nextcloud /
server
@@ -90,949 +90,949 @@ |
||
| 90 | 90 | * @package OC\User |
| 91 | 91 | */ |
| 92 | 92 | class Session implements IUserSession, Emitter { |
| 93 | - /** @var Manager $manager */ |
|
| 94 | - private $manager; |
|
| 95 | - |
|
| 96 | - /** @var ISession $session */ |
|
| 97 | - private $session; |
|
| 98 | - |
|
| 99 | - /** @var ITimeFactory */ |
|
| 100 | - private $timeFactory; |
|
| 101 | - |
|
| 102 | - /** @var IProvider */ |
|
| 103 | - private $tokenProvider; |
|
| 104 | - |
|
| 105 | - /** @var IConfig */ |
|
| 106 | - private $config; |
|
| 107 | - |
|
| 108 | - /** @var User $activeUser */ |
|
| 109 | - protected $activeUser; |
|
| 110 | - |
|
| 111 | - /** @var ISecureRandom */ |
|
| 112 | - private $random; |
|
| 113 | - |
|
| 114 | - /** @var ILockdownManager */ |
|
| 115 | - private $lockdownManager; |
|
| 116 | - |
|
| 117 | - private LoggerInterface $logger; |
|
| 118 | - /** @var IEventDispatcher */ |
|
| 119 | - private $dispatcher; |
|
| 120 | - |
|
| 121 | - public function __construct(Manager $manager, |
|
| 122 | - ISession $session, |
|
| 123 | - ITimeFactory $timeFactory, |
|
| 124 | - ?IProvider $tokenProvider, |
|
| 125 | - IConfig $config, |
|
| 126 | - ISecureRandom $random, |
|
| 127 | - ILockdownManager $lockdownManager, |
|
| 128 | - LoggerInterface $logger, |
|
| 129 | - IEventDispatcher $dispatcher |
|
| 130 | - ) { |
|
| 131 | - $this->manager = $manager; |
|
| 132 | - $this->session = $session; |
|
| 133 | - $this->timeFactory = $timeFactory; |
|
| 134 | - $this->tokenProvider = $tokenProvider; |
|
| 135 | - $this->config = $config; |
|
| 136 | - $this->random = $random; |
|
| 137 | - $this->lockdownManager = $lockdownManager; |
|
| 138 | - $this->logger = $logger; |
|
| 139 | - $this->dispatcher = $dispatcher; |
|
| 140 | - } |
|
| 141 | - |
|
| 142 | - /** |
|
| 143 | - * @param IProvider $provider |
|
| 144 | - */ |
|
| 145 | - public function setTokenProvider(IProvider $provider) { |
|
| 146 | - $this->tokenProvider = $provider; |
|
| 147 | - } |
|
| 148 | - |
|
| 149 | - /** |
|
| 150 | - * @param string $scope |
|
| 151 | - * @param string $method |
|
| 152 | - * @param callable $callback |
|
| 153 | - */ |
|
| 154 | - public function listen($scope, $method, callable $callback) { |
|
| 155 | - $this->manager->listen($scope, $method, $callback); |
|
| 156 | - } |
|
| 157 | - |
|
| 158 | - /** |
|
| 159 | - * @param string $scope optional |
|
| 160 | - * @param string $method optional |
|
| 161 | - * @param callable $callback optional |
|
| 162 | - */ |
|
| 163 | - public function removeListener($scope = null, $method = null, callable $callback = null) { |
|
| 164 | - $this->manager->removeListener($scope, $method, $callback); |
|
| 165 | - } |
|
| 166 | - |
|
| 167 | - /** |
|
| 168 | - * get the manager object |
|
| 169 | - * |
|
| 170 | - * @return Manager|PublicEmitter |
|
| 171 | - */ |
|
| 172 | - public function getManager() { |
|
| 173 | - return $this->manager; |
|
| 174 | - } |
|
| 175 | - |
|
| 176 | - /** |
|
| 177 | - * get the session object |
|
| 178 | - * |
|
| 179 | - * @return ISession |
|
| 180 | - */ |
|
| 181 | - public function getSession() { |
|
| 182 | - return $this->session; |
|
| 183 | - } |
|
| 184 | - |
|
| 185 | - /** |
|
| 186 | - * set the session object |
|
| 187 | - * |
|
| 188 | - * @param ISession $session |
|
| 189 | - */ |
|
| 190 | - public function setSession(ISession $session) { |
|
| 191 | - if ($this->session instanceof ISession) { |
|
| 192 | - $this->session->close(); |
|
| 193 | - } |
|
| 194 | - $this->session = $session; |
|
| 195 | - $this->activeUser = null; |
|
| 196 | - } |
|
| 197 | - |
|
| 198 | - /** |
|
| 199 | - * set the currently active user |
|
| 200 | - * |
|
| 201 | - * @param IUser|null $user |
|
| 202 | - */ |
|
| 203 | - public function setUser($user) { |
|
| 204 | - if (is_null($user)) { |
|
| 205 | - $this->session->remove('user_id'); |
|
| 206 | - } else { |
|
| 207 | - $this->session->set('user_id', $user->getUID()); |
|
| 208 | - } |
|
| 209 | - $this->activeUser = $user; |
|
| 210 | - } |
|
| 211 | - |
|
| 212 | - /** |
|
| 213 | - * get the current active user |
|
| 214 | - * |
|
| 215 | - * @return IUser|null Current user, otherwise null |
|
| 216 | - */ |
|
| 217 | - public function getUser() { |
|
| 218 | - // FIXME: This is a quick'n dirty work-around for the incognito mode as |
|
| 219 | - // described at https://github.com/owncloud/core/pull/12912#issuecomment-67391155 |
|
| 220 | - if (OC_User::isIncognitoMode()) { |
|
| 221 | - return null; |
|
| 222 | - } |
|
| 223 | - if (is_null($this->activeUser)) { |
|
| 224 | - $uid = $this->session->get('user_id'); |
|
| 225 | - if (is_null($uid)) { |
|
| 226 | - return null; |
|
| 227 | - } |
|
| 228 | - $this->activeUser = $this->manager->get($uid); |
|
| 229 | - if (is_null($this->activeUser)) { |
|
| 230 | - return null; |
|
| 231 | - } |
|
| 232 | - $this->validateSession(); |
|
| 233 | - } |
|
| 234 | - return $this->activeUser; |
|
| 235 | - } |
|
| 236 | - |
|
| 237 | - /** |
|
| 238 | - * Validate whether the current session is valid |
|
| 239 | - * |
|
| 240 | - * - For token-authenticated clients, the token validity is checked |
|
| 241 | - * - For browsers, the session token validity is checked |
|
| 242 | - */ |
|
| 243 | - protected function validateSession() { |
|
| 244 | - $token = null; |
|
| 245 | - $appPassword = $this->session->get('app_password'); |
|
| 246 | - |
|
| 247 | - if (is_null($appPassword)) { |
|
| 248 | - try { |
|
| 249 | - $token = $this->session->getId(); |
|
| 250 | - } catch (SessionNotAvailableException $ex) { |
|
| 251 | - return; |
|
| 252 | - } |
|
| 253 | - } else { |
|
| 254 | - $token = $appPassword; |
|
| 255 | - } |
|
| 256 | - |
|
| 257 | - if (!$this->validateToken($token)) { |
|
| 258 | - // Session was invalidated |
|
| 259 | - $this->logout(); |
|
| 260 | - } |
|
| 261 | - } |
|
| 262 | - |
|
| 263 | - /** |
|
| 264 | - * Checks whether the user is logged in |
|
| 265 | - * |
|
| 266 | - * @return bool if logged in |
|
| 267 | - */ |
|
| 268 | - public function isLoggedIn() { |
|
| 269 | - $user = $this->getUser(); |
|
| 270 | - if (is_null($user)) { |
|
| 271 | - return false; |
|
| 272 | - } |
|
| 273 | - |
|
| 274 | - return $user->isEnabled(); |
|
| 275 | - } |
|
| 276 | - |
|
| 277 | - /** |
|
| 278 | - * set the login name |
|
| 279 | - * |
|
| 280 | - * @param string|null $loginName for the logged in user |
|
| 281 | - */ |
|
| 282 | - public function setLoginName($loginName) { |
|
| 283 | - if (is_null($loginName)) { |
|
| 284 | - $this->session->remove('loginname'); |
|
| 285 | - } else { |
|
| 286 | - $this->session->set('loginname', $loginName); |
|
| 287 | - } |
|
| 288 | - } |
|
| 289 | - |
|
| 290 | - /** |
|
| 291 | - * Get the login name of the current user |
|
| 292 | - * |
|
| 293 | - * @return ?string |
|
| 294 | - */ |
|
| 295 | - public function getLoginName() { |
|
| 296 | - if ($this->activeUser) { |
|
| 297 | - return $this->session->get('loginname'); |
|
| 298 | - } |
|
| 299 | - |
|
| 300 | - $uid = $this->session->get('user_id'); |
|
| 301 | - if ($uid) { |
|
| 302 | - $this->activeUser = $this->manager->get($uid); |
|
| 303 | - return $this->session->get('loginname'); |
|
| 304 | - } |
|
| 305 | - |
|
| 306 | - return null; |
|
| 307 | - } |
|
| 308 | - |
|
| 309 | - /** |
|
| 310 | - * @return null|string |
|
| 311 | - */ |
|
| 312 | - public function getImpersonatingUserID(): ?string { |
|
| 313 | - return $this->session->get('oldUserId'); |
|
| 314 | - } |
|
| 315 | - |
|
| 316 | - public function setImpersonatingUserID(bool $useCurrentUser = true): void { |
|
| 317 | - if ($useCurrentUser === false) { |
|
| 318 | - $this->session->remove('oldUserId'); |
|
| 319 | - return; |
|
| 320 | - } |
|
| 321 | - |
|
| 322 | - $currentUser = $this->getUser(); |
|
| 323 | - |
|
| 324 | - if ($currentUser === null) { |
|
| 325 | - throw new \OC\User\NoUserException(); |
|
| 326 | - } |
|
| 327 | - $this->session->set('oldUserId', $currentUser->getUID()); |
|
| 328 | - } |
|
| 329 | - /** |
|
| 330 | - * set the token id |
|
| 331 | - * |
|
| 332 | - * @param int|null $token that was used to log in |
|
| 333 | - */ |
|
| 334 | - protected function setToken($token) { |
|
| 335 | - if ($token === null) { |
|
| 336 | - $this->session->remove('token-id'); |
|
| 337 | - } else { |
|
| 338 | - $this->session->set('token-id', $token); |
|
| 339 | - } |
|
| 340 | - } |
|
| 341 | - |
|
| 342 | - /** |
|
| 343 | - * try to log in with the provided credentials |
|
| 344 | - * |
|
| 345 | - * @param string $uid |
|
| 346 | - * @param string $password |
|
| 347 | - * @return boolean|null |
|
| 348 | - * @throws LoginException |
|
| 349 | - */ |
|
| 350 | - public function login($uid, $password) { |
|
| 351 | - $this->session->regenerateId(); |
|
| 352 | - if ($this->validateToken($password, $uid)) { |
|
| 353 | - return $this->loginWithToken($password); |
|
| 354 | - } |
|
| 355 | - return $this->loginWithPassword($uid, $password); |
|
| 356 | - } |
|
| 357 | - |
|
| 358 | - /** |
|
| 359 | - * @param IUser $user |
|
| 360 | - * @param array $loginDetails |
|
| 361 | - * @param bool $regenerateSessionId |
|
| 362 | - * @return true returns true if login successful or an exception otherwise |
|
| 363 | - * @throws LoginException |
|
| 364 | - */ |
|
| 365 | - public function completeLogin(IUser $user, array $loginDetails, $regenerateSessionId = true) { |
|
| 366 | - if (!$user->isEnabled()) { |
|
| 367 | - // disabled users can not log in |
|
| 368 | - // injecting l10n does not work - there is a circular dependency between session and \OCP\L10N\IFactory |
|
| 369 | - $message = \OC::$server->getL10N('lib')->t('User disabled'); |
|
| 370 | - throw new LoginException($message); |
|
| 371 | - } |
|
| 372 | - |
|
| 373 | - if ($regenerateSessionId) { |
|
| 374 | - $this->session->regenerateId(); |
|
| 375 | - $this->session->remove(Auth::DAV_AUTHENTICATED); |
|
| 376 | - } |
|
| 377 | - |
|
| 378 | - $this->setUser($user); |
|
| 379 | - $this->setLoginName($loginDetails['loginName']); |
|
| 380 | - |
|
| 381 | - $isToken = isset($loginDetails['token']) && $loginDetails['token'] instanceof IToken; |
|
| 382 | - if ($isToken) { |
|
| 383 | - $this->setToken($loginDetails['token']->getId()); |
|
| 384 | - $this->lockdownManager->setToken($loginDetails['token']); |
|
| 385 | - $firstTimeLogin = false; |
|
| 386 | - } else { |
|
| 387 | - $this->setToken(null); |
|
| 388 | - $firstTimeLogin = $user->updateLastLoginTimestamp(); |
|
| 389 | - } |
|
| 390 | - |
|
| 391 | - $this->dispatcher->dispatchTyped(new PostLoginEvent( |
|
| 392 | - $user, |
|
| 393 | - $loginDetails['loginName'], |
|
| 394 | - $loginDetails['password'], |
|
| 395 | - $isToken |
|
| 396 | - )); |
|
| 397 | - $this->manager->emit('\OC\User', 'postLogin', [ |
|
| 398 | - $user, |
|
| 399 | - $loginDetails['loginName'], |
|
| 400 | - $loginDetails['password'], |
|
| 401 | - $isToken, |
|
| 402 | - ]); |
|
| 403 | - if ($this->isLoggedIn()) { |
|
| 404 | - $this->prepareUserLogin($firstTimeLogin, $regenerateSessionId); |
|
| 405 | - return true; |
|
| 406 | - } |
|
| 407 | - |
|
| 408 | - $message = \OC::$server->getL10N('lib')->t('Login canceled by app'); |
|
| 409 | - throw new LoginException($message); |
|
| 410 | - } |
|
| 411 | - |
|
| 412 | - /** |
|
| 413 | - * Tries to log in a client |
|
| 414 | - * |
|
| 415 | - * Checks token auth enforced |
|
| 416 | - * Checks 2FA enabled |
|
| 417 | - * |
|
| 418 | - * @param string $user |
|
| 419 | - * @param string $password |
|
| 420 | - * @param IRequest $request |
|
| 421 | - * @param OC\Security\Bruteforce\Throttler $throttler |
|
| 422 | - * @throws LoginException |
|
| 423 | - * @throws PasswordLoginForbiddenException |
|
| 424 | - * @return boolean |
|
| 425 | - */ |
|
| 426 | - public function logClientIn($user, |
|
| 427 | - $password, |
|
| 428 | - IRequest $request, |
|
| 429 | - OC\Security\Bruteforce\Throttler $throttler) { |
|
| 430 | - $remoteAddress = $request->getRemoteAddress(); |
|
| 431 | - $currentDelay = $throttler->sleepDelayOrThrowOnMax($remoteAddress, 'login'); |
|
| 432 | - |
|
| 433 | - if ($this->manager instanceof PublicEmitter) { |
|
| 434 | - $this->manager->emit('\OC\User', 'preLogin', [$user, $password]); |
|
| 435 | - } |
|
| 436 | - |
|
| 437 | - try { |
|
| 438 | - $isTokenPassword = $this->isTokenPassword($password); |
|
| 439 | - } catch (ExpiredTokenException $e) { |
|
| 440 | - // Just return on an expired token no need to check further or record a failed login |
|
| 441 | - return false; |
|
| 442 | - } |
|
| 443 | - |
|
| 444 | - if (!$isTokenPassword && $this->isTokenAuthEnforced()) { |
|
| 445 | - throw new PasswordLoginForbiddenException(); |
|
| 446 | - } |
|
| 447 | - if (!$isTokenPassword && $this->isTwoFactorEnforced($user)) { |
|
| 448 | - throw new PasswordLoginForbiddenException(); |
|
| 449 | - } |
|
| 450 | - |
|
| 451 | - // Try to login with this username and password |
|
| 452 | - if (!$this->login($user, $password)) { |
|
| 453 | - // Failed, maybe the user used their email address |
|
| 454 | - if (!filter_var($user, FILTER_VALIDATE_EMAIL)) { |
|
| 455 | - $this->handleLoginFailed($throttler, $currentDelay, $remoteAddress, $user, $password); |
|
| 456 | - return false; |
|
| 457 | - } |
|
| 458 | - $users = $this->manager->getByEmail($user); |
|
| 459 | - if (!(\count($users) === 1 && $this->login($users[0]->getUID(), $password))) { |
|
| 460 | - $this->handleLoginFailed($throttler, $currentDelay, $remoteAddress, $user, $password); |
|
| 461 | - return false; |
|
| 462 | - } |
|
| 463 | - } |
|
| 464 | - |
|
| 465 | - if ($isTokenPassword) { |
|
| 466 | - $this->session->set('app_password', $password); |
|
| 467 | - } elseif ($this->supportsCookies($request)) { |
|
| 468 | - // Password login, but cookies supported -> create (browser) session token |
|
| 469 | - $this->createSessionToken($request, $this->getUser()->getUID(), $user, $password); |
|
| 470 | - } |
|
| 471 | - |
|
| 472 | - return true; |
|
| 473 | - } |
|
| 474 | - |
|
| 475 | - private function handleLoginFailed(IThrottler $throttler, int $currentDelay, string $remoteAddress, string $user, ?string $password) { |
|
| 476 | - $this->logger->warning("Login failed: '" . $user . "' (Remote IP: '" . $remoteAddress . "')", ['app' => 'core']); |
|
| 477 | - |
|
| 478 | - $throttler->registerAttempt('login', $remoteAddress, ['user' => $user]); |
|
| 479 | - $this->dispatcher->dispatchTyped(new OC\Authentication\Events\LoginFailed($user, $password)); |
|
| 480 | - |
|
| 481 | - if ($currentDelay === 0) { |
|
| 482 | - $throttler->sleepDelayOrThrowOnMax($remoteAddress, 'login'); |
|
| 483 | - } |
|
| 484 | - } |
|
| 485 | - |
|
| 486 | - protected function supportsCookies(IRequest $request) { |
|
| 487 | - if (!is_null($request->getCookie('cookie_test'))) { |
|
| 488 | - return true; |
|
| 489 | - } |
|
| 490 | - setcookie('cookie_test', 'test', $this->timeFactory->getTime() + 3600); |
|
| 491 | - return false; |
|
| 492 | - } |
|
| 493 | - |
|
| 494 | - private function isTokenAuthEnforced(): bool { |
|
| 495 | - return $this->config->getSystemValueBool('token_auth_enforced', false); |
|
| 496 | - } |
|
| 497 | - |
|
| 498 | - protected function isTwoFactorEnforced($username) { |
|
| 499 | - Util::emitHook( |
|
| 500 | - '\OCA\Files_Sharing\API\Server2Server', |
|
| 501 | - 'preLoginNameUsedAsUserName', |
|
| 502 | - ['uid' => &$username] |
|
| 503 | - ); |
|
| 504 | - $user = $this->manager->get($username); |
|
| 505 | - if (is_null($user)) { |
|
| 506 | - $users = $this->manager->getByEmail($username); |
|
| 507 | - if (empty($users)) { |
|
| 508 | - return false; |
|
| 509 | - } |
|
| 510 | - if (count($users) !== 1) { |
|
| 511 | - return true; |
|
| 512 | - } |
|
| 513 | - $user = $users[0]; |
|
| 514 | - } |
|
| 515 | - // DI not possible due to cyclic dependencies :'-/ |
|
| 516 | - return OC::$server->getTwoFactorAuthManager()->isTwoFactorAuthenticated($user); |
|
| 517 | - } |
|
| 518 | - |
|
| 519 | - /** |
|
| 520 | - * Check if the given 'password' is actually a device token |
|
| 521 | - * |
|
| 522 | - * @param string $password |
|
| 523 | - * @return boolean |
|
| 524 | - * @throws ExpiredTokenException |
|
| 525 | - */ |
|
| 526 | - public function isTokenPassword($password) { |
|
| 527 | - try { |
|
| 528 | - $this->tokenProvider->getToken($password); |
|
| 529 | - return true; |
|
| 530 | - } catch (ExpiredTokenException $e) { |
|
| 531 | - throw $e; |
|
| 532 | - } catch (InvalidTokenException $ex) { |
|
| 533 | - $this->logger->debug('Token is not valid: ' . $ex->getMessage(), [ |
|
| 534 | - 'exception' => $ex, |
|
| 535 | - ]); |
|
| 536 | - return false; |
|
| 537 | - } |
|
| 538 | - } |
|
| 539 | - |
|
| 540 | - protected function prepareUserLogin($firstTimeLogin, $refreshCsrfToken = true) { |
|
| 541 | - if ($refreshCsrfToken) { |
|
| 542 | - // TODO: mock/inject/use non-static |
|
| 543 | - // Refresh the token |
|
| 544 | - \OC::$server->getCsrfTokenManager()->refreshToken(); |
|
| 545 | - } |
|
| 546 | - |
|
| 547 | - if ($firstTimeLogin) { |
|
| 548 | - //we need to pass the user name, which may differ from login name |
|
| 549 | - $user = $this->getUser()->getUID(); |
|
| 550 | - OC_Util::setupFS($user); |
|
| 551 | - |
|
| 552 | - // TODO: lock necessary? |
|
| 553 | - //trigger creation of user home and /files folder |
|
| 554 | - $userFolder = \OC::$server->getUserFolder($user); |
|
| 555 | - |
|
| 556 | - try { |
|
| 557 | - // copy skeleton |
|
| 558 | - \OC_Util::copySkeleton($user, $userFolder); |
|
| 559 | - } catch (NotPermittedException $ex) { |
|
| 560 | - // read only uses |
|
| 561 | - } |
|
| 562 | - |
|
| 563 | - // trigger any other initialization |
|
| 564 | - \OC::$server->getEventDispatcher()->dispatch(IUser::class . '::firstLogin', new GenericEvent($this->getUser())); |
|
| 565 | - } |
|
| 566 | - } |
|
| 567 | - |
|
| 568 | - /** |
|
| 569 | - * Tries to login the user with HTTP Basic Authentication |
|
| 570 | - * |
|
| 571 | - * @todo do not allow basic auth if the user is 2FA enforced |
|
| 572 | - * @param IRequest $request |
|
| 573 | - * @param OC\Security\Bruteforce\Throttler $throttler |
|
| 574 | - * @return boolean if the login was successful |
|
| 575 | - */ |
|
| 576 | - public function tryBasicAuthLogin(IRequest $request, |
|
| 577 | - OC\Security\Bruteforce\Throttler $throttler) { |
|
| 578 | - if (!empty($request->server['PHP_AUTH_USER']) && !empty($request->server['PHP_AUTH_PW'])) { |
|
| 579 | - try { |
|
| 580 | - if ($this->logClientIn($request->server['PHP_AUTH_USER'], $request->server['PHP_AUTH_PW'], $request, $throttler)) { |
|
| 581 | - /** |
|
| 582 | - * Add DAV authenticated. This should in an ideal world not be |
|
| 583 | - * necessary but the iOS App reads cookies from anywhere instead |
|
| 584 | - * only the DAV endpoint. |
|
| 585 | - * This makes sure that the cookies will be valid for the whole scope |
|
| 586 | - * @see https://github.com/owncloud/core/issues/22893 |
|
| 587 | - */ |
|
| 588 | - $this->session->set( |
|
| 589 | - Auth::DAV_AUTHENTICATED, $this->getUser()->getUID() |
|
| 590 | - ); |
|
| 591 | - |
|
| 592 | - // Set the last-password-confirm session to make the sudo mode work |
|
| 593 | - $this->session->set('last-password-confirm', $this->timeFactory->getTime()); |
|
| 594 | - |
|
| 595 | - return true; |
|
| 596 | - } |
|
| 597 | - // If credentials were provided, they need to be valid, otherwise we do boom |
|
| 598 | - throw new LoginException(); |
|
| 599 | - } catch (PasswordLoginForbiddenException $ex) { |
|
| 600 | - // Nothing to do |
|
| 601 | - } |
|
| 602 | - } |
|
| 603 | - return false; |
|
| 604 | - } |
|
| 605 | - |
|
| 606 | - /** |
|
| 607 | - * Log an user in via login name and password |
|
| 608 | - * |
|
| 609 | - * @param string $uid |
|
| 610 | - * @param string $password |
|
| 611 | - * @return boolean |
|
| 612 | - * @throws LoginException if an app canceld the login process or the user is not enabled |
|
| 613 | - */ |
|
| 614 | - private function loginWithPassword($uid, $password) { |
|
| 615 | - $user = $this->manager->checkPasswordNoLogging($uid, $password); |
|
| 616 | - if ($user === false) { |
|
| 617 | - // Password check failed |
|
| 618 | - return false; |
|
| 619 | - } |
|
| 620 | - |
|
| 621 | - return $this->completeLogin($user, ['loginName' => $uid, 'password' => $password], false); |
|
| 622 | - } |
|
| 623 | - |
|
| 624 | - /** |
|
| 625 | - * Log an user in with a given token (id) |
|
| 626 | - * |
|
| 627 | - * @param string $token |
|
| 628 | - * @return boolean |
|
| 629 | - * @throws LoginException if an app canceled the login process or the user is not enabled |
|
| 630 | - */ |
|
| 631 | - private function loginWithToken($token) { |
|
| 632 | - try { |
|
| 633 | - $dbToken = $this->tokenProvider->getToken($token); |
|
| 634 | - } catch (InvalidTokenException $ex) { |
|
| 635 | - return false; |
|
| 636 | - } |
|
| 637 | - $uid = $dbToken->getUID(); |
|
| 638 | - |
|
| 639 | - // When logging in with token, the password must be decrypted first before passing to login hook |
|
| 640 | - $password = ''; |
|
| 641 | - try { |
|
| 642 | - $password = $this->tokenProvider->getPassword($dbToken, $token); |
|
| 643 | - } catch (PasswordlessTokenException $ex) { |
|
| 644 | - // Ignore and use empty string instead |
|
| 645 | - } |
|
| 646 | - |
|
| 647 | - $this->manager->emit('\OC\User', 'preLogin', [$dbToken->getLoginName(), $password]); |
|
| 648 | - |
|
| 649 | - $user = $this->manager->get($uid); |
|
| 650 | - if (is_null($user)) { |
|
| 651 | - // user does not exist |
|
| 652 | - return false; |
|
| 653 | - } |
|
| 654 | - |
|
| 655 | - return $this->completeLogin( |
|
| 656 | - $user, |
|
| 657 | - [ |
|
| 658 | - 'loginName' => $dbToken->getLoginName(), |
|
| 659 | - 'password' => $password, |
|
| 660 | - 'token' => $dbToken |
|
| 661 | - ], |
|
| 662 | - false); |
|
| 663 | - } |
|
| 664 | - |
|
| 665 | - /** |
|
| 666 | - * Create a new session token for the given user credentials |
|
| 667 | - * |
|
| 668 | - * @param IRequest $request |
|
| 669 | - * @param string $uid user UID |
|
| 670 | - * @param string $loginName login name |
|
| 671 | - * @param string $password |
|
| 672 | - * @param int $remember |
|
| 673 | - * @return boolean |
|
| 674 | - */ |
|
| 675 | - public function createSessionToken(IRequest $request, $uid, $loginName, $password = null, $remember = IToken::DO_NOT_REMEMBER) { |
|
| 676 | - if (is_null($this->manager->get($uid))) { |
|
| 677 | - // User does not exist |
|
| 678 | - return false; |
|
| 679 | - } |
|
| 680 | - $name = isset($request->server['HTTP_USER_AGENT']) ? mb_convert_encoding($request->server['HTTP_USER_AGENT'], 'UTF-8', 'ISO-8859-1') : 'unknown browser'; |
|
| 681 | - try { |
|
| 682 | - $sessionId = $this->session->getId(); |
|
| 683 | - $pwd = $this->getPassword($password); |
|
| 684 | - // Make sure the current sessionId has no leftover tokens |
|
| 685 | - $this->tokenProvider->invalidateToken($sessionId); |
|
| 686 | - $this->tokenProvider->generateToken($sessionId, $uid, $loginName, $pwd, $name, IToken::TEMPORARY_TOKEN, $remember); |
|
| 687 | - return true; |
|
| 688 | - } catch (SessionNotAvailableException $ex) { |
|
| 689 | - // This can happen with OCC, where a memory session is used |
|
| 690 | - // if a memory session is used, we shouldn't create a session token anyway |
|
| 691 | - return false; |
|
| 692 | - } |
|
| 693 | - } |
|
| 694 | - |
|
| 695 | - /** |
|
| 696 | - * Checks if the given password is a token. |
|
| 697 | - * If yes, the password is extracted from the token. |
|
| 698 | - * If no, the same password is returned. |
|
| 699 | - * |
|
| 700 | - * @param string $password either the login password or a device token |
|
| 701 | - * @return string|null the password or null if none was set in the token |
|
| 702 | - */ |
|
| 703 | - private function getPassword($password) { |
|
| 704 | - if (is_null($password)) { |
|
| 705 | - // This is surely no token ;-) |
|
| 706 | - return null; |
|
| 707 | - } |
|
| 708 | - try { |
|
| 709 | - $token = $this->tokenProvider->getToken($password); |
|
| 710 | - try { |
|
| 711 | - return $this->tokenProvider->getPassword($token, $password); |
|
| 712 | - } catch (PasswordlessTokenException $ex) { |
|
| 713 | - return null; |
|
| 714 | - } |
|
| 715 | - } catch (InvalidTokenException $ex) { |
|
| 716 | - return $password; |
|
| 717 | - } |
|
| 718 | - } |
|
| 719 | - |
|
| 720 | - /** |
|
| 721 | - * @param IToken $dbToken |
|
| 722 | - * @param string $token |
|
| 723 | - * @return boolean |
|
| 724 | - */ |
|
| 725 | - private function checkTokenCredentials(IToken $dbToken, $token) { |
|
| 726 | - // Check whether login credentials are still valid and the user was not disabled |
|
| 727 | - // This check is performed each 5 minutes |
|
| 728 | - $lastCheck = $dbToken->getLastCheck() ? : 0; |
|
| 729 | - $now = $this->timeFactory->getTime(); |
|
| 730 | - if ($lastCheck > ($now - 60 * 5)) { |
|
| 731 | - // Checked performed recently, nothing to do now |
|
| 732 | - return true; |
|
| 733 | - } |
|
| 734 | - |
|
| 735 | - try { |
|
| 736 | - $pwd = $this->tokenProvider->getPassword($dbToken, $token); |
|
| 737 | - } catch (InvalidTokenException $ex) { |
|
| 738 | - // An invalid token password was used -> log user out |
|
| 739 | - return false; |
|
| 740 | - } catch (PasswordlessTokenException $ex) { |
|
| 741 | - // Token has no password |
|
| 742 | - |
|
| 743 | - if (!is_null($this->activeUser) && !$this->activeUser->isEnabled()) { |
|
| 744 | - $this->tokenProvider->invalidateToken($token); |
|
| 745 | - return false; |
|
| 746 | - } |
|
| 747 | - |
|
| 748 | - $dbToken->setLastCheck($now); |
|
| 749 | - $this->tokenProvider->updateToken($dbToken); |
|
| 750 | - return true; |
|
| 751 | - } |
|
| 752 | - |
|
| 753 | - // Invalidate token if the user is no longer active |
|
| 754 | - if (!is_null($this->activeUser) && !$this->activeUser->isEnabled()) { |
|
| 755 | - $this->tokenProvider->invalidateToken($token); |
|
| 756 | - return false; |
|
| 757 | - } |
|
| 758 | - |
|
| 759 | - // If the token password is no longer valid mark it as such |
|
| 760 | - if ($this->manager->checkPassword($dbToken->getLoginName(), $pwd) === false) { |
|
| 761 | - $this->tokenProvider->markPasswordInvalid($dbToken, $token); |
|
| 762 | - // User is logged out |
|
| 763 | - return false; |
|
| 764 | - } |
|
| 765 | - |
|
| 766 | - $dbToken->setLastCheck($now); |
|
| 767 | - $this->tokenProvider->updateToken($dbToken); |
|
| 768 | - return true; |
|
| 769 | - } |
|
| 770 | - |
|
| 771 | - /** |
|
| 772 | - * Check if the given token exists and performs password/user-enabled checks |
|
| 773 | - * |
|
| 774 | - * Invalidates the token if checks fail |
|
| 775 | - * |
|
| 776 | - * @param string $token |
|
| 777 | - * @param string $user login name |
|
| 778 | - * @return boolean |
|
| 779 | - */ |
|
| 780 | - private function validateToken($token, $user = null) { |
|
| 781 | - try { |
|
| 782 | - $dbToken = $this->tokenProvider->getToken($token); |
|
| 783 | - } catch (InvalidTokenException $ex) { |
|
| 784 | - return false; |
|
| 785 | - } |
|
| 786 | - |
|
| 787 | - // Check if login names match |
|
| 788 | - if (!is_null($user) && $dbToken->getLoginName() !== $user) { |
|
| 789 | - // TODO: this makes it impossible to use different login names on browser and client |
|
| 790 | - // e.g. login by e-mail '[email protected]' on browser for generating the token will not |
|
| 791 | - // allow to use the client token with the login name 'user'. |
|
| 792 | - $this->logger->error('App token login name does not match', [ |
|
| 793 | - 'tokenLoginName' => $dbToken->getLoginName(), |
|
| 794 | - 'sessionLoginName' => $user, |
|
| 795 | - ]); |
|
| 796 | - |
|
| 797 | - return false; |
|
| 798 | - } |
|
| 799 | - |
|
| 800 | - if (!$this->checkTokenCredentials($dbToken, $token)) { |
|
| 801 | - return false; |
|
| 802 | - } |
|
| 803 | - |
|
| 804 | - // Update token scope |
|
| 805 | - $this->lockdownManager->setToken($dbToken); |
|
| 806 | - |
|
| 807 | - $this->tokenProvider->updateTokenActivity($dbToken); |
|
| 808 | - |
|
| 809 | - return true; |
|
| 810 | - } |
|
| 811 | - |
|
| 812 | - /** |
|
| 813 | - * Tries to login the user with auth token header |
|
| 814 | - * |
|
| 815 | - * @param IRequest $request |
|
| 816 | - * @todo check remember me cookie |
|
| 817 | - * @return boolean |
|
| 818 | - */ |
|
| 819 | - public function tryTokenLogin(IRequest $request) { |
|
| 820 | - $authHeader = $request->getHeader('Authorization'); |
|
| 821 | - if (str_starts_with($authHeader, 'Bearer ')) { |
|
| 822 | - $token = substr($authHeader, 7); |
|
| 823 | - } else { |
|
| 824 | - // No auth header, let's try session id |
|
| 825 | - try { |
|
| 826 | - $token = $this->session->getId(); |
|
| 827 | - } catch (SessionNotAvailableException $ex) { |
|
| 828 | - return false; |
|
| 829 | - } |
|
| 830 | - } |
|
| 831 | - |
|
| 832 | - if (!$this->loginWithToken($token)) { |
|
| 833 | - return false; |
|
| 834 | - } |
|
| 835 | - if (!$this->validateToken($token)) { |
|
| 836 | - return false; |
|
| 837 | - } |
|
| 838 | - |
|
| 839 | - try { |
|
| 840 | - $dbToken = $this->tokenProvider->getToken($token); |
|
| 841 | - } catch (InvalidTokenException $e) { |
|
| 842 | - // Can't really happen but better save than sorry |
|
| 843 | - return true; |
|
| 844 | - } |
|
| 845 | - |
|
| 846 | - // Remember me tokens are not app_passwords |
|
| 847 | - if ($dbToken->getRemember() === IToken::DO_NOT_REMEMBER) { |
|
| 848 | - // Set the session variable so we know this is an app password |
|
| 849 | - $this->session->set('app_password', $token); |
|
| 850 | - } |
|
| 851 | - |
|
| 852 | - return true; |
|
| 853 | - } |
|
| 854 | - |
|
| 855 | - /** |
|
| 856 | - * perform login using the magic cookie (remember login) |
|
| 857 | - * |
|
| 858 | - * @param string $uid the username |
|
| 859 | - * @param string $currentToken |
|
| 860 | - * @param string $oldSessionId |
|
| 861 | - * @return bool |
|
| 862 | - */ |
|
| 863 | - public function loginWithCookie($uid, $currentToken, $oldSessionId) { |
|
| 864 | - $this->session->regenerateId(); |
|
| 865 | - $this->manager->emit('\OC\User', 'preRememberedLogin', [$uid]); |
|
| 866 | - $user = $this->manager->get($uid); |
|
| 867 | - if (is_null($user)) { |
|
| 868 | - // user does not exist |
|
| 869 | - return false; |
|
| 870 | - } |
|
| 871 | - |
|
| 872 | - // get stored tokens |
|
| 873 | - $tokens = $this->config->getUserKeys($uid, 'login_token'); |
|
| 874 | - // test cookies token against stored tokens |
|
| 875 | - if (!in_array($currentToken, $tokens, true)) { |
|
| 876 | - $this->logger->info('Tried to log in {uid} but could not verify token', [ |
|
| 877 | - 'app' => 'core', |
|
| 878 | - 'uid' => $uid, |
|
| 879 | - ]); |
|
| 880 | - return false; |
|
| 881 | - } |
|
| 882 | - // replace successfully used token with a new one |
|
| 883 | - $this->config->deleteUserValue($uid, 'login_token', $currentToken); |
|
| 884 | - $newToken = $this->random->generate(32); |
|
| 885 | - $this->config->setUserValue($uid, 'login_token', $newToken, (string)$this->timeFactory->getTime()); |
|
| 886 | - |
|
| 887 | - try { |
|
| 888 | - $sessionId = $this->session->getId(); |
|
| 889 | - $token = $this->tokenProvider->renewSessionToken($oldSessionId, $sessionId); |
|
| 890 | - } catch (SessionNotAvailableException $ex) { |
|
| 891 | - $this->logger->warning('Could not renew session token for {uid} because the session is unavailable', [ |
|
| 892 | - 'app' => 'core', |
|
| 893 | - 'uid' => $uid, |
|
| 894 | - ]); |
|
| 895 | - return false; |
|
| 896 | - } catch (InvalidTokenException $ex) { |
|
| 897 | - $this->logger->warning('Renewing session token failed', ['app' => 'core']); |
|
| 898 | - return false; |
|
| 899 | - } |
|
| 900 | - |
|
| 901 | - $this->setMagicInCookie($user->getUID(), $newToken); |
|
| 902 | - |
|
| 903 | - //login |
|
| 904 | - $this->setUser($user); |
|
| 905 | - $this->setLoginName($token->getLoginName()); |
|
| 906 | - $this->setToken($token->getId()); |
|
| 907 | - $this->lockdownManager->setToken($token); |
|
| 908 | - $user->updateLastLoginTimestamp(); |
|
| 909 | - $password = null; |
|
| 910 | - try { |
|
| 911 | - $password = $this->tokenProvider->getPassword($token, $sessionId); |
|
| 912 | - } catch (PasswordlessTokenException $ex) { |
|
| 913 | - // Ignore |
|
| 914 | - } |
|
| 915 | - $this->manager->emit('\OC\User', 'postRememberedLogin', [$user, $password]); |
|
| 916 | - return true; |
|
| 917 | - } |
|
| 918 | - |
|
| 919 | - /** |
|
| 920 | - * @param IUser $user |
|
| 921 | - */ |
|
| 922 | - public function createRememberMeToken(IUser $user) { |
|
| 923 | - $token = $this->random->generate(32); |
|
| 924 | - $this->config->setUserValue($user->getUID(), 'login_token', $token, (string)$this->timeFactory->getTime()); |
|
| 925 | - $this->setMagicInCookie($user->getUID(), $token); |
|
| 926 | - } |
|
| 927 | - |
|
| 928 | - /** |
|
| 929 | - * logout the user from the session |
|
| 930 | - */ |
|
| 931 | - public function logout() { |
|
| 932 | - $user = $this->getUser(); |
|
| 933 | - $this->manager->emit('\OC\User', 'logout', [$user]); |
|
| 934 | - if ($user !== null) { |
|
| 935 | - try { |
|
| 936 | - $this->tokenProvider->invalidateToken($this->session->getId()); |
|
| 937 | - } catch (SessionNotAvailableException $ex) { |
|
| 938 | - } |
|
| 939 | - } |
|
| 940 | - $this->setUser(null); |
|
| 941 | - $this->setLoginName(null); |
|
| 942 | - $this->setToken(null); |
|
| 943 | - $this->unsetMagicInCookie(); |
|
| 944 | - $this->session->clear(); |
|
| 945 | - $this->manager->emit('\OC\User', 'postLogout', [$user]); |
|
| 946 | - } |
|
| 947 | - |
|
| 948 | - /** |
|
| 949 | - * Set cookie value to use in next page load |
|
| 950 | - * |
|
| 951 | - * @param string $username username to be set |
|
| 952 | - * @param string $token |
|
| 953 | - */ |
|
| 954 | - public function setMagicInCookie($username, $token) { |
|
| 955 | - $secureCookie = OC::$server->getRequest()->getServerProtocol() === 'https'; |
|
| 956 | - $webRoot = \OC::$WEBROOT; |
|
| 957 | - if ($webRoot === '') { |
|
| 958 | - $webRoot = '/'; |
|
| 959 | - } |
|
| 960 | - |
|
| 961 | - $maxAge = $this->config->getSystemValueInt('remember_login_cookie_lifetime', 60 * 60 * 24 * 15); |
|
| 962 | - \OC\Http\CookieHelper::setCookie( |
|
| 963 | - 'nc_username', |
|
| 964 | - $username, |
|
| 965 | - $maxAge, |
|
| 966 | - $webRoot, |
|
| 967 | - '', |
|
| 968 | - $secureCookie, |
|
| 969 | - true, |
|
| 970 | - \OC\Http\CookieHelper::SAMESITE_LAX |
|
| 971 | - ); |
|
| 972 | - \OC\Http\CookieHelper::setCookie( |
|
| 973 | - 'nc_token', |
|
| 974 | - $token, |
|
| 975 | - $maxAge, |
|
| 976 | - $webRoot, |
|
| 977 | - '', |
|
| 978 | - $secureCookie, |
|
| 979 | - true, |
|
| 980 | - \OC\Http\CookieHelper::SAMESITE_LAX |
|
| 981 | - ); |
|
| 982 | - try { |
|
| 983 | - \OC\Http\CookieHelper::setCookie( |
|
| 984 | - 'nc_session_id', |
|
| 985 | - $this->session->getId(), |
|
| 986 | - $maxAge, |
|
| 987 | - $webRoot, |
|
| 988 | - '', |
|
| 989 | - $secureCookie, |
|
| 990 | - true, |
|
| 991 | - \OC\Http\CookieHelper::SAMESITE_LAX |
|
| 992 | - ); |
|
| 993 | - } catch (SessionNotAvailableException $ex) { |
|
| 994 | - // ignore |
|
| 995 | - } |
|
| 996 | - } |
|
| 997 | - |
|
| 998 | - /** |
|
| 999 | - * Remove cookie for "remember username" |
|
| 1000 | - */ |
|
| 1001 | - public function unsetMagicInCookie() { |
|
| 1002 | - //TODO: DI for cookies and IRequest |
|
| 1003 | - $secureCookie = OC::$server->getRequest()->getServerProtocol() === 'https'; |
|
| 1004 | - |
|
| 1005 | - unset($_COOKIE['nc_username']); //TODO: DI |
|
| 1006 | - unset($_COOKIE['nc_token']); |
|
| 1007 | - unset($_COOKIE['nc_session_id']); |
|
| 1008 | - setcookie('nc_username', '', $this->timeFactory->getTime() - 3600, OC::$WEBROOT, '', $secureCookie, true); |
|
| 1009 | - setcookie('nc_token', '', $this->timeFactory->getTime() - 3600, OC::$WEBROOT, '', $secureCookie, true); |
|
| 1010 | - setcookie('nc_session_id', '', $this->timeFactory->getTime() - 3600, OC::$WEBROOT, '', $secureCookie, true); |
|
| 1011 | - // old cookies might be stored under /webroot/ instead of /webroot |
|
| 1012 | - // and Firefox doesn't like it! |
|
| 1013 | - setcookie('nc_username', '', $this->timeFactory->getTime() - 3600, OC::$WEBROOT . '/', '', $secureCookie, true); |
|
| 1014 | - setcookie('nc_token', '', $this->timeFactory->getTime() - 3600, OC::$WEBROOT . '/', '', $secureCookie, true); |
|
| 1015 | - setcookie('nc_session_id', '', $this->timeFactory->getTime() - 3600, OC::$WEBROOT . '/', '', $secureCookie, true); |
|
| 1016 | - } |
|
| 1017 | - |
|
| 1018 | - /** |
|
| 1019 | - * Update password of the browser session token if there is one |
|
| 1020 | - * |
|
| 1021 | - * @param string $password |
|
| 1022 | - */ |
|
| 1023 | - public function updateSessionTokenPassword($password) { |
|
| 1024 | - try { |
|
| 1025 | - $sessionId = $this->session->getId(); |
|
| 1026 | - $token = $this->tokenProvider->getToken($sessionId); |
|
| 1027 | - $this->tokenProvider->setPassword($token, $sessionId, $password); |
|
| 1028 | - } catch (SessionNotAvailableException $ex) { |
|
| 1029 | - // Nothing to do |
|
| 1030 | - } catch (InvalidTokenException $ex) { |
|
| 1031 | - // Nothing to do |
|
| 1032 | - } |
|
| 1033 | - } |
|
| 1034 | - |
|
| 1035 | - public function updateTokens(string $uid, string $password) { |
|
| 1036 | - $this->tokenProvider->updatePasswords($uid, $password); |
|
| 1037 | - } |
|
| 93 | + /** @var Manager $manager */ |
|
| 94 | + private $manager; |
|
| 95 | + |
|
| 96 | + /** @var ISession $session */ |
|
| 97 | + private $session; |
|
| 98 | + |
|
| 99 | + /** @var ITimeFactory */ |
|
| 100 | + private $timeFactory; |
|
| 101 | + |
|
| 102 | + /** @var IProvider */ |
|
| 103 | + private $tokenProvider; |
|
| 104 | + |
|
| 105 | + /** @var IConfig */ |
|
| 106 | + private $config; |
|
| 107 | + |
|
| 108 | + /** @var User $activeUser */ |
|
| 109 | + protected $activeUser; |
|
| 110 | + |
|
| 111 | + /** @var ISecureRandom */ |
|
| 112 | + private $random; |
|
| 113 | + |
|
| 114 | + /** @var ILockdownManager */ |
|
| 115 | + private $lockdownManager; |
|
| 116 | + |
|
| 117 | + private LoggerInterface $logger; |
|
| 118 | + /** @var IEventDispatcher */ |
|
| 119 | + private $dispatcher; |
|
| 120 | + |
|
| 121 | + public function __construct(Manager $manager, |
|
| 122 | + ISession $session, |
|
| 123 | + ITimeFactory $timeFactory, |
|
| 124 | + ?IProvider $tokenProvider, |
|
| 125 | + IConfig $config, |
|
| 126 | + ISecureRandom $random, |
|
| 127 | + ILockdownManager $lockdownManager, |
|
| 128 | + LoggerInterface $logger, |
|
| 129 | + IEventDispatcher $dispatcher |
|
| 130 | + ) { |
|
| 131 | + $this->manager = $manager; |
|
| 132 | + $this->session = $session; |
|
| 133 | + $this->timeFactory = $timeFactory; |
|
| 134 | + $this->tokenProvider = $tokenProvider; |
|
| 135 | + $this->config = $config; |
|
| 136 | + $this->random = $random; |
|
| 137 | + $this->lockdownManager = $lockdownManager; |
|
| 138 | + $this->logger = $logger; |
|
| 139 | + $this->dispatcher = $dispatcher; |
|
| 140 | + } |
|
| 141 | + |
|
| 142 | + /** |
|
| 143 | + * @param IProvider $provider |
|
| 144 | + */ |
|
| 145 | + public function setTokenProvider(IProvider $provider) { |
|
| 146 | + $this->tokenProvider = $provider; |
|
| 147 | + } |
|
| 148 | + |
|
| 149 | + /** |
|
| 150 | + * @param string $scope |
|
| 151 | + * @param string $method |
|
| 152 | + * @param callable $callback |
|
| 153 | + */ |
|
| 154 | + public function listen($scope, $method, callable $callback) { |
|
| 155 | + $this->manager->listen($scope, $method, $callback); |
|
| 156 | + } |
|
| 157 | + |
|
| 158 | + /** |
|
| 159 | + * @param string $scope optional |
|
| 160 | + * @param string $method optional |
|
| 161 | + * @param callable $callback optional |
|
| 162 | + */ |
|
| 163 | + public function removeListener($scope = null, $method = null, callable $callback = null) { |
|
| 164 | + $this->manager->removeListener($scope, $method, $callback); |
|
| 165 | + } |
|
| 166 | + |
|
| 167 | + /** |
|
| 168 | + * get the manager object |
|
| 169 | + * |
|
| 170 | + * @return Manager|PublicEmitter |
|
| 171 | + */ |
|
| 172 | + public function getManager() { |
|
| 173 | + return $this->manager; |
|
| 174 | + } |
|
| 175 | + |
|
| 176 | + /** |
|
| 177 | + * get the session object |
|
| 178 | + * |
|
| 179 | + * @return ISession |
|
| 180 | + */ |
|
| 181 | + public function getSession() { |
|
| 182 | + return $this->session; |
|
| 183 | + } |
|
| 184 | + |
|
| 185 | + /** |
|
| 186 | + * set the session object |
|
| 187 | + * |
|
| 188 | + * @param ISession $session |
|
| 189 | + */ |
|
| 190 | + public function setSession(ISession $session) { |
|
| 191 | + if ($this->session instanceof ISession) { |
|
| 192 | + $this->session->close(); |
|
| 193 | + } |
|
| 194 | + $this->session = $session; |
|
| 195 | + $this->activeUser = null; |
|
| 196 | + } |
|
| 197 | + |
|
| 198 | + /** |
|
| 199 | + * set the currently active user |
|
| 200 | + * |
|
| 201 | + * @param IUser|null $user |
|
| 202 | + */ |
|
| 203 | + public function setUser($user) { |
|
| 204 | + if (is_null($user)) { |
|
| 205 | + $this->session->remove('user_id'); |
|
| 206 | + } else { |
|
| 207 | + $this->session->set('user_id', $user->getUID()); |
|
| 208 | + } |
|
| 209 | + $this->activeUser = $user; |
|
| 210 | + } |
|
| 211 | + |
|
| 212 | + /** |
|
| 213 | + * get the current active user |
|
| 214 | + * |
|
| 215 | + * @return IUser|null Current user, otherwise null |
|
| 216 | + */ |
|
| 217 | + public function getUser() { |
|
| 218 | + // FIXME: This is a quick'n dirty work-around for the incognito mode as |
|
| 219 | + // described at https://github.com/owncloud/core/pull/12912#issuecomment-67391155 |
|
| 220 | + if (OC_User::isIncognitoMode()) { |
|
| 221 | + return null; |
|
| 222 | + } |
|
| 223 | + if (is_null($this->activeUser)) { |
|
| 224 | + $uid = $this->session->get('user_id'); |
|
| 225 | + if (is_null($uid)) { |
|
| 226 | + return null; |
|
| 227 | + } |
|
| 228 | + $this->activeUser = $this->manager->get($uid); |
|
| 229 | + if (is_null($this->activeUser)) { |
|
| 230 | + return null; |
|
| 231 | + } |
|
| 232 | + $this->validateSession(); |
|
| 233 | + } |
|
| 234 | + return $this->activeUser; |
|
| 235 | + } |
|
| 236 | + |
|
| 237 | + /** |
|
| 238 | + * Validate whether the current session is valid |
|
| 239 | + * |
|
| 240 | + * - For token-authenticated clients, the token validity is checked |
|
| 241 | + * - For browsers, the session token validity is checked |
|
| 242 | + */ |
|
| 243 | + protected function validateSession() { |
|
| 244 | + $token = null; |
|
| 245 | + $appPassword = $this->session->get('app_password'); |
|
| 246 | + |
|
| 247 | + if (is_null($appPassword)) { |
|
| 248 | + try { |
|
| 249 | + $token = $this->session->getId(); |
|
| 250 | + } catch (SessionNotAvailableException $ex) { |
|
| 251 | + return; |
|
| 252 | + } |
|
| 253 | + } else { |
|
| 254 | + $token = $appPassword; |
|
| 255 | + } |
|
| 256 | + |
|
| 257 | + if (!$this->validateToken($token)) { |
|
| 258 | + // Session was invalidated |
|
| 259 | + $this->logout(); |
|
| 260 | + } |
|
| 261 | + } |
|
| 262 | + |
|
| 263 | + /** |
|
| 264 | + * Checks whether the user is logged in |
|
| 265 | + * |
|
| 266 | + * @return bool if logged in |
|
| 267 | + */ |
|
| 268 | + public function isLoggedIn() { |
|
| 269 | + $user = $this->getUser(); |
|
| 270 | + if (is_null($user)) { |
|
| 271 | + return false; |
|
| 272 | + } |
|
| 273 | + |
|
| 274 | + return $user->isEnabled(); |
|
| 275 | + } |
|
| 276 | + |
|
| 277 | + /** |
|
| 278 | + * set the login name |
|
| 279 | + * |
|
| 280 | + * @param string|null $loginName for the logged in user |
|
| 281 | + */ |
|
| 282 | + public function setLoginName($loginName) { |
|
| 283 | + if (is_null($loginName)) { |
|
| 284 | + $this->session->remove('loginname'); |
|
| 285 | + } else { |
|
| 286 | + $this->session->set('loginname', $loginName); |
|
| 287 | + } |
|
| 288 | + } |
|
| 289 | + |
|
| 290 | + /** |
|
| 291 | + * Get the login name of the current user |
|
| 292 | + * |
|
| 293 | + * @return ?string |
|
| 294 | + */ |
|
| 295 | + public function getLoginName() { |
|
| 296 | + if ($this->activeUser) { |
|
| 297 | + return $this->session->get('loginname'); |
|
| 298 | + } |
|
| 299 | + |
|
| 300 | + $uid = $this->session->get('user_id'); |
|
| 301 | + if ($uid) { |
|
| 302 | + $this->activeUser = $this->manager->get($uid); |
|
| 303 | + return $this->session->get('loginname'); |
|
| 304 | + } |
|
| 305 | + |
|
| 306 | + return null; |
|
| 307 | + } |
|
| 308 | + |
|
| 309 | + /** |
|
| 310 | + * @return null|string |
|
| 311 | + */ |
|
| 312 | + public function getImpersonatingUserID(): ?string { |
|
| 313 | + return $this->session->get('oldUserId'); |
|
| 314 | + } |
|
| 315 | + |
|
| 316 | + public function setImpersonatingUserID(bool $useCurrentUser = true): void { |
|
| 317 | + if ($useCurrentUser === false) { |
|
| 318 | + $this->session->remove('oldUserId'); |
|
| 319 | + return; |
|
| 320 | + } |
|
| 321 | + |
|
| 322 | + $currentUser = $this->getUser(); |
|
| 323 | + |
|
| 324 | + if ($currentUser === null) { |
|
| 325 | + throw new \OC\User\NoUserException(); |
|
| 326 | + } |
|
| 327 | + $this->session->set('oldUserId', $currentUser->getUID()); |
|
| 328 | + } |
|
| 329 | + /** |
|
| 330 | + * set the token id |
|
| 331 | + * |
|
| 332 | + * @param int|null $token that was used to log in |
|
| 333 | + */ |
|
| 334 | + protected function setToken($token) { |
|
| 335 | + if ($token === null) { |
|
| 336 | + $this->session->remove('token-id'); |
|
| 337 | + } else { |
|
| 338 | + $this->session->set('token-id', $token); |
|
| 339 | + } |
|
| 340 | + } |
|
| 341 | + |
|
| 342 | + /** |
|
| 343 | + * try to log in with the provided credentials |
|
| 344 | + * |
|
| 345 | + * @param string $uid |
|
| 346 | + * @param string $password |
|
| 347 | + * @return boolean|null |
|
| 348 | + * @throws LoginException |
|
| 349 | + */ |
|
| 350 | + public function login($uid, $password) { |
|
| 351 | + $this->session->regenerateId(); |
|
| 352 | + if ($this->validateToken($password, $uid)) { |
|
| 353 | + return $this->loginWithToken($password); |
|
| 354 | + } |
|
| 355 | + return $this->loginWithPassword($uid, $password); |
|
| 356 | + } |
|
| 357 | + |
|
| 358 | + /** |
|
| 359 | + * @param IUser $user |
|
| 360 | + * @param array $loginDetails |
|
| 361 | + * @param bool $regenerateSessionId |
|
| 362 | + * @return true returns true if login successful or an exception otherwise |
|
| 363 | + * @throws LoginException |
|
| 364 | + */ |
|
| 365 | + public function completeLogin(IUser $user, array $loginDetails, $regenerateSessionId = true) { |
|
| 366 | + if (!$user->isEnabled()) { |
|
| 367 | + // disabled users can not log in |
|
| 368 | + // injecting l10n does not work - there is a circular dependency between session and \OCP\L10N\IFactory |
|
| 369 | + $message = \OC::$server->getL10N('lib')->t('User disabled'); |
|
| 370 | + throw new LoginException($message); |
|
| 371 | + } |
|
| 372 | + |
|
| 373 | + if ($regenerateSessionId) { |
|
| 374 | + $this->session->regenerateId(); |
|
| 375 | + $this->session->remove(Auth::DAV_AUTHENTICATED); |
|
| 376 | + } |
|
| 377 | + |
|
| 378 | + $this->setUser($user); |
|
| 379 | + $this->setLoginName($loginDetails['loginName']); |
|
| 380 | + |
|
| 381 | + $isToken = isset($loginDetails['token']) && $loginDetails['token'] instanceof IToken; |
|
| 382 | + if ($isToken) { |
|
| 383 | + $this->setToken($loginDetails['token']->getId()); |
|
| 384 | + $this->lockdownManager->setToken($loginDetails['token']); |
|
| 385 | + $firstTimeLogin = false; |
|
| 386 | + } else { |
|
| 387 | + $this->setToken(null); |
|
| 388 | + $firstTimeLogin = $user->updateLastLoginTimestamp(); |
|
| 389 | + } |
|
| 390 | + |
|
| 391 | + $this->dispatcher->dispatchTyped(new PostLoginEvent( |
|
| 392 | + $user, |
|
| 393 | + $loginDetails['loginName'], |
|
| 394 | + $loginDetails['password'], |
|
| 395 | + $isToken |
|
| 396 | + )); |
|
| 397 | + $this->manager->emit('\OC\User', 'postLogin', [ |
|
| 398 | + $user, |
|
| 399 | + $loginDetails['loginName'], |
|
| 400 | + $loginDetails['password'], |
|
| 401 | + $isToken, |
|
| 402 | + ]); |
|
| 403 | + if ($this->isLoggedIn()) { |
|
| 404 | + $this->prepareUserLogin($firstTimeLogin, $regenerateSessionId); |
|
| 405 | + return true; |
|
| 406 | + } |
|
| 407 | + |
|
| 408 | + $message = \OC::$server->getL10N('lib')->t('Login canceled by app'); |
|
| 409 | + throw new LoginException($message); |
|
| 410 | + } |
|
| 411 | + |
|
| 412 | + /** |
|
| 413 | + * Tries to log in a client |
|
| 414 | + * |
|
| 415 | + * Checks token auth enforced |
|
| 416 | + * Checks 2FA enabled |
|
| 417 | + * |
|
| 418 | + * @param string $user |
|
| 419 | + * @param string $password |
|
| 420 | + * @param IRequest $request |
|
| 421 | + * @param OC\Security\Bruteforce\Throttler $throttler |
|
| 422 | + * @throws LoginException |
|
| 423 | + * @throws PasswordLoginForbiddenException |
|
| 424 | + * @return boolean |
|
| 425 | + */ |
|
| 426 | + public function logClientIn($user, |
|
| 427 | + $password, |
|
| 428 | + IRequest $request, |
|
| 429 | + OC\Security\Bruteforce\Throttler $throttler) { |
|
| 430 | + $remoteAddress = $request->getRemoteAddress(); |
|
| 431 | + $currentDelay = $throttler->sleepDelayOrThrowOnMax($remoteAddress, 'login'); |
|
| 432 | + |
|
| 433 | + if ($this->manager instanceof PublicEmitter) { |
|
| 434 | + $this->manager->emit('\OC\User', 'preLogin', [$user, $password]); |
|
| 435 | + } |
|
| 436 | + |
|
| 437 | + try { |
|
| 438 | + $isTokenPassword = $this->isTokenPassword($password); |
|
| 439 | + } catch (ExpiredTokenException $e) { |
|
| 440 | + // Just return on an expired token no need to check further or record a failed login |
|
| 441 | + return false; |
|
| 442 | + } |
|
| 443 | + |
|
| 444 | + if (!$isTokenPassword && $this->isTokenAuthEnforced()) { |
|
| 445 | + throw new PasswordLoginForbiddenException(); |
|
| 446 | + } |
|
| 447 | + if (!$isTokenPassword && $this->isTwoFactorEnforced($user)) { |
|
| 448 | + throw new PasswordLoginForbiddenException(); |
|
| 449 | + } |
|
| 450 | + |
|
| 451 | + // Try to login with this username and password |
|
| 452 | + if (!$this->login($user, $password)) { |
|
| 453 | + // Failed, maybe the user used their email address |
|
| 454 | + if (!filter_var($user, FILTER_VALIDATE_EMAIL)) { |
|
| 455 | + $this->handleLoginFailed($throttler, $currentDelay, $remoteAddress, $user, $password); |
|
| 456 | + return false; |
|
| 457 | + } |
|
| 458 | + $users = $this->manager->getByEmail($user); |
|
| 459 | + if (!(\count($users) === 1 && $this->login($users[0]->getUID(), $password))) { |
|
| 460 | + $this->handleLoginFailed($throttler, $currentDelay, $remoteAddress, $user, $password); |
|
| 461 | + return false; |
|
| 462 | + } |
|
| 463 | + } |
|
| 464 | + |
|
| 465 | + if ($isTokenPassword) { |
|
| 466 | + $this->session->set('app_password', $password); |
|
| 467 | + } elseif ($this->supportsCookies($request)) { |
|
| 468 | + // Password login, but cookies supported -> create (browser) session token |
|
| 469 | + $this->createSessionToken($request, $this->getUser()->getUID(), $user, $password); |
|
| 470 | + } |
|
| 471 | + |
|
| 472 | + return true; |
|
| 473 | + } |
|
| 474 | + |
|
| 475 | + private function handleLoginFailed(IThrottler $throttler, int $currentDelay, string $remoteAddress, string $user, ?string $password) { |
|
| 476 | + $this->logger->warning("Login failed: '" . $user . "' (Remote IP: '" . $remoteAddress . "')", ['app' => 'core']); |
|
| 477 | + |
|
| 478 | + $throttler->registerAttempt('login', $remoteAddress, ['user' => $user]); |
|
| 479 | + $this->dispatcher->dispatchTyped(new OC\Authentication\Events\LoginFailed($user, $password)); |
|
| 480 | + |
|
| 481 | + if ($currentDelay === 0) { |
|
| 482 | + $throttler->sleepDelayOrThrowOnMax($remoteAddress, 'login'); |
|
| 483 | + } |
|
| 484 | + } |
|
| 485 | + |
|
| 486 | + protected function supportsCookies(IRequest $request) { |
|
| 487 | + if (!is_null($request->getCookie('cookie_test'))) { |
|
| 488 | + return true; |
|
| 489 | + } |
|
| 490 | + setcookie('cookie_test', 'test', $this->timeFactory->getTime() + 3600); |
|
| 491 | + return false; |
|
| 492 | + } |
|
| 493 | + |
|
| 494 | + private function isTokenAuthEnforced(): bool { |
|
| 495 | + return $this->config->getSystemValueBool('token_auth_enforced', false); |
|
| 496 | + } |
|
| 497 | + |
|
| 498 | + protected function isTwoFactorEnforced($username) { |
|
| 499 | + Util::emitHook( |
|
| 500 | + '\OCA\Files_Sharing\API\Server2Server', |
|
| 501 | + 'preLoginNameUsedAsUserName', |
|
| 502 | + ['uid' => &$username] |
|
| 503 | + ); |
|
| 504 | + $user = $this->manager->get($username); |
|
| 505 | + if (is_null($user)) { |
|
| 506 | + $users = $this->manager->getByEmail($username); |
|
| 507 | + if (empty($users)) { |
|
| 508 | + return false; |
|
| 509 | + } |
|
| 510 | + if (count($users) !== 1) { |
|
| 511 | + return true; |
|
| 512 | + } |
|
| 513 | + $user = $users[0]; |
|
| 514 | + } |
|
| 515 | + // DI not possible due to cyclic dependencies :'-/ |
|
| 516 | + return OC::$server->getTwoFactorAuthManager()->isTwoFactorAuthenticated($user); |
|
| 517 | + } |
|
| 518 | + |
|
| 519 | + /** |
|
| 520 | + * Check if the given 'password' is actually a device token |
|
| 521 | + * |
|
| 522 | + * @param string $password |
|
| 523 | + * @return boolean |
|
| 524 | + * @throws ExpiredTokenException |
|
| 525 | + */ |
|
| 526 | + public function isTokenPassword($password) { |
|
| 527 | + try { |
|
| 528 | + $this->tokenProvider->getToken($password); |
|
| 529 | + return true; |
|
| 530 | + } catch (ExpiredTokenException $e) { |
|
| 531 | + throw $e; |
|
| 532 | + } catch (InvalidTokenException $ex) { |
|
| 533 | + $this->logger->debug('Token is not valid: ' . $ex->getMessage(), [ |
|
| 534 | + 'exception' => $ex, |
|
| 535 | + ]); |
|
| 536 | + return false; |
|
| 537 | + } |
|
| 538 | + } |
|
| 539 | + |
|
| 540 | + protected function prepareUserLogin($firstTimeLogin, $refreshCsrfToken = true) { |
|
| 541 | + if ($refreshCsrfToken) { |
|
| 542 | + // TODO: mock/inject/use non-static |
|
| 543 | + // Refresh the token |
|
| 544 | + \OC::$server->getCsrfTokenManager()->refreshToken(); |
|
| 545 | + } |
|
| 546 | + |
|
| 547 | + if ($firstTimeLogin) { |
|
| 548 | + //we need to pass the user name, which may differ from login name |
|
| 549 | + $user = $this->getUser()->getUID(); |
|
| 550 | + OC_Util::setupFS($user); |
|
| 551 | + |
|
| 552 | + // TODO: lock necessary? |
|
| 553 | + //trigger creation of user home and /files folder |
|
| 554 | + $userFolder = \OC::$server->getUserFolder($user); |
|
| 555 | + |
|
| 556 | + try { |
|
| 557 | + // copy skeleton |
|
| 558 | + \OC_Util::copySkeleton($user, $userFolder); |
|
| 559 | + } catch (NotPermittedException $ex) { |
|
| 560 | + // read only uses |
|
| 561 | + } |
|
| 562 | + |
|
| 563 | + // trigger any other initialization |
|
| 564 | + \OC::$server->getEventDispatcher()->dispatch(IUser::class . '::firstLogin', new GenericEvent($this->getUser())); |
|
| 565 | + } |
|
| 566 | + } |
|
| 567 | + |
|
| 568 | + /** |
|
| 569 | + * Tries to login the user with HTTP Basic Authentication |
|
| 570 | + * |
|
| 571 | + * @todo do not allow basic auth if the user is 2FA enforced |
|
| 572 | + * @param IRequest $request |
|
| 573 | + * @param OC\Security\Bruteforce\Throttler $throttler |
|
| 574 | + * @return boolean if the login was successful |
|
| 575 | + */ |
|
| 576 | + public function tryBasicAuthLogin(IRequest $request, |
|
| 577 | + OC\Security\Bruteforce\Throttler $throttler) { |
|
| 578 | + if (!empty($request->server['PHP_AUTH_USER']) && !empty($request->server['PHP_AUTH_PW'])) { |
|
| 579 | + try { |
|
| 580 | + if ($this->logClientIn($request->server['PHP_AUTH_USER'], $request->server['PHP_AUTH_PW'], $request, $throttler)) { |
|
| 581 | + /** |
|
| 582 | + * Add DAV authenticated. This should in an ideal world not be |
|
| 583 | + * necessary but the iOS App reads cookies from anywhere instead |
|
| 584 | + * only the DAV endpoint. |
|
| 585 | + * This makes sure that the cookies will be valid for the whole scope |
|
| 586 | + * @see https://github.com/owncloud/core/issues/22893 |
|
| 587 | + */ |
|
| 588 | + $this->session->set( |
|
| 589 | + Auth::DAV_AUTHENTICATED, $this->getUser()->getUID() |
|
| 590 | + ); |
|
| 591 | + |
|
| 592 | + // Set the last-password-confirm session to make the sudo mode work |
|
| 593 | + $this->session->set('last-password-confirm', $this->timeFactory->getTime()); |
|
| 594 | + |
|
| 595 | + return true; |
|
| 596 | + } |
|
| 597 | + // If credentials were provided, they need to be valid, otherwise we do boom |
|
| 598 | + throw new LoginException(); |
|
| 599 | + } catch (PasswordLoginForbiddenException $ex) { |
|
| 600 | + // Nothing to do |
|
| 601 | + } |
|
| 602 | + } |
|
| 603 | + return false; |
|
| 604 | + } |
|
| 605 | + |
|
| 606 | + /** |
|
| 607 | + * Log an user in via login name and password |
|
| 608 | + * |
|
| 609 | + * @param string $uid |
|
| 610 | + * @param string $password |
|
| 611 | + * @return boolean |
|
| 612 | + * @throws LoginException if an app canceld the login process or the user is not enabled |
|
| 613 | + */ |
|
| 614 | + private function loginWithPassword($uid, $password) { |
|
| 615 | + $user = $this->manager->checkPasswordNoLogging($uid, $password); |
|
| 616 | + if ($user === false) { |
|
| 617 | + // Password check failed |
|
| 618 | + return false; |
|
| 619 | + } |
|
| 620 | + |
|
| 621 | + return $this->completeLogin($user, ['loginName' => $uid, 'password' => $password], false); |
|
| 622 | + } |
|
| 623 | + |
|
| 624 | + /** |
|
| 625 | + * Log an user in with a given token (id) |
|
| 626 | + * |
|
| 627 | + * @param string $token |
|
| 628 | + * @return boolean |
|
| 629 | + * @throws LoginException if an app canceled the login process or the user is not enabled |
|
| 630 | + */ |
|
| 631 | + private function loginWithToken($token) { |
|
| 632 | + try { |
|
| 633 | + $dbToken = $this->tokenProvider->getToken($token); |
|
| 634 | + } catch (InvalidTokenException $ex) { |
|
| 635 | + return false; |
|
| 636 | + } |
|
| 637 | + $uid = $dbToken->getUID(); |
|
| 638 | + |
|
| 639 | + // When logging in with token, the password must be decrypted first before passing to login hook |
|
| 640 | + $password = ''; |
|
| 641 | + try { |
|
| 642 | + $password = $this->tokenProvider->getPassword($dbToken, $token); |
|
| 643 | + } catch (PasswordlessTokenException $ex) { |
|
| 644 | + // Ignore and use empty string instead |
|
| 645 | + } |
|
| 646 | + |
|
| 647 | + $this->manager->emit('\OC\User', 'preLogin', [$dbToken->getLoginName(), $password]); |
|
| 648 | + |
|
| 649 | + $user = $this->manager->get($uid); |
|
| 650 | + if (is_null($user)) { |
|
| 651 | + // user does not exist |
|
| 652 | + return false; |
|
| 653 | + } |
|
| 654 | + |
|
| 655 | + return $this->completeLogin( |
|
| 656 | + $user, |
|
| 657 | + [ |
|
| 658 | + 'loginName' => $dbToken->getLoginName(), |
|
| 659 | + 'password' => $password, |
|
| 660 | + 'token' => $dbToken |
|
| 661 | + ], |
|
| 662 | + false); |
|
| 663 | + } |
|
| 664 | + |
|
| 665 | + /** |
|
| 666 | + * Create a new session token for the given user credentials |
|
| 667 | + * |
|
| 668 | + * @param IRequest $request |
|
| 669 | + * @param string $uid user UID |
|
| 670 | + * @param string $loginName login name |
|
| 671 | + * @param string $password |
|
| 672 | + * @param int $remember |
|
| 673 | + * @return boolean |
|
| 674 | + */ |
|
| 675 | + public function createSessionToken(IRequest $request, $uid, $loginName, $password = null, $remember = IToken::DO_NOT_REMEMBER) { |
|
| 676 | + if (is_null($this->manager->get($uid))) { |
|
| 677 | + // User does not exist |
|
| 678 | + return false; |
|
| 679 | + } |
|
| 680 | + $name = isset($request->server['HTTP_USER_AGENT']) ? mb_convert_encoding($request->server['HTTP_USER_AGENT'], 'UTF-8', 'ISO-8859-1') : 'unknown browser'; |
|
| 681 | + try { |
|
| 682 | + $sessionId = $this->session->getId(); |
|
| 683 | + $pwd = $this->getPassword($password); |
|
| 684 | + // Make sure the current sessionId has no leftover tokens |
|
| 685 | + $this->tokenProvider->invalidateToken($sessionId); |
|
| 686 | + $this->tokenProvider->generateToken($sessionId, $uid, $loginName, $pwd, $name, IToken::TEMPORARY_TOKEN, $remember); |
|
| 687 | + return true; |
|
| 688 | + } catch (SessionNotAvailableException $ex) { |
|
| 689 | + // This can happen with OCC, where a memory session is used |
|
| 690 | + // if a memory session is used, we shouldn't create a session token anyway |
|
| 691 | + return false; |
|
| 692 | + } |
|
| 693 | + } |
|
| 694 | + |
|
| 695 | + /** |
|
| 696 | + * Checks if the given password is a token. |
|
| 697 | + * If yes, the password is extracted from the token. |
|
| 698 | + * If no, the same password is returned. |
|
| 699 | + * |
|
| 700 | + * @param string $password either the login password or a device token |
|
| 701 | + * @return string|null the password or null if none was set in the token |
|
| 702 | + */ |
|
| 703 | + private function getPassword($password) { |
|
| 704 | + if (is_null($password)) { |
|
| 705 | + // This is surely no token ;-) |
|
| 706 | + return null; |
|
| 707 | + } |
|
| 708 | + try { |
|
| 709 | + $token = $this->tokenProvider->getToken($password); |
|
| 710 | + try { |
|
| 711 | + return $this->tokenProvider->getPassword($token, $password); |
|
| 712 | + } catch (PasswordlessTokenException $ex) { |
|
| 713 | + return null; |
|
| 714 | + } |
|
| 715 | + } catch (InvalidTokenException $ex) { |
|
| 716 | + return $password; |
|
| 717 | + } |
|
| 718 | + } |
|
| 719 | + |
|
| 720 | + /** |
|
| 721 | + * @param IToken $dbToken |
|
| 722 | + * @param string $token |
|
| 723 | + * @return boolean |
|
| 724 | + */ |
|
| 725 | + private function checkTokenCredentials(IToken $dbToken, $token) { |
|
| 726 | + // Check whether login credentials are still valid and the user was not disabled |
|
| 727 | + // This check is performed each 5 minutes |
|
| 728 | + $lastCheck = $dbToken->getLastCheck() ? : 0; |
|
| 729 | + $now = $this->timeFactory->getTime(); |
|
| 730 | + if ($lastCheck > ($now - 60 * 5)) { |
|
| 731 | + // Checked performed recently, nothing to do now |
|
| 732 | + return true; |
|
| 733 | + } |
|
| 734 | + |
|
| 735 | + try { |
|
| 736 | + $pwd = $this->tokenProvider->getPassword($dbToken, $token); |
|
| 737 | + } catch (InvalidTokenException $ex) { |
|
| 738 | + // An invalid token password was used -> log user out |
|
| 739 | + return false; |
|
| 740 | + } catch (PasswordlessTokenException $ex) { |
|
| 741 | + // Token has no password |
|
| 742 | + |
|
| 743 | + if (!is_null($this->activeUser) && !$this->activeUser->isEnabled()) { |
|
| 744 | + $this->tokenProvider->invalidateToken($token); |
|
| 745 | + return false; |
|
| 746 | + } |
|
| 747 | + |
|
| 748 | + $dbToken->setLastCheck($now); |
|
| 749 | + $this->tokenProvider->updateToken($dbToken); |
|
| 750 | + return true; |
|
| 751 | + } |
|
| 752 | + |
|
| 753 | + // Invalidate token if the user is no longer active |
|
| 754 | + if (!is_null($this->activeUser) && !$this->activeUser->isEnabled()) { |
|
| 755 | + $this->tokenProvider->invalidateToken($token); |
|
| 756 | + return false; |
|
| 757 | + } |
|
| 758 | + |
|
| 759 | + // If the token password is no longer valid mark it as such |
|
| 760 | + if ($this->manager->checkPassword($dbToken->getLoginName(), $pwd) === false) { |
|
| 761 | + $this->tokenProvider->markPasswordInvalid($dbToken, $token); |
|
| 762 | + // User is logged out |
|
| 763 | + return false; |
|
| 764 | + } |
|
| 765 | + |
|
| 766 | + $dbToken->setLastCheck($now); |
|
| 767 | + $this->tokenProvider->updateToken($dbToken); |
|
| 768 | + return true; |
|
| 769 | + } |
|
| 770 | + |
|
| 771 | + /** |
|
| 772 | + * Check if the given token exists and performs password/user-enabled checks |
|
| 773 | + * |
|
| 774 | + * Invalidates the token if checks fail |
|
| 775 | + * |
|
| 776 | + * @param string $token |
|
| 777 | + * @param string $user login name |
|
| 778 | + * @return boolean |
|
| 779 | + */ |
|
| 780 | + private function validateToken($token, $user = null) { |
|
| 781 | + try { |
|
| 782 | + $dbToken = $this->tokenProvider->getToken($token); |
|
| 783 | + } catch (InvalidTokenException $ex) { |
|
| 784 | + return false; |
|
| 785 | + } |
|
| 786 | + |
|
| 787 | + // Check if login names match |
|
| 788 | + if (!is_null($user) && $dbToken->getLoginName() !== $user) { |
|
| 789 | + // TODO: this makes it impossible to use different login names on browser and client |
|
| 790 | + // e.g. login by e-mail '[email protected]' on browser for generating the token will not |
|
| 791 | + // allow to use the client token with the login name 'user'. |
|
| 792 | + $this->logger->error('App token login name does not match', [ |
|
| 793 | + 'tokenLoginName' => $dbToken->getLoginName(), |
|
| 794 | + 'sessionLoginName' => $user, |
|
| 795 | + ]); |
|
| 796 | + |
|
| 797 | + return false; |
|
| 798 | + } |
|
| 799 | + |
|
| 800 | + if (!$this->checkTokenCredentials($dbToken, $token)) { |
|
| 801 | + return false; |
|
| 802 | + } |
|
| 803 | + |
|
| 804 | + // Update token scope |
|
| 805 | + $this->lockdownManager->setToken($dbToken); |
|
| 806 | + |
|
| 807 | + $this->tokenProvider->updateTokenActivity($dbToken); |
|
| 808 | + |
|
| 809 | + return true; |
|
| 810 | + } |
|
| 811 | + |
|
| 812 | + /** |
|
| 813 | + * Tries to login the user with auth token header |
|
| 814 | + * |
|
| 815 | + * @param IRequest $request |
|
| 816 | + * @todo check remember me cookie |
|
| 817 | + * @return boolean |
|
| 818 | + */ |
|
| 819 | + public function tryTokenLogin(IRequest $request) { |
|
| 820 | + $authHeader = $request->getHeader('Authorization'); |
|
| 821 | + if (str_starts_with($authHeader, 'Bearer ')) { |
|
| 822 | + $token = substr($authHeader, 7); |
|
| 823 | + } else { |
|
| 824 | + // No auth header, let's try session id |
|
| 825 | + try { |
|
| 826 | + $token = $this->session->getId(); |
|
| 827 | + } catch (SessionNotAvailableException $ex) { |
|
| 828 | + return false; |
|
| 829 | + } |
|
| 830 | + } |
|
| 831 | + |
|
| 832 | + if (!$this->loginWithToken($token)) { |
|
| 833 | + return false; |
|
| 834 | + } |
|
| 835 | + if (!$this->validateToken($token)) { |
|
| 836 | + return false; |
|
| 837 | + } |
|
| 838 | + |
|
| 839 | + try { |
|
| 840 | + $dbToken = $this->tokenProvider->getToken($token); |
|
| 841 | + } catch (InvalidTokenException $e) { |
|
| 842 | + // Can't really happen but better save than sorry |
|
| 843 | + return true; |
|
| 844 | + } |
|
| 845 | + |
|
| 846 | + // Remember me tokens are not app_passwords |
|
| 847 | + if ($dbToken->getRemember() === IToken::DO_NOT_REMEMBER) { |
|
| 848 | + // Set the session variable so we know this is an app password |
|
| 849 | + $this->session->set('app_password', $token); |
|
| 850 | + } |
|
| 851 | + |
|
| 852 | + return true; |
|
| 853 | + } |
|
| 854 | + |
|
| 855 | + /** |
|
| 856 | + * perform login using the magic cookie (remember login) |
|
| 857 | + * |
|
| 858 | + * @param string $uid the username |
|
| 859 | + * @param string $currentToken |
|
| 860 | + * @param string $oldSessionId |
|
| 861 | + * @return bool |
|
| 862 | + */ |
|
| 863 | + public function loginWithCookie($uid, $currentToken, $oldSessionId) { |
|
| 864 | + $this->session->regenerateId(); |
|
| 865 | + $this->manager->emit('\OC\User', 'preRememberedLogin', [$uid]); |
|
| 866 | + $user = $this->manager->get($uid); |
|
| 867 | + if (is_null($user)) { |
|
| 868 | + // user does not exist |
|
| 869 | + return false; |
|
| 870 | + } |
|
| 871 | + |
|
| 872 | + // get stored tokens |
|
| 873 | + $tokens = $this->config->getUserKeys($uid, 'login_token'); |
|
| 874 | + // test cookies token against stored tokens |
|
| 875 | + if (!in_array($currentToken, $tokens, true)) { |
|
| 876 | + $this->logger->info('Tried to log in {uid} but could not verify token', [ |
|
| 877 | + 'app' => 'core', |
|
| 878 | + 'uid' => $uid, |
|
| 879 | + ]); |
|
| 880 | + return false; |
|
| 881 | + } |
|
| 882 | + // replace successfully used token with a new one |
|
| 883 | + $this->config->deleteUserValue($uid, 'login_token', $currentToken); |
|
| 884 | + $newToken = $this->random->generate(32); |
|
| 885 | + $this->config->setUserValue($uid, 'login_token', $newToken, (string)$this->timeFactory->getTime()); |
|
| 886 | + |
|
| 887 | + try { |
|
| 888 | + $sessionId = $this->session->getId(); |
|
| 889 | + $token = $this->tokenProvider->renewSessionToken($oldSessionId, $sessionId); |
|
| 890 | + } catch (SessionNotAvailableException $ex) { |
|
| 891 | + $this->logger->warning('Could not renew session token for {uid} because the session is unavailable', [ |
|
| 892 | + 'app' => 'core', |
|
| 893 | + 'uid' => $uid, |
|
| 894 | + ]); |
|
| 895 | + return false; |
|
| 896 | + } catch (InvalidTokenException $ex) { |
|
| 897 | + $this->logger->warning('Renewing session token failed', ['app' => 'core']); |
|
| 898 | + return false; |
|
| 899 | + } |
|
| 900 | + |
|
| 901 | + $this->setMagicInCookie($user->getUID(), $newToken); |
|
| 902 | + |
|
| 903 | + //login |
|
| 904 | + $this->setUser($user); |
|
| 905 | + $this->setLoginName($token->getLoginName()); |
|
| 906 | + $this->setToken($token->getId()); |
|
| 907 | + $this->lockdownManager->setToken($token); |
|
| 908 | + $user->updateLastLoginTimestamp(); |
|
| 909 | + $password = null; |
|
| 910 | + try { |
|
| 911 | + $password = $this->tokenProvider->getPassword($token, $sessionId); |
|
| 912 | + } catch (PasswordlessTokenException $ex) { |
|
| 913 | + // Ignore |
|
| 914 | + } |
|
| 915 | + $this->manager->emit('\OC\User', 'postRememberedLogin', [$user, $password]); |
|
| 916 | + return true; |
|
| 917 | + } |
|
| 918 | + |
|
| 919 | + /** |
|
| 920 | + * @param IUser $user |
|
| 921 | + */ |
|
| 922 | + public function createRememberMeToken(IUser $user) { |
|
| 923 | + $token = $this->random->generate(32); |
|
| 924 | + $this->config->setUserValue($user->getUID(), 'login_token', $token, (string)$this->timeFactory->getTime()); |
|
| 925 | + $this->setMagicInCookie($user->getUID(), $token); |
|
| 926 | + } |
|
| 927 | + |
|
| 928 | + /** |
|
| 929 | + * logout the user from the session |
|
| 930 | + */ |
|
| 931 | + public function logout() { |
|
| 932 | + $user = $this->getUser(); |
|
| 933 | + $this->manager->emit('\OC\User', 'logout', [$user]); |
|
| 934 | + if ($user !== null) { |
|
| 935 | + try { |
|
| 936 | + $this->tokenProvider->invalidateToken($this->session->getId()); |
|
| 937 | + } catch (SessionNotAvailableException $ex) { |
|
| 938 | + } |
|
| 939 | + } |
|
| 940 | + $this->setUser(null); |
|
| 941 | + $this->setLoginName(null); |
|
| 942 | + $this->setToken(null); |
|
| 943 | + $this->unsetMagicInCookie(); |
|
| 944 | + $this->session->clear(); |
|
| 945 | + $this->manager->emit('\OC\User', 'postLogout', [$user]); |
|
| 946 | + } |
|
| 947 | + |
|
| 948 | + /** |
|
| 949 | + * Set cookie value to use in next page load |
|
| 950 | + * |
|
| 951 | + * @param string $username username to be set |
|
| 952 | + * @param string $token |
|
| 953 | + */ |
|
| 954 | + public function setMagicInCookie($username, $token) { |
|
| 955 | + $secureCookie = OC::$server->getRequest()->getServerProtocol() === 'https'; |
|
| 956 | + $webRoot = \OC::$WEBROOT; |
|
| 957 | + if ($webRoot === '') { |
|
| 958 | + $webRoot = '/'; |
|
| 959 | + } |
|
| 960 | + |
|
| 961 | + $maxAge = $this->config->getSystemValueInt('remember_login_cookie_lifetime', 60 * 60 * 24 * 15); |
|
| 962 | + \OC\Http\CookieHelper::setCookie( |
|
| 963 | + 'nc_username', |
|
| 964 | + $username, |
|
| 965 | + $maxAge, |
|
| 966 | + $webRoot, |
|
| 967 | + '', |
|
| 968 | + $secureCookie, |
|
| 969 | + true, |
|
| 970 | + \OC\Http\CookieHelper::SAMESITE_LAX |
|
| 971 | + ); |
|
| 972 | + \OC\Http\CookieHelper::setCookie( |
|
| 973 | + 'nc_token', |
|
| 974 | + $token, |
|
| 975 | + $maxAge, |
|
| 976 | + $webRoot, |
|
| 977 | + '', |
|
| 978 | + $secureCookie, |
|
| 979 | + true, |
|
| 980 | + \OC\Http\CookieHelper::SAMESITE_LAX |
|
| 981 | + ); |
|
| 982 | + try { |
|
| 983 | + \OC\Http\CookieHelper::setCookie( |
|
| 984 | + 'nc_session_id', |
|
| 985 | + $this->session->getId(), |
|
| 986 | + $maxAge, |
|
| 987 | + $webRoot, |
|
| 988 | + '', |
|
| 989 | + $secureCookie, |
|
| 990 | + true, |
|
| 991 | + \OC\Http\CookieHelper::SAMESITE_LAX |
|
| 992 | + ); |
|
| 993 | + } catch (SessionNotAvailableException $ex) { |
|
| 994 | + // ignore |
|
| 995 | + } |
|
| 996 | + } |
|
| 997 | + |
|
| 998 | + /** |
|
| 999 | + * Remove cookie for "remember username" |
|
| 1000 | + */ |
|
| 1001 | + public function unsetMagicInCookie() { |
|
| 1002 | + //TODO: DI for cookies and IRequest |
|
| 1003 | + $secureCookie = OC::$server->getRequest()->getServerProtocol() === 'https'; |
|
| 1004 | + |
|
| 1005 | + unset($_COOKIE['nc_username']); //TODO: DI |
|
| 1006 | + unset($_COOKIE['nc_token']); |
|
| 1007 | + unset($_COOKIE['nc_session_id']); |
|
| 1008 | + setcookie('nc_username', '', $this->timeFactory->getTime() - 3600, OC::$WEBROOT, '', $secureCookie, true); |
|
| 1009 | + setcookie('nc_token', '', $this->timeFactory->getTime() - 3600, OC::$WEBROOT, '', $secureCookie, true); |
|
| 1010 | + setcookie('nc_session_id', '', $this->timeFactory->getTime() - 3600, OC::$WEBROOT, '', $secureCookie, true); |
|
| 1011 | + // old cookies might be stored under /webroot/ instead of /webroot |
|
| 1012 | + // and Firefox doesn't like it! |
|
| 1013 | + setcookie('nc_username', '', $this->timeFactory->getTime() - 3600, OC::$WEBROOT . '/', '', $secureCookie, true); |
|
| 1014 | + setcookie('nc_token', '', $this->timeFactory->getTime() - 3600, OC::$WEBROOT . '/', '', $secureCookie, true); |
|
| 1015 | + setcookie('nc_session_id', '', $this->timeFactory->getTime() - 3600, OC::$WEBROOT . '/', '', $secureCookie, true); |
|
| 1016 | + } |
|
| 1017 | + |
|
| 1018 | + /** |
|
| 1019 | + * Update password of the browser session token if there is one |
|
| 1020 | + * |
|
| 1021 | + * @param string $password |
|
| 1022 | + */ |
|
| 1023 | + public function updateSessionTokenPassword($password) { |
|
| 1024 | + try { |
|
| 1025 | + $sessionId = $this->session->getId(); |
|
| 1026 | + $token = $this->tokenProvider->getToken($sessionId); |
|
| 1027 | + $this->tokenProvider->setPassword($token, $sessionId, $password); |
|
| 1028 | + } catch (SessionNotAvailableException $ex) { |
|
| 1029 | + // Nothing to do |
|
| 1030 | + } catch (InvalidTokenException $ex) { |
|
| 1031 | + // Nothing to do |
|
| 1032 | + } |
|
| 1033 | + } |
|
| 1034 | + |
|
| 1035 | + public function updateTokens(string $uid, string $password) { |
|
| 1036 | + $this->tokenProvider->updatePasswords($uid, $password); |
|
| 1037 | + } |
|
| 1038 | 1038 | } |
@@ -63,554 +63,554 @@ |
||
| 63 | 63 | use function json_encode; |
| 64 | 64 | |
| 65 | 65 | class User implements IUser { |
| 66 | - private const CONFIG_KEY_MANAGERS = 'manager'; |
|
| 67 | - |
|
| 68 | - /** @var IAccountManager */ |
|
| 69 | - protected $accountManager; |
|
| 70 | - /** @var string */ |
|
| 71 | - private $uid; |
|
| 72 | - |
|
| 73 | - /** @var string|null */ |
|
| 74 | - private $displayName; |
|
| 75 | - |
|
| 76 | - /** @var UserInterface|null */ |
|
| 77 | - private $backend; |
|
| 78 | - /** @var EventDispatcherInterface */ |
|
| 79 | - private $legacyDispatcher; |
|
| 80 | - |
|
| 81 | - /** @var IEventDispatcher */ |
|
| 82 | - private $dispatcher; |
|
| 83 | - |
|
| 84 | - /** @var bool|null */ |
|
| 85 | - private $enabled; |
|
| 86 | - |
|
| 87 | - /** @var Emitter|Manager */ |
|
| 88 | - private $emitter; |
|
| 89 | - |
|
| 90 | - /** @var string */ |
|
| 91 | - private $home; |
|
| 92 | - |
|
| 93 | - /** @var int|null */ |
|
| 94 | - private $lastLogin; |
|
| 95 | - |
|
| 96 | - /** @var \OCP\IConfig */ |
|
| 97 | - private $config; |
|
| 98 | - |
|
| 99 | - /** @var IAvatarManager */ |
|
| 100 | - private $avatarManager; |
|
| 101 | - |
|
| 102 | - /** @var IURLGenerator */ |
|
| 103 | - private $urlGenerator; |
|
| 104 | - |
|
| 105 | - public function __construct(string $uid, ?UserInterface $backend, EventDispatcherInterface $dispatcher, $emitter = null, IConfig $config = null, $urlGenerator = null) { |
|
| 106 | - $this->uid = $uid; |
|
| 107 | - $this->backend = $backend; |
|
| 108 | - $this->legacyDispatcher = $dispatcher; |
|
| 109 | - $this->emitter = $emitter; |
|
| 110 | - if (is_null($config)) { |
|
| 111 | - $config = \OC::$server->getConfig(); |
|
| 112 | - } |
|
| 113 | - $this->config = $config; |
|
| 114 | - $this->urlGenerator = $urlGenerator; |
|
| 115 | - if (is_null($this->urlGenerator)) { |
|
| 116 | - $this->urlGenerator = \OC::$server->getURLGenerator(); |
|
| 117 | - } |
|
| 118 | - // TODO: inject |
|
| 119 | - $this->dispatcher = \OC::$server->query(IEventDispatcher::class); |
|
| 120 | - } |
|
| 121 | - |
|
| 122 | - /** |
|
| 123 | - * get the user id |
|
| 124 | - * |
|
| 125 | - * @return string |
|
| 126 | - */ |
|
| 127 | - public function getUID() { |
|
| 128 | - return $this->uid; |
|
| 129 | - } |
|
| 130 | - |
|
| 131 | - /** |
|
| 132 | - * get the display name for the user, if no specific display name is set it will fallback to the user id |
|
| 133 | - * |
|
| 134 | - * @return string |
|
| 135 | - */ |
|
| 136 | - public function getDisplayName() { |
|
| 137 | - if ($this->displayName === null) { |
|
| 138 | - $displayName = ''; |
|
| 139 | - if ($this->backend && $this->backend->implementsActions(Backend::GET_DISPLAYNAME)) { |
|
| 140 | - // get display name and strip whitespace from the beginning and end of it |
|
| 141 | - $backendDisplayName = $this->backend->getDisplayName($this->uid); |
|
| 142 | - if (is_string($backendDisplayName)) { |
|
| 143 | - $displayName = trim($backendDisplayName); |
|
| 144 | - } |
|
| 145 | - } |
|
| 146 | - |
|
| 147 | - if (!empty($displayName)) { |
|
| 148 | - $this->displayName = $displayName; |
|
| 149 | - } else { |
|
| 150 | - $this->displayName = $this->uid; |
|
| 151 | - } |
|
| 152 | - } |
|
| 153 | - return $this->displayName; |
|
| 154 | - } |
|
| 155 | - |
|
| 156 | - /** |
|
| 157 | - * set the displayname for the user |
|
| 158 | - * |
|
| 159 | - * @param string $displayName |
|
| 160 | - * @return bool |
|
| 161 | - * |
|
| 162 | - * @since 25.0.0 Throw InvalidArgumentException |
|
| 163 | - * @throws \InvalidArgumentException |
|
| 164 | - */ |
|
| 165 | - public function setDisplayName($displayName) { |
|
| 166 | - $displayName = trim($displayName); |
|
| 167 | - $oldDisplayName = $this->getDisplayName(); |
|
| 168 | - if ($this->backend->implementsActions(Backend::SET_DISPLAYNAME) && !empty($displayName) && $displayName !== $oldDisplayName) { |
|
| 169 | - /** @var ISetDisplayNameBackend $backend */ |
|
| 170 | - $backend = $this->backend; |
|
| 171 | - $result = $backend->setDisplayName($this->uid, $displayName); |
|
| 172 | - if ($result) { |
|
| 173 | - $this->displayName = $displayName; |
|
| 174 | - $this->triggerChange('displayName', $displayName, $oldDisplayName); |
|
| 175 | - } |
|
| 176 | - return $result !== false; |
|
| 177 | - } |
|
| 178 | - return false; |
|
| 179 | - } |
|
| 180 | - |
|
| 181 | - /** |
|
| 182 | - * @inheritDoc |
|
| 183 | - */ |
|
| 184 | - public function setEMailAddress($mailAddress) { |
|
| 185 | - $this->setSystemEMailAddress($mailAddress); |
|
| 186 | - } |
|
| 187 | - |
|
| 188 | - /** |
|
| 189 | - * @inheritDoc |
|
| 190 | - */ |
|
| 191 | - public function setSystemEMailAddress(string $mailAddress): void { |
|
| 192 | - $oldMailAddress = $this->getSystemEMailAddress(); |
|
| 193 | - |
|
| 194 | - if ($mailAddress === '') { |
|
| 195 | - $this->config->deleteUserValue($this->uid, 'settings', 'email'); |
|
| 196 | - } else { |
|
| 197 | - $this->config->setUserValue($this->uid, 'settings', 'email', $mailAddress); |
|
| 198 | - } |
|
| 199 | - |
|
| 200 | - $primaryAddress = $this->getPrimaryEMailAddress(); |
|
| 201 | - if ($primaryAddress === $mailAddress) { |
|
| 202 | - // on match no dedicated primary settings is necessary |
|
| 203 | - $this->setPrimaryEMailAddress(''); |
|
| 204 | - } |
|
| 205 | - |
|
| 206 | - if ($oldMailAddress !== strtolower($mailAddress)) { |
|
| 207 | - $this->triggerChange('eMailAddress', $mailAddress, $oldMailAddress); |
|
| 208 | - } |
|
| 209 | - } |
|
| 210 | - |
|
| 211 | - /** |
|
| 212 | - * @inheritDoc |
|
| 213 | - */ |
|
| 214 | - public function setPrimaryEMailAddress(string $mailAddress): void { |
|
| 215 | - if ($mailAddress === '') { |
|
| 216 | - $this->config->deleteUserValue($this->uid, 'settings', 'primary_email'); |
|
| 217 | - return; |
|
| 218 | - } |
|
| 219 | - |
|
| 220 | - $this->ensureAccountManager(); |
|
| 221 | - $account = $this->accountManager->getAccount($this); |
|
| 222 | - $property = $account->getPropertyCollection(IAccountManager::COLLECTION_EMAIL) |
|
| 223 | - ->getPropertyByValue($mailAddress); |
|
| 224 | - |
|
| 225 | - if ($property === null || $property->getLocallyVerified() !== IAccountManager::VERIFIED) { |
|
| 226 | - throw new InvalidArgumentException('Only verified emails can be set as primary'); |
|
| 227 | - } |
|
| 228 | - $this->config->setUserValue($this->uid, 'settings', 'primary_email', $mailAddress); |
|
| 229 | - } |
|
| 230 | - |
|
| 231 | - private function ensureAccountManager() { |
|
| 232 | - if (!$this->accountManager instanceof IAccountManager) { |
|
| 233 | - $this->accountManager = \OC::$server->get(IAccountManager::class); |
|
| 234 | - } |
|
| 235 | - } |
|
| 236 | - |
|
| 237 | - /** |
|
| 238 | - * returns the timestamp of the user's last login or 0 if the user did never |
|
| 239 | - * login |
|
| 240 | - * |
|
| 241 | - * @return int |
|
| 242 | - */ |
|
| 243 | - public function getLastLogin() { |
|
| 244 | - if ($this->lastLogin === null) { |
|
| 245 | - $this->lastLogin = (int) $this->config->getUserValue($this->uid, 'login', 'lastLogin', 0); |
|
| 246 | - } |
|
| 247 | - return (int) $this->lastLogin; |
|
| 248 | - } |
|
| 249 | - |
|
| 250 | - /** |
|
| 251 | - * updates the timestamp of the most recent login of this user |
|
| 252 | - */ |
|
| 253 | - public function updateLastLoginTimestamp() { |
|
| 254 | - $previousLogin = $this->getLastLogin(); |
|
| 255 | - $now = time(); |
|
| 256 | - $firstTimeLogin = $previousLogin === 0; |
|
| 257 | - |
|
| 258 | - if ($now - $previousLogin > 60) { |
|
| 259 | - $this->lastLogin = time(); |
|
| 260 | - $this->config->setUserValue( |
|
| 261 | - $this->uid, 'login', 'lastLogin', (string)$this->lastLogin); |
|
| 262 | - } |
|
| 263 | - |
|
| 264 | - return $firstTimeLogin; |
|
| 265 | - } |
|
| 266 | - |
|
| 267 | - /** |
|
| 268 | - * Delete the user |
|
| 269 | - * |
|
| 270 | - * @return bool |
|
| 271 | - */ |
|
| 272 | - public function delete() { |
|
| 273 | - /** @deprecated 21.0.0 use BeforeUserDeletedEvent event with the IEventDispatcher instead */ |
|
| 274 | - $this->legacyDispatcher->dispatch(IUser::class . '::preDelete', new GenericEvent($this)); |
|
| 275 | - if ($this->emitter) { |
|
| 276 | - /** @deprecated 21.0.0 use BeforeUserDeletedEvent event with the IEventDispatcher instead */ |
|
| 277 | - $this->emitter->emit('\OC\User', 'preDelete', [$this]); |
|
| 278 | - } |
|
| 279 | - $this->dispatcher->dispatchTyped(new BeforeUserDeletedEvent($this)); |
|
| 280 | - $result = $this->backend->deleteUser($this->uid); |
|
| 281 | - if ($result) { |
|
| 282 | - // FIXME: Feels like an hack - suggestions? |
|
| 283 | - |
|
| 284 | - $groupManager = \OC::$server->getGroupManager(); |
|
| 285 | - // We have to delete the user from all groups |
|
| 286 | - foreach ($groupManager->getUserGroupIds($this) as $groupId) { |
|
| 287 | - $group = $groupManager->get($groupId); |
|
| 288 | - if ($group) { |
|
| 289 | - $this->dispatcher->dispatchTyped(new BeforeUserRemovedEvent($group, $this)); |
|
| 290 | - $group->removeUser($this); |
|
| 291 | - $this->dispatcher->dispatchTyped(new UserRemovedEvent($group, $this)); |
|
| 292 | - } |
|
| 293 | - } |
|
| 294 | - // Delete the user's keys in preferences |
|
| 295 | - \OC::$server->getConfig()->deleteAllUserValues($this->uid); |
|
| 296 | - |
|
| 297 | - \OC::$server->getCommentsManager()->deleteReferencesOfActor('users', $this->uid); |
|
| 298 | - \OC::$server->getCommentsManager()->deleteReadMarksFromUser($this); |
|
| 299 | - |
|
| 300 | - /** @var AvatarManager $avatarManager */ |
|
| 301 | - $avatarManager = \OC::$server->query(AvatarManager::class); |
|
| 302 | - $avatarManager->deleteUserAvatar($this->uid); |
|
| 303 | - |
|
| 304 | - $notification = \OC::$server->getNotificationManager()->createNotification(); |
|
| 305 | - $notification->setUser($this->uid); |
|
| 306 | - \OC::$server->getNotificationManager()->markProcessed($notification); |
|
| 307 | - |
|
| 308 | - /** @var AccountManager $accountManager */ |
|
| 309 | - $accountManager = \OC::$server->query(AccountManager::class); |
|
| 310 | - $accountManager->deleteUser($this); |
|
| 311 | - |
|
| 312 | - /** @deprecated 21.0.0 use UserDeletedEvent event with the IEventDispatcher instead */ |
|
| 313 | - $this->legacyDispatcher->dispatch(IUser::class . '::postDelete', new GenericEvent($this)); |
|
| 314 | - if ($this->emitter) { |
|
| 315 | - /** @deprecated 21.0.0 use UserDeletedEvent event with the IEventDispatcher instead */ |
|
| 316 | - $this->emitter->emit('\OC\User', 'postDelete', [$this]); |
|
| 317 | - } |
|
| 318 | - $this->dispatcher->dispatchTyped(new UserDeletedEvent($this)); |
|
| 319 | - } |
|
| 320 | - return !($result === false); |
|
| 321 | - } |
|
| 322 | - |
|
| 323 | - /** |
|
| 324 | - * Set the password of the user |
|
| 325 | - * |
|
| 326 | - * @param string $password |
|
| 327 | - * @param string $recoveryPassword for the encryption app to reset encryption keys |
|
| 328 | - * @return bool |
|
| 329 | - */ |
|
| 330 | - public function setPassword($password, $recoveryPassword = null) { |
|
| 331 | - $this->legacyDispatcher->dispatch(IUser::class . '::preSetPassword', new GenericEvent($this, [ |
|
| 332 | - 'password' => $password, |
|
| 333 | - 'recoveryPassword' => $recoveryPassword, |
|
| 334 | - ])); |
|
| 335 | - if ($this->emitter) { |
|
| 336 | - $this->emitter->emit('\OC\User', 'preSetPassword', [$this, $password, $recoveryPassword]); |
|
| 337 | - } |
|
| 338 | - if ($this->backend->implementsActions(Backend::SET_PASSWORD)) { |
|
| 339 | - /** @var ISetPasswordBackend $backend */ |
|
| 340 | - $backend = $this->backend; |
|
| 341 | - $result = $backend->setPassword($this->uid, $password); |
|
| 342 | - |
|
| 343 | - if ($result !== false) { |
|
| 344 | - $this->legacyDispatcher->dispatch(IUser::class . '::postSetPassword', new GenericEvent($this, [ |
|
| 345 | - 'password' => $password, |
|
| 346 | - 'recoveryPassword' => $recoveryPassword, |
|
| 347 | - ])); |
|
| 348 | - if ($this->emitter) { |
|
| 349 | - $this->emitter->emit('\OC\User', 'postSetPassword', [$this, $password, $recoveryPassword]); |
|
| 350 | - } |
|
| 351 | - } |
|
| 352 | - |
|
| 353 | - return !($result === false); |
|
| 354 | - } else { |
|
| 355 | - return false; |
|
| 356 | - } |
|
| 357 | - } |
|
| 358 | - |
|
| 359 | - /** |
|
| 360 | - * get the users home folder to mount |
|
| 361 | - * |
|
| 362 | - * @return string |
|
| 363 | - */ |
|
| 364 | - public function getHome() { |
|
| 365 | - if (!$this->home) { |
|
| 366 | - /** @psalm-suppress UndefinedInterfaceMethod Once we get rid of the legacy implementsActions, psalm won't complain anymore */ |
|
| 367 | - if (($this->backend instanceof IGetHomeBackend || $this->backend->implementsActions(Backend::GET_HOME)) && $home = $this->backend->getHome($this->uid)) { |
|
| 368 | - $this->home = $home; |
|
| 369 | - } elseif ($this->config) { |
|
| 370 | - $this->home = $this->config->getSystemValueString('datadirectory', \OC::$SERVERROOT . '/data') . '/' . $this->uid; |
|
| 371 | - } else { |
|
| 372 | - $this->home = \OC::$SERVERROOT . '/data/' . $this->uid; |
|
| 373 | - } |
|
| 374 | - } |
|
| 375 | - return $this->home; |
|
| 376 | - } |
|
| 377 | - |
|
| 378 | - /** |
|
| 379 | - * Get the name of the backend class the user is connected with |
|
| 380 | - * |
|
| 381 | - * @return string |
|
| 382 | - */ |
|
| 383 | - public function getBackendClassName() { |
|
| 384 | - if ($this->backend instanceof IUserBackend) { |
|
| 385 | - return $this->backend->getBackendName(); |
|
| 386 | - } |
|
| 387 | - return get_class($this->backend); |
|
| 388 | - } |
|
| 389 | - |
|
| 390 | - public function getBackend(): ?UserInterface { |
|
| 391 | - return $this->backend; |
|
| 392 | - } |
|
| 393 | - |
|
| 394 | - /** |
|
| 395 | - * Check if the backend allows the user to change his avatar on Personal page |
|
| 396 | - * |
|
| 397 | - * @return bool |
|
| 398 | - */ |
|
| 399 | - public function canChangeAvatar() { |
|
| 400 | - if ($this->backend instanceof IProvideAvatarBackend || $this->backend->implementsActions(Backend::PROVIDE_AVATAR)) { |
|
| 401 | - /** @var IProvideAvatarBackend $backend */ |
|
| 402 | - $backend = $this->backend; |
|
| 403 | - return $backend->canChangeAvatar($this->uid); |
|
| 404 | - } |
|
| 405 | - return true; |
|
| 406 | - } |
|
| 407 | - |
|
| 408 | - /** |
|
| 409 | - * check if the backend supports changing passwords |
|
| 410 | - * |
|
| 411 | - * @return bool |
|
| 412 | - */ |
|
| 413 | - public function canChangePassword() { |
|
| 414 | - return $this->backend->implementsActions(Backend::SET_PASSWORD); |
|
| 415 | - } |
|
| 416 | - |
|
| 417 | - /** |
|
| 418 | - * check if the backend supports changing display names |
|
| 419 | - * |
|
| 420 | - * @return bool |
|
| 421 | - */ |
|
| 422 | - public function canChangeDisplayName() { |
|
| 423 | - if (!$this->config->getSystemValueBool('allow_user_to_change_display_name', true)) { |
|
| 424 | - return false; |
|
| 425 | - } |
|
| 426 | - return $this->backend->implementsActions(Backend::SET_DISPLAYNAME); |
|
| 427 | - } |
|
| 428 | - |
|
| 429 | - /** |
|
| 430 | - * check if the user is enabled |
|
| 431 | - * |
|
| 432 | - * @return bool |
|
| 433 | - */ |
|
| 434 | - public function isEnabled() { |
|
| 435 | - if ($this->enabled === null) { |
|
| 436 | - $enabled = $this->config->getUserValue($this->uid, 'core', 'enabled', 'true'); |
|
| 437 | - $this->enabled = $enabled === 'true'; |
|
| 438 | - } |
|
| 439 | - return (bool) $this->enabled; |
|
| 440 | - } |
|
| 441 | - |
|
| 442 | - /** |
|
| 443 | - * set the enabled status for the user |
|
| 444 | - * |
|
| 445 | - * @param bool $enabled |
|
| 446 | - */ |
|
| 447 | - public function setEnabled(bool $enabled = true) { |
|
| 448 | - $oldStatus = $this->isEnabled(); |
|
| 449 | - $this->enabled = $enabled; |
|
| 450 | - if ($oldStatus !== $this->enabled) { |
|
| 451 | - // TODO: First change the value, then trigger the event as done for all other properties. |
|
| 452 | - $this->triggerChange('enabled', $enabled, $oldStatus); |
|
| 453 | - $this->config->setUserValue($this->uid, 'core', 'enabled', $enabled ? 'true' : 'false'); |
|
| 454 | - } |
|
| 455 | - } |
|
| 456 | - |
|
| 457 | - /** |
|
| 458 | - * get the users email address |
|
| 459 | - * |
|
| 460 | - * @return string|null |
|
| 461 | - * @since 9.0.0 |
|
| 462 | - */ |
|
| 463 | - public function getEMailAddress() { |
|
| 464 | - return $this->getPrimaryEMailAddress() ?? $this->getSystemEMailAddress(); |
|
| 465 | - } |
|
| 466 | - |
|
| 467 | - /** |
|
| 468 | - * @inheritDoc |
|
| 469 | - */ |
|
| 470 | - public function getSystemEMailAddress(): ?string { |
|
| 471 | - return $this->config->getUserValue($this->uid, 'settings', 'email', null); |
|
| 472 | - } |
|
| 473 | - |
|
| 474 | - /** |
|
| 475 | - * @inheritDoc |
|
| 476 | - */ |
|
| 477 | - public function getPrimaryEMailAddress(): ?string { |
|
| 478 | - return $this->config->getUserValue($this->uid, 'settings', 'primary_email', null); |
|
| 479 | - } |
|
| 480 | - |
|
| 481 | - /** |
|
| 482 | - * get the users' quota |
|
| 483 | - * |
|
| 484 | - * @return string |
|
| 485 | - * @since 9.0.0 |
|
| 486 | - */ |
|
| 487 | - public function getQuota() { |
|
| 488 | - // allow apps to modify the user quota by hooking into the event |
|
| 489 | - $event = new GetQuotaEvent($this); |
|
| 490 | - $this->dispatcher->dispatchTyped($event); |
|
| 491 | - $overwriteQuota = $event->getQuota(); |
|
| 492 | - if ($overwriteQuota) { |
|
| 493 | - $quota = $overwriteQuota; |
|
| 494 | - } else { |
|
| 495 | - $quota = $this->config->getUserValue($this->uid, 'files', 'quota', 'default'); |
|
| 496 | - } |
|
| 497 | - if ($quota === 'default') { |
|
| 498 | - $quota = $this->config->getAppValue('files', 'default_quota', 'none'); |
|
| 499 | - |
|
| 500 | - // if unlimited quota is not allowed => avoid getting 'unlimited' as default_quota fallback value |
|
| 501 | - // use the first preset instead |
|
| 502 | - $allowUnlimitedQuota = $this->config->getAppValue('files', 'allow_unlimited_quota', '1') === '1'; |
|
| 503 | - if (!$allowUnlimitedQuota) { |
|
| 504 | - $presets = $this->config->getAppValue('files', 'quota_preset', '1 GB, 5 GB, 10 GB'); |
|
| 505 | - $presets = array_filter(array_map('trim', explode(',', $presets))); |
|
| 506 | - $quotaPreset = array_values(array_diff($presets, ['default', 'none'])); |
|
| 507 | - if (count($quotaPreset) > 0) { |
|
| 508 | - $quota = $this->config->getAppValue('files', 'default_quota', $quotaPreset[0]); |
|
| 509 | - } |
|
| 510 | - } |
|
| 511 | - } |
|
| 512 | - return $quota; |
|
| 513 | - } |
|
| 514 | - |
|
| 515 | - /** |
|
| 516 | - * set the users' quota |
|
| 517 | - * |
|
| 518 | - * @param string $quota |
|
| 519 | - * @return void |
|
| 520 | - * @throws InvalidArgumentException |
|
| 521 | - * @since 9.0.0 |
|
| 522 | - */ |
|
| 523 | - public function setQuota($quota) { |
|
| 524 | - $oldQuota = $this->config->getUserValue($this->uid, 'files', 'quota', ''); |
|
| 525 | - if ($quota !== 'none' and $quota !== 'default') { |
|
| 526 | - $bytesQuota = OC_Helper::computerFileSize($quota); |
|
| 527 | - if ($bytesQuota === false) { |
|
| 528 | - throw new InvalidArgumentException('Failed to set quota to invalid value '.$quota); |
|
| 529 | - } |
|
| 530 | - $quota = OC_Helper::humanFileSize($bytesQuota); |
|
| 531 | - } |
|
| 532 | - if ($quota !== $oldQuota) { |
|
| 533 | - $this->config->setUserValue($this->uid, 'files', 'quota', $quota); |
|
| 534 | - $this->triggerChange('quota', $quota, $oldQuota); |
|
| 535 | - } |
|
| 536 | - \OC_Helper::clearStorageInfo('/' . $this->uid . '/files'); |
|
| 537 | - } |
|
| 538 | - |
|
| 539 | - public function getManagerUids(): array { |
|
| 540 | - $encodedUids = $this->config->getUserValue( |
|
| 541 | - $this->uid, |
|
| 542 | - 'settings', |
|
| 543 | - self::CONFIG_KEY_MANAGERS, |
|
| 544 | - '[]' |
|
| 545 | - ); |
|
| 546 | - return json_decode($encodedUids, false, 512, JSON_THROW_ON_ERROR); |
|
| 547 | - } |
|
| 548 | - |
|
| 549 | - public function setManagerUids(array $uids): void { |
|
| 550 | - $oldUids = $this->getManagerUids(); |
|
| 551 | - $this->config->setUserValue( |
|
| 552 | - $this->uid, |
|
| 553 | - 'settings', |
|
| 554 | - self::CONFIG_KEY_MANAGERS, |
|
| 555 | - json_encode($uids, JSON_THROW_ON_ERROR) |
|
| 556 | - ); |
|
| 557 | - $this->triggerChange('managers', $uids, $oldUids); |
|
| 558 | - } |
|
| 559 | - |
|
| 560 | - /** |
|
| 561 | - * get the avatar image if it exists |
|
| 562 | - * |
|
| 563 | - * @param int $size |
|
| 564 | - * @return IImage|null |
|
| 565 | - * @since 9.0.0 |
|
| 566 | - */ |
|
| 567 | - public function getAvatarImage($size) { |
|
| 568 | - // delay the initialization |
|
| 569 | - if (is_null($this->avatarManager)) { |
|
| 570 | - $this->avatarManager = \OC::$server->getAvatarManager(); |
|
| 571 | - } |
|
| 572 | - |
|
| 573 | - $avatar = $this->avatarManager->getAvatar($this->uid); |
|
| 574 | - $image = $avatar->get($size); |
|
| 575 | - if ($image) { |
|
| 576 | - return $image; |
|
| 577 | - } |
|
| 578 | - |
|
| 579 | - return null; |
|
| 580 | - } |
|
| 581 | - |
|
| 582 | - /** |
|
| 583 | - * get the federation cloud id |
|
| 584 | - * |
|
| 585 | - * @return string |
|
| 586 | - * @since 9.0.0 |
|
| 587 | - */ |
|
| 588 | - public function getCloudId() { |
|
| 589 | - $uid = $this->getUID(); |
|
| 590 | - $server = rtrim($this->urlGenerator->getAbsoluteURL('/'), '/'); |
|
| 591 | - if (substr($server, -10) === '/index.php') { |
|
| 592 | - $server = substr($server, 0, -10); |
|
| 593 | - } |
|
| 594 | - $server = $this->removeProtocolFromUrl($server); |
|
| 595 | - return $uid . '@' . $server; |
|
| 596 | - } |
|
| 597 | - |
|
| 598 | - private function removeProtocolFromUrl(string $url): string { |
|
| 599 | - if (str_starts_with($url, 'https://')) { |
|
| 600 | - return substr($url, strlen('https://')); |
|
| 601 | - } |
|
| 602 | - |
|
| 603 | - return $url; |
|
| 604 | - } |
|
| 605 | - |
|
| 606 | - public function triggerChange($feature, $value = null, $oldValue = null) { |
|
| 607 | - $this->legacyDispatcher->dispatch(IUser::class . '::changeUser', new GenericEvent($this, [ |
|
| 608 | - 'feature' => $feature, |
|
| 609 | - 'value' => $value, |
|
| 610 | - 'oldValue' => $oldValue, |
|
| 611 | - ])); |
|
| 612 | - if ($this->emitter) { |
|
| 613 | - $this->emitter->emit('\OC\User', 'changeUser', [$this, $feature, $value, $oldValue]); |
|
| 614 | - } |
|
| 615 | - } |
|
| 66 | + private const CONFIG_KEY_MANAGERS = 'manager'; |
|
| 67 | + |
|
| 68 | + /** @var IAccountManager */ |
|
| 69 | + protected $accountManager; |
|
| 70 | + /** @var string */ |
|
| 71 | + private $uid; |
|
| 72 | + |
|
| 73 | + /** @var string|null */ |
|
| 74 | + private $displayName; |
|
| 75 | + |
|
| 76 | + /** @var UserInterface|null */ |
|
| 77 | + private $backend; |
|
| 78 | + /** @var EventDispatcherInterface */ |
|
| 79 | + private $legacyDispatcher; |
|
| 80 | + |
|
| 81 | + /** @var IEventDispatcher */ |
|
| 82 | + private $dispatcher; |
|
| 83 | + |
|
| 84 | + /** @var bool|null */ |
|
| 85 | + private $enabled; |
|
| 86 | + |
|
| 87 | + /** @var Emitter|Manager */ |
|
| 88 | + private $emitter; |
|
| 89 | + |
|
| 90 | + /** @var string */ |
|
| 91 | + private $home; |
|
| 92 | + |
|
| 93 | + /** @var int|null */ |
|
| 94 | + private $lastLogin; |
|
| 95 | + |
|
| 96 | + /** @var \OCP\IConfig */ |
|
| 97 | + private $config; |
|
| 98 | + |
|
| 99 | + /** @var IAvatarManager */ |
|
| 100 | + private $avatarManager; |
|
| 101 | + |
|
| 102 | + /** @var IURLGenerator */ |
|
| 103 | + private $urlGenerator; |
|
| 104 | + |
|
| 105 | + public function __construct(string $uid, ?UserInterface $backend, EventDispatcherInterface $dispatcher, $emitter = null, IConfig $config = null, $urlGenerator = null) { |
|
| 106 | + $this->uid = $uid; |
|
| 107 | + $this->backend = $backend; |
|
| 108 | + $this->legacyDispatcher = $dispatcher; |
|
| 109 | + $this->emitter = $emitter; |
|
| 110 | + if (is_null($config)) { |
|
| 111 | + $config = \OC::$server->getConfig(); |
|
| 112 | + } |
|
| 113 | + $this->config = $config; |
|
| 114 | + $this->urlGenerator = $urlGenerator; |
|
| 115 | + if (is_null($this->urlGenerator)) { |
|
| 116 | + $this->urlGenerator = \OC::$server->getURLGenerator(); |
|
| 117 | + } |
|
| 118 | + // TODO: inject |
|
| 119 | + $this->dispatcher = \OC::$server->query(IEventDispatcher::class); |
|
| 120 | + } |
|
| 121 | + |
|
| 122 | + /** |
|
| 123 | + * get the user id |
|
| 124 | + * |
|
| 125 | + * @return string |
|
| 126 | + */ |
|
| 127 | + public function getUID() { |
|
| 128 | + return $this->uid; |
|
| 129 | + } |
|
| 130 | + |
|
| 131 | + /** |
|
| 132 | + * get the display name for the user, if no specific display name is set it will fallback to the user id |
|
| 133 | + * |
|
| 134 | + * @return string |
|
| 135 | + */ |
|
| 136 | + public function getDisplayName() { |
|
| 137 | + if ($this->displayName === null) { |
|
| 138 | + $displayName = ''; |
|
| 139 | + if ($this->backend && $this->backend->implementsActions(Backend::GET_DISPLAYNAME)) { |
|
| 140 | + // get display name and strip whitespace from the beginning and end of it |
|
| 141 | + $backendDisplayName = $this->backend->getDisplayName($this->uid); |
|
| 142 | + if (is_string($backendDisplayName)) { |
|
| 143 | + $displayName = trim($backendDisplayName); |
|
| 144 | + } |
|
| 145 | + } |
|
| 146 | + |
|
| 147 | + if (!empty($displayName)) { |
|
| 148 | + $this->displayName = $displayName; |
|
| 149 | + } else { |
|
| 150 | + $this->displayName = $this->uid; |
|
| 151 | + } |
|
| 152 | + } |
|
| 153 | + return $this->displayName; |
|
| 154 | + } |
|
| 155 | + |
|
| 156 | + /** |
|
| 157 | + * set the displayname for the user |
|
| 158 | + * |
|
| 159 | + * @param string $displayName |
|
| 160 | + * @return bool |
|
| 161 | + * |
|
| 162 | + * @since 25.0.0 Throw InvalidArgumentException |
|
| 163 | + * @throws \InvalidArgumentException |
|
| 164 | + */ |
|
| 165 | + public function setDisplayName($displayName) { |
|
| 166 | + $displayName = trim($displayName); |
|
| 167 | + $oldDisplayName = $this->getDisplayName(); |
|
| 168 | + if ($this->backend->implementsActions(Backend::SET_DISPLAYNAME) && !empty($displayName) && $displayName !== $oldDisplayName) { |
|
| 169 | + /** @var ISetDisplayNameBackend $backend */ |
|
| 170 | + $backend = $this->backend; |
|
| 171 | + $result = $backend->setDisplayName($this->uid, $displayName); |
|
| 172 | + if ($result) { |
|
| 173 | + $this->displayName = $displayName; |
|
| 174 | + $this->triggerChange('displayName', $displayName, $oldDisplayName); |
|
| 175 | + } |
|
| 176 | + return $result !== false; |
|
| 177 | + } |
|
| 178 | + return false; |
|
| 179 | + } |
|
| 180 | + |
|
| 181 | + /** |
|
| 182 | + * @inheritDoc |
|
| 183 | + */ |
|
| 184 | + public function setEMailAddress($mailAddress) { |
|
| 185 | + $this->setSystemEMailAddress($mailAddress); |
|
| 186 | + } |
|
| 187 | + |
|
| 188 | + /** |
|
| 189 | + * @inheritDoc |
|
| 190 | + */ |
|
| 191 | + public function setSystemEMailAddress(string $mailAddress): void { |
|
| 192 | + $oldMailAddress = $this->getSystemEMailAddress(); |
|
| 193 | + |
|
| 194 | + if ($mailAddress === '') { |
|
| 195 | + $this->config->deleteUserValue($this->uid, 'settings', 'email'); |
|
| 196 | + } else { |
|
| 197 | + $this->config->setUserValue($this->uid, 'settings', 'email', $mailAddress); |
|
| 198 | + } |
|
| 199 | + |
|
| 200 | + $primaryAddress = $this->getPrimaryEMailAddress(); |
|
| 201 | + if ($primaryAddress === $mailAddress) { |
|
| 202 | + // on match no dedicated primary settings is necessary |
|
| 203 | + $this->setPrimaryEMailAddress(''); |
|
| 204 | + } |
|
| 205 | + |
|
| 206 | + if ($oldMailAddress !== strtolower($mailAddress)) { |
|
| 207 | + $this->triggerChange('eMailAddress', $mailAddress, $oldMailAddress); |
|
| 208 | + } |
|
| 209 | + } |
|
| 210 | + |
|
| 211 | + /** |
|
| 212 | + * @inheritDoc |
|
| 213 | + */ |
|
| 214 | + public function setPrimaryEMailAddress(string $mailAddress): void { |
|
| 215 | + if ($mailAddress === '') { |
|
| 216 | + $this->config->deleteUserValue($this->uid, 'settings', 'primary_email'); |
|
| 217 | + return; |
|
| 218 | + } |
|
| 219 | + |
|
| 220 | + $this->ensureAccountManager(); |
|
| 221 | + $account = $this->accountManager->getAccount($this); |
|
| 222 | + $property = $account->getPropertyCollection(IAccountManager::COLLECTION_EMAIL) |
|
| 223 | + ->getPropertyByValue($mailAddress); |
|
| 224 | + |
|
| 225 | + if ($property === null || $property->getLocallyVerified() !== IAccountManager::VERIFIED) { |
|
| 226 | + throw new InvalidArgumentException('Only verified emails can be set as primary'); |
|
| 227 | + } |
|
| 228 | + $this->config->setUserValue($this->uid, 'settings', 'primary_email', $mailAddress); |
|
| 229 | + } |
|
| 230 | + |
|
| 231 | + private function ensureAccountManager() { |
|
| 232 | + if (!$this->accountManager instanceof IAccountManager) { |
|
| 233 | + $this->accountManager = \OC::$server->get(IAccountManager::class); |
|
| 234 | + } |
|
| 235 | + } |
|
| 236 | + |
|
| 237 | + /** |
|
| 238 | + * returns the timestamp of the user's last login or 0 if the user did never |
|
| 239 | + * login |
|
| 240 | + * |
|
| 241 | + * @return int |
|
| 242 | + */ |
|
| 243 | + public function getLastLogin() { |
|
| 244 | + if ($this->lastLogin === null) { |
|
| 245 | + $this->lastLogin = (int) $this->config->getUserValue($this->uid, 'login', 'lastLogin', 0); |
|
| 246 | + } |
|
| 247 | + return (int) $this->lastLogin; |
|
| 248 | + } |
|
| 249 | + |
|
| 250 | + /** |
|
| 251 | + * updates the timestamp of the most recent login of this user |
|
| 252 | + */ |
|
| 253 | + public function updateLastLoginTimestamp() { |
|
| 254 | + $previousLogin = $this->getLastLogin(); |
|
| 255 | + $now = time(); |
|
| 256 | + $firstTimeLogin = $previousLogin === 0; |
|
| 257 | + |
|
| 258 | + if ($now - $previousLogin > 60) { |
|
| 259 | + $this->lastLogin = time(); |
|
| 260 | + $this->config->setUserValue( |
|
| 261 | + $this->uid, 'login', 'lastLogin', (string)$this->lastLogin); |
|
| 262 | + } |
|
| 263 | + |
|
| 264 | + return $firstTimeLogin; |
|
| 265 | + } |
|
| 266 | + |
|
| 267 | + /** |
|
| 268 | + * Delete the user |
|
| 269 | + * |
|
| 270 | + * @return bool |
|
| 271 | + */ |
|
| 272 | + public function delete() { |
|
| 273 | + /** @deprecated 21.0.0 use BeforeUserDeletedEvent event with the IEventDispatcher instead */ |
|
| 274 | + $this->legacyDispatcher->dispatch(IUser::class . '::preDelete', new GenericEvent($this)); |
|
| 275 | + if ($this->emitter) { |
|
| 276 | + /** @deprecated 21.0.0 use BeforeUserDeletedEvent event with the IEventDispatcher instead */ |
|
| 277 | + $this->emitter->emit('\OC\User', 'preDelete', [$this]); |
|
| 278 | + } |
|
| 279 | + $this->dispatcher->dispatchTyped(new BeforeUserDeletedEvent($this)); |
|
| 280 | + $result = $this->backend->deleteUser($this->uid); |
|
| 281 | + if ($result) { |
|
| 282 | + // FIXME: Feels like an hack - suggestions? |
|
| 283 | + |
|
| 284 | + $groupManager = \OC::$server->getGroupManager(); |
|
| 285 | + // We have to delete the user from all groups |
|
| 286 | + foreach ($groupManager->getUserGroupIds($this) as $groupId) { |
|
| 287 | + $group = $groupManager->get($groupId); |
|
| 288 | + if ($group) { |
|
| 289 | + $this->dispatcher->dispatchTyped(new BeforeUserRemovedEvent($group, $this)); |
|
| 290 | + $group->removeUser($this); |
|
| 291 | + $this->dispatcher->dispatchTyped(new UserRemovedEvent($group, $this)); |
|
| 292 | + } |
|
| 293 | + } |
|
| 294 | + // Delete the user's keys in preferences |
|
| 295 | + \OC::$server->getConfig()->deleteAllUserValues($this->uid); |
|
| 296 | + |
|
| 297 | + \OC::$server->getCommentsManager()->deleteReferencesOfActor('users', $this->uid); |
|
| 298 | + \OC::$server->getCommentsManager()->deleteReadMarksFromUser($this); |
|
| 299 | + |
|
| 300 | + /** @var AvatarManager $avatarManager */ |
|
| 301 | + $avatarManager = \OC::$server->query(AvatarManager::class); |
|
| 302 | + $avatarManager->deleteUserAvatar($this->uid); |
|
| 303 | + |
|
| 304 | + $notification = \OC::$server->getNotificationManager()->createNotification(); |
|
| 305 | + $notification->setUser($this->uid); |
|
| 306 | + \OC::$server->getNotificationManager()->markProcessed($notification); |
|
| 307 | + |
|
| 308 | + /** @var AccountManager $accountManager */ |
|
| 309 | + $accountManager = \OC::$server->query(AccountManager::class); |
|
| 310 | + $accountManager->deleteUser($this); |
|
| 311 | + |
|
| 312 | + /** @deprecated 21.0.0 use UserDeletedEvent event with the IEventDispatcher instead */ |
|
| 313 | + $this->legacyDispatcher->dispatch(IUser::class . '::postDelete', new GenericEvent($this)); |
|
| 314 | + if ($this->emitter) { |
|
| 315 | + /** @deprecated 21.0.0 use UserDeletedEvent event with the IEventDispatcher instead */ |
|
| 316 | + $this->emitter->emit('\OC\User', 'postDelete', [$this]); |
|
| 317 | + } |
|
| 318 | + $this->dispatcher->dispatchTyped(new UserDeletedEvent($this)); |
|
| 319 | + } |
|
| 320 | + return !($result === false); |
|
| 321 | + } |
|
| 322 | + |
|
| 323 | + /** |
|
| 324 | + * Set the password of the user |
|
| 325 | + * |
|
| 326 | + * @param string $password |
|
| 327 | + * @param string $recoveryPassword for the encryption app to reset encryption keys |
|
| 328 | + * @return bool |
|
| 329 | + */ |
|
| 330 | + public function setPassword($password, $recoveryPassword = null) { |
|
| 331 | + $this->legacyDispatcher->dispatch(IUser::class . '::preSetPassword', new GenericEvent($this, [ |
|
| 332 | + 'password' => $password, |
|
| 333 | + 'recoveryPassword' => $recoveryPassword, |
|
| 334 | + ])); |
|
| 335 | + if ($this->emitter) { |
|
| 336 | + $this->emitter->emit('\OC\User', 'preSetPassword', [$this, $password, $recoveryPassword]); |
|
| 337 | + } |
|
| 338 | + if ($this->backend->implementsActions(Backend::SET_PASSWORD)) { |
|
| 339 | + /** @var ISetPasswordBackend $backend */ |
|
| 340 | + $backend = $this->backend; |
|
| 341 | + $result = $backend->setPassword($this->uid, $password); |
|
| 342 | + |
|
| 343 | + if ($result !== false) { |
|
| 344 | + $this->legacyDispatcher->dispatch(IUser::class . '::postSetPassword', new GenericEvent($this, [ |
|
| 345 | + 'password' => $password, |
|
| 346 | + 'recoveryPassword' => $recoveryPassword, |
|
| 347 | + ])); |
|
| 348 | + if ($this->emitter) { |
|
| 349 | + $this->emitter->emit('\OC\User', 'postSetPassword', [$this, $password, $recoveryPassword]); |
|
| 350 | + } |
|
| 351 | + } |
|
| 352 | + |
|
| 353 | + return !($result === false); |
|
| 354 | + } else { |
|
| 355 | + return false; |
|
| 356 | + } |
|
| 357 | + } |
|
| 358 | + |
|
| 359 | + /** |
|
| 360 | + * get the users home folder to mount |
|
| 361 | + * |
|
| 362 | + * @return string |
|
| 363 | + */ |
|
| 364 | + public function getHome() { |
|
| 365 | + if (!$this->home) { |
|
| 366 | + /** @psalm-suppress UndefinedInterfaceMethod Once we get rid of the legacy implementsActions, psalm won't complain anymore */ |
|
| 367 | + if (($this->backend instanceof IGetHomeBackend || $this->backend->implementsActions(Backend::GET_HOME)) && $home = $this->backend->getHome($this->uid)) { |
|
| 368 | + $this->home = $home; |
|
| 369 | + } elseif ($this->config) { |
|
| 370 | + $this->home = $this->config->getSystemValueString('datadirectory', \OC::$SERVERROOT . '/data') . '/' . $this->uid; |
|
| 371 | + } else { |
|
| 372 | + $this->home = \OC::$SERVERROOT . '/data/' . $this->uid; |
|
| 373 | + } |
|
| 374 | + } |
|
| 375 | + return $this->home; |
|
| 376 | + } |
|
| 377 | + |
|
| 378 | + /** |
|
| 379 | + * Get the name of the backend class the user is connected with |
|
| 380 | + * |
|
| 381 | + * @return string |
|
| 382 | + */ |
|
| 383 | + public function getBackendClassName() { |
|
| 384 | + if ($this->backend instanceof IUserBackend) { |
|
| 385 | + return $this->backend->getBackendName(); |
|
| 386 | + } |
|
| 387 | + return get_class($this->backend); |
|
| 388 | + } |
|
| 389 | + |
|
| 390 | + public function getBackend(): ?UserInterface { |
|
| 391 | + return $this->backend; |
|
| 392 | + } |
|
| 393 | + |
|
| 394 | + /** |
|
| 395 | + * Check if the backend allows the user to change his avatar on Personal page |
|
| 396 | + * |
|
| 397 | + * @return bool |
|
| 398 | + */ |
|
| 399 | + public function canChangeAvatar() { |
|
| 400 | + if ($this->backend instanceof IProvideAvatarBackend || $this->backend->implementsActions(Backend::PROVIDE_AVATAR)) { |
|
| 401 | + /** @var IProvideAvatarBackend $backend */ |
|
| 402 | + $backend = $this->backend; |
|
| 403 | + return $backend->canChangeAvatar($this->uid); |
|
| 404 | + } |
|
| 405 | + return true; |
|
| 406 | + } |
|
| 407 | + |
|
| 408 | + /** |
|
| 409 | + * check if the backend supports changing passwords |
|
| 410 | + * |
|
| 411 | + * @return bool |
|
| 412 | + */ |
|
| 413 | + public function canChangePassword() { |
|
| 414 | + return $this->backend->implementsActions(Backend::SET_PASSWORD); |
|
| 415 | + } |
|
| 416 | + |
|
| 417 | + /** |
|
| 418 | + * check if the backend supports changing display names |
|
| 419 | + * |
|
| 420 | + * @return bool |
|
| 421 | + */ |
|
| 422 | + public function canChangeDisplayName() { |
|
| 423 | + if (!$this->config->getSystemValueBool('allow_user_to_change_display_name', true)) { |
|
| 424 | + return false; |
|
| 425 | + } |
|
| 426 | + return $this->backend->implementsActions(Backend::SET_DISPLAYNAME); |
|
| 427 | + } |
|
| 428 | + |
|
| 429 | + /** |
|
| 430 | + * check if the user is enabled |
|
| 431 | + * |
|
| 432 | + * @return bool |
|
| 433 | + */ |
|
| 434 | + public function isEnabled() { |
|
| 435 | + if ($this->enabled === null) { |
|
| 436 | + $enabled = $this->config->getUserValue($this->uid, 'core', 'enabled', 'true'); |
|
| 437 | + $this->enabled = $enabled === 'true'; |
|
| 438 | + } |
|
| 439 | + return (bool) $this->enabled; |
|
| 440 | + } |
|
| 441 | + |
|
| 442 | + /** |
|
| 443 | + * set the enabled status for the user |
|
| 444 | + * |
|
| 445 | + * @param bool $enabled |
|
| 446 | + */ |
|
| 447 | + public function setEnabled(bool $enabled = true) { |
|
| 448 | + $oldStatus = $this->isEnabled(); |
|
| 449 | + $this->enabled = $enabled; |
|
| 450 | + if ($oldStatus !== $this->enabled) { |
|
| 451 | + // TODO: First change the value, then trigger the event as done for all other properties. |
|
| 452 | + $this->triggerChange('enabled', $enabled, $oldStatus); |
|
| 453 | + $this->config->setUserValue($this->uid, 'core', 'enabled', $enabled ? 'true' : 'false'); |
|
| 454 | + } |
|
| 455 | + } |
|
| 456 | + |
|
| 457 | + /** |
|
| 458 | + * get the users email address |
|
| 459 | + * |
|
| 460 | + * @return string|null |
|
| 461 | + * @since 9.0.0 |
|
| 462 | + */ |
|
| 463 | + public function getEMailAddress() { |
|
| 464 | + return $this->getPrimaryEMailAddress() ?? $this->getSystemEMailAddress(); |
|
| 465 | + } |
|
| 466 | + |
|
| 467 | + /** |
|
| 468 | + * @inheritDoc |
|
| 469 | + */ |
|
| 470 | + public function getSystemEMailAddress(): ?string { |
|
| 471 | + return $this->config->getUserValue($this->uid, 'settings', 'email', null); |
|
| 472 | + } |
|
| 473 | + |
|
| 474 | + /** |
|
| 475 | + * @inheritDoc |
|
| 476 | + */ |
|
| 477 | + public function getPrimaryEMailAddress(): ?string { |
|
| 478 | + return $this->config->getUserValue($this->uid, 'settings', 'primary_email', null); |
|
| 479 | + } |
|
| 480 | + |
|
| 481 | + /** |
|
| 482 | + * get the users' quota |
|
| 483 | + * |
|
| 484 | + * @return string |
|
| 485 | + * @since 9.0.0 |
|
| 486 | + */ |
|
| 487 | + public function getQuota() { |
|
| 488 | + // allow apps to modify the user quota by hooking into the event |
|
| 489 | + $event = new GetQuotaEvent($this); |
|
| 490 | + $this->dispatcher->dispatchTyped($event); |
|
| 491 | + $overwriteQuota = $event->getQuota(); |
|
| 492 | + if ($overwriteQuota) { |
|
| 493 | + $quota = $overwriteQuota; |
|
| 494 | + } else { |
|
| 495 | + $quota = $this->config->getUserValue($this->uid, 'files', 'quota', 'default'); |
|
| 496 | + } |
|
| 497 | + if ($quota === 'default') { |
|
| 498 | + $quota = $this->config->getAppValue('files', 'default_quota', 'none'); |
|
| 499 | + |
|
| 500 | + // if unlimited quota is not allowed => avoid getting 'unlimited' as default_quota fallback value |
|
| 501 | + // use the first preset instead |
|
| 502 | + $allowUnlimitedQuota = $this->config->getAppValue('files', 'allow_unlimited_quota', '1') === '1'; |
|
| 503 | + if (!$allowUnlimitedQuota) { |
|
| 504 | + $presets = $this->config->getAppValue('files', 'quota_preset', '1 GB, 5 GB, 10 GB'); |
|
| 505 | + $presets = array_filter(array_map('trim', explode(',', $presets))); |
|
| 506 | + $quotaPreset = array_values(array_diff($presets, ['default', 'none'])); |
|
| 507 | + if (count($quotaPreset) > 0) { |
|
| 508 | + $quota = $this->config->getAppValue('files', 'default_quota', $quotaPreset[0]); |
|
| 509 | + } |
|
| 510 | + } |
|
| 511 | + } |
|
| 512 | + return $quota; |
|
| 513 | + } |
|
| 514 | + |
|
| 515 | + /** |
|
| 516 | + * set the users' quota |
|
| 517 | + * |
|
| 518 | + * @param string $quota |
|
| 519 | + * @return void |
|
| 520 | + * @throws InvalidArgumentException |
|
| 521 | + * @since 9.0.0 |
|
| 522 | + */ |
|
| 523 | + public function setQuota($quota) { |
|
| 524 | + $oldQuota = $this->config->getUserValue($this->uid, 'files', 'quota', ''); |
|
| 525 | + if ($quota !== 'none' and $quota !== 'default') { |
|
| 526 | + $bytesQuota = OC_Helper::computerFileSize($quota); |
|
| 527 | + if ($bytesQuota === false) { |
|
| 528 | + throw new InvalidArgumentException('Failed to set quota to invalid value '.$quota); |
|
| 529 | + } |
|
| 530 | + $quota = OC_Helper::humanFileSize($bytesQuota); |
|
| 531 | + } |
|
| 532 | + if ($quota !== $oldQuota) { |
|
| 533 | + $this->config->setUserValue($this->uid, 'files', 'quota', $quota); |
|
| 534 | + $this->triggerChange('quota', $quota, $oldQuota); |
|
| 535 | + } |
|
| 536 | + \OC_Helper::clearStorageInfo('/' . $this->uid . '/files'); |
|
| 537 | + } |
|
| 538 | + |
|
| 539 | + public function getManagerUids(): array { |
|
| 540 | + $encodedUids = $this->config->getUserValue( |
|
| 541 | + $this->uid, |
|
| 542 | + 'settings', |
|
| 543 | + self::CONFIG_KEY_MANAGERS, |
|
| 544 | + '[]' |
|
| 545 | + ); |
|
| 546 | + return json_decode($encodedUids, false, 512, JSON_THROW_ON_ERROR); |
|
| 547 | + } |
|
| 548 | + |
|
| 549 | + public function setManagerUids(array $uids): void { |
|
| 550 | + $oldUids = $this->getManagerUids(); |
|
| 551 | + $this->config->setUserValue( |
|
| 552 | + $this->uid, |
|
| 553 | + 'settings', |
|
| 554 | + self::CONFIG_KEY_MANAGERS, |
|
| 555 | + json_encode($uids, JSON_THROW_ON_ERROR) |
|
| 556 | + ); |
|
| 557 | + $this->triggerChange('managers', $uids, $oldUids); |
|
| 558 | + } |
|
| 559 | + |
|
| 560 | + /** |
|
| 561 | + * get the avatar image if it exists |
|
| 562 | + * |
|
| 563 | + * @param int $size |
|
| 564 | + * @return IImage|null |
|
| 565 | + * @since 9.0.0 |
|
| 566 | + */ |
|
| 567 | + public function getAvatarImage($size) { |
|
| 568 | + // delay the initialization |
|
| 569 | + if (is_null($this->avatarManager)) { |
|
| 570 | + $this->avatarManager = \OC::$server->getAvatarManager(); |
|
| 571 | + } |
|
| 572 | + |
|
| 573 | + $avatar = $this->avatarManager->getAvatar($this->uid); |
|
| 574 | + $image = $avatar->get($size); |
|
| 575 | + if ($image) { |
|
| 576 | + return $image; |
|
| 577 | + } |
|
| 578 | + |
|
| 579 | + return null; |
|
| 580 | + } |
|
| 581 | + |
|
| 582 | + /** |
|
| 583 | + * get the federation cloud id |
|
| 584 | + * |
|
| 585 | + * @return string |
|
| 586 | + * @since 9.0.0 |
|
| 587 | + */ |
|
| 588 | + public function getCloudId() { |
|
| 589 | + $uid = $this->getUID(); |
|
| 590 | + $server = rtrim($this->urlGenerator->getAbsoluteURL('/'), '/'); |
|
| 591 | + if (substr($server, -10) === '/index.php') { |
|
| 592 | + $server = substr($server, 0, -10); |
|
| 593 | + } |
|
| 594 | + $server = $this->removeProtocolFromUrl($server); |
|
| 595 | + return $uid . '@' . $server; |
|
| 596 | + } |
|
| 597 | + |
|
| 598 | + private function removeProtocolFromUrl(string $url): string { |
|
| 599 | + if (str_starts_with($url, 'https://')) { |
|
| 600 | + return substr($url, strlen('https://')); |
|
| 601 | + } |
|
| 602 | + |
|
| 603 | + return $url; |
|
| 604 | + } |
|
| 605 | + |
|
| 606 | + public function triggerChange($feature, $value = null, $oldValue = null) { |
|
| 607 | + $this->legacyDispatcher->dispatch(IUser::class . '::changeUser', new GenericEvent($this, [ |
|
| 608 | + 'feature' => $feature, |
|
| 609 | + 'value' => $value, |
|
| 610 | + 'oldValue' => $oldValue, |
|
| 611 | + ])); |
|
| 612 | + if ($this->emitter) { |
|
| 613 | + $this->emitter->emit('\OC\User', 'changeUser', [$this, $feature, $value, $oldValue]); |
|
| 614 | + } |
|
| 615 | + } |
|
| 616 | 616 | } |
@@ -59,365 +59,365 @@ |
||
| 59 | 59 | * MonoLog is an example implementing this interface. |
| 60 | 60 | */ |
| 61 | 61 | class Log implements ILogger, IDataLogger { |
| 62 | - private IWriter $logger; |
|
| 63 | - private ?SystemConfig $config; |
|
| 64 | - private ?bool $logConditionSatisfied = null; |
|
| 65 | - private ?Normalizer $normalizer; |
|
| 66 | - private ?IRegistry $crashReporters; |
|
| 67 | - |
|
| 68 | - /** |
|
| 69 | - * @param IWriter $logger The logger that should be used |
|
| 70 | - * @param SystemConfig $config the system config object |
|
| 71 | - * @param Normalizer|null $normalizer |
|
| 72 | - * @param IRegistry|null $registry |
|
| 73 | - */ |
|
| 74 | - public function __construct(IWriter $logger, SystemConfig $config = null, Normalizer $normalizer = null, IRegistry $registry = null) { |
|
| 75 | - // FIXME: Add this for backwards compatibility, should be fixed at some point probably |
|
| 76 | - if ($config === null) { |
|
| 77 | - $config = \OC::$server->getSystemConfig(); |
|
| 78 | - } |
|
| 79 | - |
|
| 80 | - $this->config = $config; |
|
| 81 | - $this->logger = $logger; |
|
| 82 | - if ($normalizer === null) { |
|
| 83 | - $this->normalizer = new Normalizer(); |
|
| 84 | - } else { |
|
| 85 | - $this->normalizer = $normalizer; |
|
| 86 | - } |
|
| 87 | - $this->crashReporters = $registry; |
|
| 88 | - } |
|
| 89 | - |
|
| 90 | - /** |
|
| 91 | - * System is unusable. |
|
| 92 | - * |
|
| 93 | - * @param string $message |
|
| 94 | - * @param array $context |
|
| 95 | - * @return void |
|
| 96 | - */ |
|
| 97 | - public function emergency(string $message, array $context = []) { |
|
| 98 | - $this->log(ILogger::FATAL, $message, $context); |
|
| 99 | - } |
|
| 100 | - |
|
| 101 | - /** |
|
| 102 | - * Action must be taken immediately. |
|
| 103 | - * |
|
| 104 | - * Example: Entire website down, database unavailable, etc. This should |
|
| 105 | - * trigger the SMS alerts and wake you up. |
|
| 106 | - * |
|
| 107 | - * @param string $message |
|
| 108 | - * @param array $context |
|
| 109 | - * @return void |
|
| 110 | - */ |
|
| 111 | - public function alert(string $message, array $context = []) { |
|
| 112 | - $this->log(ILogger::ERROR, $message, $context); |
|
| 113 | - } |
|
| 114 | - |
|
| 115 | - /** |
|
| 116 | - * Critical conditions. |
|
| 117 | - * |
|
| 118 | - * Example: Application component unavailable, unexpected exception. |
|
| 119 | - * |
|
| 120 | - * @param string $message |
|
| 121 | - * @param array $context |
|
| 122 | - * @return void |
|
| 123 | - */ |
|
| 124 | - public function critical(string $message, array $context = []) { |
|
| 125 | - $this->log(ILogger::ERROR, $message, $context); |
|
| 126 | - } |
|
| 127 | - |
|
| 128 | - /** |
|
| 129 | - * Runtime errors that do not require immediate action but should typically |
|
| 130 | - * be logged and monitored. |
|
| 131 | - * |
|
| 132 | - * @param string $message |
|
| 133 | - * @param array $context |
|
| 134 | - * @return void |
|
| 135 | - */ |
|
| 136 | - public function error(string $message, array $context = []) { |
|
| 137 | - $this->log(ILogger::ERROR, $message, $context); |
|
| 138 | - } |
|
| 139 | - |
|
| 140 | - /** |
|
| 141 | - * Exceptional occurrences that are not errors. |
|
| 142 | - * |
|
| 143 | - * Example: Use of deprecated APIs, poor use of an API, undesirable things |
|
| 144 | - * that are not necessarily wrong. |
|
| 145 | - * |
|
| 146 | - * @param string $message |
|
| 147 | - * @param array $context |
|
| 148 | - * @return void |
|
| 149 | - */ |
|
| 150 | - public function warning(string $message, array $context = []) { |
|
| 151 | - $this->log(ILogger::WARN, $message, $context); |
|
| 152 | - } |
|
| 153 | - |
|
| 154 | - /** |
|
| 155 | - * Normal but significant events. |
|
| 156 | - * |
|
| 157 | - * @param string $message |
|
| 158 | - * @param array $context |
|
| 159 | - * @return void |
|
| 160 | - */ |
|
| 161 | - public function notice(string $message, array $context = []) { |
|
| 162 | - $this->log(ILogger::INFO, $message, $context); |
|
| 163 | - } |
|
| 164 | - |
|
| 165 | - /** |
|
| 166 | - * Interesting events. |
|
| 167 | - * |
|
| 168 | - * Example: User logs in, SQL logs. |
|
| 169 | - * |
|
| 170 | - * @param string $message |
|
| 171 | - * @param array $context |
|
| 172 | - * @return void |
|
| 173 | - */ |
|
| 174 | - public function info(string $message, array $context = []) { |
|
| 175 | - $this->log(ILogger::INFO, $message, $context); |
|
| 176 | - } |
|
| 177 | - |
|
| 178 | - /** |
|
| 179 | - * Detailed debug information. |
|
| 180 | - * |
|
| 181 | - * @param string $message |
|
| 182 | - * @param array $context |
|
| 183 | - * @return void |
|
| 184 | - */ |
|
| 185 | - public function debug(string $message, array $context = []) { |
|
| 186 | - $this->log(ILogger::DEBUG, $message, $context); |
|
| 187 | - } |
|
| 188 | - |
|
| 189 | - |
|
| 190 | - /** |
|
| 191 | - * Logs with an arbitrary level. |
|
| 192 | - * |
|
| 193 | - * @param int $level |
|
| 194 | - * @param string $message |
|
| 195 | - * @param array $context |
|
| 196 | - * @return void |
|
| 197 | - */ |
|
| 198 | - public function log(int $level, string $message, array $context = []) { |
|
| 199 | - $minLevel = $this->getLogLevel($context); |
|
| 200 | - |
|
| 201 | - array_walk($context, [$this->normalizer, 'format']); |
|
| 202 | - |
|
| 203 | - $app = $context['app'] ?? 'no app in context'; |
|
| 204 | - $entry = $this->interpolateMessage($context, $message); |
|
| 205 | - |
|
| 206 | - try { |
|
| 207 | - if ($level >= $minLevel) { |
|
| 208 | - $this->writeLog($app, $entry, $level); |
|
| 209 | - |
|
| 210 | - if ($this->crashReporters !== null) { |
|
| 211 | - $messageContext = array_merge( |
|
| 212 | - $context, |
|
| 213 | - [ |
|
| 214 | - 'level' => $level |
|
| 215 | - ] |
|
| 216 | - ); |
|
| 217 | - $this->crashReporters->delegateMessage($entry['message'], $messageContext); |
|
| 218 | - } |
|
| 219 | - } else { |
|
| 220 | - if ($this->crashReporters !== null) { |
|
| 221 | - $this->crashReporters->delegateBreadcrumb($entry['message'], 'log', $context); |
|
| 222 | - } |
|
| 223 | - } |
|
| 224 | - } catch (Throwable $e) { |
|
| 225 | - // make sure we dont hard crash if logging fails |
|
| 226 | - } |
|
| 227 | - } |
|
| 228 | - |
|
| 229 | - public function getLogLevel($context) { |
|
| 230 | - $logCondition = $this->config->getValue('log.condition', []); |
|
| 231 | - |
|
| 232 | - /** |
|
| 233 | - * check for a special log condition - this enables an increased log on |
|
| 234 | - * a per request/user base |
|
| 235 | - */ |
|
| 236 | - if ($this->logConditionSatisfied === null) { |
|
| 237 | - // default to false to just process this once per request |
|
| 238 | - $this->logConditionSatisfied = false; |
|
| 239 | - if (!empty($logCondition)) { |
|
| 240 | - // check for secret token in the request |
|
| 241 | - if (isset($logCondition['shared_secret'])) { |
|
| 242 | - $request = \OC::$server->getRequest(); |
|
| 243 | - |
|
| 244 | - if ($request->getMethod() === 'PUT' && |
|
| 245 | - !str_contains($request->getHeader('Content-Type'), 'application/x-www-form-urlencoded') && |
|
| 246 | - !str_contains($request->getHeader('Content-Type'), 'application/json')) { |
|
| 247 | - $logSecretRequest = ''; |
|
| 248 | - } else { |
|
| 249 | - $logSecretRequest = $request->getParam('log_secret', ''); |
|
| 250 | - } |
|
| 251 | - |
|
| 252 | - // if token is found in the request change set the log condition to satisfied |
|
| 253 | - if ($request && hash_equals($logCondition['shared_secret'], $logSecretRequest)) { |
|
| 254 | - $this->logConditionSatisfied = true; |
|
| 255 | - } |
|
| 256 | - } |
|
| 257 | - |
|
| 258 | - // check for user |
|
| 259 | - if (isset($logCondition['users'])) { |
|
| 260 | - $user = \OC::$server->getUserSession()->getUser(); |
|
| 261 | - |
|
| 262 | - // if the user matches set the log condition to satisfied |
|
| 263 | - if ($user !== null && in_array($user->getUID(), $logCondition['users'], true)) { |
|
| 264 | - $this->logConditionSatisfied = true; |
|
| 265 | - } |
|
| 266 | - } |
|
| 267 | - } |
|
| 268 | - } |
|
| 269 | - |
|
| 270 | - // if log condition is satisfied change the required log level to DEBUG |
|
| 271 | - if ($this->logConditionSatisfied) { |
|
| 272 | - return ILogger::DEBUG; |
|
| 273 | - } |
|
| 274 | - |
|
| 275 | - if (isset($context['app'])) { |
|
| 276 | - $app = $context['app']; |
|
| 277 | - |
|
| 278 | - /** |
|
| 279 | - * check log condition based on the context of each log message |
|
| 280 | - * once this is met -> change the required log level to debug |
|
| 281 | - */ |
|
| 282 | - if (!empty($logCondition) |
|
| 283 | - && isset($logCondition['apps']) |
|
| 284 | - && in_array($app, $logCondition['apps'], true)) { |
|
| 285 | - return ILogger::DEBUG; |
|
| 286 | - } |
|
| 287 | - } |
|
| 288 | - |
|
| 289 | - return min($this->config->getValue('loglevel', ILogger::WARN), ILogger::FATAL); |
|
| 290 | - } |
|
| 291 | - |
|
| 292 | - /** |
|
| 293 | - * Logs an exception very detailed |
|
| 294 | - * |
|
| 295 | - * @param Exception|Throwable $exception |
|
| 296 | - * @param array $context |
|
| 297 | - * @return void |
|
| 298 | - * @since 8.2.0 |
|
| 299 | - */ |
|
| 300 | - public function logException(Throwable $exception, array $context = []) { |
|
| 301 | - $app = $context['app'] ?? 'no app in context'; |
|
| 302 | - $level = $context['level'] ?? ILogger::ERROR; |
|
| 303 | - |
|
| 304 | - $minLevel = $this->getLogLevel($context); |
|
| 305 | - if ($level < $minLevel && ($this->crashReporters === null || !$this->crashReporters->hasReporters())) { |
|
| 306 | - return; |
|
| 307 | - } |
|
| 308 | - |
|
| 309 | - // if an error is raised before the autoloader is properly setup, we can't serialize exceptions |
|
| 310 | - try { |
|
| 311 | - $serializer = $this->getSerializer(); |
|
| 312 | - } catch (Throwable $e) { |
|
| 313 | - $this->error("Failed to load ExceptionSerializer serializer while trying to log " . $exception->getMessage()); |
|
| 314 | - return; |
|
| 315 | - } |
|
| 316 | - $data = $context; |
|
| 317 | - unset($data['app']); |
|
| 318 | - unset($data['level']); |
|
| 319 | - $data = array_merge($serializer->serializeException($exception), $data); |
|
| 320 | - $data = $this->interpolateMessage($data, $context['message'] ?? '--', 'CustomMessage'); |
|
| 321 | - |
|
| 322 | - |
|
| 323 | - array_walk($context, [$this->normalizer, 'format']); |
|
| 324 | - |
|
| 325 | - try { |
|
| 326 | - if ($level >= $minLevel) { |
|
| 327 | - if (!$this->logger instanceof IFileBased) { |
|
| 328 | - $data = json_encode($data, JSON_PARTIAL_OUTPUT_ON_ERROR | JSON_UNESCAPED_SLASHES); |
|
| 329 | - } |
|
| 330 | - $this->writeLog($app, $data, $level); |
|
| 331 | - } |
|
| 332 | - |
|
| 333 | - $context['level'] = $level; |
|
| 334 | - if (!is_null($this->crashReporters)) { |
|
| 335 | - $this->crashReporters->delegateReport($exception, $context); |
|
| 336 | - } |
|
| 337 | - } catch (Throwable $e) { |
|
| 338 | - // make sure we dont hard crash if logging fails |
|
| 339 | - } |
|
| 340 | - } |
|
| 341 | - |
|
| 342 | - public function logData(string $message, array $data, array $context = []): void { |
|
| 343 | - $app = $context['app'] ?? 'no app in context'; |
|
| 344 | - $level = $context['level'] ?? ILogger::ERROR; |
|
| 345 | - |
|
| 346 | - $minLevel = $this->getLogLevel($context); |
|
| 347 | - |
|
| 348 | - array_walk($context, [$this->normalizer, 'format']); |
|
| 349 | - |
|
| 350 | - try { |
|
| 351 | - if ($level >= $minLevel) { |
|
| 352 | - $data['message'] = $message; |
|
| 353 | - if (!$this->logger instanceof IFileBased) { |
|
| 354 | - $data = json_encode($data, JSON_PARTIAL_OUTPUT_ON_ERROR | JSON_UNESCAPED_SLASHES); |
|
| 355 | - } |
|
| 356 | - $this->writeLog($app, $data, $level); |
|
| 357 | - } |
|
| 358 | - |
|
| 359 | - $context['level'] = $level; |
|
| 360 | - } catch (Throwable $e) { |
|
| 361 | - // make sure we dont hard crash if logging fails |
|
| 362 | - error_log('Error when trying to log exception: ' . $e->getMessage() . ' ' . $e->getTraceAsString()); |
|
| 363 | - } |
|
| 364 | - } |
|
| 365 | - |
|
| 366 | - /** |
|
| 367 | - * @param string $app |
|
| 368 | - * @param string|array $entry |
|
| 369 | - * @param int $level |
|
| 370 | - */ |
|
| 371 | - protected function writeLog(string $app, $entry, int $level) { |
|
| 372 | - $this->logger->write($app, $entry, $level); |
|
| 373 | - } |
|
| 374 | - |
|
| 375 | - public function getLogPath():string { |
|
| 376 | - if ($this->logger instanceof IFileBased) { |
|
| 377 | - return $this->logger->getLogFilePath(); |
|
| 378 | - } |
|
| 379 | - throw new \RuntimeException('Log implementation has no path'); |
|
| 380 | - } |
|
| 381 | - |
|
| 382 | - /** |
|
| 383 | - * Interpolate $message as defined in PSR-3 |
|
| 384 | - * |
|
| 385 | - * Returns an array containing the context without the interpolated |
|
| 386 | - * parameters placeholders and the message as the 'message' - or |
|
| 387 | - * user-defined - key. |
|
| 388 | - */ |
|
| 389 | - private function interpolateMessage(array $context, string $message, string $messageKey = 'message'): array { |
|
| 390 | - $replace = []; |
|
| 391 | - $usedContextKeys = []; |
|
| 392 | - foreach ($context as $key => $val) { |
|
| 393 | - $fullKey = '{' . $key . '}'; |
|
| 394 | - $replace[$fullKey] = $val; |
|
| 395 | - if (str_contains($message, $fullKey)) { |
|
| 396 | - $usedContextKeys[$key] = true; |
|
| 397 | - } |
|
| 398 | - } |
|
| 399 | - return array_merge(array_diff_key($context, $usedContextKeys), [$messageKey => strtr($message, $replace)]); |
|
| 400 | - } |
|
| 401 | - |
|
| 402 | - /** |
|
| 403 | - * @throws Throwable |
|
| 404 | - */ |
|
| 405 | - protected function getSerializer(): ExceptionSerializer { |
|
| 406 | - $serializer = new ExceptionSerializer($this->config); |
|
| 407 | - try { |
|
| 408 | - /** @var Coordinator $coordinator */ |
|
| 409 | - $coordinator = \OCP\Server::get(Coordinator::class); |
|
| 410 | - foreach ($coordinator->getRegistrationContext()->getSensitiveMethods() as $registration) { |
|
| 411 | - $serializer->enlistSensitiveMethods($registration->getName(), $registration->getValue()); |
|
| 412 | - } |
|
| 413 | - // For not every app might be initialized at this time, we cannot assume that the return value |
|
| 414 | - // of getSensitiveMethods() is complete. Running delegates in Coordinator::registerApps() is |
|
| 415 | - // not possible due to dependencies on the one hand. On the other it would work only with |
|
| 416 | - // adding public methods to the PsrLoggerAdapter and this class. |
|
| 417 | - // Thus, serializer cannot be a property. |
|
| 418 | - } catch (Throwable $t) { |
|
| 419 | - // ignore app-defined sensitive methods in this case - they weren't loaded anyway |
|
| 420 | - } |
|
| 421 | - return $serializer; |
|
| 422 | - } |
|
| 62 | + private IWriter $logger; |
|
| 63 | + private ?SystemConfig $config; |
|
| 64 | + private ?bool $logConditionSatisfied = null; |
|
| 65 | + private ?Normalizer $normalizer; |
|
| 66 | + private ?IRegistry $crashReporters; |
|
| 67 | + |
|
| 68 | + /** |
|
| 69 | + * @param IWriter $logger The logger that should be used |
|
| 70 | + * @param SystemConfig $config the system config object |
|
| 71 | + * @param Normalizer|null $normalizer |
|
| 72 | + * @param IRegistry|null $registry |
|
| 73 | + */ |
|
| 74 | + public function __construct(IWriter $logger, SystemConfig $config = null, Normalizer $normalizer = null, IRegistry $registry = null) { |
|
| 75 | + // FIXME: Add this for backwards compatibility, should be fixed at some point probably |
|
| 76 | + if ($config === null) { |
|
| 77 | + $config = \OC::$server->getSystemConfig(); |
|
| 78 | + } |
|
| 79 | + |
|
| 80 | + $this->config = $config; |
|
| 81 | + $this->logger = $logger; |
|
| 82 | + if ($normalizer === null) { |
|
| 83 | + $this->normalizer = new Normalizer(); |
|
| 84 | + } else { |
|
| 85 | + $this->normalizer = $normalizer; |
|
| 86 | + } |
|
| 87 | + $this->crashReporters = $registry; |
|
| 88 | + } |
|
| 89 | + |
|
| 90 | + /** |
|
| 91 | + * System is unusable. |
|
| 92 | + * |
|
| 93 | + * @param string $message |
|
| 94 | + * @param array $context |
|
| 95 | + * @return void |
|
| 96 | + */ |
|
| 97 | + public function emergency(string $message, array $context = []) { |
|
| 98 | + $this->log(ILogger::FATAL, $message, $context); |
|
| 99 | + } |
|
| 100 | + |
|
| 101 | + /** |
|
| 102 | + * Action must be taken immediately. |
|
| 103 | + * |
|
| 104 | + * Example: Entire website down, database unavailable, etc. This should |
|
| 105 | + * trigger the SMS alerts and wake you up. |
|
| 106 | + * |
|
| 107 | + * @param string $message |
|
| 108 | + * @param array $context |
|
| 109 | + * @return void |
|
| 110 | + */ |
|
| 111 | + public function alert(string $message, array $context = []) { |
|
| 112 | + $this->log(ILogger::ERROR, $message, $context); |
|
| 113 | + } |
|
| 114 | + |
|
| 115 | + /** |
|
| 116 | + * Critical conditions. |
|
| 117 | + * |
|
| 118 | + * Example: Application component unavailable, unexpected exception. |
|
| 119 | + * |
|
| 120 | + * @param string $message |
|
| 121 | + * @param array $context |
|
| 122 | + * @return void |
|
| 123 | + */ |
|
| 124 | + public function critical(string $message, array $context = []) { |
|
| 125 | + $this->log(ILogger::ERROR, $message, $context); |
|
| 126 | + } |
|
| 127 | + |
|
| 128 | + /** |
|
| 129 | + * Runtime errors that do not require immediate action but should typically |
|
| 130 | + * be logged and monitored. |
|
| 131 | + * |
|
| 132 | + * @param string $message |
|
| 133 | + * @param array $context |
|
| 134 | + * @return void |
|
| 135 | + */ |
|
| 136 | + public function error(string $message, array $context = []) { |
|
| 137 | + $this->log(ILogger::ERROR, $message, $context); |
|
| 138 | + } |
|
| 139 | + |
|
| 140 | + /** |
|
| 141 | + * Exceptional occurrences that are not errors. |
|
| 142 | + * |
|
| 143 | + * Example: Use of deprecated APIs, poor use of an API, undesirable things |
|
| 144 | + * that are not necessarily wrong. |
|
| 145 | + * |
|
| 146 | + * @param string $message |
|
| 147 | + * @param array $context |
|
| 148 | + * @return void |
|
| 149 | + */ |
|
| 150 | + public function warning(string $message, array $context = []) { |
|
| 151 | + $this->log(ILogger::WARN, $message, $context); |
|
| 152 | + } |
|
| 153 | + |
|
| 154 | + /** |
|
| 155 | + * Normal but significant events. |
|
| 156 | + * |
|
| 157 | + * @param string $message |
|
| 158 | + * @param array $context |
|
| 159 | + * @return void |
|
| 160 | + */ |
|
| 161 | + public function notice(string $message, array $context = []) { |
|
| 162 | + $this->log(ILogger::INFO, $message, $context); |
|
| 163 | + } |
|
| 164 | + |
|
| 165 | + /** |
|
| 166 | + * Interesting events. |
|
| 167 | + * |
|
| 168 | + * Example: User logs in, SQL logs. |
|
| 169 | + * |
|
| 170 | + * @param string $message |
|
| 171 | + * @param array $context |
|
| 172 | + * @return void |
|
| 173 | + */ |
|
| 174 | + public function info(string $message, array $context = []) { |
|
| 175 | + $this->log(ILogger::INFO, $message, $context); |
|
| 176 | + } |
|
| 177 | + |
|
| 178 | + /** |
|
| 179 | + * Detailed debug information. |
|
| 180 | + * |
|
| 181 | + * @param string $message |
|
| 182 | + * @param array $context |
|
| 183 | + * @return void |
|
| 184 | + */ |
|
| 185 | + public function debug(string $message, array $context = []) { |
|
| 186 | + $this->log(ILogger::DEBUG, $message, $context); |
|
| 187 | + } |
|
| 188 | + |
|
| 189 | + |
|
| 190 | + /** |
|
| 191 | + * Logs with an arbitrary level. |
|
| 192 | + * |
|
| 193 | + * @param int $level |
|
| 194 | + * @param string $message |
|
| 195 | + * @param array $context |
|
| 196 | + * @return void |
|
| 197 | + */ |
|
| 198 | + public function log(int $level, string $message, array $context = []) { |
|
| 199 | + $minLevel = $this->getLogLevel($context); |
|
| 200 | + |
|
| 201 | + array_walk($context, [$this->normalizer, 'format']); |
|
| 202 | + |
|
| 203 | + $app = $context['app'] ?? 'no app in context'; |
|
| 204 | + $entry = $this->interpolateMessage($context, $message); |
|
| 205 | + |
|
| 206 | + try { |
|
| 207 | + if ($level >= $minLevel) { |
|
| 208 | + $this->writeLog($app, $entry, $level); |
|
| 209 | + |
|
| 210 | + if ($this->crashReporters !== null) { |
|
| 211 | + $messageContext = array_merge( |
|
| 212 | + $context, |
|
| 213 | + [ |
|
| 214 | + 'level' => $level |
|
| 215 | + ] |
|
| 216 | + ); |
|
| 217 | + $this->crashReporters->delegateMessage($entry['message'], $messageContext); |
|
| 218 | + } |
|
| 219 | + } else { |
|
| 220 | + if ($this->crashReporters !== null) { |
|
| 221 | + $this->crashReporters->delegateBreadcrumb($entry['message'], 'log', $context); |
|
| 222 | + } |
|
| 223 | + } |
|
| 224 | + } catch (Throwable $e) { |
|
| 225 | + // make sure we dont hard crash if logging fails |
|
| 226 | + } |
|
| 227 | + } |
|
| 228 | + |
|
| 229 | + public function getLogLevel($context) { |
|
| 230 | + $logCondition = $this->config->getValue('log.condition', []); |
|
| 231 | + |
|
| 232 | + /** |
|
| 233 | + * check for a special log condition - this enables an increased log on |
|
| 234 | + * a per request/user base |
|
| 235 | + */ |
|
| 236 | + if ($this->logConditionSatisfied === null) { |
|
| 237 | + // default to false to just process this once per request |
|
| 238 | + $this->logConditionSatisfied = false; |
|
| 239 | + if (!empty($logCondition)) { |
|
| 240 | + // check for secret token in the request |
|
| 241 | + if (isset($logCondition['shared_secret'])) { |
|
| 242 | + $request = \OC::$server->getRequest(); |
|
| 243 | + |
|
| 244 | + if ($request->getMethod() === 'PUT' && |
|
| 245 | + !str_contains($request->getHeader('Content-Type'), 'application/x-www-form-urlencoded') && |
|
| 246 | + !str_contains($request->getHeader('Content-Type'), 'application/json')) { |
|
| 247 | + $logSecretRequest = ''; |
|
| 248 | + } else { |
|
| 249 | + $logSecretRequest = $request->getParam('log_secret', ''); |
|
| 250 | + } |
|
| 251 | + |
|
| 252 | + // if token is found in the request change set the log condition to satisfied |
|
| 253 | + if ($request && hash_equals($logCondition['shared_secret'], $logSecretRequest)) { |
|
| 254 | + $this->logConditionSatisfied = true; |
|
| 255 | + } |
|
| 256 | + } |
|
| 257 | + |
|
| 258 | + // check for user |
|
| 259 | + if (isset($logCondition['users'])) { |
|
| 260 | + $user = \OC::$server->getUserSession()->getUser(); |
|
| 261 | + |
|
| 262 | + // if the user matches set the log condition to satisfied |
|
| 263 | + if ($user !== null && in_array($user->getUID(), $logCondition['users'], true)) { |
|
| 264 | + $this->logConditionSatisfied = true; |
|
| 265 | + } |
|
| 266 | + } |
|
| 267 | + } |
|
| 268 | + } |
|
| 269 | + |
|
| 270 | + // if log condition is satisfied change the required log level to DEBUG |
|
| 271 | + if ($this->logConditionSatisfied) { |
|
| 272 | + return ILogger::DEBUG; |
|
| 273 | + } |
|
| 274 | + |
|
| 275 | + if (isset($context['app'])) { |
|
| 276 | + $app = $context['app']; |
|
| 277 | + |
|
| 278 | + /** |
|
| 279 | + * check log condition based on the context of each log message |
|
| 280 | + * once this is met -> change the required log level to debug |
|
| 281 | + */ |
|
| 282 | + if (!empty($logCondition) |
|
| 283 | + && isset($logCondition['apps']) |
|
| 284 | + && in_array($app, $logCondition['apps'], true)) { |
|
| 285 | + return ILogger::DEBUG; |
|
| 286 | + } |
|
| 287 | + } |
|
| 288 | + |
|
| 289 | + return min($this->config->getValue('loglevel', ILogger::WARN), ILogger::FATAL); |
|
| 290 | + } |
|
| 291 | + |
|
| 292 | + /** |
|
| 293 | + * Logs an exception very detailed |
|
| 294 | + * |
|
| 295 | + * @param Exception|Throwable $exception |
|
| 296 | + * @param array $context |
|
| 297 | + * @return void |
|
| 298 | + * @since 8.2.0 |
|
| 299 | + */ |
|
| 300 | + public function logException(Throwable $exception, array $context = []) { |
|
| 301 | + $app = $context['app'] ?? 'no app in context'; |
|
| 302 | + $level = $context['level'] ?? ILogger::ERROR; |
|
| 303 | + |
|
| 304 | + $minLevel = $this->getLogLevel($context); |
|
| 305 | + if ($level < $minLevel && ($this->crashReporters === null || !$this->crashReporters->hasReporters())) { |
|
| 306 | + return; |
|
| 307 | + } |
|
| 308 | + |
|
| 309 | + // if an error is raised before the autoloader is properly setup, we can't serialize exceptions |
|
| 310 | + try { |
|
| 311 | + $serializer = $this->getSerializer(); |
|
| 312 | + } catch (Throwable $e) { |
|
| 313 | + $this->error("Failed to load ExceptionSerializer serializer while trying to log " . $exception->getMessage()); |
|
| 314 | + return; |
|
| 315 | + } |
|
| 316 | + $data = $context; |
|
| 317 | + unset($data['app']); |
|
| 318 | + unset($data['level']); |
|
| 319 | + $data = array_merge($serializer->serializeException($exception), $data); |
|
| 320 | + $data = $this->interpolateMessage($data, $context['message'] ?? '--', 'CustomMessage'); |
|
| 321 | + |
|
| 322 | + |
|
| 323 | + array_walk($context, [$this->normalizer, 'format']); |
|
| 324 | + |
|
| 325 | + try { |
|
| 326 | + if ($level >= $minLevel) { |
|
| 327 | + if (!$this->logger instanceof IFileBased) { |
|
| 328 | + $data = json_encode($data, JSON_PARTIAL_OUTPUT_ON_ERROR | JSON_UNESCAPED_SLASHES); |
|
| 329 | + } |
|
| 330 | + $this->writeLog($app, $data, $level); |
|
| 331 | + } |
|
| 332 | + |
|
| 333 | + $context['level'] = $level; |
|
| 334 | + if (!is_null($this->crashReporters)) { |
|
| 335 | + $this->crashReporters->delegateReport($exception, $context); |
|
| 336 | + } |
|
| 337 | + } catch (Throwable $e) { |
|
| 338 | + // make sure we dont hard crash if logging fails |
|
| 339 | + } |
|
| 340 | + } |
|
| 341 | + |
|
| 342 | + public function logData(string $message, array $data, array $context = []): void { |
|
| 343 | + $app = $context['app'] ?? 'no app in context'; |
|
| 344 | + $level = $context['level'] ?? ILogger::ERROR; |
|
| 345 | + |
|
| 346 | + $minLevel = $this->getLogLevel($context); |
|
| 347 | + |
|
| 348 | + array_walk($context, [$this->normalizer, 'format']); |
|
| 349 | + |
|
| 350 | + try { |
|
| 351 | + if ($level >= $minLevel) { |
|
| 352 | + $data['message'] = $message; |
|
| 353 | + if (!$this->logger instanceof IFileBased) { |
|
| 354 | + $data = json_encode($data, JSON_PARTIAL_OUTPUT_ON_ERROR | JSON_UNESCAPED_SLASHES); |
|
| 355 | + } |
|
| 356 | + $this->writeLog($app, $data, $level); |
|
| 357 | + } |
|
| 358 | + |
|
| 359 | + $context['level'] = $level; |
|
| 360 | + } catch (Throwable $e) { |
|
| 361 | + // make sure we dont hard crash if logging fails |
|
| 362 | + error_log('Error when trying to log exception: ' . $e->getMessage() . ' ' . $e->getTraceAsString()); |
|
| 363 | + } |
|
| 364 | + } |
|
| 365 | + |
|
| 366 | + /** |
|
| 367 | + * @param string $app |
|
| 368 | + * @param string|array $entry |
|
| 369 | + * @param int $level |
|
| 370 | + */ |
|
| 371 | + protected function writeLog(string $app, $entry, int $level) { |
|
| 372 | + $this->logger->write($app, $entry, $level); |
|
| 373 | + } |
|
| 374 | + |
|
| 375 | + public function getLogPath():string { |
|
| 376 | + if ($this->logger instanceof IFileBased) { |
|
| 377 | + return $this->logger->getLogFilePath(); |
|
| 378 | + } |
|
| 379 | + throw new \RuntimeException('Log implementation has no path'); |
|
| 380 | + } |
|
| 381 | + |
|
| 382 | + /** |
|
| 383 | + * Interpolate $message as defined in PSR-3 |
|
| 384 | + * |
|
| 385 | + * Returns an array containing the context without the interpolated |
|
| 386 | + * parameters placeholders and the message as the 'message' - or |
|
| 387 | + * user-defined - key. |
|
| 388 | + */ |
|
| 389 | + private function interpolateMessage(array $context, string $message, string $messageKey = 'message'): array { |
|
| 390 | + $replace = []; |
|
| 391 | + $usedContextKeys = []; |
|
| 392 | + foreach ($context as $key => $val) { |
|
| 393 | + $fullKey = '{' . $key . '}'; |
|
| 394 | + $replace[$fullKey] = $val; |
|
| 395 | + if (str_contains($message, $fullKey)) { |
|
| 396 | + $usedContextKeys[$key] = true; |
|
| 397 | + } |
|
| 398 | + } |
|
| 399 | + return array_merge(array_diff_key($context, $usedContextKeys), [$messageKey => strtr($message, $replace)]); |
|
| 400 | + } |
|
| 401 | + |
|
| 402 | + /** |
|
| 403 | + * @throws Throwable |
|
| 404 | + */ |
|
| 405 | + protected function getSerializer(): ExceptionSerializer { |
|
| 406 | + $serializer = new ExceptionSerializer($this->config); |
|
| 407 | + try { |
|
| 408 | + /** @var Coordinator $coordinator */ |
|
| 409 | + $coordinator = \OCP\Server::get(Coordinator::class); |
|
| 410 | + foreach ($coordinator->getRegistrationContext()->getSensitiveMethods() as $registration) { |
|
| 411 | + $serializer->enlistSensitiveMethods($registration->getName(), $registration->getValue()); |
|
| 412 | + } |
|
| 413 | + // For not every app might be initialized at this time, we cannot assume that the return value |
|
| 414 | + // of getSensitiveMethods() is complete. Running delegates in Coordinator::registerApps() is |
|
| 415 | + // not possible due to dependencies on the one hand. On the other it would work only with |
|
| 416 | + // adding public methods to the PsrLoggerAdapter and this class. |
|
| 417 | + // Thus, serializer cannot be a property. |
|
| 418 | + } catch (Throwable $t) { |
|
| 419 | + // ignore app-defined sensitive methods in this case - they weren't loaded anyway |
|
| 420 | + } |
|
| 421 | + return $serializer; |
|
| 422 | + } |
|
| 423 | 423 | } |
@@ -310,7 +310,7 @@ discard block |
||
| 310 | 310 | try { |
| 311 | 311 | $serializer = $this->getSerializer(); |
| 312 | 312 | } catch (Throwable $e) { |
| 313 | - $this->error("Failed to load ExceptionSerializer serializer while trying to log " . $exception->getMessage()); |
|
| 313 | + $this->error("Failed to load ExceptionSerializer serializer while trying to log ".$exception->getMessage()); |
|
| 314 | 314 | return; |
| 315 | 315 | } |
| 316 | 316 | $data = $context; |
@@ -359,7 +359,7 @@ discard block |
||
| 359 | 359 | $context['level'] = $level; |
| 360 | 360 | } catch (Throwable $e) { |
| 361 | 361 | // make sure we dont hard crash if logging fails |
| 362 | - error_log('Error when trying to log exception: ' . $e->getMessage() . ' ' . $e->getTraceAsString()); |
|
| 362 | + error_log('Error when trying to log exception: '.$e->getMessage().' '.$e->getTraceAsString()); |
|
| 363 | 363 | } |
| 364 | 364 | } |
| 365 | 365 | |
@@ -390,7 +390,7 @@ discard block |
||
| 390 | 390 | $replace = []; |
| 391 | 391 | $usedContextKeys = []; |
| 392 | 392 | foreach ($context as $key => $val) { |
| 393 | - $fullKey = '{' . $key . '}'; |
|
| 393 | + $fullKey = '{'.$key.'}'; |
|
| 394 | 394 | $replace[$fullKey] = $val; |
| 395 | 395 | if (str_contains($message, $fullKey)) { |
| 396 | 396 | $usedContextKeys[$key] = true; |
@@ -42,268 +42,268 @@ |
||
| 42 | 42 | use OCP\HintException; |
| 43 | 43 | |
| 44 | 44 | class ExceptionSerializer { |
| 45 | - public const SENSITIVE_VALUE_PLACEHOLDER = '*** sensitive parameters replaced ***'; |
|
| 46 | - |
|
| 47 | - public const methodsWithSensitiveParameters = [ |
|
| 48 | - // Session/User |
|
| 49 | - 'completeLogin', |
|
| 50 | - 'login', |
|
| 51 | - 'checkPassword', |
|
| 52 | - 'checkPasswordNoLogging', |
|
| 53 | - 'loginWithPassword', |
|
| 54 | - 'updatePrivateKeyPassword', |
|
| 55 | - 'validateUserPass', |
|
| 56 | - 'loginWithToken', |
|
| 57 | - '{closure}', |
|
| 58 | - 'createSessionToken', |
|
| 59 | - |
|
| 60 | - // Provisioning |
|
| 61 | - 'addUser', |
|
| 62 | - |
|
| 63 | - // TokenProvider |
|
| 64 | - 'getToken', |
|
| 65 | - 'isTokenPassword', |
|
| 66 | - 'getPassword', |
|
| 67 | - 'decryptPassword', |
|
| 68 | - 'logClientIn', |
|
| 69 | - 'generateToken', |
|
| 70 | - 'validateToken', |
|
| 71 | - |
|
| 72 | - // TwoFactorAuth |
|
| 73 | - 'solveChallenge', |
|
| 74 | - 'verifyChallenge', |
|
| 75 | - |
|
| 76 | - // ICrypto |
|
| 77 | - 'calculateHMAC', |
|
| 78 | - 'encrypt', |
|
| 79 | - 'decrypt', |
|
| 80 | - |
|
| 81 | - // LoginController |
|
| 82 | - 'tryLogin', |
|
| 83 | - 'confirmPassword', |
|
| 84 | - |
|
| 85 | - // LDAP |
|
| 86 | - 'bind', |
|
| 87 | - 'areCredentialsValid', |
|
| 88 | - 'invokeLDAPMethod', |
|
| 89 | - |
|
| 90 | - // Encryption |
|
| 91 | - 'storeKeyPair', |
|
| 92 | - 'setupUser', |
|
| 93 | - 'checkSignature', |
|
| 94 | - |
|
| 95 | - // files_external: OCA\Files_External\MountConfig |
|
| 96 | - 'getBackendStatus', |
|
| 97 | - |
|
| 98 | - // files_external: UserStoragesController |
|
| 99 | - 'update', |
|
| 100 | - |
|
| 101 | - // Preview providers, don't log big data strings |
|
| 102 | - 'imagecreatefromstring', |
|
| 103 | - |
|
| 104 | - // text: PublicSessionController, SessionController and ApiService |
|
| 105 | - 'create', |
|
| 106 | - 'close', |
|
| 107 | - 'push', |
|
| 108 | - 'sync', |
|
| 109 | - 'updateSession', |
|
| 110 | - 'mention', |
|
| 111 | - 'loginSessionUser', |
|
| 112 | - |
|
| 113 | - ]; |
|
| 114 | - |
|
| 115 | - /** @var SystemConfig */ |
|
| 116 | - private $systemConfig; |
|
| 117 | - |
|
| 118 | - public function __construct(SystemConfig $systemConfig) { |
|
| 119 | - $this->systemConfig = $systemConfig; |
|
| 120 | - } |
|
| 121 | - |
|
| 122 | - protected array $methodsWithSensitiveParametersByClass = [ |
|
| 123 | - SetupController::class => [ |
|
| 124 | - 'run', |
|
| 125 | - 'display', |
|
| 126 | - 'loadAutoConfig', |
|
| 127 | - ], |
|
| 128 | - Setup::class => [ |
|
| 129 | - 'install' |
|
| 130 | - ], |
|
| 131 | - Key::class => [ |
|
| 132 | - '__construct' |
|
| 133 | - ], |
|
| 134 | - \Redis::class => [ |
|
| 135 | - 'auth' |
|
| 136 | - ], |
|
| 137 | - \RedisCluster::class => [ |
|
| 138 | - '__construct' |
|
| 139 | - ], |
|
| 140 | - Crypt::class => [ |
|
| 141 | - 'symmetricEncryptFileContent', |
|
| 142 | - 'encrypt', |
|
| 143 | - 'generatePasswordHash', |
|
| 144 | - 'encryptPrivateKey', |
|
| 145 | - 'decryptPrivateKey', |
|
| 146 | - 'isValidPrivateKey', |
|
| 147 | - 'symmetricDecryptFileContent', |
|
| 148 | - 'checkSignature', |
|
| 149 | - 'createSignature', |
|
| 150 | - 'decrypt', |
|
| 151 | - 'multiKeyDecrypt', |
|
| 152 | - 'multiKeyEncrypt', |
|
| 153 | - ], |
|
| 154 | - RecoveryController::class => [ |
|
| 155 | - 'adminRecovery', |
|
| 156 | - 'changeRecoveryPassword' |
|
| 157 | - ], |
|
| 158 | - SettingsController::class => [ |
|
| 159 | - 'updatePrivateKeyPassword', |
|
| 160 | - ], |
|
| 161 | - Encryption::class => [ |
|
| 162 | - 'encrypt', |
|
| 163 | - 'decrypt', |
|
| 164 | - ], |
|
| 165 | - KeyManager::class => [ |
|
| 166 | - 'checkRecoveryPassword', |
|
| 167 | - 'storeKeyPair', |
|
| 168 | - 'setRecoveryKey', |
|
| 169 | - 'setPrivateKey', |
|
| 170 | - 'setFileKey', |
|
| 171 | - 'setAllFileKeys', |
|
| 172 | - ], |
|
| 173 | - Session::class => [ |
|
| 174 | - 'setPrivateKey', |
|
| 175 | - 'prepareDecryptAll', |
|
| 176 | - ], |
|
| 177 | - \OCA\Encryption\Users\Setup::class => [ |
|
| 178 | - 'setupUser', |
|
| 179 | - ], |
|
| 180 | - UserHooks::class => [ |
|
| 181 | - 'login', |
|
| 182 | - 'postCreateUser', |
|
| 183 | - 'postDeleteUser', |
|
| 184 | - 'prePasswordReset', |
|
| 185 | - 'postPasswordReset', |
|
| 186 | - 'preSetPassphrase', |
|
| 187 | - 'setPassphrase', |
|
| 188 | - ], |
|
| 189 | - ]; |
|
| 190 | - |
|
| 191 | - private function editTrace(array &$sensitiveValues, array $traceLine): array { |
|
| 192 | - if (isset($traceLine['args'])) { |
|
| 193 | - $sensitiveValues = array_merge($sensitiveValues, $traceLine['args']); |
|
| 194 | - } |
|
| 195 | - $traceLine['args'] = [self::SENSITIVE_VALUE_PLACEHOLDER]; |
|
| 196 | - return $traceLine; |
|
| 197 | - } |
|
| 198 | - |
|
| 199 | - private function filterTrace(array $trace) { |
|
| 200 | - $sensitiveValues = []; |
|
| 201 | - $trace = array_map(function (array $traceLine) use (&$sensitiveValues) { |
|
| 202 | - $className = $traceLine['class'] ?? ''; |
|
| 203 | - if ($className && isset($this->methodsWithSensitiveParametersByClass[$className]) |
|
| 204 | - && in_array($traceLine['function'], $this->methodsWithSensitiveParametersByClass[$className], true)) { |
|
| 205 | - return $this->editTrace($sensitiveValues, $traceLine); |
|
| 206 | - } |
|
| 207 | - foreach (self::methodsWithSensitiveParameters as $sensitiveMethod) { |
|
| 208 | - if (str_contains($traceLine['function'], $sensitiveMethod)) { |
|
| 209 | - return $this->editTrace($sensitiveValues, $traceLine); |
|
| 210 | - } |
|
| 211 | - } |
|
| 212 | - return $traceLine; |
|
| 213 | - }, $trace); |
|
| 214 | - return array_map(function (array $traceLine) use ($sensitiveValues) { |
|
| 215 | - if (isset($traceLine['args'])) { |
|
| 216 | - $traceLine['args'] = $this->removeValuesFromArgs($traceLine['args'], $sensitiveValues); |
|
| 217 | - } |
|
| 218 | - return $traceLine; |
|
| 219 | - }, $trace); |
|
| 220 | - } |
|
| 221 | - |
|
| 222 | - private function removeValuesFromArgs($args, $values) { |
|
| 223 | - $workArgs = []; |
|
| 224 | - foreach ($args as $arg) { |
|
| 225 | - if (in_array($arg, $values, true)) { |
|
| 226 | - $arg = self::SENSITIVE_VALUE_PLACEHOLDER; |
|
| 227 | - } elseif (is_array($arg)) { |
|
| 228 | - $arg = $this->removeValuesFromArgs($arg, $values); |
|
| 229 | - } |
|
| 230 | - $workArgs[] = $arg; |
|
| 231 | - } |
|
| 232 | - return $workArgs; |
|
| 233 | - } |
|
| 234 | - |
|
| 235 | - private function encodeTrace($trace) { |
|
| 236 | - $trace = array_map(function (array $line) { |
|
| 237 | - if (isset($line['args'])) { |
|
| 238 | - $line['args'] = array_map([$this, 'encodeArg'], $line['args']); |
|
| 239 | - } |
|
| 240 | - return $line; |
|
| 241 | - }, $trace); |
|
| 242 | - return $this->filterTrace($trace); |
|
| 243 | - } |
|
| 244 | - |
|
| 245 | - private function encodeArg($arg, $nestingLevel = 5) { |
|
| 246 | - if (is_object($arg)) { |
|
| 247 | - if ($nestingLevel === 0) { |
|
| 248 | - return [ |
|
| 249 | - '__class__' => get_class($arg), |
|
| 250 | - '__properties__' => 'Encoding skipped as the maximum nesting level was reached', |
|
| 251 | - ]; |
|
| 252 | - } |
|
| 253 | - |
|
| 254 | - $objectInfo = [ '__class__' => get_class($arg) ]; |
|
| 255 | - $objectVars = get_object_vars($arg); |
|
| 256 | - return array_map(function ($arg) use ($nestingLevel) { |
|
| 257 | - return $this->encodeArg($arg, $nestingLevel - 1); |
|
| 258 | - }, array_merge($objectInfo, $objectVars)); |
|
| 259 | - } |
|
| 260 | - |
|
| 261 | - if (is_array($arg)) { |
|
| 262 | - if ($nestingLevel === 0) { |
|
| 263 | - return ['Encoding skipped as the maximum nesting level was reached']; |
|
| 264 | - } |
|
| 265 | - |
|
| 266 | - // Only log the first 5 elements of an array unless we are on debug |
|
| 267 | - if ((int)$this->systemConfig->getValue('loglevel', 2) !== 0) { |
|
| 268 | - $elemCount = count($arg); |
|
| 269 | - if ($elemCount > 5) { |
|
| 270 | - $arg = array_slice($arg, 0, 5); |
|
| 271 | - $arg[] = 'And ' . ($elemCount - 5) . ' more entries, set log level to debug to see all entries'; |
|
| 272 | - } |
|
| 273 | - } |
|
| 274 | - return array_map(function ($e) use ($nestingLevel) { |
|
| 275 | - return $this->encodeArg($e, $nestingLevel - 1); |
|
| 276 | - }, $arg); |
|
| 277 | - } |
|
| 278 | - |
|
| 279 | - return $arg; |
|
| 280 | - } |
|
| 281 | - |
|
| 282 | - public function serializeException(\Throwable $exception) { |
|
| 283 | - $data = [ |
|
| 284 | - 'Exception' => get_class($exception), |
|
| 285 | - 'Message' => $exception->getMessage(), |
|
| 286 | - 'Code' => $exception->getCode(), |
|
| 287 | - 'Trace' => $this->encodeTrace($exception->getTrace()), |
|
| 288 | - 'File' => $exception->getFile(), |
|
| 289 | - 'Line' => $exception->getLine(), |
|
| 290 | - ]; |
|
| 291 | - |
|
| 292 | - if ($exception instanceof HintException) { |
|
| 293 | - $data['Hint'] = $exception->getHint(); |
|
| 294 | - } |
|
| 295 | - |
|
| 296 | - if ($exception->getPrevious()) { |
|
| 297 | - $data['Previous'] = $this->serializeException($exception->getPrevious()); |
|
| 298 | - } |
|
| 299 | - |
|
| 300 | - return $data; |
|
| 301 | - } |
|
| 302 | - |
|
| 303 | - public function enlistSensitiveMethods(string $class, array $methods): void { |
|
| 304 | - if (!isset($this->methodsWithSensitiveParametersByClass[$class])) { |
|
| 305 | - $this->methodsWithSensitiveParametersByClass[$class] = []; |
|
| 306 | - } |
|
| 307 | - $this->methodsWithSensitiveParametersByClass[$class] = array_merge($this->methodsWithSensitiveParametersByClass[$class], $methods); |
|
| 308 | - } |
|
| 45 | + public const SENSITIVE_VALUE_PLACEHOLDER = '*** sensitive parameters replaced ***'; |
|
| 46 | + |
|
| 47 | + public const methodsWithSensitiveParameters = [ |
|
| 48 | + // Session/User |
|
| 49 | + 'completeLogin', |
|
| 50 | + 'login', |
|
| 51 | + 'checkPassword', |
|
| 52 | + 'checkPasswordNoLogging', |
|
| 53 | + 'loginWithPassword', |
|
| 54 | + 'updatePrivateKeyPassword', |
|
| 55 | + 'validateUserPass', |
|
| 56 | + 'loginWithToken', |
|
| 57 | + '{closure}', |
|
| 58 | + 'createSessionToken', |
|
| 59 | + |
|
| 60 | + // Provisioning |
|
| 61 | + 'addUser', |
|
| 62 | + |
|
| 63 | + // TokenProvider |
|
| 64 | + 'getToken', |
|
| 65 | + 'isTokenPassword', |
|
| 66 | + 'getPassword', |
|
| 67 | + 'decryptPassword', |
|
| 68 | + 'logClientIn', |
|
| 69 | + 'generateToken', |
|
| 70 | + 'validateToken', |
|
| 71 | + |
|
| 72 | + // TwoFactorAuth |
|
| 73 | + 'solveChallenge', |
|
| 74 | + 'verifyChallenge', |
|
| 75 | + |
|
| 76 | + // ICrypto |
|
| 77 | + 'calculateHMAC', |
|
| 78 | + 'encrypt', |
|
| 79 | + 'decrypt', |
|
| 80 | + |
|
| 81 | + // LoginController |
|
| 82 | + 'tryLogin', |
|
| 83 | + 'confirmPassword', |
|
| 84 | + |
|
| 85 | + // LDAP |
|
| 86 | + 'bind', |
|
| 87 | + 'areCredentialsValid', |
|
| 88 | + 'invokeLDAPMethod', |
|
| 89 | + |
|
| 90 | + // Encryption |
|
| 91 | + 'storeKeyPair', |
|
| 92 | + 'setupUser', |
|
| 93 | + 'checkSignature', |
|
| 94 | + |
|
| 95 | + // files_external: OCA\Files_External\MountConfig |
|
| 96 | + 'getBackendStatus', |
|
| 97 | + |
|
| 98 | + // files_external: UserStoragesController |
|
| 99 | + 'update', |
|
| 100 | + |
|
| 101 | + // Preview providers, don't log big data strings |
|
| 102 | + 'imagecreatefromstring', |
|
| 103 | + |
|
| 104 | + // text: PublicSessionController, SessionController and ApiService |
|
| 105 | + 'create', |
|
| 106 | + 'close', |
|
| 107 | + 'push', |
|
| 108 | + 'sync', |
|
| 109 | + 'updateSession', |
|
| 110 | + 'mention', |
|
| 111 | + 'loginSessionUser', |
|
| 112 | + |
|
| 113 | + ]; |
|
| 114 | + |
|
| 115 | + /** @var SystemConfig */ |
|
| 116 | + private $systemConfig; |
|
| 117 | + |
|
| 118 | + public function __construct(SystemConfig $systemConfig) { |
|
| 119 | + $this->systemConfig = $systemConfig; |
|
| 120 | + } |
|
| 121 | + |
|
| 122 | + protected array $methodsWithSensitiveParametersByClass = [ |
|
| 123 | + SetupController::class => [ |
|
| 124 | + 'run', |
|
| 125 | + 'display', |
|
| 126 | + 'loadAutoConfig', |
|
| 127 | + ], |
|
| 128 | + Setup::class => [ |
|
| 129 | + 'install' |
|
| 130 | + ], |
|
| 131 | + Key::class => [ |
|
| 132 | + '__construct' |
|
| 133 | + ], |
|
| 134 | + \Redis::class => [ |
|
| 135 | + 'auth' |
|
| 136 | + ], |
|
| 137 | + \RedisCluster::class => [ |
|
| 138 | + '__construct' |
|
| 139 | + ], |
|
| 140 | + Crypt::class => [ |
|
| 141 | + 'symmetricEncryptFileContent', |
|
| 142 | + 'encrypt', |
|
| 143 | + 'generatePasswordHash', |
|
| 144 | + 'encryptPrivateKey', |
|
| 145 | + 'decryptPrivateKey', |
|
| 146 | + 'isValidPrivateKey', |
|
| 147 | + 'symmetricDecryptFileContent', |
|
| 148 | + 'checkSignature', |
|
| 149 | + 'createSignature', |
|
| 150 | + 'decrypt', |
|
| 151 | + 'multiKeyDecrypt', |
|
| 152 | + 'multiKeyEncrypt', |
|
| 153 | + ], |
|
| 154 | + RecoveryController::class => [ |
|
| 155 | + 'adminRecovery', |
|
| 156 | + 'changeRecoveryPassword' |
|
| 157 | + ], |
|
| 158 | + SettingsController::class => [ |
|
| 159 | + 'updatePrivateKeyPassword', |
|
| 160 | + ], |
|
| 161 | + Encryption::class => [ |
|
| 162 | + 'encrypt', |
|
| 163 | + 'decrypt', |
|
| 164 | + ], |
|
| 165 | + KeyManager::class => [ |
|
| 166 | + 'checkRecoveryPassword', |
|
| 167 | + 'storeKeyPair', |
|
| 168 | + 'setRecoveryKey', |
|
| 169 | + 'setPrivateKey', |
|
| 170 | + 'setFileKey', |
|
| 171 | + 'setAllFileKeys', |
|
| 172 | + ], |
|
| 173 | + Session::class => [ |
|
| 174 | + 'setPrivateKey', |
|
| 175 | + 'prepareDecryptAll', |
|
| 176 | + ], |
|
| 177 | + \OCA\Encryption\Users\Setup::class => [ |
|
| 178 | + 'setupUser', |
|
| 179 | + ], |
|
| 180 | + UserHooks::class => [ |
|
| 181 | + 'login', |
|
| 182 | + 'postCreateUser', |
|
| 183 | + 'postDeleteUser', |
|
| 184 | + 'prePasswordReset', |
|
| 185 | + 'postPasswordReset', |
|
| 186 | + 'preSetPassphrase', |
|
| 187 | + 'setPassphrase', |
|
| 188 | + ], |
|
| 189 | + ]; |
|
| 190 | + |
|
| 191 | + private function editTrace(array &$sensitiveValues, array $traceLine): array { |
|
| 192 | + if (isset($traceLine['args'])) { |
|
| 193 | + $sensitiveValues = array_merge($sensitiveValues, $traceLine['args']); |
|
| 194 | + } |
|
| 195 | + $traceLine['args'] = [self::SENSITIVE_VALUE_PLACEHOLDER]; |
|
| 196 | + return $traceLine; |
|
| 197 | + } |
|
| 198 | + |
|
| 199 | + private function filterTrace(array $trace) { |
|
| 200 | + $sensitiveValues = []; |
|
| 201 | + $trace = array_map(function (array $traceLine) use (&$sensitiveValues) { |
|
| 202 | + $className = $traceLine['class'] ?? ''; |
|
| 203 | + if ($className && isset($this->methodsWithSensitiveParametersByClass[$className]) |
|
| 204 | + && in_array($traceLine['function'], $this->methodsWithSensitiveParametersByClass[$className], true)) { |
|
| 205 | + return $this->editTrace($sensitiveValues, $traceLine); |
|
| 206 | + } |
|
| 207 | + foreach (self::methodsWithSensitiveParameters as $sensitiveMethod) { |
|
| 208 | + if (str_contains($traceLine['function'], $sensitiveMethod)) { |
|
| 209 | + return $this->editTrace($sensitiveValues, $traceLine); |
|
| 210 | + } |
|
| 211 | + } |
|
| 212 | + return $traceLine; |
|
| 213 | + }, $trace); |
|
| 214 | + return array_map(function (array $traceLine) use ($sensitiveValues) { |
|
| 215 | + if (isset($traceLine['args'])) { |
|
| 216 | + $traceLine['args'] = $this->removeValuesFromArgs($traceLine['args'], $sensitiveValues); |
|
| 217 | + } |
|
| 218 | + return $traceLine; |
|
| 219 | + }, $trace); |
|
| 220 | + } |
|
| 221 | + |
|
| 222 | + private function removeValuesFromArgs($args, $values) { |
|
| 223 | + $workArgs = []; |
|
| 224 | + foreach ($args as $arg) { |
|
| 225 | + if (in_array($arg, $values, true)) { |
|
| 226 | + $arg = self::SENSITIVE_VALUE_PLACEHOLDER; |
|
| 227 | + } elseif (is_array($arg)) { |
|
| 228 | + $arg = $this->removeValuesFromArgs($arg, $values); |
|
| 229 | + } |
|
| 230 | + $workArgs[] = $arg; |
|
| 231 | + } |
|
| 232 | + return $workArgs; |
|
| 233 | + } |
|
| 234 | + |
|
| 235 | + private function encodeTrace($trace) { |
|
| 236 | + $trace = array_map(function (array $line) { |
|
| 237 | + if (isset($line['args'])) { |
|
| 238 | + $line['args'] = array_map([$this, 'encodeArg'], $line['args']); |
|
| 239 | + } |
|
| 240 | + return $line; |
|
| 241 | + }, $trace); |
|
| 242 | + return $this->filterTrace($trace); |
|
| 243 | + } |
|
| 244 | + |
|
| 245 | + private function encodeArg($arg, $nestingLevel = 5) { |
|
| 246 | + if (is_object($arg)) { |
|
| 247 | + if ($nestingLevel === 0) { |
|
| 248 | + return [ |
|
| 249 | + '__class__' => get_class($arg), |
|
| 250 | + '__properties__' => 'Encoding skipped as the maximum nesting level was reached', |
|
| 251 | + ]; |
|
| 252 | + } |
|
| 253 | + |
|
| 254 | + $objectInfo = [ '__class__' => get_class($arg) ]; |
|
| 255 | + $objectVars = get_object_vars($arg); |
|
| 256 | + return array_map(function ($arg) use ($nestingLevel) { |
|
| 257 | + return $this->encodeArg($arg, $nestingLevel - 1); |
|
| 258 | + }, array_merge($objectInfo, $objectVars)); |
|
| 259 | + } |
|
| 260 | + |
|
| 261 | + if (is_array($arg)) { |
|
| 262 | + if ($nestingLevel === 0) { |
|
| 263 | + return ['Encoding skipped as the maximum nesting level was reached']; |
|
| 264 | + } |
|
| 265 | + |
|
| 266 | + // Only log the first 5 elements of an array unless we are on debug |
|
| 267 | + if ((int)$this->systemConfig->getValue('loglevel', 2) !== 0) { |
|
| 268 | + $elemCount = count($arg); |
|
| 269 | + if ($elemCount > 5) { |
|
| 270 | + $arg = array_slice($arg, 0, 5); |
|
| 271 | + $arg[] = 'And ' . ($elemCount - 5) . ' more entries, set log level to debug to see all entries'; |
|
| 272 | + } |
|
| 273 | + } |
|
| 274 | + return array_map(function ($e) use ($nestingLevel) { |
|
| 275 | + return $this->encodeArg($e, $nestingLevel - 1); |
|
| 276 | + }, $arg); |
|
| 277 | + } |
|
| 278 | + |
|
| 279 | + return $arg; |
|
| 280 | + } |
|
| 281 | + |
|
| 282 | + public function serializeException(\Throwable $exception) { |
|
| 283 | + $data = [ |
|
| 284 | + 'Exception' => get_class($exception), |
|
| 285 | + 'Message' => $exception->getMessage(), |
|
| 286 | + 'Code' => $exception->getCode(), |
|
| 287 | + 'Trace' => $this->encodeTrace($exception->getTrace()), |
|
| 288 | + 'File' => $exception->getFile(), |
|
| 289 | + 'Line' => $exception->getLine(), |
|
| 290 | + ]; |
|
| 291 | + |
|
| 292 | + if ($exception instanceof HintException) { |
|
| 293 | + $data['Hint'] = $exception->getHint(); |
|
| 294 | + } |
|
| 295 | + |
|
| 296 | + if ($exception->getPrevious()) { |
|
| 297 | + $data['Previous'] = $this->serializeException($exception->getPrevious()); |
|
| 298 | + } |
|
| 299 | + |
|
| 300 | + return $data; |
|
| 301 | + } |
|
| 302 | + |
|
| 303 | + public function enlistSensitiveMethods(string $class, array $methods): void { |
|
| 304 | + if (!isset($this->methodsWithSensitiveParametersByClass[$class])) { |
|
| 305 | + $this->methodsWithSensitiveParametersByClass[$class] = []; |
|
| 306 | + } |
|
| 307 | + $this->methodsWithSensitiveParametersByClass[$class] = array_merge($this->methodsWithSensitiveParametersByClass[$class], $methods); |
|
| 308 | + } |
|
| 309 | 309 | } |
@@ -30,459 +30,459 @@ |
||
| 30 | 30 | use OCP\Comments\MessageTooLongException; |
| 31 | 31 | |
| 32 | 32 | class Comment implements IComment { |
| 33 | - protected $data = [ |
|
| 34 | - 'id' => '', |
|
| 35 | - 'parentId' => '0', |
|
| 36 | - 'topmostParentId' => '0', |
|
| 37 | - 'childrenCount' => '0', |
|
| 38 | - 'message' => '', |
|
| 39 | - 'verb' => '', |
|
| 40 | - 'actorType' => '', |
|
| 41 | - 'actorId' => '', |
|
| 42 | - 'objectType' => '', |
|
| 43 | - 'objectId' => '', |
|
| 44 | - 'referenceId' => null, |
|
| 45 | - 'creationDT' => null, |
|
| 46 | - 'latestChildDT' => null, |
|
| 47 | - 'reactions' => null, |
|
| 48 | - 'expire_date' => null, |
|
| 49 | - ]; |
|
| 50 | - |
|
| 51 | - /** |
|
| 52 | - * Comment constructor. |
|
| 53 | - * |
|
| 54 | - * @param array $data optional, array with keys according to column names from |
|
| 55 | - * the comments database scheme |
|
| 56 | - */ |
|
| 57 | - public function __construct(array $data = null) { |
|
| 58 | - if (is_array($data)) { |
|
| 59 | - $this->fromArray($data); |
|
| 60 | - } |
|
| 61 | - } |
|
| 62 | - |
|
| 63 | - /** |
|
| 64 | - * returns the ID of the comment |
|
| 65 | - * |
|
| 66 | - * It may return an empty string, if the comment was not stored. |
|
| 67 | - * It is expected that the concrete Comment implementation gives an ID |
|
| 68 | - * by itself (e.g. after saving). |
|
| 69 | - * |
|
| 70 | - * @return string |
|
| 71 | - * @since 9.0.0 |
|
| 72 | - */ |
|
| 73 | - public function getId() { |
|
| 74 | - return $this->data['id']; |
|
| 75 | - } |
|
| 76 | - |
|
| 77 | - /** |
|
| 78 | - * sets the ID of the comment and returns itself |
|
| 79 | - * |
|
| 80 | - * It is only allowed to set the ID only, if the current id is an empty |
|
| 81 | - * string (which means it is not stored in a database, storage or whatever |
|
| 82 | - * the concrete implementation does), or vice versa. Changing a given ID is |
|
| 83 | - * not permitted and must result in an IllegalIDChangeException. |
|
| 84 | - * |
|
| 85 | - * @param string $id |
|
| 86 | - * @return IComment |
|
| 87 | - * @throws IllegalIDChangeException |
|
| 88 | - * @since 9.0.0 |
|
| 89 | - */ |
|
| 90 | - public function setId($id) { |
|
| 91 | - if (!is_string($id)) { |
|
| 92 | - throw new \InvalidArgumentException('String expected.'); |
|
| 93 | - } |
|
| 94 | - |
|
| 95 | - $id = trim($id); |
|
| 96 | - if ($this->data['id'] === '' || ($this->data['id'] !== '' && $id === '')) { |
|
| 97 | - $this->data['id'] = $id; |
|
| 98 | - return $this; |
|
| 99 | - } |
|
| 100 | - |
|
| 101 | - throw new IllegalIDChangeException('Not allowed to assign a new ID to an already saved comment.'); |
|
| 102 | - } |
|
| 103 | - |
|
| 104 | - /** |
|
| 105 | - * returns the parent ID of the comment |
|
| 106 | - * |
|
| 107 | - * @return string |
|
| 108 | - * @since 9.0.0 |
|
| 109 | - */ |
|
| 110 | - public function getParentId() { |
|
| 111 | - return $this->data['parentId']; |
|
| 112 | - } |
|
| 113 | - |
|
| 114 | - /** |
|
| 115 | - * sets the parent ID and returns itself |
|
| 116 | - * |
|
| 117 | - * @param string $parentId |
|
| 118 | - * @return IComment |
|
| 119 | - * @since 9.0.0 |
|
| 120 | - */ |
|
| 121 | - public function setParentId($parentId) { |
|
| 122 | - if (!is_string($parentId)) { |
|
| 123 | - throw new \InvalidArgumentException('String expected.'); |
|
| 124 | - } |
|
| 125 | - $this->data['parentId'] = trim($parentId); |
|
| 126 | - return $this; |
|
| 127 | - } |
|
| 128 | - |
|
| 129 | - /** |
|
| 130 | - * returns the topmost parent ID of the comment |
|
| 131 | - * |
|
| 132 | - * @return string |
|
| 133 | - * @since 9.0.0 |
|
| 134 | - */ |
|
| 135 | - public function getTopmostParentId() { |
|
| 136 | - return $this->data['topmostParentId']; |
|
| 137 | - } |
|
| 138 | - |
|
| 139 | - |
|
| 140 | - /** |
|
| 141 | - * sets the topmost parent ID and returns itself |
|
| 142 | - * |
|
| 143 | - * @param string $id |
|
| 144 | - * @return IComment |
|
| 145 | - * @since 9.0.0 |
|
| 146 | - */ |
|
| 147 | - public function setTopmostParentId($id) { |
|
| 148 | - if (!is_string($id)) { |
|
| 149 | - throw new \InvalidArgumentException('String expected.'); |
|
| 150 | - } |
|
| 151 | - $this->data['topmostParentId'] = trim($id); |
|
| 152 | - return $this; |
|
| 153 | - } |
|
| 154 | - |
|
| 155 | - /** |
|
| 156 | - * returns the number of children |
|
| 157 | - * |
|
| 158 | - * @return int |
|
| 159 | - * @since 9.0.0 |
|
| 160 | - */ |
|
| 161 | - public function getChildrenCount() { |
|
| 162 | - return $this->data['childrenCount']; |
|
| 163 | - } |
|
| 164 | - |
|
| 165 | - /** |
|
| 166 | - * sets the number of children |
|
| 167 | - * |
|
| 168 | - * @param int $count |
|
| 169 | - * @return IComment |
|
| 170 | - * @since 9.0.0 |
|
| 171 | - */ |
|
| 172 | - public function setChildrenCount($count) { |
|
| 173 | - if (!is_int($count)) { |
|
| 174 | - throw new \InvalidArgumentException('Integer expected.'); |
|
| 175 | - } |
|
| 176 | - $this->data['childrenCount'] = $count; |
|
| 177 | - return $this; |
|
| 178 | - } |
|
| 179 | - |
|
| 180 | - /** |
|
| 181 | - * returns the message of the comment |
|
| 182 | - * |
|
| 183 | - * @return string |
|
| 184 | - * @since 9.0.0 |
|
| 185 | - */ |
|
| 186 | - public function getMessage() { |
|
| 187 | - return $this->data['message']; |
|
| 188 | - } |
|
| 189 | - |
|
| 190 | - /** |
|
| 191 | - * sets the message of the comment and returns itself |
|
| 192 | - * |
|
| 193 | - * @param string $message |
|
| 194 | - * @param int $maxLength |
|
| 195 | - * @return IComment |
|
| 196 | - * @throws MessageTooLongException |
|
| 197 | - * @since 9.0.0 |
|
| 198 | - */ |
|
| 199 | - public function setMessage($message, $maxLength = self::MAX_MESSAGE_LENGTH) { |
|
| 200 | - if (!is_string($message)) { |
|
| 201 | - throw new \InvalidArgumentException('String expected.'); |
|
| 202 | - } |
|
| 203 | - $message = trim($message); |
|
| 204 | - if ($maxLength && mb_strlen($message, 'UTF-8') > $maxLength) { |
|
| 205 | - throw new MessageTooLongException('Comment message must not exceed ' . $maxLength. ' characters'); |
|
| 206 | - } |
|
| 207 | - $this->data['message'] = $message; |
|
| 208 | - return $this; |
|
| 209 | - } |
|
| 210 | - |
|
| 211 | - /** |
|
| 212 | - * returns an array containing mentions that are included in the comment |
|
| 213 | - * |
|
| 214 | - * @return array each mention provides a 'type' and an 'id', see example below |
|
| 215 | - * @since 11.0.0 |
|
| 216 | - * |
|
| 217 | - * The return array looks like: |
|
| 218 | - * [ |
|
| 219 | - * [ |
|
| 220 | - * 'type' => 'user', |
|
| 221 | - * 'id' => 'citizen4' |
|
| 222 | - * ], |
|
| 223 | - * [ |
|
| 224 | - * 'type' => 'group', |
|
| 225 | - * 'id' => 'media' |
|
| 226 | - * ], |
|
| 227 | - * … |
|
| 228 | - * ] |
|
| 229 | - * |
|
| 230 | - */ |
|
| 231 | - public function getMentions() { |
|
| 232 | - $ok = preg_match_all("/\B(?<![^a-z0-9_\-@\.\'\s])@(\"guest\/[a-f0-9]+\"|\"group\/[a-z0-9_\-@\.\' ]+\"|\"[a-z0-9_\-@\.\' ]+\"|[a-z0-9_\-@\.\']+)/i", $this->getMessage(), $mentions); |
|
| 233 | - if (!$ok || !isset($mentions[0]) || !is_array($mentions[0])) { |
|
| 234 | - return []; |
|
| 235 | - } |
|
| 236 | - $mentionIds = array_unique($mentions[0]); |
|
| 237 | - usort($mentionIds, static function ($mentionId1, $mentionId2) { |
|
| 238 | - return mb_strlen($mentionId2) <=> mb_strlen($mentionId1); |
|
| 239 | - }); |
|
| 240 | - $result = []; |
|
| 241 | - foreach ($mentionIds as $mentionId) { |
|
| 242 | - $cleanId = trim(substr($mentionId, 1), '"'); |
|
| 243 | - if (str_starts_with($cleanId, 'guest/')) { |
|
| 244 | - $result[] = ['type' => 'guest', 'id' => $cleanId]; |
|
| 245 | - } elseif (str_starts_with($cleanId, 'group/')) { |
|
| 246 | - $result[] = ['type' => 'group', 'id' => substr($cleanId, 6)]; |
|
| 247 | - } else { |
|
| 248 | - $result[] = ['type' => 'user', 'id' => $cleanId]; |
|
| 249 | - } |
|
| 250 | - } |
|
| 251 | - return $result; |
|
| 252 | - } |
|
| 253 | - |
|
| 254 | - /** |
|
| 255 | - * returns the verb of the comment |
|
| 256 | - * |
|
| 257 | - * @return string |
|
| 258 | - * @since 9.0.0 |
|
| 259 | - */ |
|
| 260 | - public function getVerb() { |
|
| 261 | - return $this->data['verb']; |
|
| 262 | - } |
|
| 263 | - |
|
| 264 | - /** |
|
| 265 | - * sets the verb of the comment, e.g. 'comment' or 'like' |
|
| 266 | - * |
|
| 267 | - * @param string $verb |
|
| 268 | - * @return IComment |
|
| 269 | - * @since 9.0.0 |
|
| 270 | - */ |
|
| 271 | - public function setVerb($verb) { |
|
| 272 | - if (!is_string($verb) || !trim($verb)) { |
|
| 273 | - throw new \InvalidArgumentException('Non-empty String expected.'); |
|
| 274 | - } |
|
| 275 | - $this->data['verb'] = trim($verb); |
|
| 276 | - return $this; |
|
| 277 | - } |
|
| 278 | - |
|
| 279 | - /** |
|
| 280 | - * returns the actor type |
|
| 281 | - * |
|
| 282 | - * @return string |
|
| 283 | - * @since 9.0.0 |
|
| 284 | - */ |
|
| 285 | - public function getActorType() { |
|
| 286 | - return $this->data['actorType']; |
|
| 287 | - } |
|
| 288 | - |
|
| 289 | - /** |
|
| 290 | - * returns the actor ID |
|
| 291 | - * |
|
| 292 | - * @return string |
|
| 293 | - * @since 9.0.0 |
|
| 294 | - */ |
|
| 295 | - public function getActorId() { |
|
| 296 | - return $this->data['actorId']; |
|
| 297 | - } |
|
| 298 | - |
|
| 299 | - /** |
|
| 300 | - * sets (overwrites) the actor type and id |
|
| 301 | - * |
|
| 302 | - * @param string $actorType e.g. 'users' |
|
| 303 | - * @param string $actorId e.g. 'zombie234' |
|
| 304 | - * @return IComment |
|
| 305 | - * @since 9.0.0 |
|
| 306 | - */ |
|
| 307 | - public function setActor($actorType, $actorId) { |
|
| 308 | - if ( |
|
| 309 | - !is_string($actorType) || !trim($actorType) |
|
| 310 | - || !is_string($actorId) || $actorId === '' |
|
| 311 | - ) { |
|
| 312 | - throw new \InvalidArgumentException('String expected.'); |
|
| 313 | - } |
|
| 314 | - $this->data['actorType'] = trim($actorType); |
|
| 315 | - $this->data['actorId'] = $actorId; |
|
| 316 | - return $this; |
|
| 317 | - } |
|
| 318 | - |
|
| 319 | - /** |
|
| 320 | - * returns the creation date of the comment. |
|
| 321 | - * |
|
| 322 | - * If not explicitly set, it shall default to the time of initialization. |
|
| 323 | - * |
|
| 324 | - * @return \DateTime |
|
| 325 | - * @since 9.0.0 |
|
| 326 | - */ |
|
| 327 | - public function getCreationDateTime() { |
|
| 328 | - return $this->data['creationDT']; |
|
| 329 | - } |
|
| 330 | - |
|
| 331 | - /** |
|
| 332 | - * sets the creation date of the comment and returns itself |
|
| 333 | - * |
|
| 334 | - * @param \DateTime $timestamp |
|
| 335 | - * @return IComment |
|
| 336 | - * @since 9.0.0 |
|
| 337 | - */ |
|
| 338 | - public function setCreationDateTime(\DateTime $timestamp) { |
|
| 339 | - $this->data['creationDT'] = $timestamp; |
|
| 340 | - return $this; |
|
| 341 | - } |
|
| 342 | - |
|
| 343 | - /** |
|
| 344 | - * returns the DateTime of the most recent child, if set, otherwise null |
|
| 345 | - * |
|
| 346 | - * @return \DateTime|null |
|
| 347 | - * @since 9.0.0 |
|
| 348 | - */ |
|
| 349 | - public function getLatestChildDateTime() { |
|
| 350 | - return $this->data['latestChildDT']; |
|
| 351 | - } |
|
| 352 | - |
|
| 353 | - /** |
|
| 354 | - * @inheritDoc |
|
| 355 | - */ |
|
| 356 | - public function setLatestChildDateTime(?\DateTime $dateTime = null) { |
|
| 357 | - $this->data['latestChildDT'] = $dateTime; |
|
| 358 | - return $this; |
|
| 359 | - } |
|
| 360 | - |
|
| 361 | - /** |
|
| 362 | - * returns the object type the comment is attached to |
|
| 363 | - * |
|
| 364 | - * @return string |
|
| 365 | - * @since 9.0.0 |
|
| 366 | - */ |
|
| 367 | - public function getObjectType() { |
|
| 368 | - return $this->data['objectType']; |
|
| 369 | - } |
|
| 370 | - |
|
| 371 | - /** |
|
| 372 | - * returns the object id the comment is attached to |
|
| 373 | - * |
|
| 374 | - * @return string |
|
| 375 | - * @since 9.0.0 |
|
| 376 | - */ |
|
| 377 | - public function getObjectId() { |
|
| 378 | - return $this->data['objectId']; |
|
| 379 | - } |
|
| 380 | - |
|
| 381 | - /** |
|
| 382 | - * sets (overwrites) the object of the comment |
|
| 383 | - * |
|
| 384 | - * @param string $objectType e.g. 'files' |
|
| 385 | - * @param string $objectId e.g. '16435' |
|
| 386 | - * @return IComment |
|
| 387 | - * @since 9.0.0 |
|
| 388 | - */ |
|
| 389 | - public function setObject($objectType, $objectId) { |
|
| 390 | - if ( |
|
| 391 | - !is_string($objectType) || !trim($objectType) |
|
| 392 | - || !is_string($objectId) || trim($objectId) === '' |
|
| 393 | - ) { |
|
| 394 | - throw new \InvalidArgumentException('String expected.'); |
|
| 395 | - } |
|
| 396 | - $this->data['objectType'] = trim($objectType); |
|
| 397 | - $this->data['objectId'] = trim($objectId); |
|
| 398 | - return $this; |
|
| 399 | - } |
|
| 400 | - |
|
| 401 | - /** |
|
| 402 | - * returns the reference id of the comment |
|
| 403 | - * |
|
| 404 | - * @return string|null |
|
| 405 | - * @since 19.0.0 |
|
| 406 | - */ |
|
| 407 | - public function getReferenceId(): ?string { |
|
| 408 | - return $this->data['referenceId']; |
|
| 409 | - } |
|
| 410 | - |
|
| 411 | - /** |
|
| 412 | - * sets (overwrites) the reference id of the comment |
|
| 413 | - * |
|
| 414 | - * @param string $referenceId e.g. sha256 hash sum |
|
| 415 | - * @return IComment |
|
| 416 | - * @since 19.0.0 |
|
| 417 | - */ |
|
| 418 | - public function setReferenceId(?string $referenceId): IComment { |
|
| 419 | - if ($referenceId === null) { |
|
| 420 | - $this->data['referenceId'] = $referenceId; |
|
| 421 | - } else { |
|
| 422 | - $referenceId = trim($referenceId); |
|
| 423 | - if ($referenceId === '') { |
|
| 424 | - throw new \InvalidArgumentException('Non empty string expected.'); |
|
| 425 | - } |
|
| 426 | - $this->data['referenceId'] = $referenceId; |
|
| 427 | - } |
|
| 428 | - return $this; |
|
| 429 | - } |
|
| 430 | - |
|
| 431 | - /** |
|
| 432 | - * @inheritDoc |
|
| 433 | - */ |
|
| 434 | - public function getReactions(): array { |
|
| 435 | - return $this->data['reactions'] ?? []; |
|
| 436 | - } |
|
| 437 | - |
|
| 438 | - /** |
|
| 439 | - * @inheritDoc |
|
| 440 | - */ |
|
| 441 | - public function setReactions(?array $reactions): IComment { |
|
| 442 | - $this->data['reactions'] = $reactions; |
|
| 443 | - return $this; |
|
| 444 | - } |
|
| 445 | - |
|
| 446 | - /** |
|
| 447 | - * @inheritDoc |
|
| 448 | - */ |
|
| 449 | - public function setExpireDate(?\DateTime $dateTime): IComment { |
|
| 450 | - $this->data['expire_date'] = $dateTime; |
|
| 451 | - return $this; |
|
| 452 | - } |
|
| 453 | - |
|
| 454 | - /** |
|
| 455 | - * @inheritDoc |
|
| 456 | - */ |
|
| 457 | - public function getExpireDate(): ?\DateTime { |
|
| 458 | - return $this->data['expire_date']; |
|
| 459 | - } |
|
| 460 | - |
|
| 461 | - /** |
|
| 462 | - * sets the comment data based on an array with keys as taken from the |
|
| 463 | - * database. |
|
| 464 | - * |
|
| 465 | - * @param array $data |
|
| 466 | - * @return IComment |
|
| 467 | - */ |
|
| 468 | - protected function fromArray($data) { |
|
| 469 | - foreach (array_keys($data) as $key) { |
|
| 470 | - // translate DB keys to internal setter names |
|
| 471 | - $setter = 'set' . implode('', array_map('ucfirst', explode('_', $key))); |
|
| 472 | - $setter = str_replace('Timestamp', 'DateTime', $setter); |
|
| 473 | - |
|
| 474 | - if (method_exists($this, $setter)) { |
|
| 475 | - $this->$setter($data[$key]); |
|
| 476 | - } |
|
| 477 | - } |
|
| 478 | - |
|
| 479 | - foreach (['actor', 'object'] as $role) { |
|
| 480 | - if (isset($data[$role . '_type']) && isset($data[$role . '_id'])) { |
|
| 481 | - $setter = 'set' . ucfirst($role); |
|
| 482 | - $this->$setter($data[$role . '_type'], $data[$role . '_id']); |
|
| 483 | - } |
|
| 484 | - } |
|
| 485 | - |
|
| 486 | - return $this; |
|
| 487 | - } |
|
| 33 | + protected $data = [ |
|
| 34 | + 'id' => '', |
|
| 35 | + 'parentId' => '0', |
|
| 36 | + 'topmostParentId' => '0', |
|
| 37 | + 'childrenCount' => '0', |
|
| 38 | + 'message' => '', |
|
| 39 | + 'verb' => '', |
|
| 40 | + 'actorType' => '', |
|
| 41 | + 'actorId' => '', |
|
| 42 | + 'objectType' => '', |
|
| 43 | + 'objectId' => '', |
|
| 44 | + 'referenceId' => null, |
|
| 45 | + 'creationDT' => null, |
|
| 46 | + 'latestChildDT' => null, |
|
| 47 | + 'reactions' => null, |
|
| 48 | + 'expire_date' => null, |
|
| 49 | + ]; |
|
| 50 | + |
|
| 51 | + /** |
|
| 52 | + * Comment constructor. |
|
| 53 | + * |
|
| 54 | + * @param array $data optional, array with keys according to column names from |
|
| 55 | + * the comments database scheme |
|
| 56 | + */ |
|
| 57 | + public function __construct(array $data = null) { |
|
| 58 | + if (is_array($data)) { |
|
| 59 | + $this->fromArray($data); |
|
| 60 | + } |
|
| 61 | + } |
|
| 62 | + |
|
| 63 | + /** |
|
| 64 | + * returns the ID of the comment |
|
| 65 | + * |
|
| 66 | + * It may return an empty string, if the comment was not stored. |
|
| 67 | + * It is expected that the concrete Comment implementation gives an ID |
|
| 68 | + * by itself (e.g. after saving). |
|
| 69 | + * |
|
| 70 | + * @return string |
|
| 71 | + * @since 9.0.0 |
|
| 72 | + */ |
|
| 73 | + public function getId() { |
|
| 74 | + return $this->data['id']; |
|
| 75 | + } |
|
| 76 | + |
|
| 77 | + /** |
|
| 78 | + * sets the ID of the comment and returns itself |
|
| 79 | + * |
|
| 80 | + * It is only allowed to set the ID only, if the current id is an empty |
|
| 81 | + * string (which means it is not stored in a database, storage or whatever |
|
| 82 | + * the concrete implementation does), or vice versa. Changing a given ID is |
|
| 83 | + * not permitted and must result in an IllegalIDChangeException. |
|
| 84 | + * |
|
| 85 | + * @param string $id |
|
| 86 | + * @return IComment |
|
| 87 | + * @throws IllegalIDChangeException |
|
| 88 | + * @since 9.0.0 |
|
| 89 | + */ |
|
| 90 | + public function setId($id) { |
|
| 91 | + if (!is_string($id)) { |
|
| 92 | + throw new \InvalidArgumentException('String expected.'); |
|
| 93 | + } |
|
| 94 | + |
|
| 95 | + $id = trim($id); |
|
| 96 | + if ($this->data['id'] === '' || ($this->data['id'] !== '' && $id === '')) { |
|
| 97 | + $this->data['id'] = $id; |
|
| 98 | + return $this; |
|
| 99 | + } |
|
| 100 | + |
|
| 101 | + throw new IllegalIDChangeException('Not allowed to assign a new ID to an already saved comment.'); |
|
| 102 | + } |
|
| 103 | + |
|
| 104 | + /** |
|
| 105 | + * returns the parent ID of the comment |
|
| 106 | + * |
|
| 107 | + * @return string |
|
| 108 | + * @since 9.0.0 |
|
| 109 | + */ |
|
| 110 | + public function getParentId() { |
|
| 111 | + return $this->data['parentId']; |
|
| 112 | + } |
|
| 113 | + |
|
| 114 | + /** |
|
| 115 | + * sets the parent ID and returns itself |
|
| 116 | + * |
|
| 117 | + * @param string $parentId |
|
| 118 | + * @return IComment |
|
| 119 | + * @since 9.0.0 |
|
| 120 | + */ |
|
| 121 | + public function setParentId($parentId) { |
|
| 122 | + if (!is_string($parentId)) { |
|
| 123 | + throw new \InvalidArgumentException('String expected.'); |
|
| 124 | + } |
|
| 125 | + $this->data['parentId'] = trim($parentId); |
|
| 126 | + return $this; |
|
| 127 | + } |
|
| 128 | + |
|
| 129 | + /** |
|
| 130 | + * returns the topmost parent ID of the comment |
|
| 131 | + * |
|
| 132 | + * @return string |
|
| 133 | + * @since 9.0.0 |
|
| 134 | + */ |
|
| 135 | + public function getTopmostParentId() { |
|
| 136 | + return $this->data['topmostParentId']; |
|
| 137 | + } |
|
| 138 | + |
|
| 139 | + |
|
| 140 | + /** |
|
| 141 | + * sets the topmost parent ID and returns itself |
|
| 142 | + * |
|
| 143 | + * @param string $id |
|
| 144 | + * @return IComment |
|
| 145 | + * @since 9.0.0 |
|
| 146 | + */ |
|
| 147 | + public function setTopmostParentId($id) { |
|
| 148 | + if (!is_string($id)) { |
|
| 149 | + throw new \InvalidArgumentException('String expected.'); |
|
| 150 | + } |
|
| 151 | + $this->data['topmostParentId'] = trim($id); |
|
| 152 | + return $this; |
|
| 153 | + } |
|
| 154 | + |
|
| 155 | + /** |
|
| 156 | + * returns the number of children |
|
| 157 | + * |
|
| 158 | + * @return int |
|
| 159 | + * @since 9.0.0 |
|
| 160 | + */ |
|
| 161 | + public function getChildrenCount() { |
|
| 162 | + return $this->data['childrenCount']; |
|
| 163 | + } |
|
| 164 | + |
|
| 165 | + /** |
|
| 166 | + * sets the number of children |
|
| 167 | + * |
|
| 168 | + * @param int $count |
|
| 169 | + * @return IComment |
|
| 170 | + * @since 9.0.0 |
|
| 171 | + */ |
|
| 172 | + public function setChildrenCount($count) { |
|
| 173 | + if (!is_int($count)) { |
|
| 174 | + throw new \InvalidArgumentException('Integer expected.'); |
|
| 175 | + } |
|
| 176 | + $this->data['childrenCount'] = $count; |
|
| 177 | + return $this; |
|
| 178 | + } |
|
| 179 | + |
|
| 180 | + /** |
|
| 181 | + * returns the message of the comment |
|
| 182 | + * |
|
| 183 | + * @return string |
|
| 184 | + * @since 9.0.0 |
|
| 185 | + */ |
|
| 186 | + public function getMessage() { |
|
| 187 | + return $this->data['message']; |
|
| 188 | + } |
|
| 189 | + |
|
| 190 | + /** |
|
| 191 | + * sets the message of the comment and returns itself |
|
| 192 | + * |
|
| 193 | + * @param string $message |
|
| 194 | + * @param int $maxLength |
|
| 195 | + * @return IComment |
|
| 196 | + * @throws MessageTooLongException |
|
| 197 | + * @since 9.0.0 |
|
| 198 | + */ |
|
| 199 | + public function setMessage($message, $maxLength = self::MAX_MESSAGE_LENGTH) { |
|
| 200 | + if (!is_string($message)) { |
|
| 201 | + throw new \InvalidArgumentException('String expected.'); |
|
| 202 | + } |
|
| 203 | + $message = trim($message); |
|
| 204 | + if ($maxLength && mb_strlen($message, 'UTF-8') > $maxLength) { |
|
| 205 | + throw new MessageTooLongException('Comment message must not exceed ' . $maxLength. ' characters'); |
|
| 206 | + } |
|
| 207 | + $this->data['message'] = $message; |
|
| 208 | + return $this; |
|
| 209 | + } |
|
| 210 | + |
|
| 211 | + /** |
|
| 212 | + * returns an array containing mentions that are included in the comment |
|
| 213 | + * |
|
| 214 | + * @return array each mention provides a 'type' and an 'id', see example below |
|
| 215 | + * @since 11.0.0 |
|
| 216 | + * |
|
| 217 | + * The return array looks like: |
|
| 218 | + * [ |
|
| 219 | + * [ |
|
| 220 | + * 'type' => 'user', |
|
| 221 | + * 'id' => 'citizen4' |
|
| 222 | + * ], |
|
| 223 | + * [ |
|
| 224 | + * 'type' => 'group', |
|
| 225 | + * 'id' => 'media' |
|
| 226 | + * ], |
|
| 227 | + * … |
|
| 228 | + * ] |
|
| 229 | + * |
|
| 230 | + */ |
|
| 231 | + public function getMentions() { |
|
| 232 | + $ok = preg_match_all("/\B(?<![^a-z0-9_\-@\.\'\s])@(\"guest\/[a-f0-9]+\"|\"group\/[a-z0-9_\-@\.\' ]+\"|\"[a-z0-9_\-@\.\' ]+\"|[a-z0-9_\-@\.\']+)/i", $this->getMessage(), $mentions); |
|
| 233 | + if (!$ok || !isset($mentions[0]) || !is_array($mentions[0])) { |
|
| 234 | + return []; |
|
| 235 | + } |
|
| 236 | + $mentionIds = array_unique($mentions[0]); |
|
| 237 | + usort($mentionIds, static function ($mentionId1, $mentionId2) { |
|
| 238 | + return mb_strlen($mentionId2) <=> mb_strlen($mentionId1); |
|
| 239 | + }); |
|
| 240 | + $result = []; |
|
| 241 | + foreach ($mentionIds as $mentionId) { |
|
| 242 | + $cleanId = trim(substr($mentionId, 1), '"'); |
|
| 243 | + if (str_starts_with($cleanId, 'guest/')) { |
|
| 244 | + $result[] = ['type' => 'guest', 'id' => $cleanId]; |
|
| 245 | + } elseif (str_starts_with($cleanId, 'group/')) { |
|
| 246 | + $result[] = ['type' => 'group', 'id' => substr($cleanId, 6)]; |
|
| 247 | + } else { |
|
| 248 | + $result[] = ['type' => 'user', 'id' => $cleanId]; |
|
| 249 | + } |
|
| 250 | + } |
|
| 251 | + return $result; |
|
| 252 | + } |
|
| 253 | + |
|
| 254 | + /** |
|
| 255 | + * returns the verb of the comment |
|
| 256 | + * |
|
| 257 | + * @return string |
|
| 258 | + * @since 9.0.0 |
|
| 259 | + */ |
|
| 260 | + public function getVerb() { |
|
| 261 | + return $this->data['verb']; |
|
| 262 | + } |
|
| 263 | + |
|
| 264 | + /** |
|
| 265 | + * sets the verb of the comment, e.g. 'comment' or 'like' |
|
| 266 | + * |
|
| 267 | + * @param string $verb |
|
| 268 | + * @return IComment |
|
| 269 | + * @since 9.0.0 |
|
| 270 | + */ |
|
| 271 | + public function setVerb($verb) { |
|
| 272 | + if (!is_string($verb) || !trim($verb)) { |
|
| 273 | + throw new \InvalidArgumentException('Non-empty String expected.'); |
|
| 274 | + } |
|
| 275 | + $this->data['verb'] = trim($verb); |
|
| 276 | + return $this; |
|
| 277 | + } |
|
| 278 | + |
|
| 279 | + /** |
|
| 280 | + * returns the actor type |
|
| 281 | + * |
|
| 282 | + * @return string |
|
| 283 | + * @since 9.0.0 |
|
| 284 | + */ |
|
| 285 | + public function getActorType() { |
|
| 286 | + return $this->data['actorType']; |
|
| 287 | + } |
|
| 288 | + |
|
| 289 | + /** |
|
| 290 | + * returns the actor ID |
|
| 291 | + * |
|
| 292 | + * @return string |
|
| 293 | + * @since 9.0.0 |
|
| 294 | + */ |
|
| 295 | + public function getActorId() { |
|
| 296 | + return $this->data['actorId']; |
|
| 297 | + } |
|
| 298 | + |
|
| 299 | + /** |
|
| 300 | + * sets (overwrites) the actor type and id |
|
| 301 | + * |
|
| 302 | + * @param string $actorType e.g. 'users' |
|
| 303 | + * @param string $actorId e.g. 'zombie234' |
|
| 304 | + * @return IComment |
|
| 305 | + * @since 9.0.0 |
|
| 306 | + */ |
|
| 307 | + public function setActor($actorType, $actorId) { |
|
| 308 | + if ( |
|
| 309 | + !is_string($actorType) || !trim($actorType) |
|
| 310 | + || !is_string($actorId) || $actorId === '' |
|
| 311 | + ) { |
|
| 312 | + throw new \InvalidArgumentException('String expected.'); |
|
| 313 | + } |
|
| 314 | + $this->data['actorType'] = trim($actorType); |
|
| 315 | + $this->data['actorId'] = $actorId; |
|
| 316 | + return $this; |
|
| 317 | + } |
|
| 318 | + |
|
| 319 | + /** |
|
| 320 | + * returns the creation date of the comment. |
|
| 321 | + * |
|
| 322 | + * If not explicitly set, it shall default to the time of initialization. |
|
| 323 | + * |
|
| 324 | + * @return \DateTime |
|
| 325 | + * @since 9.0.0 |
|
| 326 | + */ |
|
| 327 | + public function getCreationDateTime() { |
|
| 328 | + return $this->data['creationDT']; |
|
| 329 | + } |
|
| 330 | + |
|
| 331 | + /** |
|
| 332 | + * sets the creation date of the comment and returns itself |
|
| 333 | + * |
|
| 334 | + * @param \DateTime $timestamp |
|
| 335 | + * @return IComment |
|
| 336 | + * @since 9.0.0 |
|
| 337 | + */ |
|
| 338 | + public function setCreationDateTime(\DateTime $timestamp) { |
|
| 339 | + $this->data['creationDT'] = $timestamp; |
|
| 340 | + return $this; |
|
| 341 | + } |
|
| 342 | + |
|
| 343 | + /** |
|
| 344 | + * returns the DateTime of the most recent child, if set, otherwise null |
|
| 345 | + * |
|
| 346 | + * @return \DateTime|null |
|
| 347 | + * @since 9.0.0 |
|
| 348 | + */ |
|
| 349 | + public function getLatestChildDateTime() { |
|
| 350 | + return $this->data['latestChildDT']; |
|
| 351 | + } |
|
| 352 | + |
|
| 353 | + /** |
|
| 354 | + * @inheritDoc |
|
| 355 | + */ |
|
| 356 | + public function setLatestChildDateTime(?\DateTime $dateTime = null) { |
|
| 357 | + $this->data['latestChildDT'] = $dateTime; |
|
| 358 | + return $this; |
|
| 359 | + } |
|
| 360 | + |
|
| 361 | + /** |
|
| 362 | + * returns the object type the comment is attached to |
|
| 363 | + * |
|
| 364 | + * @return string |
|
| 365 | + * @since 9.0.0 |
|
| 366 | + */ |
|
| 367 | + public function getObjectType() { |
|
| 368 | + return $this->data['objectType']; |
|
| 369 | + } |
|
| 370 | + |
|
| 371 | + /** |
|
| 372 | + * returns the object id the comment is attached to |
|
| 373 | + * |
|
| 374 | + * @return string |
|
| 375 | + * @since 9.0.0 |
|
| 376 | + */ |
|
| 377 | + public function getObjectId() { |
|
| 378 | + return $this->data['objectId']; |
|
| 379 | + } |
|
| 380 | + |
|
| 381 | + /** |
|
| 382 | + * sets (overwrites) the object of the comment |
|
| 383 | + * |
|
| 384 | + * @param string $objectType e.g. 'files' |
|
| 385 | + * @param string $objectId e.g. '16435' |
|
| 386 | + * @return IComment |
|
| 387 | + * @since 9.0.0 |
|
| 388 | + */ |
|
| 389 | + public function setObject($objectType, $objectId) { |
|
| 390 | + if ( |
|
| 391 | + !is_string($objectType) || !trim($objectType) |
|
| 392 | + || !is_string($objectId) || trim($objectId) === '' |
|
| 393 | + ) { |
|
| 394 | + throw new \InvalidArgumentException('String expected.'); |
|
| 395 | + } |
|
| 396 | + $this->data['objectType'] = trim($objectType); |
|
| 397 | + $this->data['objectId'] = trim($objectId); |
|
| 398 | + return $this; |
|
| 399 | + } |
|
| 400 | + |
|
| 401 | + /** |
|
| 402 | + * returns the reference id of the comment |
|
| 403 | + * |
|
| 404 | + * @return string|null |
|
| 405 | + * @since 19.0.0 |
|
| 406 | + */ |
|
| 407 | + public function getReferenceId(): ?string { |
|
| 408 | + return $this->data['referenceId']; |
|
| 409 | + } |
|
| 410 | + |
|
| 411 | + /** |
|
| 412 | + * sets (overwrites) the reference id of the comment |
|
| 413 | + * |
|
| 414 | + * @param string $referenceId e.g. sha256 hash sum |
|
| 415 | + * @return IComment |
|
| 416 | + * @since 19.0.0 |
|
| 417 | + */ |
|
| 418 | + public function setReferenceId(?string $referenceId): IComment { |
|
| 419 | + if ($referenceId === null) { |
|
| 420 | + $this->data['referenceId'] = $referenceId; |
|
| 421 | + } else { |
|
| 422 | + $referenceId = trim($referenceId); |
|
| 423 | + if ($referenceId === '') { |
|
| 424 | + throw new \InvalidArgumentException('Non empty string expected.'); |
|
| 425 | + } |
|
| 426 | + $this->data['referenceId'] = $referenceId; |
|
| 427 | + } |
|
| 428 | + return $this; |
|
| 429 | + } |
|
| 430 | + |
|
| 431 | + /** |
|
| 432 | + * @inheritDoc |
|
| 433 | + */ |
|
| 434 | + public function getReactions(): array { |
|
| 435 | + return $this->data['reactions'] ?? []; |
|
| 436 | + } |
|
| 437 | + |
|
| 438 | + /** |
|
| 439 | + * @inheritDoc |
|
| 440 | + */ |
|
| 441 | + public function setReactions(?array $reactions): IComment { |
|
| 442 | + $this->data['reactions'] = $reactions; |
|
| 443 | + return $this; |
|
| 444 | + } |
|
| 445 | + |
|
| 446 | + /** |
|
| 447 | + * @inheritDoc |
|
| 448 | + */ |
|
| 449 | + public function setExpireDate(?\DateTime $dateTime): IComment { |
|
| 450 | + $this->data['expire_date'] = $dateTime; |
|
| 451 | + return $this; |
|
| 452 | + } |
|
| 453 | + |
|
| 454 | + /** |
|
| 455 | + * @inheritDoc |
|
| 456 | + */ |
|
| 457 | + public function getExpireDate(): ?\DateTime { |
|
| 458 | + return $this->data['expire_date']; |
|
| 459 | + } |
|
| 460 | + |
|
| 461 | + /** |
|
| 462 | + * sets the comment data based on an array with keys as taken from the |
|
| 463 | + * database. |
|
| 464 | + * |
|
| 465 | + * @param array $data |
|
| 466 | + * @return IComment |
|
| 467 | + */ |
|
| 468 | + protected function fromArray($data) { |
|
| 469 | + foreach (array_keys($data) as $key) { |
|
| 470 | + // translate DB keys to internal setter names |
|
| 471 | + $setter = 'set' . implode('', array_map('ucfirst', explode('_', $key))); |
|
| 472 | + $setter = str_replace('Timestamp', 'DateTime', $setter); |
|
| 473 | + |
|
| 474 | + if (method_exists($this, $setter)) { |
|
| 475 | + $this->$setter($data[$key]); |
|
| 476 | + } |
|
| 477 | + } |
|
| 478 | + |
|
| 479 | + foreach (['actor', 'object'] as $role) { |
|
| 480 | + if (isset($data[$role . '_type']) && isset($data[$role . '_id'])) { |
|
| 481 | + $setter = 'set' . ucfirst($role); |
|
| 482 | + $this->$setter($data[$role . '_type'], $data[$role . '_id']); |
|
| 483 | + } |
|
| 484 | + } |
|
| 485 | + |
|
| 486 | + return $this; |
|
| 487 | + } |
|
| 488 | 488 | } |
@@ -57,339 +57,339 @@ |
||
| 57 | 57 | use OCP\Util; |
| 58 | 58 | |
| 59 | 59 | class TemplateLayout extends \OC_Template { |
| 60 | - private static $versionHash = ''; |
|
| 61 | - |
|
| 62 | - /** @var CSSResourceLocator|null */ |
|
| 63 | - public static $cssLocator = null; |
|
| 64 | - |
|
| 65 | - /** @var JSResourceLocator|null */ |
|
| 66 | - public static $jsLocator = null; |
|
| 67 | - |
|
| 68 | - /** @var IConfig */ |
|
| 69 | - private $config; |
|
| 70 | - |
|
| 71 | - /** @var IInitialStateService */ |
|
| 72 | - private $initialState; |
|
| 73 | - |
|
| 74 | - /** @var INavigationManager */ |
|
| 75 | - private $navigationManager; |
|
| 76 | - |
|
| 77 | - /** |
|
| 78 | - * @param string $renderAs |
|
| 79 | - * @param string $appId application id |
|
| 80 | - */ |
|
| 81 | - public function __construct($renderAs, $appId = '') { |
|
| 82 | - /** @var IConfig */ |
|
| 83 | - $this->config = \OC::$server->get(IConfig::class); |
|
| 84 | - |
|
| 85 | - /** @var IInitialStateService */ |
|
| 86 | - $this->initialState = \OC::$server->get(IInitialStateService::class); |
|
| 87 | - |
|
| 88 | - // Add fallback theming variables if theming is disabled |
|
| 89 | - if ($renderAs !== TemplateResponse::RENDER_AS_USER |
|
| 90 | - || !\OC::$server->getAppManager()->isEnabledForUser('theming')) { |
|
| 91 | - // TODO cache generated default theme if enabled for fallback if server is erroring ? |
|
| 92 | - Util::addStyle('theming', 'default'); |
|
| 93 | - } |
|
| 94 | - |
|
| 95 | - // Decide which page we show |
|
| 96 | - if ($renderAs === TemplateResponse::RENDER_AS_USER) { |
|
| 97 | - /** @var INavigationManager */ |
|
| 98 | - $this->navigationManager = \OC::$server->get(INavigationManager::class); |
|
| 99 | - |
|
| 100 | - parent::__construct('core', 'layout.user'); |
|
| 101 | - if (in_array(\OC_App::getCurrentApp(), ['settings','admin', 'help']) !== false) { |
|
| 102 | - $this->assign('bodyid', 'body-settings'); |
|
| 103 | - } else { |
|
| 104 | - $this->assign('bodyid', 'body-user'); |
|
| 105 | - } |
|
| 106 | - |
|
| 107 | - $this->initialState->provideInitialState('core', 'active-app', $this->navigationManager->getActiveEntry()); |
|
| 108 | - $this->initialState->provideInitialState('core', 'apps', $this->navigationManager->getAll()); |
|
| 109 | - $this->initialState->provideInitialState('unified-search', 'limit-default', (int)$this->config->getAppValue('core', 'unified-search.limit-default', (string)SearchQuery::LIMIT_DEFAULT)); |
|
| 110 | - $this->initialState->provideInitialState('unified-search', 'min-search-length', (int)$this->config->getAppValue('core', 'unified-search.min-search-length', (string)1)); |
|
| 111 | - $this->initialState->provideInitialState('unified-search', 'live-search', $this->config->getAppValue('core', 'unified-search.live-search', 'yes') === 'yes'); |
|
| 112 | - Util::addScript('core', 'unified-search', 'core'); |
|
| 113 | - |
|
| 114 | - // Set body data-theme |
|
| 115 | - $this->assign('enabledThemes', []); |
|
| 116 | - if (\OC::$server->getAppManager()->isEnabledForUser('theming') && class_exists('\OCA\Theming\Service\ThemesService')) { |
|
| 117 | - /** @var \OCA\Theming\Service\ThemesService */ |
|
| 118 | - $themesService = \OC::$server->get(\OCA\Theming\Service\ThemesService::class); |
|
| 119 | - $this->assign('enabledThemes', $themesService->getEnabledThemes()); |
|
| 120 | - } |
|
| 121 | - |
|
| 122 | - // Set logo link target |
|
| 123 | - $logoUrl = $this->config->getSystemValueString('logo_url', ''); |
|
| 124 | - $this->assign('logoUrl', $logoUrl); |
|
| 125 | - |
|
| 126 | - // Set default app name |
|
| 127 | - $defaultApp = \OC::$server->getAppManager()->getDefaultAppForUser(); |
|
| 128 | - $defaultAppInfo = \OC::$server->getAppManager()->getAppInfo($defaultApp); |
|
| 129 | - $l10n = \OC::$server->getL10NFactory()->get($defaultApp); |
|
| 130 | - $this->assign('defaultAppName', $l10n->t($defaultAppInfo['name'])); |
|
| 131 | - |
|
| 132 | - // Add navigation entry |
|
| 133 | - $this->assign('application', ''); |
|
| 134 | - $this->assign('appid', $appId); |
|
| 135 | - |
|
| 136 | - $navigation = $this->navigationManager->getAll(); |
|
| 137 | - $this->assign('navigation', $navigation); |
|
| 138 | - $settingsNavigation = $this->navigationManager->getAll('settings'); |
|
| 139 | - $this->initialState->provideInitialState('core', 'settingsNavEntries', $settingsNavigation); |
|
| 140 | - |
|
| 141 | - foreach ($navigation as $entry) { |
|
| 142 | - if ($entry['active']) { |
|
| 143 | - $this->assign('application', $entry['name']); |
|
| 144 | - break; |
|
| 145 | - } |
|
| 146 | - } |
|
| 147 | - |
|
| 148 | - foreach ($settingsNavigation as $entry) { |
|
| 149 | - if ($entry['active']) { |
|
| 150 | - $this->assign('application', $entry['name']); |
|
| 151 | - break; |
|
| 152 | - } |
|
| 153 | - } |
|
| 154 | - |
|
| 155 | - $userDisplayName = false; |
|
| 156 | - $user = \OC::$server->get(IUserSession::class)->getUser(); |
|
| 157 | - if ($user) { |
|
| 158 | - $userDisplayName = $user->getDisplayName(); |
|
| 159 | - } |
|
| 160 | - $this->assign('user_displayname', $userDisplayName); |
|
| 161 | - $this->assign('user_uid', \OC_User::getUser()); |
|
| 162 | - |
|
| 163 | - if ($user === null) { |
|
| 164 | - $this->assign('userAvatarSet', false); |
|
| 165 | - $this->assign('userStatus', false); |
|
| 166 | - } else { |
|
| 167 | - $this->assign('userAvatarSet', true); |
|
| 168 | - $this->assign('userAvatarVersion', $this->config->getUserValue(\OC_User::getUser(), 'avatar', 'version', 0)); |
|
| 169 | - } |
|
| 170 | - } elseif ($renderAs === TemplateResponse::RENDER_AS_ERROR) { |
|
| 171 | - parent::__construct('core', 'layout.guest', '', false); |
|
| 172 | - $this->assign('bodyid', 'body-login'); |
|
| 173 | - $this->assign('user_displayname', ''); |
|
| 174 | - $this->assign('user_uid', ''); |
|
| 175 | - } elseif ($renderAs === TemplateResponse::RENDER_AS_GUEST) { |
|
| 176 | - parent::__construct('core', 'layout.guest'); |
|
| 177 | - \OC_Util::addStyle('guest'); |
|
| 178 | - $this->assign('bodyid', 'body-login'); |
|
| 179 | - |
|
| 180 | - $userDisplayName = false; |
|
| 181 | - $user = \OC::$server->get(IUserSession::class)->getUser(); |
|
| 182 | - if ($user) { |
|
| 183 | - $userDisplayName = $user->getDisplayName(); |
|
| 184 | - } |
|
| 185 | - $this->assign('user_displayname', $userDisplayName); |
|
| 186 | - $this->assign('user_uid', \OC_User::getUser()); |
|
| 187 | - } elseif ($renderAs === TemplateResponse::RENDER_AS_PUBLIC) { |
|
| 188 | - parent::__construct('core', 'layout.public'); |
|
| 189 | - $this->assign('appid', $appId); |
|
| 190 | - $this->assign('bodyid', 'body-public'); |
|
| 191 | - |
|
| 192 | - /** @var IRegistry $subscription */ |
|
| 193 | - $subscription = \OC::$server->query(IRegistry::class); |
|
| 194 | - $showSimpleSignup = $this->config->getSystemValueBool('simpleSignUpLink.shown', true); |
|
| 195 | - if ($showSimpleSignup && $subscription->delegateHasValidSubscription()) { |
|
| 196 | - $showSimpleSignup = false; |
|
| 197 | - } |
|
| 198 | - $this->assign('showSimpleSignUpLink', $showSimpleSignup); |
|
| 199 | - } else { |
|
| 200 | - parent::__construct('core', 'layout.base'); |
|
| 201 | - } |
|
| 202 | - // Send the language and the locale to our layouts |
|
| 203 | - $lang = \OC::$server->getL10NFactory()->findLanguage(); |
|
| 204 | - $locale = \OC::$server->getL10NFactory()->findLocale($lang); |
|
| 205 | - |
|
| 206 | - $lang = str_replace('_', '-', $lang); |
|
| 207 | - $this->assign('language', $lang); |
|
| 208 | - $this->assign('locale', $locale); |
|
| 209 | - |
|
| 210 | - if (\OC::$server->getSystemConfig()->getValue('installed', false)) { |
|
| 211 | - if (empty(self::$versionHash)) { |
|
| 212 | - $v = \OC_App::getAppVersions(); |
|
| 213 | - $v['core'] = implode('.', \OCP\Util::getVersion()); |
|
| 214 | - self::$versionHash = substr(md5(implode(',', $v)), 0, 8); |
|
| 215 | - } |
|
| 216 | - } else { |
|
| 217 | - self::$versionHash = md5('not installed'); |
|
| 218 | - } |
|
| 219 | - |
|
| 220 | - // Add the js files |
|
| 221 | - // TODO: remove deprecated OC_Util injection |
|
| 222 | - $jsFiles = self::findJavascriptFiles(array_merge(\OC_Util::$scripts, Util::getScripts())); |
|
| 223 | - $this->assign('jsfiles', []); |
|
| 224 | - if ($this->config->getSystemValueBool('installed', false) && $renderAs != TemplateResponse::RENDER_AS_ERROR) { |
|
| 225 | - // this is on purpose outside of the if statement below so that the initial state is prefilled (done in the getConfig() call) |
|
| 226 | - // see https://github.com/nextcloud/server/pull/22636 for details |
|
| 227 | - $jsConfigHelper = new JSConfigHelper( |
|
| 228 | - \OC::$server->getL10N('lib'), |
|
| 229 | - \OC::$server->query(Defaults::class), |
|
| 230 | - \OC::$server->getAppManager(), |
|
| 231 | - \OC::$server->getSession(), |
|
| 232 | - \OC::$server->getUserSession()->getUser(), |
|
| 233 | - $this->config, |
|
| 234 | - \OC::$server->getGroupManager(), |
|
| 235 | - \OC::$server->get(IniGetWrapper::class), |
|
| 236 | - \OC::$server->getURLGenerator(), |
|
| 237 | - \OC::$server->getCapabilitiesManager(), |
|
| 238 | - \OC::$server->query(IInitialStateService::class) |
|
| 239 | - ); |
|
| 240 | - $config = $jsConfigHelper->getConfig(); |
|
| 241 | - if (\OC::$server->getContentSecurityPolicyNonceManager()->browserSupportsCspV3()) { |
|
| 242 | - $this->assign('inline_ocjs', $config); |
|
| 243 | - } else { |
|
| 244 | - $this->append('jsfiles', \OC::$server->getURLGenerator()->linkToRoute('core.OCJS.getConfig', ['v' => self::$versionHash])); |
|
| 245 | - } |
|
| 246 | - } |
|
| 247 | - foreach ($jsFiles as $info) { |
|
| 248 | - $web = $info[1]; |
|
| 249 | - $file = $info[2]; |
|
| 250 | - $this->append('jsfiles', $web.'/'.$file . $this->getVersionHashSuffix()); |
|
| 251 | - } |
|
| 252 | - |
|
| 253 | - try { |
|
| 254 | - $pathInfo = \OC::$server->getRequest()->getPathInfo(); |
|
| 255 | - } catch (\Exception $e) { |
|
| 256 | - $pathInfo = ''; |
|
| 257 | - } |
|
| 258 | - |
|
| 259 | - // Do not initialise scss appdata until we have a fully installed instance |
|
| 260 | - // Do not load scss for update, errors, installation or login page |
|
| 261 | - if (\OC::$server->getSystemConfig()->getValue('installed', false) |
|
| 262 | - && !\OCP\Util::needUpgrade() |
|
| 263 | - && $pathInfo !== '' |
|
| 264 | - && !preg_match('/^\/login/', $pathInfo) |
|
| 265 | - && $renderAs !== TemplateResponse::RENDER_AS_ERROR |
|
| 266 | - ) { |
|
| 267 | - $cssFiles = self::findStylesheetFiles(\OC_Util::$styles); |
|
| 268 | - } else { |
|
| 269 | - // If we ignore the scss compiler, |
|
| 270 | - // we need to load the guest css fallback |
|
| 271 | - \OC_Util::addStyle('guest'); |
|
| 272 | - $cssFiles = self::findStylesheetFiles(\OC_Util::$styles, false); |
|
| 273 | - } |
|
| 274 | - |
|
| 275 | - $this->assign('cssfiles', []); |
|
| 276 | - $this->assign('printcssfiles', []); |
|
| 277 | - $this->initialState->provideInitialState('core', 'versionHash', self::$versionHash); |
|
| 278 | - foreach ($cssFiles as $info) { |
|
| 279 | - $web = $info[1]; |
|
| 280 | - $file = $info[2]; |
|
| 281 | - |
|
| 282 | - if (substr($file, -strlen('print.css')) === 'print.css') { |
|
| 283 | - $this->append('printcssfiles', $web.'/'.$file . $this->getVersionHashSuffix()); |
|
| 284 | - } else { |
|
| 285 | - $suffix = $this->getVersionHashSuffix($web, $file); |
|
| 286 | - |
|
| 287 | - if (!str_contains($file, '?v=')) { |
|
| 288 | - $this->append('cssfiles', $web.'/'.$file . $suffix); |
|
| 289 | - } else { |
|
| 290 | - $this->append('cssfiles', $web.'/'.$file . '-' . substr($suffix, 3)); |
|
| 291 | - } |
|
| 292 | - } |
|
| 293 | - } |
|
| 294 | - |
|
| 295 | - $this->assign('initialStates', $this->initialState->getInitialStates()); |
|
| 296 | - |
|
| 297 | - $this->assign('id-app-content', $renderAs === TemplateResponse::RENDER_AS_USER ? '#app-content' : '#content'); |
|
| 298 | - $this->assign('id-app-navigation', $renderAs === TemplateResponse::RENDER_AS_USER ? '#app-navigation' : null); |
|
| 299 | - } |
|
| 300 | - |
|
| 301 | - /** |
|
| 302 | - * @param string $path |
|
| 303 | - * @param string $file |
|
| 304 | - * @return string |
|
| 305 | - */ |
|
| 306 | - protected function getVersionHashSuffix($path = false, $file = false) { |
|
| 307 | - if ($this->config->getSystemValueBool('debug', false)) { |
|
| 308 | - // allows chrome workspace mapping in debug mode |
|
| 309 | - return ""; |
|
| 310 | - } |
|
| 311 | - $themingSuffix = ''; |
|
| 312 | - $v = []; |
|
| 313 | - |
|
| 314 | - if ($this->config->getSystemValueBool('installed', false)) { |
|
| 315 | - if (\OC::$server->getAppManager()->isInstalled('theming')) { |
|
| 316 | - $themingSuffix = '-' . $this->config->getAppValue('theming', 'cachebuster', '0'); |
|
| 317 | - } |
|
| 318 | - $v = \OC_App::getAppVersions(); |
|
| 319 | - } |
|
| 320 | - |
|
| 321 | - // Try the webroot path for a match |
|
| 322 | - if ($path !== false && $path !== '') { |
|
| 323 | - $appName = $this->getAppNamefromPath($path); |
|
| 324 | - if (array_key_exists($appName, $v)) { |
|
| 325 | - $appVersion = $v[$appName]; |
|
| 326 | - return '?v=' . substr(md5($appVersion), 0, 8) . $themingSuffix; |
|
| 327 | - } |
|
| 328 | - } |
|
| 329 | - // fallback to the file path instead |
|
| 330 | - if ($file !== false && $file !== '') { |
|
| 331 | - $appName = $this->getAppNamefromPath($file); |
|
| 332 | - if (array_key_exists($appName, $v)) { |
|
| 333 | - $appVersion = $v[$appName]; |
|
| 334 | - return '?v=' . substr(md5($appVersion), 0, 8) . $themingSuffix; |
|
| 335 | - } |
|
| 336 | - } |
|
| 337 | - |
|
| 338 | - return '?v=' . self::$versionHash . $themingSuffix; |
|
| 339 | - } |
|
| 340 | - |
|
| 341 | - /** |
|
| 342 | - * @param array $styles |
|
| 343 | - * @return array |
|
| 344 | - */ |
|
| 345 | - public static function findStylesheetFiles($styles, $compileScss = true) { |
|
| 346 | - if (!self::$cssLocator) { |
|
| 347 | - self::$cssLocator = \OCP\Server::get(CSSResourceLocator::class); |
|
| 348 | - } |
|
| 349 | - self::$cssLocator->find($styles); |
|
| 350 | - return self::$cssLocator->getResources(); |
|
| 351 | - } |
|
| 352 | - |
|
| 353 | - /** |
|
| 354 | - * @param string $path |
|
| 355 | - * @return string|boolean |
|
| 356 | - */ |
|
| 357 | - public function getAppNamefromPath($path) { |
|
| 358 | - if ($path !== '' && is_string($path)) { |
|
| 359 | - $pathParts = explode('/', $path); |
|
| 360 | - if ($pathParts[0] === 'css') { |
|
| 361 | - // This is a scss request |
|
| 362 | - return $pathParts[1]; |
|
| 363 | - } |
|
| 364 | - return end($pathParts); |
|
| 365 | - } |
|
| 366 | - return false; |
|
| 367 | - } |
|
| 368 | - |
|
| 369 | - /** |
|
| 370 | - * @param array $scripts |
|
| 371 | - * @return array |
|
| 372 | - */ |
|
| 373 | - public static function findJavascriptFiles($scripts) { |
|
| 374 | - if (!self::$jsLocator) { |
|
| 375 | - self::$jsLocator = \OCP\Server::get(JSResourceLocator::class); |
|
| 376 | - } |
|
| 377 | - self::$jsLocator->find($scripts); |
|
| 378 | - return self::$jsLocator->getResources(); |
|
| 379 | - } |
|
| 380 | - |
|
| 381 | - /** |
|
| 382 | - * Converts the absolute file path to a relative path from \OC::$SERVERROOT |
|
| 383 | - * @param string $filePath Absolute path |
|
| 384 | - * @return string Relative path |
|
| 385 | - * @throws \Exception If $filePath is not under \OC::$SERVERROOT |
|
| 386 | - */ |
|
| 387 | - public static function convertToRelativePath($filePath) { |
|
| 388 | - $relativePath = explode(\OC::$SERVERROOT, $filePath); |
|
| 389 | - if (count($relativePath) !== 2) { |
|
| 390 | - throw new \Exception('$filePath is not under the \OC::$SERVERROOT'); |
|
| 391 | - } |
|
| 392 | - |
|
| 393 | - return $relativePath[1]; |
|
| 394 | - } |
|
| 60 | + private static $versionHash = ''; |
|
| 61 | + |
|
| 62 | + /** @var CSSResourceLocator|null */ |
|
| 63 | + public static $cssLocator = null; |
|
| 64 | + |
|
| 65 | + /** @var JSResourceLocator|null */ |
|
| 66 | + public static $jsLocator = null; |
|
| 67 | + |
|
| 68 | + /** @var IConfig */ |
|
| 69 | + private $config; |
|
| 70 | + |
|
| 71 | + /** @var IInitialStateService */ |
|
| 72 | + private $initialState; |
|
| 73 | + |
|
| 74 | + /** @var INavigationManager */ |
|
| 75 | + private $navigationManager; |
|
| 76 | + |
|
| 77 | + /** |
|
| 78 | + * @param string $renderAs |
|
| 79 | + * @param string $appId application id |
|
| 80 | + */ |
|
| 81 | + public function __construct($renderAs, $appId = '') { |
|
| 82 | + /** @var IConfig */ |
|
| 83 | + $this->config = \OC::$server->get(IConfig::class); |
|
| 84 | + |
|
| 85 | + /** @var IInitialStateService */ |
|
| 86 | + $this->initialState = \OC::$server->get(IInitialStateService::class); |
|
| 87 | + |
|
| 88 | + // Add fallback theming variables if theming is disabled |
|
| 89 | + if ($renderAs !== TemplateResponse::RENDER_AS_USER |
|
| 90 | + || !\OC::$server->getAppManager()->isEnabledForUser('theming')) { |
|
| 91 | + // TODO cache generated default theme if enabled for fallback if server is erroring ? |
|
| 92 | + Util::addStyle('theming', 'default'); |
|
| 93 | + } |
|
| 94 | + |
|
| 95 | + // Decide which page we show |
|
| 96 | + if ($renderAs === TemplateResponse::RENDER_AS_USER) { |
|
| 97 | + /** @var INavigationManager */ |
|
| 98 | + $this->navigationManager = \OC::$server->get(INavigationManager::class); |
|
| 99 | + |
|
| 100 | + parent::__construct('core', 'layout.user'); |
|
| 101 | + if (in_array(\OC_App::getCurrentApp(), ['settings','admin', 'help']) !== false) { |
|
| 102 | + $this->assign('bodyid', 'body-settings'); |
|
| 103 | + } else { |
|
| 104 | + $this->assign('bodyid', 'body-user'); |
|
| 105 | + } |
|
| 106 | + |
|
| 107 | + $this->initialState->provideInitialState('core', 'active-app', $this->navigationManager->getActiveEntry()); |
|
| 108 | + $this->initialState->provideInitialState('core', 'apps', $this->navigationManager->getAll()); |
|
| 109 | + $this->initialState->provideInitialState('unified-search', 'limit-default', (int)$this->config->getAppValue('core', 'unified-search.limit-default', (string)SearchQuery::LIMIT_DEFAULT)); |
|
| 110 | + $this->initialState->provideInitialState('unified-search', 'min-search-length', (int)$this->config->getAppValue('core', 'unified-search.min-search-length', (string)1)); |
|
| 111 | + $this->initialState->provideInitialState('unified-search', 'live-search', $this->config->getAppValue('core', 'unified-search.live-search', 'yes') === 'yes'); |
|
| 112 | + Util::addScript('core', 'unified-search', 'core'); |
|
| 113 | + |
|
| 114 | + // Set body data-theme |
|
| 115 | + $this->assign('enabledThemes', []); |
|
| 116 | + if (\OC::$server->getAppManager()->isEnabledForUser('theming') && class_exists('\OCA\Theming\Service\ThemesService')) { |
|
| 117 | + /** @var \OCA\Theming\Service\ThemesService */ |
|
| 118 | + $themesService = \OC::$server->get(\OCA\Theming\Service\ThemesService::class); |
|
| 119 | + $this->assign('enabledThemes', $themesService->getEnabledThemes()); |
|
| 120 | + } |
|
| 121 | + |
|
| 122 | + // Set logo link target |
|
| 123 | + $logoUrl = $this->config->getSystemValueString('logo_url', ''); |
|
| 124 | + $this->assign('logoUrl', $logoUrl); |
|
| 125 | + |
|
| 126 | + // Set default app name |
|
| 127 | + $defaultApp = \OC::$server->getAppManager()->getDefaultAppForUser(); |
|
| 128 | + $defaultAppInfo = \OC::$server->getAppManager()->getAppInfo($defaultApp); |
|
| 129 | + $l10n = \OC::$server->getL10NFactory()->get($defaultApp); |
|
| 130 | + $this->assign('defaultAppName', $l10n->t($defaultAppInfo['name'])); |
|
| 131 | + |
|
| 132 | + // Add navigation entry |
|
| 133 | + $this->assign('application', ''); |
|
| 134 | + $this->assign('appid', $appId); |
|
| 135 | + |
|
| 136 | + $navigation = $this->navigationManager->getAll(); |
|
| 137 | + $this->assign('navigation', $navigation); |
|
| 138 | + $settingsNavigation = $this->navigationManager->getAll('settings'); |
|
| 139 | + $this->initialState->provideInitialState('core', 'settingsNavEntries', $settingsNavigation); |
|
| 140 | + |
|
| 141 | + foreach ($navigation as $entry) { |
|
| 142 | + if ($entry['active']) { |
|
| 143 | + $this->assign('application', $entry['name']); |
|
| 144 | + break; |
|
| 145 | + } |
|
| 146 | + } |
|
| 147 | + |
|
| 148 | + foreach ($settingsNavigation as $entry) { |
|
| 149 | + if ($entry['active']) { |
|
| 150 | + $this->assign('application', $entry['name']); |
|
| 151 | + break; |
|
| 152 | + } |
|
| 153 | + } |
|
| 154 | + |
|
| 155 | + $userDisplayName = false; |
|
| 156 | + $user = \OC::$server->get(IUserSession::class)->getUser(); |
|
| 157 | + if ($user) { |
|
| 158 | + $userDisplayName = $user->getDisplayName(); |
|
| 159 | + } |
|
| 160 | + $this->assign('user_displayname', $userDisplayName); |
|
| 161 | + $this->assign('user_uid', \OC_User::getUser()); |
|
| 162 | + |
|
| 163 | + if ($user === null) { |
|
| 164 | + $this->assign('userAvatarSet', false); |
|
| 165 | + $this->assign('userStatus', false); |
|
| 166 | + } else { |
|
| 167 | + $this->assign('userAvatarSet', true); |
|
| 168 | + $this->assign('userAvatarVersion', $this->config->getUserValue(\OC_User::getUser(), 'avatar', 'version', 0)); |
|
| 169 | + } |
|
| 170 | + } elseif ($renderAs === TemplateResponse::RENDER_AS_ERROR) { |
|
| 171 | + parent::__construct('core', 'layout.guest', '', false); |
|
| 172 | + $this->assign('bodyid', 'body-login'); |
|
| 173 | + $this->assign('user_displayname', ''); |
|
| 174 | + $this->assign('user_uid', ''); |
|
| 175 | + } elseif ($renderAs === TemplateResponse::RENDER_AS_GUEST) { |
|
| 176 | + parent::__construct('core', 'layout.guest'); |
|
| 177 | + \OC_Util::addStyle('guest'); |
|
| 178 | + $this->assign('bodyid', 'body-login'); |
|
| 179 | + |
|
| 180 | + $userDisplayName = false; |
|
| 181 | + $user = \OC::$server->get(IUserSession::class)->getUser(); |
|
| 182 | + if ($user) { |
|
| 183 | + $userDisplayName = $user->getDisplayName(); |
|
| 184 | + } |
|
| 185 | + $this->assign('user_displayname', $userDisplayName); |
|
| 186 | + $this->assign('user_uid', \OC_User::getUser()); |
|
| 187 | + } elseif ($renderAs === TemplateResponse::RENDER_AS_PUBLIC) { |
|
| 188 | + parent::__construct('core', 'layout.public'); |
|
| 189 | + $this->assign('appid', $appId); |
|
| 190 | + $this->assign('bodyid', 'body-public'); |
|
| 191 | + |
|
| 192 | + /** @var IRegistry $subscription */ |
|
| 193 | + $subscription = \OC::$server->query(IRegistry::class); |
|
| 194 | + $showSimpleSignup = $this->config->getSystemValueBool('simpleSignUpLink.shown', true); |
|
| 195 | + if ($showSimpleSignup && $subscription->delegateHasValidSubscription()) { |
|
| 196 | + $showSimpleSignup = false; |
|
| 197 | + } |
|
| 198 | + $this->assign('showSimpleSignUpLink', $showSimpleSignup); |
|
| 199 | + } else { |
|
| 200 | + parent::__construct('core', 'layout.base'); |
|
| 201 | + } |
|
| 202 | + // Send the language and the locale to our layouts |
|
| 203 | + $lang = \OC::$server->getL10NFactory()->findLanguage(); |
|
| 204 | + $locale = \OC::$server->getL10NFactory()->findLocale($lang); |
|
| 205 | + |
|
| 206 | + $lang = str_replace('_', '-', $lang); |
|
| 207 | + $this->assign('language', $lang); |
|
| 208 | + $this->assign('locale', $locale); |
|
| 209 | + |
|
| 210 | + if (\OC::$server->getSystemConfig()->getValue('installed', false)) { |
|
| 211 | + if (empty(self::$versionHash)) { |
|
| 212 | + $v = \OC_App::getAppVersions(); |
|
| 213 | + $v['core'] = implode('.', \OCP\Util::getVersion()); |
|
| 214 | + self::$versionHash = substr(md5(implode(',', $v)), 0, 8); |
|
| 215 | + } |
|
| 216 | + } else { |
|
| 217 | + self::$versionHash = md5('not installed'); |
|
| 218 | + } |
|
| 219 | + |
|
| 220 | + // Add the js files |
|
| 221 | + // TODO: remove deprecated OC_Util injection |
|
| 222 | + $jsFiles = self::findJavascriptFiles(array_merge(\OC_Util::$scripts, Util::getScripts())); |
|
| 223 | + $this->assign('jsfiles', []); |
|
| 224 | + if ($this->config->getSystemValueBool('installed', false) && $renderAs != TemplateResponse::RENDER_AS_ERROR) { |
|
| 225 | + // this is on purpose outside of the if statement below so that the initial state is prefilled (done in the getConfig() call) |
|
| 226 | + // see https://github.com/nextcloud/server/pull/22636 for details |
|
| 227 | + $jsConfigHelper = new JSConfigHelper( |
|
| 228 | + \OC::$server->getL10N('lib'), |
|
| 229 | + \OC::$server->query(Defaults::class), |
|
| 230 | + \OC::$server->getAppManager(), |
|
| 231 | + \OC::$server->getSession(), |
|
| 232 | + \OC::$server->getUserSession()->getUser(), |
|
| 233 | + $this->config, |
|
| 234 | + \OC::$server->getGroupManager(), |
|
| 235 | + \OC::$server->get(IniGetWrapper::class), |
|
| 236 | + \OC::$server->getURLGenerator(), |
|
| 237 | + \OC::$server->getCapabilitiesManager(), |
|
| 238 | + \OC::$server->query(IInitialStateService::class) |
|
| 239 | + ); |
|
| 240 | + $config = $jsConfigHelper->getConfig(); |
|
| 241 | + if (\OC::$server->getContentSecurityPolicyNonceManager()->browserSupportsCspV3()) { |
|
| 242 | + $this->assign('inline_ocjs', $config); |
|
| 243 | + } else { |
|
| 244 | + $this->append('jsfiles', \OC::$server->getURLGenerator()->linkToRoute('core.OCJS.getConfig', ['v' => self::$versionHash])); |
|
| 245 | + } |
|
| 246 | + } |
|
| 247 | + foreach ($jsFiles as $info) { |
|
| 248 | + $web = $info[1]; |
|
| 249 | + $file = $info[2]; |
|
| 250 | + $this->append('jsfiles', $web.'/'.$file . $this->getVersionHashSuffix()); |
|
| 251 | + } |
|
| 252 | + |
|
| 253 | + try { |
|
| 254 | + $pathInfo = \OC::$server->getRequest()->getPathInfo(); |
|
| 255 | + } catch (\Exception $e) { |
|
| 256 | + $pathInfo = ''; |
|
| 257 | + } |
|
| 258 | + |
|
| 259 | + // Do not initialise scss appdata until we have a fully installed instance |
|
| 260 | + // Do not load scss for update, errors, installation or login page |
|
| 261 | + if (\OC::$server->getSystemConfig()->getValue('installed', false) |
|
| 262 | + && !\OCP\Util::needUpgrade() |
|
| 263 | + && $pathInfo !== '' |
|
| 264 | + && !preg_match('/^\/login/', $pathInfo) |
|
| 265 | + && $renderAs !== TemplateResponse::RENDER_AS_ERROR |
|
| 266 | + ) { |
|
| 267 | + $cssFiles = self::findStylesheetFiles(\OC_Util::$styles); |
|
| 268 | + } else { |
|
| 269 | + // If we ignore the scss compiler, |
|
| 270 | + // we need to load the guest css fallback |
|
| 271 | + \OC_Util::addStyle('guest'); |
|
| 272 | + $cssFiles = self::findStylesheetFiles(\OC_Util::$styles, false); |
|
| 273 | + } |
|
| 274 | + |
|
| 275 | + $this->assign('cssfiles', []); |
|
| 276 | + $this->assign('printcssfiles', []); |
|
| 277 | + $this->initialState->provideInitialState('core', 'versionHash', self::$versionHash); |
|
| 278 | + foreach ($cssFiles as $info) { |
|
| 279 | + $web = $info[1]; |
|
| 280 | + $file = $info[2]; |
|
| 281 | + |
|
| 282 | + if (substr($file, -strlen('print.css')) === 'print.css') { |
|
| 283 | + $this->append('printcssfiles', $web.'/'.$file . $this->getVersionHashSuffix()); |
|
| 284 | + } else { |
|
| 285 | + $suffix = $this->getVersionHashSuffix($web, $file); |
|
| 286 | + |
|
| 287 | + if (!str_contains($file, '?v=')) { |
|
| 288 | + $this->append('cssfiles', $web.'/'.$file . $suffix); |
|
| 289 | + } else { |
|
| 290 | + $this->append('cssfiles', $web.'/'.$file . '-' . substr($suffix, 3)); |
|
| 291 | + } |
|
| 292 | + } |
|
| 293 | + } |
|
| 294 | + |
|
| 295 | + $this->assign('initialStates', $this->initialState->getInitialStates()); |
|
| 296 | + |
|
| 297 | + $this->assign('id-app-content', $renderAs === TemplateResponse::RENDER_AS_USER ? '#app-content' : '#content'); |
|
| 298 | + $this->assign('id-app-navigation', $renderAs === TemplateResponse::RENDER_AS_USER ? '#app-navigation' : null); |
|
| 299 | + } |
|
| 300 | + |
|
| 301 | + /** |
|
| 302 | + * @param string $path |
|
| 303 | + * @param string $file |
|
| 304 | + * @return string |
|
| 305 | + */ |
|
| 306 | + protected function getVersionHashSuffix($path = false, $file = false) { |
|
| 307 | + if ($this->config->getSystemValueBool('debug', false)) { |
|
| 308 | + // allows chrome workspace mapping in debug mode |
|
| 309 | + return ""; |
|
| 310 | + } |
|
| 311 | + $themingSuffix = ''; |
|
| 312 | + $v = []; |
|
| 313 | + |
|
| 314 | + if ($this->config->getSystemValueBool('installed', false)) { |
|
| 315 | + if (\OC::$server->getAppManager()->isInstalled('theming')) { |
|
| 316 | + $themingSuffix = '-' . $this->config->getAppValue('theming', 'cachebuster', '0'); |
|
| 317 | + } |
|
| 318 | + $v = \OC_App::getAppVersions(); |
|
| 319 | + } |
|
| 320 | + |
|
| 321 | + // Try the webroot path for a match |
|
| 322 | + if ($path !== false && $path !== '') { |
|
| 323 | + $appName = $this->getAppNamefromPath($path); |
|
| 324 | + if (array_key_exists($appName, $v)) { |
|
| 325 | + $appVersion = $v[$appName]; |
|
| 326 | + return '?v=' . substr(md5($appVersion), 0, 8) . $themingSuffix; |
|
| 327 | + } |
|
| 328 | + } |
|
| 329 | + // fallback to the file path instead |
|
| 330 | + if ($file !== false && $file !== '') { |
|
| 331 | + $appName = $this->getAppNamefromPath($file); |
|
| 332 | + if (array_key_exists($appName, $v)) { |
|
| 333 | + $appVersion = $v[$appName]; |
|
| 334 | + return '?v=' . substr(md5($appVersion), 0, 8) . $themingSuffix; |
|
| 335 | + } |
|
| 336 | + } |
|
| 337 | + |
|
| 338 | + return '?v=' . self::$versionHash . $themingSuffix; |
|
| 339 | + } |
|
| 340 | + |
|
| 341 | + /** |
|
| 342 | + * @param array $styles |
|
| 343 | + * @return array |
|
| 344 | + */ |
|
| 345 | + public static function findStylesheetFiles($styles, $compileScss = true) { |
|
| 346 | + if (!self::$cssLocator) { |
|
| 347 | + self::$cssLocator = \OCP\Server::get(CSSResourceLocator::class); |
|
| 348 | + } |
|
| 349 | + self::$cssLocator->find($styles); |
|
| 350 | + return self::$cssLocator->getResources(); |
|
| 351 | + } |
|
| 352 | + |
|
| 353 | + /** |
|
| 354 | + * @param string $path |
|
| 355 | + * @return string|boolean |
|
| 356 | + */ |
|
| 357 | + public function getAppNamefromPath($path) { |
|
| 358 | + if ($path !== '' && is_string($path)) { |
|
| 359 | + $pathParts = explode('/', $path); |
|
| 360 | + if ($pathParts[0] === 'css') { |
|
| 361 | + // This is a scss request |
|
| 362 | + return $pathParts[1]; |
|
| 363 | + } |
|
| 364 | + return end($pathParts); |
|
| 365 | + } |
|
| 366 | + return false; |
|
| 367 | + } |
|
| 368 | + |
|
| 369 | + /** |
|
| 370 | + * @param array $scripts |
|
| 371 | + * @return array |
|
| 372 | + */ |
|
| 373 | + public static function findJavascriptFiles($scripts) { |
|
| 374 | + if (!self::$jsLocator) { |
|
| 375 | + self::$jsLocator = \OCP\Server::get(JSResourceLocator::class); |
|
| 376 | + } |
|
| 377 | + self::$jsLocator->find($scripts); |
|
| 378 | + return self::$jsLocator->getResources(); |
|
| 379 | + } |
|
| 380 | + |
|
| 381 | + /** |
|
| 382 | + * Converts the absolute file path to a relative path from \OC::$SERVERROOT |
|
| 383 | + * @param string $filePath Absolute path |
|
| 384 | + * @return string Relative path |
|
| 385 | + * @throws \Exception If $filePath is not under \OC::$SERVERROOT |
|
| 386 | + */ |
|
| 387 | + public static function convertToRelativePath($filePath) { |
|
| 388 | + $relativePath = explode(\OC::$SERVERROOT, $filePath); |
|
| 389 | + if (count($relativePath) !== 2) { |
|
| 390 | + throw new \Exception('$filePath is not under the \OC::$SERVERROOT'); |
|
| 391 | + } |
|
| 392 | + |
|
| 393 | + return $relativePath[1]; |
|
| 394 | + } |
|
| 395 | 395 | } |
@@ -98,7 +98,7 @@ discard block |
||
| 98 | 98 | $this->navigationManager = \OC::$server->get(INavigationManager::class); |
| 99 | 99 | |
| 100 | 100 | parent::__construct('core', 'layout.user'); |
| 101 | - if (in_array(\OC_App::getCurrentApp(), ['settings','admin', 'help']) !== false) { |
|
| 101 | + if (in_array(\OC_App::getCurrentApp(), ['settings', 'admin', 'help']) !== false) { |
|
| 102 | 102 | $this->assign('bodyid', 'body-settings'); |
| 103 | 103 | } else { |
| 104 | 104 | $this->assign('bodyid', 'body-user'); |
@@ -106,8 +106,8 @@ discard block |
||
| 106 | 106 | |
| 107 | 107 | $this->initialState->provideInitialState('core', 'active-app', $this->navigationManager->getActiveEntry()); |
| 108 | 108 | $this->initialState->provideInitialState('core', 'apps', $this->navigationManager->getAll()); |
| 109 | - $this->initialState->provideInitialState('unified-search', 'limit-default', (int)$this->config->getAppValue('core', 'unified-search.limit-default', (string)SearchQuery::LIMIT_DEFAULT)); |
|
| 110 | - $this->initialState->provideInitialState('unified-search', 'min-search-length', (int)$this->config->getAppValue('core', 'unified-search.min-search-length', (string)1)); |
|
| 109 | + $this->initialState->provideInitialState('unified-search', 'limit-default', (int) $this->config->getAppValue('core', 'unified-search.limit-default', (string) SearchQuery::LIMIT_DEFAULT)); |
|
| 110 | + $this->initialState->provideInitialState('unified-search', 'min-search-length', (int) $this->config->getAppValue('core', 'unified-search.min-search-length', (string) 1)); |
|
| 111 | 111 | $this->initialState->provideInitialState('unified-search', 'live-search', $this->config->getAppValue('core', 'unified-search.live-search', 'yes') === 'yes'); |
| 112 | 112 | Util::addScript('core', 'unified-search', 'core'); |
| 113 | 113 | |
@@ -247,7 +247,7 @@ discard block |
||
| 247 | 247 | foreach ($jsFiles as $info) { |
| 248 | 248 | $web = $info[1]; |
| 249 | 249 | $file = $info[2]; |
| 250 | - $this->append('jsfiles', $web.'/'.$file . $this->getVersionHashSuffix()); |
|
| 250 | + $this->append('jsfiles', $web.'/'.$file.$this->getVersionHashSuffix()); |
|
| 251 | 251 | } |
| 252 | 252 | |
| 253 | 253 | try { |
@@ -280,14 +280,14 @@ discard block |
||
| 280 | 280 | $file = $info[2]; |
| 281 | 281 | |
| 282 | 282 | if (substr($file, -strlen('print.css')) === 'print.css') { |
| 283 | - $this->append('printcssfiles', $web.'/'.$file . $this->getVersionHashSuffix()); |
|
| 283 | + $this->append('printcssfiles', $web.'/'.$file.$this->getVersionHashSuffix()); |
|
| 284 | 284 | } else { |
| 285 | 285 | $suffix = $this->getVersionHashSuffix($web, $file); |
| 286 | 286 | |
| 287 | 287 | if (!str_contains($file, '?v=')) { |
| 288 | - $this->append('cssfiles', $web.'/'.$file . $suffix); |
|
| 288 | + $this->append('cssfiles', $web.'/'.$file.$suffix); |
|
| 289 | 289 | } else { |
| 290 | - $this->append('cssfiles', $web.'/'.$file . '-' . substr($suffix, 3)); |
|
| 290 | + $this->append('cssfiles', $web.'/'.$file.'-'.substr($suffix, 3)); |
|
| 291 | 291 | } |
| 292 | 292 | } |
| 293 | 293 | } |
@@ -313,7 +313,7 @@ discard block |
||
| 313 | 313 | |
| 314 | 314 | if ($this->config->getSystemValueBool('installed', false)) { |
| 315 | 315 | if (\OC::$server->getAppManager()->isInstalled('theming')) { |
| 316 | - $themingSuffix = '-' . $this->config->getAppValue('theming', 'cachebuster', '0'); |
|
| 316 | + $themingSuffix = '-'.$this->config->getAppValue('theming', 'cachebuster', '0'); |
|
| 317 | 317 | } |
| 318 | 318 | $v = \OC_App::getAppVersions(); |
| 319 | 319 | } |
@@ -323,7 +323,7 @@ discard block |
||
| 323 | 323 | $appName = $this->getAppNamefromPath($path); |
| 324 | 324 | if (array_key_exists($appName, $v)) { |
| 325 | 325 | $appVersion = $v[$appName]; |
| 326 | - return '?v=' . substr(md5($appVersion), 0, 8) . $themingSuffix; |
|
| 326 | + return '?v='.substr(md5($appVersion), 0, 8).$themingSuffix; |
|
| 327 | 327 | } |
| 328 | 328 | } |
| 329 | 329 | // fallback to the file path instead |
@@ -331,11 +331,11 @@ discard block |
||
| 331 | 331 | $appName = $this->getAppNamefromPath($file); |
| 332 | 332 | if (array_key_exists($appName, $v)) { |
| 333 | 333 | $appVersion = $v[$appName]; |
| 334 | - return '?v=' . substr(md5($appVersion), 0, 8) . $themingSuffix; |
|
| 334 | + return '?v='.substr(md5($appVersion), 0, 8).$themingSuffix; |
|
| 335 | 335 | } |
| 336 | 336 | } |
| 337 | 337 | |
| 338 | - return '?v=' . self::$versionHash . $themingSuffix; |
|
| 338 | + return '?v='.self::$versionHash.$themingSuffix; |
|
| 339 | 339 | } |
| 340 | 340 | |
| 341 | 341 | /** |
@@ -32,135 +32,135 @@ |
||
| 32 | 32 | use Psr\Log\LoggerInterface; |
| 33 | 33 | |
| 34 | 34 | class JSResourceLocator extends ResourceLocator { |
| 35 | - protected JSCombiner $jsCombiner; |
|
| 36 | - protected IAppManager $appManager; |
|
| 37 | - |
|
| 38 | - public function __construct(LoggerInterface $logger, JSCombiner $JSCombiner, IAppManager $appManager) { |
|
| 39 | - parent::__construct($logger); |
|
| 40 | - |
|
| 41 | - $this->jsCombiner = $JSCombiner; |
|
| 42 | - $this->appManager = $appManager; |
|
| 43 | - } |
|
| 44 | - |
|
| 45 | - /** |
|
| 46 | - * @param string $script |
|
| 47 | - */ |
|
| 48 | - public function doFind($script) { |
|
| 49 | - $theme_dir = 'themes/'.$this->theme.'/'; |
|
| 50 | - |
|
| 51 | - // Extracting the appId and the script file name |
|
| 52 | - $app = substr($script, 0, strpos($script, '/')); |
|
| 53 | - $scriptName = basename($script); |
|
| 54 | - |
|
| 55 | - if (str_contains($script, '/l10n/')) { |
|
| 56 | - // For language files we try to load them all, so themes can overwrite |
|
| 57 | - // single l10n strings without having to translate all of them. |
|
| 58 | - $found = 0; |
|
| 59 | - $found += $this->appendScriptIfExist($this->serverroot, 'core/'.$script); |
|
| 60 | - $found += $this->appendScriptIfExist($this->serverroot, $theme_dir.'core/'.$script); |
|
| 61 | - $found += $this->appendScriptIfExist($this->serverroot, $script); |
|
| 62 | - $found += $this->appendScriptIfExist($this->serverroot, $theme_dir.$script); |
|
| 63 | - $found += $this->appendScriptIfExist($this->serverroot, 'apps/'.$script); |
|
| 64 | - $found += $this->appendScriptIfExist($this->serverroot, $theme_dir.'apps/'.$script); |
|
| 65 | - |
|
| 66 | - if ($found) { |
|
| 67 | - return; |
|
| 68 | - } |
|
| 69 | - } elseif ($this->appendScriptIfExist($this->serverroot, $theme_dir.'apps/'.$script) |
|
| 70 | - || $this->appendScriptIfExist($this->serverroot, $theme_dir.$script) |
|
| 71 | - || $this->appendScriptIfExist($this->serverroot, $script) |
|
| 72 | - || $this->appendScriptIfExist($this->serverroot, $theme_dir."dist/$app-$scriptName") |
|
| 73 | - || $this->appendScriptIfExist($this->serverroot, "dist/$app-$scriptName") |
|
| 74 | - || $this->appendScriptIfExist($this->serverroot, 'apps/'.$script) |
|
| 75 | - || $this->cacheAndAppendCombineJsonIfExist($this->serverroot, $script.'.json') |
|
| 76 | - || $this->appendScriptIfExist($this->serverroot, $theme_dir.'core/'.$script) |
|
| 77 | - || $this->appendScriptIfExist($this->serverroot, 'core/'.$script) |
|
| 78 | - || (strpos($scriptName, '/') === -1 && ($this->appendScriptIfExist($this->serverroot, $theme_dir."dist/core-$scriptName") |
|
| 79 | - || $this->appendScriptIfExist($this->serverroot, "dist/core-$scriptName"))) |
|
| 80 | - || $this->cacheAndAppendCombineJsonIfExist($this->serverroot, 'core/'.$script.'.json') |
|
| 81 | - ) { |
|
| 82 | - return; |
|
| 83 | - } |
|
| 84 | - |
|
| 85 | - $script = substr($script, strpos($script, '/') + 1); |
|
| 86 | - $app_url = null; |
|
| 87 | - |
|
| 88 | - try { |
|
| 89 | - $app_url = $this->appManager->getAppWebPath($app); |
|
| 90 | - } catch (AppPathNotFoundException) { |
|
| 91 | - // pass |
|
| 92 | - } |
|
| 93 | - |
|
| 94 | - try { |
|
| 95 | - $app_path = $this->appManager->getAppPath($app); |
|
| 96 | - |
|
| 97 | - // Account for the possibility of having symlinks in app path. Only |
|
| 98 | - // do this if $app_path is set, because an empty argument to realpath |
|
| 99 | - // gets turned into cwd. |
|
| 100 | - $app_path = realpath($app_path); |
|
| 101 | - |
|
| 102 | - // check combined files |
|
| 103 | - if (!str_starts_with($script, 'l10n/') && $this->cacheAndAppendCombineJsonIfExist($app_path, $script.'.json', $app)) { |
|
| 104 | - return; |
|
| 105 | - } |
|
| 106 | - |
|
| 107 | - // fallback to plain file location |
|
| 108 | - if ($this->appendScriptIfExist($app_path, $script, $app_url)) { |
|
| 109 | - return; |
|
| 110 | - } |
|
| 111 | - } catch (AppPathNotFoundException) { |
|
| 112 | - // pass (general error handling happens below) |
|
| 113 | - } |
|
| 114 | - |
|
| 115 | - // missing translations files will be ignored |
|
| 116 | - if (str_starts_with($script, 'l10n/')) { |
|
| 117 | - return; |
|
| 118 | - } |
|
| 119 | - |
|
| 120 | - $this->logger->error('Could not find resource {resource} to load', [ |
|
| 121 | - 'resource' => $app . '/' . $script . '.js', |
|
| 122 | - 'app' => 'jsresourceloader', |
|
| 123 | - ]); |
|
| 124 | - } |
|
| 125 | - |
|
| 126 | - /** |
|
| 127 | - * @param string $script |
|
| 128 | - */ |
|
| 129 | - public function doFindTheme($script) { |
|
| 130 | - } |
|
| 131 | - |
|
| 132 | - /** |
|
| 133 | - * Try to find ES6 script file (`.mjs`) with fallback to plain javascript (`.js`) |
|
| 134 | - * @see appendIfExist() |
|
| 135 | - */ |
|
| 136 | - protected function appendScriptIfExist(string $root, string $file, string $webRoot = null) { |
|
| 137 | - if (!$this->appendIfExist($root, $file . '.mjs', $webRoot)) { |
|
| 138 | - return $this->appendIfExist($root, $file . '.js', $webRoot); |
|
| 139 | - } |
|
| 140 | - return true; |
|
| 141 | - } |
|
| 142 | - |
|
| 143 | - protected function cacheAndAppendCombineJsonIfExist($root, $file, $app = 'core') { |
|
| 144 | - if (is_file($root.'/'.$file)) { |
|
| 145 | - if ($this->jsCombiner->process($root, $file, $app)) { |
|
| 146 | - $this->append($this->serverroot, $this->jsCombiner->getCachedJS($app, $file), false, false); |
|
| 147 | - } else { |
|
| 148 | - // Add all the files from the json |
|
| 149 | - $files = $this->jsCombiner->getContent($root, $file); |
|
| 150 | - $app_url = null; |
|
| 151 | - try { |
|
| 152 | - $app_url = $this->appManager->getAppWebPath($app); |
|
| 153 | - } catch (AppPathNotFoundException) { |
|
| 154 | - // pass |
|
| 155 | - } |
|
| 156 | - |
|
| 157 | - foreach ($files as $jsFile) { |
|
| 158 | - $this->append($root, $jsFile, $app_url); |
|
| 159 | - } |
|
| 160 | - } |
|
| 161 | - return true; |
|
| 162 | - } |
|
| 163 | - |
|
| 164 | - return false; |
|
| 165 | - } |
|
| 35 | + protected JSCombiner $jsCombiner; |
|
| 36 | + protected IAppManager $appManager; |
|
| 37 | + |
|
| 38 | + public function __construct(LoggerInterface $logger, JSCombiner $JSCombiner, IAppManager $appManager) { |
|
| 39 | + parent::__construct($logger); |
|
| 40 | + |
|
| 41 | + $this->jsCombiner = $JSCombiner; |
|
| 42 | + $this->appManager = $appManager; |
|
| 43 | + } |
|
| 44 | + |
|
| 45 | + /** |
|
| 46 | + * @param string $script |
|
| 47 | + */ |
|
| 48 | + public function doFind($script) { |
|
| 49 | + $theme_dir = 'themes/'.$this->theme.'/'; |
|
| 50 | + |
|
| 51 | + // Extracting the appId and the script file name |
|
| 52 | + $app = substr($script, 0, strpos($script, '/')); |
|
| 53 | + $scriptName = basename($script); |
|
| 54 | + |
|
| 55 | + if (str_contains($script, '/l10n/')) { |
|
| 56 | + // For language files we try to load them all, so themes can overwrite |
|
| 57 | + // single l10n strings without having to translate all of them. |
|
| 58 | + $found = 0; |
|
| 59 | + $found += $this->appendScriptIfExist($this->serverroot, 'core/'.$script); |
|
| 60 | + $found += $this->appendScriptIfExist($this->serverroot, $theme_dir.'core/'.$script); |
|
| 61 | + $found += $this->appendScriptIfExist($this->serverroot, $script); |
|
| 62 | + $found += $this->appendScriptIfExist($this->serverroot, $theme_dir.$script); |
|
| 63 | + $found += $this->appendScriptIfExist($this->serverroot, 'apps/'.$script); |
|
| 64 | + $found += $this->appendScriptIfExist($this->serverroot, $theme_dir.'apps/'.$script); |
|
| 65 | + |
|
| 66 | + if ($found) { |
|
| 67 | + return; |
|
| 68 | + } |
|
| 69 | + } elseif ($this->appendScriptIfExist($this->serverroot, $theme_dir.'apps/'.$script) |
|
| 70 | + || $this->appendScriptIfExist($this->serverroot, $theme_dir.$script) |
|
| 71 | + || $this->appendScriptIfExist($this->serverroot, $script) |
|
| 72 | + || $this->appendScriptIfExist($this->serverroot, $theme_dir."dist/$app-$scriptName") |
|
| 73 | + || $this->appendScriptIfExist($this->serverroot, "dist/$app-$scriptName") |
|
| 74 | + || $this->appendScriptIfExist($this->serverroot, 'apps/'.$script) |
|
| 75 | + || $this->cacheAndAppendCombineJsonIfExist($this->serverroot, $script.'.json') |
|
| 76 | + || $this->appendScriptIfExist($this->serverroot, $theme_dir.'core/'.$script) |
|
| 77 | + || $this->appendScriptIfExist($this->serverroot, 'core/'.$script) |
|
| 78 | + || (strpos($scriptName, '/') === -1 && ($this->appendScriptIfExist($this->serverroot, $theme_dir."dist/core-$scriptName") |
|
| 79 | + || $this->appendScriptIfExist($this->serverroot, "dist/core-$scriptName"))) |
|
| 80 | + || $this->cacheAndAppendCombineJsonIfExist($this->serverroot, 'core/'.$script.'.json') |
|
| 81 | + ) { |
|
| 82 | + return; |
|
| 83 | + } |
|
| 84 | + |
|
| 85 | + $script = substr($script, strpos($script, '/') + 1); |
|
| 86 | + $app_url = null; |
|
| 87 | + |
|
| 88 | + try { |
|
| 89 | + $app_url = $this->appManager->getAppWebPath($app); |
|
| 90 | + } catch (AppPathNotFoundException) { |
|
| 91 | + // pass |
|
| 92 | + } |
|
| 93 | + |
|
| 94 | + try { |
|
| 95 | + $app_path = $this->appManager->getAppPath($app); |
|
| 96 | + |
|
| 97 | + // Account for the possibility of having symlinks in app path. Only |
|
| 98 | + // do this if $app_path is set, because an empty argument to realpath |
|
| 99 | + // gets turned into cwd. |
|
| 100 | + $app_path = realpath($app_path); |
|
| 101 | + |
|
| 102 | + // check combined files |
|
| 103 | + if (!str_starts_with($script, 'l10n/') && $this->cacheAndAppendCombineJsonIfExist($app_path, $script.'.json', $app)) { |
|
| 104 | + return; |
|
| 105 | + } |
|
| 106 | + |
|
| 107 | + // fallback to plain file location |
|
| 108 | + if ($this->appendScriptIfExist($app_path, $script, $app_url)) { |
|
| 109 | + return; |
|
| 110 | + } |
|
| 111 | + } catch (AppPathNotFoundException) { |
|
| 112 | + // pass (general error handling happens below) |
|
| 113 | + } |
|
| 114 | + |
|
| 115 | + // missing translations files will be ignored |
|
| 116 | + if (str_starts_with($script, 'l10n/')) { |
|
| 117 | + return; |
|
| 118 | + } |
|
| 119 | + |
|
| 120 | + $this->logger->error('Could not find resource {resource} to load', [ |
|
| 121 | + 'resource' => $app . '/' . $script . '.js', |
|
| 122 | + 'app' => 'jsresourceloader', |
|
| 123 | + ]); |
|
| 124 | + } |
|
| 125 | + |
|
| 126 | + /** |
|
| 127 | + * @param string $script |
|
| 128 | + */ |
|
| 129 | + public function doFindTheme($script) { |
|
| 130 | + } |
|
| 131 | + |
|
| 132 | + /** |
|
| 133 | + * Try to find ES6 script file (`.mjs`) with fallback to plain javascript (`.js`) |
|
| 134 | + * @see appendIfExist() |
|
| 135 | + */ |
|
| 136 | + protected function appendScriptIfExist(string $root, string $file, string $webRoot = null) { |
|
| 137 | + if (!$this->appendIfExist($root, $file . '.mjs', $webRoot)) { |
|
| 138 | + return $this->appendIfExist($root, $file . '.js', $webRoot); |
|
| 139 | + } |
|
| 140 | + return true; |
|
| 141 | + } |
|
| 142 | + |
|
| 143 | + protected function cacheAndAppendCombineJsonIfExist($root, $file, $app = 'core') { |
|
| 144 | + if (is_file($root.'/'.$file)) { |
|
| 145 | + if ($this->jsCombiner->process($root, $file, $app)) { |
|
| 146 | + $this->append($this->serverroot, $this->jsCombiner->getCachedJS($app, $file), false, false); |
|
| 147 | + } else { |
|
| 148 | + // Add all the files from the json |
|
| 149 | + $files = $this->jsCombiner->getContent($root, $file); |
|
| 150 | + $app_url = null; |
|
| 151 | + try { |
|
| 152 | + $app_url = $this->appManager->getAppWebPath($app); |
|
| 153 | + } catch (AppPathNotFoundException) { |
|
| 154 | + // pass |
|
| 155 | + } |
|
| 156 | + |
|
| 157 | + foreach ($files as $jsFile) { |
|
| 158 | + $this->append($root, $jsFile, $app_url); |
|
| 159 | + } |
|
| 160 | + } |
|
| 161 | + return true; |
|
| 162 | + } |
|
| 163 | + |
|
| 164 | + return false; |
|
| 165 | + } |
|
| 166 | 166 | } |
@@ -44,290 +44,290 @@ |
||
| 44 | 44 | use OCP\L10N\IFactory as IL10NFactory; |
| 45 | 45 | |
| 46 | 46 | class ContactsStore implements IContactsStore { |
| 47 | - private IManager $contactsManager; |
|
| 48 | - private IConfig $config; |
|
| 49 | - private ProfileManager $profileManager; |
|
| 50 | - private IUserManager $userManager; |
|
| 51 | - private IURLGenerator $urlGenerator; |
|
| 52 | - private IGroupManager $groupManager; |
|
| 53 | - private KnownUserService $knownUserService; |
|
| 54 | - private IL10NFactory $l10nFactory; |
|
| 55 | - |
|
| 56 | - public function __construct( |
|
| 57 | - IManager $contactsManager, |
|
| 58 | - IConfig $config, |
|
| 59 | - ProfileManager $profileManager, |
|
| 60 | - IUserManager $userManager, |
|
| 61 | - IURLGenerator $urlGenerator, |
|
| 62 | - IGroupManager $groupManager, |
|
| 63 | - KnownUserService $knownUserService, |
|
| 64 | - IL10NFactory $l10nFactory |
|
| 65 | - ) { |
|
| 66 | - $this->contactsManager = $contactsManager; |
|
| 67 | - $this->config = $config; |
|
| 68 | - $this->profileManager = $profileManager; |
|
| 69 | - $this->userManager = $userManager; |
|
| 70 | - $this->urlGenerator = $urlGenerator; |
|
| 71 | - $this->groupManager = $groupManager; |
|
| 72 | - $this->knownUserService = $knownUserService; |
|
| 73 | - $this->l10nFactory = $l10nFactory; |
|
| 74 | - } |
|
| 75 | - |
|
| 76 | - /** |
|
| 77 | - * @return IEntry[] |
|
| 78 | - */ |
|
| 79 | - public function getContacts(IUser $user, ?string $filter, ?int $limit = null, ?int $offset = null): array { |
|
| 80 | - $options = [ |
|
| 81 | - 'enumeration' => $this->config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes') === 'yes', |
|
| 82 | - 'fullmatch' => $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match', 'yes') === 'yes', |
|
| 83 | - ]; |
|
| 84 | - if ($limit !== null) { |
|
| 85 | - $options['limit'] = $limit; |
|
| 86 | - } |
|
| 87 | - if ($offset !== null) { |
|
| 88 | - $options['offset'] = $offset; |
|
| 89 | - } |
|
| 90 | - |
|
| 91 | - $allContacts = $this->contactsManager->search( |
|
| 92 | - $filter ?? '', |
|
| 93 | - [ |
|
| 94 | - 'FN', |
|
| 95 | - 'EMAIL' |
|
| 96 | - ], |
|
| 97 | - $options |
|
| 98 | - ); |
|
| 99 | - |
|
| 100 | - $userId = $user->getUID(); |
|
| 101 | - $contacts = array_filter($allContacts, function ($contact) use ($userId) { |
|
| 102 | - // When searching for multiple results, we strip out the current user |
|
| 103 | - if (array_key_exists('UID', $contact)) { |
|
| 104 | - return $contact['UID'] !== $userId; |
|
| 105 | - } |
|
| 106 | - return true; |
|
| 107 | - }); |
|
| 108 | - |
|
| 109 | - $entries = array_map(function (array $contact) { |
|
| 110 | - return $this->contactArrayToEntry($contact); |
|
| 111 | - }, $contacts); |
|
| 112 | - return $this->filterContacts( |
|
| 113 | - $user, |
|
| 114 | - $entries, |
|
| 115 | - $filter |
|
| 116 | - ); |
|
| 117 | - } |
|
| 118 | - |
|
| 119 | - /** |
|
| 120 | - * Filters the contacts. Applied filters: |
|
| 121 | - * 1. if the `shareapi_allow_share_dialog_user_enumeration` config option is |
|
| 122 | - * enabled it will filter all local users |
|
| 123 | - * 2. if the `shareapi_exclude_groups` config option is enabled and the |
|
| 124 | - * current user is in an excluded group it will filter all local users. |
|
| 125 | - * 3. if the `shareapi_only_share_with_group_members` config option is |
|
| 126 | - * enabled it will filter all users which doesn't have a common group |
|
| 127 | - * with the current user. |
|
| 128 | - * |
|
| 129 | - * @param IUser $self |
|
| 130 | - * @param Entry[] $entries |
|
| 131 | - * @param string|null $filter |
|
| 132 | - * @return Entry[] the filtered contacts |
|
| 133 | - */ |
|
| 134 | - private function filterContacts( |
|
| 135 | - IUser $self, |
|
| 136 | - array $entries, |
|
| 137 | - ?string $filter |
|
| 138 | - ): array { |
|
| 139 | - $disallowEnumeration = $this->config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes') !== 'yes'; |
|
| 140 | - $restrictEnumerationGroup = $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_group', 'no') === 'yes'; |
|
| 141 | - $restrictEnumerationPhone = $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_phone', 'no') === 'yes'; |
|
| 142 | - $allowEnumerationFullMatch = $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match', 'yes') === 'yes'; |
|
| 143 | - $excludedGroups = $this->config->getAppValue('core', 'shareapi_exclude_groups', 'no') === 'yes'; |
|
| 144 | - |
|
| 145 | - // whether to filter out local users |
|
| 146 | - $skipLocal = false; |
|
| 147 | - // whether to filter out all users which don't have a common group as the current user |
|
| 148 | - $ownGroupsOnly = $this->config->getAppValue('core', 'shareapi_only_share_with_group_members', 'no') === 'yes'; |
|
| 149 | - |
|
| 150 | - $selfGroups = $this->groupManager->getUserGroupIds($self); |
|
| 151 | - |
|
| 152 | - if ($excludedGroups) { |
|
| 153 | - $excludedGroups = $this->config->getAppValue('core', 'shareapi_exclude_groups_list', ''); |
|
| 154 | - $decodedExcludeGroups = json_decode($excludedGroups, true); |
|
| 155 | - $excludeGroupsList = $decodedExcludeGroups ?? []; |
|
| 156 | - |
|
| 157 | - if (count(array_intersect($excludeGroupsList, $selfGroups)) !== 0) { |
|
| 158 | - // a group of the current user is excluded -> filter all local users |
|
| 159 | - $skipLocal = true; |
|
| 160 | - } |
|
| 161 | - } |
|
| 162 | - |
|
| 163 | - $selfUID = $self->getUID(); |
|
| 164 | - |
|
| 165 | - return array_values(array_filter($entries, function (IEntry $entry) use ($skipLocal, $ownGroupsOnly, $selfGroups, $selfUID, $disallowEnumeration, $restrictEnumerationGroup, $restrictEnumerationPhone, $allowEnumerationFullMatch, $filter) { |
|
| 166 | - if ($entry->getProperty('isLocalSystemBook')) { |
|
| 167 | - if ($skipLocal) { |
|
| 168 | - return false; |
|
| 169 | - } |
|
| 170 | - |
|
| 171 | - $checkedCommonGroupAlready = false; |
|
| 172 | - |
|
| 173 | - // Prevent enumerating local users |
|
| 174 | - if ($disallowEnumeration) { |
|
| 175 | - if (!$allowEnumerationFullMatch) { |
|
| 176 | - return false; |
|
| 177 | - } |
|
| 178 | - |
|
| 179 | - $filterOutUser = true; |
|
| 180 | - |
|
| 181 | - $mailAddresses = $entry->getEMailAddresses(); |
|
| 182 | - foreach ($mailAddresses as $mailAddress) { |
|
| 183 | - if ($mailAddress === $filter) { |
|
| 184 | - $filterOutUser = false; |
|
| 185 | - break; |
|
| 186 | - } |
|
| 187 | - } |
|
| 188 | - |
|
| 189 | - if ($entry->getProperty('UID') && $entry->getProperty('UID') === $filter) { |
|
| 190 | - $filterOutUser = false; |
|
| 191 | - } |
|
| 192 | - |
|
| 193 | - if ($filterOutUser) { |
|
| 194 | - return false; |
|
| 195 | - } |
|
| 196 | - } elseif ($restrictEnumerationPhone || $restrictEnumerationGroup) { |
|
| 197 | - $canEnumerate = false; |
|
| 198 | - if ($restrictEnumerationPhone) { |
|
| 199 | - $canEnumerate = $this->knownUserService->isKnownToUser($selfUID, $entry->getProperty('UID')); |
|
| 200 | - } |
|
| 201 | - |
|
| 202 | - if (!$canEnumerate && $restrictEnumerationGroup) { |
|
| 203 | - $user = $this->userManager->get($entry->getProperty('UID')); |
|
| 204 | - |
|
| 205 | - if ($user === null) { |
|
| 206 | - return false; |
|
| 207 | - } |
|
| 208 | - |
|
| 209 | - $contactGroups = $this->groupManager->getUserGroupIds($user); |
|
| 210 | - $canEnumerate = !empty(array_intersect($contactGroups, $selfGroups)); |
|
| 211 | - $checkedCommonGroupAlready = true; |
|
| 212 | - } |
|
| 213 | - |
|
| 214 | - if (!$canEnumerate) { |
|
| 215 | - return false; |
|
| 216 | - } |
|
| 217 | - } |
|
| 218 | - |
|
| 219 | - if ($ownGroupsOnly && !$checkedCommonGroupAlready) { |
|
| 220 | - $user = $this->userManager->get($entry->getProperty('UID')); |
|
| 221 | - |
|
| 222 | - if (!$user instanceof IUser) { |
|
| 223 | - return false; |
|
| 224 | - } |
|
| 225 | - |
|
| 226 | - $contactGroups = $this->groupManager->getUserGroupIds($user); |
|
| 227 | - if (empty(array_intersect($contactGroups, $selfGroups))) { |
|
| 228 | - // no groups in common, so shouldn't see the contact |
|
| 229 | - return false; |
|
| 230 | - } |
|
| 231 | - } |
|
| 232 | - } |
|
| 233 | - |
|
| 234 | - return true; |
|
| 235 | - })); |
|
| 236 | - } |
|
| 237 | - |
|
| 238 | - public function findOne(IUser $user, int $shareType, string $shareWith): ?IEntry { |
|
| 239 | - switch ($shareType) { |
|
| 240 | - case 0: |
|
| 241 | - case 6: |
|
| 242 | - $filter = ['UID']; |
|
| 243 | - break; |
|
| 244 | - case 4: |
|
| 245 | - $filter = ['EMAIL']; |
|
| 246 | - break; |
|
| 247 | - default: |
|
| 248 | - return null; |
|
| 249 | - } |
|
| 250 | - |
|
| 251 | - $contacts = $this->contactsManager->search($shareWith, $filter, [ |
|
| 252 | - 'strict_search' => true, |
|
| 253 | - ]); |
|
| 254 | - $match = null; |
|
| 255 | - |
|
| 256 | - foreach ($contacts as $contact) { |
|
| 257 | - if ($shareType === 4 && isset($contact['EMAIL'])) { |
|
| 258 | - if (in_array($shareWith, $contact['EMAIL'])) { |
|
| 259 | - $match = $contact; |
|
| 260 | - break; |
|
| 261 | - } |
|
| 262 | - } |
|
| 263 | - if ($shareType === 0 || $shareType === 6) { |
|
| 264 | - $isLocal = $contact['isLocalSystemBook'] ?? false; |
|
| 265 | - if ($contact['UID'] === $shareWith && $isLocal === true) { |
|
| 266 | - $match = $contact; |
|
| 267 | - break; |
|
| 268 | - } |
|
| 269 | - } |
|
| 270 | - } |
|
| 271 | - |
|
| 272 | - if ($match) { |
|
| 273 | - $match = $this->filterContacts($user, [$this->contactArrayToEntry($match)], $shareWith); |
|
| 274 | - if (count($match) === 1) { |
|
| 275 | - $match = $match[0]; |
|
| 276 | - } else { |
|
| 277 | - $match = null; |
|
| 278 | - } |
|
| 279 | - } |
|
| 280 | - |
|
| 281 | - return $match; |
|
| 282 | - } |
|
| 283 | - |
|
| 284 | - private function contactArrayToEntry(array $contact): Entry { |
|
| 285 | - $entry = new Entry(); |
|
| 286 | - |
|
| 287 | - if (isset($contact['UID'])) { |
|
| 288 | - $uid = $contact['UID']; |
|
| 289 | - $entry->setId($uid); |
|
| 290 | - if (isset($contact['isLocalSystemBook'])) { |
|
| 291 | - $avatar = $this->urlGenerator->linkToRouteAbsolute('core.avatar.getAvatar', ['userId' => $uid, 'size' => 64]); |
|
| 292 | - } elseif (isset($contact['FN'])) { |
|
| 293 | - $avatar = $this->urlGenerator->linkToRouteAbsolute('core.GuestAvatar.getAvatar', ['guestName' => $contact['FN'], 'size' => 64]); |
|
| 294 | - } else { |
|
| 295 | - $avatar = $this->urlGenerator->linkToRouteAbsolute('core.GuestAvatar.getAvatar', ['guestName' => $uid, 'size' => 64]); |
|
| 296 | - } |
|
| 297 | - $entry->setAvatar($avatar); |
|
| 298 | - } |
|
| 299 | - |
|
| 300 | - if (isset($contact['FN'])) { |
|
| 301 | - $entry->setFullName($contact['FN']); |
|
| 302 | - } |
|
| 303 | - |
|
| 304 | - $avatarPrefix = "VALUE=uri:"; |
|
| 305 | - if (isset($contact['PHOTO']) && str_starts_with($contact['PHOTO'], $avatarPrefix)) { |
|
| 306 | - $entry->setAvatar(substr($contact['PHOTO'], strlen($avatarPrefix))); |
|
| 307 | - } |
|
| 308 | - |
|
| 309 | - if (isset($contact['EMAIL'])) { |
|
| 310 | - foreach ($contact['EMAIL'] as $email) { |
|
| 311 | - $entry->addEMailAddress($email); |
|
| 312 | - } |
|
| 313 | - } |
|
| 314 | - |
|
| 315 | - // Provide profile parameters for core/src/OC/contactsmenu/contact.handlebars template |
|
| 316 | - if (isset($contact['UID']) && isset($contact['FN'])) { |
|
| 317 | - $targetUserId = $contact['UID']; |
|
| 318 | - $targetUser = $this->userManager->get($targetUserId); |
|
| 319 | - if (!empty($targetUser)) { |
|
| 320 | - if ($this->profileManager->isProfileEnabled($targetUser)) { |
|
| 321 | - $entry->setProfileTitle($this->l10nFactory->get('lib')->t('View profile')); |
|
| 322 | - $entry->setProfileUrl($this->urlGenerator->linkToRouteAbsolute('core.ProfilePage.index', ['targetUserId' => $targetUserId])); |
|
| 323 | - } |
|
| 324 | - } |
|
| 325 | - } |
|
| 326 | - |
|
| 327 | - // Attach all other properties to the entry too because some |
|
| 328 | - // providers might make use of it. |
|
| 329 | - $entry->setProperties($contact); |
|
| 330 | - |
|
| 331 | - return $entry; |
|
| 332 | - } |
|
| 47 | + private IManager $contactsManager; |
|
| 48 | + private IConfig $config; |
|
| 49 | + private ProfileManager $profileManager; |
|
| 50 | + private IUserManager $userManager; |
|
| 51 | + private IURLGenerator $urlGenerator; |
|
| 52 | + private IGroupManager $groupManager; |
|
| 53 | + private KnownUserService $knownUserService; |
|
| 54 | + private IL10NFactory $l10nFactory; |
|
| 55 | + |
|
| 56 | + public function __construct( |
|
| 57 | + IManager $contactsManager, |
|
| 58 | + IConfig $config, |
|
| 59 | + ProfileManager $profileManager, |
|
| 60 | + IUserManager $userManager, |
|
| 61 | + IURLGenerator $urlGenerator, |
|
| 62 | + IGroupManager $groupManager, |
|
| 63 | + KnownUserService $knownUserService, |
|
| 64 | + IL10NFactory $l10nFactory |
|
| 65 | + ) { |
|
| 66 | + $this->contactsManager = $contactsManager; |
|
| 67 | + $this->config = $config; |
|
| 68 | + $this->profileManager = $profileManager; |
|
| 69 | + $this->userManager = $userManager; |
|
| 70 | + $this->urlGenerator = $urlGenerator; |
|
| 71 | + $this->groupManager = $groupManager; |
|
| 72 | + $this->knownUserService = $knownUserService; |
|
| 73 | + $this->l10nFactory = $l10nFactory; |
|
| 74 | + } |
|
| 75 | + |
|
| 76 | + /** |
|
| 77 | + * @return IEntry[] |
|
| 78 | + */ |
|
| 79 | + public function getContacts(IUser $user, ?string $filter, ?int $limit = null, ?int $offset = null): array { |
|
| 80 | + $options = [ |
|
| 81 | + 'enumeration' => $this->config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes') === 'yes', |
|
| 82 | + 'fullmatch' => $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match', 'yes') === 'yes', |
|
| 83 | + ]; |
|
| 84 | + if ($limit !== null) { |
|
| 85 | + $options['limit'] = $limit; |
|
| 86 | + } |
|
| 87 | + if ($offset !== null) { |
|
| 88 | + $options['offset'] = $offset; |
|
| 89 | + } |
|
| 90 | + |
|
| 91 | + $allContacts = $this->contactsManager->search( |
|
| 92 | + $filter ?? '', |
|
| 93 | + [ |
|
| 94 | + 'FN', |
|
| 95 | + 'EMAIL' |
|
| 96 | + ], |
|
| 97 | + $options |
|
| 98 | + ); |
|
| 99 | + |
|
| 100 | + $userId = $user->getUID(); |
|
| 101 | + $contacts = array_filter($allContacts, function ($contact) use ($userId) { |
|
| 102 | + // When searching for multiple results, we strip out the current user |
|
| 103 | + if (array_key_exists('UID', $contact)) { |
|
| 104 | + return $contact['UID'] !== $userId; |
|
| 105 | + } |
|
| 106 | + return true; |
|
| 107 | + }); |
|
| 108 | + |
|
| 109 | + $entries = array_map(function (array $contact) { |
|
| 110 | + return $this->contactArrayToEntry($contact); |
|
| 111 | + }, $contacts); |
|
| 112 | + return $this->filterContacts( |
|
| 113 | + $user, |
|
| 114 | + $entries, |
|
| 115 | + $filter |
|
| 116 | + ); |
|
| 117 | + } |
|
| 118 | + |
|
| 119 | + /** |
|
| 120 | + * Filters the contacts. Applied filters: |
|
| 121 | + * 1. if the `shareapi_allow_share_dialog_user_enumeration` config option is |
|
| 122 | + * enabled it will filter all local users |
|
| 123 | + * 2. if the `shareapi_exclude_groups` config option is enabled and the |
|
| 124 | + * current user is in an excluded group it will filter all local users. |
|
| 125 | + * 3. if the `shareapi_only_share_with_group_members` config option is |
|
| 126 | + * enabled it will filter all users which doesn't have a common group |
|
| 127 | + * with the current user. |
|
| 128 | + * |
|
| 129 | + * @param IUser $self |
|
| 130 | + * @param Entry[] $entries |
|
| 131 | + * @param string|null $filter |
|
| 132 | + * @return Entry[] the filtered contacts |
|
| 133 | + */ |
|
| 134 | + private function filterContacts( |
|
| 135 | + IUser $self, |
|
| 136 | + array $entries, |
|
| 137 | + ?string $filter |
|
| 138 | + ): array { |
|
| 139 | + $disallowEnumeration = $this->config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes') !== 'yes'; |
|
| 140 | + $restrictEnumerationGroup = $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_group', 'no') === 'yes'; |
|
| 141 | + $restrictEnumerationPhone = $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_phone', 'no') === 'yes'; |
|
| 142 | + $allowEnumerationFullMatch = $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match', 'yes') === 'yes'; |
|
| 143 | + $excludedGroups = $this->config->getAppValue('core', 'shareapi_exclude_groups', 'no') === 'yes'; |
|
| 144 | + |
|
| 145 | + // whether to filter out local users |
|
| 146 | + $skipLocal = false; |
|
| 147 | + // whether to filter out all users which don't have a common group as the current user |
|
| 148 | + $ownGroupsOnly = $this->config->getAppValue('core', 'shareapi_only_share_with_group_members', 'no') === 'yes'; |
|
| 149 | + |
|
| 150 | + $selfGroups = $this->groupManager->getUserGroupIds($self); |
|
| 151 | + |
|
| 152 | + if ($excludedGroups) { |
|
| 153 | + $excludedGroups = $this->config->getAppValue('core', 'shareapi_exclude_groups_list', ''); |
|
| 154 | + $decodedExcludeGroups = json_decode($excludedGroups, true); |
|
| 155 | + $excludeGroupsList = $decodedExcludeGroups ?? []; |
|
| 156 | + |
|
| 157 | + if (count(array_intersect($excludeGroupsList, $selfGroups)) !== 0) { |
|
| 158 | + // a group of the current user is excluded -> filter all local users |
|
| 159 | + $skipLocal = true; |
|
| 160 | + } |
|
| 161 | + } |
|
| 162 | + |
|
| 163 | + $selfUID = $self->getUID(); |
|
| 164 | + |
|
| 165 | + return array_values(array_filter($entries, function (IEntry $entry) use ($skipLocal, $ownGroupsOnly, $selfGroups, $selfUID, $disallowEnumeration, $restrictEnumerationGroup, $restrictEnumerationPhone, $allowEnumerationFullMatch, $filter) { |
|
| 166 | + if ($entry->getProperty('isLocalSystemBook')) { |
|
| 167 | + if ($skipLocal) { |
|
| 168 | + return false; |
|
| 169 | + } |
|
| 170 | + |
|
| 171 | + $checkedCommonGroupAlready = false; |
|
| 172 | + |
|
| 173 | + // Prevent enumerating local users |
|
| 174 | + if ($disallowEnumeration) { |
|
| 175 | + if (!$allowEnumerationFullMatch) { |
|
| 176 | + return false; |
|
| 177 | + } |
|
| 178 | + |
|
| 179 | + $filterOutUser = true; |
|
| 180 | + |
|
| 181 | + $mailAddresses = $entry->getEMailAddresses(); |
|
| 182 | + foreach ($mailAddresses as $mailAddress) { |
|
| 183 | + if ($mailAddress === $filter) { |
|
| 184 | + $filterOutUser = false; |
|
| 185 | + break; |
|
| 186 | + } |
|
| 187 | + } |
|
| 188 | + |
|
| 189 | + if ($entry->getProperty('UID') && $entry->getProperty('UID') === $filter) { |
|
| 190 | + $filterOutUser = false; |
|
| 191 | + } |
|
| 192 | + |
|
| 193 | + if ($filterOutUser) { |
|
| 194 | + return false; |
|
| 195 | + } |
|
| 196 | + } elseif ($restrictEnumerationPhone || $restrictEnumerationGroup) { |
|
| 197 | + $canEnumerate = false; |
|
| 198 | + if ($restrictEnumerationPhone) { |
|
| 199 | + $canEnumerate = $this->knownUserService->isKnownToUser($selfUID, $entry->getProperty('UID')); |
|
| 200 | + } |
|
| 201 | + |
|
| 202 | + if (!$canEnumerate && $restrictEnumerationGroup) { |
|
| 203 | + $user = $this->userManager->get($entry->getProperty('UID')); |
|
| 204 | + |
|
| 205 | + if ($user === null) { |
|
| 206 | + return false; |
|
| 207 | + } |
|
| 208 | + |
|
| 209 | + $contactGroups = $this->groupManager->getUserGroupIds($user); |
|
| 210 | + $canEnumerate = !empty(array_intersect($contactGroups, $selfGroups)); |
|
| 211 | + $checkedCommonGroupAlready = true; |
|
| 212 | + } |
|
| 213 | + |
|
| 214 | + if (!$canEnumerate) { |
|
| 215 | + return false; |
|
| 216 | + } |
|
| 217 | + } |
|
| 218 | + |
|
| 219 | + if ($ownGroupsOnly && !$checkedCommonGroupAlready) { |
|
| 220 | + $user = $this->userManager->get($entry->getProperty('UID')); |
|
| 221 | + |
|
| 222 | + if (!$user instanceof IUser) { |
|
| 223 | + return false; |
|
| 224 | + } |
|
| 225 | + |
|
| 226 | + $contactGroups = $this->groupManager->getUserGroupIds($user); |
|
| 227 | + if (empty(array_intersect($contactGroups, $selfGroups))) { |
|
| 228 | + // no groups in common, so shouldn't see the contact |
|
| 229 | + return false; |
|
| 230 | + } |
|
| 231 | + } |
|
| 232 | + } |
|
| 233 | + |
|
| 234 | + return true; |
|
| 235 | + })); |
|
| 236 | + } |
|
| 237 | + |
|
| 238 | + public function findOne(IUser $user, int $shareType, string $shareWith): ?IEntry { |
|
| 239 | + switch ($shareType) { |
|
| 240 | + case 0: |
|
| 241 | + case 6: |
|
| 242 | + $filter = ['UID']; |
|
| 243 | + break; |
|
| 244 | + case 4: |
|
| 245 | + $filter = ['EMAIL']; |
|
| 246 | + break; |
|
| 247 | + default: |
|
| 248 | + return null; |
|
| 249 | + } |
|
| 250 | + |
|
| 251 | + $contacts = $this->contactsManager->search($shareWith, $filter, [ |
|
| 252 | + 'strict_search' => true, |
|
| 253 | + ]); |
|
| 254 | + $match = null; |
|
| 255 | + |
|
| 256 | + foreach ($contacts as $contact) { |
|
| 257 | + if ($shareType === 4 && isset($contact['EMAIL'])) { |
|
| 258 | + if (in_array($shareWith, $contact['EMAIL'])) { |
|
| 259 | + $match = $contact; |
|
| 260 | + break; |
|
| 261 | + } |
|
| 262 | + } |
|
| 263 | + if ($shareType === 0 || $shareType === 6) { |
|
| 264 | + $isLocal = $contact['isLocalSystemBook'] ?? false; |
|
| 265 | + if ($contact['UID'] === $shareWith && $isLocal === true) { |
|
| 266 | + $match = $contact; |
|
| 267 | + break; |
|
| 268 | + } |
|
| 269 | + } |
|
| 270 | + } |
|
| 271 | + |
|
| 272 | + if ($match) { |
|
| 273 | + $match = $this->filterContacts($user, [$this->contactArrayToEntry($match)], $shareWith); |
|
| 274 | + if (count($match) === 1) { |
|
| 275 | + $match = $match[0]; |
|
| 276 | + } else { |
|
| 277 | + $match = null; |
|
| 278 | + } |
|
| 279 | + } |
|
| 280 | + |
|
| 281 | + return $match; |
|
| 282 | + } |
|
| 283 | + |
|
| 284 | + private function contactArrayToEntry(array $contact): Entry { |
|
| 285 | + $entry = new Entry(); |
|
| 286 | + |
|
| 287 | + if (isset($contact['UID'])) { |
|
| 288 | + $uid = $contact['UID']; |
|
| 289 | + $entry->setId($uid); |
|
| 290 | + if (isset($contact['isLocalSystemBook'])) { |
|
| 291 | + $avatar = $this->urlGenerator->linkToRouteAbsolute('core.avatar.getAvatar', ['userId' => $uid, 'size' => 64]); |
|
| 292 | + } elseif (isset($contact['FN'])) { |
|
| 293 | + $avatar = $this->urlGenerator->linkToRouteAbsolute('core.GuestAvatar.getAvatar', ['guestName' => $contact['FN'], 'size' => 64]); |
|
| 294 | + } else { |
|
| 295 | + $avatar = $this->urlGenerator->linkToRouteAbsolute('core.GuestAvatar.getAvatar', ['guestName' => $uid, 'size' => 64]); |
|
| 296 | + } |
|
| 297 | + $entry->setAvatar($avatar); |
|
| 298 | + } |
|
| 299 | + |
|
| 300 | + if (isset($contact['FN'])) { |
|
| 301 | + $entry->setFullName($contact['FN']); |
|
| 302 | + } |
|
| 303 | + |
|
| 304 | + $avatarPrefix = "VALUE=uri:"; |
|
| 305 | + if (isset($contact['PHOTO']) && str_starts_with($contact['PHOTO'], $avatarPrefix)) { |
|
| 306 | + $entry->setAvatar(substr($contact['PHOTO'], strlen($avatarPrefix))); |
|
| 307 | + } |
|
| 308 | + |
|
| 309 | + if (isset($contact['EMAIL'])) { |
|
| 310 | + foreach ($contact['EMAIL'] as $email) { |
|
| 311 | + $entry->addEMailAddress($email); |
|
| 312 | + } |
|
| 313 | + } |
|
| 314 | + |
|
| 315 | + // Provide profile parameters for core/src/OC/contactsmenu/contact.handlebars template |
|
| 316 | + if (isset($contact['UID']) && isset($contact['FN'])) { |
|
| 317 | + $targetUserId = $contact['UID']; |
|
| 318 | + $targetUser = $this->userManager->get($targetUserId); |
|
| 319 | + if (!empty($targetUser)) { |
|
| 320 | + if ($this->profileManager->isProfileEnabled($targetUser)) { |
|
| 321 | + $entry->setProfileTitle($this->l10nFactory->get('lib')->t('View profile')); |
|
| 322 | + $entry->setProfileUrl($this->urlGenerator->linkToRouteAbsolute('core.ProfilePage.index', ['targetUserId' => $targetUserId])); |
|
| 323 | + } |
|
| 324 | + } |
|
| 325 | + } |
|
| 326 | + |
|
| 327 | + // Attach all other properties to the entry too because some |
|
| 328 | + // providers might make use of it. |
|
| 329 | + $entry->setProperties($contact); |
|
| 330 | + |
|
| 331 | + return $entry; |
|
| 332 | + } |
|
| 333 | 333 | } |
@@ -63,1555 +63,1555 @@ |
||
| 63 | 63 | * @package OC\Share20 |
| 64 | 64 | */ |
| 65 | 65 | class DefaultShareProvider implements IShareProvider { |
| 66 | - // Special share type for user modified group shares |
|
| 67 | - public const SHARE_TYPE_USERGROUP = 2; |
|
| 68 | - |
|
| 69 | - /** @var IDBConnection */ |
|
| 70 | - private $dbConn; |
|
| 71 | - |
|
| 72 | - /** @var IUserManager */ |
|
| 73 | - private $userManager; |
|
| 74 | - |
|
| 75 | - /** @var IGroupManager */ |
|
| 76 | - private $groupManager; |
|
| 77 | - |
|
| 78 | - /** @var IRootFolder */ |
|
| 79 | - private $rootFolder; |
|
| 80 | - |
|
| 81 | - /** @var IMailer */ |
|
| 82 | - private $mailer; |
|
| 83 | - |
|
| 84 | - /** @var Defaults */ |
|
| 85 | - private $defaults; |
|
| 86 | - |
|
| 87 | - /** @var IFactory */ |
|
| 88 | - private $l10nFactory; |
|
| 89 | - |
|
| 90 | - /** @var IURLGenerator */ |
|
| 91 | - private $urlGenerator; |
|
| 92 | - |
|
| 93 | - /** @var IConfig */ |
|
| 94 | - private $config; |
|
| 95 | - |
|
| 96 | - public function __construct( |
|
| 97 | - IDBConnection $connection, |
|
| 98 | - IUserManager $userManager, |
|
| 99 | - IGroupManager $groupManager, |
|
| 100 | - IRootFolder $rootFolder, |
|
| 101 | - IMailer $mailer, |
|
| 102 | - Defaults $defaults, |
|
| 103 | - IFactory $l10nFactory, |
|
| 104 | - IURLGenerator $urlGenerator, |
|
| 105 | - IConfig $config) { |
|
| 106 | - $this->dbConn = $connection; |
|
| 107 | - $this->userManager = $userManager; |
|
| 108 | - $this->groupManager = $groupManager; |
|
| 109 | - $this->rootFolder = $rootFolder; |
|
| 110 | - $this->mailer = $mailer; |
|
| 111 | - $this->defaults = $defaults; |
|
| 112 | - $this->l10nFactory = $l10nFactory; |
|
| 113 | - $this->urlGenerator = $urlGenerator; |
|
| 114 | - $this->config = $config; |
|
| 115 | - } |
|
| 116 | - |
|
| 117 | - /** |
|
| 118 | - * Return the identifier of this provider. |
|
| 119 | - * |
|
| 120 | - * @return string Containing only [a-zA-Z0-9] |
|
| 121 | - */ |
|
| 122 | - public function identifier() { |
|
| 123 | - return 'ocinternal'; |
|
| 124 | - } |
|
| 125 | - |
|
| 126 | - /** |
|
| 127 | - * Share a path |
|
| 128 | - * |
|
| 129 | - * @param \OCP\Share\IShare $share |
|
| 130 | - * @return \OCP\Share\IShare The share object |
|
| 131 | - * @throws ShareNotFound |
|
| 132 | - * @throws \Exception |
|
| 133 | - */ |
|
| 134 | - public function create(\OCP\Share\IShare $share) { |
|
| 135 | - $qb = $this->dbConn->getQueryBuilder(); |
|
| 136 | - |
|
| 137 | - $qb->insert('share'); |
|
| 138 | - $qb->setValue('share_type', $qb->createNamedParameter($share->getShareType())); |
|
| 139 | - |
|
| 140 | - if ($share->getShareType() === IShare::TYPE_USER) { |
|
| 141 | - //Set the UID of the user we share with |
|
| 142 | - $qb->setValue('share_with', $qb->createNamedParameter($share->getSharedWith())); |
|
| 143 | - $qb->setValue('accepted', $qb->createNamedParameter(IShare::STATUS_PENDING)); |
|
| 144 | - |
|
| 145 | - //If an expiration date is set store it |
|
| 146 | - if ($share->getExpirationDate() !== null) { |
|
| 147 | - $qb->setValue('expiration', $qb->createNamedParameter($share->getExpirationDate(), 'datetime')); |
|
| 148 | - } |
|
| 149 | - } elseif ($share->getShareType() === IShare::TYPE_GROUP) { |
|
| 150 | - //Set the GID of the group we share with |
|
| 151 | - $qb->setValue('share_with', $qb->createNamedParameter($share->getSharedWith())); |
|
| 152 | - |
|
| 153 | - //If an expiration date is set store it |
|
| 154 | - if ($share->getExpirationDate() !== null) { |
|
| 155 | - $qb->setValue('expiration', $qb->createNamedParameter($share->getExpirationDate(), 'datetime')); |
|
| 156 | - } |
|
| 157 | - } elseif ($share->getShareType() === IShare::TYPE_LINK) { |
|
| 158 | - //set label for public link |
|
| 159 | - $qb->setValue('label', $qb->createNamedParameter($share->getLabel())); |
|
| 160 | - //Set the token of the share |
|
| 161 | - $qb->setValue('token', $qb->createNamedParameter($share->getToken())); |
|
| 162 | - |
|
| 163 | - //If a password is set store it |
|
| 164 | - if ($share->getPassword() !== null) { |
|
| 165 | - $qb->setValue('password', $qb->createNamedParameter($share->getPassword())); |
|
| 166 | - } |
|
| 167 | - |
|
| 168 | - $qb->setValue('password_by_talk', $qb->createNamedParameter($share->getSendPasswordByTalk(), IQueryBuilder::PARAM_BOOL)); |
|
| 169 | - |
|
| 170 | - //If an expiration date is set store it |
|
| 171 | - if ($share->getExpirationDate() !== null) { |
|
| 172 | - $qb->setValue('expiration', $qb->createNamedParameter($share->getExpirationDate(), 'datetime')); |
|
| 173 | - } |
|
| 174 | - |
|
| 175 | - if (method_exists($share, 'getParent')) { |
|
| 176 | - $qb->setValue('parent', $qb->createNamedParameter($share->getParent())); |
|
| 177 | - } |
|
| 178 | - |
|
| 179 | - $qb->setValue('hide_download', $qb->createNamedParameter($share->getHideDownload() ? 1 : 0, IQueryBuilder::PARAM_INT)); |
|
| 180 | - } else { |
|
| 181 | - throw new \Exception('invalid share type!'); |
|
| 182 | - } |
|
| 183 | - |
|
| 184 | - // Set what is shares |
|
| 185 | - $qb->setValue('item_type', $qb->createParameter('itemType')); |
|
| 186 | - if ($share->getNode() instanceof \OCP\Files\File) { |
|
| 187 | - $qb->setParameter('itemType', 'file'); |
|
| 188 | - } else { |
|
| 189 | - $qb->setParameter('itemType', 'folder'); |
|
| 190 | - } |
|
| 191 | - |
|
| 192 | - // Set the file id |
|
| 193 | - $qb->setValue('item_source', $qb->createNamedParameter($share->getNode()->getId())); |
|
| 194 | - $qb->setValue('file_source', $qb->createNamedParameter($share->getNode()->getId())); |
|
| 195 | - |
|
| 196 | - // set the permissions |
|
| 197 | - $qb->setValue('permissions', $qb->createNamedParameter($share->getPermissions())); |
|
| 198 | - |
|
| 199 | - // set share attributes |
|
| 200 | - $shareAttributes = $this->formatShareAttributes( |
|
| 201 | - $share->getAttributes() |
|
| 202 | - ); |
|
| 203 | - $qb->setValue('attributes', $qb->createNamedParameter($shareAttributes)); |
|
| 204 | - |
|
| 205 | - // Set who created this share |
|
| 206 | - $qb->setValue('uid_initiator', $qb->createNamedParameter($share->getSharedBy())); |
|
| 207 | - |
|
| 208 | - // Set who is the owner of this file/folder (and this the owner of the share) |
|
| 209 | - $qb->setValue('uid_owner', $qb->createNamedParameter($share->getShareOwner())); |
|
| 210 | - |
|
| 211 | - // Set the file target |
|
| 212 | - $qb->setValue('file_target', $qb->createNamedParameter($share->getTarget())); |
|
| 213 | - |
|
| 214 | - if ($share->getNote() !== '') { |
|
| 215 | - $qb->setValue('note', $qb->createNamedParameter($share->getNote())); |
|
| 216 | - } |
|
| 217 | - |
|
| 218 | - // Set the time this share was created |
|
| 219 | - $qb->setValue('stime', $qb->createNamedParameter(time())); |
|
| 220 | - |
|
| 221 | - // insert the data and fetch the id of the share |
|
| 222 | - $this->dbConn->beginTransaction(); |
|
| 223 | - $qb->execute(); |
|
| 224 | - $id = $this->dbConn->lastInsertId('*PREFIX*share'); |
|
| 225 | - |
|
| 226 | - // Now fetch the inserted share and create a complete share object |
|
| 227 | - $qb = $this->dbConn->getQueryBuilder(); |
|
| 228 | - $qb->select('*') |
|
| 229 | - ->from('share') |
|
| 230 | - ->where($qb->expr()->eq('id', $qb->createNamedParameter($id))); |
|
| 231 | - |
|
| 232 | - $cursor = $qb->execute(); |
|
| 233 | - $data = $cursor->fetch(); |
|
| 234 | - $this->dbConn->commit(); |
|
| 235 | - $cursor->closeCursor(); |
|
| 236 | - |
|
| 237 | - if ($data === false) { |
|
| 238 | - throw new ShareNotFound('Newly created share could not be found'); |
|
| 239 | - } |
|
| 240 | - |
|
| 241 | - $mailSendValue = $share->getMailSend(); |
|
| 242 | - $data['mail_send'] = ($mailSendValue === null) ? true : $mailSendValue; |
|
| 243 | - |
|
| 244 | - $share = $this->createShare($data); |
|
| 245 | - return $share; |
|
| 246 | - } |
|
| 247 | - |
|
| 248 | - /** |
|
| 249 | - * Update a share |
|
| 250 | - * |
|
| 251 | - * @param \OCP\Share\IShare $share |
|
| 252 | - * @return \OCP\Share\IShare The share object |
|
| 253 | - * @throws ShareNotFound |
|
| 254 | - * @throws \OCP\Files\InvalidPathException |
|
| 255 | - * @throws \OCP\Files\NotFoundException |
|
| 256 | - */ |
|
| 257 | - public function update(\OCP\Share\IShare $share) { |
|
| 258 | - $originalShare = $this->getShareById($share->getId()); |
|
| 259 | - |
|
| 260 | - $shareAttributes = $this->formatShareAttributes($share->getAttributes()); |
|
| 261 | - |
|
| 262 | - if ($share->getShareType() === IShare::TYPE_USER) { |
|
| 263 | - /* |
|
| 66 | + // Special share type for user modified group shares |
|
| 67 | + public const SHARE_TYPE_USERGROUP = 2; |
|
| 68 | + |
|
| 69 | + /** @var IDBConnection */ |
|
| 70 | + private $dbConn; |
|
| 71 | + |
|
| 72 | + /** @var IUserManager */ |
|
| 73 | + private $userManager; |
|
| 74 | + |
|
| 75 | + /** @var IGroupManager */ |
|
| 76 | + private $groupManager; |
|
| 77 | + |
|
| 78 | + /** @var IRootFolder */ |
|
| 79 | + private $rootFolder; |
|
| 80 | + |
|
| 81 | + /** @var IMailer */ |
|
| 82 | + private $mailer; |
|
| 83 | + |
|
| 84 | + /** @var Defaults */ |
|
| 85 | + private $defaults; |
|
| 86 | + |
|
| 87 | + /** @var IFactory */ |
|
| 88 | + private $l10nFactory; |
|
| 89 | + |
|
| 90 | + /** @var IURLGenerator */ |
|
| 91 | + private $urlGenerator; |
|
| 92 | + |
|
| 93 | + /** @var IConfig */ |
|
| 94 | + private $config; |
|
| 95 | + |
|
| 96 | + public function __construct( |
|
| 97 | + IDBConnection $connection, |
|
| 98 | + IUserManager $userManager, |
|
| 99 | + IGroupManager $groupManager, |
|
| 100 | + IRootFolder $rootFolder, |
|
| 101 | + IMailer $mailer, |
|
| 102 | + Defaults $defaults, |
|
| 103 | + IFactory $l10nFactory, |
|
| 104 | + IURLGenerator $urlGenerator, |
|
| 105 | + IConfig $config) { |
|
| 106 | + $this->dbConn = $connection; |
|
| 107 | + $this->userManager = $userManager; |
|
| 108 | + $this->groupManager = $groupManager; |
|
| 109 | + $this->rootFolder = $rootFolder; |
|
| 110 | + $this->mailer = $mailer; |
|
| 111 | + $this->defaults = $defaults; |
|
| 112 | + $this->l10nFactory = $l10nFactory; |
|
| 113 | + $this->urlGenerator = $urlGenerator; |
|
| 114 | + $this->config = $config; |
|
| 115 | + } |
|
| 116 | + |
|
| 117 | + /** |
|
| 118 | + * Return the identifier of this provider. |
|
| 119 | + * |
|
| 120 | + * @return string Containing only [a-zA-Z0-9] |
|
| 121 | + */ |
|
| 122 | + public function identifier() { |
|
| 123 | + return 'ocinternal'; |
|
| 124 | + } |
|
| 125 | + |
|
| 126 | + /** |
|
| 127 | + * Share a path |
|
| 128 | + * |
|
| 129 | + * @param \OCP\Share\IShare $share |
|
| 130 | + * @return \OCP\Share\IShare The share object |
|
| 131 | + * @throws ShareNotFound |
|
| 132 | + * @throws \Exception |
|
| 133 | + */ |
|
| 134 | + public function create(\OCP\Share\IShare $share) { |
|
| 135 | + $qb = $this->dbConn->getQueryBuilder(); |
|
| 136 | + |
|
| 137 | + $qb->insert('share'); |
|
| 138 | + $qb->setValue('share_type', $qb->createNamedParameter($share->getShareType())); |
|
| 139 | + |
|
| 140 | + if ($share->getShareType() === IShare::TYPE_USER) { |
|
| 141 | + //Set the UID of the user we share with |
|
| 142 | + $qb->setValue('share_with', $qb->createNamedParameter($share->getSharedWith())); |
|
| 143 | + $qb->setValue('accepted', $qb->createNamedParameter(IShare::STATUS_PENDING)); |
|
| 144 | + |
|
| 145 | + //If an expiration date is set store it |
|
| 146 | + if ($share->getExpirationDate() !== null) { |
|
| 147 | + $qb->setValue('expiration', $qb->createNamedParameter($share->getExpirationDate(), 'datetime')); |
|
| 148 | + } |
|
| 149 | + } elseif ($share->getShareType() === IShare::TYPE_GROUP) { |
|
| 150 | + //Set the GID of the group we share with |
|
| 151 | + $qb->setValue('share_with', $qb->createNamedParameter($share->getSharedWith())); |
|
| 152 | + |
|
| 153 | + //If an expiration date is set store it |
|
| 154 | + if ($share->getExpirationDate() !== null) { |
|
| 155 | + $qb->setValue('expiration', $qb->createNamedParameter($share->getExpirationDate(), 'datetime')); |
|
| 156 | + } |
|
| 157 | + } elseif ($share->getShareType() === IShare::TYPE_LINK) { |
|
| 158 | + //set label for public link |
|
| 159 | + $qb->setValue('label', $qb->createNamedParameter($share->getLabel())); |
|
| 160 | + //Set the token of the share |
|
| 161 | + $qb->setValue('token', $qb->createNamedParameter($share->getToken())); |
|
| 162 | + |
|
| 163 | + //If a password is set store it |
|
| 164 | + if ($share->getPassword() !== null) { |
|
| 165 | + $qb->setValue('password', $qb->createNamedParameter($share->getPassword())); |
|
| 166 | + } |
|
| 167 | + |
|
| 168 | + $qb->setValue('password_by_talk', $qb->createNamedParameter($share->getSendPasswordByTalk(), IQueryBuilder::PARAM_BOOL)); |
|
| 169 | + |
|
| 170 | + //If an expiration date is set store it |
|
| 171 | + if ($share->getExpirationDate() !== null) { |
|
| 172 | + $qb->setValue('expiration', $qb->createNamedParameter($share->getExpirationDate(), 'datetime')); |
|
| 173 | + } |
|
| 174 | + |
|
| 175 | + if (method_exists($share, 'getParent')) { |
|
| 176 | + $qb->setValue('parent', $qb->createNamedParameter($share->getParent())); |
|
| 177 | + } |
|
| 178 | + |
|
| 179 | + $qb->setValue('hide_download', $qb->createNamedParameter($share->getHideDownload() ? 1 : 0, IQueryBuilder::PARAM_INT)); |
|
| 180 | + } else { |
|
| 181 | + throw new \Exception('invalid share type!'); |
|
| 182 | + } |
|
| 183 | + |
|
| 184 | + // Set what is shares |
|
| 185 | + $qb->setValue('item_type', $qb->createParameter('itemType')); |
|
| 186 | + if ($share->getNode() instanceof \OCP\Files\File) { |
|
| 187 | + $qb->setParameter('itemType', 'file'); |
|
| 188 | + } else { |
|
| 189 | + $qb->setParameter('itemType', 'folder'); |
|
| 190 | + } |
|
| 191 | + |
|
| 192 | + // Set the file id |
|
| 193 | + $qb->setValue('item_source', $qb->createNamedParameter($share->getNode()->getId())); |
|
| 194 | + $qb->setValue('file_source', $qb->createNamedParameter($share->getNode()->getId())); |
|
| 195 | + |
|
| 196 | + // set the permissions |
|
| 197 | + $qb->setValue('permissions', $qb->createNamedParameter($share->getPermissions())); |
|
| 198 | + |
|
| 199 | + // set share attributes |
|
| 200 | + $shareAttributes = $this->formatShareAttributes( |
|
| 201 | + $share->getAttributes() |
|
| 202 | + ); |
|
| 203 | + $qb->setValue('attributes', $qb->createNamedParameter($shareAttributes)); |
|
| 204 | + |
|
| 205 | + // Set who created this share |
|
| 206 | + $qb->setValue('uid_initiator', $qb->createNamedParameter($share->getSharedBy())); |
|
| 207 | + |
|
| 208 | + // Set who is the owner of this file/folder (and this the owner of the share) |
|
| 209 | + $qb->setValue('uid_owner', $qb->createNamedParameter($share->getShareOwner())); |
|
| 210 | + |
|
| 211 | + // Set the file target |
|
| 212 | + $qb->setValue('file_target', $qb->createNamedParameter($share->getTarget())); |
|
| 213 | + |
|
| 214 | + if ($share->getNote() !== '') { |
|
| 215 | + $qb->setValue('note', $qb->createNamedParameter($share->getNote())); |
|
| 216 | + } |
|
| 217 | + |
|
| 218 | + // Set the time this share was created |
|
| 219 | + $qb->setValue('stime', $qb->createNamedParameter(time())); |
|
| 220 | + |
|
| 221 | + // insert the data and fetch the id of the share |
|
| 222 | + $this->dbConn->beginTransaction(); |
|
| 223 | + $qb->execute(); |
|
| 224 | + $id = $this->dbConn->lastInsertId('*PREFIX*share'); |
|
| 225 | + |
|
| 226 | + // Now fetch the inserted share and create a complete share object |
|
| 227 | + $qb = $this->dbConn->getQueryBuilder(); |
|
| 228 | + $qb->select('*') |
|
| 229 | + ->from('share') |
|
| 230 | + ->where($qb->expr()->eq('id', $qb->createNamedParameter($id))); |
|
| 231 | + |
|
| 232 | + $cursor = $qb->execute(); |
|
| 233 | + $data = $cursor->fetch(); |
|
| 234 | + $this->dbConn->commit(); |
|
| 235 | + $cursor->closeCursor(); |
|
| 236 | + |
|
| 237 | + if ($data === false) { |
|
| 238 | + throw new ShareNotFound('Newly created share could not be found'); |
|
| 239 | + } |
|
| 240 | + |
|
| 241 | + $mailSendValue = $share->getMailSend(); |
|
| 242 | + $data['mail_send'] = ($mailSendValue === null) ? true : $mailSendValue; |
|
| 243 | + |
|
| 244 | + $share = $this->createShare($data); |
|
| 245 | + return $share; |
|
| 246 | + } |
|
| 247 | + |
|
| 248 | + /** |
|
| 249 | + * Update a share |
|
| 250 | + * |
|
| 251 | + * @param \OCP\Share\IShare $share |
|
| 252 | + * @return \OCP\Share\IShare The share object |
|
| 253 | + * @throws ShareNotFound |
|
| 254 | + * @throws \OCP\Files\InvalidPathException |
|
| 255 | + * @throws \OCP\Files\NotFoundException |
|
| 256 | + */ |
|
| 257 | + public function update(\OCP\Share\IShare $share) { |
|
| 258 | + $originalShare = $this->getShareById($share->getId()); |
|
| 259 | + |
|
| 260 | + $shareAttributes = $this->formatShareAttributes($share->getAttributes()); |
|
| 261 | + |
|
| 262 | + if ($share->getShareType() === IShare::TYPE_USER) { |
|
| 263 | + /* |
|
| 264 | 264 | * We allow updating the recipient on user shares. |
| 265 | 265 | */ |
| 266 | - $qb = $this->dbConn->getQueryBuilder(); |
|
| 267 | - $qb->update('share') |
|
| 268 | - ->where($qb->expr()->eq('id', $qb->createNamedParameter($share->getId()))) |
|
| 269 | - ->set('share_with', $qb->createNamedParameter($share->getSharedWith())) |
|
| 270 | - ->set('uid_owner', $qb->createNamedParameter($share->getShareOwner())) |
|
| 271 | - ->set('uid_initiator', $qb->createNamedParameter($share->getSharedBy())) |
|
| 272 | - ->set('permissions', $qb->createNamedParameter($share->getPermissions())) |
|
| 273 | - ->set('attributes', $qb->createNamedParameter($shareAttributes)) |
|
| 274 | - ->set('item_source', $qb->createNamedParameter($share->getNode()->getId())) |
|
| 275 | - ->set('file_source', $qb->createNamedParameter($share->getNode()->getId())) |
|
| 276 | - ->set('expiration', $qb->createNamedParameter($share->getExpirationDate(), IQueryBuilder::PARAM_DATE)) |
|
| 277 | - ->set('note', $qb->createNamedParameter($share->getNote())) |
|
| 278 | - ->set('accepted', $qb->createNamedParameter($share->getStatus())) |
|
| 279 | - ->execute(); |
|
| 280 | - } elseif ($share->getShareType() === IShare::TYPE_GROUP) { |
|
| 281 | - $qb = $this->dbConn->getQueryBuilder(); |
|
| 282 | - $qb->update('share') |
|
| 283 | - ->where($qb->expr()->eq('id', $qb->createNamedParameter($share->getId()))) |
|
| 284 | - ->set('uid_owner', $qb->createNamedParameter($share->getShareOwner())) |
|
| 285 | - ->set('uid_initiator', $qb->createNamedParameter($share->getSharedBy())) |
|
| 286 | - ->set('permissions', $qb->createNamedParameter($share->getPermissions())) |
|
| 287 | - ->set('attributes', $qb->createNamedParameter($shareAttributes)) |
|
| 288 | - ->set('item_source', $qb->createNamedParameter($share->getNode()->getId())) |
|
| 289 | - ->set('file_source', $qb->createNamedParameter($share->getNode()->getId())) |
|
| 290 | - ->set('expiration', $qb->createNamedParameter($share->getExpirationDate(), IQueryBuilder::PARAM_DATE)) |
|
| 291 | - ->set('note', $qb->createNamedParameter($share->getNote())) |
|
| 292 | - ->execute(); |
|
| 293 | - |
|
| 294 | - /* |
|
| 266 | + $qb = $this->dbConn->getQueryBuilder(); |
|
| 267 | + $qb->update('share') |
|
| 268 | + ->where($qb->expr()->eq('id', $qb->createNamedParameter($share->getId()))) |
|
| 269 | + ->set('share_with', $qb->createNamedParameter($share->getSharedWith())) |
|
| 270 | + ->set('uid_owner', $qb->createNamedParameter($share->getShareOwner())) |
|
| 271 | + ->set('uid_initiator', $qb->createNamedParameter($share->getSharedBy())) |
|
| 272 | + ->set('permissions', $qb->createNamedParameter($share->getPermissions())) |
|
| 273 | + ->set('attributes', $qb->createNamedParameter($shareAttributes)) |
|
| 274 | + ->set('item_source', $qb->createNamedParameter($share->getNode()->getId())) |
|
| 275 | + ->set('file_source', $qb->createNamedParameter($share->getNode()->getId())) |
|
| 276 | + ->set('expiration', $qb->createNamedParameter($share->getExpirationDate(), IQueryBuilder::PARAM_DATE)) |
|
| 277 | + ->set('note', $qb->createNamedParameter($share->getNote())) |
|
| 278 | + ->set('accepted', $qb->createNamedParameter($share->getStatus())) |
|
| 279 | + ->execute(); |
|
| 280 | + } elseif ($share->getShareType() === IShare::TYPE_GROUP) { |
|
| 281 | + $qb = $this->dbConn->getQueryBuilder(); |
|
| 282 | + $qb->update('share') |
|
| 283 | + ->where($qb->expr()->eq('id', $qb->createNamedParameter($share->getId()))) |
|
| 284 | + ->set('uid_owner', $qb->createNamedParameter($share->getShareOwner())) |
|
| 285 | + ->set('uid_initiator', $qb->createNamedParameter($share->getSharedBy())) |
|
| 286 | + ->set('permissions', $qb->createNamedParameter($share->getPermissions())) |
|
| 287 | + ->set('attributes', $qb->createNamedParameter($shareAttributes)) |
|
| 288 | + ->set('item_source', $qb->createNamedParameter($share->getNode()->getId())) |
|
| 289 | + ->set('file_source', $qb->createNamedParameter($share->getNode()->getId())) |
|
| 290 | + ->set('expiration', $qb->createNamedParameter($share->getExpirationDate(), IQueryBuilder::PARAM_DATE)) |
|
| 291 | + ->set('note', $qb->createNamedParameter($share->getNote())) |
|
| 292 | + ->execute(); |
|
| 293 | + |
|
| 294 | + /* |
|
| 295 | 295 | * Update all user defined group shares |
| 296 | 296 | */ |
| 297 | - $qb = $this->dbConn->getQueryBuilder(); |
|
| 298 | - $qb->update('share') |
|
| 299 | - ->where($qb->expr()->eq('parent', $qb->createNamedParameter($share->getId()))) |
|
| 300 | - ->andWhere($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_USERGROUP))) |
|
| 301 | - ->set('uid_owner', $qb->createNamedParameter($share->getShareOwner())) |
|
| 302 | - ->set('uid_initiator', $qb->createNamedParameter($share->getSharedBy())) |
|
| 303 | - ->set('item_source', $qb->createNamedParameter($share->getNode()->getId())) |
|
| 304 | - ->set('file_source', $qb->createNamedParameter($share->getNode()->getId())) |
|
| 305 | - ->set('expiration', $qb->createNamedParameter($share->getExpirationDate(), IQueryBuilder::PARAM_DATE)) |
|
| 306 | - ->set('note', $qb->createNamedParameter($share->getNote())) |
|
| 307 | - ->execute(); |
|
| 308 | - |
|
| 309 | - /* |
|
| 297 | + $qb = $this->dbConn->getQueryBuilder(); |
|
| 298 | + $qb->update('share') |
|
| 299 | + ->where($qb->expr()->eq('parent', $qb->createNamedParameter($share->getId()))) |
|
| 300 | + ->andWhere($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_USERGROUP))) |
|
| 301 | + ->set('uid_owner', $qb->createNamedParameter($share->getShareOwner())) |
|
| 302 | + ->set('uid_initiator', $qb->createNamedParameter($share->getSharedBy())) |
|
| 303 | + ->set('item_source', $qb->createNamedParameter($share->getNode()->getId())) |
|
| 304 | + ->set('file_source', $qb->createNamedParameter($share->getNode()->getId())) |
|
| 305 | + ->set('expiration', $qb->createNamedParameter($share->getExpirationDate(), IQueryBuilder::PARAM_DATE)) |
|
| 306 | + ->set('note', $qb->createNamedParameter($share->getNote())) |
|
| 307 | + ->execute(); |
|
| 308 | + |
|
| 309 | + /* |
|
| 310 | 310 | * Now update the permissions for all children that have not set it to 0 |
| 311 | 311 | */ |
| 312 | - $qb = $this->dbConn->getQueryBuilder(); |
|
| 313 | - $qb->update('share') |
|
| 314 | - ->where($qb->expr()->eq('parent', $qb->createNamedParameter($share->getId()))) |
|
| 315 | - ->andWhere($qb->expr()->neq('permissions', $qb->createNamedParameter(0))) |
|
| 316 | - ->set('permissions', $qb->createNamedParameter($share->getPermissions())) |
|
| 317 | - ->set('attributes', $qb->createNamedParameter($shareAttributes)) |
|
| 318 | - ->execute(); |
|
| 319 | - } elseif ($share->getShareType() === IShare::TYPE_LINK) { |
|
| 320 | - $qb = $this->dbConn->getQueryBuilder(); |
|
| 321 | - $qb->update('share') |
|
| 322 | - ->where($qb->expr()->eq('id', $qb->createNamedParameter($share->getId()))) |
|
| 323 | - ->set('password', $qb->createNamedParameter($share->getPassword())) |
|
| 324 | - ->set('password_by_talk', $qb->createNamedParameter($share->getSendPasswordByTalk(), IQueryBuilder::PARAM_BOOL)) |
|
| 325 | - ->set('uid_owner', $qb->createNamedParameter($share->getShareOwner())) |
|
| 326 | - ->set('uid_initiator', $qb->createNamedParameter($share->getSharedBy())) |
|
| 327 | - ->set('permissions', $qb->createNamedParameter($share->getPermissions())) |
|
| 328 | - ->set('attributes', $qb->createNamedParameter($shareAttributes)) |
|
| 329 | - ->set('item_source', $qb->createNamedParameter($share->getNode()->getId())) |
|
| 330 | - ->set('file_source', $qb->createNamedParameter($share->getNode()->getId())) |
|
| 331 | - ->set('token', $qb->createNamedParameter($share->getToken())) |
|
| 332 | - ->set('expiration', $qb->createNamedParameter($share->getExpirationDate(), IQueryBuilder::PARAM_DATE)) |
|
| 333 | - ->set('note', $qb->createNamedParameter($share->getNote())) |
|
| 334 | - ->set('label', $qb->createNamedParameter($share->getLabel())) |
|
| 335 | - ->set('hide_download', $qb->createNamedParameter($share->getHideDownload() ? 1 : 0), IQueryBuilder::PARAM_INT) |
|
| 336 | - ->execute(); |
|
| 337 | - } |
|
| 338 | - |
|
| 339 | - if ($originalShare->getNote() !== $share->getNote() && $share->getNote() !== '') { |
|
| 340 | - $this->propagateNote($share); |
|
| 341 | - } |
|
| 342 | - |
|
| 343 | - |
|
| 344 | - return $share; |
|
| 345 | - } |
|
| 346 | - |
|
| 347 | - /** |
|
| 348 | - * Accept a share. |
|
| 349 | - * |
|
| 350 | - * @param IShare $share |
|
| 351 | - * @param string $recipient |
|
| 352 | - * @return IShare The share object |
|
| 353 | - * @since 9.0.0 |
|
| 354 | - */ |
|
| 355 | - public function acceptShare(IShare $share, string $recipient): IShare { |
|
| 356 | - if ($share->getShareType() === IShare::TYPE_GROUP) { |
|
| 357 | - $group = $this->groupManager->get($share->getSharedWith()); |
|
| 358 | - $user = $this->userManager->get($recipient); |
|
| 359 | - |
|
| 360 | - if (is_null($group)) { |
|
| 361 | - throw new ProviderException('Group "' . $share->getSharedWith() . '" does not exist'); |
|
| 362 | - } |
|
| 363 | - |
|
| 364 | - if (!$group->inGroup($user)) { |
|
| 365 | - throw new ProviderException('Recipient not in receiving group'); |
|
| 366 | - } |
|
| 367 | - |
|
| 368 | - // Try to fetch user specific share |
|
| 369 | - $qb = $this->dbConn->getQueryBuilder(); |
|
| 370 | - $stmt = $qb->select('*') |
|
| 371 | - ->from('share') |
|
| 372 | - ->where($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_USERGROUP))) |
|
| 373 | - ->andWhere($qb->expr()->eq('share_with', $qb->createNamedParameter($recipient))) |
|
| 374 | - ->andWhere($qb->expr()->eq('parent', $qb->createNamedParameter($share->getId()))) |
|
| 375 | - ->andWhere($qb->expr()->orX( |
|
| 376 | - $qb->expr()->eq('item_type', $qb->createNamedParameter('file')), |
|
| 377 | - $qb->expr()->eq('item_type', $qb->createNamedParameter('folder')) |
|
| 378 | - )) |
|
| 379 | - ->execute(); |
|
| 380 | - |
|
| 381 | - $data = $stmt->fetch(); |
|
| 382 | - $stmt->closeCursor(); |
|
| 383 | - |
|
| 384 | - /* |
|
| 312 | + $qb = $this->dbConn->getQueryBuilder(); |
|
| 313 | + $qb->update('share') |
|
| 314 | + ->where($qb->expr()->eq('parent', $qb->createNamedParameter($share->getId()))) |
|
| 315 | + ->andWhere($qb->expr()->neq('permissions', $qb->createNamedParameter(0))) |
|
| 316 | + ->set('permissions', $qb->createNamedParameter($share->getPermissions())) |
|
| 317 | + ->set('attributes', $qb->createNamedParameter($shareAttributes)) |
|
| 318 | + ->execute(); |
|
| 319 | + } elseif ($share->getShareType() === IShare::TYPE_LINK) { |
|
| 320 | + $qb = $this->dbConn->getQueryBuilder(); |
|
| 321 | + $qb->update('share') |
|
| 322 | + ->where($qb->expr()->eq('id', $qb->createNamedParameter($share->getId()))) |
|
| 323 | + ->set('password', $qb->createNamedParameter($share->getPassword())) |
|
| 324 | + ->set('password_by_talk', $qb->createNamedParameter($share->getSendPasswordByTalk(), IQueryBuilder::PARAM_BOOL)) |
|
| 325 | + ->set('uid_owner', $qb->createNamedParameter($share->getShareOwner())) |
|
| 326 | + ->set('uid_initiator', $qb->createNamedParameter($share->getSharedBy())) |
|
| 327 | + ->set('permissions', $qb->createNamedParameter($share->getPermissions())) |
|
| 328 | + ->set('attributes', $qb->createNamedParameter($shareAttributes)) |
|
| 329 | + ->set('item_source', $qb->createNamedParameter($share->getNode()->getId())) |
|
| 330 | + ->set('file_source', $qb->createNamedParameter($share->getNode()->getId())) |
|
| 331 | + ->set('token', $qb->createNamedParameter($share->getToken())) |
|
| 332 | + ->set('expiration', $qb->createNamedParameter($share->getExpirationDate(), IQueryBuilder::PARAM_DATE)) |
|
| 333 | + ->set('note', $qb->createNamedParameter($share->getNote())) |
|
| 334 | + ->set('label', $qb->createNamedParameter($share->getLabel())) |
|
| 335 | + ->set('hide_download', $qb->createNamedParameter($share->getHideDownload() ? 1 : 0), IQueryBuilder::PARAM_INT) |
|
| 336 | + ->execute(); |
|
| 337 | + } |
|
| 338 | + |
|
| 339 | + if ($originalShare->getNote() !== $share->getNote() && $share->getNote() !== '') { |
|
| 340 | + $this->propagateNote($share); |
|
| 341 | + } |
|
| 342 | + |
|
| 343 | + |
|
| 344 | + return $share; |
|
| 345 | + } |
|
| 346 | + |
|
| 347 | + /** |
|
| 348 | + * Accept a share. |
|
| 349 | + * |
|
| 350 | + * @param IShare $share |
|
| 351 | + * @param string $recipient |
|
| 352 | + * @return IShare The share object |
|
| 353 | + * @since 9.0.0 |
|
| 354 | + */ |
|
| 355 | + public function acceptShare(IShare $share, string $recipient): IShare { |
|
| 356 | + if ($share->getShareType() === IShare::TYPE_GROUP) { |
|
| 357 | + $group = $this->groupManager->get($share->getSharedWith()); |
|
| 358 | + $user = $this->userManager->get($recipient); |
|
| 359 | + |
|
| 360 | + if (is_null($group)) { |
|
| 361 | + throw new ProviderException('Group "' . $share->getSharedWith() . '" does not exist'); |
|
| 362 | + } |
|
| 363 | + |
|
| 364 | + if (!$group->inGroup($user)) { |
|
| 365 | + throw new ProviderException('Recipient not in receiving group'); |
|
| 366 | + } |
|
| 367 | + |
|
| 368 | + // Try to fetch user specific share |
|
| 369 | + $qb = $this->dbConn->getQueryBuilder(); |
|
| 370 | + $stmt = $qb->select('*') |
|
| 371 | + ->from('share') |
|
| 372 | + ->where($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_USERGROUP))) |
|
| 373 | + ->andWhere($qb->expr()->eq('share_with', $qb->createNamedParameter($recipient))) |
|
| 374 | + ->andWhere($qb->expr()->eq('parent', $qb->createNamedParameter($share->getId()))) |
|
| 375 | + ->andWhere($qb->expr()->orX( |
|
| 376 | + $qb->expr()->eq('item_type', $qb->createNamedParameter('file')), |
|
| 377 | + $qb->expr()->eq('item_type', $qb->createNamedParameter('folder')) |
|
| 378 | + )) |
|
| 379 | + ->execute(); |
|
| 380 | + |
|
| 381 | + $data = $stmt->fetch(); |
|
| 382 | + $stmt->closeCursor(); |
|
| 383 | + |
|
| 384 | + /* |
|
| 385 | 385 | * Check if there already is a user specific group share. |
| 386 | 386 | * If there is update it (if required). |
| 387 | 387 | */ |
| 388 | - if ($data === false) { |
|
| 389 | - $id = $this->createUserSpecificGroupShare($share, $recipient); |
|
| 390 | - } else { |
|
| 391 | - $id = $data['id']; |
|
| 392 | - } |
|
| 393 | - } elseif ($share->getShareType() === IShare::TYPE_USER) { |
|
| 394 | - if ($share->getSharedWith() !== $recipient) { |
|
| 395 | - throw new ProviderException('Recipient does not match'); |
|
| 396 | - } |
|
| 397 | - |
|
| 398 | - $id = $share->getId(); |
|
| 399 | - } else { |
|
| 400 | - throw new ProviderException('Invalid shareType'); |
|
| 401 | - } |
|
| 402 | - |
|
| 403 | - $qb = $this->dbConn->getQueryBuilder(); |
|
| 404 | - $qb->update('share') |
|
| 405 | - ->set('accepted', $qb->createNamedParameter(IShare::STATUS_ACCEPTED)) |
|
| 406 | - ->where($qb->expr()->eq('id', $qb->createNamedParameter($id))) |
|
| 407 | - ->execute(); |
|
| 408 | - |
|
| 409 | - return $share; |
|
| 410 | - } |
|
| 411 | - |
|
| 412 | - /** |
|
| 413 | - * Get all children of this share |
|
| 414 | - * FIXME: remove once https://github.com/owncloud/core/pull/21660 is in |
|
| 415 | - * |
|
| 416 | - * @param \OCP\Share\IShare $parent |
|
| 417 | - * @return \OCP\Share\IShare[] |
|
| 418 | - */ |
|
| 419 | - public function getChildren(\OCP\Share\IShare $parent) { |
|
| 420 | - $children = []; |
|
| 421 | - |
|
| 422 | - $qb = $this->dbConn->getQueryBuilder(); |
|
| 423 | - $qb->select('*') |
|
| 424 | - ->from('share') |
|
| 425 | - ->where($qb->expr()->eq('parent', $qb->createNamedParameter($parent->getId()))) |
|
| 426 | - ->andWhere( |
|
| 427 | - $qb->expr()->in( |
|
| 428 | - 'share_type', |
|
| 429 | - $qb->createNamedParameter([ |
|
| 430 | - IShare::TYPE_USER, |
|
| 431 | - IShare::TYPE_GROUP, |
|
| 432 | - IShare::TYPE_LINK, |
|
| 433 | - ], IQueryBuilder::PARAM_INT_ARRAY) |
|
| 434 | - ) |
|
| 435 | - ) |
|
| 436 | - ->andWhere($qb->expr()->orX( |
|
| 437 | - $qb->expr()->eq('item_type', $qb->createNamedParameter('file')), |
|
| 438 | - $qb->expr()->eq('item_type', $qb->createNamedParameter('folder')) |
|
| 439 | - )) |
|
| 440 | - ->orderBy('id'); |
|
| 441 | - |
|
| 442 | - $cursor = $qb->execute(); |
|
| 443 | - while ($data = $cursor->fetch()) { |
|
| 444 | - $children[] = $this->createShare($data); |
|
| 445 | - } |
|
| 446 | - $cursor->closeCursor(); |
|
| 447 | - |
|
| 448 | - return $children; |
|
| 449 | - } |
|
| 450 | - |
|
| 451 | - /** |
|
| 452 | - * Delete a share |
|
| 453 | - * |
|
| 454 | - * @param \OCP\Share\IShare $share |
|
| 455 | - */ |
|
| 456 | - public function delete(\OCP\Share\IShare $share) { |
|
| 457 | - $qb = $this->dbConn->getQueryBuilder(); |
|
| 458 | - $qb->delete('share') |
|
| 459 | - ->where($qb->expr()->eq('id', $qb->createNamedParameter($share->getId()))); |
|
| 460 | - |
|
| 461 | - /* |
|
| 388 | + if ($data === false) { |
|
| 389 | + $id = $this->createUserSpecificGroupShare($share, $recipient); |
|
| 390 | + } else { |
|
| 391 | + $id = $data['id']; |
|
| 392 | + } |
|
| 393 | + } elseif ($share->getShareType() === IShare::TYPE_USER) { |
|
| 394 | + if ($share->getSharedWith() !== $recipient) { |
|
| 395 | + throw new ProviderException('Recipient does not match'); |
|
| 396 | + } |
|
| 397 | + |
|
| 398 | + $id = $share->getId(); |
|
| 399 | + } else { |
|
| 400 | + throw new ProviderException('Invalid shareType'); |
|
| 401 | + } |
|
| 402 | + |
|
| 403 | + $qb = $this->dbConn->getQueryBuilder(); |
|
| 404 | + $qb->update('share') |
|
| 405 | + ->set('accepted', $qb->createNamedParameter(IShare::STATUS_ACCEPTED)) |
|
| 406 | + ->where($qb->expr()->eq('id', $qb->createNamedParameter($id))) |
|
| 407 | + ->execute(); |
|
| 408 | + |
|
| 409 | + return $share; |
|
| 410 | + } |
|
| 411 | + |
|
| 412 | + /** |
|
| 413 | + * Get all children of this share |
|
| 414 | + * FIXME: remove once https://github.com/owncloud/core/pull/21660 is in |
|
| 415 | + * |
|
| 416 | + * @param \OCP\Share\IShare $parent |
|
| 417 | + * @return \OCP\Share\IShare[] |
|
| 418 | + */ |
|
| 419 | + public function getChildren(\OCP\Share\IShare $parent) { |
|
| 420 | + $children = []; |
|
| 421 | + |
|
| 422 | + $qb = $this->dbConn->getQueryBuilder(); |
|
| 423 | + $qb->select('*') |
|
| 424 | + ->from('share') |
|
| 425 | + ->where($qb->expr()->eq('parent', $qb->createNamedParameter($parent->getId()))) |
|
| 426 | + ->andWhere( |
|
| 427 | + $qb->expr()->in( |
|
| 428 | + 'share_type', |
|
| 429 | + $qb->createNamedParameter([ |
|
| 430 | + IShare::TYPE_USER, |
|
| 431 | + IShare::TYPE_GROUP, |
|
| 432 | + IShare::TYPE_LINK, |
|
| 433 | + ], IQueryBuilder::PARAM_INT_ARRAY) |
|
| 434 | + ) |
|
| 435 | + ) |
|
| 436 | + ->andWhere($qb->expr()->orX( |
|
| 437 | + $qb->expr()->eq('item_type', $qb->createNamedParameter('file')), |
|
| 438 | + $qb->expr()->eq('item_type', $qb->createNamedParameter('folder')) |
|
| 439 | + )) |
|
| 440 | + ->orderBy('id'); |
|
| 441 | + |
|
| 442 | + $cursor = $qb->execute(); |
|
| 443 | + while ($data = $cursor->fetch()) { |
|
| 444 | + $children[] = $this->createShare($data); |
|
| 445 | + } |
|
| 446 | + $cursor->closeCursor(); |
|
| 447 | + |
|
| 448 | + return $children; |
|
| 449 | + } |
|
| 450 | + |
|
| 451 | + /** |
|
| 452 | + * Delete a share |
|
| 453 | + * |
|
| 454 | + * @param \OCP\Share\IShare $share |
|
| 455 | + */ |
|
| 456 | + public function delete(\OCP\Share\IShare $share) { |
|
| 457 | + $qb = $this->dbConn->getQueryBuilder(); |
|
| 458 | + $qb->delete('share') |
|
| 459 | + ->where($qb->expr()->eq('id', $qb->createNamedParameter($share->getId()))); |
|
| 460 | + |
|
| 461 | + /* |
|
| 462 | 462 | * If the share is a group share delete all possible |
| 463 | 463 | * user defined groups shares. |
| 464 | 464 | */ |
| 465 | - if ($share->getShareType() === IShare::TYPE_GROUP) { |
|
| 466 | - $qb->orWhere($qb->expr()->eq('parent', $qb->createNamedParameter($share->getId()))); |
|
| 467 | - } |
|
| 468 | - |
|
| 469 | - $qb->execute(); |
|
| 470 | - } |
|
| 471 | - |
|
| 472 | - /** |
|
| 473 | - * Unshare a share from the recipient. If this is a group share |
|
| 474 | - * this means we need a special entry in the share db. |
|
| 475 | - * |
|
| 476 | - * @param IShare $share |
|
| 477 | - * @param string $recipient UserId of recipient |
|
| 478 | - * @throws BackendError |
|
| 479 | - * @throws ProviderException |
|
| 480 | - */ |
|
| 481 | - public function deleteFromSelf(IShare $share, $recipient) { |
|
| 482 | - if ($share->getShareType() === IShare::TYPE_GROUP) { |
|
| 483 | - $group = $this->groupManager->get($share->getSharedWith()); |
|
| 484 | - $user = $this->userManager->get($recipient); |
|
| 485 | - |
|
| 486 | - if (is_null($group)) { |
|
| 487 | - throw new ProviderException('Group "' . $share->getSharedWith() . '" does not exist'); |
|
| 488 | - } |
|
| 489 | - |
|
| 490 | - if (!$group->inGroup($user)) { |
|
| 491 | - // nothing left to do |
|
| 492 | - return; |
|
| 493 | - } |
|
| 494 | - |
|
| 495 | - // Try to fetch user specific share |
|
| 496 | - $qb = $this->dbConn->getQueryBuilder(); |
|
| 497 | - $stmt = $qb->select('*') |
|
| 498 | - ->from('share') |
|
| 499 | - ->where($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_USERGROUP))) |
|
| 500 | - ->andWhere($qb->expr()->eq('share_with', $qb->createNamedParameter($recipient))) |
|
| 501 | - ->andWhere($qb->expr()->eq('parent', $qb->createNamedParameter($share->getId()))) |
|
| 502 | - ->andWhere($qb->expr()->orX( |
|
| 503 | - $qb->expr()->eq('item_type', $qb->createNamedParameter('file')), |
|
| 504 | - $qb->expr()->eq('item_type', $qb->createNamedParameter('folder')) |
|
| 505 | - )) |
|
| 506 | - ->execute(); |
|
| 507 | - |
|
| 508 | - $data = $stmt->fetch(); |
|
| 509 | - |
|
| 510 | - /* |
|
| 465 | + if ($share->getShareType() === IShare::TYPE_GROUP) { |
|
| 466 | + $qb->orWhere($qb->expr()->eq('parent', $qb->createNamedParameter($share->getId()))); |
|
| 467 | + } |
|
| 468 | + |
|
| 469 | + $qb->execute(); |
|
| 470 | + } |
|
| 471 | + |
|
| 472 | + /** |
|
| 473 | + * Unshare a share from the recipient. If this is a group share |
|
| 474 | + * this means we need a special entry in the share db. |
|
| 475 | + * |
|
| 476 | + * @param IShare $share |
|
| 477 | + * @param string $recipient UserId of recipient |
|
| 478 | + * @throws BackendError |
|
| 479 | + * @throws ProviderException |
|
| 480 | + */ |
|
| 481 | + public function deleteFromSelf(IShare $share, $recipient) { |
|
| 482 | + if ($share->getShareType() === IShare::TYPE_GROUP) { |
|
| 483 | + $group = $this->groupManager->get($share->getSharedWith()); |
|
| 484 | + $user = $this->userManager->get($recipient); |
|
| 485 | + |
|
| 486 | + if (is_null($group)) { |
|
| 487 | + throw new ProviderException('Group "' . $share->getSharedWith() . '" does not exist'); |
|
| 488 | + } |
|
| 489 | + |
|
| 490 | + if (!$group->inGroup($user)) { |
|
| 491 | + // nothing left to do |
|
| 492 | + return; |
|
| 493 | + } |
|
| 494 | + |
|
| 495 | + // Try to fetch user specific share |
|
| 496 | + $qb = $this->dbConn->getQueryBuilder(); |
|
| 497 | + $stmt = $qb->select('*') |
|
| 498 | + ->from('share') |
|
| 499 | + ->where($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_USERGROUP))) |
|
| 500 | + ->andWhere($qb->expr()->eq('share_with', $qb->createNamedParameter($recipient))) |
|
| 501 | + ->andWhere($qb->expr()->eq('parent', $qb->createNamedParameter($share->getId()))) |
|
| 502 | + ->andWhere($qb->expr()->orX( |
|
| 503 | + $qb->expr()->eq('item_type', $qb->createNamedParameter('file')), |
|
| 504 | + $qb->expr()->eq('item_type', $qb->createNamedParameter('folder')) |
|
| 505 | + )) |
|
| 506 | + ->execute(); |
|
| 507 | + |
|
| 508 | + $data = $stmt->fetch(); |
|
| 509 | + |
|
| 510 | + /* |
|
| 511 | 511 | * Check if there already is a user specific group share. |
| 512 | 512 | * If there is update it (if required). |
| 513 | 513 | */ |
| 514 | - if ($data === false) { |
|
| 515 | - $id = $this->createUserSpecificGroupShare($share, $recipient); |
|
| 516 | - $permissions = $share->getPermissions(); |
|
| 517 | - } else { |
|
| 518 | - $permissions = $data['permissions']; |
|
| 519 | - $id = $data['id']; |
|
| 520 | - } |
|
| 521 | - |
|
| 522 | - if ($permissions !== 0) { |
|
| 523 | - // Update existing usergroup share |
|
| 524 | - $qb = $this->dbConn->getQueryBuilder(); |
|
| 525 | - $qb->update('share') |
|
| 526 | - ->set('permissions', $qb->createNamedParameter(0)) |
|
| 527 | - ->where($qb->expr()->eq('id', $qb->createNamedParameter($id))) |
|
| 528 | - ->execute(); |
|
| 529 | - } |
|
| 530 | - } elseif ($share->getShareType() === IShare::TYPE_USER) { |
|
| 531 | - if ($share->getSharedWith() !== $recipient) { |
|
| 532 | - throw new ProviderException('Recipient does not match'); |
|
| 533 | - } |
|
| 534 | - |
|
| 535 | - // We can just delete user and link shares |
|
| 536 | - $this->delete($share); |
|
| 537 | - } else { |
|
| 538 | - throw new ProviderException('Invalid shareType'); |
|
| 539 | - } |
|
| 540 | - } |
|
| 541 | - |
|
| 542 | - protected function createUserSpecificGroupShare(IShare $share, string $recipient): int { |
|
| 543 | - $type = $share->getNodeType(); |
|
| 544 | - |
|
| 545 | - $qb = $this->dbConn->getQueryBuilder(); |
|
| 546 | - $qb->insert('share') |
|
| 547 | - ->values([ |
|
| 548 | - 'share_type' => $qb->createNamedParameter(IShare::TYPE_USERGROUP), |
|
| 549 | - 'share_with' => $qb->createNamedParameter($recipient), |
|
| 550 | - 'uid_owner' => $qb->createNamedParameter($share->getShareOwner()), |
|
| 551 | - 'uid_initiator' => $qb->createNamedParameter($share->getSharedBy()), |
|
| 552 | - 'parent' => $qb->createNamedParameter($share->getId()), |
|
| 553 | - 'item_type' => $qb->createNamedParameter($type), |
|
| 554 | - 'item_source' => $qb->createNamedParameter($share->getNodeId()), |
|
| 555 | - 'file_source' => $qb->createNamedParameter($share->getNodeId()), |
|
| 556 | - 'file_target' => $qb->createNamedParameter($share->getTarget()), |
|
| 557 | - 'permissions' => $qb->createNamedParameter($share->getPermissions()), |
|
| 558 | - 'stime' => $qb->createNamedParameter($share->getShareTime()->getTimestamp()), |
|
| 559 | - ])->execute(); |
|
| 560 | - |
|
| 561 | - return $qb->getLastInsertId(); |
|
| 562 | - } |
|
| 563 | - |
|
| 564 | - /** |
|
| 565 | - * @inheritdoc |
|
| 566 | - * |
|
| 567 | - * For now this only works for group shares |
|
| 568 | - * If this gets implemented for normal shares we have to extend it |
|
| 569 | - */ |
|
| 570 | - public function restore(IShare $share, string $recipient): IShare { |
|
| 571 | - $qb = $this->dbConn->getQueryBuilder(); |
|
| 572 | - $qb->select('permissions') |
|
| 573 | - ->from('share') |
|
| 574 | - ->where( |
|
| 575 | - $qb->expr()->eq('id', $qb->createNamedParameter($share->getId())) |
|
| 576 | - ); |
|
| 577 | - $cursor = $qb->execute(); |
|
| 578 | - $data = $cursor->fetch(); |
|
| 579 | - $cursor->closeCursor(); |
|
| 580 | - |
|
| 581 | - $originalPermission = $data['permissions']; |
|
| 582 | - |
|
| 583 | - $qb = $this->dbConn->getQueryBuilder(); |
|
| 584 | - $qb->update('share') |
|
| 585 | - ->set('permissions', $qb->createNamedParameter($originalPermission)) |
|
| 586 | - ->where( |
|
| 587 | - $qb->expr()->eq('parent', $qb->createNamedParameter($share->getParent())) |
|
| 588 | - )->andWhere( |
|
| 589 | - $qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_USERGROUP)) |
|
| 590 | - )->andWhere( |
|
| 591 | - $qb->expr()->eq('share_with', $qb->createNamedParameter($recipient)) |
|
| 592 | - ); |
|
| 593 | - |
|
| 594 | - $qb->execute(); |
|
| 595 | - |
|
| 596 | - return $this->getShareById($share->getId(), $recipient); |
|
| 597 | - } |
|
| 598 | - |
|
| 599 | - /** |
|
| 600 | - * @inheritdoc |
|
| 601 | - */ |
|
| 602 | - public function move(\OCP\Share\IShare $share, $recipient) { |
|
| 603 | - if ($share->getShareType() === IShare::TYPE_USER) { |
|
| 604 | - // Just update the target |
|
| 605 | - $qb = $this->dbConn->getQueryBuilder(); |
|
| 606 | - $qb->update('share') |
|
| 607 | - ->set('file_target', $qb->createNamedParameter($share->getTarget())) |
|
| 608 | - ->where($qb->expr()->eq('id', $qb->createNamedParameter($share->getId()))) |
|
| 609 | - ->execute(); |
|
| 610 | - } elseif ($share->getShareType() === IShare::TYPE_GROUP) { |
|
| 611 | - // Check if there is a usergroup share |
|
| 612 | - $qb = $this->dbConn->getQueryBuilder(); |
|
| 613 | - $stmt = $qb->select('id') |
|
| 614 | - ->from('share') |
|
| 615 | - ->where($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_USERGROUP))) |
|
| 616 | - ->andWhere($qb->expr()->eq('share_with', $qb->createNamedParameter($recipient))) |
|
| 617 | - ->andWhere($qb->expr()->eq('parent', $qb->createNamedParameter($share->getId()))) |
|
| 618 | - ->andWhere($qb->expr()->orX( |
|
| 619 | - $qb->expr()->eq('item_type', $qb->createNamedParameter('file')), |
|
| 620 | - $qb->expr()->eq('item_type', $qb->createNamedParameter('folder')) |
|
| 621 | - )) |
|
| 622 | - ->setMaxResults(1) |
|
| 623 | - ->execute(); |
|
| 624 | - |
|
| 625 | - $data = $stmt->fetch(); |
|
| 626 | - $stmt->closeCursor(); |
|
| 627 | - |
|
| 628 | - $shareAttributes = $this->formatShareAttributes( |
|
| 629 | - $share->getAttributes() |
|
| 630 | - ); |
|
| 631 | - |
|
| 632 | - if ($data === false) { |
|
| 633 | - // No usergroup share yet. Create one. |
|
| 634 | - $qb = $this->dbConn->getQueryBuilder(); |
|
| 635 | - $qb->insert('share') |
|
| 636 | - ->values([ |
|
| 637 | - 'share_type' => $qb->createNamedParameter(IShare::TYPE_USERGROUP), |
|
| 638 | - 'share_with' => $qb->createNamedParameter($recipient), |
|
| 639 | - 'uid_owner' => $qb->createNamedParameter($share->getShareOwner()), |
|
| 640 | - 'uid_initiator' => $qb->createNamedParameter($share->getSharedBy()), |
|
| 641 | - 'parent' => $qb->createNamedParameter($share->getId()), |
|
| 642 | - 'item_type' => $qb->createNamedParameter($share->getNodeType()), |
|
| 643 | - 'item_source' => $qb->createNamedParameter($share->getNodeId()), |
|
| 644 | - 'file_source' => $qb->createNamedParameter($share->getNodeId()), |
|
| 645 | - 'file_target' => $qb->createNamedParameter($share->getTarget()), |
|
| 646 | - 'permissions' => $qb->createNamedParameter($share->getPermissions()), |
|
| 647 | - 'attributes' => $qb->createNamedParameter($shareAttributes), |
|
| 648 | - 'stime' => $qb->createNamedParameter($share->getShareTime()->getTimestamp()), |
|
| 649 | - ])->execute(); |
|
| 650 | - } else { |
|
| 651 | - // Already a usergroup share. Update it. |
|
| 652 | - $qb = $this->dbConn->getQueryBuilder(); |
|
| 653 | - $qb->update('share') |
|
| 654 | - ->set('file_target', $qb->createNamedParameter($share->getTarget())) |
|
| 655 | - ->where($qb->expr()->eq('id', $qb->createNamedParameter($data['id']))) |
|
| 656 | - ->execute(); |
|
| 657 | - } |
|
| 658 | - } |
|
| 659 | - |
|
| 660 | - return $share; |
|
| 661 | - } |
|
| 662 | - |
|
| 663 | - public function getSharesInFolder($userId, Folder $node, $reshares, $shallow = true) { |
|
| 664 | - $qb = $this->dbConn->getQueryBuilder(); |
|
| 665 | - $qb->select('s.*', |
|
| 666 | - 'f.fileid', 'f.path', 'f.permissions AS f_permissions', 'f.storage', 'f.path_hash', |
|
| 667 | - 'f.parent AS f_parent', 'f.name', 'f.mimetype', 'f.mimepart', 'f.size', 'f.mtime', 'f.storage_mtime', |
|
| 668 | - 'f.encrypted', 'f.unencrypted_size', 'f.etag', 'f.checksum') |
|
| 669 | - ->from('share', 's') |
|
| 670 | - ->andWhere($qb->expr()->orX( |
|
| 671 | - $qb->expr()->eq('item_type', $qb->createNamedParameter('file')), |
|
| 672 | - $qb->expr()->eq('item_type', $qb->createNamedParameter('folder')) |
|
| 673 | - )); |
|
| 674 | - |
|
| 675 | - $qb->andWhere($qb->expr()->orX( |
|
| 676 | - $qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_USER)), |
|
| 677 | - $qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_GROUP)), |
|
| 678 | - $qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_LINK)) |
|
| 679 | - )); |
|
| 680 | - |
|
| 681 | - /** |
|
| 682 | - * Reshares for this user are shares where they are the owner. |
|
| 683 | - */ |
|
| 684 | - if ($reshares === false) { |
|
| 685 | - $qb->andWhere($qb->expr()->eq('uid_initiator', $qb->createNamedParameter($userId))); |
|
| 686 | - } else { |
|
| 687 | - $qb->andWhere( |
|
| 688 | - $qb->expr()->orX( |
|
| 689 | - $qb->expr()->eq('uid_owner', $qb->createNamedParameter($userId)), |
|
| 690 | - $qb->expr()->eq('uid_initiator', $qb->createNamedParameter($userId)) |
|
| 691 | - ) |
|
| 692 | - ); |
|
| 693 | - } |
|
| 694 | - |
|
| 695 | - // todo? maybe get these from the oc_mounts table |
|
| 696 | - $childMountNodes = array_filter($node->getDirectoryListing(), function (Node $node): bool { |
|
| 697 | - return $node->getInternalPath() === ''; |
|
| 698 | - }); |
|
| 699 | - $childMountRootIds = array_map(function (Node $node): int { |
|
| 700 | - return $node->getId(); |
|
| 701 | - }, $childMountNodes); |
|
| 702 | - |
|
| 703 | - $qb->innerJoin('s', 'filecache', 'f', $qb->expr()->eq('s.file_source', 'f.fileid')); |
|
| 704 | - if ($shallow) { |
|
| 705 | - $qb->andWhere( |
|
| 706 | - $qb->expr()->orX( |
|
| 707 | - $qb->expr()->eq('f.parent', $qb->createNamedParameter($node->getId())), |
|
| 708 | - $qb->expr()->in('f.fileid', $qb->createParameter('chunk')) |
|
| 709 | - ) |
|
| 710 | - ); |
|
| 711 | - } else { |
|
| 712 | - $qb->andWhere( |
|
| 713 | - $qb->expr()->orX( |
|
| 714 | - $qb->expr()->like('f.path', $qb->createNamedParameter($this->dbConn->escapeLikeParameter($node->getInternalPath()) . '/%')), |
|
| 715 | - $qb->expr()->in('f.fileid', $qb->createParameter('chunk')) |
|
| 716 | - ) |
|
| 717 | - ); |
|
| 718 | - } |
|
| 719 | - |
|
| 720 | - $qb->orderBy('id'); |
|
| 721 | - |
|
| 722 | - $shares = []; |
|
| 723 | - |
|
| 724 | - $chunks = array_chunk($childMountRootIds, 1000); |
|
| 725 | - |
|
| 726 | - // Force the request to be run when there is 0 mount. |
|
| 727 | - if (count($chunks) === 0) { |
|
| 728 | - $chunks = [[]]; |
|
| 729 | - } |
|
| 730 | - |
|
| 731 | - foreach ($chunks as $chunk) { |
|
| 732 | - $qb->setParameter('chunk', $chunk, IQueryBuilder::PARAM_INT_ARRAY); |
|
| 733 | - $cursor = $qb->executeQuery(); |
|
| 734 | - while ($data = $cursor->fetch()) { |
|
| 735 | - $shares[$data['fileid']][] = $this->createShare($data); |
|
| 736 | - } |
|
| 737 | - $cursor->closeCursor(); |
|
| 738 | - } |
|
| 739 | - |
|
| 740 | - return $shares; |
|
| 741 | - } |
|
| 742 | - |
|
| 743 | - /** |
|
| 744 | - * @inheritdoc |
|
| 745 | - */ |
|
| 746 | - public function getSharesBy($userId, $shareType, $node, $reshares, $limit, $offset) { |
|
| 747 | - $qb = $this->dbConn->getQueryBuilder(); |
|
| 748 | - $qb->select('*') |
|
| 749 | - ->from('share') |
|
| 750 | - ->andWhere($qb->expr()->orX( |
|
| 751 | - $qb->expr()->eq('item_type', $qb->createNamedParameter('file')), |
|
| 752 | - $qb->expr()->eq('item_type', $qb->createNamedParameter('folder')) |
|
| 753 | - )); |
|
| 754 | - |
|
| 755 | - $qb->andWhere($qb->expr()->eq('share_type', $qb->createNamedParameter($shareType))); |
|
| 756 | - |
|
| 757 | - /** |
|
| 758 | - * Reshares for this user are shares where they are the owner. |
|
| 759 | - */ |
|
| 760 | - if ($reshares === false) { |
|
| 761 | - $qb->andWhere($qb->expr()->eq('uid_initiator', $qb->createNamedParameter($userId))); |
|
| 762 | - } else { |
|
| 763 | - if ($node === null) { |
|
| 764 | - $qb->andWhere( |
|
| 765 | - $qb->expr()->orX( |
|
| 766 | - $qb->expr()->eq('uid_owner', $qb->createNamedParameter($userId)), |
|
| 767 | - $qb->expr()->eq('uid_initiator', $qb->createNamedParameter($userId)) |
|
| 768 | - ) |
|
| 769 | - ); |
|
| 770 | - } |
|
| 771 | - } |
|
| 772 | - |
|
| 773 | - if ($node !== null) { |
|
| 774 | - $qb->andWhere($qb->expr()->eq('file_source', $qb->createNamedParameter($node->getId()))); |
|
| 775 | - } |
|
| 776 | - |
|
| 777 | - if ($limit !== -1) { |
|
| 778 | - $qb->setMaxResults($limit); |
|
| 779 | - } |
|
| 780 | - |
|
| 781 | - $qb->setFirstResult($offset); |
|
| 782 | - $qb->orderBy('id'); |
|
| 783 | - |
|
| 784 | - $cursor = $qb->execute(); |
|
| 785 | - $shares = []; |
|
| 786 | - while ($data = $cursor->fetch()) { |
|
| 787 | - $shares[] = $this->createShare($data); |
|
| 788 | - } |
|
| 789 | - $cursor->closeCursor(); |
|
| 790 | - |
|
| 791 | - return $shares; |
|
| 792 | - } |
|
| 793 | - |
|
| 794 | - /** |
|
| 795 | - * @inheritdoc |
|
| 796 | - */ |
|
| 797 | - public function getShareById($id, $recipientId = null) { |
|
| 798 | - $qb = $this->dbConn->getQueryBuilder(); |
|
| 799 | - |
|
| 800 | - $qb->select('*') |
|
| 801 | - ->from('share') |
|
| 802 | - ->where($qb->expr()->eq('id', $qb->createNamedParameter($id))) |
|
| 803 | - ->andWhere( |
|
| 804 | - $qb->expr()->in( |
|
| 805 | - 'share_type', |
|
| 806 | - $qb->createNamedParameter([ |
|
| 807 | - IShare::TYPE_USER, |
|
| 808 | - IShare::TYPE_GROUP, |
|
| 809 | - IShare::TYPE_LINK, |
|
| 810 | - ], IQueryBuilder::PARAM_INT_ARRAY) |
|
| 811 | - ) |
|
| 812 | - ) |
|
| 813 | - ->andWhere($qb->expr()->orX( |
|
| 814 | - $qb->expr()->eq('item_type', $qb->createNamedParameter('file')), |
|
| 815 | - $qb->expr()->eq('item_type', $qb->createNamedParameter('folder')) |
|
| 816 | - )); |
|
| 817 | - |
|
| 818 | - $cursor = $qb->execute(); |
|
| 819 | - $data = $cursor->fetch(); |
|
| 820 | - $cursor->closeCursor(); |
|
| 821 | - |
|
| 822 | - if ($data === false) { |
|
| 823 | - throw new ShareNotFound(); |
|
| 824 | - } |
|
| 825 | - |
|
| 826 | - try { |
|
| 827 | - $share = $this->createShare($data); |
|
| 828 | - } catch (InvalidShare $e) { |
|
| 829 | - throw new ShareNotFound(); |
|
| 830 | - } |
|
| 831 | - |
|
| 832 | - // If the recipient is set for a group share resolve to that user |
|
| 833 | - if ($recipientId !== null && $share->getShareType() === IShare::TYPE_GROUP) { |
|
| 834 | - $share = $this->resolveGroupShares([$share], $recipientId)[0]; |
|
| 835 | - } |
|
| 836 | - |
|
| 837 | - return $share; |
|
| 838 | - } |
|
| 839 | - |
|
| 840 | - /** |
|
| 841 | - * Get shares for a given path |
|
| 842 | - * |
|
| 843 | - * @param \OCP\Files\Node $path |
|
| 844 | - * @return \OCP\Share\IShare[] |
|
| 845 | - */ |
|
| 846 | - public function getSharesByPath(Node $path) { |
|
| 847 | - $qb = $this->dbConn->getQueryBuilder(); |
|
| 848 | - |
|
| 849 | - $cursor = $qb->select('*') |
|
| 850 | - ->from('share') |
|
| 851 | - ->andWhere($qb->expr()->eq('file_source', $qb->createNamedParameter($path->getId()))) |
|
| 852 | - ->andWhere( |
|
| 853 | - $qb->expr()->orX( |
|
| 854 | - $qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_USER)), |
|
| 855 | - $qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_GROUP)) |
|
| 856 | - ) |
|
| 857 | - ) |
|
| 858 | - ->andWhere($qb->expr()->orX( |
|
| 859 | - $qb->expr()->eq('item_type', $qb->createNamedParameter('file')), |
|
| 860 | - $qb->expr()->eq('item_type', $qb->createNamedParameter('folder')) |
|
| 861 | - )) |
|
| 862 | - ->execute(); |
|
| 863 | - |
|
| 864 | - $shares = []; |
|
| 865 | - while ($data = $cursor->fetch()) { |
|
| 866 | - $shares[] = $this->createShare($data); |
|
| 867 | - } |
|
| 868 | - $cursor->closeCursor(); |
|
| 869 | - |
|
| 870 | - return $shares; |
|
| 871 | - } |
|
| 872 | - |
|
| 873 | - /** |
|
| 874 | - * Returns whether the given database result can be interpreted as |
|
| 875 | - * a share with accessible file (not trashed, not deleted) |
|
| 876 | - */ |
|
| 877 | - private function isAccessibleResult($data) { |
|
| 878 | - // exclude shares leading to deleted file entries |
|
| 879 | - if ($data['fileid'] === null || $data['path'] === null) { |
|
| 880 | - return false; |
|
| 881 | - } |
|
| 882 | - |
|
| 883 | - // exclude shares leading to trashbin on home storages |
|
| 884 | - $pathSections = explode('/', $data['path'], 2); |
|
| 885 | - // FIXME: would not detect rare md5'd home storage case properly |
|
| 886 | - if ($pathSections[0] !== 'files' |
|
| 887 | - && (str_starts_with($data['storage_string_id'], 'home::') || str_starts_with($data['storage_string_id'], 'object::user'))) { |
|
| 888 | - return false; |
|
| 889 | - } elseif ($pathSections[0] === '__groupfolders' |
|
| 890 | - && str_starts_with($pathSections[1], 'trash/') |
|
| 891 | - ) { |
|
| 892 | - // exclude shares leading to trashbin on group folders storages |
|
| 893 | - return false; |
|
| 894 | - } |
|
| 895 | - return true; |
|
| 896 | - } |
|
| 897 | - |
|
| 898 | - /** |
|
| 899 | - * @inheritdoc |
|
| 900 | - */ |
|
| 901 | - public function getSharedWith($userId, $shareType, $node, $limit, $offset) { |
|
| 902 | - /** @var Share[] $shares */ |
|
| 903 | - $shares = []; |
|
| 904 | - |
|
| 905 | - if ($shareType === IShare::TYPE_USER) { |
|
| 906 | - //Get shares directly with this user |
|
| 907 | - $qb = $this->dbConn->getQueryBuilder(); |
|
| 908 | - $qb->select('s.*', |
|
| 909 | - 'f.fileid', 'f.path', 'f.permissions AS f_permissions', 'f.storage', 'f.path_hash', |
|
| 910 | - 'f.parent AS f_parent', 'f.name', 'f.mimetype', 'f.mimepart', 'f.size', 'f.mtime', 'f.storage_mtime', |
|
| 911 | - 'f.encrypted', 'f.unencrypted_size', 'f.etag', 'f.checksum' |
|
| 912 | - ) |
|
| 913 | - ->selectAlias('st.id', 'storage_string_id') |
|
| 914 | - ->from('share', 's') |
|
| 915 | - ->leftJoin('s', 'filecache', 'f', $qb->expr()->eq('s.file_source', 'f.fileid')) |
|
| 916 | - ->leftJoin('f', 'storages', 'st', $qb->expr()->eq('f.storage', 'st.numeric_id')); |
|
| 917 | - |
|
| 918 | - // Order by id |
|
| 919 | - $qb->orderBy('s.id'); |
|
| 920 | - |
|
| 921 | - // Set limit and offset |
|
| 922 | - if ($limit !== -1) { |
|
| 923 | - $qb->setMaxResults($limit); |
|
| 924 | - } |
|
| 925 | - $qb->setFirstResult($offset); |
|
| 926 | - |
|
| 927 | - $qb->where($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_USER))) |
|
| 928 | - ->andWhere($qb->expr()->eq('share_with', $qb->createNamedParameter($userId))) |
|
| 929 | - ->andWhere($qb->expr()->orX( |
|
| 930 | - $qb->expr()->eq('item_type', $qb->createNamedParameter('file')), |
|
| 931 | - $qb->expr()->eq('item_type', $qb->createNamedParameter('folder')) |
|
| 932 | - )); |
|
| 933 | - |
|
| 934 | - // Filter by node if provided |
|
| 935 | - if ($node !== null) { |
|
| 936 | - $qb->andWhere($qb->expr()->eq('file_source', $qb->createNamedParameter($node->getId()))); |
|
| 937 | - } |
|
| 938 | - |
|
| 939 | - $cursor = $qb->execute(); |
|
| 940 | - |
|
| 941 | - while ($data = $cursor->fetch()) { |
|
| 942 | - if ($data['fileid'] && $data['path'] === null) { |
|
| 943 | - $data['path'] = (string) $data['path']; |
|
| 944 | - $data['name'] = (string) $data['name']; |
|
| 945 | - $data['checksum'] = (string) $data['checksum']; |
|
| 946 | - } |
|
| 947 | - if ($this->isAccessibleResult($data)) { |
|
| 948 | - $shares[] = $this->createShare($data); |
|
| 949 | - } |
|
| 950 | - } |
|
| 951 | - $cursor->closeCursor(); |
|
| 952 | - } elseif ($shareType === IShare::TYPE_GROUP) { |
|
| 953 | - $user = $this->userManager->get($userId); |
|
| 954 | - $allGroups = ($user instanceof IUser) ? $this->groupManager->getUserGroupIds($user) : []; |
|
| 955 | - |
|
| 956 | - /** @var Share[] $shares2 */ |
|
| 957 | - $shares2 = []; |
|
| 958 | - |
|
| 959 | - $start = 0; |
|
| 960 | - while (true) { |
|
| 961 | - $groups = array_slice($allGroups, $start, 1000); |
|
| 962 | - $start += 1000; |
|
| 963 | - |
|
| 964 | - if ($groups === []) { |
|
| 965 | - break; |
|
| 966 | - } |
|
| 967 | - |
|
| 968 | - $qb = $this->dbConn->getQueryBuilder(); |
|
| 969 | - $qb->select('s.*', |
|
| 970 | - 'f.fileid', 'f.path', 'f.permissions AS f_permissions', 'f.storage', 'f.path_hash', |
|
| 971 | - 'f.parent AS f_parent', 'f.name', 'f.mimetype', 'f.mimepart', 'f.size', 'f.mtime', 'f.storage_mtime', |
|
| 972 | - 'f.encrypted', 'f.unencrypted_size', 'f.etag', 'f.checksum' |
|
| 973 | - ) |
|
| 974 | - ->selectAlias('st.id', 'storage_string_id') |
|
| 975 | - ->from('share', 's') |
|
| 976 | - ->leftJoin('s', 'filecache', 'f', $qb->expr()->eq('s.file_source', 'f.fileid')) |
|
| 977 | - ->leftJoin('f', 'storages', 'st', $qb->expr()->eq('f.storage', 'st.numeric_id')) |
|
| 978 | - ->orderBy('s.id') |
|
| 979 | - ->setFirstResult(0); |
|
| 980 | - |
|
| 981 | - if ($limit !== -1) { |
|
| 982 | - $qb->setMaxResults($limit - count($shares)); |
|
| 983 | - } |
|
| 984 | - |
|
| 985 | - // Filter by node if provided |
|
| 986 | - if ($node !== null) { |
|
| 987 | - $qb->andWhere($qb->expr()->eq('file_source', $qb->createNamedParameter($node->getId()))); |
|
| 988 | - } |
|
| 989 | - |
|
| 990 | - |
|
| 991 | - $groups = array_filter($groups); |
|
| 992 | - |
|
| 993 | - $qb->andWhere($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_GROUP))) |
|
| 994 | - ->andWhere($qb->expr()->in('share_with', $qb->createNamedParameter( |
|
| 995 | - $groups, |
|
| 996 | - IQueryBuilder::PARAM_STR_ARRAY |
|
| 997 | - ))) |
|
| 998 | - ->andWhere($qb->expr()->orX( |
|
| 999 | - $qb->expr()->eq('item_type', $qb->createNamedParameter('file')), |
|
| 1000 | - $qb->expr()->eq('item_type', $qb->createNamedParameter('folder')) |
|
| 1001 | - )); |
|
| 1002 | - |
|
| 1003 | - $cursor = $qb->execute(); |
|
| 1004 | - while ($data = $cursor->fetch()) { |
|
| 1005 | - if ($offset > 0) { |
|
| 1006 | - $offset--; |
|
| 1007 | - continue; |
|
| 1008 | - } |
|
| 1009 | - |
|
| 1010 | - if ($this->isAccessibleResult($data)) { |
|
| 1011 | - $shares2[] = $this->createShare($data); |
|
| 1012 | - } |
|
| 1013 | - } |
|
| 1014 | - $cursor->closeCursor(); |
|
| 1015 | - } |
|
| 1016 | - |
|
| 1017 | - /* |
|
| 514 | + if ($data === false) { |
|
| 515 | + $id = $this->createUserSpecificGroupShare($share, $recipient); |
|
| 516 | + $permissions = $share->getPermissions(); |
|
| 517 | + } else { |
|
| 518 | + $permissions = $data['permissions']; |
|
| 519 | + $id = $data['id']; |
|
| 520 | + } |
|
| 521 | + |
|
| 522 | + if ($permissions !== 0) { |
|
| 523 | + // Update existing usergroup share |
|
| 524 | + $qb = $this->dbConn->getQueryBuilder(); |
|
| 525 | + $qb->update('share') |
|
| 526 | + ->set('permissions', $qb->createNamedParameter(0)) |
|
| 527 | + ->where($qb->expr()->eq('id', $qb->createNamedParameter($id))) |
|
| 528 | + ->execute(); |
|
| 529 | + } |
|
| 530 | + } elseif ($share->getShareType() === IShare::TYPE_USER) { |
|
| 531 | + if ($share->getSharedWith() !== $recipient) { |
|
| 532 | + throw new ProviderException('Recipient does not match'); |
|
| 533 | + } |
|
| 534 | + |
|
| 535 | + // We can just delete user and link shares |
|
| 536 | + $this->delete($share); |
|
| 537 | + } else { |
|
| 538 | + throw new ProviderException('Invalid shareType'); |
|
| 539 | + } |
|
| 540 | + } |
|
| 541 | + |
|
| 542 | + protected function createUserSpecificGroupShare(IShare $share, string $recipient): int { |
|
| 543 | + $type = $share->getNodeType(); |
|
| 544 | + |
|
| 545 | + $qb = $this->dbConn->getQueryBuilder(); |
|
| 546 | + $qb->insert('share') |
|
| 547 | + ->values([ |
|
| 548 | + 'share_type' => $qb->createNamedParameter(IShare::TYPE_USERGROUP), |
|
| 549 | + 'share_with' => $qb->createNamedParameter($recipient), |
|
| 550 | + 'uid_owner' => $qb->createNamedParameter($share->getShareOwner()), |
|
| 551 | + 'uid_initiator' => $qb->createNamedParameter($share->getSharedBy()), |
|
| 552 | + 'parent' => $qb->createNamedParameter($share->getId()), |
|
| 553 | + 'item_type' => $qb->createNamedParameter($type), |
|
| 554 | + 'item_source' => $qb->createNamedParameter($share->getNodeId()), |
|
| 555 | + 'file_source' => $qb->createNamedParameter($share->getNodeId()), |
|
| 556 | + 'file_target' => $qb->createNamedParameter($share->getTarget()), |
|
| 557 | + 'permissions' => $qb->createNamedParameter($share->getPermissions()), |
|
| 558 | + 'stime' => $qb->createNamedParameter($share->getShareTime()->getTimestamp()), |
|
| 559 | + ])->execute(); |
|
| 560 | + |
|
| 561 | + return $qb->getLastInsertId(); |
|
| 562 | + } |
|
| 563 | + |
|
| 564 | + /** |
|
| 565 | + * @inheritdoc |
|
| 566 | + * |
|
| 567 | + * For now this only works for group shares |
|
| 568 | + * If this gets implemented for normal shares we have to extend it |
|
| 569 | + */ |
|
| 570 | + public function restore(IShare $share, string $recipient): IShare { |
|
| 571 | + $qb = $this->dbConn->getQueryBuilder(); |
|
| 572 | + $qb->select('permissions') |
|
| 573 | + ->from('share') |
|
| 574 | + ->where( |
|
| 575 | + $qb->expr()->eq('id', $qb->createNamedParameter($share->getId())) |
|
| 576 | + ); |
|
| 577 | + $cursor = $qb->execute(); |
|
| 578 | + $data = $cursor->fetch(); |
|
| 579 | + $cursor->closeCursor(); |
|
| 580 | + |
|
| 581 | + $originalPermission = $data['permissions']; |
|
| 582 | + |
|
| 583 | + $qb = $this->dbConn->getQueryBuilder(); |
|
| 584 | + $qb->update('share') |
|
| 585 | + ->set('permissions', $qb->createNamedParameter($originalPermission)) |
|
| 586 | + ->where( |
|
| 587 | + $qb->expr()->eq('parent', $qb->createNamedParameter($share->getParent())) |
|
| 588 | + )->andWhere( |
|
| 589 | + $qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_USERGROUP)) |
|
| 590 | + )->andWhere( |
|
| 591 | + $qb->expr()->eq('share_with', $qb->createNamedParameter($recipient)) |
|
| 592 | + ); |
|
| 593 | + |
|
| 594 | + $qb->execute(); |
|
| 595 | + |
|
| 596 | + return $this->getShareById($share->getId(), $recipient); |
|
| 597 | + } |
|
| 598 | + |
|
| 599 | + /** |
|
| 600 | + * @inheritdoc |
|
| 601 | + */ |
|
| 602 | + public function move(\OCP\Share\IShare $share, $recipient) { |
|
| 603 | + if ($share->getShareType() === IShare::TYPE_USER) { |
|
| 604 | + // Just update the target |
|
| 605 | + $qb = $this->dbConn->getQueryBuilder(); |
|
| 606 | + $qb->update('share') |
|
| 607 | + ->set('file_target', $qb->createNamedParameter($share->getTarget())) |
|
| 608 | + ->where($qb->expr()->eq('id', $qb->createNamedParameter($share->getId()))) |
|
| 609 | + ->execute(); |
|
| 610 | + } elseif ($share->getShareType() === IShare::TYPE_GROUP) { |
|
| 611 | + // Check if there is a usergroup share |
|
| 612 | + $qb = $this->dbConn->getQueryBuilder(); |
|
| 613 | + $stmt = $qb->select('id') |
|
| 614 | + ->from('share') |
|
| 615 | + ->where($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_USERGROUP))) |
|
| 616 | + ->andWhere($qb->expr()->eq('share_with', $qb->createNamedParameter($recipient))) |
|
| 617 | + ->andWhere($qb->expr()->eq('parent', $qb->createNamedParameter($share->getId()))) |
|
| 618 | + ->andWhere($qb->expr()->orX( |
|
| 619 | + $qb->expr()->eq('item_type', $qb->createNamedParameter('file')), |
|
| 620 | + $qb->expr()->eq('item_type', $qb->createNamedParameter('folder')) |
|
| 621 | + )) |
|
| 622 | + ->setMaxResults(1) |
|
| 623 | + ->execute(); |
|
| 624 | + |
|
| 625 | + $data = $stmt->fetch(); |
|
| 626 | + $stmt->closeCursor(); |
|
| 627 | + |
|
| 628 | + $shareAttributes = $this->formatShareAttributes( |
|
| 629 | + $share->getAttributes() |
|
| 630 | + ); |
|
| 631 | + |
|
| 632 | + if ($data === false) { |
|
| 633 | + // No usergroup share yet. Create one. |
|
| 634 | + $qb = $this->dbConn->getQueryBuilder(); |
|
| 635 | + $qb->insert('share') |
|
| 636 | + ->values([ |
|
| 637 | + 'share_type' => $qb->createNamedParameter(IShare::TYPE_USERGROUP), |
|
| 638 | + 'share_with' => $qb->createNamedParameter($recipient), |
|
| 639 | + 'uid_owner' => $qb->createNamedParameter($share->getShareOwner()), |
|
| 640 | + 'uid_initiator' => $qb->createNamedParameter($share->getSharedBy()), |
|
| 641 | + 'parent' => $qb->createNamedParameter($share->getId()), |
|
| 642 | + 'item_type' => $qb->createNamedParameter($share->getNodeType()), |
|
| 643 | + 'item_source' => $qb->createNamedParameter($share->getNodeId()), |
|
| 644 | + 'file_source' => $qb->createNamedParameter($share->getNodeId()), |
|
| 645 | + 'file_target' => $qb->createNamedParameter($share->getTarget()), |
|
| 646 | + 'permissions' => $qb->createNamedParameter($share->getPermissions()), |
|
| 647 | + 'attributes' => $qb->createNamedParameter($shareAttributes), |
|
| 648 | + 'stime' => $qb->createNamedParameter($share->getShareTime()->getTimestamp()), |
|
| 649 | + ])->execute(); |
|
| 650 | + } else { |
|
| 651 | + // Already a usergroup share. Update it. |
|
| 652 | + $qb = $this->dbConn->getQueryBuilder(); |
|
| 653 | + $qb->update('share') |
|
| 654 | + ->set('file_target', $qb->createNamedParameter($share->getTarget())) |
|
| 655 | + ->where($qb->expr()->eq('id', $qb->createNamedParameter($data['id']))) |
|
| 656 | + ->execute(); |
|
| 657 | + } |
|
| 658 | + } |
|
| 659 | + |
|
| 660 | + return $share; |
|
| 661 | + } |
|
| 662 | + |
|
| 663 | + public function getSharesInFolder($userId, Folder $node, $reshares, $shallow = true) { |
|
| 664 | + $qb = $this->dbConn->getQueryBuilder(); |
|
| 665 | + $qb->select('s.*', |
|
| 666 | + 'f.fileid', 'f.path', 'f.permissions AS f_permissions', 'f.storage', 'f.path_hash', |
|
| 667 | + 'f.parent AS f_parent', 'f.name', 'f.mimetype', 'f.mimepart', 'f.size', 'f.mtime', 'f.storage_mtime', |
|
| 668 | + 'f.encrypted', 'f.unencrypted_size', 'f.etag', 'f.checksum') |
|
| 669 | + ->from('share', 's') |
|
| 670 | + ->andWhere($qb->expr()->orX( |
|
| 671 | + $qb->expr()->eq('item_type', $qb->createNamedParameter('file')), |
|
| 672 | + $qb->expr()->eq('item_type', $qb->createNamedParameter('folder')) |
|
| 673 | + )); |
|
| 674 | + |
|
| 675 | + $qb->andWhere($qb->expr()->orX( |
|
| 676 | + $qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_USER)), |
|
| 677 | + $qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_GROUP)), |
|
| 678 | + $qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_LINK)) |
|
| 679 | + )); |
|
| 680 | + |
|
| 681 | + /** |
|
| 682 | + * Reshares for this user are shares where they are the owner. |
|
| 683 | + */ |
|
| 684 | + if ($reshares === false) { |
|
| 685 | + $qb->andWhere($qb->expr()->eq('uid_initiator', $qb->createNamedParameter($userId))); |
|
| 686 | + } else { |
|
| 687 | + $qb->andWhere( |
|
| 688 | + $qb->expr()->orX( |
|
| 689 | + $qb->expr()->eq('uid_owner', $qb->createNamedParameter($userId)), |
|
| 690 | + $qb->expr()->eq('uid_initiator', $qb->createNamedParameter($userId)) |
|
| 691 | + ) |
|
| 692 | + ); |
|
| 693 | + } |
|
| 694 | + |
|
| 695 | + // todo? maybe get these from the oc_mounts table |
|
| 696 | + $childMountNodes = array_filter($node->getDirectoryListing(), function (Node $node): bool { |
|
| 697 | + return $node->getInternalPath() === ''; |
|
| 698 | + }); |
|
| 699 | + $childMountRootIds = array_map(function (Node $node): int { |
|
| 700 | + return $node->getId(); |
|
| 701 | + }, $childMountNodes); |
|
| 702 | + |
|
| 703 | + $qb->innerJoin('s', 'filecache', 'f', $qb->expr()->eq('s.file_source', 'f.fileid')); |
|
| 704 | + if ($shallow) { |
|
| 705 | + $qb->andWhere( |
|
| 706 | + $qb->expr()->orX( |
|
| 707 | + $qb->expr()->eq('f.parent', $qb->createNamedParameter($node->getId())), |
|
| 708 | + $qb->expr()->in('f.fileid', $qb->createParameter('chunk')) |
|
| 709 | + ) |
|
| 710 | + ); |
|
| 711 | + } else { |
|
| 712 | + $qb->andWhere( |
|
| 713 | + $qb->expr()->orX( |
|
| 714 | + $qb->expr()->like('f.path', $qb->createNamedParameter($this->dbConn->escapeLikeParameter($node->getInternalPath()) . '/%')), |
|
| 715 | + $qb->expr()->in('f.fileid', $qb->createParameter('chunk')) |
|
| 716 | + ) |
|
| 717 | + ); |
|
| 718 | + } |
|
| 719 | + |
|
| 720 | + $qb->orderBy('id'); |
|
| 721 | + |
|
| 722 | + $shares = []; |
|
| 723 | + |
|
| 724 | + $chunks = array_chunk($childMountRootIds, 1000); |
|
| 725 | + |
|
| 726 | + // Force the request to be run when there is 0 mount. |
|
| 727 | + if (count($chunks) === 0) { |
|
| 728 | + $chunks = [[]]; |
|
| 729 | + } |
|
| 730 | + |
|
| 731 | + foreach ($chunks as $chunk) { |
|
| 732 | + $qb->setParameter('chunk', $chunk, IQueryBuilder::PARAM_INT_ARRAY); |
|
| 733 | + $cursor = $qb->executeQuery(); |
|
| 734 | + while ($data = $cursor->fetch()) { |
|
| 735 | + $shares[$data['fileid']][] = $this->createShare($data); |
|
| 736 | + } |
|
| 737 | + $cursor->closeCursor(); |
|
| 738 | + } |
|
| 739 | + |
|
| 740 | + return $shares; |
|
| 741 | + } |
|
| 742 | + |
|
| 743 | + /** |
|
| 744 | + * @inheritdoc |
|
| 745 | + */ |
|
| 746 | + public function getSharesBy($userId, $shareType, $node, $reshares, $limit, $offset) { |
|
| 747 | + $qb = $this->dbConn->getQueryBuilder(); |
|
| 748 | + $qb->select('*') |
|
| 749 | + ->from('share') |
|
| 750 | + ->andWhere($qb->expr()->orX( |
|
| 751 | + $qb->expr()->eq('item_type', $qb->createNamedParameter('file')), |
|
| 752 | + $qb->expr()->eq('item_type', $qb->createNamedParameter('folder')) |
|
| 753 | + )); |
|
| 754 | + |
|
| 755 | + $qb->andWhere($qb->expr()->eq('share_type', $qb->createNamedParameter($shareType))); |
|
| 756 | + |
|
| 757 | + /** |
|
| 758 | + * Reshares for this user are shares where they are the owner. |
|
| 759 | + */ |
|
| 760 | + if ($reshares === false) { |
|
| 761 | + $qb->andWhere($qb->expr()->eq('uid_initiator', $qb->createNamedParameter($userId))); |
|
| 762 | + } else { |
|
| 763 | + if ($node === null) { |
|
| 764 | + $qb->andWhere( |
|
| 765 | + $qb->expr()->orX( |
|
| 766 | + $qb->expr()->eq('uid_owner', $qb->createNamedParameter($userId)), |
|
| 767 | + $qb->expr()->eq('uid_initiator', $qb->createNamedParameter($userId)) |
|
| 768 | + ) |
|
| 769 | + ); |
|
| 770 | + } |
|
| 771 | + } |
|
| 772 | + |
|
| 773 | + if ($node !== null) { |
|
| 774 | + $qb->andWhere($qb->expr()->eq('file_source', $qb->createNamedParameter($node->getId()))); |
|
| 775 | + } |
|
| 776 | + |
|
| 777 | + if ($limit !== -1) { |
|
| 778 | + $qb->setMaxResults($limit); |
|
| 779 | + } |
|
| 780 | + |
|
| 781 | + $qb->setFirstResult($offset); |
|
| 782 | + $qb->orderBy('id'); |
|
| 783 | + |
|
| 784 | + $cursor = $qb->execute(); |
|
| 785 | + $shares = []; |
|
| 786 | + while ($data = $cursor->fetch()) { |
|
| 787 | + $shares[] = $this->createShare($data); |
|
| 788 | + } |
|
| 789 | + $cursor->closeCursor(); |
|
| 790 | + |
|
| 791 | + return $shares; |
|
| 792 | + } |
|
| 793 | + |
|
| 794 | + /** |
|
| 795 | + * @inheritdoc |
|
| 796 | + */ |
|
| 797 | + public function getShareById($id, $recipientId = null) { |
|
| 798 | + $qb = $this->dbConn->getQueryBuilder(); |
|
| 799 | + |
|
| 800 | + $qb->select('*') |
|
| 801 | + ->from('share') |
|
| 802 | + ->where($qb->expr()->eq('id', $qb->createNamedParameter($id))) |
|
| 803 | + ->andWhere( |
|
| 804 | + $qb->expr()->in( |
|
| 805 | + 'share_type', |
|
| 806 | + $qb->createNamedParameter([ |
|
| 807 | + IShare::TYPE_USER, |
|
| 808 | + IShare::TYPE_GROUP, |
|
| 809 | + IShare::TYPE_LINK, |
|
| 810 | + ], IQueryBuilder::PARAM_INT_ARRAY) |
|
| 811 | + ) |
|
| 812 | + ) |
|
| 813 | + ->andWhere($qb->expr()->orX( |
|
| 814 | + $qb->expr()->eq('item_type', $qb->createNamedParameter('file')), |
|
| 815 | + $qb->expr()->eq('item_type', $qb->createNamedParameter('folder')) |
|
| 816 | + )); |
|
| 817 | + |
|
| 818 | + $cursor = $qb->execute(); |
|
| 819 | + $data = $cursor->fetch(); |
|
| 820 | + $cursor->closeCursor(); |
|
| 821 | + |
|
| 822 | + if ($data === false) { |
|
| 823 | + throw new ShareNotFound(); |
|
| 824 | + } |
|
| 825 | + |
|
| 826 | + try { |
|
| 827 | + $share = $this->createShare($data); |
|
| 828 | + } catch (InvalidShare $e) { |
|
| 829 | + throw new ShareNotFound(); |
|
| 830 | + } |
|
| 831 | + |
|
| 832 | + // If the recipient is set for a group share resolve to that user |
|
| 833 | + if ($recipientId !== null && $share->getShareType() === IShare::TYPE_GROUP) { |
|
| 834 | + $share = $this->resolveGroupShares([$share], $recipientId)[0]; |
|
| 835 | + } |
|
| 836 | + |
|
| 837 | + return $share; |
|
| 838 | + } |
|
| 839 | + |
|
| 840 | + /** |
|
| 841 | + * Get shares for a given path |
|
| 842 | + * |
|
| 843 | + * @param \OCP\Files\Node $path |
|
| 844 | + * @return \OCP\Share\IShare[] |
|
| 845 | + */ |
|
| 846 | + public function getSharesByPath(Node $path) { |
|
| 847 | + $qb = $this->dbConn->getQueryBuilder(); |
|
| 848 | + |
|
| 849 | + $cursor = $qb->select('*') |
|
| 850 | + ->from('share') |
|
| 851 | + ->andWhere($qb->expr()->eq('file_source', $qb->createNamedParameter($path->getId()))) |
|
| 852 | + ->andWhere( |
|
| 853 | + $qb->expr()->orX( |
|
| 854 | + $qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_USER)), |
|
| 855 | + $qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_GROUP)) |
|
| 856 | + ) |
|
| 857 | + ) |
|
| 858 | + ->andWhere($qb->expr()->orX( |
|
| 859 | + $qb->expr()->eq('item_type', $qb->createNamedParameter('file')), |
|
| 860 | + $qb->expr()->eq('item_type', $qb->createNamedParameter('folder')) |
|
| 861 | + )) |
|
| 862 | + ->execute(); |
|
| 863 | + |
|
| 864 | + $shares = []; |
|
| 865 | + while ($data = $cursor->fetch()) { |
|
| 866 | + $shares[] = $this->createShare($data); |
|
| 867 | + } |
|
| 868 | + $cursor->closeCursor(); |
|
| 869 | + |
|
| 870 | + return $shares; |
|
| 871 | + } |
|
| 872 | + |
|
| 873 | + /** |
|
| 874 | + * Returns whether the given database result can be interpreted as |
|
| 875 | + * a share with accessible file (not trashed, not deleted) |
|
| 876 | + */ |
|
| 877 | + private function isAccessibleResult($data) { |
|
| 878 | + // exclude shares leading to deleted file entries |
|
| 879 | + if ($data['fileid'] === null || $data['path'] === null) { |
|
| 880 | + return false; |
|
| 881 | + } |
|
| 882 | + |
|
| 883 | + // exclude shares leading to trashbin on home storages |
|
| 884 | + $pathSections = explode('/', $data['path'], 2); |
|
| 885 | + // FIXME: would not detect rare md5'd home storage case properly |
|
| 886 | + if ($pathSections[0] !== 'files' |
|
| 887 | + && (str_starts_with($data['storage_string_id'], 'home::') || str_starts_with($data['storage_string_id'], 'object::user'))) { |
|
| 888 | + return false; |
|
| 889 | + } elseif ($pathSections[0] === '__groupfolders' |
|
| 890 | + && str_starts_with($pathSections[1], 'trash/') |
|
| 891 | + ) { |
|
| 892 | + // exclude shares leading to trashbin on group folders storages |
|
| 893 | + return false; |
|
| 894 | + } |
|
| 895 | + return true; |
|
| 896 | + } |
|
| 897 | + |
|
| 898 | + /** |
|
| 899 | + * @inheritdoc |
|
| 900 | + */ |
|
| 901 | + public function getSharedWith($userId, $shareType, $node, $limit, $offset) { |
|
| 902 | + /** @var Share[] $shares */ |
|
| 903 | + $shares = []; |
|
| 904 | + |
|
| 905 | + if ($shareType === IShare::TYPE_USER) { |
|
| 906 | + //Get shares directly with this user |
|
| 907 | + $qb = $this->dbConn->getQueryBuilder(); |
|
| 908 | + $qb->select('s.*', |
|
| 909 | + 'f.fileid', 'f.path', 'f.permissions AS f_permissions', 'f.storage', 'f.path_hash', |
|
| 910 | + 'f.parent AS f_parent', 'f.name', 'f.mimetype', 'f.mimepart', 'f.size', 'f.mtime', 'f.storage_mtime', |
|
| 911 | + 'f.encrypted', 'f.unencrypted_size', 'f.etag', 'f.checksum' |
|
| 912 | + ) |
|
| 913 | + ->selectAlias('st.id', 'storage_string_id') |
|
| 914 | + ->from('share', 's') |
|
| 915 | + ->leftJoin('s', 'filecache', 'f', $qb->expr()->eq('s.file_source', 'f.fileid')) |
|
| 916 | + ->leftJoin('f', 'storages', 'st', $qb->expr()->eq('f.storage', 'st.numeric_id')); |
|
| 917 | + |
|
| 918 | + // Order by id |
|
| 919 | + $qb->orderBy('s.id'); |
|
| 920 | + |
|
| 921 | + // Set limit and offset |
|
| 922 | + if ($limit !== -1) { |
|
| 923 | + $qb->setMaxResults($limit); |
|
| 924 | + } |
|
| 925 | + $qb->setFirstResult($offset); |
|
| 926 | + |
|
| 927 | + $qb->where($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_USER))) |
|
| 928 | + ->andWhere($qb->expr()->eq('share_with', $qb->createNamedParameter($userId))) |
|
| 929 | + ->andWhere($qb->expr()->orX( |
|
| 930 | + $qb->expr()->eq('item_type', $qb->createNamedParameter('file')), |
|
| 931 | + $qb->expr()->eq('item_type', $qb->createNamedParameter('folder')) |
|
| 932 | + )); |
|
| 933 | + |
|
| 934 | + // Filter by node if provided |
|
| 935 | + if ($node !== null) { |
|
| 936 | + $qb->andWhere($qb->expr()->eq('file_source', $qb->createNamedParameter($node->getId()))); |
|
| 937 | + } |
|
| 938 | + |
|
| 939 | + $cursor = $qb->execute(); |
|
| 940 | + |
|
| 941 | + while ($data = $cursor->fetch()) { |
|
| 942 | + if ($data['fileid'] && $data['path'] === null) { |
|
| 943 | + $data['path'] = (string) $data['path']; |
|
| 944 | + $data['name'] = (string) $data['name']; |
|
| 945 | + $data['checksum'] = (string) $data['checksum']; |
|
| 946 | + } |
|
| 947 | + if ($this->isAccessibleResult($data)) { |
|
| 948 | + $shares[] = $this->createShare($data); |
|
| 949 | + } |
|
| 950 | + } |
|
| 951 | + $cursor->closeCursor(); |
|
| 952 | + } elseif ($shareType === IShare::TYPE_GROUP) { |
|
| 953 | + $user = $this->userManager->get($userId); |
|
| 954 | + $allGroups = ($user instanceof IUser) ? $this->groupManager->getUserGroupIds($user) : []; |
|
| 955 | + |
|
| 956 | + /** @var Share[] $shares2 */ |
|
| 957 | + $shares2 = []; |
|
| 958 | + |
|
| 959 | + $start = 0; |
|
| 960 | + while (true) { |
|
| 961 | + $groups = array_slice($allGroups, $start, 1000); |
|
| 962 | + $start += 1000; |
|
| 963 | + |
|
| 964 | + if ($groups === []) { |
|
| 965 | + break; |
|
| 966 | + } |
|
| 967 | + |
|
| 968 | + $qb = $this->dbConn->getQueryBuilder(); |
|
| 969 | + $qb->select('s.*', |
|
| 970 | + 'f.fileid', 'f.path', 'f.permissions AS f_permissions', 'f.storage', 'f.path_hash', |
|
| 971 | + 'f.parent AS f_parent', 'f.name', 'f.mimetype', 'f.mimepart', 'f.size', 'f.mtime', 'f.storage_mtime', |
|
| 972 | + 'f.encrypted', 'f.unencrypted_size', 'f.etag', 'f.checksum' |
|
| 973 | + ) |
|
| 974 | + ->selectAlias('st.id', 'storage_string_id') |
|
| 975 | + ->from('share', 's') |
|
| 976 | + ->leftJoin('s', 'filecache', 'f', $qb->expr()->eq('s.file_source', 'f.fileid')) |
|
| 977 | + ->leftJoin('f', 'storages', 'st', $qb->expr()->eq('f.storage', 'st.numeric_id')) |
|
| 978 | + ->orderBy('s.id') |
|
| 979 | + ->setFirstResult(0); |
|
| 980 | + |
|
| 981 | + if ($limit !== -1) { |
|
| 982 | + $qb->setMaxResults($limit - count($shares)); |
|
| 983 | + } |
|
| 984 | + |
|
| 985 | + // Filter by node if provided |
|
| 986 | + if ($node !== null) { |
|
| 987 | + $qb->andWhere($qb->expr()->eq('file_source', $qb->createNamedParameter($node->getId()))); |
|
| 988 | + } |
|
| 989 | + |
|
| 990 | + |
|
| 991 | + $groups = array_filter($groups); |
|
| 992 | + |
|
| 993 | + $qb->andWhere($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_GROUP))) |
|
| 994 | + ->andWhere($qb->expr()->in('share_with', $qb->createNamedParameter( |
|
| 995 | + $groups, |
|
| 996 | + IQueryBuilder::PARAM_STR_ARRAY |
|
| 997 | + ))) |
|
| 998 | + ->andWhere($qb->expr()->orX( |
|
| 999 | + $qb->expr()->eq('item_type', $qb->createNamedParameter('file')), |
|
| 1000 | + $qb->expr()->eq('item_type', $qb->createNamedParameter('folder')) |
|
| 1001 | + )); |
|
| 1002 | + |
|
| 1003 | + $cursor = $qb->execute(); |
|
| 1004 | + while ($data = $cursor->fetch()) { |
|
| 1005 | + if ($offset > 0) { |
|
| 1006 | + $offset--; |
|
| 1007 | + continue; |
|
| 1008 | + } |
|
| 1009 | + |
|
| 1010 | + if ($this->isAccessibleResult($data)) { |
|
| 1011 | + $shares2[] = $this->createShare($data); |
|
| 1012 | + } |
|
| 1013 | + } |
|
| 1014 | + $cursor->closeCursor(); |
|
| 1015 | + } |
|
| 1016 | + |
|
| 1017 | + /* |
|
| 1018 | 1018 | * Resolve all group shares to user specific shares |
| 1019 | 1019 | */ |
| 1020 | - $shares = $this->resolveGroupShares($shares2, $userId); |
|
| 1021 | - } else { |
|
| 1022 | - throw new BackendError('Invalid backend'); |
|
| 1023 | - } |
|
| 1024 | - |
|
| 1025 | - |
|
| 1026 | - return $shares; |
|
| 1027 | - } |
|
| 1028 | - |
|
| 1029 | - /** |
|
| 1030 | - * Get a share by token |
|
| 1031 | - * |
|
| 1032 | - * @param string $token |
|
| 1033 | - * @return \OCP\Share\IShare |
|
| 1034 | - * @throws ShareNotFound |
|
| 1035 | - */ |
|
| 1036 | - public function getShareByToken($token) { |
|
| 1037 | - $qb = $this->dbConn->getQueryBuilder(); |
|
| 1038 | - |
|
| 1039 | - $cursor = $qb->select('*') |
|
| 1040 | - ->from('share') |
|
| 1041 | - ->where($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_LINK))) |
|
| 1042 | - ->andWhere($qb->expr()->eq('token', $qb->createNamedParameter($token))) |
|
| 1043 | - ->andWhere($qb->expr()->orX( |
|
| 1044 | - $qb->expr()->eq('item_type', $qb->createNamedParameter('file')), |
|
| 1045 | - $qb->expr()->eq('item_type', $qb->createNamedParameter('folder')) |
|
| 1046 | - )) |
|
| 1047 | - ->execute(); |
|
| 1048 | - |
|
| 1049 | - $data = $cursor->fetch(); |
|
| 1050 | - |
|
| 1051 | - if ($data === false) { |
|
| 1052 | - throw new ShareNotFound(); |
|
| 1053 | - } |
|
| 1054 | - |
|
| 1055 | - try { |
|
| 1056 | - $share = $this->createShare($data); |
|
| 1057 | - } catch (InvalidShare $e) { |
|
| 1058 | - throw new ShareNotFound(); |
|
| 1059 | - } |
|
| 1060 | - |
|
| 1061 | - return $share; |
|
| 1062 | - } |
|
| 1063 | - |
|
| 1064 | - /** |
|
| 1065 | - * Create a share object from an database row |
|
| 1066 | - * |
|
| 1067 | - * @param mixed[] $data |
|
| 1068 | - * @return \OCP\Share\IShare |
|
| 1069 | - * @throws InvalidShare |
|
| 1070 | - */ |
|
| 1071 | - private function createShare($data) { |
|
| 1072 | - $share = new Share($this->rootFolder, $this->userManager); |
|
| 1073 | - $share->setId((int)$data['id']) |
|
| 1074 | - ->setShareType((int)$data['share_type']) |
|
| 1075 | - ->setPermissions((int)$data['permissions']) |
|
| 1076 | - ->setTarget($data['file_target']) |
|
| 1077 | - ->setNote((string)$data['note']) |
|
| 1078 | - ->setMailSend((bool)$data['mail_send']) |
|
| 1079 | - ->setStatus((int)$data['accepted']) |
|
| 1080 | - ->setLabel($data['label']); |
|
| 1081 | - |
|
| 1082 | - $shareTime = new \DateTime(); |
|
| 1083 | - $shareTime->setTimestamp((int)$data['stime']); |
|
| 1084 | - $share->setShareTime($shareTime); |
|
| 1085 | - |
|
| 1086 | - if ($share->getShareType() === IShare::TYPE_USER) { |
|
| 1087 | - $share->setSharedWith($data['share_with']); |
|
| 1088 | - $user = $this->userManager->get($data['share_with']); |
|
| 1089 | - if ($user !== null) { |
|
| 1090 | - $share->setSharedWithDisplayName($user->getDisplayName()); |
|
| 1091 | - } |
|
| 1092 | - } elseif ($share->getShareType() === IShare::TYPE_GROUP) { |
|
| 1093 | - $share->setSharedWith($data['share_with']); |
|
| 1094 | - $group = $this->groupManager->get($data['share_with']); |
|
| 1095 | - if ($group !== null) { |
|
| 1096 | - $share->setSharedWithDisplayName($group->getDisplayName()); |
|
| 1097 | - } |
|
| 1098 | - } elseif ($share->getShareType() === IShare::TYPE_LINK) { |
|
| 1099 | - $share->setPassword($data['password']); |
|
| 1100 | - $share->setSendPasswordByTalk((bool)$data['password_by_talk']); |
|
| 1101 | - $share->setToken($data['token']); |
|
| 1102 | - } |
|
| 1103 | - |
|
| 1104 | - $share = $this->updateShareAttributes($share, $data['attributes']); |
|
| 1105 | - |
|
| 1106 | - $share->setSharedBy($data['uid_initiator']); |
|
| 1107 | - $share->setShareOwner($data['uid_owner']); |
|
| 1108 | - |
|
| 1109 | - $share->setNodeId((int)$data['file_source']); |
|
| 1110 | - $share->setNodeType($data['item_type']); |
|
| 1111 | - |
|
| 1112 | - if ($data['expiration'] !== null) { |
|
| 1113 | - $expiration = \DateTime::createFromFormat('Y-m-d H:i:s', $data['expiration']); |
|
| 1114 | - $share->setExpirationDate($expiration); |
|
| 1115 | - } |
|
| 1116 | - |
|
| 1117 | - if (isset($data['f_permissions'])) { |
|
| 1118 | - $entryData = $data; |
|
| 1119 | - $entryData['permissions'] = $entryData['f_permissions']; |
|
| 1120 | - $entryData['parent'] = $entryData['f_parent']; |
|
| 1121 | - $share->setNodeCacheEntry(Cache::cacheEntryFromData($entryData, |
|
| 1122 | - \OC::$server->getMimeTypeLoader())); |
|
| 1123 | - } |
|
| 1124 | - |
|
| 1125 | - $share->setProviderId($this->identifier()); |
|
| 1126 | - $share->setHideDownload((int)$data['hide_download'] === 1); |
|
| 1127 | - |
|
| 1128 | - return $share; |
|
| 1129 | - } |
|
| 1130 | - |
|
| 1131 | - /** |
|
| 1132 | - * @param Share[] $shares |
|
| 1133 | - * @param $userId |
|
| 1134 | - * @return Share[] The updates shares if no update is found for a share return the original |
|
| 1135 | - */ |
|
| 1136 | - private function resolveGroupShares($shares, $userId) { |
|
| 1137 | - $result = []; |
|
| 1138 | - |
|
| 1139 | - $start = 0; |
|
| 1140 | - while (true) { |
|
| 1141 | - /** @var Share[] $shareSlice */ |
|
| 1142 | - $shareSlice = array_slice($shares, $start, 100); |
|
| 1143 | - $start += 100; |
|
| 1144 | - |
|
| 1145 | - if ($shareSlice === []) { |
|
| 1146 | - break; |
|
| 1147 | - } |
|
| 1148 | - |
|
| 1149 | - /** @var int[] $ids */ |
|
| 1150 | - $ids = []; |
|
| 1151 | - /** @var Share[] $shareMap */ |
|
| 1152 | - $shareMap = []; |
|
| 1153 | - |
|
| 1154 | - foreach ($shareSlice as $share) { |
|
| 1155 | - $ids[] = (int)$share->getId(); |
|
| 1156 | - $shareMap[$share->getId()] = $share; |
|
| 1157 | - } |
|
| 1158 | - |
|
| 1159 | - $qb = $this->dbConn->getQueryBuilder(); |
|
| 1160 | - |
|
| 1161 | - $query = $qb->select('*') |
|
| 1162 | - ->from('share') |
|
| 1163 | - ->where($qb->expr()->in('parent', $qb->createNamedParameter($ids, IQueryBuilder::PARAM_INT_ARRAY))) |
|
| 1164 | - ->andWhere($qb->expr()->eq('share_with', $qb->createNamedParameter($userId))) |
|
| 1165 | - ->andWhere($qb->expr()->orX( |
|
| 1166 | - $qb->expr()->eq('item_type', $qb->createNamedParameter('file')), |
|
| 1167 | - $qb->expr()->eq('item_type', $qb->createNamedParameter('folder')) |
|
| 1168 | - )); |
|
| 1169 | - |
|
| 1170 | - $stmt = $query->execute(); |
|
| 1171 | - |
|
| 1172 | - while ($data = $stmt->fetch()) { |
|
| 1173 | - $shareMap[$data['parent']]->setPermissions((int)$data['permissions']); |
|
| 1174 | - $shareMap[$data['parent']]->setStatus((int)$data['accepted']); |
|
| 1175 | - $shareMap[$data['parent']]->setTarget($data['file_target']); |
|
| 1176 | - $shareMap[$data['parent']]->setParent($data['parent']); |
|
| 1177 | - } |
|
| 1178 | - |
|
| 1179 | - $stmt->closeCursor(); |
|
| 1180 | - |
|
| 1181 | - foreach ($shareMap as $share) { |
|
| 1182 | - $result[] = $share; |
|
| 1183 | - } |
|
| 1184 | - } |
|
| 1185 | - |
|
| 1186 | - return $result; |
|
| 1187 | - } |
|
| 1188 | - |
|
| 1189 | - /** |
|
| 1190 | - * A user is deleted from the system |
|
| 1191 | - * So clean up the relevant shares. |
|
| 1192 | - * |
|
| 1193 | - * @param string $uid |
|
| 1194 | - * @param int $shareType |
|
| 1195 | - */ |
|
| 1196 | - public function userDeleted($uid, $shareType) { |
|
| 1197 | - $qb = $this->dbConn->getQueryBuilder(); |
|
| 1198 | - |
|
| 1199 | - $qb->delete('share'); |
|
| 1200 | - |
|
| 1201 | - if ($shareType === IShare::TYPE_USER) { |
|
| 1202 | - /* |
|
| 1020 | + $shares = $this->resolveGroupShares($shares2, $userId); |
|
| 1021 | + } else { |
|
| 1022 | + throw new BackendError('Invalid backend'); |
|
| 1023 | + } |
|
| 1024 | + |
|
| 1025 | + |
|
| 1026 | + return $shares; |
|
| 1027 | + } |
|
| 1028 | + |
|
| 1029 | + /** |
|
| 1030 | + * Get a share by token |
|
| 1031 | + * |
|
| 1032 | + * @param string $token |
|
| 1033 | + * @return \OCP\Share\IShare |
|
| 1034 | + * @throws ShareNotFound |
|
| 1035 | + */ |
|
| 1036 | + public function getShareByToken($token) { |
|
| 1037 | + $qb = $this->dbConn->getQueryBuilder(); |
|
| 1038 | + |
|
| 1039 | + $cursor = $qb->select('*') |
|
| 1040 | + ->from('share') |
|
| 1041 | + ->where($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_LINK))) |
|
| 1042 | + ->andWhere($qb->expr()->eq('token', $qb->createNamedParameter($token))) |
|
| 1043 | + ->andWhere($qb->expr()->orX( |
|
| 1044 | + $qb->expr()->eq('item_type', $qb->createNamedParameter('file')), |
|
| 1045 | + $qb->expr()->eq('item_type', $qb->createNamedParameter('folder')) |
|
| 1046 | + )) |
|
| 1047 | + ->execute(); |
|
| 1048 | + |
|
| 1049 | + $data = $cursor->fetch(); |
|
| 1050 | + |
|
| 1051 | + if ($data === false) { |
|
| 1052 | + throw new ShareNotFound(); |
|
| 1053 | + } |
|
| 1054 | + |
|
| 1055 | + try { |
|
| 1056 | + $share = $this->createShare($data); |
|
| 1057 | + } catch (InvalidShare $e) { |
|
| 1058 | + throw new ShareNotFound(); |
|
| 1059 | + } |
|
| 1060 | + |
|
| 1061 | + return $share; |
|
| 1062 | + } |
|
| 1063 | + |
|
| 1064 | + /** |
|
| 1065 | + * Create a share object from an database row |
|
| 1066 | + * |
|
| 1067 | + * @param mixed[] $data |
|
| 1068 | + * @return \OCP\Share\IShare |
|
| 1069 | + * @throws InvalidShare |
|
| 1070 | + */ |
|
| 1071 | + private function createShare($data) { |
|
| 1072 | + $share = new Share($this->rootFolder, $this->userManager); |
|
| 1073 | + $share->setId((int)$data['id']) |
|
| 1074 | + ->setShareType((int)$data['share_type']) |
|
| 1075 | + ->setPermissions((int)$data['permissions']) |
|
| 1076 | + ->setTarget($data['file_target']) |
|
| 1077 | + ->setNote((string)$data['note']) |
|
| 1078 | + ->setMailSend((bool)$data['mail_send']) |
|
| 1079 | + ->setStatus((int)$data['accepted']) |
|
| 1080 | + ->setLabel($data['label']); |
|
| 1081 | + |
|
| 1082 | + $shareTime = new \DateTime(); |
|
| 1083 | + $shareTime->setTimestamp((int)$data['stime']); |
|
| 1084 | + $share->setShareTime($shareTime); |
|
| 1085 | + |
|
| 1086 | + if ($share->getShareType() === IShare::TYPE_USER) { |
|
| 1087 | + $share->setSharedWith($data['share_with']); |
|
| 1088 | + $user = $this->userManager->get($data['share_with']); |
|
| 1089 | + if ($user !== null) { |
|
| 1090 | + $share->setSharedWithDisplayName($user->getDisplayName()); |
|
| 1091 | + } |
|
| 1092 | + } elseif ($share->getShareType() === IShare::TYPE_GROUP) { |
|
| 1093 | + $share->setSharedWith($data['share_with']); |
|
| 1094 | + $group = $this->groupManager->get($data['share_with']); |
|
| 1095 | + if ($group !== null) { |
|
| 1096 | + $share->setSharedWithDisplayName($group->getDisplayName()); |
|
| 1097 | + } |
|
| 1098 | + } elseif ($share->getShareType() === IShare::TYPE_LINK) { |
|
| 1099 | + $share->setPassword($data['password']); |
|
| 1100 | + $share->setSendPasswordByTalk((bool)$data['password_by_talk']); |
|
| 1101 | + $share->setToken($data['token']); |
|
| 1102 | + } |
|
| 1103 | + |
|
| 1104 | + $share = $this->updateShareAttributes($share, $data['attributes']); |
|
| 1105 | + |
|
| 1106 | + $share->setSharedBy($data['uid_initiator']); |
|
| 1107 | + $share->setShareOwner($data['uid_owner']); |
|
| 1108 | + |
|
| 1109 | + $share->setNodeId((int)$data['file_source']); |
|
| 1110 | + $share->setNodeType($data['item_type']); |
|
| 1111 | + |
|
| 1112 | + if ($data['expiration'] !== null) { |
|
| 1113 | + $expiration = \DateTime::createFromFormat('Y-m-d H:i:s', $data['expiration']); |
|
| 1114 | + $share->setExpirationDate($expiration); |
|
| 1115 | + } |
|
| 1116 | + |
|
| 1117 | + if (isset($data['f_permissions'])) { |
|
| 1118 | + $entryData = $data; |
|
| 1119 | + $entryData['permissions'] = $entryData['f_permissions']; |
|
| 1120 | + $entryData['parent'] = $entryData['f_parent']; |
|
| 1121 | + $share->setNodeCacheEntry(Cache::cacheEntryFromData($entryData, |
|
| 1122 | + \OC::$server->getMimeTypeLoader())); |
|
| 1123 | + } |
|
| 1124 | + |
|
| 1125 | + $share->setProviderId($this->identifier()); |
|
| 1126 | + $share->setHideDownload((int)$data['hide_download'] === 1); |
|
| 1127 | + |
|
| 1128 | + return $share; |
|
| 1129 | + } |
|
| 1130 | + |
|
| 1131 | + /** |
|
| 1132 | + * @param Share[] $shares |
|
| 1133 | + * @param $userId |
|
| 1134 | + * @return Share[] The updates shares if no update is found for a share return the original |
|
| 1135 | + */ |
|
| 1136 | + private function resolveGroupShares($shares, $userId) { |
|
| 1137 | + $result = []; |
|
| 1138 | + |
|
| 1139 | + $start = 0; |
|
| 1140 | + while (true) { |
|
| 1141 | + /** @var Share[] $shareSlice */ |
|
| 1142 | + $shareSlice = array_slice($shares, $start, 100); |
|
| 1143 | + $start += 100; |
|
| 1144 | + |
|
| 1145 | + if ($shareSlice === []) { |
|
| 1146 | + break; |
|
| 1147 | + } |
|
| 1148 | + |
|
| 1149 | + /** @var int[] $ids */ |
|
| 1150 | + $ids = []; |
|
| 1151 | + /** @var Share[] $shareMap */ |
|
| 1152 | + $shareMap = []; |
|
| 1153 | + |
|
| 1154 | + foreach ($shareSlice as $share) { |
|
| 1155 | + $ids[] = (int)$share->getId(); |
|
| 1156 | + $shareMap[$share->getId()] = $share; |
|
| 1157 | + } |
|
| 1158 | + |
|
| 1159 | + $qb = $this->dbConn->getQueryBuilder(); |
|
| 1160 | + |
|
| 1161 | + $query = $qb->select('*') |
|
| 1162 | + ->from('share') |
|
| 1163 | + ->where($qb->expr()->in('parent', $qb->createNamedParameter($ids, IQueryBuilder::PARAM_INT_ARRAY))) |
|
| 1164 | + ->andWhere($qb->expr()->eq('share_with', $qb->createNamedParameter($userId))) |
|
| 1165 | + ->andWhere($qb->expr()->orX( |
|
| 1166 | + $qb->expr()->eq('item_type', $qb->createNamedParameter('file')), |
|
| 1167 | + $qb->expr()->eq('item_type', $qb->createNamedParameter('folder')) |
|
| 1168 | + )); |
|
| 1169 | + |
|
| 1170 | + $stmt = $query->execute(); |
|
| 1171 | + |
|
| 1172 | + while ($data = $stmt->fetch()) { |
|
| 1173 | + $shareMap[$data['parent']]->setPermissions((int)$data['permissions']); |
|
| 1174 | + $shareMap[$data['parent']]->setStatus((int)$data['accepted']); |
|
| 1175 | + $shareMap[$data['parent']]->setTarget($data['file_target']); |
|
| 1176 | + $shareMap[$data['parent']]->setParent($data['parent']); |
|
| 1177 | + } |
|
| 1178 | + |
|
| 1179 | + $stmt->closeCursor(); |
|
| 1180 | + |
|
| 1181 | + foreach ($shareMap as $share) { |
|
| 1182 | + $result[] = $share; |
|
| 1183 | + } |
|
| 1184 | + } |
|
| 1185 | + |
|
| 1186 | + return $result; |
|
| 1187 | + } |
|
| 1188 | + |
|
| 1189 | + /** |
|
| 1190 | + * A user is deleted from the system |
|
| 1191 | + * So clean up the relevant shares. |
|
| 1192 | + * |
|
| 1193 | + * @param string $uid |
|
| 1194 | + * @param int $shareType |
|
| 1195 | + */ |
|
| 1196 | + public function userDeleted($uid, $shareType) { |
|
| 1197 | + $qb = $this->dbConn->getQueryBuilder(); |
|
| 1198 | + |
|
| 1199 | + $qb->delete('share'); |
|
| 1200 | + |
|
| 1201 | + if ($shareType === IShare::TYPE_USER) { |
|
| 1202 | + /* |
|
| 1203 | 1203 | * Delete all user shares that are owned by this user |
| 1204 | 1204 | * or that are received by this user |
| 1205 | 1205 | */ |
| 1206 | 1206 | |
| 1207 | - $qb->where($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_USER))); |
|
| 1207 | + $qb->where($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_USER))); |
|
| 1208 | 1208 | |
| 1209 | - $qb->andWhere( |
|
| 1210 | - $qb->expr()->orX( |
|
| 1211 | - $qb->expr()->eq('uid_owner', $qb->createNamedParameter($uid)), |
|
| 1212 | - $qb->expr()->eq('share_with', $qb->createNamedParameter($uid)) |
|
| 1213 | - ) |
|
| 1214 | - ); |
|
| 1215 | - } elseif ($shareType === IShare::TYPE_GROUP) { |
|
| 1216 | - /* |
|
| 1209 | + $qb->andWhere( |
|
| 1210 | + $qb->expr()->orX( |
|
| 1211 | + $qb->expr()->eq('uid_owner', $qb->createNamedParameter($uid)), |
|
| 1212 | + $qb->expr()->eq('share_with', $qb->createNamedParameter($uid)) |
|
| 1213 | + ) |
|
| 1214 | + ); |
|
| 1215 | + } elseif ($shareType === IShare::TYPE_GROUP) { |
|
| 1216 | + /* |
|
| 1217 | 1217 | * Delete all group shares that are owned by this user |
| 1218 | 1218 | * Or special user group shares that are received by this user |
| 1219 | 1219 | */ |
| 1220 | - $qb->where( |
|
| 1221 | - $qb->expr()->andX( |
|
| 1222 | - $qb->expr()->orX( |
|
| 1223 | - $qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_GROUP)), |
|
| 1224 | - $qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_USERGROUP)) |
|
| 1225 | - ), |
|
| 1226 | - $qb->expr()->eq('uid_owner', $qb->createNamedParameter($uid)) |
|
| 1227 | - ) |
|
| 1228 | - ); |
|
| 1229 | - |
|
| 1230 | - $qb->orWhere( |
|
| 1231 | - $qb->expr()->andX( |
|
| 1232 | - $qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_USERGROUP)), |
|
| 1233 | - $qb->expr()->eq('share_with', $qb->createNamedParameter($uid)) |
|
| 1234 | - ) |
|
| 1235 | - ); |
|
| 1236 | - } elseif ($shareType === IShare::TYPE_LINK) { |
|
| 1237 | - /* |
|
| 1220 | + $qb->where( |
|
| 1221 | + $qb->expr()->andX( |
|
| 1222 | + $qb->expr()->orX( |
|
| 1223 | + $qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_GROUP)), |
|
| 1224 | + $qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_USERGROUP)) |
|
| 1225 | + ), |
|
| 1226 | + $qb->expr()->eq('uid_owner', $qb->createNamedParameter($uid)) |
|
| 1227 | + ) |
|
| 1228 | + ); |
|
| 1229 | + |
|
| 1230 | + $qb->orWhere( |
|
| 1231 | + $qb->expr()->andX( |
|
| 1232 | + $qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_USERGROUP)), |
|
| 1233 | + $qb->expr()->eq('share_with', $qb->createNamedParameter($uid)) |
|
| 1234 | + ) |
|
| 1235 | + ); |
|
| 1236 | + } elseif ($shareType === IShare::TYPE_LINK) { |
|
| 1237 | + /* |
|
| 1238 | 1238 | * Delete all link shares owned by this user. |
| 1239 | 1239 | * And all link shares initiated by this user (until #22327 is in) |
| 1240 | 1240 | */ |
| 1241 | - $qb->where($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_LINK))); |
|
| 1242 | - |
|
| 1243 | - $qb->andWhere( |
|
| 1244 | - $qb->expr()->orX( |
|
| 1245 | - $qb->expr()->eq('uid_owner', $qb->createNamedParameter($uid)), |
|
| 1246 | - $qb->expr()->eq('uid_initiator', $qb->createNamedParameter($uid)) |
|
| 1247 | - ) |
|
| 1248 | - ); |
|
| 1249 | - } else { |
|
| 1250 | - \OC::$server->getLogger()->logException(new \InvalidArgumentException('Default share provider tried to delete all shares for type: ' . $shareType)); |
|
| 1251 | - return; |
|
| 1252 | - } |
|
| 1253 | - |
|
| 1254 | - $qb->execute(); |
|
| 1255 | - } |
|
| 1256 | - |
|
| 1257 | - /** |
|
| 1258 | - * Delete all shares received by this group. As well as any custom group |
|
| 1259 | - * shares for group members. |
|
| 1260 | - * |
|
| 1261 | - * @param string $gid |
|
| 1262 | - */ |
|
| 1263 | - public function groupDeleted($gid) { |
|
| 1264 | - /* |
|
| 1241 | + $qb->where($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_LINK))); |
|
| 1242 | + |
|
| 1243 | + $qb->andWhere( |
|
| 1244 | + $qb->expr()->orX( |
|
| 1245 | + $qb->expr()->eq('uid_owner', $qb->createNamedParameter($uid)), |
|
| 1246 | + $qb->expr()->eq('uid_initiator', $qb->createNamedParameter($uid)) |
|
| 1247 | + ) |
|
| 1248 | + ); |
|
| 1249 | + } else { |
|
| 1250 | + \OC::$server->getLogger()->logException(new \InvalidArgumentException('Default share provider tried to delete all shares for type: ' . $shareType)); |
|
| 1251 | + return; |
|
| 1252 | + } |
|
| 1253 | + |
|
| 1254 | + $qb->execute(); |
|
| 1255 | + } |
|
| 1256 | + |
|
| 1257 | + /** |
|
| 1258 | + * Delete all shares received by this group. As well as any custom group |
|
| 1259 | + * shares for group members. |
|
| 1260 | + * |
|
| 1261 | + * @param string $gid |
|
| 1262 | + */ |
|
| 1263 | + public function groupDeleted($gid) { |
|
| 1264 | + /* |
|
| 1265 | 1265 | * First delete all custom group shares for group members |
| 1266 | 1266 | */ |
| 1267 | - $qb = $this->dbConn->getQueryBuilder(); |
|
| 1268 | - $qb->select('id') |
|
| 1269 | - ->from('share') |
|
| 1270 | - ->where($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_GROUP))) |
|
| 1271 | - ->andWhere($qb->expr()->eq('share_with', $qb->createNamedParameter($gid))); |
|
| 1272 | - |
|
| 1273 | - $cursor = $qb->execute(); |
|
| 1274 | - $ids = []; |
|
| 1275 | - while ($row = $cursor->fetch()) { |
|
| 1276 | - $ids[] = (int)$row['id']; |
|
| 1277 | - } |
|
| 1278 | - $cursor->closeCursor(); |
|
| 1279 | - |
|
| 1280 | - if (!empty($ids)) { |
|
| 1281 | - $chunks = array_chunk($ids, 100); |
|
| 1282 | - foreach ($chunks as $chunk) { |
|
| 1283 | - $qb->delete('share') |
|
| 1284 | - ->where($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_USERGROUP))) |
|
| 1285 | - ->andWhere($qb->expr()->in('parent', $qb->createNamedParameter($chunk, IQueryBuilder::PARAM_INT_ARRAY))); |
|
| 1286 | - $qb->execute(); |
|
| 1287 | - } |
|
| 1288 | - } |
|
| 1289 | - |
|
| 1290 | - /* |
|
| 1267 | + $qb = $this->dbConn->getQueryBuilder(); |
|
| 1268 | + $qb->select('id') |
|
| 1269 | + ->from('share') |
|
| 1270 | + ->where($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_GROUP))) |
|
| 1271 | + ->andWhere($qb->expr()->eq('share_with', $qb->createNamedParameter($gid))); |
|
| 1272 | + |
|
| 1273 | + $cursor = $qb->execute(); |
|
| 1274 | + $ids = []; |
|
| 1275 | + while ($row = $cursor->fetch()) { |
|
| 1276 | + $ids[] = (int)$row['id']; |
|
| 1277 | + } |
|
| 1278 | + $cursor->closeCursor(); |
|
| 1279 | + |
|
| 1280 | + if (!empty($ids)) { |
|
| 1281 | + $chunks = array_chunk($ids, 100); |
|
| 1282 | + foreach ($chunks as $chunk) { |
|
| 1283 | + $qb->delete('share') |
|
| 1284 | + ->where($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_USERGROUP))) |
|
| 1285 | + ->andWhere($qb->expr()->in('parent', $qb->createNamedParameter($chunk, IQueryBuilder::PARAM_INT_ARRAY))); |
|
| 1286 | + $qb->execute(); |
|
| 1287 | + } |
|
| 1288 | + } |
|
| 1289 | + |
|
| 1290 | + /* |
|
| 1291 | 1291 | * Now delete all the group shares |
| 1292 | 1292 | */ |
| 1293 | - $qb = $this->dbConn->getQueryBuilder(); |
|
| 1294 | - $qb->delete('share') |
|
| 1295 | - ->where($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_GROUP))) |
|
| 1296 | - ->andWhere($qb->expr()->eq('share_with', $qb->createNamedParameter($gid))); |
|
| 1297 | - $qb->execute(); |
|
| 1298 | - } |
|
| 1299 | - |
|
| 1300 | - /** |
|
| 1301 | - * Delete custom group shares to this group for this user |
|
| 1302 | - * |
|
| 1303 | - * @param string $uid |
|
| 1304 | - * @param string $gid |
|
| 1305 | - */ |
|
| 1306 | - public function userDeletedFromGroup($uid, $gid) { |
|
| 1307 | - /* |
|
| 1293 | + $qb = $this->dbConn->getQueryBuilder(); |
|
| 1294 | + $qb->delete('share') |
|
| 1295 | + ->where($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_GROUP))) |
|
| 1296 | + ->andWhere($qb->expr()->eq('share_with', $qb->createNamedParameter($gid))); |
|
| 1297 | + $qb->execute(); |
|
| 1298 | + } |
|
| 1299 | + |
|
| 1300 | + /** |
|
| 1301 | + * Delete custom group shares to this group for this user |
|
| 1302 | + * |
|
| 1303 | + * @param string $uid |
|
| 1304 | + * @param string $gid |
|
| 1305 | + */ |
|
| 1306 | + public function userDeletedFromGroup($uid, $gid) { |
|
| 1307 | + /* |
|
| 1308 | 1308 | * Get all group shares |
| 1309 | 1309 | */ |
| 1310 | - $qb = $this->dbConn->getQueryBuilder(); |
|
| 1311 | - $qb->select('id') |
|
| 1312 | - ->from('share') |
|
| 1313 | - ->where($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_GROUP))) |
|
| 1314 | - ->andWhere($qb->expr()->eq('share_with', $qb->createNamedParameter($gid))); |
|
| 1315 | - |
|
| 1316 | - $cursor = $qb->execute(); |
|
| 1317 | - $ids = []; |
|
| 1318 | - while ($row = $cursor->fetch()) { |
|
| 1319 | - $ids[] = (int)$row['id']; |
|
| 1320 | - } |
|
| 1321 | - $cursor->closeCursor(); |
|
| 1322 | - |
|
| 1323 | - if (!empty($ids)) { |
|
| 1324 | - $chunks = array_chunk($ids, 100); |
|
| 1325 | - foreach ($chunks as $chunk) { |
|
| 1326 | - /* |
|
| 1310 | + $qb = $this->dbConn->getQueryBuilder(); |
|
| 1311 | + $qb->select('id') |
|
| 1312 | + ->from('share') |
|
| 1313 | + ->where($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_GROUP))) |
|
| 1314 | + ->andWhere($qb->expr()->eq('share_with', $qb->createNamedParameter($gid))); |
|
| 1315 | + |
|
| 1316 | + $cursor = $qb->execute(); |
|
| 1317 | + $ids = []; |
|
| 1318 | + while ($row = $cursor->fetch()) { |
|
| 1319 | + $ids[] = (int)$row['id']; |
|
| 1320 | + } |
|
| 1321 | + $cursor->closeCursor(); |
|
| 1322 | + |
|
| 1323 | + if (!empty($ids)) { |
|
| 1324 | + $chunks = array_chunk($ids, 100); |
|
| 1325 | + foreach ($chunks as $chunk) { |
|
| 1326 | + /* |
|
| 1327 | 1327 | * Delete all special shares with this users for the found group shares |
| 1328 | 1328 | */ |
| 1329 | - $qb->delete('share') |
|
| 1330 | - ->where($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_USERGROUP))) |
|
| 1331 | - ->andWhere($qb->expr()->eq('share_with', $qb->createNamedParameter($uid))) |
|
| 1332 | - ->andWhere($qb->expr()->in('parent', $qb->createNamedParameter($chunk, IQueryBuilder::PARAM_INT_ARRAY))); |
|
| 1333 | - $qb->execute(); |
|
| 1334 | - } |
|
| 1335 | - } |
|
| 1336 | - } |
|
| 1337 | - |
|
| 1338 | - /** |
|
| 1339 | - * @inheritdoc |
|
| 1340 | - */ |
|
| 1341 | - public function getAccessList($nodes, $currentAccess) { |
|
| 1342 | - $ids = []; |
|
| 1343 | - foreach ($nodes as $node) { |
|
| 1344 | - $ids[] = $node->getId(); |
|
| 1345 | - } |
|
| 1346 | - |
|
| 1347 | - $qb = $this->dbConn->getQueryBuilder(); |
|
| 1348 | - |
|
| 1349 | - $or = $qb->expr()->orX( |
|
| 1350 | - $qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_USER)), |
|
| 1351 | - $qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_GROUP)), |
|
| 1352 | - $qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_LINK)) |
|
| 1353 | - ); |
|
| 1354 | - |
|
| 1355 | - if ($currentAccess) { |
|
| 1356 | - $or->add($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_USERGROUP))); |
|
| 1357 | - } |
|
| 1358 | - |
|
| 1359 | - $qb->select('id', 'parent', 'share_type', 'share_with', 'file_source', 'file_target', 'permissions') |
|
| 1360 | - ->from('share') |
|
| 1361 | - ->where( |
|
| 1362 | - $or |
|
| 1363 | - ) |
|
| 1364 | - ->andWhere($qb->expr()->in('file_source', $qb->createNamedParameter($ids, IQueryBuilder::PARAM_INT_ARRAY))) |
|
| 1365 | - ->andWhere($qb->expr()->orX( |
|
| 1366 | - $qb->expr()->eq('item_type', $qb->createNamedParameter('file')), |
|
| 1367 | - $qb->expr()->eq('item_type', $qb->createNamedParameter('folder')) |
|
| 1368 | - )); |
|
| 1369 | - $cursor = $qb->execute(); |
|
| 1370 | - |
|
| 1371 | - $users = []; |
|
| 1372 | - $link = false; |
|
| 1373 | - while ($row = $cursor->fetch()) { |
|
| 1374 | - $type = (int)$row['share_type']; |
|
| 1375 | - if ($type === IShare::TYPE_USER) { |
|
| 1376 | - $uid = $row['share_with']; |
|
| 1377 | - $users[$uid] = isset($users[$uid]) ? $users[$uid] : []; |
|
| 1378 | - $users[$uid][$row['id']] = $row; |
|
| 1379 | - } elseif ($type === IShare::TYPE_GROUP) { |
|
| 1380 | - $gid = $row['share_with']; |
|
| 1381 | - $group = $this->groupManager->get($gid); |
|
| 1382 | - |
|
| 1383 | - if ($group === null) { |
|
| 1384 | - continue; |
|
| 1385 | - } |
|
| 1386 | - |
|
| 1387 | - $userList = $group->getUsers(); |
|
| 1388 | - foreach ($userList as $user) { |
|
| 1389 | - $uid = $user->getUID(); |
|
| 1390 | - $users[$uid] = isset($users[$uid]) ? $users[$uid] : []; |
|
| 1391 | - $users[$uid][$row['id']] = $row; |
|
| 1392 | - } |
|
| 1393 | - } elseif ($type === IShare::TYPE_LINK) { |
|
| 1394 | - $link = true; |
|
| 1395 | - } elseif ($type === IShare::TYPE_USERGROUP && $currentAccess === true) { |
|
| 1396 | - $uid = $row['share_with']; |
|
| 1397 | - $users[$uid] = isset($users[$uid]) ? $users[$uid] : []; |
|
| 1398 | - $users[$uid][$row['id']] = $row; |
|
| 1399 | - } |
|
| 1400 | - } |
|
| 1401 | - $cursor->closeCursor(); |
|
| 1402 | - |
|
| 1403 | - if ($currentAccess === true) { |
|
| 1404 | - $users = array_map([$this, 'filterSharesOfUser'], $users); |
|
| 1405 | - $users = array_filter($users); |
|
| 1406 | - } else { |
|
| 1407 | - $users = array_keys($users); |
|
| 1408 | - } |
|
| 1409 | - |
|
| 1410 | - return ['users' => $users, 'public' => $link]; |
|
| 1411 | - } |
|
| 1412 | - |
|
| 1413 | - /** |
|
| 1414 | - * For each user the path with the fewest slashes is returned |
|
| 1415 | - * @param array $shares |
|
| 1416 | - * @return array |
|
| 1417 | - */ |
|
| 1418 | - protected function filterSharesOfUser(array $shares) { |
|
| 1419 | - // Group shares when the user has a share exception |
|
| 1420 | - foreach ($shares as $id => $share) { |
|
| 1421 | - $type = (int) $share['share_type']; |
|
| 1422 | - $permissions = (int) $share['permissions']; |
|
| 1423 | - |
|
| 1424 | - if ($type === IShare::TYPE_USERGROUP) { |
|
| 1425 | - unset($shares[$share['parent']]); |
|
| 1426 | - |
|
| 1427 | - if ($permissions === 0) { |
|
| 1428 | - unset($shares[$id]); |
|
| 1429 | - } |
|
| 1430 | - } |
|
| 1431 | - } |
|
| 1432 | - |
|
| 1433 | - $best = []; |
|
| 1434 | - $bestDepth = 0; |
|
| 1435 | - foreach ($shares as $id => $share) { |
|
| 1436 | - $depth = substr_count(($share['file_target'] ?? ''), '/'); |
|
| 1437 | - if (empty($best) || $depth < $bestDepth) { |
|
| 1438 | - $bestDepth = $depth; |
|
| 1439 | - $best = [ |
|
| 1440 | - 'node_id' => $share['file_source'], |
|
| 1441 | - 'node_path' => $share['file_target'], |
|
| 1442 | - ]; |
|
| 1443 | - } |
|
| 1444 | - } |
|
| 1445 | - |
|
| 1446 | - return $best; |
|
| 1447 | - } |
|
| 1448 | - |
|
| 1449 | - /** |
|
| 1450 | - * propagate notes to the recipients |
|
| 1451 | - * |
|
| 1452 | - * @param IShare $share |
|
| 1453 | - * @throws \OCP\Files\NotFoundException |
|
| 1454 | - */ |
|
| 1455 | - private function propagateNote(IShare $share) { |
|
| 1456 | - if ($share->getShareType() === IShare::TYPE_USER) { |
|
| 1457 | - $user = $this->userManager->get($share->getSharedWith()); |
|
| 1458 | - $this->sendNote([$user], $share); |
|
| 1459 | - } elseif ($share->getShareType() === IShare::TYPE_GROUP) { |
|
| 1460 | - $group = $this->groupManager->get($share->getSharedWith()); |
|
| 1461 | - $groupMembers = $group->getUsers(); |
|
| 1462 | - $this->sendNote($groupMembers, $share); |
|
| 1463 | - } |
|
| 1464 | - } |
|
| 1465 | - |
|
| 1466 | - /** |
|
| 1467 | - * send note by mail |
|
| 1468 | - * |
|
| 1469 | - * @param array $recipients |
|
| 1470 | - * @param IShare $share |
|
| 1471 | - * @throws \OCP\Files\NotFoundException |
|
| 1472 | - */ |
|
| 1473 | - private function sendNote(array $recipients, IShare $share) { |
|
| 1474 | - $toListByLanguage = []; |
|
| 1475 | - |
|
| 1476 | - foreach ($recipients as $recipient) { |
|
| 1477 | - /** @var IUser $recipient */ |
|
| 1478 | - $email = $recipient->getEMailAddress(); |
|
| 1479 | - if ($email) { |
|
| 1480 | - $language = $this->l10nFactory->getUserLanguage($recipient); |
|
| 1481 | - if (!isset($toListByLanguage[$language])) { |
|
| 1482 | - $toListByLanguage[$language] = []; |
|
| 1483 | - } |
|
| 1484 | - $toListByLanguage[$language][$email] = $recipient->getDisplayName(); |
|
| 1485 | - } |
|
| 1486 | - } |
|
| 1487 | - |
|
| 1488 | - if (empty($toListByLanguage)) { |
|
| 1489 | - return; |
|
| 1490 | - } |
|
| 1491 | - |
|
| 1492 | - foreach ($toListByLanguage as $l10n => $toList) { |
|
| 1493 | - $filename = $share->getNode()->getName(); |
|
| 1494 | - $initiator = $share->getSharedBy(); |
|
| 1495 | - $note = $share->getNote(); |
|
| 1496 | - |
|
| 1497 | - $l = $this->l10nFactory->get('lib', $l10n); |
|
| 1498 | - |
|
| 1499 | - $initiatorUser = $this->userManager->get($initiator); |
|
| 1500 | - $initiatorDisplayName = ($initiatorUser instanceof IUser) ? $initiatorUser->getDisplayName() : $initiator; |
|
| 1501 | - $initiatorEmailAddress = ($initiatorUser instanceof IUser) ? $initiatorUser->getEMailAddress() : null; |
|
| 1502 | - $plainHeading = $l->t('%1$s shared »%2$s« with you and wants to add:', [$initiatorDisplayName, $filename]); |
|
| 1503 | - $htmlHeading = $l->t('%1$s shared »%2$s« with you and wants to add', [$initiatorDisplayName, $filename]); |
|
| 1504 | - $message = $this->mailer->createMessage(); |
|
| 1505 | - |
|
| 1506 | - $emailTemplate = $this->mailer->createEMailTemplate('defaultShareProvider.sendNote'); |
|
| 1507 | - |
|
| 1508 | - $emailTemplate->setSubject($l->t('»%s« added a note to a file shared with you', [$initiatorDisplayName])); |
|
| 1509 | - $emailTemplate->addHeader(); |
|
| 1510 | - $emailTemplate->addHeading($htmlHeading, $plainHeading); |
|
| 1511 | - $emailTemplate->addBodyText(htmlspecialchars($note), $note); |
|
| 1512 | - |
|
| 1513 | - $link = $this->urlGenerator->linkToRouteAbsolute('files.viewcontroller.showFile', ['fileid' => $share->getNode()->getId()]); |
|
| 1514 | - $emailTemplate->addBodyButton( |
|
| 1515 | - $l->t('Open »%s«', [$filename]), |
|
| 1516 | - $link |
|
| 1517 | - ); |
|
| 1518 | - |
|
| 1519 | - |
|
| 1520 | - // The "From" contains the sharers name |
|
| 1521 | - $instanceName = $this->defaults->getName(); |
|
| 1522 | - $senderName = $l->t( |
|
| 1523 | - '%1$s via %2$s', |
|
| 1524 | - [ |
|
| 1525 | - $initiatorDisplayName, |
|
| 1526 | - $instanceName |
|
| 1527 | - ] |
|
| 1528 | - ); |
|
| 1529 | - $message->setFrom([\OCP\Util::getDefaultEmailAddress($instanceName) => $senderName]); |
|
| 1530 | - if ($initiatorEmailAddress !== null) { |
|
| 1531 | - $message->setReplyTo([$initiatorEmailAddress => $initiatorDisplayName]); |
|
| 1532 | - $emailTemplate->addFooter($instanceName . ' - ' . $this->defaults->getSlogan()); |
|
| 1533 | - } else { |
|
| 1534 | - $emailTemplate->addFooter(); |
|
| 1535 | - } |
|
| 1536 | - |
|
| 1537 | - if (count($toList) === 1) { |
|
| 1538 | - $message->setTo($toList); |
|
| 1539 | - } else { |
|
| 1540 | - $message->setTo([]); |
|
| 1541 | - $message->setBcc($toList); |
|
| 1542 | - } |
|
| 1543 | - $message->useTemplate($emailTemplate); |
|
| 1544 | - $this->mailer->send($message); |
|
| 1545 | - } |
|
| 1546 | - } |
|
| 1547 | - |
|
| 1548 | - public function getAllShares(): iterable { |
|
| 1549 | - $qb = $this->dbConn->getQueryBuilder(); |
|
| 1550 | - |
|
| 1551 | - $qb->select('*') |
|
| 1552 | - ->from('share') |
|
| 1553 | - ->where( |
|
| 1554 | - $qb->expr()->orX( |
|
| 1555 | - $qb->expr()->eq('share_type', $qb->createNamedParameter(\OCP\Share\IShare::TYPE_USER)), |
|
| 1556 | - $qb->expr()->eq('share_type', $qb->createNamedParameter(\OCP\Share\IShare::TYPE_GROUP)), |
|
| 1557 | - $qb->expr()->eq('share_type', $qb->createNamedParameter(\OCP\Share\IShare::TYPE_LINK)) |
|
| 1558 | - ) |
|
| 1559 | - ); |
|
| 1560 | - |
|
| 1561 | - $cursor = $qb->execute(); |
|
| 1562 | - while ($data = $cursor->fetch()) { |
|
| 1563 | - try { |
|
| 1564 | - $share = $this->createShare($data); |
|
| 1565 | - } catch (InvalidShare $e) { |
|
| 1566 | - continue; |
|
| 1567 | - } |
|
| 1568 | - |
|
| 1569 | - yield $share; |
|
| 1570 | - } |
|
| 1571 | - $cursor->closeCursor(); |
|
| 1572 | - } |
|
| 1573 | - |
|
| 1574 | - /** |
|
| 1575 | - * Load from database format (JSON string) to IAttributes |
|
| 1576 | - * |
|
| 1577 | - * @return IShare the modified share |
|
| 1578 | - */ |
|
| 1579 | - private function updateShareAttributes(IShare $share, ?string $data): IShare { |
|
| 1580 | - if ($data !== null && $data !== '') { |
|
| 1581 | - $attributes = new ShareAttributes(); |
|
| 1582 | - $compressedAttributes = \json_decode($data, true); |
|
| 1583 | - if ($compressedAttributes === false || $compressedAttributes === null) { |
|
| 1584 | - return $share; |
|
| 1585 | - } |
|
| 1586 | - foreach ($compressedAttributes as $compressedAttribute) { |
|
| 1587 | - $attributes->setAttribute( |
|
| 1588 | - $compressedAttribute[0], |
|
| 1589 | - $compressedAttribute[1], |
|
| 1590 | - $compressedAttribute[2] |
|
| 1591 | - ); |
|
| 1592 | - } |
|
| 1593 | - $share->setAttributes($attributes); |
|
| 1594 | - } |
|
| 1595 | - |
|
| 1596 | - return $share; |
|
| 1597 | - } |
|
| 1598 | - |
|
| 1599 | - /** |
|
| 1600 | - * Format IAttributes to database format (JSON string) |
|
| 1601 | - */ |
|
| 1602 | - private function formatShareAttributes(?IAttributes $attributes): ?string { |
|
| 1603 | - if ($attributes === null || empty($attributes->toArray())) { |
|
| 1604 | - return null; |
|
| 1605 | - } |
|
| 1606 | - |
|
| 1607 | - $compressedAttributes = []; |
|
| 1608 | - foreach ($attributes->toArray() as $attribute) { |
|
| 1609 | - $compressedAttributes[] = [ |
|
| 1610 | - 0 => $attribute['scope'], |
|
| 1611 | - 1 => $attribute['key'], |
|
| 1612 | - 2 => $attribute['enabled'] |
|
| 1613 | - ]; |
|
| 1614 | - } |
|
| 1615 | - return \json_encode($compressedAttributes); |
|
| 1616 | - } |
|
| 1329 | + $qb->delete('share') |
|
| 1330 | + ->where($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_USERGROUP))) |
|
| 1331 | + ->andWhere($qb->expr()->eq('share_with', $qb->createNamedParameter($uid))) |
|
| 1332 | + ->andWhere($qb->expr()->in('parent', $qb->createNamedParameter($chunk, IQueryBuilder::PARAM_INT_ARRAY))); |
|
| 1333 | + $qb->execute(); |
|
| 1334 | + } |
|
| 1335 | + } |
|
| 1336 | + } |
|
| 1337 | + |
|
| 1338 | + /** |
|
| 1339 | + * @inheritdoc |
|
| 1340 | + */ |
|
| 1341 | + public function getAccessList($nodes, $currentAccess) { |
|
| 1342 | + $ids = []; |
|
| 1343 | + foreach ($nodes as $node) { |
|
| 1344 | + $ids[] = $node->getId(); |
|
| 1345 | + } |
|
| 1346 | + |
|
| 1347 | + $qb = $this->dbConn->getQueryBuilder(); |
|
| 1348 | + |
|
| 1349 | + $or = $qb->expr()->orX( |
|
| 1350 | + $qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_USER)), |
|
| 1351 | + $qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_GROUP)), |
|
| 1352 | + $qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_LINK)) |
|
| 1353 | + ); |
|
| 1354 | + |
|
| 1355 | + if ($currentAccess) { |
|
| 1356 | + $or->add($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_USERGROUP))); |
|
| 1357 | + } |
|
| 1358 | + |
|
| 1359 | + $qb->select('id', 'parent', 'share_type', 'share_with', 'file_source', 'file_target', 'permissions') |
|
| 1360 | + ->from('share') |
|
| 1361 | + ->where( |
|
| 1362 | + $or |
|
| 1363 | + ) |
|
| 1364 | + ->andWhere($qb->expr()->in('file_source', $qb->createNamedParameter($ids, IQueryBuilder::PARAM_INT_ARRAY))) |
|
| 1365 | + ->andWhere($qb->expr()->orX( |
|
| 1366 | + $qb->expr()->eq('item_type', $qb->createNamedParameter('file')), |
|
| 1367 | + $qb->expr()->eq('item_type', $qb->createNamedParameter('folder')) |
|
| 1368 | + )); |
|
| 1369 | + $cursor = $qb->execute(); |
|
| 1370 | + |
|
| 1371 | + $users = []; |
|
| 1372 | + $link = false; |
|
| 1373 | + while ($row = $cursor->fetch()) { |
|
| 1374 | + $type = (int)$row['share_type']; |
|
| 1375 | + if ($type === IShare::TYPE_USER) { |
|
| 1376 | + $uid = $row['share_with']; |
|
| 1377 | + $users[$uid] = isset($users[$uid]) ? $users[$uid] : []; |
|
| 1378 | + $users[$uid][$row['id']] = $row; |
|
| 1379 | + } elseif ($type === IShare::TYPE_GROUP) { |
|
| 1380 | + $gid = $row['share_with']; |
|
| 1381 | + $group = $this->groupManager->get($gid); |
|
| 1382 | + |
|
| 1383 | + if ($group === null) { |
|
| 1384 | + continue; |
|
| 1385 | + } |
|
| 1386 | + |
|
| 1387 | + $userList = $group->getUsers(); |
|
| 1388 | + foreach ($userList as $user) { |
|
| 1389 | + $uid = $user->getUID(); |
|
| 1390 | + $users[$uid] = isset($users[$uid]) ? $users[$uid] : []; |
|
| 1391 | + $users[$uid][$row['id']] = $row; |
|
| 1392 | + } |
|
| 1393 | + } elseif ($type === IShare::TYPE_LINK) { |
|
| 1394 | + $link = true; |
|
| 1395 | + } elseif ($type === IShare::TYPE_USERGROUP && $currentAccess === true) { |
|
| 1396 | + $uid = $row['share_with']; |
|
| 1397 | + $users[$uid] = isset($users[$uid]) ? $users[$uid] : []; |
|
| 1398 | + $users[$uid][$row['id']] = $row; |
|
| 1399 | + } |
|
| 1400 | + } |
|
| 1401 | + $cursor->closeCursor(); |
|
| 1402 | + |
|
| 1403 | + if ($currentAccess === true) { |
|
| 1404 | + $users = array_map([$this, 'filterSharesOfUser'], $users); |
|
| 1405 | + $users = array_filter($users); |
|
| 1406 | + } else { |
|
| 1407 | + $users = array_keys($users); |
|
| 1408 | + } |
|
| 1409 | + |
|
| 1410 | + return ['users' => $users, 'public' => $link]; |
|
| 1411 | + } |
|
| 1412 | + |
|
| 1413 | + /** |
|
| 1414 | + * For each user the path with the fewest slashes is returned |
|
| 1415 | + * @param array $shares |
|
| 1416 | + * @return array |
|
| 1417 | + */ |
|
| 1418 | + protected function filterSharesOfUser(array $shares) { |
|
| 1419 | + // Group shares when the user has a share exception |
|
| 1420 | + foreach ($shares as $id => $share) { |
|
| 1421 | + $type = (int) $share['share_type']; |
|
| 1422 | + $permissions = (int) $share['permissions']; |
|
| 1423 | + |
|
| 1424 | + if ($type === IShare::TYPE_USERGROUP) { |
|
| 1425 | + unset($shares[$share['parent']]); |
|
| 1426 | + |
|
| 1427 | + if ($permissions === 0) { |
|
| 1428 | + unset($shares[$id]); |
|
| 1429 | + } |
|
| 1430 | + } |
|
| 1431 | + } |
|
| 1432 | + |
|
| 1433 | + $best = []; |
|
| 1434 | + $bestDepth = 0; |
|
| 1435 | + foreach ($shares as $id => $share) { |
|
| 1436 | + $depth = substr_count(($share['file_target'] ?? ''), '/'); |
|
| 1437 | + if (empty($best) || $depth < $bestDepth) { |
|
| 1438 | + $bestDepth = $depth; |
|
| 1439 | + $best = [ |
|
| 1440 | + 'node_id' => $share['file_source'], |
|
| 1441 | + 'node_path' => $share['file_target'], |
|
| 1442 | + ]; |
|
| 1443 | + } |
|
| 1444 | + } |
|
| 1445 | + |
|
| 1446 | + return $best; |
|
| 1447 | + } |
|
| 1448 | + |
|
| 1449 | + /** |
|
| 1450 | + * propagate notes to the recipients |
|
| 1451 | + * |
|
| 1452 | + * @param IShare $share |
|
| 1453 | + * @throws \OCP\Files\NotFoundException |
|
| 1454 | + */ |
|
| 1455 | + private function propagateNote(IShare $share) { |
|
| 1456 | + if ($share->getShareType() === IShare::TYPE_USER) { |
|
| 1457 | + $user = $this->userManager->get($share->getSharedWith()); |
|
| 1458 | + $this->sendNote([$user], $share); |
|
| 1459 | + } elseif ($share->getShareType() === IShare::TYPE_GROUP) { |
|
| 1460 | + $group = $this->groupManager->get($share->getSharedWith()); |
|
| 1461 | + $groupMembers = $group->getUsers(); |
|
| 1462 | + $this->sendNote($groupMembers, $share); |
|
| 1463 | + } |
|
| 1464 | + } |
|
| 1465 | + |
|
| 1466 | + /** |
|
| 1467 | + * send note by mail |
|
| 1468 | + * |
|
| 1469 | + * @param array $recipients |
|
| 1470 | + * @param IShare $share |
|
| 1471 | + * @throws \OCP\Files\NotFoundException |
|
| 1472 | + */ |
|
| 1473 | + private function sendNote(array $recipients, IShare $share) { |
|
| 1474 | + $toListByLanguage = []; |
|
| 1475 | + |
|
| 1476 | + foreach ($recipients as $recipient) { |
|
| 1477 | + /** @var IUser $recipient */ |
|
| 1478 | + $email = $recipient->getEMailAddress(); |
|
| 1479 | + if ($email) { |
|
| 1480 | + $language = $this->l10nFactory->getUserLanguage($recipient); |
|
| 1481 | + if (!isset($toListByLanguage[$language])) { |
|
| 1482 | + $toListByLanguage[$language] = []; |
|
| 1483 | + } |
|
| 1484 | + $toListByLanguage[$language][$email] = $recipient->getDisplayName(); |
|
| 1485 | + } |
|
| 1486 | + } |
|
| 1487 | + |
|
| 1488 | + if (empty($toListByLanguage)) { |
|
| 1489 | + return; |
|
| 1490 | + } |
|
| 1491 | + |
|
| 1492 | + foreach ($toListByLanguage as $l10n => $toList) { |
|
| 1493 | + $filename = $share->getNode()->getName(); |
|
| 1494 | + $initiator = $share->getSharedBy(); |
|
| 1495 | + $note = $share->getNote(); |
|
| 1496 | + |
|
| 1497 | + $l = $this->l10nFactory->get('lib', $l10n); |
|
| 1498 | + |
|
| 1499 | + $initiatorUser = $this->userManager->get($initiator); |
|
| 1500 | + $initiatorDisplayName = ($initiatorUser instanceof IUser) ? $initiatorUser->getDisplayName() : $initiator; |
|
| 1501 | + $initiatorEmailAddress = ($initiatorUser instanceof IUser) ? $initiatorUser->getEMailAddress() : null; |
|
| 1502 | + $plainHeading = $l->t('%1$s shared »%2$s« with you and wants to add:', [$initiatorDisplayName, $filename]); |
|
| 1503 | + $htmlHeading = $l->t('%1$s shared »%2$s« with you and wants to add', [$initiatorDisplayName, $filename]); |
|
| 1504 | + $message = $this->mailer->createMessage(); |
|
| 1505 | + |
|
| 1506 | + $emailTemplate = $this->mailer->createEMailTemplate('defaultShareProvider.sendNote'); |
|
| 1507 | + |
|
| 1508 | + $emailTemplate->setSubject($l->t('»%s« added a note to a file shared with you', [$initiatorDisplayName])); |
|
| 1509 | + $emailTemplate->addHeader(); |
|
| 1510 | + $emailTemplate->addHeading($htmlHeading, $plainHeading); |
|
| 1511 | + $emailTemplate->addBodyText(htmlspecialchars($note), $note); |
|
| 1512 | + |
|
| 1513 | + $link = $this->urlGenerator->linkToRouteAbsolute('files.viewcontroller.showFile', ['fileid' => $share->getNode()->getId()]); |
|
| 1514 | + $emailTemplate->addBodyButton( |
|
| 1515 | + $l->t('Open »%s«', [$filename]), |
|
| 1516 | + $link |
|
| 1517 | + ); |
|
| 1518 | + |
|
| 1519 | + |
|
| 1520 | + // The "From" contains the sharers name |
|
| 1521 | + $instanceName = $this->defaults->getName(); |
|
| 1522 | + $senderName = $l->t( |
|
| 1523 | + '%1$s via %2$s', |
|
| 1524 | + [ |
|
| 1525 | + $initiatorDisplayName, |
|
| 1526 | + $instanceName |
|
| 1527 | + ] |
|
| 1528 | + ); |
|
| 1529 | + $message->setFrom([\OCP\Util::getDefaultEmailAddress($instanceName) => $senderName]); |
|
| 1530 | + if ($initiatorEmailAddress !== null) { |
|
| 1531 | + $message->setReplyTo([$initiatorEmailAddress => $initiatorDisplayName]); |
|
| 1532 | + $emailTemplate->addFooter($instanceName . ' - ' . $this->defaults->getSlogan()); |
|
| 1533 | + } else { |
|
| 1534 | + $emailTemplate->addFooter(); |
|
| 1535 | + } |
|
| 1536 | + |
|
| 1537 | + if (count($toList) === 1) { |
|
| 1538 | + $message->setTo($toList); |
|
| 1539 | + } else { |
|
| 1540 | + $message->setTo([]); |
|
| 1541 | + $message->setBcc($toList); |
|
| 1542 | + } |
|
| 1543 | + $message->useTemplate($emailTemplate); |
|
| 1544 | + $this->mailer->send($message); |
|
| 1545 | + } |
|
| 1546 | + } |
|
| 1547 | + |
|
| 1548 | + public function getAllShares(): iterable { |
|
| 1549 | + $qb = $this->dbConn->getQueryBuilder(); |
|
| 1550 | + |
|
| 1551 | + $qb->select('*') |
|
| 1552 | + ->from('share') |
|
| 1553 | + ->where( |
|
| 1554 | + $qb->expr()->orX( |
|
| 1555 | + $qb->expr()->eq('share_type', $qb->createNamedParameter(\OCP\Share\IShare::TYPE_USER)), |
|
| 1556 | + $qb->expr()->eq('share_type', $qb->createNamedParameter(\OCP\Share\IShare::TYPE_GROUP)), |
|
| 1557 | + $qb->expr()->eq('share_type', $qb->createNamedParameter(\OCP\Share\IShare::TYPE_LINK)) |
|
| 1558 | + ) |
|
| 1559 | + ); |
|
| 1560 | + |
|
| 1561 | + $cursor = $qb->execute(); |
|
| 1562 | + while ($data = $cursor->fetch()) { |
|
| 1563 | + try { |
|
| 1564 | + $share = $this->createShare($data); |
|
| 1565 | + } catch (InvalidShare $e) { |
|
| 1566 | + continue; |
|
| 1567 | + } |
|
| 1568 | + |
|
| 1569 | + yield $share; |
|
| 1570 | + } |
|
| 1571 | + $cursor->closeCursor(); |
|
| 1572 | + } |
|
| 1573 | + |
|
| 1574 | + /** |
|
| 1575 | + * Load from database format (JSON string) to IAttributes |
|
| 1576 | + * |
|
| 1577 | + * @return IShare the modified share |
|
| 1578 | + */ |
|
| 1579 | + private function updateShareAttributes(IShare $share, ?string $data): IShare { |
|
| 1580 | + if ($data !== null && $data !== '') { |
|
| 1581 | + $attributes = new ShareAttributes(); |
|
| 1582 | + $compressedAttributes = \json_decode($data, true); |
|
| 1583 | + if ($compressedAttributes === false || $compressedAttributes === null) { |
|
| 1584 | + return $share; |
|
| 1585 | + } |
|
| 1586 | + foreach ($compressedAttributes as $compressedAttribute) { |
|
| 1587 | + $attributes->setAttribute( |
|
| 1588 | + $compressedAttribute[0], |
|
| 1589 | + $compressedAttribute[1], |
|
| 1590 | + $compressedAttribute[2] |
|
| 1591 | + ); |
|
| 1592 | + } |
|
| 1593 | + $share->setAttributes($attributes); |
|
| 1594 | + } |
|
| 1595 | + |
|
| 1596 | + return $share; |
|
| 1597 | + } |
|
| 1598 | + |
|
| 1599 | + /** |
|
| 1600 | + * Format IAttributes to database format (JSON string) |
|
| 1601 | + */ |
|
| 1602 | + private function formatShareAttributes(?IAttributes $attributes): ?string { |
|
| 1603 | + if ($attributes === null || empty($attributes->toArray())) { |
|
| 1604 | + return null; |
|
| 1605 | + } |
|
| 1606 | + |
|
| 1607 | + $compressedAttributes = []; |
|
| 1608 | + foreach ($attributes->toArray() as $attribute) { |
|
| 1609 | + $compressedAttributes[] = [ |
|
| 1610 | + 0 => $attribute['scope'], |
|
| 1611 | + 1 => $attribute['key'], |
|
| 1612 | + 2 => $attribute['enabled'] |
|
| 1613 | + ]; |
|
| 1614 | + } |
|
| 1615 | + return \json_encode($compressedAttributes); |
|
| 1616 | + } |
|
| 1617 | 1617 | } |
