Push::encryptAndSign()   A
last analyzed

Complexity

Conditions 3
Paths 4

Size

Total Lines 35

Duplication

Lines 0
Ratio 0 %

Code Coverage

Tests 0
CRAP Score 12

Importance

Changes 0
Metric Value
dl 0
loc 35
ccs 0
cts 21
cp 0
rs 9.36
c 0
b 0
f 0
cc 3
nc 4
nop 5
crap 12
1
<?php
2
/**
3
 * @copyright Copyright (c) 2017 Joas Schilling <[email protected]>
4
 *
5
 * @license GNU AGPL version 3 or any later version
6
 *
7
 * This program is free software: you can redistribute it and/or modify
8
 * it under the terms of the GNU Affero General Public License as
9
 * published by the Free Software Foundation, either version 3 of the
10
 * License, or (at your option) any later version.
11
 *
12
 * This program is distributed in the hope that it will be useful,
13
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15
 * GNU Affero General Public License for more details.
16
 *
17
 * You should have received a copy of the GNU Affero General Public License
18
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
19
 *
20
 */
21
22
namespace OCA\Notifications;
23
24
25
use OC\Authentication\Exceptions\InvalidTokenException;
26
use OC\Authentication\Token\IProvider;
27
use OC\Security\IdentityProof\Key;
28
use OC\Security\IdentityProof\Manager;
29
use OCP\AppFramework\Http;
30
use OCP\DB\QueryBuilder\IQueryBuilder;
31
use OCP\Http\Client\IClientService;
32
use OCP\IConfig;
33
use OCP\IDBConnection;
34
use OCP\ILogger;
35
use OCP\IUser;
36
use OCP\IUserManager;
37
use OCP\Notification\IManager as INotificationManager;
38
use OCP\Notification\INotification;
39
40
class Push {
41
	/** @var IDBConnection */
42
	protected $db;
43
	/** @var INotificationManager */
44
	protected $notificationManager;
45
	/** @var IConfig */
46
	protected $config;
47
	/** @var IProvider */
48
	protected $tokenProvider;
49
	/** @var Manager */
50
	private $keyManager;
51
	/** @var IUserManager */
52
	private $userManager;
53
	/** @var IClientService */
54
	protected $clientService;
55
	/** @var ILogger */
56
	protected $log;
57
58 19
	public function __construct(IDBConnection $connection, INotificationManager $notificationManager, IConfig $config, IProvider $tokenProvider, Manager $keyManager, IUserManager $userManager, IClientService $clientService, ILogger $log) {
59 19
		$this->db = $connection;
60 19
		$this->notificationManager = $notificationManager;
61 19
		$this->config = $config;
62 19
		$this->tokenProvider = $tokenProvider;
63 19
		$this->keyManager = $keyManager;
64 19
		$this->userManager = $userManager;
65 19
		$this->clientService = $clientService;
66 19
		$this->log = $log;
67 19
	}
68
69 15
	public function pushToDevice(int $id, INotification $notification) {
70 15
		$user = $this->userManager->get($notification->getUser());
71 15
		if (!($user instanceof IUser)) {
0 ignored issues
show
Bug introduced by
The class OCP\IUser does not exist. Did you forget a USE statement, or did you not list all dependencies?

This error could be the result of:

1. Missing dependencies

PHP Analyzer uses your composer.json file (if available) to determine the dependencies of your project and to determine all the available classes and functions. It expects the composer.json to be in the root folder of your repository.

Are you sure this class is defined by one of your dependencies, or did you maybe not list a dependency in either the require or require-dev section?

2. Missing use statement

PHP does not complain about undefined classes in ìnstanceof checks. For example, the following PHP code will work perfectly fine:

if ($x instanceof DoesNotExist) {
    // Do something.
}

If you have not tested against this specific condition, such errors might go unnoticed.

Loading history...
72 1
			return;
73
		}
74
75 14
		$devices = $this->getDevicesForUser($notification->getUser());
76 14
		if (empty($devices)) {
77 1
			return;
78
		}
79
80 13
		$language = $this->config->getSystemValue('force_language', false);
81 13
		$language = \is_string($language) ? $language : $this->config->getUserValue($notification->getUser(), 'core', 'lang', null);
82 13
		$language = $language ?? $this->config->getSystemValue('default_language', 'en');
83
		try {
84 13
			$this->notificationManager->setPreparingPushNotification(true);
85 13
			$notification = $this->notificationManager->prepare($notification, $language);
86 1
		} catch (\InvalidArgumentException $e) {
87 1
			return;
88 12
		} finally {
89 13
			$this->notificationManager->setPreparingPushNotification(false);
90
		}
91
92 12
		$userKey = $this->keyManager->getKey($user);
93
94 12
		$isTalkNotification = \in_array($notification->getApp(), ['spreed', 'talk'], true);
95 12
		$talkApps = array_filter($devices, function($device) {
96 12
			return $device['apptype'] === 'talk';
97 12
		});
98 12
		$hasTalkApps = !empty($talkApps);
99
100 12
		$pushNotifications = [];
101 12
		foreach ($devices as $device) {
102 12
			if (!$isTalkNotification && $device['apptype'] === 'talk') {
103
				// The iOS app can not kill notifications,
104
				// therefor we should only send relevant notifications to the Talk
105
				// app, so it does not pollute the notifications bar with useless
106
				// notifications, especially when the Sync client app is also installed.
107 3
				continue;
108
			}
109 11
			if ($isTalkNotification && $hasTalkApps && $device['apptype'] !== 'talk') {
110
				// Similar to the previous case, we also don't send Talk notifications
111
				// to the Sync client app, when there is a Talk app installed. We only
112
				// do this, when you don't have a Talk app on your device, so you still
113
				// get the push notification.
114 2
				continue;
115
			}
116
117
			try {
118 11
				$payload = json_encode($this->encryptAndSign($userKey, $device, $id, $notification, $isTalkNotification));
119
120 9
				$proxyServer = rtrim($device['proxyserver'], '/');
121 9
				if (!isset($pushNotifications[$proxyServer])) {
122 9
					$pushNotifications[$proxyServer] = [];
123
				}
124 9
				$pushNotifications[$proxyServer][] = $payload;
125 2
			} catch (InvalidTokenException $e) {
0 ignored issues
show
Bug introduced by
The class OC\Authentication\Exceptions\InvalidTokenException does not exist. Did you forget a USE statement, or did you not list all dependencies?

Scrutinizer analyzes your composer.json/composer.lock file if available to determine the classes, and functions that are defined by your dependencies.

It seems like the listed class was neither found in your dependencies, nor was it found in the analyzed files in your repository. If you are using some other form of dependency management, you might want to disable this analysis.

Loading history...
126
				// Token does not exist anymore, should drop the push device entry
127 1
				$this->deletePushToken($device['token']);
128 1
			} catch (\InvalidArgumentException $e) {
129
				// Failed to encrypt message for device: public key is invalid
130 1
				$this->deletePushToken($device['token']);
131
			}
132
		}
133
134 12
		if (empty($pushNotifications)) {
135 3
			return;
136
		}
137
138 9
		$client = $this->clientService->newClient();
139 9
		foreach ($pushNotifications as $proxyServer => $notifications) {
140
			try {
141 9
				$response = $client->post($proxyServer . '/notifications', [
142
					'body' => [
143 9
						'notifications' => $notifications,
144
					],
145
				]);
146 2
			} catch (\Exception $e) {
147 2
				$this->log->logException($e, [
148 2
					'app' => 'notifications',
149 2
					'level' => $e->getCode() === Http::STATUS_BAD_REQUEST ? ILogger::INFO : ILogger::WARN,
150
				]);
151 2
				continue;
152
			}
153
154 9
			$status = $response->getStatusCode();
155 9
			if ($status !== Http::STATUS_OK && $status !== Http::STATUS_SERVICE_UNAVAILABLE) {
156 9
				$body = $response->getBody();
157 9
				$this->log->error('Could not send notification to push server [{url}]: {error}',[
158 9
					'error' => \is_string($body) ? $body : 'no reason given',
159 9
					'url' => $proxyServer,
160 9
					'app' => 'notifications',
161
				]);
162 2
			} else if ($status === Http::STATUS_SERVICE_UNAVAILABLE && $this->config->getSystemValue('debug', false)) {
163 1
				$body = $response->getBody();
164 1
				$this->log->debug('Could not send notification to push server [{url}]: {error}',[
165 1
					'error' => \is_string($body) ? $body : 'no reason given',
166 1
					'url' => $proxyServer,
167 1
					'app' => 'notifications',
168
				]);
169
			}
170
		}
171 9
	}
172
173
	/**
174
	 * @param Key $userKey
175
	 * @param array $device
176
	 * @param int $id
177
	 * @param INotification $notification
178
	 * @param bool $isTalkNotification
179
	 * @return array
180
	 * @throws InvalidTokenException
181
	 * @throws \InvalidArgumentException
182
	 */
183
	protected function encryptAndSign(Key $userKey, array $device, int $id, INotification $notification, bool $isTalkNotification): array {
184
		// Check if the token is still valid...
185
		$this->tokenProvider->getTokenById($device['token']);
186
187
		$data = [
188
			'nid' => $id,
189
			'app' => $notification->getApp(),
190
			'subject' => $notification->getParsedSubject(),
191
			'type' => $notification->getObjectType(),
192
			'id' => $notification->getObjectId(),
193
		];
194
195
		if ($isTalkNotification) {
196
			$priority = 'high';
197
		} else {
198
			$priority = 'normal';
199
		}
200
201
		if (!openssl_public_encrypt(json_encode($data), $encryptedSubject, $device['devicepublickey'], OPENSSL_PKCS1_PADDING)) {
202
			$this->log->error(openssl_error_string(), ['app' => 'notifications']);
203
			throw new \InvalidArgumentException('Failed to encrypt message for device');
204
		}
205
206
		openssl_sign($encryptedSubject, $signature, $userKey->getPrivate(), OPENSSL_ALGO_SHA512);
207
		$base64EncryptedSubject = base64_encode($encryptedSubject);
208
		$base64Signature = base64_encode($signature);
209
210
		return [
211
			'deviceIdentifier' => $device['deviceidentifier'],
212
			'pushTokenHash' => $device['pushtokenhash'],
213
			'subject' => $base64EncryptedSubject,
214
			'signature' => $base64Signature,
215
			'priority' => $priority,
216
		];
217
	}
218
219
	/**
220
	 * @param string $uid
221
	 * @return array[]
222
	 */
223
	protected function getDevicesForUser(string $uid): array {
224
		$query = $this->db->getQueryBuilder();
225
		$query->select('*')
226
			->from('notifications_pushtokens')
227
			->where($query->expr()->eq('uid', $query->createNamedParameter($uid)));
228
229
		$result = $query->execute();
230
		$devices = $result->fetchAll();
231
		$result->closeCursor();
232
233
		return $devices;
234
	}
235
236
	/**
237
	 * @param int $tokenId
238
	 * @return bool
239
	 */
240
	protected function deletePushToken(int $tokenId): bool {
241
		$query = $this->db->getQueryBuilder();
242
		$query->delete('notifications_pushtokens')
243
			->where($query->expr()->eq('token', $query->createNamedParameter($tokenId, IQueryBuilder::PARAM_INT)));
244
245
		return $query->execute() !== 0;
246
	}
247
}
248