|
1
|
|
|
<?php |
|
2
|
|
|
/** |
|
3
|
|
|
* Nextcloud - passman |
|
4
|
|
|
* |
|
5
|
|
|
* This file is licensed under the Affero General Public License version 3 or |
|
6
|
|
|
* later. See the COPYING file. |
|
7
|
|
|
* |
|
8
|
|
|
* @author Sander Brand <[email protected]> |
|
9
|
|
|
* @copyright Sander Brand 2016 |
|
10
|
|
|
*/ |
|
11
|
|
|
|
|
12
|
|
|
namespace OCA\Passman\Controller; |
|
13
|
|
|
|
|
14
|
|
|
use OCA\Files_External\NotFoundException; |
|
15
|
|
|
use OCA\Passman\Db\SharingACL; |
|
16
|
|
|
use OCA\Passman\Utility\NotFoundJSONResponse; |
|
17
|
|
|
use OCP\AppFramework\Db\DoesNotExistException; |
|
18
|
|
|
use OCP\AppFramework\Http; |
|
19
|
|
|
use OCP\AppFramework\Http\DataResponse; |
|
20
|
|
|
use OCP\IConfig; |
|
21
|
|
|
use OCP\IRequest; |
|
22
|
|
|
use OCP\AppFramework\Http\JSONResponse; |
|
23
|
|
|
use OCP\AppFramework\ApiController; |
|
24
|
|
|
use OCA\Passman\Service\CredentialService; |
|
25
|
|
|
use OCA\Passman\Activity; |
|
26
|
|
|
use OCA\Passman\Service\ActivityService; |
|
27
|
|
|
use OCA\Passman\Service\CredentialRevisionService; |
|
28
|
|
|
use OCA\Passman\Service\ShareService; |
|
29
|
|
|
use OCP\IUser; |
|
30
|
|
|
|
|
31
|
|
|
class CredentialController extends ApiController { |
|
32
|
|
|
private $userId; |
|
33
|
|
|
private $credentialService; |
|
34
|
|
|
private $activityService; |
|
35
|
|
|
private $credentialRevisionService; |
|
36
|
|
|
private $sharingService; |
|
37
|
|
|
private $config; |
|
38
|
|
|
|
|
39
|
|
|
public function __construct($AppName, |
|
40
|
|
|
IRequest $request, |
|
41
|
|
|
$userId, |
|
42
|
|
|
CredentialService $credentialService, |
|
43
|
|
|
ActivityService $activityService, |
|
44
|
|
|
CredentialRevisionService $credentialRevisionService, |
|
45
|
|
|
ShareService $sharingService, |
|
46
|
|
|
IConfig $config |
|
47
|
|
|
) { |
|
48
|
|
|
parent::__construct($AppName, $request); |
|
49
|
|
|
$this->userId = $userId; |
|
50
|
|
|
$this->credentialService = $credentialService; |
|
51
|
|
|
$this->activityService = $activityService; |
|
52
|
|
|
$this->credentialRevisionService = $credentialRevisionService; |
|
53
|
|
|
$this->sharingService = $sharingService; |
|
54
|
|
|
$this->config = $config; |
|
55
|
|
|
} |
|
56
|
|
|
|
|
57
|
|
|
|
|
58
|
|
|
/** |
|
59
|
|
|
* @NoAdminRequired |
|
60
|
|
|
* @NoCSRFRequired |
|
61
|
|
|
*/ |
|
62
|
|
|
public function createCredential($changed, $created, |
|
63
|
|
|
$credential_id, $custom_fields, $delete_time, |
|
64
|
|
|
$description, $email, $expire_time, $favicon, $files, $guid, |
|
65
|
|
|
$hidden, $label, $otp, $password, $renew_interval, |
|
66
|
|
|
$tags, $url, $username, $vault_id) { |
|
67
|
|
|
$credential = array( |
|
68
|
|
|
'credential_id' => $credential_id, |
|
69
|
|
|
'guid' => $guid, |
|
70
|
|
|
'user_id' => $this->userId, |
|
71
|
|
|
'vault_id' => $vault_id, |
|
72
|
|
|
'label' => $label, |
|
73
|
|
|
'description' => $description, |
|
74
|
|
|
'created' => $created, |
|
75
|
|
|
'changed' => $changed, |
|
76
|
|
|
'tags' => $tags, |
|
77
|
|
|
'email' => $email, |
|
78
|
|
|
'username' => $username, |
|
79
|
|
|
'password' => $password, |
|
80
|
|
|
'url' => $url, |
|
81
|
|
|
'favicon' => $favicon, |
|
82
|
|
|
'renew_interval' => $renew_interval, |
|
83
|
|
|
'expire_time' => $expire_time, |
|
84
|
|
|
'delete_time' => $delete_time, |
|
85
|
|
|
'files' => $files, |
|
86
|
|
|
'custom_fields' => $custom_fields, |
|
87
|
|
|
'otp' => $otp, |
|
88
|
|
|
'hidden' => $hidden, |
|
89
|
|
|
|
|
90
|
|
|
); |
|
91
|
|
|
$credential = $this->credentialService->createCredential($credential); |
|
92
|
|
|
$link = ''; // @TODO create direct link to credential |
|
93
|
|
|
if (!$credential->getHidden()) { |
|
94
|
|
|
$this->activityService->add( |
|
95
|
|
|
Activity::SUBJECT_ITEM_CREATED_SELF, array($label, $this->userId), |
|
96
|
|
|
'', array(), |
|
97
|
|
|
$link, $this->userId, Activity::TYPE_ITEM_ACTION); |
|
98
|
|
|
} |
|
99
|
|
|
return new JSONResponse($credential); |
|
100
|
|
|
} |
|
101
|
|
|
|
|
102
|
|
|
/** |
|
103
|
|
|
* @NoAdminRequired |
|
104
|
|
|
* @NoCSRFRequired |
|
105
|
|
|
*/ |
|
106
|
|
|
public function getCredential($credential_guid) { |
|
107
|
|
|
return new JSONResponse($this->credentialService->getCredentialByGUID($credential_guid, $this->userId)); |
|
108
|
|
|
} |
|
109
|
|
|
|
|
110
|
|
|
/** |
|
111
|
|
|
* @NoAdminRequired |
|
112
|
|
|
* @NoCSRFRequired |
|
113
|
|
|
*/ |
|
114
|
|
|
public function updateCredential($changed, $created, |
|
115
|
|
|
$credential_id, $custom_fields, $delete_time, $credential_guid, |
|
116
|
|
|
$description, $email, $expire_time, $favicon, $files, $guid, |
|
117
|
|
|
$hidden, $label, $otp, $password, $renew_interval, |
|
118
|
|
|
$tags, $url, $username, $vault_id, $revision_created, $shared_key, $acl, $unshare_action, $set_share_key, $skip_revision) { |
|
119
|
|
|
|
|
120
|
|
|
|
|
121
|
|
|
$storedCredential = $this->credentialService->getCredentialByGUID($credential_guid, $this->userId); |
|
122
|
|
|
|
|
123
|
|
|
$credential = array( |
|
124
|
|
|
'credential_id' => $credential_id, |
|
125
|
|
|
'guid' => $guid, |
|
126
|
|
|
'label' => $label, |
|
127
|
|
|
'description' => $description, |
|
128
|
|
|
'created' => $created, |
|
129
|
|
|
'changed' => $changed, |
|
130
|
|
|
'vault_id' => $vault_id, |
|
131
|
|
|
'tags' => $tags, |
|
132
|
|
|
'email' => $email, |
|
133
|
|
|
'username' => $username, |
|
134
|
|
|
'password' => $password, |
|
135
|
|
|
'url' => $url, |
|
136
|
|
|
'favicon' => $favicon, |
|
137
|
|
|
'renew_interval' => $renew_interval, |
|
138
|
|
|
'expire_time' => $expire_time, |
|
139
|
|
|
'files' => $files, |
|
140
|
|
|
'custom_fields' => $custom_fields, |
|
141
|
|
|
'delete_time' => $delete_time, |
|
142
|
|
|
'hidden' => $hidden, |
|
143
|
|
|
'otp' => $otp, |
|
144
|
|
|
); |
|
145
|
|
|
|
|
146
|
|
|
|
|
147
|
|
|
if ($storedCredential->getUserId() !== $this->userId) { |
|
148
|
|
|
$acl = $this->sharingService->getCredentialAclForUser($this->userId, $storedCredential->getGuid()); |
|
149
|
|
|
if ($acl->hasPermission(SharingACL::WRITE)) { |
|
150
|
|
|
$credential['shared_key'] = $storedCredential->getSharedKey(); |
|
151
|
|
|
} else { |
|
152
|
|
|
return new DataResponse(['msg' => 'Not authorized'], Http::STATUS_UNAUTHORIZED); |
|
153
|
|
|
} |
|
154
|
|
View Code Duplication |
if ($this->config->getAppValue('passman', 'user_sharing_enabled', 1) === 0 || $this->config->getAppValue('passman', 'user_sharing_enabled', 1) === '0') { |
|
|
|
|
|
|
155
|
|
|
return new DataResponse(['msg' => 'Not authorized'], Http::STATUS_UNAUTHORIZED); |
|
156
|
|
|
} |
|
157
|
|
|
} |
|
158
|
|
|
|
|
159
|
|
|
$link = ''; // @TODO create direct link to credential |
|
160
|
|
|
if ($revision_created) { |
|
161
|
|
|
$activity = 'item_apply_revision'; |
|
162
|
|
|
$this->activityService->add( |
|
163
|
|
|
$activity . '_self', array($label, $this->userId, $revision_created), |
|
164
|
|
|
'', array(), |
|
165
|
|
|
$link, $this->userId, Activity::TYPE_ITEM_ACTION); |
|
166
|
|
|
} else if (($storedCredential->getDeleteTime() === 0) && (int)$delete_time > 0) { |
|
167
|
|
|
$activity = 'item_deleted'; |
|
168
|
|
|
$this->activityService->add( |
|
169
|
|
|
$activity . '_self', array($label, $this->userId), |
|
170
|
|
|
'', array(), |
|
171
|
|
|
$link, $this->userId, Activity::TYPE_ITEM_ACTION); |
|
172
|
|
|
} else if (($storedCredential->getDeleteTime() > 0) && (int)$delete_time === 0) { |
|
173
|
|
|
$activity = 'item_recovered'; |
|
174
|
|
|
$this->activityService->add( |
|
175
|
|
|
$activity . '_self', array($label, $this->userId), |
|
176
|
|
|
'', array(), |
|
177
|
|
|
$link, $this->userId, Activity::TYPE_ITEM_ACTION); |
|
178
|
|
|
} else if ($label !== $storedCredential->getLabel()) { |
|
179
|
|
|
$activity = 'item_renamed'; |
|
180
|
|
|
$this->activityService->add( |
|
181
|
|
|
$activity . '_self', array($storedCredential->getLabel(), $label, $this->userId), |
|
182
|
|
|
'', array(), |
|
183
|
|
|
$link, $this->userId, Activity::TYPE_ITEM_RENAMED); |
|
184
|
|
|
} else { |
|
185
|
|
|
$activity = 'item_edited'; |
|
186
|
|
|
$this->activityService->add( |
|
187
|
|
|
$activity . '_self', array($label, $this->userId), |
|
188
|
|
|
'', array(), |
|
189
|
|
|
$link, $this->userId, Activity::TYPE_ITEM_ACTION); |
|
190
|
|
|
} |
|
191
|
|
|
$acl_list = null; |
|
192
|
|
|
|
|
193
|
|
|
try { |
|
194
|
|
|
$acl_list = $this->sharingService->getCredentialAclList($storedCredential->getGuid()); |
|
195
|
|
|
} catch (DoesNotExistException $exception) { |
|
|
|
|
|
|
196
|
|
|
// Just check if we have an acl list |
|
197
|
|
|
} |
|
198
|
|
|
if (!empty($acl_list)) { |
|
199
|
|
|
$params = array(); |
|
200
|
|
|
switch ($activity) { |
|
201
|
|
|
case 'item_recovered': |
|
202
|
|
|
case 'item_deleted': |
|
203
|
|
|
case 'item_edited': |
|
204
|
|
|
$params = array($credential['label'], $this->userId); |
|
205
|
|
|
break; |
|
206
|
|
|
case 'item_apply_revision': |
|
207
|
|
|
$params = array($credential['label'], $this->userId, $revision_created); |
|
208
|
|
|
break; |
|
209
|
|
|
case 'item_renamed': |
|
210
|
|
|
$params = array($storedCredential->getLabel(), $label, $this->userId); |
|
211
|
|
|
break; |
|
212
|
|
|
} |
|
213
|
|
|
|
|
214
|
|
|
foreach ($acl_list as $sharingACL) { |
|
215
|
|
|
$target_user = $sharingACL->getUserId(); |
|
216
|
|
|
if ($target_user === $this->userId) { |
|
217
|
|
|
continue; |
|
218
|
|
|
} |
|
219
|
|
|
$this->activityService->add( |
|
220
|
|
|
$activity, $params, |
|
221
|
|
|
'', array(), |
|
222
|
|
|
$link, $target_user, Activity::TYPE_ITEM_ACTION); |
|
223
|
|
|
} |
|
224
|
|
|
if ($this->userId !== $storedCredential->getUserId()) { |
|
225
|
|
|
$this->activityService->add( |
|
226
|
|
|
$activity, $params, |
|
227
|
|
|
'', array(), |
|
228
|
|
|
$link, $storedCredential->getUserId(), Activity::TYPE_ITEM_ACTION); |
|
229
|
|
|
} |
|
230
|
|
|
} |
|
231
|
|
|
if ($set_share_key === true) { |
|
232
|
|
|
$storedCredential->setSharedKey($shared_key); |
|
233
|
|
|
$credential['shared_key'] = $shared_key; |
|
234
|
|
|
} |
|
235
|
|
|
if ($unshare_action === true) { |
|
236
|
|
|
$storedCredential->setSharedKey(''); |
|
237
|
|
|
$credential['shared_key'] = ''; |
|
238
|
|
|
} |
|
239
|
|
|
if (!$skip_revision) { |
|
240
|
|
|
$this->credentialRevisionService->createRevision($storedCredential, $storedCredential->getUserId(), $credential_id, $this->userId); |
|
241
|
|
|
} |
|
242
|
|
|
$credential = $this->credentialService->updateCredential($credential); |
|
243
|
|
|
|
|
244
|
|
|
return new JSONResponse($credential); |
|
245
|
|
|
} |
|
246
|
|
|
|
|
247
|
|
|
/** |
|
248
|
|
|
* @NoAdminRequired |
|
249
|
|
|
* @NoCSRFRequired |
|
250
|
|
|
*/ |
|
251
|
|
|
public function deleteCredential($credential_guid) { |
|
252
|
|
|
$credential = $this->credentialService->getCredentialByGUID($credential_guid, $this->userId); |
|
253
|
|
|
if ($credential) { |
|
254
|
|
|
$result = $this->credentialService->deleteCredential($credential); |
|
255
|
|
|
$this->activityService->add( |
|
256
|
|
|
'item_destroyed_self', array($credential->getLabel()), |
|
257
|
|
|
'', array(), |
|
258
|
|
|
'', $this->userId, Activity::TYPE_ITEM_ACTION); |
|
259
|
|
|
} else { |
|
260
|
|
|
$result = false; |
|
261
|
|
|
} |
|
262
|
|
|
return new JSONResponse($result); |
|
263
|
|
|
} |
|
264
|
|
|
|
|
265
|
|
|
|
|
266
|
|
|
/** |
|
267
|
|
|
* @NoAdminRequired |
|
268
|
|
|
* @NoCSRFRequired |
|
269
|
|
|
*/ |
|
270
|
|
|
public function getRevision($credential_guid) { |
|
271
|
|
|
try { |
|
272
|
|
|
$credential = $this->credentialService->getCredentialByGUID($credential_guid); |
|
273
|
|
|
} catch (DoesNotExistException $ex) { |
|
|
|
|
|
|
274
|
|
|
return new NotFoundJSONResponse(); |
|
275
|
|
|
} |
|
276
|
|
|
|
|
277
|
|
|
// If the request was made by the owner of the credential |
|
278
|
|
|
if ($this->userId === $credential->getUserId()) { |
|
279
|
|
|
$result = $this->credentialRevisionService->getRevisions($credential->getId(), $this->userId); |
|
280
|
|
|
} else { |
|
281
|
|
|
$acl = $this->sharingService->getACL($this->userId, $credential_guid); |
|
282
|
|
|
if ($acl->hasPermission(SharingACL::HISTORY)) { |
|
283
|
|
|
$result = $this->credentialRevisionService->getRevisions($credential->getId()); |
|
284
|
|
|
} else { |
|
285
|
|
|
return new NotFoundJSONResponse(); |
|
286
|
|
|
} |
|
287
|
|
|
} |
|
288
|
|
|
|
|
289
|
|
|
return new JSONResponse($result); |
|
290
|
|
|
} |
|
291
|
|
|
|
|
292
|
|
|
/** |
|
293
|
|
|
* @NoAdminRequired |
|
294
|
|
|
* @NoCSRFRequired |
|
295
|
|
|
*/ |
|
296
|
|
|
public function deleteRevision($credential_id, $revision_id) { |
|
297
|
|
|
$result = $this->credentialRevisionService->deleteRevision($revision_id, $this->userId); |
|
298
|
|
|
return new JSONResponse($result); |
|
299
|
|
|
} |
|
300
|
|
|
|
|
301
|
|
|
/** |
|
302
|
|
|
* @NoAdminRequired |
|
303
|
|
|
* @NoCSRFRequired |
|
304
|
|
|
*/ |
|
305
|
|
|
public function updateRevision($credential_guid, $revision_id, $credential_data) { |
|
306
|
|
|
$revision = null; |
|
307
|
|
|
try { |
|
308
|
|
|
$this->credentialService->getCredentialByGUID($credential_guid, $this->userId); |
|
309
|
|
|
} catch (DoesNotExistException $e) { |
|
|
|
|
|
|
310
|
|
|
return new NotFoundJSONResponse(); |
|
311
|
|
|
} |
|
312
|
|
|
|
|
313
|
|
|
try { |
|
314
|
|
|
$revision = $this->credentialRevisionService->getRevision($revision_id); |
|
315
|
|
|
} catch (DoesNotExistException $exception) { |
|
|
|
|
|
|
316
|
|
|
return new NotFoundJSONResponse(); |
|
317
|
|
|
} |
|
318
|
|
|
|
|
319
|
|
|
$revision->setCredentialData($credential_data); |
|
320
|
|
|
|
|
321
|
|
|
$this->credentialRevisionService->updateRevision($revision); |
|
322
|
|
|
return new JSONResponse(array()); |
|
323
|
|
|
} |
|
324
|
|
|
} |
nextcloud /
passman
Loading history...
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.
You can also find more detailed suggestions in the “Code” section of your repository.