nextcloud / server

apps/federation/lib/BackgroundJob/GetSharedSecret.php

Indentation +207 added lines, -207 removed lines

@@ -56,211 +56,211 @@
  */
 class GetSharedSecret extends Job {
 
-	/** @var IClient */
-	private $httpClient;
-
-	/** @var IJobList */
-	private $jobList;
-
-	/** @var IURLGenerator */
-	private $urlGenerator;
-
-	/** @var TrustedServers  */
-	private $trustedServers;
-
-	/** @var DbHandler */
-	private $dbHandler;
-
-	/** @var IDiscoveryService  */
-	private $ocsDiscoveryService;
-
-	/** @var ILogger */
-	private $logger;
-
-	/** @var ITimeFactory */
-	private $timeFactory;
-
-	/** @var bool */
-	protected $retainJob = false;
-
-	private $format = 'json';
-
-	private $defaultEndPoint = '/ocs/v2.php/apps/federation/api/v1/shared-secret';
-
-	/** @var  int  30 day = 2592000sec */
-	private $maxLifespan = 2592000;
-
-	/**
-	 * RequestSharedSecret constructor.
-	 *
-	 * @param IClientService $httpClientService
-	 * @param IURLGenerator $urlGenerator
-	 * @param IJobList $jobList
-	 * @param TrustedServers $trustedServers
-	 * @param ILogger $logger
-	 * @param DbHandler $dbHandler
-	 * @param IDiscoveryService $ocsDiscoveryService
-	 * @param ITimeFactory $timeFactory
-	 */
-	public function __construct(
-		IClientService $httpClientService,
-		IURLGenerator $urlGenerator,
-		IJobList $jobList,
-		TrustedServers $trustedServers,
-		ILogger $logger,
-		DbHandler $dbHandler,
-		IDiscoveryService $ocsDiscoveryService,
-		ITimeFactory $timeFactory
-	) {
-		$this->logger = $logger;
-		$this->httpClient = $httpClientService->newClient();
-		$this->jobList = $jobList;
-		$this->urlGenerator = $urlGenerator;
-		$this->dbHandler = $dbHandler;
-		$this->ocsDiscoveryService = $ocsDiscoveryService;
-		$this->trustedServers = $trustedServers;
-		$this->timeFactory = $timeFactory;
-	}
-
-	/**
-	 * run the job, then remove it from the joblist
-	 *
-	 * @param JobList $jobList
-	 * @param ILogger|null $logger
-	 */
-	public function execute($jobList, ILogger $logger = null) {
-		$target = $this->argument['url'];
-		// only execute if target is still in the list of trusted domains
-		if ($this->trustedServers->isTrustedServer($target)) {
-			$this->parentExecute($jobList, $logger);
-		}
-
-		$jobList->remove($this, $this->argument);
-
-		if ($this->retainJob) {
-			$this->reAddJob($this->argument);
-		}
-	}
-
-	/**
-	 * call execute() method of parent
-	 *
-	 * @param JobList $jobList
-	 * @param ILogger $logger
-	 */
-	protected function parentExecute($jobList, $logger = null) {
-		parent::execute($jobList, $logger);
-	}
-
-	protected function run($argument) {
-		$target = $argument['url'];
-		$created = isset($argument['created']) ? (int)$argument['created'] : $this->timeFactory->getTime();
-		$currentTime = $this->timeFactory->getTime();
-		$source = $this->urlGenerator->getAbsoluteURL('/');
-		$source = rtrim($source, '/');
-		$token = $argument['token'];
-
-		// kill job after 30 days of trying
-		$deadline = $currentTime - $this->maxLifespan;
-		if ($created < $deadline) {
-			$this->retainJob = false;
-			$this->trustedServers->setServerStatus($target,TrustedServers::STATUS_FAILURE);
-			return;
-		}
-
-		$endPoints = $this->ocsDiscoveryService->discover($target, 'FEDERATED_SHARING');
-		$endPoint = isset($endPoints['shared-secret']) ? $endPoints['shared-secret'] : $this->defaultEndPoint;
-
-		// make sure that we have a well formatted url
-		$url = rtrim($target, '/') . '/' . trim($endPoint, '/');
-
-		$result = null;
-		try {
-			$result = $this->httpClient->get(
-				$url,
-				[
-					'query' =>
-						[
-							'url' => $source,
-							'token' => $token,
-							'format' => $this->format
-						],
-					'timeout' => 3,
-					'connect_timeout' => 3,
-				]
-			);
-
-			$status = $result->getStatusCode();
-
-		} catch (ClientException $e) {
-			$status = $e->getCode();
-			if ($status === Http::STATUS_FORBIDDEN) {
-				$this->logger->info($target . ' refused to exchange a shared secret with you.', ['app' => 'federation']);
-			} else {
-				$this->logger->info($target . ' responded with a ' . $status . ' containing: ' . $e->getMessage(), ['app' => 'federation']);
-			}
-		} catch (RequestException $e) {
-			$status = -1; // There is no status code if we could not connect
-			$this->logger->logException($e, [
-				'message' => 'Could not connect to ' . $target,
-				'level' => \OCP\Util::INFO,
-				'app' => 'federation',
-			]);
-		} catch (RingException $e) {
-			$status = -1; // There is no status code if we could not connect
-			$this->logger->logException($e, [
-				'message' => 'Could not connect to ' . $target,
-				'level' => \OCP\Util::INFO,
-				'app' => 'federation',
-			]);
-		} catch (\Exception $e) {
-			$status = Http::STATUS_INTERNAL_SERVER_ERROR;
-			$this->logger->logException($e, ['app' => 'federation']);
-		}
-
-		// if we received a unexpected response we try again later
-		if (
-			$status !== Http::STATUS_OK
-			&& $status !== Http::STATUS_FORBIDDEN
-		) {
-			$this->retainJob = true;
-		}
-
-		if ($status === Http::STATUS_OK && $result instanceof IResponse) {
-			$body = $result->getBody();
-			$result = json_decode($body, true);
-			if (isset($result['ocs']['data']['sharedSecret'])) {
-				$this->trustedServers->addSharedSecret(
-						$target,
-						$result['ocs']['data']['sharedSecret']
-				);
-			} else {
-				$this->logger->error(
-						'remote server "' . $target . '"" does not return a valid shared secret. Received data: ' . $body,
-						['app' => 'federation']
-				);
-				$this->trustedServers->setServerStatus($target, TrustedServers::STATUS_FAILURE);
-			}
-		}
-
-	}
-
-	/**
-	 * re-add background job
-	 *
-	 * @param array $argument
-	 */
-	protected function reAddJob(array $argument) {
-		$url = $argument['url'];
-		$created = isset($argument['created']) ? (int)$argument['created'] : $this->timeFactory->getTime();
-		$token = $argument['token'];
-		$this->jobList->add(
-			GetSharedSecret::class,
-			[
-				'url' => $url,
-				'token' => $token,
-				'created' => $created
-			]
-		);
-	}
+    /** @var IClient */
+    private $httpClient;
+
+    /** @var IJobList */
+    private $jobList;
+
+    /** @var IURLGenerator */
+    private $urlGenerator;
+
+    /** @var TrustedServers  */
+    private $trustedServers;
+
+    /** @var DbHandler */
+    private $dbHandler;
+
+    /** @var IDiscoveryService  */
+    private $ocsDiscoveryService;
+
+    /** @var ILogger */
+    private $logger;
+
+    /** @var ITimeFactory */
+    private $timeFactory;
+
+    /** @var bool */
+    protected $retainJob = false;
+
+    private $format = 'json';
+
+    private $defaultEndPoint = '/ocs/v2.php/apps/federation/api/v1/shared-secret';
+
+    /** @var  int  30 day = 2592000sec */
+    private $maxLifespan = 2592000;
+
+    /**
+     * RequestSharedSecret constructor.
+     *
+     * @param IClientService $httpClientService
+     * @param IURLGenerator $urlGenerator
+     * @param IJobList $jobList
+     * @param TrustedServers $trustedServers
+     * @param ILogger $logger
+     * @param DbHandler $dbHandler
+     * @param IDiscoveryService $ocsDiscoveryService
+     * @param ITimeFactory $timeFactory
+     */
+    public function __construct(
+        IClientService $httpClientService,
+        IURLGenerator $urlGenerator,
+        IJobList $jobList,
+        TrustedServers $trustedServers,
+        ILogger $logger,
+        DbHandler $dbHandler,
+        IDiscoveryService $ocsDiscoveryService,
+        ITimeFactory $timeFactory
+    ) {
+        $this->logger = $logger;
+        $this->httpClient = $httpClientService->newClient();
+        $this->jobList = $jobList;
+        $this->urlGenerator = $urlGenerator;
+        $this->dbHandler = $dbHandler;
+        $this->ocsDiscoveryService = $ocsDiscoveryService;
+        $this->trustedServers = $trustedServers;
+        $this->timeFactory = $timeFactory;
+    }
+
+    /**
+     * run the job, then remove it from the joblist
+     *
+     * @param JobList $jobList
+     * @param ILogger|null $logger
+     */
+    public function execute($jobList, ILogger $logger = null) {
+        $target = $this->argument['url'];
+        // only execute if target is still in the list of trusted domains
+        if ($this->trustedServers->isTrustedServer($target)) {
+            $this->parentExecute($jobList, $logger);
+        }
+
+        $jobList->remove($this, $this->argument);
+
+        if ($this->retainJob) {
+            $this->reAddJob($this->argument);
+        }
+    }
+
+    /**
+     * call execute() method of parent
+     *
+     * @param JobList $jobList
+     * @param ILogger $logger
+     */
+    protected function parentExecute($jobList, $logger = null) {
+        parent::execute($jobList, $logger);
+    }
+
+    protected function run($argument) {
+        $target = $argument['url'];
+        $created = isset($argument['created']) ? (int)$argument['created'] : $this->timeFactory->getTime();
+        $currentTime = $this->timeFactory->getTime();
+        $source = $this->urlGenerator->getAbsoluteURL('/');
+        $source = rtrim($source, '/');
+        $token = $argument['token'];
+
+        // kill job after 30 days of trying
+        $deadline = $currentTime - $this->maxLifespan;
+        if ($created < $deadline) {
+            $this->retainJob = false;
+            $this->trustedServers->setServerStatus($target,TrustedServers::STATUS_FAILURE);
+            return;
+        }
+
+        $endPoints = $this->ocsDiscoveryService->discover($target, 'FEDERATED_SHARING');
+        $endPoint = isset($endPoints['shared-secret']) ? $endPoints['shared-secret'] : $this->defaultEndPoint;
+
+        // make sure that we have a well formatted url
+        $url = rtrim($target, '/') . '/' . trim($endPoint, '/');
+
+        $result = null;
+        try {
+            $result = $this->httpClient->get(
+                $url,
+                [
+                    'query' =>
+                        [
+                            'url' => $source,
+                            'token' => $token,
+                            'format' => $this->format
+                        ],
+                    'timeout' => 3,
+                    'connect_timeout' => 3,
+                ]
+            );
+
+            $status = $result->getStatusCode();
+
+        } catch (ClientException $e) {
+            $status = $e->getCode();
+            if ($status === Http::STATUS_FORBIDDEN) {
+                $this->logger->info($target . ' refused to exchange a shared secret with you.', ['app' => 'federation']);
+            } else {
+                $this->logger->info($target . ' responded with a ' . $status . ' containing: ' . $e->getMessage(), ['app' => 'federation']);
+            }
+        } catch (RequestException $e) {
+            $status = -1; // There is no status code if we could not connect
+            $this->logger->logException($e, [
+                'message' => 'Could not connect to ' . $target,
+                'level' => \OCP\Util::INFO,
+                'app' => 'federation',
+            ]);
+        } catch (RingException $e) {
+            $status = -1; // There is no status code if we could not connect
+            $this->logger->logException($e, [
+                'message' => 'Could not connect to ' . $target,
+                'level' => \OCP\Util::INFO,
+                'app' => 'federation',
+            ]);
+        } catch (\Exception $e) {
+            $status = Http::STATUS_INTERNAL_SERVER_ERROR;
+            $this->logger->logException($e, ['app' => 'federation']);
+        }
+
+        // if we received a unexpected response we try again later
+        if (
+            $status !== Http::STATUS_OK
+            && $status !== Http::STATUS_FORBIDDEN
+        ) {
+            $this->retainJob = true;
+        }
+
+        if ($status === Http::STATUS_OK && $result instanceof IResponse) {
+            $body = $result->getBody();
+            $result = json_decode($body, true);
+            if (isset($result['ocs']['data']['sharedSecret'])) {
+                $this->trustedServers->addSharedSecret(
+                        $target,
+                        $result['ocs']['data']['sharedSecret']
+                );
+            } else {
+                $this->logger->error(
+                        'remote server "' . $target . '"" does not return a valid shared secret. Received data: ' . $body,
+                        ['app' => 'federation']
+                );
+                $this->trustedServers->setServerStatus($target, TrustedServers::STATUS_FAILURE);
+            }
+        }
+
+    }
+
+    /**
+     * re-add background job
+     *
+     * @param array $argument
+     */
+    protected function reAddJob(array $argument) {
+        $url = $argument['url'];
+        $created = isset($argument['created']) ? (int)$argument['created'] : $this->timeFactory->getTime();
+        $token = $argument['token'];
+        $this->jobList->add(
+            GetSharedSecret::class,
+            [
+                'url' => $url,
+                'token' => $token,
+                'created' => $created
+            ]
+        );
+    }
 }

apps/federation/lib/Controller/OCSAuthAPIController.php

Indentation +161 added lines, -161 removed lines

@@ -49,165 +49,165 @@
  */
 class OCSAuthAPIController extends OCSController{
 
-	/** @var ISecureRandom  */
-	private $secureRandom;
-
-	/** @var IJobList */
-	private $jobList;
-
-	/** @var TrustedServers */
-	private $trustedServers;
-
-	/** @var DbHandler */
-	private $dbHandler;
-
-	/** @var ILogger */
-	private $logger;
-
-	/** @var ITimeFactory */
-	private $timeFactory;
-
-	/**
-	 * OCSAuthAPI constructor.
-	 *
-	 * @param string $appName
-	 * @param IRequest $request
-	 * @param ISecureRandom $secureRandom
-	 * @param IJobList $jobList
-	 * @param TrustedServers $trustedServers
-	 * @param DbHandler $dbHandler
-	 * @param ILogger $logger
-	 * @param ITimeFactory $timeFactory
-	 */
-	public function __construct(
-		$appName,
-		IRequest $request,
-		ISecureRandom $secureRandom,
-		IJobList $jobList,
-		TrustedServers $trustedServers,
-		DbHandler $dbHandler,
-		ILogger $logger,
-		ITimeFactory $timeFactory
-	) {
-		parent::__construct($appName, $request);
-
-		$this->secureRandom = $secureRandom;
-		$this->jobList = $jobList;
-		$this->trustedServers = $trustedServers;
-		$this->dbHandler = $dbHandler;
-		$this->logger = $logger;
-		$this->timeFactory = $timeFactory;
-	}
-
-	/**
-	 * @NoCSRFRequired
-	 * @PublicPage
-	 *
-	 * request received to ask remote server for a shared secret, for legacy end-points
-	 *
-	 * @param string $url
-	 * @param string $token
-	 * @return Http\DataResponse
-	 * @throws OCSForbiddenException
-	 */
-	public function requestSharedSecretLegacy($url, $token) {
-		return $this->requestSharedSecret($url, $token);
-	}
-
-
-	/**
-	 * @NoCSRFRequired
-	 * @PublicPage
-	 *
-	 * create shared secret and return it, for legacy end-points
-	 *
-	 * @param string $url
-	 * @param string $token
-	 * @return Http\DataResponse
-	 * @throws OCSForbiddenException
-	 */
-	public function getSharedSecretLegacy($url, $token) {
-		return $this->getSharedSecret($url, $token);
-	}
-
-	/**
-	 * @NoCSRFRequired
-	 * @PublicPage
-	 *
-	 * request received to ask remote server for a shared secret
-	 *
-	 * @param string $url
-	 * @param string $token
-	 * @return Http\DataResponse
-	 * @throws OCSForbiddenException
-	 */
-	public function requestSharedSecret($url, $token) {
-		if ($this->trustedServers->isTrustedServer($url) === false) {
-			$this->logger->error('remote server not trusted (' . $url . ') while requesting shared secret', ['app' => 'federation']);
-			throw new OCSForbiddenException();
-		}
-
-		// if both server initiated the exchange of the shared secret the greater
-		// token wins
-		$localToken = $this->dbHandler->getToken($url);
-		if (strcmp($localToken, $token) > 0) {
-			$this->logger->info(
-				'remote server (' . $url . ') presented lower token. We will initiate the exchange of the shared secret.',
-				['app' => 'federation']
-			);
-			throw new OCSForbiddenException();
-		}
-
-		$this->jobList->add(
-			'OCA\Federation\BackgroundJob\GetSharedSecret',
-			[
-				'url' => $url,
-				'token' => $token,
-				'created' => $this->timeFactory->getTime()
-			]
-		);
-
-		return new Http\DataResponse();
-	}
-
-	/**
-	 * @NoCSRFRequired
-	 * @PublicPage
-	 *
-	 * create shared secret and return it
-	 *
-	 * @param string $url
-	 * @param string $token
-	 * @return Http\DataResponse
-	 * @throws OCSForbiddenException
-	 */
-	public function getSharedSecret($url, $token) {
-
-		if ($this->trustedServers->isTrustedServer($url) === false) {
-			$this->logger->error('remote server not trusted (' . $url . ') while getting shared secret', ['app' => 'federation']);
-			throw new OCSForbiddenException();
-		}
-
-		if ($this->isValidToken($url, $token) === false) {
-			$expectedToken = $this->dbHandler->getToken($url);
-			$this->logger->error(
-				'remote server (' . $url . ') didn\'t send a valid token (got "' . $token . '" but expected "'. $expectedToken . '") while getting shared secret',
-				['app' => 'federation']
-			);
-			throw new OCSForbiddenException();
-		}
-
-		$sharedSecret = $this->secureRandom->generate(32);
-
-		$this->trustedServers->addSharedSecret($url, $sharedSecret);
-
-		return new Http\DataResponse([
-			'sharedSecret' => $sharedSecret
-		]);
-	}
-
-	protected function isValidToken($url, $token) {
-		$storedToken = $this->dbHandler->getToken($url);
-		return hash_equals($storedToken, $token);
-	}
+    /** @var ISecureRandom  */
+    private $secureRandom;
+
+    /** @var IJobList */
+    private $jobList;
+
+    /** @var TrustedServers */
+    private $trustedServers;
+
+    /** @var DbHandler */
+    private $dbHandler;
+
+    /** @var ILogger */
+    private $logger;
+
+    /** @var ITimeFactory */
+    private $timeFactory;
+
+    /**
+     * OCSAuthAPI constructor.
+     *
+     * @param string $appName
+     * @param IRequest $request
+     * @param ISecureRandom $secureRandom
+     * @param IJobList $jobList
+     * @param TrustedServers $trustedServers
+     * @param DbHandler $dbHandler
+     * @param ILogger $logger
+     * @param ITimeFactory $timeFactory
+     */
+    public function __construct(
+        $appName,
+        IRequest $request,
+        ISecureRandom $secureRandom,
+        IJobList $jobList,
+        TrustedServers $trustedServers,
+        DbHandler $dbHandler,
+        ILogger $logger,
+        ITimeFactory $timeFactory
+    ) {
+        parent::__construct($appName, $request);
+
+        $this->secureRandom = $secureRandom;
+        $this->jobList = $jobList;
+        $this->trustedServers = $trustedServers;
+        $this->dbHandler = $dbHandler;
+        $this->logger = $logger;
+        $this->timeFactory = $timeFactory;
+    }
+
+    /**
+     * @NoCSRFRequired
+     * @PublicPage
+     *
+     * request received to ask remote server for a shared secret, for legacy end-points
+     *
+     * @param string $url
+     * @param string $token
+     * @return Http\DataResponse
+     * @throws OCSForbiddenException
+     */
+    public function requestSharedSecretLegacy($url, $token) {
+        return $this->requestSharedSecret($url, $token);
+    }
+
+
+    /**
+     * @NoCSRFRequired
+     * @PublicPage
+     *
+     * create shared secret and return it, for legacy end-points
+     *
+     * @param string $url
+     * @param string $token
+     * @return Http\DataResponse
+     * @throws OCSForbiddenException
+     */
+    public function getSharedSecretLegacy($url, $token) {
+        return $this->getSharedSecret($url, $token);
+    }
+
+    /**
+     * @NoCSRFRequired
+     * @PublicPage
+     *
+     * request received to ask remote server for a shared secret
+     *
+     * @param string $url
+     * @param string $token
+     * @return Http\DataResponse
+     * @throws OCSForbiddenException
+     */
+    public function requestSharedSecret($url, $token) {
+        if ($this->trustedServers->isTrustedServer($url) === false) {
+            $this->logger->error('remote server not trusted (' . $url . ') while requesting shared secret', ['app' => 'federation']);
+            throw new OCSForbiddenException();
+        }
+
+        // if both server initiated the exchange of the shared secret the greater
+        // token wins
+        $localToken = $this->dbHandler->getToken($url);
+        if (strcmp($localToken, $token) > 0) {
+            $this->logger->info(
+                'remote server (' . $url . ') presented lower token. We will initiate the exchange of the shared secret.',
+                ['app' => 'federation']
+            );
+            throw new OCSForbiddenException();
+        }
+
+        $this->jobList->add(
+            'OCA\Federation\BackgroundJob\GetSharedSecret',
+            [
+                'url' => $url,
+                'token' => $token,
+                'created' => $this->timeFactory->getTime()
+            ]
+        );
+
+        return new Http\DataResponse();
+    }
+
+    /**
+     * @NoCSRFRequired
+     * @PublicPage
+     *
+     * create shared secret and return it
+     *
+     * @param string $url
+     * @param string $token
+     * @return Http\DataResponse
+     * @throws OCSForbiddenException
+     */
+    public function getSharedSecret($url, $token) {
+
+        if ($this->trustedServers->isTrustedServer($url) === false) {
+            $this->logger->error('remote server not trusted (' . $url . ') while getting shared secret', ['app' => 'federation']);
+            throw new OCSForbiddenException();
+        }
+
+        if ($this->isValidToken($url, $token) === false) {
+            $expectedToken = $this->dbHandler->getToken($url);
+            $this->logger->error(
+                'remote server (' . $url . ') didn\'t send a valid token (got "' . $token . '" but expected "'. $expectedToken . '") while getting shared secret',
+                ['app' => 'federation']
+            );
+            throw new OCSForbiddenException();
+        }
+
+        $sharedSecret = $this->secureRandom->generate(32);
+
+        $this->trustedServers->addSharedSecret($url, $sharedSecret);
+
+        return new Http\DataResponse([
+            'sharedSecret' => $sharedSecret
+        ]);
+    }
+
+    protected function isValidToken($url, $token) {
+        $storedToken = $this->dbHandler->getToken($url);
+        return hash_equals($storedToken, $token);
+    }
 }