Wopi::generateFileToken() - Code Metrics - Inspection of "Public editing" - nextcloud/richdocuments - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 446472...7ef246 )

by Lukas

created 2016-12-06 23:57 UTC

Wopi::generateFileToken() A

↳ Parent: Wopi

Complexity

Conditions	2
Paths	2

Size

Total Lines	22
Code Lines	16

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	0
CRAP Score	6

Importance

Changes

Metric	Value
dl	0
loc	22
ccs	0
cts	19
cp	0
rs	9.2
c	0
b	0
f	0
cc	2
eloc	16
nc	2
nop	6
crap	6

<?php
/**
 * ownCloud - Richdocuments App
 *
 * @author Ashod Nakashian
 * @copyright 2016 Ashod Nakashian [email protected]
 *
 * This file is licensed under the Affero General Public License version 3 or
 * later.
 */

namespace OCA\Richdocuments\Db;

use \OCA\Richdocuments\Download;
use \OCA\Richdocuments\DownloadResponse;

class Wopi extends \OCA\Richdocuments\Db{

	const DB_TABLE = '`*PREFIX*richdocuments_wopi`';

	// Tokens expire after this many seconds (not defined by WOPI specs).
	const TOKEN_LIFETIME_SECONDS = 1800;

	protected $tableName  = '`*PREFIX*richdocuments_wopi`';

	protected $insertStatement  = 'INSERT INTO `*PREFIX*richdocuments_wopi` (`fileid`, `owner_uid`, `editor_uid`, `version`, `canwrite`, `server_host`, `token`, `expiry`)
			VALUES (?, ?, ?, ?, ?, ?, ?, ?)';

	protected $loadStatement = 'SELECT * FROM `*PREFIX*richdocuments_wopi` WHERE `token`= ?';

	public function generateFileToken($fileId, $owner, $editor, $version, $updatable, $serverHost) {
		$token = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(32,
					\OCP\Security\ISecureRandom::CHAR_LOWER . \OCP\Security\ISecureRandom::CHAR_UPPER .
					\OCP\Security\ISecureRandom::CHAR_DIGITS);

		$wopi = new \OCA\Richdocuments\Db\Wopi([
			$fileId,
			$owner,
			$editor,
			$version,
			$updatable,
			$serverHost,
			$token,
			time() + self::TOKEN_LIFETIME_SECONDS
		]);

		if (!$wopi->insert()) {
			throw new \Exception('Failed to add wopi token into database');
		}

		return $token;
	}

	/*
	 * Given a token, validates it and
	 * constructs and validates the path.
	 * Returns the path, if valid, else false.
	 */
	public function getPathForToken($fileId, $version, $token){

		$wopi = new Wopi();
		$row = $wopi->loadBy('token', $token)->getData();
		\OC::$server->getLogger()->debug('Loaded WOPI Token record: {row}.', [ 'row' => $row ]);
		if (count($row) == 0)
		{
			// Invalid token.
			http_response_code(401);
			return false;
		}

		//TODO: validate.
		if ($row['expiry'] > time()){
			// Expired token!
			//http_response_code(404);
			//$wopi->deleteBy('id', $row['id']);
			//return false;
		}
		if ($row['fileid'] != $fileId || $row['version'] != $version){
			// File unknown / user unauthorized (for the requested file).
			http_response_code(404);
			return false;
		}

		return array(
			'owner' => $row['owner_uid'],
			'editor' => $row['editor_uid'],
			'path' => $row['path'],
			'canwrite' => $row['canwrite'],
			'server_host' => $row['server_host']
		);
	}
}


1			<?php
2			/**
3			* ownCloud - Richdocuments App
4			*
5			* @author Ashod Nakashian
6			* @copyright 2016 Ashod Nakashian [email protected]
7			*
8			* This file is licensed under the Affero General Public License version 3 or
9			* later.
10			*/
11
12			namespace OCA\Richdocuments\Db;
13
14			use \OCA\Richdocuments\Download;
15			use \OCA\Richdocuments\DownloadResponse;
16
17			class Wopi extends \OCA\Richdocuments\Db{
18
19			const DB_TABLE = '`PREFIXrichdocuments_wopi`';
20
21			// Tokens expire after this many seconds (not defined by WOPI specs).
22			const TOKEN_LIFETIME_SECONDS = 1800;
23
24			protected $tableName = '`PREFIXrichdocuments_wopi`';
25
26			protected $insertStatement = 'INSERT INTO `PREFIXrichdocuments_wopi` (`fileid`, `owner_uid`, `editor_uid`, `version`, `canwrite`, `server_host`, `token`, `expiry`)
27			VALUES (?, ?, ?, ?, ?, ?, ?, ?)';
28
29			protected $loadStatement = 'SELECT * FROM `PREFIXrichdocuments_wopi` WHERE `token`= ?';
30
31			public function generateFileToken($fileId, $owner, $editor, $version, $updatable, $serverHost) {
32			$token = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(32,
33			\OCP\Security\ISecureRandom::CHAR_LOWER . \OCP\Security\ISecureRandom::CHAR_UPPER .
34			\OCP\Security\ISecureRandom::CHAR_DIGITS);
35
36			$wopi = new \OCA\Richdocuments\Db\Wopi([
37			$fileId,
38			$owner,
39			$editor,
40			$version,
41			$updatable,
42			$serverHost,
43			$token,
44			time() + self::TOKEN_LIFETIME_SECONDS
45			]);
46
47			if (!$wopi->insert()) {
48			throw new \Exception('Failed to add wopi token into database');
49			}
50
51			return $token;
52			}
53
54			/*
55			* Given a token, validates it and
56			* constructs and validates the path.
57			* Returns the path, if valid, else false.
58			*/
59			public function getPathForToken($fileId, $version, $token){
60
61			$wopi = new Wopi();
62			$row = $wopi->loadBy('token', $token)->getData();
63			\OC::$server->getLogger()->debug('Loaded WOPI Token record: {row}.', [ 'row' => $row ]);
64			if (count($row) == 0)
65			{
66			// Invalid token.
67			http_response_code(401);
68			return false;
69			}
70
71			//TODO: validate.
72			if ($row['expiry'] > time()){
73			// Expired token!
74			//http_response_code(404);
75			//$wopi->deleteBy('id', $row['id']);
76			//return false;
77			}
78			if ($row['fileid'] != $fileId \|\| $row['version'] != $version){
79			// File unknown / user unauthorized (for the requested file).
80			http_response_code(404);
81			return false;
82			}
83
84			return array(
85			'owner' => $row['owner_uid'],
86			'editor' => $row['editor_uid'],
87			'path' => $row['path'],
88			'canwrite' => $row['canwrite'],
89			'server_host' => $row['server_host']
90			);
91			}
92			}
93

nextcloud / richdocuments

Push — master ( 446472...7ef246 )

Wopi::generateFileToken() A

Complexity

Size

Duplication

Code Coverage

Importance

Duplication Side-by-Side

Filter issues like