
|
|
|
->set('apptype', $query->createNamedParameter($appType)) |
|
245
|
|
|
->where($query->expr()->eq('uid', $query->createNamedParameter($user->getUID()))) |
|
246
|
|
|
->andWhere($query->expr()->eq('token', $query->createNamedParameter($token->getId(), IQueryBuilder::PARAM_INT))); |
|
247
|
|
|
|
|
248
|
|
|
return $query->execute() !== 0; |
|
249
|
|
|
} |
|
250
|
|
|
|
|
251
|
|
|
/** |
|
252
|
|
|
* @param IUser $user |
|
253
|
|
|
* @param IToken $token |
|
254
|
|
|
* @return bool If the entry was deleted |
|
255
|
|
|
*/ |
|
256
|
|
|
protected function deletePushToken(IUser $user, IToken $token): bool { |
|
257
|
|
|
$query = $this->db->getQueryBuilder(); |
|
258
|
|
|
$query->delete('notifications_pushtokens') |
|
259
|
|
|
->where($query->expr()->eq('uid', $query->createNamedParameter($user->getUID()))) |
|
260
|
|
|
->andWhere($query->expr()->eq('token', $query->createNamedParameter($token->getId(), IQueryBuilder::PARAM_INT))); |
|
261
|
|
|
|
|
262
|
|
|
return $query->execute() !== 0; |
|
263
|
|
|
} |
|
264
|
|
|
} |
|
265
|
|
|
|
nextcloud /
notifications
Loading history...
This error could be the result of:
1. Missing dependencies
PHP Analyzer uses your
composer.jsonfile (if available) to determine the dependencies of your project and to determine all the available classes and functions. It expects thecomposer.jsonto be in the root folder of your repository.Are you sure this class is defined by one of your dependencies, or did you maybe not list a dependency in either the
requireorrequire-devsection?2. Missing use statement
PHP does not complain about undefined classes in
ìnstanceofchecks. For example, the following PHP code will work perfectly fine:If you have not tested against this specific condition, such errors might go unnoticed.