|
1
|
|
|
<?php |
|
2
|
|
|
/** |
|
3
|
|
|
* Nextcloud - passman |
|
4
|
|
|
* |
|
5
|
|
|
* This file is licensed under the Affero General Public License version 3 or |
|
6
|
|
|
* later. See the COPYING file. |
|
7
|
|
|
* |
|
8
|
|
|
* @author Sander Brand <[email protected]> |
|
9
|
|
|
* @copyright Sander Brand 2016 |
|
10
|
|
|
*/ |
|
11
|
|
|
|
|
12
|
|
|
namespace OCA\Passman\Controller; |
|
13
|
|
|
|
|
14
|
|
|
use OCA\Passman\Db\Credential; |
|
15
|
|
|
use OCA\Passman\Db\SharingACL; |
|
16
|
|
|
use OCA\Passman\Service\EncryptService; |
|
17
|
|
|
use OCA\Passman\Service\SettingsService; |
|
18
|
|
|
use OCA\Passman\Utility\NotFoundJSONResponse; |
|
19
|
|
|
use OCP\AppFramework\Db\DoesNotExistException; |
|
20
|
|
|
use OCP\AppFramework\Http; |
|
21
|
|
|
use OCP\AppFramework\Http\DataResponse; |
|
22
|
|
|
use OCP\IRequest; |
|
23
|
|
|
use OCP\AppFramework\Http\JSONResponse; |
|
24
|
|
|
use OCP\AppFramework\ApiController; |
|
25
|
|
|
use OCA\Passman\Service\CredentialService; |
|
26
|
|
|
use OCA\Passman\Activity; |
|
27
|
|
|
use OCA\Passman\Service\ActivityService; |
|
28
|
|
|
use OCA\Passman\Service\CredentialRevisionService; |
|
29
|
|
|
use OCA\Passman\Service\ShareService; |
|
30
|
|
|
|
|
31
|
|
|
|
|
32
|
|
|
class CredentialController extends ApiController { |
|
33
|
|
|
private $userId; |
|
34
|
|
|
private $credentialService; |
|
35
|
|
|
private $activityService; |
|
36
|
|
|
private $credentialRevisionService; |
|
37
|
|
|
private $sharingService; |
|
38
|
|
|
private $settings; |
|
39
|
|
|
|
|
40
|
|
View Code Duplication |
public function __construct($AppName, |
|
|
|
|
|
|
41
|
|
|
IRequest $request, |
|
42
|
|
|
$userId, |
|
43
|
|
|
CredentialService $credentialService, |
|
44
|
|
|
ActivityService $activityService, |
|
45
|
|
|
CredentialRevisionService $credentialRevisionService, |
|
46
|
|
|
ShareService $sharingService, |
|
47
|
|
|
SettingsService $settings |
|
48
|
|
|
|
|
49
|
|
|
) { |
|
50
|
|
|
parent::__construct( |
|
51
|
|
|
$AppName, |
|
52
|
|
|
$request, |
|
53
|
|
|
'GET, POST, DELETE, PUT, PATCH, OPTIONS', |
|
54
|
|
|
'Authorization, Content-Type, Accept', |
|
55
|
|
|
86400); |
|
56
|
|
|
$this->userId = $userId; |
|
57
|
|
|
$this->credentialService = $credentialService; |
|
58
|
|
|
$this->activityService = $activityService; |
|
59
|
|
|
$this->credentialRevisionService = $credentialRevisionService; |
|
60
|
|
|
$this->sharingService = $sharingService; |
|
61
|
|
|
$this->settings = $settings; |
|
62
|
|
|
} |
|
63
|
|
|
|
|
64
|
|
|
|
|
65
|
|
|
/** |
|
66
|
|
|
* @NoAdminRequired |
|
67
|
|
|
* @NoCSRFRequired |
|
68
|
|
|
*/ |
|
69
|
|
|
public function createCredential($changed, $created, |
|
70
|
|
|
$credential_id, $custom_fields, $delete_time, |
|
71
|
|
|
$description, $email, $expire_time, $favicon, $files, $guid, |
|
72
|
|
|
$hidden, $label, $otp, $password, $renew_interval, |
|
73
|
|
|
$tags, $url, $username, $vault_id) { |
|
74
|
|
|
$credential = array( |
|
75
|
|
|
'credential_id' => $credential_id, |
|
76
|
|
|
'guid' => $guid, |
|
77
|
|
|
'user_id' => $this->userId, |
|
78
|
|
|
'vault_id' => $vault_id, |
|
79
|
|
|
'label' => $label, |
|
80
|
|
|
'description' => $description, |
|
81
|
|
|
'created' => $created, |
|
82
|
|
|
'changed' => $changed, |
|
83
|
|
|
'tags' => $tags, |
|
84
|
|
|
'email' => $email, |
|
85
|
|
|
'username' => $username, |
|
86
|
|
|
'password' => $password, |
|
87
|
|
|
'url' => $url, |
|
88
|
|
|
'favicon' => $favicon, |
|
89
|
|
|
'renew_interval' => $renew_interval, |
|
90
|
|
|
'expire_time' => $expire_time, |
|
91
|
|
|
'delete_time' => $delete_time, |
|
92
|
|
|
'files' => $files, |
|
93
|
|
|
'custom_fields' => $custom_fields, |
|
94
|
|
|
'otp' => $otp, |
|
95
|
|
|
'hidden' => $hidden, |
|
96
|
|
|
|
|
97
|
|
|
); |
|
98
|
|
|
|
|
99
|
|
|
$credential = $this->credentialService->createCredential($credential); |
|
100
|
|
|
$link = ''; // @TODO create direct link to credential |
|
101
|
|
|
if (!$credential->getHidden()) { |
|
102
|
|
|
$this->activityService->add( |
|
103
|
|
|
Activity::SUBJECT_ITEM_CREATED_SELF, array($label, $this->userId), |
|
104
|
|
|
'', array(), |
|
105
|
|
|
$link, $this->userId, Activity::TYPE_ITEM_ACTION); |
|
106
|
|
|
} |
|
107
|
|
|
return new JSONResponse($credential); |
|
108
|
|
|
} |
|
109
|
|
|
|
|
110
|
|
|
/** |
|
111
|
|
|
* @NoAdminRequired |
|
112
|
|
|
* @NoCSRFRequired |
|
113
|
|
|
*/ |
|
114
|
|
|
public function getCredential($credential_guid) { |
|
115
|
|
|
$credential = $this->credentialService->getCredentialByGUID($credential_guid, $this->userId); |
|
116
|
|
|
return new JSONResponse($credential); |
|
117
|
|
|
} |
|
118
|
|
|
|
|
119
|
|
|
/** |
|
120
|
|
|
* @NoAdminRequired |
|
121
|
|
|
* @NoCSRFRequired |
|
122
|
|
|
*/ |
|
123
|
|
|
public function updateCredential($changed, $created, |
|
124
|
|
|
$credential_id, $custom_fields, $delete_time, $credential_guid, |
|
125
|
|
|
$description, $email, $expire_time, $icon, $files, $guid, |
|
126
|
|
|
$hidden, $label, $otp, $password, $renew_interval, |
|
127
|
|
|
$tags, $url, $username, $vault_id, $revision_created, $shared_key, $acl, $unshare_action, $set_share_key, $skip_revision) { |
|
128
|
|
|
|
|
129
|
|
|
|
|
130
|
|
|
$storedCredential = $this->credentialService->getCredentialByGUID($credential_guid); |
|
131
|
|
|
|
|
132
|
|
|
$credential = array( |
|
133
|
|
|
'credential_id' => $credential_id, |
|
134
|
|
|
'guid' => $guid, |
|
135
|
|
|
'label' => $label, |
|
136
|
|
|
'description' => $description, |
|
137
|
|
|
'created' => $created, |
|
138
|
|
|
'changed' => $changed, |
|
139
|
|
|
'vault_id' => $vault_id, |
|
140
|
|
|
'tags' => $tags, |
|
141
|
|
|
'email' => $email, |
|
142
|
|
|
'username' => $username, |
|
143
|
|
|
'password' => $password, |
|
144
|
|
|
'url' => $url, |
|
145
|
|
|
'icon' => json_encode($icon), |
|
146
|
|
|
'renew_interval' => $renew_interval, |
|
147
|
|
|
'expire_time' => $expire_time, |
|
148
|
|
|
'files' => $files, |
|
149
|
|
|
'custom_fields' => $custom_fields, |
|
150
|
|
|
'delete_time' => $delete_time, |
|
151
|
|
|
'hidden' => $hidden, |
|
152
|
|
|
'otp' => $otp, |
|
153
|
|
|
'user_id' => $storedCredential->getUserId() |
|
154
|
|
|
); |
|
155
|
|
|
|
|
156
|
|
|
|
|
157
|
|
|
if (!hash_equals($storedCredential->getUserId(), $this->userId)) { |
|
158
|
|
|
$acl = $this->sharingService->getCredentialAclForUser($this->userId, $storedCredential->getGuid()); |
|
159
|
|
|
if ($acl->hasPermission(SharingACL::WRITE)) { |
|
160
|
|
|
$credential['shared_key'] = $storedCredential->getSharedKey(); |
|
161
|
|
|
} else { |
|
162
|
|
|
return new DataResponse(['msg' => 'Not authorized'], Http::STATUS_UNAUTHORIZED); |
|
163
|
|
|
} |
|
164
|
|
|
if (!$this->settings->isEnabled('user_sharing_enabled')) { |
|
165
|
|
|
return new DataResponse(['msg' => 'Not authorized'], Http::STATUS_UNAUTHORIZED); |
|
166
|
|
|
} |
|
167
|
|
|
} |
|
168
|
|
|
|
|
169
|
|
|
|
|
170
|
|
|
$link = ''; // @TODO create direct link to credential |
|
171
|
|
|
if ($revision_created) { |
|
172
|
|
|
$activity = 'item_apply_revision'; |
|
173
|
|
|
$this->activityService->add( |
|
174
|
|
|
$activity . '_self', array($label, $this->userId, $revision_created), |
|
175
|
|
|
'', array(), |
|
176
|
|
|
$link, $this->userId, Activity::TYPE_ITEM_ACTION); |
|
177
|
|
|
} else if (($storedCredential->getDeleteTime() === 0) && (int)$delete_time > 0) { |
|
178
|
|
|
$activity = 'item_deleted'; |
|
179
|
|
|
$this->activityService->add( |
|
180
|
|
|
$activity . '_self', array($label, $this->userId), |
|
181
|
|
|
'', array(), |
|
182
|
|
|
$link, $this->userId, Activity::TYPE_ITEM_ACTION); |
|
183
|
|
|
} else if (($storedCredential->getDeleteTime() > 0) && (int)$delete_time === 0) { |
|
184
|
|
|
$activity = 'item_recovered'; |
|
185
|
|
|
$this->activityService->add( |
|
186
|
|
|
$activity . '_self', array($label, $this->userId), |
|
187
|
|
|
'', array(), |
|
188
|
|
|
$link, $this->userId, Activity::TYPE_ITEM_ACTION); |
|
189
|
|
|
} else if ($label !== $storedCredential->getLabel()) { |
|
190
|
|
|
$activity = 'item_renamed'; |
|
191
|
|
|
$this->activityService->add( |
|
192
|
|
|
$activity . '_self', array($storedCredential->getLabel(), $label, $this->userId), |
|
193
|
|
|
'', array(), |
|
194
|
|
|
$link, $this->userId, Activity::TYPE_ITEM_RENAMED); |
|
195
|
|
|
} else { |
|
196
|
|
|
$activity = 'item_edited'; |
|
197
|
|
|
$this->activityService->add( |
|
198
|
|
|
$activity . '_self', array($label, $this->userId), |
|
199
|
|
|
'', array(), |
|
200
|
|
|
$link, $this->userId, Activity::TYPE_ITEM_ACTION); |
|
201
|
|
|
} |
|
202
|
|
|
$acl_list = null; |
|
203
|
|
|
|
|
204
|
|
|
try { |
|
205
|
|
|
$acl_list = $this->sharingService->getCredentialAclList($storedCredential->getGuid()); |
|
206
|
|
|
} catch (\Exception $exception) { |
|
207
|
|
|
// Just check if we have an acl list |
|
208
|
|
|
} |
|
209
|
|
|
if (!empty($acl_list)) { |
|
210
|
|
|
$params = array(); |
|
211
|
|
|
switch ($activity) { |
|
212
|
|
|
case 'item_recovered': |
|
213
|
|
|
case 'item_deleted': |
|
214
|
|
|
case 'item_edited': |
|
215
|
|
|
$params = array($credential['label'], $this->userId); |
|
216
|
|
|
break; |
|
217
|
|
|
case 'item_apply_revision': |
|
218
|
|
|
$params = array($credential['label'], $this->userId, $revision_created); |
|
219
|
|
|
break; |
|
220
|
|
|
case 'item_renamed': |
|
221
|
|
|
$params = array($storedCredential->getLabel(), $label, $this->userId); |
|
222
|
|
|
break; |
|
223
|
|
|
} |
|
224
|
|
|
|
|
225
|
|
|
foreach ($acl_list as $sharingACL) { |
|
226
|
|
|
$target_user = $sharingACL->getUserId(); |
|
227
|
|
|
if ($target_user === $this->userId) { |
|
228
|
|
|
continue; |
|
229
|
|
|
} |
|
230
|
|
|
$this->activityService->add( |
|
231
|
|
|
$activity, $params, |
|
232
|
|
|
'', array(), |
|
233
|
|
|
$link, $target_user, Activity::TYPE_ITEM_ACTION); |
|
234
|
|
|
} |
|
235
|
|
|
if (!hash_equals($this->userId, $storedCredential->getUserId())) { |
|
236
|
|
|
$this->activityService->add( |
|
237
|
|
|
$activity, $params, |
|
238
|
|
|
'', array(), |
|
239
|
|
|
$link, $storedCredential->getUserId(), Activity::TYPE_ITEM_ACTION); |
|
240
|
|
|
} |
|
241
|
|
|
} |
|
242
|
|
|
if ($set_share_key === true) { |
|
243
|
|
|
$storedCredential->setSharedKey($shared_key); |
|
244
|
|
|
$credential['shared_key'] = $shared_key; |
|
245
|
|
|
} |
|
246
|
|
|
if ($unshare_action === true) { |
|
247
|
|
|
$storedCredential->setSharedKey(''); |
|
248
|
|
|
$credential['shared_key'] = ''; |
|
249
|
|
|
} |
|
250
|
|
|
|
|
251
|
|
|
if (!isset($credential['shared_key'])) { |
|
252
|
|
|
$credential['shared_key'] = $storedCredential->getSharedKey(); |
|
253
|
|
|
} |
|
254
|
|
|
|
|
255
|
|
|
if (!$skip_revision) { |
|
256
|
|
|
$this->credentialRevisionService->createRevision($storedCredential, $storedCredential->getUserId(), $credential_id, $this->userId); |
|
257
|
|
|
} |
|
258
|
|
|
|
|
259
|
|
|
$credential = $this->credentialService->updateCredential($credential); |
|
260
|
|
|
|
|
261
|
|
|
return new JSONResponse($credential); |
|
262
|
|
|
} |
|
263
|
|
|
|
|
264
|
|
|
/** |
|
265
|
|
|
* @NoAdminRequired |
|
266
|
|
|
* @NoCSRFRequired |
|
267
|
|
|
*/ |
|
268
|
|
|
public function deleteCredential($credential_guid) { |
|
269
|
|
|
try { |
|
270
|
|
|
$credential = $this->credentialService->getCredentialByGUID($credential_guid, $this->userId); |
|
271
|
|
|
} catch (\Exception $e) { |
|
272
|
|
|
return new NotFoundJSONResponse(); |
|
273
|
|
|
} |
|
274
|
|
|
if ($credential instanceof Credential) { |
|
275
|
|
|
$result = $this->credentialService->deleteCredential($credential); |
|
276
|
|
|
//print_r($credential); |
|
277
|
|
|
$this->deleteCredentialParts($credential); |
|
278
|
|
|
} else { |
|
279
|
|
|
$result = false; |
|
280
|
|
|
} |
|
281
|
|
|
return new JSONResponse($result); |
|
282
|
|
|
} |
|
283
|
|
|
|
|
284
|
|
|
/** |
|
285
|
|
|
* Delete leftovers from a credential |
|
286
|
|
|
* @param Credential $credential |
|
287
|
|
|
*/ |
|
288
|
|
|
private function deleteCredentialParts(Credential $credential) { |
|
289
|
|
|
$this->activityService->add( |
|
290
|
|
|
'item_destroyed_self', array($credential->getLabel()), |
|
291
|
|
|
'', array(), |
|
292
|
|
|
'', $this->userId, Activity::TYPE_ITEM_ACTION); |
|
293
|
|
|
$this->sharingService->unshareCredential($credential->getGuid()); |
|
294
|
|
|
foreach ($this->credentialRevisionService->getRevisions($credential->getId()) as $revision) { |
|
295
|
|
|
$id = $revision['revision_id']; |
|
296
|
|
|
if(isset($id)){ |
|
297
|
|
|
$this->credentialRevisionService->deleteRevision($id, $this->userId); |
|
298
|
|
|
} |
|
299
|
|
|
} |
|
300
|
|
|
} |
|
301
|
|
|
|
|
302
|
|
|
/** |
|
303
|
|
|
* @NoAdminRequired |
|
304
|
|
|
* @NoCSRFRequired |
|
305
|
|
|
*/ |
|
306
|
|
|
public function getRevision($credential_guid) { |
|
307
|
|
|
try { |
|
308
|
|
|
$credential = $this->credentialService->getCredentialByGUID($credential_guid); |
|
309
|
|
|
} catch (\Exception $ex) { |
|
310
|
|
|
return new NotFoundJSONResponse(); |
|
311
|
|
|
} |
|
312
|
|
|
// If the request was made by the owner of the credential |
|
313
|
|
|
if ($this->userId === $credential->getUserId()) { |
|
314
|
|
|
$result = $this->credentialRevisionService->getRevisions($credential->getId(), $this->userId); |
|
315
|
|
|
} else { |
|
316
|
|
|
$acl = $this->sharingService->getACL($this->userId, $credential_guid); |
|
317
|
|
|
if ($acl->hasPermission(SharingACL::HISTORY)) { |
|
318
|
|
|
$result = $this->credentialRevisionService->getRevisions($credential->getId()); |
|
319
|
|
|
} else { |
|
320
|
|
|
return new NotFoundJSONResponse(); |
|
321
|
|
|
} |
|
322
|
|
|
} |
|
323
|
|
|
|
|
324
|
|
|
return new JSONResponse($result); |
|
325
|
|
|
} |
|
326
|
|
|
|
|
327
|
|
|
/** |
|
328
|
|
|
* @NoAdminRequired |
|
329
|
|
|
* @NoCSRFRequired |
|
330
|
|
|
*/ |
|
331
|
|
|
public function deleteRevision($credential_id, $revision_id) { |
|
332
|
|
|
$result = $this->credentialRevisionService->deleteRevision($revision_id, $this->userId); |
|
333
|
|
|
return new JSONResponse($result); |
|
334
|
|
|
} |
|
335
|
|
|
|
|
336
|
|
|
/** |
|
337
|
|
|
* @NoAdminRequired |
|
338
|
|
|
* @NoCSRFRequired |
|
339
|
|
|
*/ |
|
340
|
|
|
public function updateRevision($revision_id, $credential_data) { |
|
341
|
|
|
$revision = null; |
|
342
|
|
|
try { |
|
343
|
|
|
$revision = $this->credentialRevisionService->getRevision($revision_id); |
|
344
|
|
|
} catch (\Exception $exception) { |
|
345
|
|
|
return new JSONResponse(array()); |
|
346
|
|
|
} |
|
347
|
|
|
|
|
348
|
|
|
$revision->setCredentialData($credential_data); |
|
349
|
|
|
|
|
350
|
|
|
$this->credentialRevisionService->updateRevision($revision); |
|
351
|
|
|
return new JSONResponse(array()); |
|
352
|
|
|
} |
|
353
|
|
|
} |
nextcloud /
passman
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.
You can also find more detailed suggestions in the “Code” section of your repository.