nextcloud / server

lib/public/AppFramework/ApiController.php

Indentation +50 added lines, -50 removed lines

@@ -39,60 +39,60 @@
  */
 abstract class ApiController extends Controller {
 
-	private $corsMethods;
-	private $corsAllowedHeaders;
-	private $corsMaxAge;
+    private $corsMethods;
+    private $corsAllowedHeaders;
+    private $corsMaxAge;
 
-	/**
-	 * constructor of the controller
-	 * @param string $appName the name of the app
-	 * @param IRequest $request an instance of the request
-	 * @param string $corsMethods comma separated string of HTTP verbs which
-	 * should be allowed for websites or webapps when calling your API, defaults to
-	 * 'PUT, POST, GET, DELETE, PATCH'
-	 * @param string $corsAllowedHeaders comma separated string of HTTP headers
-	 * which should be allowed for websites or webapps when calling your API,
-	 * defaults to 'Authorization, Content-Type, Accept'
-	 * @param int $corsMaxAge number in seconds how long a preflighted OPTIONS
-	 * request should be cached, defaults to 1728000 seconds
-	 * @since 7.0.0
-	 */
-	public function __construct($appName,
-								IRequest $request,
-								$corsMethods='PUT, POST, GET, DELETE, PATCH',
-								$corsAllowedHeaders='Authorization, Content-Type, Accept',
-								$corsMaxAge=1728000){
-		parent::__construct($appName, $request);
-		$this->corsMethods = $corsMethods;
-		$this->corsAllowedHeaders = $corsAllowedHeaders;
-		$this->corsMaxAge = $corsMaxAge;
-	}
+    /**
+     * constructor of the controller
+     * @param string $appName the name of the app
+     * @param IRequest $request an instance of the request
+     * @param string $corsMethods comma separated string of HTTP verbs which
+     * should be allowed for websites or webapps when calling your API, defaults to
+     * 'PUT, POST, GET, DELETE, PATCH'
+     * @param string $corsAllowedHeaders comma separated string of HTTP headers
+     * which should be allowed for websites or webapps when calling your API,
+     * defaults to 'Authorization, Content-Type, Accept'
+     * @param int $corsMaxAge number in seconds how long a preflighted OPTIONS
+     * request should be cached, defaults to 1728000 seconds
+     * @since 7.0.0
+     */
+    public function __construct($appName,
+                                IRequest $request,
+                                $corsMethods='PUT, POST, GET, DELETE, PATCH',
+                                $corsAllowedHeaders='Authorization, Content-Type, Accept',
+                                $corsMaxAge=1728000){
+        parent::__construct($appName, $request);
+        $this->corsMethods = $corsMethods;
+        $this->corsAllowedHeaders = $corsAllowedHeaders;
+        $this->corsMaxAge = $corsMaxAge;
+    }
 
 
-	/**
-	 * This method implements a preflighted cors response for you that you can
-	 * link to for the options request
-	 *
-	 * @NoAdminRequired
-	 * @NoCSRFRequired
-	 * @PublicPage
-	 * @since 7.0.0
-	 */
-	public function preflightedCors() {
-		if(isset($this->request->server['HTTP_ORIGIN'])) {
-			$origin = $this->request->server['HTTP_ORIGIN'];
-		} else {
-			$origin = '*';
-		}
+    /**
+     * This method implements a preflighted cors response for you that you can
+     * link to for the options request
+     *
+     * @NoAdminRequired
+     * @NoCSRFRequired
+     * @PublicPage
+     * @since 7.0.0
+     */
+    public function preflightedCors() {
+        if(isset($this->request->server['HTTP_ORIGIN'])) {
+            $origin = $this->request->server['HTTP_ORIGIN'];
+        } else {
+            $origin = '*';
+        }
 
-		$response = new Response();
-		$response->addHeader('Access-Control-Allow-Origin', $origin);
-		$response->addHeader('Access-Control-Allow-Methods', $this->corsMethods);
-		$response->addHeader('Access-Control-Max-Age', (string)$this->corsMaxAge);
-		$response->addHeader('Access-Control-Allow-Headers', $this->corsAllowedHeaders);
-		$response->addHeader('Access-Control-Allow-Credentials', 'false');
-		return $response;
-	}
+        $response = new Response();
+        $response->addHeader('Access-Control-Allow-Origin', $origin);
+        $response->addHeader('Access-Control-Allow-Methods', $this->corsMethods);
+        $response->addHeader('Access-Control-Max-Age', (string)$this->corsMaxAge);
+        $response->addHeader('Access-Control-Allow-Headers', $this->corsAllowedHeaders);
+        $response->addHeader('Access-Control-Allow-Credentials', 'false');
+        return $response;
+    }
 
 
 }

Spacing +5 added lines, -5 removed lines

@@ -59,9 +59,9 @@ 
 	 */
 	public function __construct($appName,
 								IRequest $request,
-								$corsMethods='PUT, POST, GET, DELETE, PATCH',
-								$corsAllowedHeaders='Authorization, Content-Type, Accept',
-								$corsMaxAge=1728000){
+								$corsMethods = 'PUT, POST, GET, DELETE, PATCH',
+								$corsAllowedHeaders = 'Authorization, Content-Type, Accept',
+								$corsMaxAge = 1728000) {
 		parent::__construct($appName, $request);
 		$this->corsMethods = $corsMethods;
 		$this->corsAllowedHeaders = $corsAllowedHeaders;
@@ -79,7 +79,7 @@ 
 	 * @since 7.0.0
 	 */
 	public function preflightedCors() {
-		if(isset($this->request->server['HTTP_ORIGIN'])) {
+		if (isset($this->request->server['HTTP_ORIGIN'])) {
 			$origin = $this->request->server['HTTP_ORIGIN'];
 		} else {
 			$origin = '*';
@@ -88,7 +88,7 @@ 
 		$response = new Response();
 		$response->addHeader('Access-Control-Allow-Origin', $origin);
 		$response->addHeader('Access-Control-Allow-Methods', $this->corsMethods);
-		$response->addHeader('Access-Control-Max-Age', (string)$this->corsMaxAge);
+		$response->addHeader('Access-Control-Max-Age', (string) $this->corsMaxAge);
 		$response->addHeader('Access-Control-Allow-Headers', $this->corsAllowedHeaders);
 		$response->addHeader('Access-Control-Allow-Credentials', 'false');
 		return $response;

lib/public/AppFramework/Http/DataDisplayResponse.php

Indentation +45 added lines, -45 removed lines

@@ -34,59 +34,59 @@
  */
 class DataDisplayResponse extends Response {
 
-	/**
-	 * response data
-	 * @var string
-	 */
-	protected $data;
+    /**
+     * response data
+     * @var string
+     */
+    protected $data;
 
 
-	/**
-	 * @param string $data the data to display
-	 * @param int $statusCode the Http status code, defaults to 200
-	 * @param array $headers additional key value based headers
-	 * @since 8.1.0
-	 */
-	public function __construct($data='', $statusCode=Http::STATUS_OK,
-								$headers=[]) {
-		parent::__construct();
+    /**
+     * @param string $data the data to display
+     * @param int $statusCode the Http status code, defaults to 200
+     * @param array $headers additional key value based headers
+     * @since 8.1.0
+     */
+    public function __construct($data='', $statusCode=Http::STATUS_OK,
+                                $headers=[]) {
+        parent::__construct();
 
-		$this->data = $data;
-		$this->setStatus($statusCode);
-		$this->setHeaders(array_merge($this->getHeaders(), $headers));
-		$this->addHeader('Content-Disposition', 'inline; filename=""');
-	}
+        $this->data = $data;
+        $this->setStatus($statusCode);
+        $this->setHeaders(array_merge($this->getHeaders(), $headers));
+        $this->addHeader('Content-Disposition', 'inline; filename=""');
+    }
 
-	/**
-	 * Outputs data. No processing is done.
-	 * @return string
-	 * @since 8.1.0
-	 */
-	public function render() {
-		return $this->data;
-	}
+    /**
+     * Outputs data. No processing is done.
+     * @return string
+     * @since 8.1.0
+     */
+    public function render() {
+        return $this->data;
+    }
 
 
-	/**
-	 * Sets values in the data
-	 * @param string $data the data to display
-	 * @return DataDisplayResponse Reference to this object
-	 * @since 8.1.0
-	 */
-	public function setData($data){
-		$this->data = $data;
+    /**
+     * Sets values in the data
+     * @param string $data the data to display
+     * @return DataDisplayResponse Reference to this object
+     * @since 8.1.0
+     */
+    public function setData($data){
+        $this->data = $data;
 
-		return $this;
-	}
+        return $this;
+    }
 
 
-	/**
-	 * Used to get the set parameters
-	 * @return string the data
-	 * @since 8.1.0
-	 */
-	public function getData(){
-		return $this->data;
-	}
+    /**
+     * Used to get the set parameters
+     * @return string the data
+     * @since 8.1.0
+     */
+    public function getData(){
+        return $this->data;
+    }
 
 }

Spacing +4 added lines, -4 removed lines

@@ -47,8 +47,8 @@ 
 	 * @param array $headers additional key value based headers
 	 * @since 8.1.0
 	 */
-	public function __construct($data='', $statusCode=Http::STATUS_OK,
-								$headers=[]) {
+	public function __construct($data = '', $statusCode = Http::STATUS_OK,
+								$headers = []) {
 		parent::__construct();
 
 		$this->data = $data;
@@ -73,7 +73,7 @@ 
 	 * @return DataDisplayResponse Reference to this object
 	 * @since 8.1.0
 	 */
-	public function setData($data){
+	public function setData($data) {
 		$this->data = $data;
 
 		return $this;
@@ -85,7 +85,7 @@ 
 	 * @return string the data
 	 * @since 8.1.0
 	 */
-	public function getData(){
+	public function getData() {
 		return $this->data;
 	}
 

lib/public/AppFramework/Http/TemplateResponse.php

Indentation +127 added lines, -127 removed lines

@@ -40,132 +40,132 @@
  */
 class TemplateResponse extends Response {
 
-	const EVENT_LOAD_ADDITIONAL_SCRIPTS = self::class . '::loadAdditionalScripts';
-	const EVENT_LOAD_ADDITIONAL_SCRIPTS_LOGGEDIN = self::class . '::loadAdditionalScriptsLoggedIn';
-
-	/**
-	 * name of the template
-	 * @var string
-	 */
-	protected $templateName;
-
-	/**
-	 * parameters
-	 * @var array
-	 */
-	protected $params;
-
-	/**
-	 * rendering type (admin, user, blank)
-	 * @var string
-	 */
-	protected $renderAs;
-
-	/**
-	 * app name
-	 * @var string
-	 */
-	protected $appName;
-
-	/**
-	 * constructor of TemplateResponse
-	 * @param string $appName the name of the app to load the template from
-	 * @param string $templateName the name of the template
-	 * @param array $params an array of parameters which should be passed to the
-	 * template
-	 * @param string $renderAs how the page should be rendered, defaults to user
-	 * @since 6.0.0 - parameters $params and $renderAs were added in 7.0.0
-	 */
-	public function __construct($appName, $templateName, array $params=[],
-								$renderAs='user') {
-		parent::__construct();
-
-		$this->templateName = $templateName;
-		$this->appName = $appName;
-		$this->params = $params;
-		$this->renderAs = $renderAs;
-
-		$this->setContentSecurityPolicy(new ContentSecurityPolicy());
-		$this->setFeaturePolicy(new FeaturePolicy());
-	}
-
-
-	/**
-	 * Sets template parameters
-	 * @param array $params an array with key => value structure which sets template
-	 *                      variables
-	 * @return TemplateResponse Reference to this object
-	 * @since 6.0.0 - return value was added in 7.0.0
-	 */
-	public function setParams(array $params){
-		$this->params = $params;
-
-		return $this;
-	}
-
-
-	/**
-	 * Used for accessing the set parameters
-	 * @return array the params
-	 * @since 6.0.0
-	 */
-	public function getParams(){
-		return $this->params;
-	}
-
-
-	/**
-	 * Used for accessing the name of the set template
-	 * @return string the name of the used template
-	 * @since 6.0.0
-	 */
-	public function getTemplateName(){
-		return $this->templateName;
-	}
-
-
-	/**
-	 * Sets the template page
-	 * @param string $renderAs admin, user or blank. Admin also prints the admin
-	 *                         settings header and footer, user renders the normal
-	 *                         normal page including footer and header and blank
-	 *                         just renders the plain template
-	 * @return TemplateResponse Reference to this object
-	 * @since 6.0.0 - return value was added in 7.0.0
-	 */
-	public function renderAs($renderAs){
-		$this->renderAs = $renderAs;
-
-		return $this;
-	}
-
-
-	/**
-	 * Returns the set renderAs
-	 * @return string the renderAs value
-	 * @since 6.0.0
-	 */
-	public function getRenderAs(){
-		return $this->renderAs;
-	}
-
-
-	/**
-	 * Returns the rendered html
-	 * @return string the rendered html
-	 * @since 6.0.0
-	 */
-	public function render(){
-		// \OCP\Template needs an empty string instead of 'blank' for an unwrapped response
-		$renderAs = $this->renderAs === 'blank' ? '' : $this->renderAs;
-
-		$template = new \OCP\Template($this->appName, $this->templateName, $renderAs);
-
-		foreach($this->params as $key => $value){
-			$template->assign($key, $value);
-		}
-
-		return $template->fetchPage($this->params);
-	}
+    const EVENT_LOAD_ADDITIONAL_SCRIPTS = self::class . '::loadAdditionalScripts';
+    const EVENT_LOAD_ADDITIONAL_SCRIPTS_LOGGEDIN = self::class . '::loadAdditionalScriptsLoggedIn';
+
+    /**
+     * name of the template
+     * @var string
+     */
+    protected $templateName;
+
+    /**
+     * parameters
+     * @var array
+     */
+    protected $params;
+
+    /**
+     * rendering type (admin, user, blank)
+     * @var string
+     */
+    protected $renderAs;
+
+    /**
+     * app name
+     * @var string
+     */
+    protected $appName;
+
+    /**
+     * constructor of TemplateResponse
+     * @param string $appName the name of the app to load the template from
+     * @param string $templateName the name of the template
+     * @param array $params an array of parameters which should be passed to the
+     * template
+     * @param string $renderAs how the page should be rendered, defaults to user
+     * @since 6.0.0 - parameters $params and $renderAs were added in 7.0.0
+     */
+    public function __construct($appName, $templateName, array $params=[],
+                                $renderAs='user') {
+        parent::__construct();
+
+        $this->templateName = $templateName;
+        $this->appName = $appName;
+        $this->params = $params;
+        $this->renderAs = $renderAs;
+
+        $this->setContentSecurityPolicy(new ContentSecurityPolicy());
+        $this->setFeaturePolicy(new FeaturePolicy());
+    }
+
+
+    /**
+     * Sets template parameters
+     * @param array $params an array with key => value structure which sets template
+     *                      variables
+     * @return TemplateResponse Reference to this object
+     * @since 6.0.0 - return value was added in 7.0.0
+     */
+    public function setParams(array $params){
+        $this->params = $params;
+
+        return $this;
+    }
+
+
+    /**
+     * Used for accessing the set parameters
+     * @return array the params
+     * @since 6.0.0
+     */
+    public function getParams(){
+        return $this->params;
+    }
+
+
+    /**
+     * Used for accessing the name of the set template
+     * @return string the name of the used template
+     * @since 6.0.0
+     */
+    public function getTemplateName(){
+        return $this->templateName;
+    }
+
+
+    /**
+     * Sets the template page
+     * @param string $renderAs admin, user or blank. Admin also prints the admin
+     *                         settings header and footer, user renders the normal
+     *                         normal page including footer and header and blank
+     *                         just renders the plain template
+     * @return TemplateResponse Reference to this object
+     * @since 6.0.0 - return value was added in 7.0.0
+     */
+    public function renderAs($renderAs){
+        $this->renderAs = $renderAs;
+
+        return $this;
+    }
+
+
+    /**
+     * Returns the set renderAs
+     * @return string the renderAs value
+     * @since 6.0.0
+     */
+    public function getRenderAs(){
+        return $this->renderAs;
+    }
+
+
+    /**
+     * Returns the rendered html
+     * @return string the rendered html
+     * @since 6.0.0
+     */
+    public function render(){
+        // \OCP\Template needs an empty string instead of 'blank' for an unwrapped response
+        $renderAs = $this->renderAs === 'blank' ? '' : $this->renderAs;
+
+        $template = new \OCP\Template($this->appName, $this->templateName, $renderAs);
+
+        foreach($this->params as $key => $value){
+            $template->assign($key, $value);
+        }
+
+        return $template->fetchPage($this->params);
+    }
 
 }

Spacing +11 added lines, -11 removed lines

@@ -40,8 +40,8 @@ 
  */
 class TemplateResponse extends Response {
 
-	const EVENT_LOAD_ADDITIONAL_SCRIPTS = self::class . '::loadAdditionalScripts';
-	const EVENT_LOAD_ADDITIONAL_SCRIPTS_LOGGEDIN = self::class . '::loadAdditionalScriptsLoggedIn';
+	const EVENT_LOAD_ADDITIONAL_SCRIPTS = self::class.'::loadAdditionalScripts';
+	const EVENT_LOAD_ADDITIONAL_SCRIPTS_LOGGEDIN = self::class.'::loadAdditionalScriptsLoggedIn';
 
 	/**
 	 * name of the template
@@ -76,8 +76,8 @@ 
 	 * @param string $renderAs how the page should be rendered, defaults to user
 	 * @since 6.0.0 - parameters $params and $renderAs were added in 7.0.0
 	 */
-	public function __construct($appName, $templateName, array $params=[],
-								$renderAs='user') {
+	public function __construct($appName, $templateName, array $params = [],
+								$renderAs = 'user') {
 		parent::__construct();
 
 		$this->templateName = $templateName;
@@ -97,7 +97,7 @@ 
 	 * @return TemplateResponse Reference to this object
 	 * @since 6.0.0 - return value was added in 7.0.0
 	 */
-	public function setParams(array $params){
+	public function setParams(array $params) {
 		$this->params = $params;
 
 		return $this;
@@ -109,7 +109,7 @@ 
 	 * @return array the params
 	 * @since 6.0.0
 	 */
-	public function getParams(){
+	public function getParams() {
 		return $this->params;
 	}
 
@@ -119,7 +119,7 @@ 
 	 * @return string the name of the used template
 	 * @since 6.0.0
 	 */
-	public function getTemplateName(){
+	public function getTemplateName() {
 		return $this->templateName;
 	}
 
@@ -133,7 +133,7 @@ 
 	 * @return TemplateResponse Reference to this object
 	 * @since 6.0.0 - return value was added in 7.0.0
 	 */
-	public function renderAs($renderAs){
+	public function renderAs($renderAs) {
 		$this->renderAs = $renderAs;
 
 		return $this;
@@ -145,7 +145,7 @@ 
 	 * @return string the renderAs value
 	 * @since 6.0.0
 	 */
-	public function getRenderAs(){
+	public function getRenderAs() {
 		return $this->renderAs;
 	}
 
@@ -155,13 +155,13 @@ 
 	 * @return string the rendered html
 	 * @since 6.0.0
 	 */
-	public function render(){
+	public function render() {
 		// \OCP\Template needs an empty string instead of 'blank' for an unwrapped response
 		$renderAs = $this->renderAs === 'blank' ? '' : $this->renderAs;
 
 		$template = new \OCP\Template($this->appName, $this->templateName, $renderAs);
 
-		foreach($this->params as $key => $value){
+		foreach ($this->params as $key => $value) {
 			$template->assign($key, $value);
 		}
 

lib/public/AppFramework/Http/Response.php

Indentation +355 added lines, -355 removed lines

@@ -45,359 +45,359 @@
  */
 class Response {
 
-	/**
-	 * Headers - defaults to ['Cache-Control' => 'no-cache, no-store, must-revalidate']
-	 * @var array
-	 */
-	private $headers = [
-		'Cache-Control' => 'no-cache, no-store, must-revalidate'
-	];
-
-
-	/**
-	 * Cookies that will be need to be constructed as header
-	 * @var array
-	 */
-	private $cookies = [];
-
-
-	/**
-	 * HTTP status code - defaults to STATUS OK
-	 * @var int
-	 */
-	private $status = Http::STATUS_OK;
-
-
-	/**
-	 * Last modified date
-	 * @var \DateTime
-	 */
-	private $lastModified;
-
-
-	/**
-	 * ETag
-	 * @var string
-	 */
-	private $ETag;
-
-	/** @var ContentSecurityPolicy|null Used Content-Security-Policy */
-	private $contentSecurityPolicy = null;
-
-	/** @var FeaturePolicy */
-	private $featurePolicy;
-
-	/** @var bool */
-	private $throttled = false;
-	/** @var array */
-	private $throttleMetadata = [];
-
-	/**
-	 * @since 17.0.0
-	 */
-	public function __construct() {
-	}
-
-	/**
-	 * Caches the response
-	 * @param int $cacheSeconds the amount of seconds that should be cached
-	 * if 0 then caching will be disabled
-	 * @return $this
-	 * @since 6.0.0 - return value was added in 7.0.0
-	 */
-	public function cacheFor(int $cacheSeconds) {
-		if($cacheSeconds > 0) {
-			$this->addHeader('Cache-Control', 'max-age=' . $cacheSeconds . ', must-revalidate');
-
-			// Old scool prama caching
-			$this->addHeader('Pragma', 'public');
-
-			// Set expires header
-			$expires = new \DateTime();
-			/** @var ITimeFactory $time */
-			$time = \OC::$server->query(ITimeFactory::class);
-			$expires->setTimestamp($time->getTime());
-			$expires->add(new \DateInterval('PT'.$cacheSeconds.'S'));
-			$this->addHeader('Expires', $expires->format(\DateTime::RFC2822));
-		} else {
-			$this->addHeader('Cache-Control', 'no-cache, no-store, must-revalidate');
-			unset($this->headers['Expires'], $this->headers['Pragma']);
-		}
-
-		return $this;
-	}
-
-	/**
-	 * Adds a new cookie to the response
-	 * @param string $name The name of the cookie
-	 * @param string $value The value of the cookie
-	 * @param \DateTime|null $expireDate Date on that the cookie should expire, if set
-	 * 									to null cookie will be considered as session
-	 * 									cookie.
-	 * @return $this
-	 * @since 8.0.0
-	 */
-	public function addCookie($name, $value, \DateTime $expireDate = null) {
-		$this->cookies[$name] = ['value' => $value, 'expireDate' => $expireDate];
-		return $this;
-	}
-
-
-	/**
-	 * Set the specified cookies
-	 * @param array $cookies array('foo' => array('value' => 'bar', 'expire' => null))
-	 * @return $this
-	 * @since 8.0.0
-	 */
-	public function setCookies(array $cookies) {
-		$this->cookies = $cookies;
-		return $this;
-	}
-
-
-	/**
-	 * Invalidates the specified cookie
-	 * @param string $name
-	 * @return $this
-	 * @since 8.0.0
-	 */
-	public function invalidateCookie($name) {
-		$this->addCookie($name, 'expired', new \DateTime('1971-01-01 00:00'));
-		return $this;
-	}
-
-	/**
-	 * Invalidates the specified cookies
-	 * @param array $cookieNames array('foo', 'bar')
-	 * @return $this
-	 * @since 8.0.0
-	 */
-	public function invalidateCookies(array $cookieNames) {
-		foreach($cookieNames as $cookieName) {
-			$this->invalidateCookie($cookieName);
-		}
-		return $this;
-	}
-
-	/**
-	 * Returns the cookies
-	 * @return array
-	 * @since 8.0.0
-	 */
-	public function getCookies() {
-		return $this->cookies;
-	}
-
-	/**
-	 * Adds a new header to the response that will be called before the render
-	 * function
-	 * @param string $name The name of the HTTP header
-	 * @param string $value The value, null will delete it
-	 * @return $this
-	 * @since 6.0.0 - return value was added in 7.0.0
-	 */
-	public function addHeader($name, $value) {
-		$name = trim($name);  // always remove leading and trailing whitespace
-							  // to be able to reliably check for security
-							  // headers
-
-		if(is_null($value)) {
-			unset($this->headers[$name]);
-		} else {
-			$this->headers[$name] = $value;
-		}
-
-		return $this;
-	}
-
-
-	/**
-	 * Set the headers
-	 * @param array $headers value header pairs
-	 * @return $this
-	 * @since 8.0.0
-	 */
-	public function setHeaders(array $headers) {
-		$this->headers = $headers;
-
-		return $this;
-	}
-
-
-	/**
-	 * Returns the set headers
-	 * @return array the headers
-	 * @since 6.0.0
-	 */
-	public function getHeaders() {
-		$mergeWith = [];
-
-		if($this->lastModified) {
-			$mergeWith['Last-Modified'] =
-				$this->lastModified->format(\DateTime::RFC2822);
-		}
-
-		$this->headers['Content-Security-Policy'] = $this->getContentSecurityPolicy()->buildPolicy();
-		$this->headers['Feature-Policy'] = $this->getFeaturePolicy()->buildPolicy();
-
-		if($this->ETag) {
-			$mergeWith['ETag'] = '"' . $this->ETag . '"';
-		}
-
-		return array_merge($mergeWith, $this->headers);
-	}
-
-
-	/**
-	 * By default renders no output
-	 * @return string
-	 * @since 6.0.0
-	 */
-	public function render() {
-		return '';
-	}
-
-
-	/**
-	 * Set response status
-	 * @param int $status a HTTP status code, see also the STATUS constants
-	 * @return Response Reference to this object
-	 * @since 6.0.0 - return value was added in 7.0.0
-	 */
-	public function setStatus($status) {
-		$this->status = $status;
-
-		return $this;
-	}
-
-	/**
-	 * Set a Content-Security-Policy
-	 * @param EmptyContentSecurityPolicy $csp Policy to set for the response object
-	 * @return $this
-	 * @since 8.1.0
-	 */
-	public function setContentSecurityPolicy(EmptyContentSecurityPolicy $csp) {
-		$this->contentSecurityPolicy = $csp;
-		return $this;
-	}
-
-	/**
-	 * Get the currently used Content-Security-Policy
-	 * @return EmptyContentSecurityPolicy|null Used Content-Security-Policy or null if
-	 *                                    none specified.
-	 * @since 8.1.0
-	 */
-	public function getContentSecurityPolicy() {
-		if ($this->contentSecurityPolicy === null) {
-			$this->setContentSecurityPolicy(new EmptyContentSecurityPolicy());
-		}
-		return $this->contentSecurityPolicy;
-	}
-
-
-	/**
-	 * @since 17.0.0
-	 */
-	public function getFeaturePolicy(): EmptyFeaturePolicy {
-		if ($this->featurePolicy === null) {
-			$this->setFeaturePolicy(new EmptyFeaturePolicy());
-		}
-		return $this->featurePolicy;
-	}
-
-	/**
-	 * @since 17.0.0
-	 */
-	public function setFeaturePolicy(EmptyFeaturePolicy $featurePolicy): self {
-		$this->featurePolicy = $featurePolicy;
-
-		return $this;
-	}
-
-
-
-	/**
-	 * Get response status
-	 * @since 6.0.0
-	 */
-	public function getStatus() {
-		return $this->status;
-	}
-
-
-	/**
-	 * Get the ETag
-	 * @return string the etag
-	 * @since 6.0.0
-	 */
-	public function getETag() {
-		return $this->ETag;
-	}
-
-
-	/**
-	 * Get "last modified" date
-	 * @return \DateTime RFC2822 formatted last modified date
-	 * @since 6.0.0
-	 */
-	public function getLastModified() {
-		return $this->lastModified;
-	}
-
-
-	/**
-	 * Set the ETag
-	 * @param string $ETag
-	 * @return Response Reference to this object
-	 * @since 6.0.0 - return value was added in 7.0.0
-	 */
-	public function setETag($ETag) {
-		$this->ETag = $ETag;
-
-		return $this;
-	}
-
-
-	/**
-	 * Set "last modified" date
-	 * @param \DateTime $lastModified
-	 * @return Response Reference to this object
-	 * @since 6.0.0 - return value was added in 7.0.0
-	 */
-	public function setLastModified($lastModified) {
-		$this->lastModified = $lastModified;
-
-		return $this;
-	}
-
-	/**
-	 * Marks the response as to throttle. Will be throttled when the
-	 * @BruteForceProtection annotation is added.
-	 *
-	 * @param array $metadata
-	 * @since 12.0.0
-	 */
-	public function throttle(array $metadata = []) {
-		$this->throttled = true;
-		$this->throttleMetadata = $metadata;
-	}
-
-	/**
-	 * Returns the throttle metadata, defaults to empty array
-	 *
-	 * @return array
-	 * @since 13.0.0
-	 */
-	public function getThrottleMetadata() {
-		return $this->throttleMetadata;
-	}
-
-	/**
-	 * Whether the current response is throttled.
-	 *
-	 * @since 12.0.0
-	 */
-	public function isThrottled() {
-		return $this->throttled;
-	}
+    /**
+     * Headers - defaults to ['Cache-Control' => 'no-cache, no-store, must-revalidate']
+     * @var array
+     */
+    private $headers = [
+        'Cache-Control' => 'no-cache, no-store, must-revalidate'
+    ];
+
+
+    /**
+     * Cookies that will be need to be constructed as header
+     * @var array
+     */
+    private $cookies = [];
+
+
+    /**
+     * HTTP status code - defaults to STATUS OK
+     * @var int
+     */
+    private $status = Http::STATUS_OK;
+
+
+    /**
+     * Last modified date
+     * @var \DateTime
+     */
+    private $lastModified;
+
+
+    /**
+     * ETag
+     * @var string
+     */
+    private $ETag;
+
+    /** @var ContentSecurityPolicy|null Used Content-Security-Policy */
+    private $contentSecurityPolicy = null;
+
+    /** @var FeaturePolicy */
+    private $featurePolicy;
+
+    /** @var bool */
+    private $throttled = false;
+    /** @var array */
+    private $throttleMetadata = [];
+
+    /**
+     * @since 17.0.0
+     */
+    public function __construct() {
+    }
+
+    /**
+     * Caches the response
+     * @param int $cacheSeconds the amount of seconds that should be cached
+     * if 0 then caching will be disabled
+     * @return $this
+     * @since 6.0.0 - return value was added in 7.0.0
+     */
+    public function cacheFor(int $cacheSeconds) {
+        if($cacheSeconds > 0) {
+            $this->addHeader('Cache-Control', 'max-age=' . $cacheSeconds . ', must-revalidate');
+
+            // Old scool prama caching
+            $this->addHeader('Pragma', 'public');
+
+            // Set expires header
+            $expires = new \DateTime();
+            /** @var ITimeFactory $time */
+            $time = \OC::$server->query(ITimeFactory::class);
+            $expires->setTimestamp($time->getTime());
+            $expires->add(new \DateInterval('PT'.$cacheSeconds.'S'));
+            $this->addHeader('Expires', $expires->format(\DateTime::RFC2822));
+        } else {
+            $this->addHeader('Cache-Control', 'no-cache, no-store, must-revalidate');
+            unset($this->headers['Expires'], $this->headers['Pragma']);
+        }
+
+        return $this;
+    }
+
+    /**
+     * Adds a new cookie to the response
+     * @param string $name The name of the cookie
+     * @param string $value The value of the cookie
+     * @param \DateTime|null $expireDate Date on that the cookie should expire, if set
+     * 									to null cookie will be considered as session
+     * 									cookie.
+     * @return $this
+     * @since 8.0.0
+     */
+    public function addCookie($name, $value, \DateTime $expireDate = null) {
+        $this->cookies[$name] = ['value' => $value, 'expireDate' => $expireDate];
+        return $this;
+    }
+
+
+    /**
+     * Set the specified cookies
+     * @param array $cookies array('foo' => array('value' => 'bar', 'expire' => null))
+     * @return $this
+     * @since 8.0.0
+     */
+    public function setCookies(array $cookies) {
+        $this->cookies = $cookies;
+        return $this;
+    }
+
+
+    /**
+     * Invalidates the specified cookie
+     * @param string $name
+     * @return $this
+     * @since 8.0.0
+     */
+    public function invalidateCookie($name) {
+        $this->addCookie($name, 'expired', new \DateTime('1971-01-01 00:00'));
+        return $this;
+    }
+
+    /**
+     * Invalidates the specified cookies
+     * @param array $cookieNames array('foo', 'bar')
+     * @return $this
+     * @since 8.0.0
+     */
+    public function invalidateCookies(array $cookieNames) {
+        foreach($cookieNames as $cookieName) {
+            $this->invalidateCookie($cookieName);
+        }
+        return $this;
+    }
+
+    /**
+     * Returns the cookies
+     * @return array
+     * @since 8.0.0
+     */
+    public function getCookies() {
+        return $this->cookies;
+    }
+
+    /**
+     * Adds a new header to the response that will be called before the render
+     * function
+     * @param string $name The name of the HTTP header
+     * @param string $value The value, null will delete it
+     * @return $this
+     * @since 6.0.0 - return value was added in 7.0.0
+     */
+    public function addHeader($name, $value) {
+        $name = trim($name);  // always remove leading and trailing whitespace
+                                // to be able to reliably check for security
+                                // headers
+
+        if(is_null($value)) {
+            unset($this->headers[$name]);
+        } else {
+            $this->headers[$name] = $value;
+        }
+
+        return $this;
+    }
+
+
+    /**
+     * Set the headers
+     * @param array $headers value header pairs
+     * @return $this
+     * @since 8.0.0
+     */
+    public function setHeaders(array $headers) {
+        $this->headers = $headers;
+
+        return $this;
+    }
+
+
+    /**
+     * Returns the set headers
+     * @return array the headers
+     * @since 6.0.0
+     */
+    public function getHeaders() {
+        $mergeWith = [];
+
+        if($this->lastModified) {
+            $mergeWith['Last-Modified'] =
+                $this->lastModified->format(\DateTime::RFC2822);
+        }
+
+        $this->headers['Content-Security-Policy'] = $this->getContentSecurityPolicy()->buildPolicy();
+        $this->headers['Feature-Policy'] = $this->getFeaturePolicy()->buildPolicy();
+
+        if($this->ETag) {
+            $mergeWith['ETag'] = '"' . $this->ETag . '"';
+        }
+
+        return array_merge($mergeWith, $this->headers);
+    }
+
+
+    /**
+     * By default renders no output
+     * @return string
+     * @since 6.0.0
+     */
+    public function render() {
+        return '';
+    }
+
+
+    /**
+     * Set response status
+     * @param int $status a HTTP status code, see also the STATUS constants
+     * @return Response Reference to this object
+     * @since 6.0.0 - return value was added in 7.0.0
+     */
+    public function setStatus($status) {
+        $this->status = $status;
+
+        return $this;
+    }
+
+    /**
+     * Set a Content-Security-Policy
+     * @param EmptyContentSecurityPolicy $csp Policy to set for the response object
+     * @return $this
+     * @since 8.1.0
+     */
+    public function setContentSecurityPolicy(EmptyContentSecurityPolicy $csp) {
+        $this->contentSecurityPolicy = $csp;
+        return $this;
+    }
+
+    /**
+     * Get the currently used Content-Security-Policy
+     * @return EmptyContentSecurityPolicy|null Used Content-Security-Policy or null if
+     *                                    none specified.
+     * @since 8.1.0
+     */
+    public function getContentSecurityPolicy() {
+        if ($this->contentSecurityPolicy === null) {
+            $this->setContentSecurityPolicy(new EmptyContentSecurityPolicy());
+        }
+        return $this->contentSecurityPolicy;
+    }
+
+
+    /**
+     * @since 17.0.0
+     */
+    public function getFeaturePolicy(): EmptyFeaturePolicy {
+        if ($this->featurePolicy === null) {
+            $this->setFeaturePolicy(new EmptyFeaturePolicy());
+        }
+        return $this->featurePolicy;
+    }
+
+    /**
+     * @since 17.0.0
+     */
+    public function setFeaturePolicy(EmptyFeaturePolicy $featurePolicy): self {
+        $this->featurePolicy = $featurePolicy;
+
+        return $this;
+    }
+
+
+
+    /**
+     * Get response status
+     * @since 6.0.0
+     */
+    public function getStatus() {
+        return $this->status;
+    }
+
+
+    /**
+     * Get the ETag
+     * @return string the etag
+     * @since 6.0.0
+     */
+    public function getETag() {
+        return $this->ETag;
+    }
+
+
+    /**
+     * Get "last modified" date
+     * @return \DateTime RFC2822 formatted last modified date
+     * @since 6.0.0
+     */
+    public function getLastModified() {
+        return $this->lastModified;
+    }
+
+
+    /**
+     * Set the ETag
+     * @param string $ETag
+     * @return Response Reference to this object
+     * @since 6.0.0 - return value was added in 7.0.0
+     */
+    public function setETag($ETag) {
+        $this->ETag = $ETag;
+
+        return $this;
+    }
+
+
+    /**
+     * Set "last modified" date
+     * @param \DateTime $lastModified
+     * @return Response Reference to this object
+     * @since 6.0.0 - return value was added in 7.0.0
+     */
+    public function setLastModified($lastModified) {
+        $this->lastModified = $lastModified;
+
+        return $this;
+    }
+
+    /**
+     * Marks the response as to throttle. Will be throttled when the
+     * @BruteForceProtection annotation is added.
+     *
+     * @param array $metadata
+     * @since 12.0.0
+     */
+    public function throttle(array $metadata = []) {
+        $this->throttled = true;
+        $this->throttleMetadata = $metadata;
+    }
+
+    /**
+     * Returns the throttle metadata, defaults to empty array
+     *
+     * @return array
+     * @since 13.0.0
+     */
+    public function getThrottleMetadata() {
+        return $this->throttleMetadata;
+    }
+
+    /**
+     * Whether the current response is throttled.
+     *
+     * @since 12.0.0
+     */
+    public function isThrottled() {
+        return $this->throttled;
+    }
 }

Spacing +8 added lines, -8 removed lines

@@ -106,8 +106,8 @@ 
 	 * @since 6.0.0 - return value was added in 7.0.0
 	 */
 	public function cacheFor(int $cacheSeconds) {
-		if($cacheSeconds > 0) {
-			$this->addHeader('Cache-Control', 'max-age=' . $cacheSeconds . ', must-revalidate');
+		if ($cacheSeconds > 0) {
+			$this->addHeader('Cache-Control', 'max-age='.$cacheSeconds.', must-revalidate');
 
 			// Old scool prama caching
 			$this->addHeader('Pragma', 'public');
@@ -173,7 +173,7 @@ 
 	 * @since 8.0.0
 	 */
 	public function invalidateCookies(array $cookieNames) {
-		foreach($cookieNames as $cookieName) {
+		foreach ($cookieNames as $cookieName) {
 			$this->invalidateCookie($cookieName);
 		}
 		return $this;
@@ -197,11 +197,11 @@ 
 	 * @since 6.0.0 - return value was added in 7.0.0
 	 */
 	public function addHeader($name, $value) {
-		$name = trim($name);  // always remove leading and trailing whitespace
+		$name = trim($name); // always remove leading and trailing whitespace
 							  // to be able to reliably check for security
 							  // headers
 
-		if(is_null($value)) {
+		if (is_null($value)) {
 			unset($this->headers[$name]);
 		} else {
 			$this->headers[$name] = $value;
@@ -232,7 +232,7 @@ 
 	public function getHeaders() {
 		$mergeWith = [];
 
-		if($this->lastModified) {
+		if ($this->lastModified) {
 			$mergeWith['Last-Modified'] =
 				$this->lastModified->format(\DateTime::RFC2822);
 		}
@@ -240,8 +240,8 @@ 
 		$this->headers['Content-Security-Policy'] = $this->getContentSecurityPolicy()->buildPolicy();
 		$this->headers['Feature-Policy'] = $this->getFeaturePolicy()->buildPolicy();
 
-		if($this->ETag) {
-			$mergeWith['ETag'] = '"' . $this->ETag . '"';
+		if ($this->ETag) {
+			$mergeWith['ETag'] = '"'.$this->ETag.'"';
 		}
 
 		return array_merge($mergeWith, $this->headers);

lib/public/AppFramework/Http/DataResponse.php

Indentation +36 added lines, -36 removed lines

@@ -39,50 +39,50 @@
  */
 class DataResponse extends Response {
 
-	/**
-	 * response data
-	 * @var array|object
-	 */
-	protected $data;
+    /**
+     * response data
+     * @var array|object
+     */
+    protected $data;
 
 
-	/**
-	 * @param array|object $data the object or array that should be transformed
-	 * @param int $statusCode the Http status code, defaults to 200
-	 * @param array $headers additional key value based headers
-	 * @since 8.0.0
-	 */
-	public function __construct($data=[], $statusCode=Http::STATUS_OK,
-								array $headers=[]) {
-		parent::__construct();
+    /**
+     * @param array|object $data the object or array that should be transformed
+     * @param int $statusCode the Http status code, defaults to 200
+     * @param array $headers additional key value based headers
+     * @since 8.0.0
+     */
+    public function __construct($data=[], $statusCode=Http::STATUS_OK,
+                                array $headers=[]) {
+        parent::__construct();
 
-		$this->data = $data;
-		$this->setStatus($statusCode);
-		$this->setHeaders(array_merge($this->getHeaders(), $headers));
-	}
+        $this->data = $data;
+        $this->setStatus($statusCode);
+        $this->setHeaders(array_merge($this->getHeaders(), $headers));
+    }
 
 
-	/**
-	 * Sets values in the data json array
-	 * @param array|object $data an array or object which will be transformed
-	 * @return DataResponse Reference to this object
-	 * @since 8.0.0
-	 */
-	public function setData($data){
-		$this->data = $data;
+    /**
+     * Sets values in the data json array
+     * @param array|object $data an array or object which will be transformed
+     * @return DataResponse Reference to this object
+     * @since 8.0.0
+     */
+    public function setData($data){
+        $this->data = $data;
 
-		return $this;
-	}
+        return $this;
+    }
 
 
-	/**
-	 * Used to get the set parameters
-	 * @return array the data
-	 * @since 8.0.0
-	 */
-	public function getData(){
-		return $this->data;
-	}
+    /**
+     * Used to get the set parameters
+     * @return array the data
+     * @since 8.0.0
+     */
+    public function getData(){
+        return $this->data;
+    }
 
 
 }

Spacing +4 added lines, -4 removed lines

@@ -52,8 +52,8 @@ 
 	 * @param array $headers additional key value based headers
 	 * @since 8.0.0
 	 */
-	public function __construct($data=[], $statusCode=Http::STATUS_OK,
-								array $headers=[]) {
+	public function __construct($data = [], $statusCode = Http::STATUS_OK,
+								array $headers = []) {
 		parent::__construct();
 
 		$this->data = $data;
@@ -68,7 +68,7 @@ 
 	 * @return DataResponse Reference to this object
 	 * @since 8.0.0
 	 */
-	public function setData($data){
+	public function setData($data) {
 		$this->data = $data;
 
 		return $this;
@@ -80,7 +80,7 @@ 
 	 * @return array the data
 	 * @since 8.0.0
 	 */
-	public function getData(){
+	public function getData() {
 		return $this->data;
 	}
 

lib/public/AppFramework/Controller.php

Indentation +112 added lines, -112 removed lines

@@ -46,116 +46,116 @@
  */
 abstract class Controller {
 
-	/**
-	 * app name
-	 * @var string
-	 * @since 7.0.0
-	 */
-	protected $appName;
-
-	/**
-	 * current request
-	 * @var \OCP\IRequest
-	 * @since 6.0.0
-	 */
-	protected $request;
-
-	/**
-	 * @var array
-	 * @since 7.0.0
-	 */
-	private $responders;
-
-	/**
-	 * constructor of the controller
-	 * @param string $appName the name of the app
-	 * @param IRequest $request an instance of the request
-	 * @since 6.0.0 - parameter $appName was added in 7.0.0 - parameter $app was removed in 7.0.0
-	 */
-	public function __construct($appName,
-								IRequest $request) {
-		$this->appName = $appName;
-		$this->request = $request;
-
-		// default responders
-		$this->responders = [
-			'json' => function ($data) {
-				if ($data instanceof DataResponse) {
-					$response = new JSONResponse(
-						$data->getData(),
-						$data->getStatus()
-					);
-					$dataHeaders = $data->getHeaders();
-					$headers = $response->getHeaders();
-					// do not overwrite Content-Type if it already exists
-					if (isset($dataHeaders['Content-Type'])) {
-						unset($headers['Content-Type']);
-					}
-					$response->setHeaders(array_merge($dataHeaders, $headers));
-					return $response;
-				}
-				return new JSONResponse($data);
-			}
-		];
-	}
-
-
-	/**
-	 * Parses an HTTP accept header and returns the supported responder type
-	 * @param string $acceptHeader
-	 * @param string $default
-	 * @return string the responder type
-	 * @since 7.0.0
-	 * @since 9.1.0 Added default parameter
-	 */
-	public function getResponderByHTTPHeader($acceptHeader, $default='json') {
-		$headers = explode(',', $acceptHeader);
-
-		// return the first matching responder
-		foreach ($headers as $header) {
-			$header = strtolower(trim($header));
-
-			$responder = str_replace('application/', '', $header);
-
-			if (array_key_exists($responder, $this->responders)) {
-				return $responder;
-			}
-		}
-
-		// no matching header return default
-		return $default;
-	}
-
-
-	/**
-	 * Registers a formatter for a type
-	 * @param string $format
-	 * @param \Closure $responder
-	 * @since 7.0.0
-	 */
-	protected function registerResponder($format, \Closure $responder) {
-		$this->responders[$format] = $responder;
-	}
-
-
-	/**
-	 * Serializes and formats a response
-	 * @param mixed $response the value that was returned from a controller and
-	 * is not a Response instance
-	 * @param string $format the format for which a formatter has been registered
-	 * @throws \DomainException if format does not match a registered formatter
-	 * @return Response
-	 * @since 7.0.0
-	 */
-	public function buildResponse($response, $format='json') {
-		if(array_key_exists($format, $this->responders)) {
-
-			$responder = $this->responders[$format];
-
-			return $responder($response);
-
-		}
-		throw new \DomainException('No responder registered for format '.
-			$format . '!');
-	}
+    /**
+     * app name
+     * @var string
+     * @since 7.0.0
+     */
+    protected $appName;
+
+    /**
+     * current request
+     * @var \OCP\IRequest
+     * @since 6.0.0
+     */
+    protected $request;
+
+    /**
+     * @var array
+     * @since 7.0.0
+     */
+    private $responders;
+
+    /**
+     * constructor of the controller
+     * @param string $appName the name of the app
+     * @param IRequest $request an instance of the request
+     * @since 6.0.0 - parameter $appName was added in 7.0.0 - parameter $app was removed in 7.0.0
+     */
+    public function __construct($appName,
+                                IRequest $request) {
+        $this->appName = $appName;
+        $this->request = $request;
+
+        // default responders
+        $this->responders = [
+            'json' => function ($data) {
+                if ($data instanceof DataResponse) {
+                    $response = new JSONResponse(
+                        $data->getData(),
+                        $data->getStatus()
+                    );
+                    $dataHeaders = $data->getHeaders();
+                    $headers = $response->getHeaders();
+                    // do not overwrite Content-Type if it already exists
+                    if (isset($dataHeaders['Content-Type'])) {
+                        unset($headers['Content-Type']);
+                    }
+                    $response->setHeaders(array_merge($dataHeaders, $headers));
+                    return $response;
+                }
+                return new JSONResponse($data);
+            }
+        ];
+    }
+
+
+    /**
+     * Parses an HTTP accept header and returns the supported responder type
+     * @param string $acceptHeader
+     * @param string $default
+     * @return string the responder type
+     * @since 7.0.0
+     * @since 9.1.0 Added default parameter
+     */
+    public function getResponderByHTTPHeader($acceptHeader, $default='json') {
+        $headers = explode(',', $acceptHeader);
+
+        // return the first matching responder
+        foreach ($headers as $header) {
+            $header = strtolower(trim($header));
+
+            $responder = str_replace('application/', '', $header);
+
+            if (array_key_exists($responder, $this->responders)) {
+                return $responder;
+            }
+        }
+
+        // no matching header return default
+        return $default;
+    }
+
+
+    /**
+     * Registers a formatter for a type
+     * @param string $format
+     * @param \Closure $responder
+     * @since 7.0.0
+     */
+    protected function registerResponder($format, \Closure $responder) {
+        $this->responders[$format] = $responder;
+    }
+
+
+    /**
+     * Serializes and formats a response
+     * @param mixed $response the value that was returned from a controller and
+     * is not a Response instance
+     * @param string $format the format for which a formatter has been registered
+     * @throws \DomainException if format does not match a registered formatter
+     * @return Response
+     * @since 7.0.0
+     */
+    public function buildResponse($response, $format='json') {
+        if(array_key_exists($format, $this->responders)) {
+
+            $responder = $this->responders[$format];
+
+            return $responder($response);
+
+        }
+        throw new \DomainException('No responder registered for format '.
+            $format . '!');
+    }
 }

lib/public/Share.php

Indentation +82 added lines, -82 removed lines

@@ -49,94 +49,94 @@
  */
 class Share extends \OC\Share\Constants {
 
-	/**
-	 * Get the item of item type shared with a given user by source
-	 * @param string $itemType
-	 * @param string $itemSource
-	 * @param string $user User to whom the item was shared
-	 * @param string $owner Owner of the share
-	 * @return array Return list of items with file_target, permissions and expiration
-	 * @since 6.0.0 - parameter $owner was added in 8.0.0
-	 * @deprecated 17.0.0
-	 */
-	public static function getItemSharedWithUser($itemType, $itemSource, $user, $owner = null) {
-		return \OC\Share\Share::getItemSharedWithUser($itemType, $itemSource, $user, $owner);
-	}
+    /**
+     * Get the item of item type shared with a given user by source
+     * @param string $itemType
+     * @param string $itemSource
+     * @param string $user User to whom the item was shared
+     * @param string $owner Owner of the share
+     * @return array Return list of items with file_target, permissions and expiration
+     * @since 6.0.0 - parameter $owner was added in 8.0.0
+     * @deprecated 17.0.0
+     */
+    public static function getItemSharedWithUser($itemType, $itemSource, $user, $owner = null) {
+        return \OC\Share\Share::getItemSharedWithUser($itemType, $itemSource, $user, $owner);
+    }
 
-	/**
-	 * Get the item of item type shared with the current user by source
-	 * @param string $itemType
-	 * @param string $itemSource
-	 * @param int $format (optional) Format type must be defined by the backend
-	 * @param mixed $parameters
-	 * @param bool $includeCollections
-	 * @return array
-	 * @since 5.0.0
-	 * @deprecated 17.0.0
-	 */
-	public static function getItemSharedWithBySource($itemType, $itemSource, $format = self::FORMAT_NONE,
-		$parameters = null, $includeCollections = false) {
-		// not used by any app - only here to not break apps syntax
-	}
+    /**
+     * Get the item of item type shared with the current user by source
+     * @param string $itemType
+     * @param string $itemSource
+     * @param int $format (optional) Format type must be defined by the backend
+     * @param mixed $parameters
+     * @param bool $includeCollections
+     * @return array
+     * @since 5.0.0
+     * @deprecated 17.0.0
+     */
+    public static function getItemSharedWithBySource($itemType, $itemSource, $format = self::FORMAT_NONE,
+        $parameters = null, $includeCollections = false) {
+        // not used by any app - only here to not break apps syntax
+    }
 
-	/**
-	 * Based on the given token the share information will be returned - password protected shares will be verified
-	 * @param string $token
-	 * @param bool $checkPasswordProtection
-	 * @return array|bool false will be returned in case the token is unknown or unauthorized
-	 * @since 5.0.0 - parameter $checkPasswordProtection was added in 7.0.0
-	 * @deprecated 17.0.0
-	 */
-	public static function getShareByToken($token, $checkPasswordProtection = true) {
-		// not used by any app - only here to not break apps syntax
-	}
+    /**
+     * Based on the given token the share information will be returned - password protected shares will be verified
+     * @param string $token
+     * @param bool $checkPasswordProtection
+     * @return array|bool false will be returned in case the token is unknown or unauthorized
+     * @since 5.0.0 - parameter $checkPasswordProtection was added in 7.0.0
+     * @deprecated 17.0.0
+     */
+    public static function getShareByToken($token, $checkPasswordProtection = true) {
+        // not used by any app - only here to not break apps syntax
+    }
 
 
-	/**
-	 * Get the shared items of item type owned by the current user
-	 * @param string $itemType
-	 * @param int $format (optional) Format type must be defined by the backend
-	 * @param mixed $parameters
-	 * @param int $limit Number of items to return (optional) Returns all by default
-	 * @param bool $includeCollections
-	 * @return mixed Return depends on format
-	 * @since 5.0.0
-	 * @deprecated 17.0.0
-	 */
-	public static function getItemsShared($itemType, $format = self::FORMAT_NONE, $parameters = null,
-		$limit = -1, $includeCollections = false) {
+    /**
+     * Get the shared items of item type owned by the current user
+     * @param string $itemType
+     * @param int $format (optional) Format type must be defined by the backend
+     * @param mixed $parameters
+     * @param int $limit Number of items to return (optional) Returns all by default
+     * @param bool $includeCollections
+     * @return mixed Return depends on format
+     * @since 5.0.0
+     * @deprecated 17.0.0
+     */
+    public static function getItemsShared($itemType, $format = self::FORMAT_NONE, $parameters = null,
+        $limit = -1, $includeCollections = false) {
 
-		// only used by AppVNCSafe app (https://github.com/vnc-biz/nextcloud-appvncsafe/issues/2) - only here to not break apps syntax
-	}
+        // only used by AppVNCSafe app (https://github.com/vnc-biz/nextcloud-appvncsafe/issues/2) - only here to not break apps syntax
+    }
 
-	/**
-	 * Get the shared item of item type owned by the current user
-	 * @param string $itemType
-	 * @param string $itemSource
-	 * @param int $format (optional) Format type must be defined by the backend
-	 * @param mixed $parameters
-	 * @param bool $includeCollections
-	 * @return mixed Return depends on format
-	 * @since 5.0.0
-	 * @deprecated 17.0.0
-	 */
-	public static function getItemShared($itemType, $itemSource, $format = self::FORMAT_NONE,
-										 $parameters = null, $includeCollections = false) {
+    /**
+     * Get the shared item of item type owned by the current user
+     * @param string $itemType
+     * @param string $itemSource
+     * @param int $format (optional) Format type must be defined by the backend
+     * @param mixed $parameters
+     * @param bool $includeCollections
+     * @return mixed Return depends on format
+     * @since 5.0.0
+     * @deprecated 17.0.0
+     */
+    public static function getItemShared($itemType, $itemSource, $format = self::FORMAT_NONE,
+                                            $parameters = null, $includeCollections = false) {
 
-		return \OC\Share\Share::getItemShared($itemType, $itemSource, $format, $parameters, $includeCollections);
-	}
+        return \OC\Share\Share::getItemShared($itemType, $itemSource, $format, $parameters, $includeCollections);
+    }
 
-	/**
-	 * sent status if users got informed by mail about share
-	 * @param string $itemType
-	 * @param string $itemSource
-	 * @param int $shareType SHARE_TYPE_USER, SHARE_TYPE_GROUP, or SHARE_TYPE_LINK
-	 * @param string $recipient with whom was the item shared
-	 * @param bool $status
-	 * @since 6.0.0 - parameter $originIsSource was added in 8.0.0
-	 * @deprecated 17.0.0
-	 */
-	public static function setSendMailStatus($itemType, $itemSource, $shareType, $recipient, $status) {
-		// not used by any app - only here to not break apps syntax
-	}
+    /**
+     * sent status if users got informed by mail about share
+     * @param string $itemType
+     * @param string $itemSource
+     * @param int $shareType SHARE_TYPE_USER, SHARE_TYPE_GROUP, or SHARE_TYPE_LINK
+     * @param string $recipient with whom was the item shared
+     * @param bool $status
+     * @since 6.0.0 - parameter $originIsSource was added in 8.0.0
+     * @deprecated 17.0.0
+     */
+    public static function setSendMailStatus($itemType, $itemSource, $shareType, $recipient, $status) {
+        // not used by any app - only here to not break apps syntax
+    }
 }

lib/private/IntegrityCheck/Checker.php

Indentation +536 added lines, -536 removed lines

@@ -58,540 +58,540 @@
  * @package OC\IntegrityCheck
  */
 class Checker {
-	const CACHE_KEY = 'oc.integritycheck.checker';
-	/** @var EnvironmentHelper */
-	private $environmentHelper;
-	/** @var AppLocator */
-	private $appLocator;
-	/** @var FileAccessHelper */
-	private $fileAccessHelper;
-	/** @var IConfig */
-	private $config;
-	/** @var ICache */
-	private $cache;
-	/** @var IAppManager */
-	private $appManager;
-	/** @var ITempManager */
-	private $tempManager;
-	/** @var IMimeTypeDetector */
-	private $mimeTypeDetector;
-
-	/**
-	 * @param EnvironmentHelper $environmentHelper
-	 * @param FileAccessHelper $fileAccessHelper
-	 * @param AppLocator $appLocator
-	 * @param IConfig $config
-	 * @param ICacheFactory $cacheFactory
-	 * @param IAppManager $appManager
-	 * @param ITempManager $tempManager
-	 * @param IMimeTypeDetector $mimeTypeDetector
-	 */
-	public function __construct(EnvironmentHelper $environmentHelper,
-								FileAccessHelper $fileAccessHelper,
-								AppLocator $appLocator,
-								IConfig $config = null,
-								ICacheFactory $cacheFactory,
-								IAppManager $appManager = null,
-								ITempManager $tempManager,
-								IMimeTypeDetector $mimeTypeDetector) {
-		$this->environmentHelper = $environmentHelper;
-		$this->fileAccessHelper = $fileAccessHelper;
-		$this->appLocator = $appLocator;
-		$this->config = $config;
-		$this->cache = $cacheFactory->createDistributed(self::CACHE_KEY);
-		$this->appManager = $appManager;
-		$this->tempManager = $tempManager;
-		$this->mimeTypeDetector = $mimeTypeDetector;
-	}
-
-	/**
-	 * Whether code signing is enforced or not.
-	 *
-	 * @return bool
-	 */
-	public function isCodeCheckEnforced(): bool {
-		$notSignedChannels = [ '', 'git'];
-		if (\in_array($this->environmentHelper->getChannel(), $notSignedChannels, true)) {
-			return false;
-		}
-
-		/**
-		 * This config option is undocumented and supposed to be so, it's only
-		 * applicable for very specific scenarios and we should not advertise it
-		 * too prominent. So please do not add it to config.sample.php.
-		 */
-		$isIntegrityCheckDisabled = false;
-		if ($this->config !== null) {
-			$isIntegrityCheckDisabled = $this->config->getSystemValue('integrity.check.disabled', false);
-		}
-		if ($isIntegrityCheckDisabled === true) {
-			return false;
-		}
-
-		return true;
-	}
-
-	/**
-	 * Enumerates all files belonging to the folder. Sensible defaults are excluded.
-	 *
-	 * @param string $folderToIterate
-	 * @param string $root
-	 * @return \RecursiveIteratorIterator
-	 * @throws \Exception
-	 */
-	private function getFolderIterator(string $folderToIterate, string $root = ''): \RecursiveIteratorIterator {
-		$dirItr = new \RecursiveDirectoryIterator(
-			$folderToIterate,
-			\RecursiveDirectoryIterator::SKIP_DOTS
-		);
-		if($root === '') {
-			$root = \OC::$SERVERROOT;
-		}
-		$root = rtrim($root, '/');
-
-		$excludeGenericFilesIterator = new ExcludeFileByNameFilterIterator($dirItr);
-		$excludeFoldersIterator = new ExcludeFoldersByPathFilterIterator($excludeGenericFilesIterator, $root);
-
-		return new \RecursiveIteratorIterator(
-			$excludeFoldersIterator,
-			\RecursiveIteratorIterator::SELF_FIRST
-		);
-	}
-
-	/**
-	 * Returns an array of ['filename' => 'SHA512-hash-of-file'] for all files found
-	 * in the iterator.
-	 *
-	 * @param \RecursiveIteratorIterator $iterator
-	 * @param string $path
-	 * @return array Array of hashes.
-	 */
-	private function generateHashes(\RecursiveIteratorIterator $iterator,
-									string $path): array {
-		$hashes = [];
-
-		$baseDirectoryLength = \strlen($path);
-		foreach($iterator as $filename => $data) {
-			/** @var \DirectoryIterator $data */
-			if($data->isDir()) {
-				continue;
-			}
-
-			$relativeFileName = substr($filename, $baseDirectoryLength);
-			$relativeFileName = ltrim($relativeFileName, '/');
-
-			// Exclude signature.json files in the appinfo and root folder
-			if($relativeFileName === 'appinfo/signature.json') {
-				continue;
-			}
-			// Exclude signature.json files in the appinfo and core folder
-			if($relativeFileName === 'core/signature.json') {
-				continue;
-			}
-
-			// The .htaccess file in the root folder of ownCloud can contain
-			// custom content after the installation due to the fact that dynamic
-			// content is written into it at installation time as well. This
-			// includes for example the 404 and 403 instructions.
-			// Thus we ignore everything below the first occurrence of
-			// "#### DO NOT CHANGE ANYTHING ABOVE THIS LINE ####" and have the
-			// hash generated based on this.
-			if($filename === $this->environmentHelper->getServerRoot() . '/.htaccess') {
-				$fileContent = file_get_contents($filename);
-				$explodedArray = explode('#### DO NOT CHANGE ANYTHING ABOVE THIS LINE ####', $fileContent);
-				if(\count($explodedArray) === 2) {
-					$hashes[$relativeFileName] = hash('sha512', $explodedArray[0]);
-					continue;
-				}
-			}
-			if ($filename === $this->environmentHelper->getServerRoot() . '/core/js/mimetypelist.js') {
-				$oldMimetypeList = new GenerateMimetypeFileBuilder();
-				$newFile = $oldMimetypeList->generateFile($this->mimeTypeDetector->getAllAliases());
-				if($newFile === file_get_contents($filename)) {
-					$hashes[$relativeFileName] = hash('sha512', $oldMimetypeList->generateFile($this->mimeTypeDetector->getOnlyDefaultAliases()));
-					continue;
-				}
-			}
-
-			$hashes[$relativeFileName] = hash_file('sha512', $filename);
-		}
-
-		return $hashes;
-	}
-
-	/**
-	 * Creates the signature data
-	 *
-	 * @param array $hashes
-	 * @param X509 $certificate
-	 * @param RSA $privateKey
-	 * @return array
-	 */
-	private function createSignatureData(array $hashes,
-										 X509 $certificate,
-										 RSA $privateKey): array {
-		ksort($hashes);
-
-		$privateKey->setSignatureMode(RSA::SIGNATURE_PSS);
-		$privateKey->setMGFHash('sha512');
-		// See https://tools.ietf.org/html/rfc3447#page-38
-		$privateKey->setSaltLength(0);
-		$signature = $privateKey->sign(json_encode($hashes));
-
-		return [
-			'hashes' => $hashes,
-			'signature' => base64_encode($signature),
-			'certificate' => $certificate->saveX509($certificate->currentCert),
-		];
-	}
-
-	/**
-	 * Write the signature of the app in the specified folder
-	 *
-	 * @param string $path
-	 * @param X509 $certificate
-	 * @param RSA $privateKey
-	 * @throws \Exception
-	 */
-	public function writeAppSignature($path,
-									  X509 $certificate,
-									  RSA $privateKey) {
-		$appInfoDir = $path . '/appinfo';
-		try {
-			$this->fileAccessHelper->assertDirectoryExists($appInfoDir);
-
-			$iterator = $this->getFolderIterator($path);
-			$hashes = $this->generateHashes($iterator, $path);
-			$signature = $this->createSignatureData($hashes, $certificate, $privateKey);
-				$this->fileAccessHelper->file_put_contents(
-					$appInfoDir . '/signature.json',
-				json_encode($signature, JSON_PRETTY_PRINT)
-			);
-		} catch (\Exception $e){
-			if (!$this->fileAccessHelper->is_writable($appInfoDir)) {
-				throw new \Exception($appInfoDir . ' is not writable');
-			}
-			throw $e;
-		}
-	}
-
-	/**
-	 * Write the signature of core
-	 *
-	 * @param X509 $certificate
-	 * @param RSA $rsa
-	 * @param string $path
-	 * @throws \Exception
-	 */
-	public function writeCoreSignature(X509 $certificate,
-									   RSA $rsa,
-									   $path) {
-		$coreDir = $path . '/core';
-		try {
-
-			$this->fileAccessHelper->assertDirectoryExists($coreDir);
-			$iterator = $this->getFolderIterator($path, $path);
-			$hashes = $this->generateHashes($iterator, $path);
-			$signatureData = $this->createSignatureData($hashes, $certificate, $rsa);
-			$this->fileAccessHelper->file_put_contents(
-				$coreDir . '/signature.json',
-				json_encode($signatureData, JSON_PRETTY_PRINT)
-			);
-		} catch (\Exception $e){
-			if (!$this->fileAccessHelper->is_writable($coreDir)) {
-				throw new \Exception($coreDir . ' is not writable');
-			}
-			throw $e;
-		}
-	}
-
-	/**
-	 * Verifies the signature for the specified path.
-	 *
-	 * @param string $signaturePath
-	 * @param string $basePath
-	 * @param string $certificateCN
-	 * @return array
-	 * @throws InvalidSignatureException
-	 * @throws \Exception
-	 */
-	private function verify(string $signaturePath, string $basePath, string $certificateCN): array {
-		if(!$this->isCodeCheckEnforced()) {
-			return [];
-		}
-
-		$content = $this->fileAccessHelper->file_get_contents($signaturePath);
-		$signatureData = null;
-
-		if (\is_string($content)) {
-			$signatureData = json_decode($content, true);
-		}
-		if(!\is_array($signatureData)) {
-			throw new InvalidSignatureException('Signature data not found.');
-		}
-
-		$expectedHashes = $signatureData['hashes'];
-		ksort($expectedHashes);
-		$signature = base64_decode($signatureData['signature']);
-		$certificate = $signatureData['certificate'];
-
-		// Check if certificate is signed by Nextcloud Root Authority
-		$x509 = new \phpseclib\File\X509();
-		$rootCertificatePublicKey = $this->fileAccessHelper->file_get_contents($this->environmentHelper->getServerRoot().'/resources/codesigning/root.crt');
-		$x509->loadCA($rootCertificatePublicKey);
-		$x509->loadX509($certificate);
-		if(!$x509->validateSignature()) {
-			throw new InvalidSignatureException('Certificate is not valid.');
-		}
-		// Verify if certificate has proper CN. "core" CN is always trusted.
-		if($x509->getDN(X509::DN_OPENSSL)['CN'] !== $certificateCN && $x509->getDN(X509::DN_OPENSSL)['CN'] !== 'core') {
-			throw new InvalidSignatureException(
-					sprintf('Certificate is not valid for required scope. (Requested: %s, current: CN=%s)', $certificateCN, $x509->getDN(true)['CN'])
-			);
-		}
-
-		// Check if the signature of the files is valid
-		$rsa = new \phpseclib\Crypt\RSA();
-		$rsa->loadKey($x509->currentCert['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey']);
-		$rsa->setSignatureMode(RSA::SIGNATURE_PSS);
-		$rsa->setMGFHash('sha512');
-		// See https://tools.ietf.org/html/rfc3447#page-38
-		$rsa->setSaltLength(0);
-		if(!$rsa->verify(json_encode($expectedHashes), $signature)) {
-			throw new InvalidSignatureException('Signature could not get verified.');
-		}
-
-		// Fixes for the updater as shipped with ownCloud 9.0.x: The updater is
-		// replaced after the code integrity check is performed.
-		//
-		// Due to this reason we exclude the whole updater/ folder from the code
-		// integrity check.
-		if($basePath === $this->environmentHelper->getServerRoot()) {
-			foreach($expectedHashes as $fileName => $hash) {
-				if(strpos($fileName, 'updater/') === 0) {
-					unset($expectedHashes[$fileName]);
-				}
-			}
-		}
-
-		// Compare the list of files which are not identical
-		$currentInstanceHashes = $this->generateHashes($this->getFolderIterator($basePath), $basePath);
-		$differencesA = array_diff($expectedHashes, $currentInstanceHashes);
-		$differencesB = array_diff($currentInstanceHashes, $expectedHashes);
-		$differences = array_unique(array_merge($differencesA, $differencesB));
-		$differenceArray = [];
-		foreach($differences as $filename => $hash) {
-			// Check if file should not exist in the new signature table
-			if(!array_key_exists($filename, $expectedHashes)) {
-				$differenceArray['EXTRA_FILE'][$filename]['expected'] = '';
-				$differenceArray['EXTRA_FILE'][$filename]['current'] = $hash;
-				continue;
-			}
-
-			// Check if file is missing
-			if(!array_key_exists($filename, $currentInstanceHashes)) {
-				$differenceArray['FILE_MISSING'][$filename]['expected'] = $expectedHashes[$filename];
-				$differenceArray['FILE_MISSING'][$filename]['current'] = '';
-				continue;
-			}
-
-			// Check if hash does mismatch
-			if($expectedHashes[$filename] !== $currentInstanceHashes[$filename]) {
-				$differenceArray['INVALID_HASH'][$filename]['expected'] = $expectedHashes[$filename];
-				$differenceArray['INVALID_HASH'][$filename]['current'] = $currentInstanceHashes[$filename];
-				continue;
-			}
-
-			// Should never happen.
-			throw new \Exception('Invalid behaviour in file hash comparison experienced. Please report this error to the developers.');
-		}
-
-		return $differenceArray;
-	}
-
-	/**
-	 * Whether the code integrity check has passed successful or not
-	 *
-	 * @return bool
-	 */
-	public function hasPassedCheck(): bool {
-		$results = $this->getResults();
-		if(empty($results)) {
-			return true;
-		}
-
-		return false;
-	}
-
-	/**
-	 * @return array
-	 */
-	public function getResults(): array {
-		$cachedResults = $this->cache->get(self::CACHE_KEY);
-		if(!\is_null($cachedResults)) {
-			return json_decode($cachedResults, true);
-		}
-
-		if ($this->config !== null) {
-			return json_decode($this->config->getAppValue('core', self::CACHE_KEY, '{}'), true);
-		}
-		return [];
-	}
-
-	/**
-	 * Stores the results in the app config as well as cache
-	 *
-	 * @param string $scope
-	 * @param array $result
-	 */
-	private function storeResults(string $scope, array $result) {
-		$resultArray = $this->getResults();
-		unset($resultArray[$scope]);
-		if(!empty($result)) {
-			$resultArray[$scope] = $result;
-		}
-		if ($this->config !== null) {
-			$this->config->setAppValue('core', self::CACHE_KEY, json_encode($resultArray));
-		}
-		$this->cache->set(self::CACHE_KEY, json_encode($resultArray));
-	}
-
-	/**
-	 *
-	 * Clean previous results for a proper rescanning. Otherwise
-	 */
-	private function cleanResults() {
-		$this->config->deleteAppValue('core', self::CACHE_KEY);
-		$this->cache->remove(self::CACHE_KEY);
-	}
-
-	/**
-	 * Verify the signature of $appId. Returns an array with the following content:
-	 * [
-	 * 	'FILE_MISSING' =>
-	 * 	[
-	 * 		'filename' => [
-	 * 			'expected' => 'expectedSHA512',
-	 * 			'current' => 'currentSHA512',
-	 * 		],
-	 * 	],
-	 * 	'EXTRA_FILE' =>
-	 * 	[
-	 * 		'filename' => [
-	 * 			'expected' => 'expectedSHA512',
-	 * 			'current' => 'currentSHA512',
-	 * 		],
-	 * 	],
-	 * 	'INVALID_HASH' =>
-	 * 	[
-	 * 		'filename' => [
-	 * 			'expected' => 'expectedSHA512',
-	 * 			'current' => 'currentSHA512',
-	 * 		],
-	 * 	],
-	 * ]
-	 *
-	 * Array may be empty in case no problems have been found.
-	 *
-	 * @param string $appId
-	 * @param string $path Optional path. If none is given it will be guessed.
-	 * @return array
-	 */
-	public function verifyAppSignature(string $appId, string $path = ''): array {
-		try {
-			if($path === '') {
-				$path = $this->appLocator->getAppPath($appId);
-			}
-			$result = $this->verify(
-					$path . '/appinfo/signature.json',
-					$path,
-					$appId
-			);
-		} catch (\Exception $e) {
-			$result = [
-				'EXCEPTION' => [
-					'class' => \get_class($e),
-					'message' => $e->getMessage(),
-				],
-			];
-		}
-		$this->storeResults($appId, $result);
-
-		return $result;
-	}
-
-	/**
-	 * Verify the signature of core. Returns an array with the following content:
-	 * [
-	 * 	'FILE_MISSING' =>
-	 * 	[
-	 * 		'filename' => [
-	 * 			'expected' => 'expectedSHA512',
-	 * 			'current' => 'currentSHA512',
-	 * 		],
-	 * 	],
-	 * 	'EXTRA_FILE' =>
-	 * 	[
-	 * 		'filename' => [
-	 * 			'expected' => 'expectedSHA512',
-	 * 			'current' => 'currentSHA512',
-	 * 		],
-	 * 	],
-	 * 	'INVALID_HASH' =>
-	 * 	[
-	 * 		'filename' => [
-	 * 			'expected' => 'expectedSHA512',
-	 * 			'current' => 'currentSHA512',
-	 * 		],
-	 * 	],
-	 * ]
-	 *
-	 * Array may be empty in case no problems have been found.
-	 *
-	 * @return array
-	 */
-	public function verifyCoreSignature(): array {
-		try {
-			$result = $this->verify(
-					$this->environmentHelper->getServerRoot() . '/core/signature.json',
-					$this->environmentHelper->getServerRoot(),
-					'core'
-			);
-		} catch (\Exception $e) {
-			$result = [
-				'EXCEPTION' => [
-					'class' => \get_class($e),
-					'message' => $e->getMessage(),
-				],
-			];
-		}
-		$this->storeResults('core', $result);
-
-		return $result;
-	}
-
-	/**
-	 * Verify the core code of the instance as well as all applicable applications
-	 * and store the results.
-	 */
-	public function runInstanceVerification() {
-		$this->cleanResults();
-		$this->verifyCoreSignature();
-		$appIds = $this->appLocator->getAllApps();
-		foreach($appIds as $appId) {
-			// If an application is shipped a valid signature is required
-			$isShipped = $this->appManager->isShipped($appId);
-			$appNeedsToBeChecked = false;
-			if ($isShipped) {
-				$appNeedsToBeChecked = true;
-			} elseif ($this->fileAccessHelper->file_exists($this->appLocator->getAppPath($appId) . '/appinfo/signature.json')) {
-				// Otherwise only if the application explicitly ships a signature.json file
-				$appNeedsToBeChecked = true;
-			}
-
-			if($appNeedsToBeChecked) {
-				$this->verifyAppSignature($appId);
-			}
-		}
-	}
+    const CACHE_KEY = 'oc.integritycheck.checker';
+    /** @var EnvironmentHelper */
+    private $environmentHelper;
+    /** @var AppLocator */
+    private $appLocator;
+    /** @var FileAccessHelper */
+    private $fileAccessHelper;
+    /** @var IConfig */
+    private $config;
+    /** @var ICache */
+    private $cache;
+    /** @var IAppManager */
+    private $appManager;
+    /** @var ITempManager */
+    private $tempManager;
+    /** @var IMimeTypeDetector */
+    private $mimeTypeDetector;
+
+    /**
+     * @param EnvironmentHelper $environmentHelper
+     * @param FileAccessHelper $fileAccessHelper
+     * @param AppLocator $appLocator
+     * @param IConfig $config
+     * @param ICacheFactory $cacheFactory
+     * @param IAppManager $appManager
+     * @param ITempManager $tempManager
+     * @param IMimeTypeDetector $mimeTypeDetector
+     */
+    public function __construct(EnvironmentHelper $environmentHelper,
+                                FileAccessHelper $fileAccessHelper,
+                                AppLocator $appLocator,
+                                IConfig $config = null,
+                                ICacheFactory $cacheFactory,
+                                IAppManager $appManager = null,
+                                ITempManager $tempManager,
+                                IMimeTypeDetector $mimeTypeDetector) {
+        $this->environmentHelper = $environmentHelper;
+        $this->fileAccessHelper = $fileAccessHelper;
+        $this->appLocator = $appLocator;
+        $this->config = $config;
+        $this->cache = $cacheFactory->createDistributed(self::CACHE_KEY);
+        $this->appManager = $appManager;
+        $this->tempManager = $tempManager;
+        $this->mimeTypeDetector = $mimeTypeDetector;
+    }
+
+    /**
+     * Whether code signing is enforced or not.
+     *
+     * @return bool
+     */
+    public function isCodeCheckEnforced(): bool {
+        $notSignedChannels = [ '', 'git'];
+        if (\in_array($this->environmentHelper->getChannel(), $notSignedChannels, true)) {
+            return false;
+        }
+
+        /**
+         * This config option is undocumented and supposed to be so, it's only
+         * applicable for very specific scenarios and we should not advertise it
+         * too prominent. So please do not add it to config.sample.php.
+         */
+        $isIntegrityCheckDisabled = false;
+        if ($this->config !== null) {
+            $isIntegrityCheckDisabled = $this->config->getSystemValue('integrity.check.disabled', false);
+        }
+        if ($isIntegrityCheckDisabled === true) {
+            return false;
+        }
+
+        return true;
+    }
+
+    /**
+     * Enumerates all files belonging to the folder. Sensible defaults are excluded.
+     *
+     * @param string $folderToIterate
+     * @param string $root
+     * @return \RecursiveIteratorIterator
+     * @throws \Exception
+     */
+    private function getFolderIterator(string $folderToIterate, string $root = ''): \RecursiveIteratorIterator {
+        $dirItr = new \RecursiveDirectoryIterator(
+            $folderToIterate,
+            \RecursiveDirectoryIterator::SKIP_DOTS
+        );
+        if($root === '') {
+            $root = \OC::$SERVERROOT;
+        }
+        $root = rtrim($root, '/');
+
+        $excludeGenericFilesIterator = new ExcludeFileByNameFilterIterator($dirItr);
+        $excludeFoldersIterator = new ExcludeFoldersByPathFilterIterator($excludeGenericFilesIterator, $root);
+
+        return new \RecursiveIteratorIterator(
+            $excludeFoldersIterator,
+            \RecursiveIteratorIterator::SELF_FIRST
+        );
+    }
+
+    /**
+     * Returns an array of ['filename' => 'SHA512-hash-of-file'] for all files found
+     * in the iterator.
+     *
+     * @param \RecursiveIteratorIterator $iterator
+     * @param string $path
+     * @return array Array of hashes.
+     */
+    private function generateHashes(\RecursiveIteratorIterator $iterator,
+                                    string $path): array {
+        $hashes = [];
+
+        $baseDirectoryLength = \strlen($path);
+        foreach($iterator as $filename => $data) {
+            /** @var \DirectoryIterator $data */
+            if($data->isDir()) {
+                continue;
+            }
+
+            $relativeFileName = substr($filename, $baseDirectoryLength);
+            $relativeFileName = ltrim($relativeFileName, '/');
+
+            // Exclude signature.json files in the appinfo and root folder
+            if($relativeFileName === 'appinfo/signature.json') {
+                continue;
+            }
+            // Exclude signature.json files in the appinfo and core folder
+            if($relativeFileName === 'core/signature.json') {
+                continue;
+            }
+
+            // The .htaccess file in the root folder of ownCloud can contain
+            // custom content after the installation due to the fact that dynamic
+            // content is written into it at installation time as well. This
+            // includes for example the 404 and 403 instructions.
+            // Thus we ignore everything below the first occurrence of
+            // "#### DO NOT CHANGE ANYTHING ABOVE THIS LINE ####" and have the
+            // hash generated based on this.
+            if($filename === $this->environmentHelper->getServerRoot() . '/.htaccess') {
+                $fileContent = file_get_contents($filename);
+                $explodedArray = explode('#### DO NOT CHANGE ANYTHING ABOVE THIS LINE ####', $fileContent);
+                if(\count($explodedArray) === 2) {
+                    $hashes[$relativeFileName] = hash('sha512', $explodedArray[0]);
+                    continue;
+                }
+            }
+            if ($filename === $this->environmentHelper->getServerRoot() . '/core/js/mimetypelist.js') {
+                $oldMimetypeList = new GenerateMimetypeFileBuilder();
+                $newFile = $oldMimetypeList->generateFile($this->mimeTypeDetector->getAllAliases());
+                if($newFile === file_get_contents($filename)) {
+                    $hashes[$relativeFileName] = hash('sha512', $oldMimetypeList->generateFile($this->mimeTypeDetector->getOnlyDefaultAliases()));
+                    continue;
+                }
+            }
+
+            $hashes[$relativeFileName] = hash_file('sha512', $filename);
+        }
+
+        return $hashes;
+    }
+
+    /**
+     * Creates the signature data
+     *
+     * @param array $hashes
+     * @param X509 $certificate
+     * @param RSA $privateKey
+     * @return array
+     */
+    private function createSignatureData(array $hashes,
+                                            X509 $certificate,
+                                            RSA $privateKey): array {
+        ksort($hashes);
+
+        $privateKey->setSignatureMode(RSA::SIGNATURE_PSS);
+        $privateKey->setMGFHash('sha512');
+        // See https://tools.ietf.org/html/rfc3447#page-38
+        $privateKey->setSaltLength(0);
+        $signature = $privateKey->sign(json_encode($hashes));
+
+        return [
+            'hashes' => $hashes,
+            'signature' => base64_encode($signature),
+            'certificate' => $certificate->saveX509($certificate->currentCert),
+        ];
+    }
+
+    /**
+     * Write the signature of the app in the specified folder
+     *
+     * @param string $path
+     * @param X509 $certificate
+     * @param RSA $privateKey
+     * @throws \Exception
+     */
+    public function writeAppSignature($path,
+                                        X509 $certificate,
+                                        RSA $privateKey) {
+        $appInfoDir = $path . '/appinfo';
+        try {
+            $this->fileAccessHelper->assertDirectoryExists($appInfoDir);
+
+            $iterator = $this->getFolderIterator($path);
+            $hashes = $this->generateHashes($iterator, $path);
+            $signature = $this->createSignatureData($hashes, $certificate, $privateKey);
+                $this->fileAccessHelper->file_put_contents(
+                    $appInfoDir . '/signature.json',
+                json_encode($signature, JSON_PRETTY_PRINT)
+            );
+        } catch (\Exception $e){
+            if (!$this->fileAccessHelper->is_writable($appInfoDir)) {
+                throw new \Exception($appInfoDir . ' is not writable');
+            }
+            throw $e;
+        }
+    }
+
+    /**
+     * Write the signature of core
+     *
+     * @param X509 $certificate
+     * @param RSA $rsa
+     * @param string $path
+     * @throws \Exception
+     */
+    public function writeCoreSignature(X509 $certificate,
+                                        RSA $rsa,
+                                        $path) {
+        $coreDir = $path . '/core';
+        try {
+
+            $this->fileAccessHelper->assertDirectoryExists($coreDir);
+            $iterator = $this->getFolderIterator($path, $path);
+            $hashes = $this->generateHashes($iterator, $path);
+            $signatureData = $this->createSignatureData($hashes, $certificate, $rsa);
+            $this->fileAccessHelper->file_put_contents(
+                $coreDir . '/signature.json',
+                json_encode($signatureData, JSON_PRETTY_PRINT)
+            );
+        } catch (\Exception $e){
+            if (!$this->fileAccessHelper->is_writable($coreDir)) {
+                throw new \Exception($coreDir . ' is not writable');
+            }
+            throw $e;
+        }
+    }
+
+    /**
+     * Verifies the signature for the specified path.
+     *
+     * @param string $signaturePath
+     * @param string $basePath
+     * @param string $certificateCN
+     * @return array
+     * @throws InvalidSignatureException
+     * @throws \Exception
+     */
+    private function verify(string $signaturePath, string $basePath, string $certificateCN): array {
+        if(!$this->isCodeCheckEnforced()) {
+            return [];
+        }
+
+        $content = $this->fileAccessHelper->file_get_contents($signaturePath);
+        $signatureData = null;
+
+        if (\is_string($content)) {
+            $signatureData = json_decode($content, true);
+        }
+        if(!\is_array($signatureData)) {
+            throw new InvalidSignatureException('Signature data not found.');
+        }
+
+        $expectedHashes = $signatureData['hashes'];
+        ksort($expectedHashes);
+        $signature = base64_decode($signatureData['signature']);
+        $certificate = $signatureData['certificate'];
+
+        // Check if certificate is signed by Nextcloud Root Authority
+        $x509 = new \phpseclib\File\X509();
+        $rootCertificatePublicKey = $this->fileAccessHelper->file_get_contents($this->environmentHelper->getServerRoot().'/resources/codesigning/root.crt');
+        $x509->loadCA($rootCertificatePublicKey);
+        $x509->loadX509($certificate);
+        if(!$x509->validateSignature()) {
+            throw new InvalidSignatureException('Certificate is not valid.');
+        }
+        // Verify if certificate has proper CN. "core" CN is always trusted.
+        if($x509->getDN(X509::DN_OPENSSL)['CN'] !== $certificateCN && $x509->getDN(X509::DN_OPENSSL)['CN'] !== 'core') {
+            throw new InvalidSignatureException(
+                    sprintf('Certificate is not valid for required scope. (Requested: %s, current: CN=%s)', $certificateCN, $x509->getDN(true)['CN'])
+            );
+        }
+
+        // Check if the signature of the files is valid
+        $rsa = new \phpseclib\Crypt\RSA();
+        $rsa->loadKey($x509->currentCert['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey']);
+        $rsa->setSignatureMode(RSA::SIGNATURE_PSS);
+        $rsa->setMGFHash('sha512');
+        // See https://tools.ietf.org/html/rfc3447#page-38
+        $rsa->setSaltLength(0);
+        if(!$rsa->verify(json_encode($expectedHashes), $signature)) {
+            throw new InvalidSignatureException('Signature could not get verified.');
+        }
+
+        // Fixes for the updater as shipped with ownCloud 9.0.x: The updater is
+        // replaced after the code integrity check is performed.
+        //
+        // Due to this reason we exclude the whole updater/ folder from the code
+        // integrity check.
+        if($basePath === $this->environmentHelper->getServerRoot()) {
+            foreach($expectedHashes as $fileName => $hash) {
+                if(strpos($fileName, 'updater/') === 0) {
+                    unset($expectedHashes[$fileName]);
+                }
+            }
+        }
+
+        // Compare the list of files which are not identical
+        $currentInstanceHashes = $this->generateHashes($this->getFolderIterator($basePath), $basePath);
+        $differencesA = array_diff($expectedHashes, $currentInstanceHashes);
+        $differencesB = array_diff($currentInstanceHashes, $expectedHashes);
+        $differences = array_unique(array_merge($differencesA, $differencesB));
+        $differenceArray = [];
+        foreach($differences as $filename => $hash) {
+            // Check if file should not exist in the new signature table
+            if(!array_key_exists($filename, $expectedHashes)) {
+                $differenceArray['EXTRA_FILE'][$filename]['expected'] = '';
+                $differenceArray['EXTRA_FILE'][$filename]['current'] = $hash;
+                continue;
+            }
+
+            // Check if file is missing
+            if(!array_key_exists($filename, $currentInstanceHashes)) {
+                $differenceArray['FILE_MISSING'][$filename]['expected'] = $expectedHashes[$filename];
+                $differenceArray['FILE_MISSING'][$filename]['current'] = '';
+                continue;
+            }
+
+            // Check if hash does mismatch
+            if($expectedHashes[$filename] !== $currentInstanceHashes[$filename]) {
+                $differenceArray['INVALID_HASH'][$filename]['expected'] = $expectedHashes[$filename];
+                $differenceArray['INVALID_HASH'][$filename]['current'] = $currentInstanceHashes[$filename];
+                continue;
+            }
+
+            // Should never happen.
+            throw new \Exception('Invalid behaviour in file hash comparison experienced. Please report this error to the developers.');
+        }
+
+        return $differenceArray;
+    }
+
+    /**
+     * Whether the code integrity check has passed successful or not
+     *
+     * @return bool
+     */
+    public function hasPassedCheck(): bool {
+        $results = $this->getResults();
+        if(empty($results)) {
+            return true;
+        }
+
+        return false;
+    }
+
+    /**
+     * @return array
+     */
+    public function getResults(): array {
+        $cachedResults = $this->cache->get(self::CACHE_KEY);
+        if(!\is_null($cachedResults)) {
+            return json_decode($cachedResults, true);
+        }
+
+        if ($this->config !== null) {
+            return json_decode($this->config->getAppValue('core', self::CACHE_KEY, '{}'), true);
+        }
+        return [];
+    }
+
+    /**
+     * Stores the results in the app config as well as cache
+     *
+     * @param string $scope
+     * @param array $result
+     */
+    private function storeResults(string $scope, array $result) {
+        $resultArray = $this->getResults();
+        unset($resultArray[$scope]);
+        if(!empty($result)) {
+            $resultArray[$scope] = $result;
+        }
+        if ($this->config !== null) {
+            $this->config->setAppValue('core', self::CACHE_KEY, json_encode($resultArray));
+        }
+        $this->cache->set(self::CACHE_KEY, json_encode($resultArray));
+    }
+
+    /**
+     *
+     * Clean previous results for a proper rescanning. Otherwise
+     */
+    private function cleanResults() {
+        $this->config->deleteAppValue('core', self::CACHE_KEY);
+        $this->cache->remove(self::CACHE_KEY);
+    }
+
+    /**
+     * Verify the signature of $appId. Returns an array with the following content:
+     * [
+     * 	'FILE_MISSING' =>
+     * 	[
+     * 		'filename' => [
+     * 			'expected' => 'expectedSHA512',
+     * 			'current' => 'currentSHA512',
+     * 		],
+     * 	],
+     * 	'EXTRA_FILE' =>
+     * 	[
+     * 		'filename' => [
+     * 			'expected' => 'expectedSHA512',
+     * 			'current' => 'currentSHA512',
+     * 		],
+     * 	],
+     * 	'INVALID_HASH' =>
+     * 	[
+     * 		'filename' => [
+     * 			'expected' => 'expectedSHA512',
+     * 			'current' => 'currentSHA512',
+     * 		],
+     * 	],
+     * ]
+     *
+     * Array may be empty in case no problems have been found.
+     *
+     * @param string $appId
+     * @param string $path Optional path. If none is given it will be guessed.
+     * @return array
+     */
+    public function verifyAppSignature(string $appId, string $path = ''): array {
+        try {
+            if($path === '') {
+                $path = $this->appLocator->getAppPath($appId);
+            }
+            $result = $this->verify(
+                    $path . '/appinfo/signature.json',
+                    $path,
+                    $appId
+            );
+        } catch (\Exception $e) {
+            $result = [
+                'EXCEPTION' => [
+                    'class' => \get_class($e),
+                    'message' => $e->getMessage(),
+                ],
+            ];
+        }
+        $this->storeResults($appId, $result);
+
+        return $result;
+    }
+
+    /**
+     * Verify the signature of core. Returns an array with the following content:
+     * [
+     * 	'FILE_MISSING' =>
+     * 	[
+     * 		'filename' => [
+     * 			'expected' => 'expectedSHA512',
+     * 			'current' => 'currentSHA512',
+     * 		],
+     * 	],
+     * 	'EXTRA_FILE' =>
+     * 	[
+     * 		'filename' => [
+     * 			'expected' => 'expectedSHA512',
+     * 			'current' => 'currentSHA512',
+     * 		],
+     * 	],
+     * 	'INVALID_HASH' =>
+     * 	[
+     * 		'filename' => [
+     * 			'expected' => 'expectedSHA512',
+     * 			'current' => 'currentSHA512',
+     * 		],
+     * 	],
+     * ]
+     *
+     * Array may be empty in case no problems have been found.
+     *
+     * @return array
+     */
+    public function verifyCoreSignature(): array {
+        try {
+            $result = $this->verify(
+                    $this->environmentHelper->getServerRoot() . '/core/signature.json',
+                    $this->environmentHelper->getServerRoot(),
+                    'core'
+            );
+        } catch (\Exception $e) {
+            $result = [
+                'EXCEPTION' => [
+                    'class' => \get_class($e),
+                    'message' => $e->getMessage(),
+                ],
+            ];
+        }
+        $this->storeResults('core', $result);
+
+        return $result;
+    }
+
+    /**
+     * Verify the core code of the instance as well as all applicable applications
+     * and store the results.
+     */
+    public function runInstanceVerification() {
+        $this->cleanResults();
+        $this->verifyCoreSignature();
+        $appIds = $this->appLocator->getAllApps();
+        foreach($appIds as $appId) {
+            // If an application is shipped a valid signature is required
+            $isShipped = $this->appManager->isShipped($appId);
+            $appNeedsToBeChecked = false;
+            if ($isShipped) {
+                $appNeedsToBeChecked = true;
+            } elseif ($this->fileAccessHelper->file_exists($this->appLocator->getAppPath($appId) . '/appinfo/signature.json')) {
+                // Otherwise only if the application explicitly ships a signature.json file
+                $appNeedsToBeChecked = true;
+            }
+
+            if($appNeedsToBeChecked) {
+                $this->verifyAppSignature($appId);
+            }
+        }
+    }
 }

lib/private/Preview/Generator.php

Indentation +395 added lines, -395 removed lines

@@ -42,413 +42,413 @@
 
 class Generator {
 
-	/** @var IPreview */
-	private $previewManager;
-	/** @var IConfig */
-	private $config;
-	/** @var IAppData */
-	private $appData;
-	/** @var GeneratorHelper */
-	private $helper;
-	/** @var EventDispatcherInterface */
-	private $eventDispatcher;
-
-	/**
-	 * @param IConfig $config
-	 * @param IPreview $previewManager
-	 * @param IAppData $appData
-	 * @param GeneratorHelper $helper
-	 * @param EventDispatcherInterface $eventDispatcher
-	 */
-	public function __construct(
-		IConfig $config,
-		IPreview $previewManager,
-		IAppData $appData,
-		GeneratorHelper $helper,
-		EventDispatcherInterface $eventDispatcher
-	) {
-		$this->config = $config;
-		$this->previewManager = $previewManager;
-		$this->appData = $appData;
-		$this->helper = $helper;
-		$this->eventDispatcher = $eventDispatcher;
-	}
-
-	/**
-	 * Returns a preview of a file
-	 *
-	 * The cache is searched first and if nothing usable was found then a preview is
-	 * generated by one of the providers
-	 *
-	 * @param File $file
-	 * @param int $width
-	 * @param int $height
-	 * @param bool $crop
-	 * @param string $mode
-	 * @param string $mimeType
-	 * @return ISimpleFile
-	 * @throws NotFoundException
-	 * @throws \InvalidArgumentException if the preview would be invalid (in case the original image is invalid)
-	 */
-	public function getPreview(File $file, $width = -1, $height = -1, $crop = false, $mode = IPreview::MODE_FILL, $mimeType = null) {
-		//Make sure that we can read the file
-		if (!$file->isReadable()) {
-			throw new NotFoundException('Cannot read file');
-		}
-
-
-		$this->eventDispatcher->dispatch(
-			IPreview::EVENT,
-			new GenericEvent($file, [
-				'width' => $width,
-				'height' => $height,
-				'crop' => $crop,
-				'mode' => $mode
-			])
-		);
-
-		if ($mimeType === null) {
-			$mimeType = $file->getMimeType();
-		}
-		if (!$this->previewManager->isMimeSupported($mimeType)) {
-			throw new NotFoundException();
-		}
-
-		$previewFolder = $this->getPreviewFolder($file);
-
-		$previewVersion = '';
-		if ($file instanceof IVersionedPreviewFile) {
-			$previewVersion = $file->getPreviewVersion() . '-';
-		}
-
-		// Get the max preview and infer the max preview sizes from that
-		$maxPreview = $this->getMaxPreview($previewFolder, $file, $mimeType, $previewVersion);
-		if ($maxPreview->getSize() === 0) {
-			$maxPreview->delete();
-			throw new NotFoundException('Max preview size 0, invalid!');
-		}
-
-		list($maxWidth, $maxHeight) = $this->getPreviewSize($maxPreview, $previewVersion);
-
-		// If both width and heigth are -1 we just want the max preview
-		if ($width === -1 && $height === -1) {
-			$width = $maxWidth;
-			$height = $maxHeight;
-		}
-
-		// Calculate the preview size
-		list($width, $height) = $this->calculateSize($width, $height, $crop, $mode, $maxWidth, $maxHeight);
-
-		// No need to generate a preview that is just the max preview
-		if ($width === $maxWidth && $height === $maxHeight) {
-			return $maxPreview;
-		}
-
-		// Try to get a cached preview. Else generate (and store) one
-		try {
-			try {
-				$preview = $this->getCachedPreview($previewFolder, $width, $height, $crop, $maxPreview->getMimeType(), $previewVersion);
-			} catch (NotFoundException $e) {
-				$preview = $this->generatePreview($previewFolder, $maxPreview, $width, $height, $crop, $maxWidth, $maxHeight, $previewVersion);
-			}
-		} catch (\InvalidArgumentException $e) {
-			throw new NotFoundException();
-		}
-
-		if ($preview->getSize() === 0) {
-			$preview->delete();
-			throw new NotFoundException('Cached preview size 0, invalid!');
-		}
-
-		return $preview;
-	}
-
-	/**
-	 * @param ISimpleFolder $previewFolder
-	 * @param File $file
-	 * @param string $mimeType
-	 * @param string $prefix
-	 * @return ISimpleFile
-	 * @throws NotFoundException
-	 */
-	private function getMaxPreview(ISimpleFolder $previewFolder, File $file, $mimeType, $prefix) {
-		$nodes = $previewFolder->getDirectoryListing();
-
-		foreach ($nodes as $node) {
-			$name = $node->getName();
-			if (($prefix === '' || strpos($name, $prefix) === 0) && strpos($name, 'max')) {
-				return $node;
-			}
-		}
-
-		$previewProviders = $this->previewManager->getProviders();
-		foreach ($previewProviders as $supportedMimeType => $providers) {
-			if (!preg_match($supportedMimeType, $mimeType)) {
-				continue;
-			}
-
-			foreach ($providers as $providerClosure) {
-				$provider = $this->helper->getProvider($providerClosure);
-				if (!($provider instanceof IProviderV2)) {
-					continue;
-				}
-
-				if (!$provider->isAvailable($file)) {
-					continue;
-				}
-
-				$maxWidth = (int)$this->config->getSystemValue('preview_max_x', 4096);
-				$maxHeight = (int)$this->config->getSystemValue('preview_max_y', 4096);
-
-				$preview = $this->helper->getThumbnail($provider, $file, $maxWidth, $maxHeight);
-
-				if (!($preview instanceof IImage)) {
-					continue;
-				}
-
-				// Try to get the extention.
-				try {
-					$ext = $this->getExtention($preview->dataMimeType());
-				} catch (\InvalidArgumentException $e) {
-					// Just continue to the next iteration if this preview doesn't have a valid mimetype
-					continue;
-				}
-
-				$path = $prefix . (string)$preview->width() . '-' . (string)$preview->height() . '-max.' . $ext;
-				try {
-					$file = $previewFolder->newFile($path);
-					$file->putContent($preview->data());
-				} catch (NotPermittedException $e) {
-					throw new NotFoundException();
-				}
-
-				return $file;
-			}
-		}
-
-		throw new NotFoundException();
-	}
-
-	/**
-	 * @param ISimpleFile $file
-	 * @param string $prefix
-	 * @return int[]
-	 */
-	private function getPreviewSize(ISimpleFile $file, string $prefix = '') {
-		$size = explode('-', substr($file->getName(), strlen($prefix)));
-		return [(int)$size[0], (int)$size[1]];
-	}
-
-	/**
-	 * @param int $width
-	 * @param int $height
-	 * @param bool $crop
-	 * @param string $mimeType
-	 * @param string $prefix
-	 * @return string
-	 */
-	private function generatePath($width, $height, $crop, $mimeType, $prefix) {
-		$path = $prefix . (string)$width . '-' . (string)$height;
-		if ($crop) {
-			$path .= '-crop';
-		}
-
-		$ext = $this->getExtention($mimeType);
-		$path .= '.' . $ext;
-		return $path;
-	}
-
-
-	/**
-	 * @param int $width
-	 * @param int $height
-	 * @param bool $crop
-	 * @param string $mode
-	 * @param int $maxWidth
-	 * @param int $maxHeight
-	 * @return int[]
-	 */
-	private function calculateSize($width, $height, $crop, $mode, $maxWidth, $maxHeight) {
-
-		/*
+    /** @var IPreview */
+    private $previewManager;
+    /** @var IConfig */
+    private $config;
+    /** @var IAppData */
+    private $appData;
+    /** @var GeneratorHelper */
+    private $helper;
+    /** @var EventDispatcherInterface */
+    private $eventDispatcher;
+
+    /**
+     * @param IConfig $config
+     * @param IPreview $previewManager
+     * @param IAppData $appData
+     * @param GeneratorHelper $helper
+     * @param EventDispatcherInterface $eventDispatcher
+     */
+    public function __construct(
+        IConfig $config,
+        IPreview $previewManager,
+        IAppData $appData,
+        GeneratorHelper $helper,
+        EventDispatcherInterface $eventDispatcher
+    ) {
+        $this->config = $config;
+        $this->previewManager = $previewManager;
+        $this->appData = $appData;
+        $this->helper = $helper;
+        $this->eventDispatcher = $eventDispatcher;
+    }
+
+    /**
+     * Returns a preview of a file
+     *
+     * The cache is searched first and if nothing usable was found then a preview is
+     * generated by one of the providers
+     *
+     * @param File $file
+     * @param int $width
+     * @param int $height
+     * @param bool $crop
+     * @param string $mode
+     * @param string $mimeType
+     * @return ISimpleFile
+     * @throws NotFoundException
+     * @throws \InvalidArgumentException if the preview would be invalid (in case the original image is invalid)
+     */
+    public function getPreview(File $file, $width = -1, $height = -1, $crop = false, $mode = IPreview::MODE_FILL, $mimeType = null) {
+        //Make sure that we can read the file
+        if (!$file->isReadable()) {
+            throw new NotFoundException('Cannot read file');
+        }
+
+
+        $this->eventDispatcher->dispatch(
+            IPreview::EVENT,
+            new GenericEvent($file, [
+                'width' => $width,
+                'height' => $height,
+                'crop' => $crop,
+                'mode' => $mode
+            ])
+        );
+
+        if ($mimeType === null) {
+            $mimeType = $file->getMimeType();
+        }
+        if (!$this->previewManager->isMimeSupported($mimeType)) {
+            throw new NotFoundException();
+        }
+
+        $previewFolder = $this->getPreviewFolder($file);
+
+        $previewVersion = '';
+        if ($file instanceof IVersionedPreviewFile) {
+            $previewVersion = $file->getPreviewVersion() . '-';
+        }
+
+        // Get the max preview and infer the max preview sizes from that
+        $maxPreview = $this->getMaxPreview($previewFolder, $file, $mimeType, $previewVersion);
+        if ($maxPreview->getSize() === 0) {
+            $maxPreview->delete();
+            throw new NotFoundException('Max preview size 0, invalid!');
+        }
+
+        list($maxWidth, $maxHeight) = $this->getPreviewSize($maxPreview, $previewVersion);
+
+        // If both width and heigth are -1 we just want the max preview
+        if ($width === -1 && $height === -1) {
+            $width = $maxWidth;
+            $height = $maxHeight;
+        }
+
+        // Calculate the preview size
+        list($width, $height) = $this->calculateSize($width, $height, $crop, $mode, $maxWidth, $maxHeight);
+
+        // No need to generate a preview that is just the max preview
+        if ($width === $maxWidth && $height === $maxHeight) {
+            return $maxPreview;
+        }
+
+        // Try to get a cached preview. Else generate (and store) one
+        try {
+            try {
+                $preview = $this->getCachedPreview($previewFolder, $width, $height, $crop, $maxPreview->getMimeType(), $previewVersion);
+            } catch (NotFoundException $e) {
+                $preview = $this->generatePreview($previewFolder, $maxPreview, $width, $height, $crop, $maxWidth, $maxHeight, $previewVersion);
+            }
+        } catch (\InvalidArgumentException $e) {
+            throw new NotFoundException();
+        }
+
+        if ($preview->getSize() === 0) {
+            $preview->delete();
+            throw new NotFoundException('Cached preview size 0, invalid!');
+        }
+
+        return $preview;
+    }
+
+    /**
+     * @param ISimpleFolder $previewFolder
+     * @param File $file
+     * @param string $mimeType
+     * @param string $prefix
+     * @return ISimpleFile
+     * @throws NotFoundException
+     */
+    private function getMaxPreview(ISimpleFolder $previewFolder, File $file, $mimeType, $prefix) {
+        $nodes = $previewFolder->getDirectoryListing();
+
+        foreach ($nodes as $node) {
+            $name = $node->getName();
+            if (($prefix === '' || strpos($name, $prefix) === 0) && strpos($name, 'max')) {
+                return $node;
+            }
+        }
+
+        $previewProviders = $this->previewManager->getProviders();
+        foreach ($previewProviders as $supportedMimeType => $providers) {
+            if (!preg_match($supportedMimeType, $mimeType)) {
+                continue;
+            }
+
+            foreach ($providers as $providerClosure) {
+                $provider = $this->helper->getProvider($providerClosure);
+                if (!($provider instanceof IProviderV2)) {
+                    continue;
+                }
+
+                if (!$provider->isAvailable($file)) {
+                    continue;
+                }
+
+                $maxWidth = (int)$this->config->getSystemValue('preview_max_x', 4096);
+                $maxHeight = (int)$this->config->getSystemValue('preview_max_y', 4096);
+
+                $preview = $this->helper->getThumbnail($provider, $file, $maxWidth, $maxHeight);
+
+                if (!($preview instanceof IImage)) {
+                    continue;
+                }
+
+                // Try to get the extention.
+                try {
+                    $ext = $this->getExtention($preview->dataMimeType());
+                } catch (\InvalidArgumentException $e) {
+                    // Just continue to the next iteration if this preview doesn't have a valid mimetype
+                    continue;
+                }
+
+                $path = $prefix . (string)$preview->width() . '-' . (string)$preview->height() . '-max.' . $ext;
+                try {
+                    $file = $previewFolder->newFile($path);
+                    $file->putContent($preview->data());
+                } catch (NotPermittedException $e) {
+                    throw new NotFoundException();
+                }
+
+                return $file;
+            }
+        }
+
+        throw new NotFoundException();
+    }
+
+    /**
+     * @param ISimpleFile $file
+     * @param string $prefix
+     * @return int[]
+     */
+    private function getPreviewSize(ISimpleFile $file, string $prefix = '') {
+        $size = explode('-', substr($file->getName(), strlen($prefix)));
+        return [(int)$size[0], (int)$size[1]];
+    }
+
+    /**
+     * @param int $width
+     * @param int $height
+     * @param bool $crop
+     * @param string $mimeType
+     * @param string $prefix
+     * @return string
+     */
+    private function generatePath($width, $height, $crop, $mimeType, $prefix) {
+        $path = $prefix . (string)$width . '-' . (string)$height;
+        if ($crop) {
+            $path .= '-crop';
+        }
+
+        $ext = $this->getExtention($mimeType);
+        $path .= '.' . $ext;
+        return $path;
+    }
+
+
+    /**
+     * @param int $width
+     * @param int $height
+     * @param bool $crop
+     * @param string $mode
+     * @param int $maxWidth
+     * @param int $maxHeight
+     * @return int[]
+     */
+    private function calculateSize($width, $height, $crop, $mode, $maxWidth, $maxHeight) {
+
+        /*
 		 * If we are not cropping we have to make sure the requested image
 		 * respects the aspect ratio of the original.
 		 */
-		if (!$crop) {
-			$ratio = $maxHeight / $maxWidth;
+        if (!$crop) {
+            $ratio = $maxHeight / $maxWidth;
 
-			if ($width === -1) {
-				$width = $height / $ratio;
-			}
-			if ($height === -1) {
-				$height = $width * $ratio;
-			}
+            if ($width === -1) {
+                $width = $height / $ratio;
+            }
+            if ($height === -1) {
+                $height = $width * $ratio;
+            }
 
-			$ratioH = $height / $maxHeight;
-			$ratioW = $width / $maxWidth;
+            $ratioH = $height / $maxHeight;
+            $ratioW = $width / $maxWidth;
 
-			/*
+            /*
 			 * Fill means that the $height and $width are the max
 			 * Cover means min.
 			 */
-			if ($mode === IPreview::MODE_FILL) {
-				if ($ratioH > $ratioW) {
-					$height = $width * $ratio;
-				} else {
-					$width = $height / $ratio;
-				}
-			} else if ($mode === IPreview::MODE_COVER) {
-				if ($ratioH > $ratioW) {
-					$width = $height / $ratio;
-				} else {
-					$height = $width * $ratio;
-				}
-			}
-		}
-
-		if ($height !== $maxHeight && $width !== $maxWidth) {
-			/*
+            if ($mode === IPreview::MODE_FILL) {
+                if ($ratioH > $ratioW) {
+                    $height = $width * $ratio;
+                } else {
+                    $width = $height / $ratio;
+                }
+            } else if ($mode === IPreview::MODE_COVER) {
+                if ($ratioH > $ratioW) {
+                    $width = $height / $ratio;
+                } else {
+                    $height = $width * $ratio;
+                }
+            }
+        }
+
+        if ($height !== $maxHeight && $width !== $maxWidth) {
+            /*
 			 * Scale to the nearest power of four
 			 */
-			$pow4height = 4 ** ceil(log($height) / log(4));
-			$pow4width = 4 ** ceil(log($width) / log(4));
-
-			// Minimum size is 64
-			$pow4height = max($pow4height, 64);
-			$pow4width = max($pow4width, 64);
-
-			$ratioH = $height / $pow4height;
-			$ratioW = $width / $pow4width;
-
-			if ($ratioH < $ratioW) {
-				$width = $pow4width;
-				$height /= $ratioW;
-			} else {
-				$height = $pow4height;
-				$width /= $ratioH;
-			}
-		}
-
-		/*
+            $pow4height = 4 ** ceil(log($height) / log(4));
+            $pow4width = 4 ** ceil(log($width) / log(4));
+
+            // Minimum size is 64
+            $pow4height = max($pow4height, 64);
+            $pow4width = max($pow4width, 64);
+
+            $ratioH = $height / $pow4height;
+            $ratioW = $width / $pow4width;
+
+            if ($ratioH < $ratioW) {
+                $width = $pow4width;
+                $height /= $ratioW;
+            } else {
+                $height = $pow4height;
+                $width /= $ratioH;
+            }
+        }
+
+        /*
 		 * Make sure the requested height and width fall within the max
 		 * of the preview.
 		 */
-		if ($height > $maxHeight) {
-			$ratio = $height / $maxHeight;
-			$height = $maxHeight;
-			$width /= $ratio;
-		}
-		if ($width > $maxWidth) {
-			$ratio = $width / $maxWidth;
-			$width = $maxWidth;
-			$height /= $ratio;
-		}
-
-		return [(int)round($width), (int)round($height)];
-	}
-
-	/**
-	 * @param ISimpleFolder $previewFolder
-	 * @param ISimpleFile $maxPreview
-	 * @param int $width
-	 * @param int $height
-	 * @param bool $crop
-	 * @param int $maxWidth
-	 * @param int $maxHeight
-	 * @param string $prefix
-	 * @return ISimpleFile
-	 * @throws NotFoundException
-	 * @throws \InvalidArgumentException if the preview would be invalid (in case the original image is invalid)
-	 */
-	private function generatePreview(ISimpleFolder $previewFolder, ISimpleFile $maxPreview, $width, $height, $crop, $maxWidth, $maxHeight, $prefix) {
-		$preview = $this->helper->getImage($maxPreview);
-
-		if (!$preview->valid()) {
-			throw new \InvalidArgumentException('Failed to generate preview, failed to load image');
-		}
-
-		if ($crop) {
-			if ($height !== $preview->height() && $width !== $preview->width()) {
-				//Resize
-				$widthR = $preview->width() / $width;
-				$heightR = $preview->height() / $height;
-
-				if ($widthR > $heightR) {
-					$scaleH = $height;
-					$scaleW = $maxWidth / $heightR;
-				} else {
-					$scaleH = $maxHeight / $widthR;
-					$scaleW = $width;
-				}
-				$preview->preciseResize((int)round($scaleW), (int)round($scaleH));
-			}
-			$cropX = (int)floor(abs($width - $preview->width()) * 0.5);
-			$cropY = (int)floor(abs($height - $preview->height()) * 0.5);
-			$preview->crop($cropX, $cropY, $width, $height);
-		} else {
-			$preview->resize(max($width, $height));
-		}
-
-
-		$path = $this->generatePath($width, $height, $crop, $preview->dataMimeType(), $prefix);
-		try {
-			$file = $previewFolder->newFile($path);
-			$file->putContent($preview->data());
-		} catch (NotPermittedException $e) {
-			throw new NotFoundException();
-		}
-
-		return $file;
-	}
-
-	/**
-	 * @param ISimpleFolder $previewFolder
-	 * @param int $width
-	 * @param int $height
-	 * @param bool $crop
-	 * @param string $mimeType
-	 * @param string $prefix
-	 * @return ISimpleFile
-	 *
-	 * @throws NotFoundException
-	 */
-	private function getCachedPreview(ISimpleFolder $previewFolder, $width, $height, $crop, $mimeType, $prefix) {
-		$path = $this->generatePath($width, $height, $crop, $mimeType, $prefix);
-
-		return $previewFolder->getFile($path);
-	}
-
-	/**
-	 * Get the specific preview folder for this file
-	 *
-	 * @param File $file
-	 * @return ISimpleFolder
-	 */
-	private function getPreviewFolder(File $file) {
-		try {
-			$folder = $this->appData->getFolder($file->getId());
-		} catch (NotFoundException $e) {
-			$folder = $this->appData->newFolder($file->getId());
-		}
-
-		return $folder;
-	}
-
-	/**
-	 * @param string $mimeType
-	 * @return null|string
-	 * @throws \InvalidArgumentException
-	 */
-	private function getExtention($mimeType) {
-		switch ($mimeType) {
-			case 'image/png':
-				return 'png';
-			case 'image/jpeg':
-				return 'jpg';
-			case 'image/gif':
-				return 'gif';
-			default:
-				throw new \InvalidArgumentException('Not a valid mimetype');
-		}
-	}
+        if ($height > $maxHeight) {
+            $ratio = $height / $maxHeight;
+            $height = $maxHeight;
+            $width /= $ratio;
+        }
+        if ($width > $maxWidth) {
+            $ratio = $width / $maxWidth;
+            $width = $maxWidth;
+            $height /= $ratio;
+        }
+
+        return [(int)round($width), (int)round($height)];
+    }
+
+    /**
+     * @param ISimpleFolder $previewFolder
+     * @param ISimpleFile $maxPreview
+     * @param int $width
+     * @param int $height
+     * @param bool $crop
+     * @param int $maxWidth
+     * @param int $maxHeight
+     * @param string $prefix
+     * @return ISimpleFile
+     * @throws NotFoundException
+     * @throws \InvalidArgumentException if the preview would be invalid (in case the original image is invalid)
+     */
+    private function generatePreview(ISimpleFolder $previewFolder, ISimpleFile $maxPreview, $width, $height, $crop, $maxWidth, $maxHeight, $prefix) {
+        $preview = $this->helper->getImage($maxPreview);
+
+        if (!$preview->valid()) {
+            throw new \InvalidArgumentException('Failed to generate preview, failed to load image');
+        }
+
+        if ($crop) {
+            if ($height !== $preview->height() && $width !== $preview->width()) {
+                //Resize
+                $widthR = $preview->width() / $width;
+                $heightR = $preview->height() / $height;
+
+                if ($widthR > $heightR) {
+                    $scaleH = $height;
+                    $scaleW = $maxWidth / $heightR;
+                } else {
+                    $scaleH = $maxHeight / $widthR;
+                    $scaleW = $width;
+                }
+                $preview->preciseResize((int)round($scaleW), (int)round($scaleH));
+            }
+            $cropX = (int)floor(abs($width - $preview->width()) * 0.5);
+            $cropY = (int)floor(abs($height - $preview->height()) * 0.5);
+            $preview->crop($cropX, $cropY, $width, $height);
+        } else {
+            $preview->resize(max($width, $height));
+        }
+
+
+        $path = $this->generatePath($width, $height, $crop, $preview->dataMimeType(), $prefix);
+        try {
+            $file = $previewFolder->newFile($path);
+            $file->putContent($preview->data());
+        } catch (NotPermittedException $e) {
+            throw new NotFoundException();
+        }
+
+        return $file;
+    }
+
+    /**
+     * @param ISimpleFolder $previewFolder
+     * @param int $width
+     * @param int $height
+     * @param bool $crop
+     * @param string $mimeType
+     * @param string $prefix
+     * @return ISimpleFile
+     *
+     * @throws NotFoundException
+     */
+    private function getCachedPreview(ISimpleFolder $previewFolder, $width, $height, $crop, $mimeType, $prefix) {
+        $path = $this->generatePath($width, $height, $crop, $mimeType, $prefix);
+
+        return $previewFolder->getFile($path);
+    }
+
+    /**
+     * Get the specific preview folder for this file
+     *
+     * @param File $file
+     * @return ISimpleFolder
+     */
+    private function getPreviewFolder(File $file) {
+        try {
+            $folder = $this->appData->getFolder($file->getId());
+        } catch (NotFoundException $e) {
+            $folder = $this->appData->newFolder($file->getId());
+        }
+
+        return $folder;
+    }
+
+    /**
+     * @param string $mimeType
+     * @return null|string
+     * @throws \InvalidArgumentException
+     */
+    private function getExtention($mimeType) {
+        switch ($mimeType) {
+            case 'image/png':
+                return 'png';
+            case 'image/jpeg':
+                return 'jpg';
+            case 'image/gif':
+                return 'gif';
+            default:
+                throw new \InvalidArgumentException('Not a valid mimetype');
+        }
+    }
 }