nextcloud / server

lib/private/legacy/api.php

Indentation +462 added lines, -462 removed lines

@@ -37,466 +37,466 @@
 
 class OC_API {
 
-	/**
-	 * API authentication levels
-	 */
-
-	/** @deprecated Use \OCP\API::GUEST_AUTH instead */
-	const GUEST_AUTH = 0;
-
-	/** @deprecated Use \OCP\API::USER_AUTH instead */
-	const USER_AUTH = 1;
-
-	/** @deprecated Use \OCP\API::SUBADMIN_AUTH instead */
-	const SUBADMIN_AUTH = 2;
-
-	/** @deprecated Use \OCP\API::ADMIN_AUTH instead */
-	const ADMIN_AUTH = 3;
-
-	/**
-	 * API Response Codes
-	 */
-
-	/** @deprecated Use \OCP\API::RESPOND_UNAUTHORISED instead */
-	const RESPOND_UNAUTHORISED = 997;
-
-	/** @deprecated Use \OCP\API::RESPOND_SERVER_ERROR instead */
-	const RESPOND_SERVER_ERROR = 996;
-
-	/** @deprecated Use \OCP\API::RESPOND_NOT_FOUND instead */
-	const RESPOND_NOT_FOUND = 998;
-
-	/** @deprecated Use \OCP\API::RESPOND_UNKNOWN_ERROR instead */
-	const RESPOND_UNKNOWN_ERROR = 999;
-
-	/**
-	 * api actions
-	 */
-	protected static $actions = array();
-	private static $logoutRequired = false;
-	private static $isLoggedIn = false;
-
-	/**
-	 * registers an api call
-	 * @param string $method the http method
-	 * @param string $url the url to match
-	 * @param callable $action the function to run
-	 * @param string $app the id of the app registering the call
-	 * @param int $authLevel the level of authentication required for the call
-	 * @param array $defaults
-	 * @param array $requirements
-	 */
-	public static function register($method, $url, $action, $app,
-				$authLevel = API::USER_AUTH,
-				$defaults = array(),
-				$requirements = array()) {
-		$name = strtolower($method).$url;
-		$name = str_replace(array('/', '{', '}'), '_', $name);
-		if(!isset(self::$actions[$name])) {
-			$oldCollection = OC::$server->getRouter()->getCurrentCollection();
-			OC::$server->getRouter()->useCollection('ocs');
-			OC::$server->getRouter()->create($name, $url)
-				->method($method)
-				->defaults($defaults)
-				->requirements($requirements)
-				->action('OC_API', 'call');
-			self::$actions[$name] = array();
-			OC::$server->getRouter()->useCollection($oldCollection);
-		}
-		self::$actions[$name][] = array('app' => $app, 'action' => $action, 'authlevel' => $authLevel);
-	}
-
-	/**
-	 * handles an api call
-	 * @param array $parameters
-	 */
-	public static function call($parameters) {
-		$request = \OC::$server->getRequest();
-		$method = $request->getMethod();
-
-		// Prepare the request variables
-		if($method === 'PUT') {
-			$parameters['_put'] = $request->getParams();
-		} else if($method === 'DELETE') {
-			$parameters['_delete'] = $request->getParams();
-		}
-		$name = $parameters['_route'];
-		// Foreach registered action
-		$responses = array();
-		$appManager = \OC::$server->getAppManager();
-		foreach(self::$actions[$name] as $action) {
-			// Check authentication and availability
-			if(!self::isAuthorised($action)) {
-				$responses[] = array(
-					'app' => $action['app'],
-					'response' => new \OC\OCS\Result(null, API::RESPOND_UNAUTHORISED, 'Unauthorised'),
-					'shipped' => $appManager->isShipped($action['app']),
-					);
-				continue;
-			}
-			if(!is_callable($action['action'])) {
-				$responses[] = array(
-					'app' => $action['app'],
-					'response' => new \OC\OCS\Result(null, API::RESPOND_NOT_FOUND, 'Api method not found'),
-					'shipped' => $appManager->isShipped($action['app']),
-					);
-				continue;
-			}
-			// Run the action
-			$responses[] = array(
-				'app' => $action['app'],
-				'response' => call_user_func($action['action'], $parameters),
-				'shipped' => $appManager->isShipped($action['app']),
-				);
-		}
-		$response = self::mergeResponses($responses);
-		$format = self::requestedFormat();
-		if (self::$logoutRequired) {
-			\OC::$server->getUserSession()->logout();
-		}
-
-		self::respond($response, $format);
-	}
-
-	/**
-	 * merge the returned result objects into one response
-	 * @param array $responses
-	 * @return \OC\OCS\Result
-	 */
-	public static function mergeResponses($responses) {
-		// Sort into shipped and third-party
-		$shipped = array(
-			'succeeded' => array(),
-			'failed' => array(),
-			);
-		$thirdparty = array(
-			'succeeded' => array(),
-			'failed' => array(),
-			);
-
-		foreach($responses as $response) {
-			if($response['shipped'] || ($response['app'] === 'core')) {
-				if($response['response']->succeeded()) {
-					$shipped['succeeded'][$response['app']] = $response;
-				} else {
-					$shipped['failed'][$response['app']] = $response;
-				}
-			} else {
-				if($response['response']->succeeded()) {
-					$thirdparty['succeeded'][$response['app']] = $response;
-				} else {
-					$thirdparty['failed'][$response['app']] = $response;
-				}
-			}
-		}
-
-		// Remove any error responses if there is one shipped response that succeeded
-		if(!empty($shipped['failed'])) {
-			// Which shipped response do we use if they all failed?
-			// They may have failed for different reasons (different status codes)
-			// Which response code should we return?
-			// Maybe any that are not \OCP\API::RESPOND_SERVER_ERROR
-			// Merge failed responses if more than one
-			$data = array();
-			foreach($shipped['failed'] as $failure) {
-				$data = array_merge_recursive($data, $failure['response']->getData());
-			}
-			$picked = reset($shipped['failed']);
-			$code = $picked['response']->getStatusCode();
-			$meta = $picked['response']->getMeta();
-			$headers = $picked['response']->getHeaders();
-			$response = new \OC\OCS\Result($data, $code, $meta['message'], $headers);
-			return $response;
-		} elseif(!empty($shipped['succeeded'])) {
-			$responses = array_merge($shipped['succeeded'], $thirdparty['succeeded']);
-		} elseif(!empty($thirdparty['failed'])) {
-			// Merge failed responses if more than one
-			$data = array();
-			foreach($thirdparty['failed'] as $failure) {
-				$data = array_merge_recursive($data, $failure['response']->getData());
-			}
-			$picked = reset($thirdparty['failed']);
-			$code = $picked['response']->getStatusCode();
-			$meta = $picked['response']->getMeta();
-			$headers = $picked['response']->getHeaders();
-			$response = new \OC\OCS\Result($data, $code, $meta['message'], $headers);
-			return $response;
-		} else {
-			$responses = $thirdparty['succeeded'];
-		}
-		// Merge the successful responses
-		$data = [];
-		$codes = [];
-		$header = [];
-
-		foreach($responses as $response) {
-			if($response['shipped']) {
-				$data = array_merge_recursive($response['response']->getData(), $data);
-			} else {
-				$data = array_merge_recursive($data, $response['response']->getData());
-			}
-			$header = array_merge_recursive($header, $response['response']->getHeaders());
-			$codes[] = ['code' => $response['response']->getStatusCode(),
-				'meta' => $response['response']->getMeta()];
-		}
-
-		// Use any non 100 status codes
-		$statusCode = 100;
-		$statusMessage = null;
-		foreach($codes as $code) {
-			if($code['code'] != 100) {
-				$statusCode = $code['code'];
-				$statusMessage = $code['meta']['message'];
-				break;
-			}
-		}
-
-		return new \OC\OCS\Result($data, $statusCode, $statusMessage, $header);
-	}
-
-	/**
-	 * authenticate the api call
-	 * @param array $action the action details as supplied to OC_API::register()
-	 * @return bool
-	 */
-	private static function isAuthorised($action) {
-		$level = $action['authlevel'];
-		switch($level) {
-			case API::GUEST_AUTH:
-				// Anyone can access
-				return true;
-			case API::USER_AUTH:
-				// User required
-				return self::loginUser();
-			case API::SUBADMIN_AUTH:
-				// Check for subadmin
-				$user = self::loginUser();
-				if(!$user) {
-					return false;
-				} else {
-					$userObject = \OC::$server->getUserSession()->getUser();
-					if($userObject === null) {
-						return false;
-					}
-					$isSubAdmin = \OC::$server->getGroupManager()->getSubAdmin()->isSubAdmin($userObject);
-					$admin = OC_User::isAdminUser($user);
-					if($isSubAdmin || $admin) {
-						return true;
-					} else {
-						return false;
-					}
-				}
-			case API::ADMIN_AUTH:
-				// Check for admin
-				$user = self::loginUser();
-				if(!$user) {
-					return false;
-				} else {
-					return OC_User::isAdminUser($user);
-				}
-			default:
-				// oops looks like invalid level supplied
-				return false;
-		}
-	}
-
-	/**
-	 * http basic auth
-	 * @return string|false (username, or false on failure)
-	 */
-	private static function loginUser() {
-		if(self::$isLoggedIn === true) {
-			return \OC_User::getUser();
-		}
-
-		// reuse existing login
-		$loggedIn = \OC::$server->getUserSession()->isLoggedIn();
-		if ($loggedIn === true) {
-			if (\OC::$server->getTwoFactorAuthManager()->needsSecondFactor(\OC::$server->getUserSession()->getUser())) {
-				// Do not allow access to OCS until the 2FA challenge was solved successfully
-				return false;
-			}
-			$ocsApiRequest = isset($_SERVER['HTTP_OCS_APIREQUEST']) ? $_SERVER['HTTP_OCS_APIREQUEST'] === 'true' : false;
-			if ($ocsApiRequest) {
-
-				// initialize the user's filesystem
-				\OC_Util::setupFS(\OC_User::getUser());
-				self::$isLoggedIn = true;
-
-				return OC_User::getUser();
-			}
-			return false;
-		}
-
-		// basic auth - because OC_User::login will create a new session we shall only try to login
-		// if user and pass are set
-		$userSession = \OC::$server->getUserSession();
-		$request = \OC::$server->getRequest();
-		try {
-			if ($userSession->tryTokenLogin($request)
-				|| $userSession->tryBasicAuthLogin($request, \OC::$server->getBruteForceThrottler())) {
-				self::$logoutRequired = true;
-			} else {
-				return false;
-			}
-			// initialize the user's filesystem
-			\OC_Util::setupFS(\OC_User::getUser());
-			self::$isLoggedIn = true;
-
-			return \OC_User::getUser();
-		} catch (\OC\User\LoginException $e) {
-			return false;
-		}
-	}
-
-	/**
-	 * respond to a call
-	 * @param \OC\OCS\Result $result
-	 * @param string $format the format xml|json
-	 */
-	public static function respond($result, $format='xml') {
-		$request = \OC::$server->getRequest();
-
-		// Send 401 headers if unauthorised
-		if($result->getStatusCode() === API::RESPOND_UNAUTHORISED) {
-			// If request comes from JS return dummy auth request
-			if($request->getHeader('X-Requested-With') === 'XMLHttpRequest') {
-				header('WWW-Authenticate: DummyBasic realm="Authorisation Required"');
-			} else {
-				header('WWW-Authenticate: Basic realm="Authorisation Required"');
-			}
-			header('HTTP/1.0 401 Unauthorized');
-		}
-
-		foreach($result->getHeaders() as $name => $value) {
-			header($name . ': ' . $value);
-		}
-
-		$meta = $result->getMeta();
-		$data = $result->getData();
-		if (self::isV2($request)) {
-			$statusCode = self::mapStatusCodes($result->getStatusCode());
-			if (!is_null($statusCode)) {
-				$meta['statuscode'] = $statusCode;
-				OC_Response::setStatus($statusCode);
-			}
-		}
-
-		self::setContentType($format);
-		$body = self::renderResult($format, $meta, $data);
-		echo $body;
-	}
-
-	/**
-	 * @param XMLWriter $writer
-	 */
-	private static function toXML($array, $writer) {
-		foreach($array as $k => $v) {
-			if ($k[0] === '@') {
-				$writer->writeAttribute(substr($k, 1), $v);
-				continue;
-			} else if (is_numeric($k)) {
-				$k = 'element';
-			}
-			if(is_array($v)) {
-				$writer->startElement($k);
-				self::toXML($v, $writer);
-				$writer->endElement();
-			} else {
-				$writer->writeElement($k, $v);
-			}
-		}
-	}
-
-	/**
-	 * @return string
-	 */
-	public static function requestedFormat() {
-		$formats = array('json', 'xml');
-
-		$format = !empty($_GET['format']) && in_array($_GET['format'], $formats) ? $_GET['format'] : 'xml';
-		return $format;
-	}
-
-	/**
-	 * Based on the requested format the response content type is set
-	 * @param string $format
-	 */
-	public static function setContentType($format = null) {
-		$format = is_null($format) ? self::requestedFormat() : $format;
-		if ($format === 'xml') {
-			header('Content-type: text/xml; charset=UTF-8');
-			return;
-		}
-
-		if ($format === 'json') {
-			header('Content-Type: application/json; charset=utf-8');
-			return;
-		}
-
-		header('Content-Type: application/octet-stream; charset=utf-8');
-	}
-
-	/**
-	 * @param \OCP\IRequest $request
-	 * @return bool
-	 */
-	protected static function isV2(\OCP\IRequest $request) {
-		$script = $request->getScriptName();
-
-		return substr($script, -11) === '/ocs/v2.php';
-	}
-
-	/**
-	 * @param integer $sc
-	 * @return int
-	 */
-	public static function mapStatusCodes($sc) {
-		switch ($sc) {
-			case API::RESPOND_NOT_FOUND:
-				return Http::STATUS_NOT_FOUND;
-			case API::RESPOND_SERVER_ERROR:
-				return Http::STATUS_INTERNAL_SERVER_ERROR;
-			case API::RESPOND_UNKNOWN_ERROR:
-				return Http::STATUS_INTERNAL_SERVER_ERROR;
-			case API::RESPOND_UNAUTHORISED:
-				// already handled for v1
-				return null;
-			case 100:
-				return Http::STATUS_OK;
-		}
-		// any 2xx, 4xx and 5xx will be used as is
-		if ($sc >= 200 && $sc < 600) {
-			return $sc;
-		}
-
-		return Http::STATUS_BAD_REQUEST;
-	}
-
-	/**
-	 * @param string $format
-	 * @return string
-	 */
-	public static function renderResult($format, $meta, $data) {
-		$response = array(
-			'ocs' => array(
-				'meta' => $meta,
-				'data' => $data,
-			),
-		);
-		if ($format == 'json') {
-			if (is_array($response)) {
-				array_walk_recursive($response, array('OC_JSON', 'to_string'));
-			}
-			return json_encode($response, JSON_HEX_TAG);
-		}
-
-		$writer = new XMLWriter();
-		$writer->openMemory();
-		$writer->setIndent(true);
-		$writer->startDocument();
-		self::toXML($response, $writer);
-		$writer->endDocument();
-		return $writer->outputMemory(true);
-	}
+    /**
+     * API authentication levels
+     */
+
+    /** @deprecated Use \OCP\API::GUEST_AUTH instead */
+    const GUEST_AUTH = 0;
+
+    /** @deprecated Use \OCP\API::USER_AUTH instead */
+    const USER_AUTH = 1;
+
+    /** @deprecated Use \OCP\API::SUBADMIN_AUTH instead */
+    const SUBADMIN_AUTH = 2;
+
+    /** @deprecated Use \OCP\API::ADMIN_AUTH instead */
+    const ADMIN_AUTH = 3;
+
+    /**
+     * API Response Codes
+     */
+
+    /** @deprecated Use \OCP\API::RESPOND_UNAUTHORISED instead */
+    const RESPOND_UNAUTHORISED = 997;
+
+    /** @deprecated Use \OCP\API::RESPOND_SERVER_ERROR instead */
+    const RESPOND_SERVER_ERROR = 996;
+
+    /** @deprecated Use \OCP\API::RESPOND_NOT_FOUND instead */
+    const RESPOND_NOT_FOUND = 998;
+
+    /** @deprecated Use \OCP\API::RESPOND_UNKNOWN_ERROR instead */
+    const RESPOND_UNKNOWN_ERROR = 999;
+
+    /**
+     * api actions
+     */
+    protected static $actions = array();
+    private static $logoutRequired = false;
+    private static $isLoggedIn = false;
+
+    /**
+     * registers an api call
+     * @param string $method the http method
+     * @param string $url the url to match
+     * @param callable $action the function to run
+     * @param string $app the id of the app registering the call
+     * @param int $authLevel the level of authentication required for the call
+     * @param array $defaults
+     * @param array $requirements
+     */
+    public static function register($method, $url, $action, $app,
+                $authLevel = API::USER_AUTH,
+                $defaults = array(),
+                $requirements = array()) {
+        $name = strtolower($method).$url;
+        $name = str_replace(array('/', '{', '}'), '_', $name);
+        if(!isset(self::$actions[$name])) {
+            $oldCollection = OC::$server->getRouter()->getCurrentCollection();
+            OC::$server->getRouter()->useCollection('ocs');
+            OC::$server->getRouter()->create($name, $url)
+                ->method($method)
+                ->defaults($defaults)
+                ->requirements($requirements)
+                ->action('OC_API', 'call');
+            self::$actions[$name] = array();
+            OC::$server->getRouter()->useCollection($oldCollection);
+        }
+        self::$actions[$name][] = array('app' => $app, 'action' => $action, 'authlevel' => $authLevel);
+    }
+
+    /**
+     * handles an api call
+     * @param array $parameters
+     */
+    public static function call($parameters) {
+        $request = \OC::$server->getRequest();
+        $method = $request->getMethod();
+
+        // Prepare the request variables
+        if($method === 'PUT') {
+            $parameters['_put'] = $request->getParams();
+        } else if($method === 'DELETE') {
+            $parameters['_delete'] = $request->getParams();
+        }
+        $name = $parameters['_route'];
+        // Foreach registered action
+        $responses = array();
+        $appManager = \OC::$server->getAppManager();
+        foreach(self::$actions[$name] as $action) {
+            // Check authentication and availability
+            if(!self::isAuthorised($action)) {
+                $responses[] = array(
+                    'app' => $action['app'],
+                    'response' => new \OC\OCS\Result(null, API::RESPOND_UNAUTHORISED, 'Unauthorised'),
+                    'shipped' => $appManager->isShipped($action['app']),
+                    );
+                continue;
+            }
+            if(!is_callable($action['action'])) {
+                $responses[] = array(
+                    'app' => $action['app'],
+                    'response' => new \OC\OCS\Result(null, API::RESPOND_NOT_FOUND, 'Api method not found'),
+                    'shipped' => $appManager->isShipped($action['app']),
+                    );
+                continue;
+            }
+            // Run the action
+            $responses[] = array(
+                'app' => $action['app'],
+                'response' => call_user_func($action['action'], $parameters),
+                'shipped' => $appManager->isShipped($action['app']),
+                );
+        }
+        $response = self::mergeResponses($responses);
+        $format = self::requestedFormat();
+        if (self::$logoutRequired) {
+            \OC::$server->getUserSession()->logout();
+        }
+
+        self::respond($response, $format);
+    }
+
+    /**
+     * merge the returned result objects into one response
+     * @param array $responses
+     * @return \OC\OCS\Result
+     */
+    public static function mergeResponses($responses) {
+        // Sort into shipped and third-party
+        $shipped = array(
+            'succeeded' => array(),
+            'failed' => array(),
+            );
+        $thirdparty = array(
+            'succeeded' => array(),
+            'failed' => array(),
+            );
+
+        foreach($responses as $response) {
+            if($response['shipped'] || ($response['app'] === 'core')) {
+                if($response['response']->succeeded()) {
+                    $shipped['succeeded'][$response['app']] = $response;
+                } else {
+                    $shipped['failed'][$response['app']] = $response;
+                }
+            } else {
+                if($response['response']->succeeded()) {
+                    $thirdparty['succeeded'][$response['app']] = $response;
+                } else {
+                    $thirdparty['failed'][$response['app']] = $response;
+                }
+            }
+        }
+
+        // Remove any error responses if there is one shipped response that succeeded
+        if(!empty($shipped['failed'])) {
+            // Which shipped response do we use if they all failed?
+            // They may have failed for different reasons (different status codes)
+            // Which response code should we return?
+            // Maybe any that are not \OCP\API::RESPOND_SERVER_ERROR
+            // Merge failed responses if more than one
+            $data = array();
+            foreach($shipped['failed'] as $failure) {
+                $data = array_merge_recursive($data, $failure['response']->getData());
+            }
+            $picked = reset($shipped['failed']);
+            $code = $picked['response']->getStatusCode();
+            $meta = $picked['response']->getMeta();
+            $headers = $picked['response']->getHeaders();
+            $response = new \OC\OCS\Result($data, $code, $meta['message'], $headers);
+            return $response;
+        } elseif(!empty($shipped['succeeded'])) {
+            $responses = array_merge($shipped['succeeded'], $thirdparty['succeeded']);
+        } elseif(!empty($thirdparty['failed'])) {
+            // Merge failed responses if more than one
+            $data = array();
+            foreach($thirdparty['failed'] as $failure) {
+                $data = array_merge_recursive($data, $failure['response']->getData());
+            }
+            $picked = reset($thirdparty['failed']);
+            $code = $picked['response']->getStatusCode();
+            $meta = $picked['response']->getMeta();
+            $headers = $picked['response']->getHeaders();
+            $response = new \OC\OCS\Result($data, $code, $meta['message'], $headers);
+            return $response;
+        } else {
+            $responses = $thirdparty['succeeded'];
+        }
+        // Merge the successful responses
+        $data = [];
+        $codes = [];
+        $header = [];
+
+        foreach($responses as $response) {
+            if($response['shipped']) {
+                $data = array_merge_recursive($response['response']->getData(), $data);
+            } else {
+                $data = array_merge_recursive($data, $response['response']->getData());
+            }
+            $header = array_merge_recursive($header, $response['response']->getHeaders());
+            $codes[] = ['code' => $response['response']->getStatusCode(),
+                'meta' => $response['response']->getMeta()];
+        }
+
+        // Use any non 100 status codes
+        $statusCode = 100;
+        $statusMessage = null;
+        foreach($codes as $code) {
+            if($code['code'] != 100) {
+                $statusCode = $code['code'];
+                $statusMessage = $code['meta']['message'];
+                break;
+            }
+        }
+
+        return new \OC\OCS\Result($data, $statusCode, $statusMessage, $header);
+    }
+
+    /**
+     * authenticate the api call
+     * @param array $action the action details as supplied to OC_API::register()
+     * @return bool
+     */
+    private static function isAuthorised($action) {
+        $level = $action['authlevel'];
+        switch($level) {
+            case API::GUEST_AUTH:
+                // Anyone can access
+                return true;
+            case API::USER_AUTH:
+                // User required
+                return self::loginUser();
+            case API::SUBADMIN_AUTH:
+                // Check for subadmin
+                $user = self::loginUser();
+                if(!$user) {
+                    return false;
+                } else {
+                    $userObject = \OC::$server->getUserSession()->getUser();
+                    if($userObject === null) {
+                        return false;
+                    }
+                    $isSubAdmin = \OC::$server->getGroupManager()->getSubAdmin()->isSubAdmin($userObject);
+                    $admin = OC_User::isAdminUser($user);
+                    if($isSubAdmin || $admin) {
+                        return true;
+                    } else {
+                        return false;
+                    }
+                }
+            case API::ADMIN_AUTH:
+                // Check for admin
+                $user = self::loginUser();
+                if(!$user) {
+                    return false;
+                } else {
+                    return OC_User::isAdminUser($user);
+                }
+            default:
+                // oops looks like invalid level supplied
+                return false;
+        }
+    }
+
+    /**
+     * http basic auth
+     * @return string|false (username, or false on failure)
+     */
+    private static function loginUser() {
+        if(self::$isLoggedIn === true) {
+            return \OC_User::getUser();
+        }
+
+        // reuse existing login
+        $loggedIn = \OC::$server->getUserSession()->isLoggedIn();
+        if ($loggedIn === true) {
+            if (\OC::$server->getTwoFactorAuthManager()->needsSecondFactor(\OC::$server->getUserSession()->getUser())) {
+                // Do not allow access to OCS until the 2FA challenge was solved successfully
+                return false;
+            }
+            $ocsApiRequest = isset($_SERVER['HTTP_OCS_APIREQUEST']) ? $_SERVER['HTTP_OCS_APIREQUEST'] === 'true' : false;
+            if ($ocsApiRequest) {
+
+                // initialize the user's filesystem
+                \OC_Util::setupFS(\OC_User::getUser());
+                self::$isLoggedIn = true;
+
+                return OC_User::getUser();
+            }
+            return false;
+        }
+
+        // basic auth - because OC_User::login will create a new session we shall only try to login
+        // if user and pass are set
+        $userSession = \OC::$server->getUserSession();
+        $request = \OC::$server->getRequest();
+        try {
+            if ($userSession->tryTokenLogin($request)
+                || $userSession->tryBasicAuthLogin($request, \OC::$server->getBruteForceThrottler())) {
+                self::$logoutRequired = true;
+            } else {
+                return false;
+            }
+            // initialize the user's filesystem
+            \OC_Util::setupFS(\OC_User::getUser());
+            self::$isLoggedIn = true;
+
+            return \OC_User::getUser();
+        } catch (\OC\User\LoginException $e) {
+            return false;
+        }
+    }
+
+    /**
+     * respond to a call
+     * @param \OC\OCS\Result $result
+     * @param string $format the format xml|json
+     */
+    public static function respond($result, $format='xml') {
+        $request = \OC::$server->getRequest();
+
+        // Send 401 headers if unauthorised
+        if($result->getStatusCode() === API::RESPOND_UNAUTHORISED) {
+            // If request comes from JS return dummy auth request
+            if($request->getHeader('X-Requested-With') === 'XMLHttpRequest') {
+                header('WWW-Authenticate: DummyBasic realm="Authorisation Required"');
+            } else {
+                header('WWW-Authenticate: Basic realm="Authorisation Required"');
+            }
+            header('HTTP/1.0 401 Unauthorized');
+        }
+
+        foreach($result->getHeaders() as $name => $value) {
+            header($name . ': ' . $value);
+        }
+
+        $meta = $result->getMeta();
+        $data = $result->getData();
+        if (self::isV2($request)) {
+            $statusCode = self::mapStatusCodes($result->getStatusCode());
+            if (!is_null($statusCode)) {
+                $meta['statuscode'] = $statusCode;
+                OC_Response::setStatus($statusCode);
+            }
+        }
+
+        self::setContentType($format);
+        $body = self::renderResult($format, $meta, $data);
+        echo $body;
+    }
+
+    /**
+     * @param XMLWriter $writer
+     */
+    private static function toXML($array, $writer) {
+        foreach($array as $k => $v) {
+            if ($k[0] === '@') {
+                $writer->writeAttribute(substr($k, 1), $v);
+                continue;
+            } else if (is_numeric($k)) {
+                $k = 'element';
+            }
+            if(is_array($v)) {
+                $writer->startElement($k);
+                self::toXML($v, $writer);
+                $writer->endElement();
+            } else {
+                $writer->writeElement($k, $v);
+            }
+        }
+    }
+
+    /**
+     * @return string
+     */
+    public static function requestedFormat() {
+        $formats = array('json', 'xml');
+
+        $format = !empty($_GET['format']) && in_array($_GET['format'], $formats) ? $_GET['format'] : 'xml';
+        return $format;
+    }
+
+    /**
+     * Based on the requested format the response content type is set
+     * @param string $format
+     */
+    public static function setContentType($format = null) {
+        $format = is_null($format) ? self::requestedFormat() : $format;
+        if ($format === 'xml') {
+            header('Content-type: text/xml; charset=UTF-8');
+            return;
+        }
+
+        if ($format === 'json') {
+            header('Content-Type: application/json; charset=utf-8');
+            return;
+        }
+
+        header('Content-Type: application/octet-stream; charset=utf-8');
+    }
+
+    /**
+     * @param \OCP\IRequest $request
+     * @return bool
+     */
+    protected static function isV2(\OCP\IRequest $request) {
+        $script = $request->getScriptName();
+
+        return substr($script, -11) === '/ocs/v2.php';
+    }
+
+    /**
+     * @param integer $sc
+     * @return int
+     */
+    public static function mapStatusCodes($sc) {
+        switch ($sc) {
+            case API::RESPOND_NOT_FOUND:
+                return Http::STATUS_NOT_FOUND;
+            case API::RESPOND_SERVER_ERROR:
+                return Http::STATUS_INTERNAL_SERVER_ERROR;
+            case API::RESPOND_UNKNOWN_ERROR:
+                return Http::STATUS_INTERNAL_SERVER_ERROR;
+            case API::RESPOND_UNAUTHORISED:
+                // already handled for v1
+                return null;
+            case 100:
+                return Http::STATUS_OK;
+        }
+        // any 2xx, 4xx and 5xx will be used as is
+        if ($sc >= 200 && $sc < 600) {
+            return $sc;
+        }
+
+        return Http::STATUS_BAD_REQUEST;
+    }
+
+    /**
+     * @param string $format
+     * @return string
+     */
+    public static function renderResult($format, $meta, $data) {
+        $response = array(
+            'ocs' => array(
+                'meta' => $meta,
+                'data' => $data,
+            ),
+        );
+        if ($format == 'json') {
+            if (is_array($response)) {
+                array_walk_recursive($response, array('OC_JSON', 'to_string'));
+            }
+            return json_encode($response, JSON_HEX_TAG);
+        }
+
+        $writer = new XMLWriter();
+        $writer->openMemory();
+        $writer->setIndent(true);
+        $writer->startDocument();
+        self::toXML($response, $writer);
+        $writer->endDocument();
+        return $writer->outputMemory(true);
+    }
 }

lib/private/legacy/json.php

Indentation +130 added lines, -130 removed lines

@@ -37,146 +37,146 @@
  * @deprecated Use a AppFramework JSONResponse instead
  */
 class OC_JSON{
-	static protected $send_content_type_header = false;
-	/**
-	 * set Content-Type header to jsonrequest
-	 * @deprecated Use a AppFramework JSONResponse instead
-	 */
-	public static function setContentTypeHeader($type='application/json') {
-		if (!self::$send_content_type_header) {
-			// We send json data
-			header( 'Content-Type: '.$type . '; charset=utf-8');
-			self::$send_content_type_header = true;
-		}
-	}
+    static protected $send_content_type_header = false;
+    /**
+     * set Content-Type header to jsonrequest
+     * @deprecated Use a AppFramework JSONResponse instead
+     */
+    public static function setContentTypeHeader($type='application/json') {
+        if (!self::$send_content_type_header) {
+            // We send json data
+            header( 'Content-Type: '.$type . '; charset=utf-8');
+            self::$send_content_type_header = true;
+        }
+    }
 
-	/**
-	 * Check if the app is enabled, send json error msg if not
-	 * @param string $app
-	 * @deprecated Use the AppFramework instead. It will automatically check if the app is enabled.
-	 * @suppress PhanDeprecatedFunction
-	 */
-	public static function checkAppEnabled($app) {
-		if( !\OC::$server->getAppManager()->isEnabledForUser($app)) {
-			$l = \OC::$server->getL10N('lib');
-			self::error(array( 'data' => array( 'message' => $l->t('Application is not enabled'), 'error' => 'application_not_enabled' )));
-			exit();
-		}
-	}
+    /**
+     * Check if the app is enabled, send json error msg if not
+     * @param string $app
+     * @deprecated Use the AppFramework instead. It will automatically check if the app is enabled.
+     * @suppress PhanDeprecatedFunction
+     */
+    public static function checkAppEnabled($app) {
+        if( !\OC::$server->getAppManager()->isEnabledForUser($app)) {
+            $l = \OC::$server->getL10N('lib');
+            self::error(array( 'data' => array( 'message' => $l->t('Application is not enabled'), 'error' => 'application_not_enabled' )));
+            exit();
+        }
+    }
 
-	/**
-	 * Check if the user is logged in, send json error msg if not
-	 * @deprecated Use annotation based ACLs from the AppFramework instead
-	 * @suppress PhanDeprecatedFunction
-	 */
-	public static function checkLoggedIn() {
-		$twoFactorAuthManger = \OC::$server->getTwoFactorAuthManager();
-		if( !\OC::$server->getUserSession()->isLoggedIn()
-			|| $twoFactorAuthManger->needsSecondFactor(\OC::$server->getUserSession()->getUser())) {
-			$l = \OC::$server->getL10N('lib');
-			http_response_code(\OCP\AppFramework\Http::STATUS_UNAUTHORIZED);
-			self::error(array( 'data' => array( 'message' => $l->t('Authentication error'), 'error' => 'authentication_error' )));
-			exit();
-		}
-	}
+    /**
+     * Check if the user is logged in, send json error msg if not
+     * @deprecated Use annotation based ACLs from the AppFramework instead
+     * @suppress PhanDeprecatedFunction
+     */
+    public static function checkLoggedIn() {
+        $twoFactorAuthManger = \OC::$server->getTwoFactorAuthManager();
+        if( !\OC::$server->getUserSession()->isLoggedIn()
+            || $twoFactorAuthManger->needsSecondFactor(\OC::$server->getUserSession()->getUser())) {
+            $l = \OC::$server->getL10N('lib');
+            http_response_code(\OCP\AppFramework\Http::STATUS_UNAUTHORIZED);
+            self::error(array( 'data' => array( 'message' => $l->t('Authentication error'), 'error' => 'authentication_error' )));
+            exit();
+        }
+    }
 
-	/**
-	 * Check an ajax get/post call if the request token is valid, send json error msg if not.
-	 * @deprecated Use annotation based CSRF checks from the AppFramework instead
-	 * @suppress PhanDeprecatedFunction
-	 */
-	public static function callCheck() {
-		if(!\OC::$server->getRequest()->passesStrictCookieCheck()) {
-			header('Location: '.\OC::$WEBROOT);
-			exit();
-		}
+    /**
+     * Check an ajax get/post call if the request token is valid, send json error msg if not.
+     * @deprecated Use annotation based CSRF checks from the AppFramework instead
+     * @suppress PhanDeprecatedFunction
+     */
+    public static function callCheck() {
+        if(!\OC::$server->getRequest()->passesStrictCookieCheck()) {
+            header('Location: '.\OC::$WEBROOT);
+            exit();
+        }
 
-		if( !\OC::$server->getRequest()->passesCSRFCheck()) {
-			$l = \OC::$server->getL10N('lib');
-			self::error(array( 'data' => array( 'message' => $l->t('Token expired. Please reload page.'), 'error' => 'token_expired' )));
-			exit();
-		}
-	}
+        if( !\OC::$server->getRequest()->passesCSRFCheck()) {
+            $l = \OC::$server->getL10N('lib');
+            self::error(array( 'data' => array( 'message' => $l->t('Token expired. Please reload page.'), 'error' => 'token_expired' )));
+            exit();
+        }
+    }
 
-	/**
-	 * Check if the user is a admin, send json error msg if not.
-	 * @deprecated Use annotation based ACLs from the AppFramework instead
-	 * @suppress PhanDeprecatedFunction
-	 */
-	public static function checkAdminUser() {
-		if( !OC_User::isAdminUser(OC_User::getUser())) {
-			$l = \OC::$server->getL10N('lib');
-			self::error(array( 'data' => array( 'message' => $l->t('Authentication error'), 'error' => 'authentication_error' )));
-			exit();
-		}
-	}
+    /**
+     * Check if the user is a admin, send json error msg if not.
+     * @deprecated Use annotation based ACLs from the AppFramework instead
+     * @suppress PhanDeprecatedFunction
+     */
+    public static function checkAdminUser() {
+        if( !OC_User::isAdminUser(OC_User::getUser())) {
+            $l = \OC::$server->getL10N('lib');
+            self::error(array( 'data' => array( 'message' => $l->t('Authentication error'), 'error' => 'authentication_error' )));
+            exit();
+        }
+    }
 
-	/**
-	 * Check if the user is a subadmin, send json error msg if not
-	 * @deprecated Use annotation based ACLs from the AppFramework instead
-	 * @suppress PhanDeprecatedFunction
-	 */
-	public static function checkSubAdminUser() {
-		$userObject = \OC::$server->getUserSession()->getUser();
-		$isSubAdmin = false;
-		if($userObject !== null) {
-			$isSubAdmin = \OC::$server->getGroupManager()->getSubAdmin()->isSubAdmin($userObject);
-		}
+    /**
+     * Check if the user is a subadmin, send json error msg if not
+     * @deprecated Use annotation based ACLs from the AppFramework instead
+     * @suppress PhanDeprecatedFunction
+     */
+    public static function checkSubAdminUser() {
+        $userObject = \OC::$server->getUserSession()->getUser();
+        $isSubAdmin = false;
+        if($userObject !== null) {
+            $isSubAdmin = \OC::$server->getGroupManager()->getSubAdmin()->isSubAdmin($userObject);
+        }
 
-		if(!$isSubAdmin) {
-			$l = \OC::$server->getL10N('lib');
-			self::error(array( 'data' => array( 'message' => $l->t('Authentication error'), 'error' => 'authentication_error' )));
-			exit();
-		}
-	}
+        if(!$isSubAdmin) {
+            $l = \OC::$server->getL10N('lib');
+            self::error(array( 'data' => array( 'message' => $l->t('Authentication error'), 'error' => 'authentication_error' )));
+            exit();
+        }
+    }
 
-	/**
-	 * Send json error msg
-	 * @deprecated Use a AppFramework JSONResponse instead
-	 * @suppress PhanDeprecatedFunction
-	 */
-	public static function error($data = array()) {
-		$data['status'] = 'error';
-		self::encodedPrint($data);
-	}
+    /**
+     * Send json error msg
+     * @deprecated Use a AppFramework JSONResponse instead
+     * @suppress PhanDeprecatedFunction
+     */
+    public static function error($data = array()) {
+        $data['status'] = 'error';
+        self::encodedPrint($data);
+    }
 
-	/**
-	 * Send json success msg
-	 * @deprecated Use a AppFramework JSONResponse instead
-	 * @suppress PhanDeprecatedFunction
-	 */
-	public static function success($data = array()) {
-		$data['status'] = 'success';
-		self::encodedPrint($data);
-	}
+    /**
+     * Send json success msg
+     * @deprecated Use a AppFramework JSONResponse instead
+     * @suppress PhanDeprecatedFunction
+     */
+    public static function success($data = array()) {
+        $data['status'] = 'success';
+        self::encodedPrint($data);
+    }
 
-	/**
-	 * Convert OC_L10N_String to string, for use in json encodings
-	 */
-	protected static function to_string(&$value) {
-		if ($value instanceof \OC\L10N\L10NString) {
-			$value = (string)$value;
-		}
-	}
+    /**
+     * Convert OC_L10N_String to string, for use in json encodings
+     */
+    protected static function to_string(&$value) {
+        if ($value instanceof \OC\L10N\L10NString) {
+            $value = (string)$value;
+        }
+    }
 
-	/**
-	 * Encode and print $data in json format
-	 * @deprecated Use a AppFramework JSONResponse instead
-	 * @suppress PhanDeprecatedFunction
-	 */
-	public static function encodedPrint($data) {
-		self::setContentTypeHeader();
-		echo self::encode($data);
-	}
+    /**
+     * Encode and print $data in json format
+     * @deprecated Use a AppFramework JSONResponse instead
+     * @suppress PhanDeprecatedFunction
+     */
+    public static function encodedPrint($data) {
+        self::setContentTypeHeader();
+        echo self::encode($data);
+    }
 
-	/**
-	 * Encode JSON
-	 * @deprecated Use a AppFramework JSONResponse instead
-	 */
-	private static function encode($data) {
-		if (is_array($data)) {
-			array_walk_recursive($data, array('OC_JSON', 'to_string'));
-		}
-		return json_encode($data, JSON_HEX_TAG);
-	}
+    /**
+     * Encode JSON
+     * @deprecated Use a AppFramework JSONResponse instead
+     */
+    private static function encode($data) {
+        if (is_array($data)) {
+            array_walk_recursive($data, array('OC_JSON', 'to_string'));
+        }
+        return json_encode($data, JSON_HEX_TAG);
+    }
 }

Spacing +16 added lines, -16 removed lines

@@ -36,16 +36,16 @@ 
  * Class OC_JSON
  * @deprecated Use a AppFramework JSONResponse instead
  */
-class OC_JSON{
+class OC_JSON {
 	static protected $send_content_type_header = false;
 	/**
 	 * set Content-Type header to jsonrequest
 	 * @deprecated Use a AppFramework JSONResponse instead
 	 */
-	public static function setContentTypeHeader($type='application/json') {
+	public static function setContentTypeHeader($type = 'application/json') {
 		if (!self::$send_content_type_header) {
 			// We send json data
-			header( 'Content-Type: '.$type . '; charset=utf-8');
+			header('Content-Type: '.$type.'; charset=utf-8');
 			self::$send_content_type_header = true;
 		}
 	}
@@ -57,9 +57,9 @@ 
 	 * @suppress PhanDeprecatedFunction
 	 */
 	public static function checkAppEnabled($app) {
-		if( !\OC::$server->getAppManager()->isEnabledForUser($app)) {
+		if (!\OC::$server->getAppManager()->isEnabledForUser($app)) {
 			$l = \OC::$server->getL10N('lib');
-			self::error(array( 'data' => array( 'message' => $l->t('Application is not enabled'), 'error' => 'application_not_enabled' )));
+			self::error(array('data' => array('message' => $l->t('Application is not enabled'), 'error' => 'application_not_enabled')));
 			exit();
 		}
 	}
@@ -71,11 +71,11 @@ 
 	 */
 	public static function checkLoggedIn() {
 		$twoFactorAuthManger = \OC::$server->getTwoFactorAuthManager();
-		if( !\OC::$server->getUserSession()->isLoggedIn()
+		if (!\OC::$server->getUserSession()->isLoggedIn()
 			|| $twoFactorAuthManger->needsSecondFactor(\OC::$server->getUserSession()->getUser())) {
 			$l = \OC::$server->getL10N('lib');
 			http_response_code(\OCP\AppFramework\Http::STATUS_UNAUTHORIZED);
-			self::error(array( 'data' => array( 'message' => $l->t('Authentication error'), 'error' => 'authentication_error' )));
+			self::error(array('data' => array('message' => $l->t('Authentication error'), 'error' => 'authentication_error')));
 			exit();
 		}
 	}
@@ -86,14 +86,14 @@ 
 	 * @suppress PhanDeprecatedFunction
 	 */
 	public static function callCheck() {
-		if(!\OC::$server->getRequest()->passesStrictCookieCheck()) {
+		if (!\OC::$server->getRequest()->passesStrictCookieCheck()) {
 			header('Location: '.\OC::$WEBROOT);
 			exit();
 		}
 
-		if( !\OC::$server->getRequest()->passesCSRFCheck()) {
+		if (!\OC::$server->getRequest()->passesCSRFCheck()) {
 			$l = \OC::$server->getL10N('lib');
-			self::error(array( 'data' => array( 'message' => $l->t('Token expired. Please reload page.'), 'error' => 'token_expired' )));
+			self::error(array('data' => array('message' => $l->t('Token expired. Please reload page.'), 'error' => 'token_expired')));
 			exit();
 		}
 	}
@@ -104,9 +104,9 @@ 
 	 * @suppress PhanDeprecatedFunction
 	 */
 	public static function checkAdminUser() {
-		if( !OC_User::isAdminUser(OC_User::getUser())) {
+		if (!OC_User::isAdminUser(OC_User::getUser())) {
 			$l = \OC::$server->getL10N('lib');
-			self::error(array( 'data' => array( 'message' => $l->t('Authentication error'), 'error' => 'authentication_error' )));
+			self::error(array('data' => array('message' => $l->t('Authentication error'), 'error' => 'authentication_error')));
 			exit();
 		}
 	}
@@ -119,13 +119,13 @@ 
 	public static function checkSubAdminUser() {
 		$userObject = \OC::$server->getUserSession()->getUser();
 		$isSubAdmin = false;
-		if($userObject !== null) {
+		if ($userObject !== null) {
 			$isSubAdmin = \OC::$server->getGroupManager()->getSubAdmin()->isSubAdmin($userObject);
 		}
 
-		if(!$isSubAdmin) {
+		if (!$isSubAdmin) {
 			$l = \OC::$server->getL10N('lib');
-			self::error(array( 'data' => array( 'message' => $l->t('Authentication error'), 'error' => 'authentication_error' )));
+			self::error(array('data' => array('message' => $l->t('Authentication error'), 'error' => 'authentication_error')));
 			exit();
 		}
 	}
@@ -155,7 +155,7 @@ 
 	 */
 	protected static function to_string(&$value) {
 		if ($value instanceof \OC\L10N\L10NString) {
-			$value = (string)$value;
+			$value = (string) $value;
 		}
 	}
 

lib/private/legacy/eventsource.php

Indentation +95 added lines, -95 removed lines

@@ -33,106 +33,106 @@
  * use server side events with caution, to many open requests can hang the server
  */
 class OC_EventSource implements \OCP\IEventSource {
-	/**
-	 * @var bool
-	 */
-	private $fallback;
+    /**
+     * @var bool
+     */
+    private $fallback;
 
-	/**
-	 * @var int
-	 */
-	private $fallBackId = 0;
+    /**
+     * @var int
+     */
+    private $fallBackId = 0;
 
-	/**
-	 * @var bool
-	 */
-	private $started = false;
+    /**
+     * @var bool
+     */
+    private $started = false;
 
-	protected function init() {
-		if ($this->started) {
-			return;
-		}
-		$this->started = true;
+    protected function init() {
+        if ($this->started) {
+            return;
+        }
+        $this->started = true;
 
-		// prevent php output buffering, caching and nginx buffering
-		OC_Util::obEnd();
-		header('Cache-Control: no-cache');
-		header('X-Accel-Buffering: no');
-		$this->fallback = isset($_GET['fallback']) and $_GET['fallback'] == 'true';
-		if ($this->fallback) {
-			$this->fallBackId = (int)$_GET['fallback_id'];
-			/**
-			 * FIXME: The default content-security-policy of ownCloud forbids inline
-			 * JavaScript for security reasons. IE starting on Windows 10 will
-			 * however also obey the CSP which will break the event source fallback.
-			 *
-			 * As a workaround thus we set a custom policy which allows the execution
-			 * of inline JavaScript.
-			 *
-			 * @link https://github.com/owncloud/core/issues/14286
-			 */
-			header("Content-Security-Policy: default-src 'none'; script-src 'unsafe-inline'");
-			header("Content-Type: text/html");
-			echo str_repeat('<span></span>' . PHP_EOL, 10); //dummy data to keep IE happy
-		} else {
-			header("Content-Type: text/event-stream");
-		}
-		if(!\OC::$server->getRequest()->passesStrictCookieCheck()) {
-			header('Location: '.\OC::$WEBROOT);
-			exit();
-		}
-		if (!\OC::$server->getRequest()->passesCSRFCheck()) {
-			$this->send('error', 'Possible CSRF attack. Connection will be closed.');
-			$this->close();
-			exit();
-		}
-		flush();
-	}
+        // prevent php output buffering, caching and nginx buffering
+        OC_Util::obEnd();
+        header('Cache-Control: no-cache');
+        header('X-Accel-Buffering: no');
+        $this->fallback = isset($_GET['fallback']) and $_GET['fallback'] == 'true';
+        if ($this->fallback) {
+            $this->fallBackId = (int)$_GET['fallback_id'];
+            /**
+             * FIXME: The default content-security-policy of ownCloud forbids inline
+             * JavaScript for security reasons. IE starting on Windows 10 will
+             * however also obey the CSP which will break the event source fallback.
+             *
+             * As a workaround thus we set a custom policy which allows the execution
+             * of inline JavaScript.
+             *
+             * @link https://github.com/owncloud/core/issues/14286
+             */
+            header("Content-Security-Policy: default-src 'none'; script-src 'unsafe-inline'");
+            header("Content-Type: text/html");
+            echo str_repeat('<span></span>' . PHP_EOL, 10); //dummy data to keep IE happy
+        } else {
+            header("Content-Type: text/event-stream");
+        }
+        if(!\OC::$server->getRequest()->passesStrictCookieCheck()) {
+            header('Location: '.\OC::$WEBROOT);
+            exit();
+        }
+        if (!\OC::$server->getRequest()->passesCSRFCheck()) {
+            $this->send('error', 'Possible CSRF attack. Connection will be closed.');
+            $this->close();
+            exit();
+        }
+        flush();
+    }
 
-	private function encode($data) {
-		if (is_array($data)) {
-			array_walk_recursive($data, array('OC_JSON', 'to_string'));
-		}
-		return json_encode($data, JSON_HEX_TAG);
-	}
+    private function encode($data) {
+        if (is_array($data)) {
+            array_walk_recursive($data, array('OC_JSON', 'to_string'));
+        }
+        return json_encode($data, JSON_HEX_TAG);
+    }
 
-	/**
-	 * send a message to the client
-	 *
-	 * @param string $type
-	 * @param mixed $data
-	 *
-	 * @throws \BadMethodCallException
-	 * if only one parameter is given, a typeless message will be send with that parameter as data
-	 * @suppress PhanDeprecatedFunction
-	 */
-	public function send($type, $data = null) {
-		if ($data and !preg_match('/^[A-Za-z0-9_]+$/', $type)) {
-			throw new BadMethodCallException('Type needs to be alphanumeric ('. $type .')');
-		}
-		$this->init();
-		if (is_null($data)) {
-			$data = $type;
-			$type = null;
-		}
-		if ($this->fallback) {
-			$response = '<script type="text/javascript">window.parent.OC.EventSource.fallBackCallBack('
-				. $this->fallBackId . ',"' . $type . '",' . $this->encode($data) . ')</script>' . PHP_EOL;
-			echo $response;
-		} else {
-			if ($type) {
-				echo 'event: ' . $type . PHP_EOL;
-			}
-			echo 'data: ' . $this->encode($data) . PHP_EOL;
-		}
-		echo PHP_EOL;
-		flush();
-	}
+    /**
+     * send a message to the client
+     *
+     * @param string $type
+     * @param mixed $data
+     *
+     * @throws \BadMethodCallException
+     * if only one parameter is given, a typeless message will be send with that parameter as data
+     * @suppress PhanDeprecatedFunction
+     */
+    public function send($type, $data = null) {
+        if ($data and !preg_match('/^[A-Za-z0-9_]+$/', $type)) {
+            throw new BadMethodCallException('Type needs to be alphanumeric ('. $type .')');
+        }
+        $this->init();
+        if (is_null($data)) {
+            $data = $type;
+            $type = null;
+        }
+        if ($this->fallback) {
+            $response = '<script type="text/javascript">window.parent.OC.EventSource.fallBackCallBack('
+                . $this->fallBackId . ',"' . $type . '",' . $this->encode($data) . ')</script>' . PHP_EOL;
+            echo $response;
+        } else {
+            if ($type) {
+                echo 'event: ' . $type . PHP_EOL;
+            }
+            echo 'data: ' . $this->encode($data) . PHP_EOL;
+        }
+        echo PHP_EOL;
+        flush();
+    }
 
-	/**
-	 * close the connection of the event source
-	 */
-	public function close() {
-		$this->send('__internal__', 'close'); //server side closing can be an issue, let the client do it
-	}
+    /**
+     * close the connection of the event source
+     */
+    public function close() {
+        $this->send('__internal__', 'close'); //server side closing can be an issue, let the client do it
+    }
 }

Spacing +7 added lines, -7 removed lines

@@ -60,7 +60,7 @@ 
 		header('X-Accel-Buffering: no');
 		$this->fallback = isset($_GET['fallback']) and $_GET['fallback'] == 'true';
 		if ($this->fallback) {
-			$this->fallBackId = (int)$_GET['fallback_id'];
+			$this->fallBackId = (int) $_GET['fallback_id'];
 			/**
 			 * FIXME: The default content-security-policy of ownCloud forbids inline
 			 * JavaScript for security reasons. IE starting on Windows 10 will
@@ -73,11 +73,11 @@ 
 			 */
 			header("Content-Security-Policy: default-src 'none'; script-src 'unsafe-inline'");
 			header("Content-Type: text/html");
-			echo str_repeat('<span></span>' . PHP_EOL, 10); //dummy data to keep IE happy
+			echo str_repeat('<span></span>'.PHP_EOL, 10); //dummy data to keep IE happy
 		} else {
 			header("Content-Type: text/event-stream");
 		}
-		if(!\OC::$server->getRequest()->passesStrictCookieCheck()) {
+		if (!\OC::$server->getRequest()->passesStrictCookieCheck()) {
 			header('Location: '.\OC::$WEBROOT);
 			exit();
 		}
@@ -108,7 +108,7 @@ 
 	 */
 	public function send($type, $data = null) {
 		if ($data and !preg_match('/^[A-Za-z0-9_]+$/', $type)) {
-			throw new BadMethodCallException('Type needs to be alphanumeric ('. $type .')');
+			throw new BadMethodCallException('Type needs to be alphanumeric ('.$type.')');
 		}
 		$this->init();
 		if (is_null($data)) {
@@ -117,13 +117,13 @@ 
 		}
 		if ($this->fallback) {
 			$response = '<script type="text/javascript">window.parent.OC.EventSource.fallBackCallBack('
-				. $this->fallBackId . ',"' . $type . '",' . $this->encode($data) . ')</script>' . PHP_EOL;
+				. $this->fallBackId.',"'.$type.'",'.$this->encode($data).')</script>'.PHP_EOL;
 			echo $response;
 		} else {
 			if ($type) {
-				echo 'event: ' . $type . PHP_EOL;
+				echo 'event: '.$type.PHP_EOL;
 			}
-			echo 'data: ' . $this->encode($data) . PHP_EOL;
+			echo 'data: '.$this->encode($data).PHP_EOL;
 		}
 		echo PHP_EOL;
 		flush();

lib/public/JSON.php

Indentation +126 added lines, -126 removed lines

@@ -41,136 +41,136 @@
  * @deprecated 8.1.0 Use a AppFramework JSONResponse instead
  */
 class JSON {
-	/**
-	 * Check if the user is logged in, send json error msg if not.
-	 *
-	 * This method checks if a user is logged in. If not, a json error
-	 * response will be return and the method will exit from execution
-	 * of the script.
-	 * The returned json will be in the format:
-	 *
-	 *     {"status":"error","data":{"message":"Authentication error."}}
-	 *
-	 * Add this call to the start of all ajax method files that requires
-	 * an authenticated user.
-	 * @deprecated 8.1.0 Use annotation based ACLs from the AppFramework instead
-	 *
-	 * @suppress PhanDeprecatedFunction
-	 */
-	public static function checkLoggedIn() {
-		\OC_JSON::checkLoggedIn();
-	}
+    /**
+     * Check if the user is logged in, send json error msg if not.
+     *
+     * This method checks if a user is logged in. If not, a json error
+     * response will be return and the method will exit from execution
+     * of the script.
+     * The returned json will be in the format:
+     *
+     *     {"status":"error","data":{"message":"Authentication error."}}
+     *
+     * Add this call to the start of all ajax method files that requires
+     * an authenticated user.
+     * @deprecated 8.1.0 Use annotation based ACLs from the AppFramework instead
+     *
+     * @suppress PhanDeprecatedFunction
+     */
+    public static function checkLoggedIn() {
+        \OC_JSON::checkLoggedIn();
+    }
 
-	/**
-	 * Check an ajax get/post call if the request token is valid.
-	 *
-	 * This method checks for a valid variable 'requesttoken' in $_GET,
-	 * $_POST and $_SERVER. If a valid token is not found, a json error
-	 * response will be return and the method will exit from execution
-	 * of the script.
-	 * The returned json will be in the format:
-	 *
-	 *     {"status":"error","data":{"message":"Token expired. Please reload page."}}
-	 *
-	 * Add this call to the start of all ajax method files that creates,
-	 * updates or deletes anything.
-	 * In cases where you e.g. use an ajax call to load a dialog containing
-	 * a submittable form, you will need to add the requesttoken first as a
-	 * parameter to the ajax call, then assign it to the template and finally
-	 * add a hidden input field also named 'requesttoken' containing the value.
-	 * @deprecated 8.1.0 Use annotation based CSRF checks from the AppFramework instead
-	 *
-	 * @suppress PhanDeprecatedFunction
-	 */
-	public static function callCheck() {
-		\OC_JSON::callCheck();
-	}
+    /**
+     * Check an ajax get/post call if the request token is valid.
+     *
+     * This method checks for a valid variable 'requesttoken' in $_GET,
+     * $_POST and $_SERVER. If a valid token is not found, a json error
+     * response will be return and the method will exit from execution
+     * of the script.
+     * The returned json will be in the format:
+     *
+     *     {"status":"error","data":{"message":"Token expired. Please reload page."}}
+     *
+     * Add this call to the start of all ajax method files that creates,
+     * updates or deletes anything.
+     * In cases where you e.g. use an ajax call to load a dialog containing
+     * a submittable form, you will need to add the requesttoken first as a
+     * parameter to the ajax call, then assign it to the template and finally
+     * add a hidden input field also named 'requesttoken' containing the value.
+     * @deprecated 8.1.0 Use annotation based CSRF checks from the AppFramework instead
+     *
+     * @suppress PhanDeprecatedFunction
+     */
+    public static function callCheck() {
+        \OC_JSON::callCheck();
+    }
 
-	/**
-	 * Send json success msg
-	 *
-	 * Return a json success message with optional extra data.
-	 * @see \OCP\JSON::error()		for the format to use.
-	 *
-	 * @param array $data The data to use
-	 * @deprecated 8.1.0 Use a AppFramework JSONResponse instead
-	 * @suppress PhanDeprecatedFunction
-	 */
-	public static function success( $data = array() ) {
-		\OC_JSON::success($data);
-	}
+    /**
+     * Send json success msg
+     *
+     * Return a json success message with optional extra data.
+     * @see \OCP\JSON::error()		for the format to use.
+     *
+     * @param array $data The data to use
+     * @deprecated 8.1.0 Use a AppFramework JSONResponse instead
+     * @suppress PhanDeprecatedFunction
+     */
+    public static function success( $data = array() ) {
+        \OC_JSON::success($data);
+    }
 
-	/**
-	 * Send json error msg
-	 *
-	 * Return a json error message with optional extra data for
-	 * error message or app specific data.
-	 *
-	 * Example use:
-	 *
-	 *     $id = [some value]
-	 *     OCP\JSON::error(array('data':array('message':'An error happened', 'id': $id)));
-	 *
-	 * Will return the json formatted string:
-	 *
-	 *     {"status":"error","data":{"message":"An error happened", "id":[some value]}}
-	 *
-	 * @param array $data The data to use
-	 * @deprecated 8.1.0 Use a AppFramework JSONResponse instead
-	 * @suppress PhanDeprecatedFunction
-	 */
-	public static function error( $data = array() ) {
-		\OC_JSON::error($data);
-	}
+    /**
+     * Send json error msg
+     *
+     * Return a json error message with optional extra data for
+     * error message or app specific data.
+     *
+     * Example use:
+     *
+     *     $id = [some value]
+     *     OCP\JSON::error(array('data':array('message':'An error happened', 'id': $id)));
+     *
+     * Will return the json formatted string:
+     *
+     *     {"status":"error","data":{"message":"An error happened", "id":[some value]}}
+     *
+     * @param array $data The data to use
+     * @deprecated 8.1.0 Use a AppFramework JSONResponse instead
+     * @suppress PhanDeprecatedFunction
+     */
+    public static function error( $data = array() ) {
+        \OC_JSON::error($data);
+    }
 
-	/**
-	 * Set Content-Type header to jsonrequest
-	 * @param string $type The content type header
-	 * @deprecated 8.1.0 Use a AppFramework JSONResponse instead
-	 * @suppress PhanDeprecatedFunction
-	 */
-	public static function setContentTypeHeader( $type='application/json' ) {
-		\OC_JSON::setContentTypeHeader($type);
-	}
+    /**
+     * Set Content-Type header to jsonrequest
+     * @param string $type The content type header
+     * @deprecated 8.1.0 Use a AppFramework JSONResponse instead
+     * @suppress PhanDeprecatedFunction
+     */
+    public static function setContentTypeHeader( $type='application/json' ) {
+        \OC_JSON::setContentTypeHeader($type);
+    }
 
-	/**
-	 * Check if the App is enabled and send JSON error message instead
-	 *
-	 * This method checks if a specific app is enabled. If not, a json error
-	 * response will be return and the method will exit from execution
-	 * of the script.
-	 * The returned json will be in the format:
-	 *
-	 *     {"status":"error","data":{"message":"Application is not enabled."}}
-	 *
-	 * Add this call to the start of all ajax method files that requires
-	 * a specific app to be enabled.
-	 *
-	 * @param string $app The app to check
-	 * @deprecated 8.1.0 Use the AppFramework instead. It will automatically check if the app is enabled.
-	 * @suppress PhanDeprecatedFunction
-	 */
-	public static function checkAppEnabled( $app ) {
-		\OC_JSON::checkAppEnabled($app);
-	}
+    /**
+     * Check if the App is enabled and send JSON error message instead
+     *
+     * This method checks if a specific app is enabled. If not, a json error
+     * response will be return and the method will exit from execution
+     * of the script.
+     * The returned json will be in the format:
+     *
+     *     {"status":"error","data":{"message":"Application is not enabled."}}
+     *
+     * Add this call to the start of all ajax method files that requires
+     * a specific app to be enabled.
+     *
+     * @param string $app The app to check
+     * @deprecated 8.1.0 Use the AppFramework instead. It will automatically check if the app is enabled.
+     * @suppress PhanDeprecatedFunction
+     */
+    public static function checkAppEnabled( $app ) {
+        \OC_JSON::checkAppEnabled($app);
+    }
 
-	/**
-	 * Check if the user is a admin, send json error msg if not
-	 *
-	 * This method checks if the current user has admin rights. If not, a json error
-	 * response will be return and the method will exit from execution
-	 * of the script.
-	 * The returned json will be in the format:
-	 *
-	 *     {"status":"error","data":{"message":"Authentication error."}}
-	 *
-	 * Add this call to the start of all ajax method files that requires
-	 * administrative rights.
-	 *
-	 * @deprecated 8.1.0 Use annotation based ACLs from the AppFramework instead
-	 * @suppress PhanDeprecatedFunction
-	 */
-	public static function checkAdminUser() {
-		\OC_JSON::checkAdminUser();
-	}
+    /**
+     * Check if the user is a admin, send json error msg if not
+     *
+     * This method checks if the current user has admin rights. If not, a json error
+     * response will be return and the method will exit from execution
+     * of the script.
+     * The returned json will be in the format:
+     *
+     *     {"status":"error","data":{"message":"Authentication error."}}
+     *
+     * Add this call to the start of all ajax method files that requires
+     * administrative rights.
+     *
+     * @deprecated 8.1.0 Use annotation based ACLs from the AppFramework instead
+     * @suppress PhanDeprecatedFunction
+     */
+    public static function checkAdminUser() {
+        \OC_JSON::checkAdminUser();
+    }
 }

Spacing +4 added lines, -4 removed lines

@@ -96,7 +96,7 @@ 
 	 * @deprecated 8.1.0 Use a AppFramework JSONResponse instead
 	 * @suppress PhanDeprecatedFunction
 	 */
-	public static function success( $data = array() ) {
+	public static function success($data = array()) {
 		\OC_JSON::success($data);
 	}
 
@@ -119,7 +119,7 @@ 
 	 * @deprecated 8.1.0 Use a AppFramework JSONResponse instead
 	 * @suppress PhanDeprecatedFunction
 	 */
-	public static function error( $data = array() ) {
+	public static function error($data = array()) {
 		\OC_JSON::error($data);
 	}
 
@@ -129,7 +129,7 @@ 
 	 * @deprecated 8.1.0 Use a AppFramework JSONResponse instead
 	 * @suppress PhanDeprecatedFunction
 	 */
-	public static function setContentTypeHeader( $type='application/json' ) {
+	public static function setContentTypeHeader($type = 'application/json') {
 		\OC_JSON::setContentTypeHeader($type);
 	}
 
@@ -150,7 +150,7 @@ 
 	 * @deprecated 8.1.0 Use the AppFramework instead. It will automatically check if the app is enabled.
 	 * @suppress PhanDeprecatedFunction
 	 */
-	public static function checkAppEnabled( $app ) {
+	public static function checkAppEnabled($app) {
 		\OC_JSON::checkAppEnabled($app);
 	}