View GitHub Repository server

Schedule Inspection
Subscribe
Completed
Pull Request — master (#4704)
by Lukas
13:59
created
Status
Category
Toggle Patches
apps/oauth2/lib/Db/ClientMapper.php 1 patch
Indentation   +54 added lines, -54 removed lines patch added patch discarded remove patch 
@@ -28,62 +28,62 @@
 
 block discarded – undo
28 28
29 29 
 class ClientMapper extends Mapper {
30 30
31 
-	/**
32 
-	 * @param IDBConnection $db
33 
-	 */
34 
-	public function __construct(IDBConnection $db) {
35 
-		parent::__construct($db, 'oauth2_clients');
36 
-	}
31 
+    /**
32 
+     * @param IDBConnection $db
33 
+     */
34 
+    public function __construct(IDBConnection $db) {
35 
+        parent::__construct($db, 'oauth2_clients');
36 
+    }
37 37
38 
-	/**
39 
-	 * @param string $clientIdentifier
40 
-	 * @return Client
41 
-	 * @throws ClientNotFoundException
42 
-	 */
43 
-	public function getByIdentifier($clientIdentifier) {
44 
-		$qb = $this->db->getQueryBuilder();
45 
-		$qb
46 
-			->select('*')
47 
-			->from($this->tableName)
48 
-			->where($qb->expr()->eq('client_identifier', $qb->createNamedParameter($clientIdentifier)));
49 
-		$result = $qb->execute();
50 
-		$row = $result->fetch();
51 
-		$result->closeCursor();
52 
-		if($row === false) {
53 
-			throw new ClientNotFoundException();
54 
-		}
55 
-		return Client::fromRow($row);
56 
-	}
38 
+    /**
39 
+     * @param string $clientIdentifier
40 
+     * @return Client
41 
+     * @throws ClientNotFoundException
42 
+     */
43 
+    public function getByIdentifier($clientIdentifier) {
44 
+        $qb = $this->db->getQueryBuilder();
45 
+        $qb
46 
+            ->select('*')
47 
+            ->from($this->tableName)
48 
+            ->where($qb->expr()->eq('client_identifier', $qb->createNamedParameter($clientIdentifier)));
49 
+        $result = $qb->execute();
50 
+        $row = $result->fetch();
51 
+        $result->closeCursor();
52 
+        if($row === false) {
53 
+            throw new ClientNotFoundException();
54 
+        }
55 
+        return Client::fromRow($row);
56 
+    }
57 57
58 
-	/**
59 
-	 * @param string $uid internal uid of the client
60 
-	 * @return Client
61 
-	 * @throws ClientNotFoundException
62 
-	 */
63 
-	public function getByUid($uid) {
64 
-		$qb = $this->db->getQueryBuilder();
65 
-		$qb
66 
-			->select('*')
67 
-			->from($this->tableName)
68 
-			->where($qb->expr()->eq('id', $qb->createNamedParameter($uid, IQueryBuilder::PARAM_INT)));
69 
-		$result = $qb->execute();
70 
-		$row = $result->fetch();
71 
-		$result->closeCursor();
72 
-		if($row === false) {
73 
-			throw new ClientNotFoundException();
74 
-		}
75 
-		return Client::fromRow($row);
76 
-	}
58 
+    /**
59 
+     * @param string $uid internal uid of the client
60 
+     * @return Client
61 
+     * @throws ClientNotFoundException
62 
+     */
63 
+    public function getByUid($uid) {
64 
+        $qb = $this->db->getQueryBuilder();
65 
+        $qb
66 
+            ->select('*')
67 
+            ->from($this->tableName)
68 
+            ->where($qb->expr()->eq('id', $qb->createNamedParameter($uid, IQueryBuilder::PARAM_INT)));
69 
+        $result = $qb->execute();
70 
+        $row = $result->fetch();
71 
+        $result->closeCursor();
72 
+        if($row === false) {
73 
+            throw new ClientNotFoundException();
74 
+        }
75 
+        return Client::fromRow($row);
76 
+    }
77 77
78 
-	/**
79 
-	 * @return Client[]
80 
-	 */
81 
-	public function getClients() {
82 
-		$qb = $this->db->getQueryBuilder();
83 
-		$qb
84 
-			->select('*')
85 
-			->from($this->tableName);
78 
+    /**
79 
+     * @return Client[]
80 
+     */
81 
+    public function getClients() {
82 
+        $qb = $this->db->getQueryBuilder();
83 
+        $qb
84 
+            ->select('*')
85 
+            ->from($this->tableName);
86 86
87 
-		return $this->findEntities($qb->getSQL());
88 
-	}
87 
+        return $this->findEntities($qb->getSQL());
88 
+    }
89 89 
 }
Please login to merge, or discard this patch.
apps/oauth2/lib/Db/AccessTokenMapper.php 1 patch
Indentation   +37 added lines, -37 removed lines patch added patch discarded remove patch 
@@ -28,43 +28,43 @@
 
 block discarded – undo
28 28
29 29 
 class AccessTokenMapper extends Mapper {
30 30
31 
-	/**
32 
-	 * @param IDBConnection $db
33 
-	 */
34 
-	public function __construct(IDBConnection $db) {
35 
-		parent::__construct($db, 'oauth2_access_tokens');
36 
-	}
31 
+    /**
32 
+     * @param IDBConnection $db
33 
+     */
34 
+    public function __construct(IDBConnection $db) {
35 
+        parent::__construct($db, 'oauth2_access_tokens');
36 
+    }
37 37
38 
-	/**
39 
-	 * @param string $code
40 
-	 * @return AccessToken
41 
-	 * @throws AccessTokenNotFoundException
42 
-	 */
43 
-	public function getByCode($code) {
44 
-		$qb = $this->db->getQueryBuilder();
45 
-		$qb
46 
-			->select('*')
47 
-			->from($this->tableName)
48 
-			->where($qb->expr()->eq('hashed_code', $qb->createNamedParameter(hash('sha512', $code))));
49 
-		$result = $qb->execute();
50 
-		$row = $result->fetch();
51 
-		$result->closeCursor();
52 
-		if($row === false) {
53 
-			throw new AccessTokenNotFoundException();
54 
-		}
55 
-		return AccessToken::fromRow($row);
56 
-	}
38 
+    /**
39 
+     * @param string $code
40 
+     * @return AccessToken
41 
+     * @throws AccessTokenNotFoundException
42 
+     */
43 
+    public function getByCode($code) {
44 
+        $qb = $this->db->getQueryBuilder();
45 
+        $qb
46 
+            ->select('*')
47 
+            ->from($this->tableName)
48 
+            ->where($qb->expr()->eq('hashed_code', $qb->createNamedParameter(hash('sha512', $code))));
49 
+        $result = $qb->execute();
50 
+        $row = $result->fetch();
51 
+        $result->closeCursor();
52 
+        if($row === false) {
53 
+            throw new AccessTokenNotFoundException();
54 
+        }
55 
+        return AccessToken::fromRow($row);
56 
+    }
57 57
58 
-	/**
59 
-	 * delete all access token from a given client
60 
-	 *
61 
-	 * @param int $id
62 
-	 */
63 
-	public function deleteByClientId($id) {
64 
-		$qb = $this->db->getQueryBuilder();
65 
-		$qb
66 
-			->delete($this->tableName)
67 
-			->where($qb->expr()->eq('client_id', $qb->createNamedParameter($id, IQueryBuilder::PARAM_INT)));
68 
-		$qb->execute();
69 
-	}
58 
+    /**
59 
+     * delete all access token from a given client
60 
+     *
61 
+     * @param int $id
62 
+     */
63 
+    public function deleteByClientId($id) {
64 
+        $qb = $this->db->getQueryBuilder();
65 
+        $qb
66 
+            ->delete($this->tableName)
67 
+            ->where($qb->expr()->eq('client_id', $qb->createNamedParameter($id, IQueryBuilder::PARAM_INT)));
68 
+        $qb->execute();
69 
+    }
70 70 
 }
Please login to merge, or discard this patch.
apps/oauth2/appinfo/routes.php 1 patch
Indentation   +22 added lines, -22 removed lines patch added patch discarded remove patch 
@@ -20,26 +20,26 @@
 
 block discarded – undo
20 20 
  */
21 21
22 22 
 return [
23 
-	'routes' => [
24 
-		[
25 
-			'name' => 'Settings#addClient',
26 
-			'url' => '/settings',
27 
-			'verb' => 'POST',
28 
-		],
29 
-		[
30 
-			'name' => 'Settings#deleteClient',
31 
-			'url' => '/clients/{id}/delete',
32 
-			'verb' => 'POST'
33 
-		],
34 
-		[
35 
-			'name' => 'LoginRedirector#authorize',
36 
-			'url' => '/authorize',
37 
-			'verb' => 'GET',
38 
-		],
39 
-		[
40 
-			'name' => 'OauthApi#getToken',
41 
-			'url' => '/api/v1/token',
42 
-			'verb' => 'POST'
43 
-		],
44 
-	],
23 
+    'routes' => [
24 
+        [
25 
+            'name' => 'Settings#addClient',
26 
+            'url' => '/settings',
27 
+            'verb' => 'POST',
28 
+        ],
29 
+        [
30 
+            'name' => 'Settings#deleteClient',
31 
+            'url' => '/clients/{id}/delete',
32 
+            'verb' => 'POST'
33 
+        ],
34 
+        [
35 
+            'name' => 'LoginRedirector#authorize',
36 
+            'url' => '/authorize',
37 
+            'verb' => 'GET',
38 
+        ],
39 
+        [
40 
+            'name' => 'OauthApi#getToken',
41 
+            'url' => '/api/v1/token',
42 
+            'verb' => 'POST'
43 
+        ],
44 
+    ],
45 45 
 ];
Please login to merge, or discard this patch.
apps/dav/lib/Connector/Sabre/Auth.php 1 patch
Indentation   +192 added lines, -192 removed lines patch added patch discarded remove patch 
@@ -48,213 +48,213 @@
 
 block discarded – undo
48 48 
 class Auth extends AbstractBasic {
49 49
50 50
51 
-	const DAV_AUTHENTICATED = 'AUTHENTICATED_TO_DAV_BACKEND';
51 
+    const DAV_AUTHENTICATED = 'AUTHENTICATED_TO_DAV_BACKEND';
52 52
53 
-	/** @var ISession */
54 
-	private $session;
55 
-	/** @var Session */
56 
-	private $userSession;
57 
-	/** @var IRequest */
58 
-	private $request;
59 
-	/** @var string */
60 
-	private $currentUser;
61 
-	/** @var Manager */
62 
-	private $twoFactorManager;
63 
-	/** @var Throttler */
64 
-	private $throttler;
53 
+    /** @var ISession */
54 
+    private $session;
55 
+    /** @var Session */
56 
+    private $userSession;
57 
+    /** @var IRequest */
58 
+    private $request;
59 
+    /** @var string */
60 
+    private $currentUser;
61 
+    /** @var Manager */
62 
+    private $twoFactorManager;
63 
+    /** @var Throttler */
64 
+    private $throttler;
65 65
66 
-	/**
67 
-	 * @param ISession $session
68 
-	 * @param Session $userSession
69 
-	 * @param IRequest $request
70 
-	 * @param Manager $twoFactorManager
71 
-	 * @param Throttler $throttler
72 
-	 * @param string $principalPrefix
73 
-	 */
74 
-	public function __construct(ISession $session,
75 
-								Session $userSession,
76 
-								IRequest $request,
77 
-								Manager $twoFactorManager,
78 
-								Throttler $throttler,
79 
-								$principalPrefix = 'principals/users/') {
80 
-		$this->session = $session;
81 
-		$this->userSession = $userSession;
82 
-		$this->twoFactorManager = $twoFactorManager;
83 
-		$this->request = $request;
84 
-		$this->throttler = $throttler;
85 
-		$this->principalPrefix = $principalPrefix;
66 
+    /**
67 
+     * @param ISession $session
68 
+     * @param Session $userSession
69 
+     * @param IRequest $request
70 
+     * @param Manager $twoFactorManager
71 
+     * @param Throttler $throttler
72 
+     * @param string $principalPrefix
73 
+     */
74 
+    public function __construct(ISession $session,
75 
+                                Session $userSession,
76 
+                                IRequest $request,
77 
+                                Manager $twoFactorManager,
78 
+                                Throttler $throttler,
79 
+                                $principalPrefix = 'principals/users/') {
80 
+        $this->session = $session;
81 
+        $this->userSession = $userSession;
82 
+        $this->twoFactorManager = $twoFactorManager;
83 
+        $this->request = $request;
84 
+        $this->throttler = $throttler;
85 
+        $this->principalPrefix = $principalPrefix;
86 86
87 
-		// setup realm
88 
-		$defaults = new \OCP\Defaults();
89 
-		$this->realm = $defaults->getName();
90 
-	}
87 
+        // setup realm
88 
+        $defaults = new \OCP\Defaults();
89 
+        $this->realm = $defaults->getName();
90 
+    }
91 91
92 
-	/**
93 
-	 * Whether the user has initially authenticated via DAV
94 
-	 *
95 
-	 * This is required for WebDAV clients that resent the cookies even when the
96 
-	 * account was changed.
97 
-	 *
98 
-	 * @see https://github.com/owncloud/core/issues/13245
99 
-	 *
100 
-	 * @param string $username
101 
-	 * @return bool
102 
-	 */
103 
-	public function isDavAuthenticated($username) {
104 
-		return !is_null($this->session->get(self::DAV_AUTHENTICATED)) &&
105 
-		$this->session->get(self::DAV_AUTHENTICATED) === $username;
106 
-	}
92 
+    /**
93 
+     * Whether the user has initially authenticated via DAV
94 
+     *
95 
+     * This is required for WebDAV clients that resent the cookies even when the
96 
+     * account was changed.
97 
+     *
98 
+     * @see https://github.com/owncloud/core/issues/13245
99 
+     *
100 
+     * @param string $username
101 
+     * @return bool
102 
+     */
103 
+    public function isDavAuthenticated($username) {
104 
+        return !is_null($this->session->get(self::DAV_AUTHENTICATED)) &&
105 
+        $this->session->get(self::DAV_AUTHENTICATED) === $username;
106 
+    }
107 107
108 
-	/**
109 
-	 * Validates a username and password
110 
-	 *
111 
-	 * This method should return true or false depending on if login
112 
-	 * succeeded.
113 
-	 *
114 
-	 * @param string $username
115 
-	 * @param string $password
116 
-	 * @return bool
117 
-	 * @throws PasswordLoginForbidden
118 
-	 */
119 
-	protected function validateUserPass($username, $password) {
120 
-		if ($this->userSession->isLoggedIn() &&
121 
-			$this->isDavAuthenticated($this->userSession->getUser()->getUID())
122 
-		) {
123 
-			\OC_Util::setupFS($this->userSession->getUser()->getUID());
124 
-			$this->session->close();
125 
-			return true;
126 
-		} else {
127 
-			\OC_Util::setupFS(); //login hooks may need early access to the filesystem
128 
-			try {
129 
-				if ($this->userSession->logClientIn($username, $password, $this->request, $this->throttler)) {
130 
-					\OC_Util::setupFS($this->userSession->getUser()->getUID());
131 
-					$this->session->set(self::DAV_AUTHENTICATED, $this->userSession->getUser()->getUID());
132 
-					$this->session->close();
133 
-					return true;
134 
-				} else {
135 
-					$this->session->close();
136 
-					return false;
137 
-				}
138 
-			} catch (PasswordLoginForbiddenException $ex) {
139 
-				$this->session->close();
140 
-				throw new PasswordLoginForbidden();
141 
-			}
142 
-		}
143 
-	}
108 
+    /**
109 
+     * Validates a username and password
110 
+     *
111 
+     * This method should return true or false depending on if login
112 
+     * succeeded.
113 
+     *
114 
+     * @param string $username
115 
+     * @param string $password
116 
+     * @return bool
117 
+     * @throws PasswordLoginForbidden
118 
+     */
119 
+    protected function validateUserPass($username, $password) {
120 
+        if ($this->userSession->isLoggedIn() &&
121 
+            $this->isDavAuthenticated($this->userSession->getUser()->getUID())
122 
+        ) {
123 
+            \OC_Util::setupFS($this->userSession->getUser()->getUID());
124 
+            $this->session->close();
125 
+            return true;
126 
+        } else {
127 
+            \OC_Util::setupFS(); //login hooks may need early access to the filesystem
128 
+            try {
129 
+                if ($this->userSession->logClientIn($username, $password, $this->request, $this->throttler)) {
130 
+                    \OC_Util::setupFS($this->userSession->getUser()->getUID());
131 
+                    $this->session->set(self::DAV_AUTHENTICATED, $this->userSession->getUser()->getUID());
132 
+                    $this->session->close();
133 
+                    return true;
134 
+                } else {
135 
+                    $this->session->close();
136 
+                    return false;
137 
+                }
138 
+            } catch (PasswordLoginForbiddenException $ex) {
139 
+                $this->session->close();
140 
+                throw new PasswordLoginForbidden();
141 
+            }
142 
+        }
143 
+    }
144 144
145 
-	/**
146 
-	 * @param RequestInterface $request
147 
-	 * @param ResponseInterface $response
148 
-	 * @return array
149 
-	 * @throws NotAuthenticated
150 
-	 * @throws ServiceUnavailable
151 
-	 */
152 
-	function check(RequestInterface $request, ResponseInterface $response) {
153 
-		try {
154 
-			$result = $this->auth($request, $response);
155 
-			return $result;
156 
-		} catch (NotAuthenticated $e) {
157 
-			throw $e;
158 
-		} catch (Exception $e) {
159 
-			$class = get_class($e);
160 
-			$msg = $e->getMessage();
161 
-			\OC::$server->getLogger()->logException($e);
162 
-			throw new ServiceUnavailable("$class: $msg");
163 
-		}
164 
-	}
145 
+    /**
146 
+     * @param RequestInterface $request
147 
+     * @param ResponseInterface $response
148 
+     * @return array
149 
+     * @throws NotAuthenticated
150 
+     * @throws ServiceUnavailable
151 
+     */
152 
+    function check(RequestInterface $request, ResponseInterface $response) {
153 
+        try {
154 
+            $result = $this->auth($request, $response);
155 
+            return $result;
156 
+        } catch (NotAuthenticated $e) {
157 
+            throw $e;
158 
+        } catch (Exception $e) {
159 
+            $class = get_class($e);
160 
+            $msg = $e->getMessage();
161 
+            \OC::$server->getLogger()->logException($e);
162 
+            throw new ServiceUnavailable("$class: $msg");
163 
+        }
164 
+    }
165 165
166 
-	/**
167 
-	 * Checks whether a CSRF check is required on the request
168 
-	 *
169 
-	 * @return bool
170 
-	 */
171 
-	private function requiresCSRFCheck() {
172 
-		// GET requires no check at all
173 
-		if($this->request->getMethod() === 'GET') {
174 
-			return false;
175 
-		}
166 
+    /**
167 
+     * Checks whether a CSRF check is required on the request
168 
+     *
169 
+     * @return bool
170 
+     */
171 
+    private function requiresCSRFCheck() {
172 
+        // GET requires no check at all
173 
+        if($this->request->getMethod() === 'GET') {
174 
+            return false;
175 
+        }
176 176
177 
-		// Official Nextcloud clients require no checks
178 
-		if($this->request->isUserAgent([
179 
-			IRequest::USER_AGENT_CLIENT_DESKTOP,
180 
-			IRequest::USER_AGENT_CLIENT_ANDROID,
181 
-			IRequest::USER_AGENT_CLIENT_IOS,
182 
-		])) {
183 
-			return false;
184 
-		}
177 
+        // Official Nextcloud clients require no checks
178 
+        if($this->request->isUserAgent([
179 
+            IRequest::USER_AGENT_CLIENT_DESKTOP,
180 
+            IRequest::USER_AGENT_CLIENT_ANDROID,
181 
+            IRequest::USER_AGENT_CLIENT_IOS,
182 
+        ])) {
183 
+            return false;
184 
+        }
185 185
186 
-		// If not logged-in no check is required
187 
-		if(!$this->userSession->isLoggedIn()) {
188 
-			return false;
189 
-		}
186 
+        // If not logged-in no check is required
187 
+        if(!$this->userSession->isLoggedIn()) {
188 
+            return false;
189 
+        }
190 190
191 
-		// POST always requires a check
192 
-		if($this->request->getMethod() === 'POST') {
193 
-			return true;
194 
-		}
191 
+        // POST always requires a check
192 
+        if($this->request->getMethod() === 'POST') {
193 
+            return true;
194 
+        }
195 195
196 
-		// If logged-in AND DAV authenticated no check is required
197 
-		if($this->userSession->isLoggedIn() &&
198 
-			$this->isDavAuthenticated($this->userSession->getUser()->getUID())) {
199 
-			return false;
200 
-		}
196 
+        // If logged-in AND DAV authenticated no check is required
197 
+        if($this->userSession->isLoggedIn() &&
198 
+            $this->isDavAuthenticated($this->userSession->getUser()->getUID())) {
199 
+            return false;
200 
+        }
201 201
202 
-		return true;
203 
-	}
202 
+        return true;
203 
+    }
204 204
205 
-	/**
206 
-	 * @param RequestInterface $request
207 
-	 * @param ResponseInterface $response
208 
-	 * @return array
209 
-	 * @throws NotAuthenticated
210 
-	 */
211 
-	private function auth(RequestInterface $request, ResponseInterface $response) {
212 
-		$forcedLogout = false;
205 
+    /**
206 
+     * @param RequestInterface $request
207 
+     * @param ResponseInterface $response
208 
+     * @return array
209 
+     * @throws NotAuthenticated
210 
+     */
211 
+    private function auth(RequestInterface $request, ResponseInterface $response) {
212 
+        $forcedLogout = false;
213 213
214 
-		if(!$this->request->passesCSRFCheck() &&
215 
-			$this->requiresCSRFCheck()) {
216 
-			// In case of a fail with POST we need to recheck the credentials
217 
-			if($this->request->getMethod() === 'POST') {
218 
-				$forcedLogout = true;
219 
-			} else {
220 
-				$response->setStatus(401);
221 
-				throw new \Sabre\DAV\Exception\NotAuthenticated('CSRF check not passed.');
222 
-			}
223 
-		}
214 
+        if(!$this->request->passesCSRFCheck() &&
215 
+            $this->requiresCSRFCheck()) {
216 
+            // In case of a fail with POST we need to recheck the credentials
217 
+            if($this->request->getMethod() === 'POST') {
218 
+                $forcedLogout = true;
219 
+            } else {
220 
+                $response->setStatus(401);
221 
+                throw new \Sabre\DAV\Exception\NotAuthenticated('CSRF check not passed.');
222 
+            }
223 
+        }
224 224
225 
-		if($forcedLogout) {
226 
-			$this->userSession->logout();
227 
-		} else {
228 
-			if($this->twoFactorManager->needsSecondFactor($this->userSession->getUser())) {
229 
-				throw new \Sabre\DAV\Exception\NotAuthenticated('2FA challenge not passed.');
230 
-			}
231 
-			if (\OC_User::handleApacheAuth() ||
232 
-				//Fix for broken webdav clients
233 
-				($this->userSession->isLoggedIn() && is_null($this->session->get(self::DAV_AUTHENTICATED))) ||
234 
-				//Well behaved clients that only send the cookie are allowed
235 
-				($this->userSession->isLoggedIn() && $this->session->get(self::DAV_AUTHENTICATED) === $this->userSession->getUser()->getUID() && $request->getHeader('Authorization') === null)
236 
-			) {
237 
-				$user = $this->userSession->getUser()->getUID();
238 
-				\OC_Util::setupFS($user);
239 
-				$this->currentUser = $user;
240 
-				$this->session->close();
241 
-				return [true, $this->principalPrefix . $user];
242 
-			}
243 
-		}
225 
+        if($forcedLogout) {
226 
+            $this->userSession->logout();
227 
+        } else {
228 
+            if($this->twoFactorManager->needsSecondFactor($this->userSession->getUser())) {
229 
+                throw new \Sabre\DAV\Exception\NotAuthenticated('2FA challenge not passed.');
230 
+            }
231 
+            if (\OC_User::handleApacheAuth() ||
232 
+                //Fix for broken webdav clients
233 
+                ($this->userSession->isLoggedIn() && is_null($this->session->get(self::DAV_AUTHENTICATED))) ||
234 
+                //Well behaved clients that only send the cookie are allowed
235 
+                ($this->userSession->isLoggedIn() && $this->session->get(self::DAV_AUTHENTICATED) === $this->userSession->getUser()->getUID() && $request->getHeader('Authorization') === null)
236 
+            ) {
237 
+                $user = $this->userSession->getUser()->getUID();
238 
+                \OC_Util::setupFS($user);
239 
+                $this->currentUser = $user;
240 
+                $this->session->close();
241 
+                return [true, $this->principalPrefix . $user];
242 
+            }
243 
+        }
244 244
245 
-		if (!$this->userSession->isLoggedIn() && in_array('XMLHttpRequest', explode(',', $request->getHeader('X-Requested-With')))) {
246 
-			// do not re-authenticate over ajax, use dummy auth name to prevent browser popup
247 
-			$response->addHeader('WWW-Authenticate','DummyBasic realm="' . $this->realm . '"');
248 
-			$response->setStatus(401);
249 
-			throw new \Sabre\DAV\Exception\NotAuthenticated('Cannot authenticate over ajax calls');
250 
-		}
245 
+        if (!$this->userSession->isLoggedIn() && in_array('XMLHttpRequest', explode(',', $request->getHeader('X-Requested-With')))) {
246 
+            // do not re-authenticate over ajax, use dummy auth name to prevent browser popup
247 
+            $response->addHeader('WWW-Authenticate','DummyBasic realm="' . $this->realm . '"');
248 
+            $response->setStatus(401);
249 
+            throw new \Sabre\DAV\Exception\NotAuthenticated('Cannot authenticate over ajax calls');
250 
+        }
251 251
252 
-		$data = parent::check($request, $response);
253 
-		if($data[0] === true) {
254 
-			$startPos = strrpos($data[1], '/') + 1;
255 
-			$user = $this->userSession->getUser()->getUID();
256 
-			$data[1] = substr_replace($data[1], $user, $startPos);
257 
-		}
258 
-		return $data;
259 
-	}
252 
+        $data = parent::check($request, $response);
253 
+        if($data[0] === true) {
254 
+            $startPos = strrpos($data[1], '/') + 1;
255 
+            $user = $this->userSession->getUser()->getUID();
256 
+            $data[1] = substr_replace($data[1], $user, $startPos);
257 
+        }
258 
+        return $data;
259 
+    }
260 260 
 }
Please login to merge, or discard this patch.
apps/dav/lib/Server.php 1 patch
Indentation   +194 added lines, -194 removed lines patch added patch discarded remove patch 
@@ -58,198 +58,198 @@
 
 block discarded – undo
58 58
59 59 
 class Server {
60 60
61 
-	/** @var IRequest */
62 
-	private $request;
63 
-
64 
-	/** @var  string */
65 
-	private $baseUri;
66 
-
67 
-	/** @var Connector\Sabre\Server  */
68 
-	private $server;
69 
-
70 
-	public function __construct(IRequest $request, $baseUri) {
71 
-		$this->request = $request;
72 
-		$this->baseUri = $baseUri;
73 
-		$logger = \OC::$server->getLogger();
74 
-		$mailer = \OC::$server->getMailer();
75 
-		$dispatcher = \OC::$server->getEventDispatcher();
76 
-
77 
-		$root = new RootCollection();
78 
-		$this->server = new \OCA\DAV\Connector\Sabre\Server($root);
79 
-
80 
-		// Add maintenance plugin
81 
-		$this->server->addPlugin(new \OCA\DAV\Connector\Sabre\MaintenancePlugin(\OC::$server->getConfig()));
82 
-
83 
-		// Backends
84 
-		$authBackend = new Auth(
85 
-			\OC::$server->getSession(),
86 
-			\OC::$server->getUserSession(),
87 
-			\OC::$server->getRequest(),
88 
-			\OC::$server->getTwoFactorAuthManager(),
89 
-			\OC::$server->getBruteForceThrottler()
90 
-		);
91 
-
92 
-		// Set URL explicitly due to reverse-proxy situations
93 
-		$this->server->httpRequest->setUrl($this->request->getRequestUri());
94 
-		$this->server->setBaseUri($this->baseUri);
95 
-
96 
-		$this->server->addPlugin(new BlockLegacyClientPlugin(\OC::$server->getConfig()));
97 
-		$authPlugin = new Plugin();
98 
-		$authPlugin->addBackend(new PublicAuth());
99 
-		$this->server->addPlugin($authPlugin);
100 
-
101 
-		// allow setup of additional auth backends
102 
-		$event = new SabrePluginEvent($this->server);
103 
-		$dispatcher->dispatch('OCA\DAV\Connector\Sabre::authInit', $event);
104 
-
105 
-		$bearerAuthBackend = new BearerAuth(
106 
-			\OC::$server->getUserSession(),
107 
-			\OC::$server->getSession(),
108 
-			\OC::$server->getRequest()
109 
-		);
110 
-		$authPlugin->addBackend($bearerAuthBackend);
111 
-		// because we are throwing exceptions this plugin has to be the last one
112 
-		$authPlugin->addBackend($authBackend);
113 
-
114 
-		// debugging
115 
-		if(\OC::$server->getConfig()->getSystemValue('debug', false)) {
116 
-			$this->server->addPlugin(new \Sabre\DAV\Browser\Plugin());
117 
-		} else {
118 
-			$this->server->addPlugin(new DummyGetResponsePlugin());
119 
-		}
120 
-
121 
-		$this->server->addPlugin(new \OCA\DAV\Connector\Sabre\ExceptionLoggerPlugin('webdav', $logger));
122 
-		$this->server->addPlugin(new \OCA\DAV\Connector\Sabre\LockPlugin());
123 
-		$this->server->addPlugin(new \Sabre\DAV\Sync\Plugin());
124 
-
125 
-		// acl
126 
-		$acl = new DavAclPlugin();
127 
-		$acl->principalCollectionSet = [
128 
-			'principals/users', 'principals/groups'
129 
-		];
130 
-		$acl->defaultUsernamePath = 'principals/users';
131 
-		$this->server->addPlugin($acl);
132 
-
133 
-		// calendar plugins
134 
-		$this->server->addPlugin(new \OCA\DAV\CalDAV\Plugin());
135 
-		$this->server->addPlugin(new \Sabre\CalDAV\ICSExportPlugin());
136 
-		$this->server->addPlugin(new \OCA\DAV\CalDAV\Schedule\Plugin());
137 
-		$this->server->addPlugin(new IMipPlugin($mailer, $logger));
138 
-		$this->server->addPlugin(new \Sabre\CalDAV\Subscriptions\Plugin());
139 
-		$this->server->addPlugin(new \Sabre\CalDAV\Notifications\Plugin());
140 
-		$this->server->addPlugin(new DAV\Sharing\Plugin($authBackend, \OC::$server->getRequest()));
141 
-		$this->server->addPlugin(new \OCA\DAV\CalDAV\Publishing\PublishPlugin(
142 
-			\OC::$server->getConfig(),
143 
-			\OC::$server->getURLGenerator()
144 
-		));
145 
-
146 
-		// addressbook plugins
147 
-		$this->server->addPlugin(new \OCA\DAV\CardDAV\Plugin());
148 
-		$this->server->addPlugin(new VCFExportPlugin());
149 
-		$this->server->addPlugin(new ImageExportPlugin(new PhotoCache(\OC::$server->getAppDataDir('dav-photocache'))));
150 
-
151 
-		// system tags plugins
152 
-		$this->server->addPlugin(new SystemTagPlugin(
153 
-			\OC::$server->getSystemTagManager(),
154 
-			\OC::$server->getGroupManager(),
155 
-			\OC::$server->getUserSession()
156 
-		));
157 
-
158 
-		// comments plugin
159 
-		$this->server->addPlugin(new CommentsPlugin(
160 
-			\OC::$server->getCommentsManager(),
161 
-			\OC::$server->getUserSession()
162 
-		));
163 
-
164 
-		$this->server->addPlugin(new CopyEtagHeaderPlugin());
165 
-
166 
-		// Some WebDAV clients do require Class 2 WebDAV support (locking), since
167 
-		// we do not provide locking we emulate it using a fake locking plugin.
168 
-		if($request->isUserAgent([
169 
-			'/WebDAVFS/',
170 
-			'/Microsoft Office OneNote 2013/',
171 
-			'/^Microsoft-WebDAV/',// Microsoft-WebDAV-MiniRedir/6.1.7601
172 
-		])) {
173 
-			$this->server->addPlugin(new FakeLockerPlugin());
174 
-		}
175 
-
176 
-		if (BrowserErrorPagePlugin::isBrowserRequest($request)) {
177 
-			$this->server->addPlugin(new BrowserErrorPagePlugin());
178 
-		}
179 
-
180 
-		// wait with registering these until auth is handled and the filesystem is setup
181 
-		$this->server->on('beforeMethod', function () {
182 
-			// custom properties plugin must be the last one
183 
-			$userSession = \OC::$server->getUserSession();
184 
-			$user = $userSession->getUser();
185 
-			if ($user !== null) {
186 
-				$view = \OC\Files\Filesystem::getView();
187 
-				$this->server->addPlugin(
188 
-					new FilesPlugin(
189 
-						$this->server->tree,
190 
-						\OC::$server->getConfig(),
191 
-						$this->request,
192 
-						\OC::$server->getPreviewManager(),
193 
-						false,
194 
-						!\OC::$server->getConfig()->getSystemValue('debug', false)
195 
-					)
196 
-				);
197 
-
198 
-				$this->server->addPlugin(
199 
-					new \Sabre\DAV\PropertyStorage\Plugin(
200 
-						new CustomPropertiesBackend(
201 
-							$this->server->tree,
202 
-							\OC::$server->getDatabaseConnection(),
203 
-							\OC::$server->getUserSession()->getUser()
204 
-						)
205 
-					)
206 
-				);
207 
-				if ($view !== null) {
208 
-					$this->server->addPlugin(
209 
-						new QuotaPlugin($view));
210 
-				}
211 
-				$this->server->addPlugin(
212 
-					new TagsPlugin(
213 
-						$this->server->tree, \OC::$server->getTagManager()
214 
-					)
215 
-				);
216 
-				// TODO: switch to LazyUserFolder
217 
-				$userFolder = \OC::$server->getUserFolder();
218 
-				$this->server->addPlugin(new SharesPlugin(
219 
-					$this->server->tree,
220 
-					$userSession,
221 
-					$userFolder,
222 
-					\OC::$server->getShareManager()
223 
-				));
224 
-				$this->server->addPlugin(new CommentPropertiesPlugin(
225 
-					\OC::$server->getCommentsManager(),
226 
-					$userSession
227 
-				));
228 
-				$this->server->addPlugin(new \OCA\DAV\CalDAV\Search\SearchPlugin());
229 
-				if ($view !== null) {
230 
-					$this->server->addPlugin(new FilesReportPlugin(
231 
-						$this->server->tree,
232 
-						$view,
233 
-						\OC::$server->getSystemTagManager(),
234 
-						\OC::$server->getSystemTagObjectMapper(),
235 
-						\OC::$server->getTagManager(),
236 
-						$userSession,
237 
-						\OC::$server->getGroupManager(),
238 
-						$userFolder
239 
-					));
240 
-					$this->server->addPlugin(new SearchPlugin(new \OCA\DAV\Files\FileSearchBackend(
241 
-						$this->server->tree,
242 
-						$user,
243 
-						\OC::$server->getRootFolder(),
244 
-						\OC::$server->getShareManager(),
245 
-						$view
246 
-					)));
247 
-				}
248 
-			}
249 
-		});
250 
-	}
251 
-
252 
-	public function exec() {
253 
-		$this->server->exec();
254 
-	}
61 
+    /** @var IRequest */
62 
+    private $request;
63 
+
64 
+    /** @var  string */
65 
+    private $baseUri;
66 
+
67 
+    /** @var Connector\Sabre\Server  */
68 
+    private $server;
69 
+
70 
+    public function __construct(IRequest $request, $baseUri) {
71 
+        $this->request = $request;
72 
+        $this->baseUri = $baseUri;
73 
+        $logger = \OC::$server->getLogger();
74 
+        $mailer = \OC::$server->getMailer();
75 
+        $dispatcher = \OC::$server->getEventDispatcher();
76 
+
77 
+        $root = new RootCollection();
78 
+        $this->server = new \OCA\DAV\Connector\Sabre\Server($root);
79 
+
80 
+        // Add maintenance plugin
81 
+        $this->server->addPlugin(new \OCA\DAV\Connector\Sabre\MaintenancePlugin(\OC::$server->getConfig()));
82 
+
83 
+        // Backends
84 
+        $authBackend = new Auth(
85 
+            \OC::$server->getSession(),
86 
+            \OC::$server->getUserSession(),
87 
+            \OC::$server->getRequest(),
88 
+            \OC::$server->getTwoFactorAuthManager(),
89 
+            \OC::$server->getBruteForceThrottler()
90 
+        );
91 
+
92 
+        // Set URL explicitly due to reverse-proxy situations
93 
+        $this->server->httpRequest->setUrl($this->request->getRequestUri());
94 
+        $this->server->setBaseUri($this->baseUri);
95 
+
96 
+        $this->server->addPlugin(new BlockLegacyClientPlugin(\OC::$server->getConfig()));
97 
+        $authPlugin = new Plugin();
98 
+        $authPlugin->addBackend(new PublicAuth());
99 
+        $this->server->addPlugin($authPlugin);
100 
+
101 
+        // allow setup of additional auth backends
102 
+        $event = new SabrePluginEvent($this->server);
103 
+        $dispatcher->dispatch('OCA\DAV\Connector\Sabre::authInit', $event);
104 
+
105 
+        $bearerAuthBackend = new BearerAuth(
106 
+            \OC::$server->getUserSession(),
107 
+            \OC::$server->getSession(),
108 
+            \OC::$server->getRequest()
109 
+        );
110 
+        $authPlugin->addBackend($bearerAuthBackend);
111 
+        // because we are throwing exceptions this plugin has to be the last one
112 
+        $authPlugin->addBackend($authBackend);
113 
+
114 
+        // debugging
115 
+        if(\OC::$server->getConfig()->getSystemValue('debug', false)) {
116 
+            $this->server->addPlugin(new \Sabre\DAV\Browser\Plugin());
117 
+        } else {
118 
+            $this->server->addPlugin(new DummyGetResponsePlugin());
119 
+        }
120 
+
121 
+        $this->server->addPlugin(new \OCA\DAV\Connector\Sabre\ExceptionLoggerPlugin('webdav', $logger));
122 
+        $this->server->addPlugin(new \OCA\DAV\Connector\Sabre\LockPlugin());
123 
+        $this->server->addPlugin(new \Sabre\DAV\Sync\Plugin());
124 
+
125 
+        // acl
126 
+        $acl = new DavAclPlugin();
127 
+        $acl->principalCollectionSet = [
128 
+            'principals/users', 'principals/groups'
129 
+        ];
130 
+        $acl->defaultUsernamePath = 'principals/users';
131 
+        $this->server->addPlugin($acl);
132 
+
133 
+        // calendar plugins
134 
+        $this->server->addPlugin(new \OCA\DAV\CalDAV\Plugin());
135 
+        $this->server->addPlugin(new \Sabre\CalDAV\ICSExportPlugin());
136 
+        $this->server->addPlugin(new \OCA\DAV\CalDAV\Schedule\Plugin());
137 
+        $this->server->addPlugin(new IMipPlugin($mailer, $logger));
138 
+        $this->server->addPlugin(new \Sabre\CalDAV\Subscriptions\Plugin());
139 
+        $this->server->addPlugin(new \Sabre\CalDAV\Notifications\Plugin());
140 
+        $this->server->addPlugin(new DAV\Sharing\Plugin($authBackend, \OC::$server->getRequest()));
141 
+        $this->server->addPlugin(new \OCA\DAV\CalDAV\Publishing\PublishPlugin(
142 
+            \OC::$server->getConfig(),
143 
+            \OC::$server->getURLGenerator()
144 
+        ));
145 
+
146 
+        // addressbook plugins
147 
+        $this->server->addPlugin(new \OCA\DAV\CardDAV\Plugin());
148 
+        $this->server->addPlugin(new VCFExportPlugin());
149 
+        $this->server->addPlugin(new ImageExportPlugin(new PhotoCache(\OC::$server->getAppDataDir('dav-photocache'))));
150 
+
151 
+        // system tags plugins
152 
+        $this->server->addPlugin(new SystemTagPlugin(
153 
+            \OC::$server->getSystemTagManager(),
154 
+            \OC::$server->getGroupManager(),
155 
+            \OC::$server->getUserSession()
156 
+        ));
157 
+
158 
+        // comments plugin
159 
+        $this->server->addPlugin(new CommentsPlugin(
160 
+            \OC::$server->getCommentsManager(),
161 
+            \OC::$server->getUserSession()
162 
+        ));
163 
+
164 
+        $this->server->addPlugin(new CopyEtagHeaderPlugin());
165 
+
166 
+        // Some WebDAV clients do require Class 2 WebDAV support (locking), since
167 
+        // we do not provide locking we emulate it using a fake locking plugin.
168 
+        if($request->isUserAgent([
169 
+            '/WebDAVFS/',
170 
+            '/Microsoft Office OneNote 2013/',
171 
+            '/^Microsoft-WebDAV/',// Microsoft-WebDAV-MiniRedir/6.1.7601
172 
+        ])) {
173 
+            $this->server->addPlugin(new FakeLockerPlugin());
174 
+        }
175 
+
176 
+        if (BrowserErrorPagePlugin::isBrowserRequest($request)) {
177 
+            $this->server->addPlugin(new BrowserErrorPagePlugin());
178 
+        }
179 
+
180 
+        // wait with registering these until auth is handled and the filesystem is setup
181 
+        $this->server->on('beforeMethod', function () {
182 
+            // custom properties plugin must be the last one
183 
+            $userSession = \OC::$server->getUserSession();
184 
+            $user = $userSession->getUser();
185 
+            if ($user !== null) {
186 
+                $view = \OC\Files\Filesystem::getView();
187 
+                $this->server->addPlugin(
188 
+                    new FilesPlugin(
189 
+                        $this->server->tree,
190 
+                        \OC::$server->getConfig(),
191 
+                        $this->request,
192 
+                        \OC::$server->getPreviewManager(),
193 
+                        false,
194 
+                        !\OC::$server->getConfig()->getSystemValue('debug', false)
195 
+                    )
196 
+                );
197 
+
198 
+                $this->server->addPlugin(
199 
+                    new \Sabre\DAV\PropertyStorage\Plugin(
200 
+                        new CustomPropertiesBackend(
201 
+                            $this->server->tree,
202 
+                            \OC::$server->getDatabaseConnection(),
203 
+                            \OC::$server->getUserSession()->getUser()
204 
+                        )
205 
+                    )
206 
+                );
207 
+                if ($view !== null) {
208 
+                    $this->server->addPlugin(
209 
+                        new QuotaPlugin($view));
210 
+                }
211 
+                $this->server->addPlugin(
212 
+                    new TagsPlugin(
213 
+                        $this->server->tree, \OC::$server->getTagManager()
214 
+                    )
215 
+                );
216 
+                // TODO: switch to LazyUserFolder
217 
+                $userFolder = \OC::$server->getUserFolder();
218 
+                $this->server->addPlugin(new SharesPlugin(
219 
+                    $this->server->tree,
220 
+                    $userSession,
221 
+                    $userFolder,
222 
+                    \OC::$server->getShareManager()
223 
+                ));
224 
+                $this->server->addPlugin(new CommentPropertiesPlugin(
225 
+                    \OC::$server->getCommentsManager(),
226 
+                    $userSession
227 
+                ));
228 
+                $this->server->addPlugin(new \OCA\DAV\CalDAV\Search\SearchPlugin());
229 
+                if ($view !== null) {
230 
+                    $this->server->addPlugin(new FilesReportPlugin(
231 
+                        $this->server->tree,
232 
+                        $view,
233 
+                        \OC::$server->getSystemTagManager(),
234 
+                        \OC::$server->getSystemTagObjectMapper(),
235 
+                        \OC::$server->getTagManager(),
236 
+                        $userSession,
237 
+                        \OC::$server->getGroupManager(),
238 
+                        $userFolder
239 
+                    ));
240 
+                    $this->server->addPlugin(new SearchPlugin(new \OCA\DAV\Files\FileSearchBackend(
241 
+                        $this->server->tree,
242 
+                        $user,
243 
+                        \OC::$server->getRootFolder(),
244 
+                        \OC::$server->getShareManager(),
245 
+                        $view
246 
+                    )));
247 
+                }
248 
+            }
249 
+        });
250 
+    }
251 
+
252 
+    public function exec() {
253 
+        $this->server->exec();
254 
+    }
255 255 
 }
Please login to merge, or discard this patch.
apps/dav/appinfo/v1/publicwebdav.php 1 patch
Indentation   +46 added lines, -46 removed lines patch added patch discarded remove patch 
@@ -38,21 +38,21 @@  discard block
 
 block discarded – undo
38 38
39 39 
 // Backends
40 40 
 $authBackend = new OCA\DAV\Connector\PublicAuth(
41 
-	\OC::$server->getRequest(),
42 
-	\OC::$server->getShareManager(),
43 
-	\OC::$server->getSession()
41 
+    \OC::$server->getRequest(),
42 
+    \OC::$server->getShareManager(),
43 
+    \OC::$server->getSession()
44 44 
 );
45 45 
 $authPlugin = new \Sabre\DAV\Auth\Plugin($authBackend);
46 46
47 47 
 $serverFactory = new OCA\DAV\Connector\Sabre\ServerFactory(
48 
-	\OC::$server->getConfig(),
49 
-	\OC::$server->getLogger(),
50 
-	\OC::$server->getDatabaseConnection(),
51 
-	\OC::$server->getUserSession(),
52 
-	\OC::$server->getMountManager(),
53 
-	\OC::$server->getTagManager(),
54 
-	\OC::$server->getRequest(),
55 
-	\OC::$server->getPreviewManager()
48 
+    \OC::$server->getConfig(),
49 
+    \OC::$server->getLogger(),
50 
+    \OC::$server->getDatabaseConnection(),
51 
+    \OC::$server->getUserSession(),
52 
+    \OC::$server->getMountManager(),
53 
+    \OC::$server->getTagManager(),
54 
+    \OC::$server->getRequest(),
55 
+    \OC::$server->getPreviewManager()
56 56 
 );
57 57
58 58 
 $requestUri = \OC::$server->getRequest()->getRequestUri();
 
@@ -61,41 +61,41 @@  discard block
 
 block discarded – undo
61 61 
 $filesDropPlugin = new \OCA\DAV\Files\Sharing\FilesDropPlugin();
62 62
63 63 
 $server = $serverFactory->createServer($baseuri, $requestUri, $authPlugin, function (\Sabre\DAV\Server $server) use ($authBackend, $linkCheckPlugin, $filesDropPlugin) {
64 
-	$isAjax = (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] === 'XMLHttpRequest');
65 
-	$federatedSharingApp = new \OCA\FederatedFileSharing\AppInfo\Application();
66 
-	$federatedShareProvider = $federatedSharingApp->getFederatedShareProvider();
67 
-	if ($federatedShareProvider->isOutgoingServer2serverShareEnabled() === false && !$isAjax) {
68 
-		// this is what is thrown when trying to access a non-existing share
69 
-		throw new \Sabre\DAV\Exception\NotAuthenticated();
70 
-	}
71 
-
72 
-	$share = $authBackend->getShare();
73 
-	$owner = $share->getShareOwner();
74 
-	$isReadable = $share->getPermissions() & \OCP\Constants::PERMISSION_READ;
75 
-	$fileId = $share->getNodeId();
76 
-
77 
-	// FIXME: should not add storage wrappers outside of preSetup, need to find a better way
78 
-	$previousLog = \OC\Files\Filesystem::logWarningWhenAddingStorageWrapper(false);
79 
-	\OC\Files\Filesystem::addStorageWrapper('sharePermissions', function ($mountPoint, $storage) use ($share) {
80 
-		return new \OC\Files\Storage\Wrapper\PermissionsMask(array('storage' => $storage, 'mask' => $share->getPermissions() | \OCP\Constants::PERMISSION_SHARE));
81 
-	});
82 
-	\OC\Files\Filesystem::logWarningWhenAddingStorageWrapper($previousLog);
83 
-
84 
-	OC_Util::setupFS($owner);
85 
-	$ownerView = \OC\Files\Filesystem::getView();
86 
-	$path = $ownerView->getPath($fileId);
87 
-	$fileInfo = $ownerView->getFileInfo($path);
88 
-	$linkCheckPlugin->setFileInfo($fileInfo);
89 
-
90 
-	// If not readble (files_drop) enable the filesdrop plugin
91 
-	if (!$isReadable) {
92 
-		$filesDropPlugin->enable();
93 
-	}
94 
-
95 
-	$view = new \OC\Files\View($ownerView->getAbsolutePath($path));
96 
-	$filesDropPlugin->setView($view);
97 
-
98 
-	return $view;
64 
+    $isAjax = (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] === 'XMLHttpRequest');
65 
+    $federatedSharingApp = new \OCA\FederatedFileSharing\AppInfo\Application();
66 
+    $federatedShareProvider = $federatedSharingApp->getFederatedShareProvider();
67 
+    if ($federatedShareProvider->isOutgoingServer2serverShareEnabled() === false && !$isAjax) {
68 
+        // this is what is thrown when trying to access a non-existing share
69 
+        throw new \Sabre\DAV\Exception\NotAuthenticated();
70 
+    }
71 
+
72 
+    $share = $authBackend->getShare();
73 
+    $owner = $share->getShareOwner();
74 
+    $isReadable = $share->getPermissions() & \OCP\Constants::PERMISSION_READ;
75 
+    $fileId = $share->getNodeId();
76 
+
77 
+    // FIXME: should not add storage wrappers outside of preSetup, need to find a better way
78 
+    $previousLog = \OC\Files\Filesystem::logWarningWhenAddingStorageWrapper(false);
79 
+    \OC\Files\Filesystem::addStorageWrapper('sharePermissions', function ($mountPoint, $storage) use ($share) {
80 
+        return new \OC\Files\Storage\Wrapper\PermissionsMask(array('storage' => $storage, 'mask' => $share->getPermissions() | \OCP\Constants::PERMISSION_SHARE));
81 
+    });
82 
+    \OC\Files\Filesystem::logWarningWhenAddingStorageWrapper($previousLog);
83 
+
84 
+    OC_Util::setupFS($owner);
85 
+    $ownerView = \OC\Files\Filesystem::getView();
86 
+    $path = $ownerView->getPath($fileId);
87 
+    $fileInfo = $ownerView->getFileInfo($path);
88 
+    $linkCheckPlugin->setFileInfo($fileInfo);
89 
+
90 
+    // If not readble (files_drop) enable the filesdrop plugin
91 
+    if (!$isReadable) {
92 
+        $filesDropPlugin->enable();
93 
+    }
94 
+
95 
+    $view = new \OC\Files\View($ownerView->getAbsolutePath($path));
96 
+    $filesDropPlugin->setView($view);
97 
+
98 
+    return $view;
99 99 
 });
100 100
101 101 
 $server->addPlugin($linkCheckPlugin);
Please login to merge, or discard this patch.
apps/dav/appinfo/v1/webdav.php 1 patch
Indentation   +20 added lines, -20 removed lines patch added patch discarded remove patch 
@@ -25,7 +25,7 @@  discard block
 
 block discarded – undo
25 25
26 26 
 // no php execution timeout for webdav
27 27 
 if (strpos(@ini_get('disable_functions'), 'set_time_limit') === false) {
28 
-	@set_time_limit(0);
28 
+    @set_time_limit(0);
29 29 
 }
30 30 
 ignore_user_abort(true);
31 31 
 
@@ -33,38 +33,38 @@  discard block
 
 block discarded – undo
33 33 
 \OC_Util::obEnd();
34 34
35 35 
 $serverFactory = new \OCA\DAV\Connector\Sabre\ServerFactory(
36 
-	\OC::$server->getConfig(),
37 
-	\OC::$server->getLogger(),
38 
-	\OC::$server->getDatabaseConnection(),
39 
-	\OC::$server->getUserSession(),
40 
-	\OC::$server->getMountManager(),
41 
-	\OC::$server->getTagManager(),
42 
-	\OC::$server->getRequest(),
43 
-	\OC::$server->getPreviewManager()
36 
+    \OC::$server->getConfig(),
37 
+    \OC::$server->getLogger(),
38 
+    \OC::$server->getDatabaseConnection(),
39 
+    \OC::$server->getUserSession(),
40 
+    \OC::$server->getMountManager(),
41 
+    \OC::$server->getTagManager(),
42 
+    \OC::$server->getRequest(),
43 
+    \OC::$server->getPreviewManager()
44 44 
 );
45 45
46 46 
 // Backends
47 47 
 $authBackend = new \OCA\DAV\Connector\Sabre\Auth(
48 
-	\OC::$server->getSession(),
49 
-	\OC::$server->getUserSession(),
50 
-	\OC::$server->getRequest(),
51 
-	\OC::$server->getTwoFactorAuthManager(),
52 
-	\OC::$server->getBruteForceThrottler(),
53 
-	'principals/'
48 
+    \OC::$server->getSession(),
49 
+    \OC::$server->getUserSession(),
50 
+    \OC::$server->getRequest(),
51 
+    \OC::$server->getTwoFactorAuthManager(),
52 
+    \OC::$server->getBruteForceThrottler(),
53 
+    'principals/'
54 54 
 );
55 55 
 $authPlugin = new \Sabre\DAV\Auth\Plugin($authBackend);
56 56 
 $bearerAuthPlugin = new \OCA\DAV\Connector\Sabre\BearerAuth(
57 
-	\OC::$server->getUserSession(),
58 
-	\OC::$server->getSession(),
59 
-	\OC::$server->getRequest()
57 
+    \OC::$server->getUserSession(),
58 
+    \OC::$server->getSession(),
59 
+    \OC::$server->getRequest()
60 60 
 );
61 61 
 $authPlugin->addBackend($bearerAuthPlugin);
62 62
63 63 
 $requestUri = \OC::$server->getRequest()->getRequestUri();
64 64
65 65 
 $server = $serverFactory->createServer($baseuri, $requestUri, $authPlugin, function() {
66 
-	// use the view for the logged in user
67 
-	return \OC\Files\Filesystem::getView();
66 
+    // use the view for the logged in user
67 
+    return \OC\Files\Filesystem::getView();
68 68 
 });
69 69
70 70 
 // And off we go!
Please login to merge, or discard this patch.
apps/dav/lib/Connector/Sabre/ServerFactory.php 1 patch
Indentation   +145 added lines, -145 removed lines patch added patch discarded remove patch 
@@ -43,158 +43,158 @@
 
 block discarded – undo
43 43 
 use Sabre\DAV\Auth\Plugin;
44 44
45 45 
 class ServerFactory {
46 
-	/** @var IConfig */
47 
-	private $config;
48 
-	/** @var ILogger */
49 
-	private $logger;
50 
-	/** @var IDBConnection */
51 
-	private $databaseConnection;
52 
-	/** @var IUserSession */
53 
-	private $userSession;
54 
-	/** @var IMountManager */
55 
-	private $mountManager;
56 
-	/** @var ITagManager */
57 
-	private $tagManager;
58 
-	/** @var IRequest */
59 
-	private $request;
60 
-	/** @var IPreview  */
61 
-	private $previewManager;
46 
+    /** @var IConfig */
47 
+    private $config;
48 
+    /** @var ILogger */
49 
+    private $logger;
50 
+    /** @var IDBConnection */
51 
+    private $databaseConnection;
52 
+    /** @var IUserSession */
53 
+    private $userSession;
54 
+    /** @var IMountManager */
55 
+    private $mountManager;
56 
+    /** @var ITagManager */
57 
+    private $tagManager;
58 
+    /** @var IRequest */
59 
+    private $request;
60 
+    /** @var IPreview  */
61 
+    private $previewManager;
62 62
63 
-	/**
64 
-	 * @param IConfig $config
65 
-	 * @param ILogger $logger
66 
-	 * @param IDBConnection $databaseConnection
67 
-	 * @param IUserSession $userSession
68 
-	 * @param IMountManager $mountManager
69 
-	 * @param ITagManager $tagManager
70 
-	 * @param IRequest $request
71 
-	 * @param IPreview $previewManager
72 
-	 */
73 
-	public function __construct(
74 
-		IConfig $config,
75 
-		ILogger $logger,
76 
-		IDBConnection $databaseConnection,
77 
-		IUserSession $userSession,
78 
-		IMountManager $mountManager,
79 
-		ITagManager $tagManager,
80 
-		IRequest $request,
81 
-		IPreview $previewManager
82 
-	) {
83 
-		$this->config = $config;
84 
-		$this->logger = $logger;
85 
-		$this->databaseConnection = $databaseConnection;
86 
-		$this->userSession = $userSession;
87 
-		$this->mountManager = $mountManager;
88 
-		$this->tagManager = $tagManager;
89 
-		$this->request = $request;
90 
-		$this->previewManager = $previewManager;
91 
-	}
63 
+    /**
64 
+     * @param IConfig $config
65 
+     * @param ILogger $logger
66 
+     * @param IDBConnection $databaseConnection
67 
+     * @param IUserSession $userSession
68 
+     * @param IMountManager $mountManager
69 
+     * @param ITagManager $tagManager
70 
+     * @param IRequest $request
71 
+     * @param IPreview $previewManager
72 
+     */
73 
+    public function __construct(
74 
+        IConfig $config,
75 
+        ILogger $logger,
76 
+        IDBConnection $databaseConnection,
77 
+        IUserSession $userSession,
78 
+        IMountManager $mountManager,
79 
+        ITagManager $tagManager,
80 
+        IRequest $request,
81 
+        IPreview $previewManager
82 
+    ) {
83 
+        $this->config = $config;
84 
+        $this->logger = $logger;
85 
+        $this->databaseConnection = $databaseConnection;
86 
+        $this->userSession = $userSession;
87 
+        $this->mountManager = $mountManager;
88 
+        $this->tagManager = $tagManager;
89 
+        $this->request = $request;
90 
+        $this->previewManager = $previewManager;
91 
+    }
92 92
93 
-	/**
94 
-	 * @param string $baseUri
95 
-	 * @param string $requestUri
96 
-	 * @param Plugin $authPlugin
97 
-	 * @param callable $viewCallBack callback that should return the view for the dav endpoint
98 
-	 * @return Server
99 
-	 */
100 
-	public function createServer($baseUri,
101 
-								 $requestUri,
102 
-								 Plugin $authPlugin,
103 
-								 callable $viewCallBack) {
104 
-		// Fire up server
105 
-		$objectTree = new \OCA\DAV\Connector\Sabre\ObjectTree();
106 
-		$server = new \OCA\DAV\Connector\Sabre\Server($objectTree);
107 
-		// Set URL explicitly due to reverse-proxy situations
108 
-		$server->httpRequest->setUrl($requestUri);
109 
-		$server->setBaseUri($baseUri);
93 
+    /**
94 
+     * @param string $baseUri
95 
+     * @param string $requestUri
96 
+     * @param Plugin $authPlugin
97 
+     * @param callable $viewCallBack callback that should return the view for the dav endpoint
98 
+     * @return Server
99 
+     */
100 
+    public function createServer($baseUri,
101 
+                                    $requestUri,
102 
+                                    Plugin $authPlugin,
103 
+                                    callable $viewCallBack) {
104 
+        // Fire up server
105 
+        $objectTree = new \OCA\DAV\Connector\Sabre\ObjectTree();
106 
+        $server = new \OCA\DAV\Connector\Sabre\Server($objectTree);
107 
+        // Set URL explicitly due to reverse-proxy situations
108 
+        $server->httpRequest->setUrl($requestUri);
109 
+        $server->setBaseUri($baseUri);
110 110
111 
-		// Load plugins
112 
-		$server->addPlugin(new \OCA\DAV\Connector\Sabre\MaintenancePlugin($this->config));
113 
-		$server->addPlugin(new \OCA\DAV\Connector\Sabre\BlockLegacyClientPlugin($this->config));
114 
-		$server->addPlugin($authPlugin);
115 
-		// FIXME: The following line is a workaround for legacy components relying on being able to send a GET to /
116 
-		$server->addPlugin(new \OCA\DAV\Connector\Sabre\DummyGetResponsePlugin());
117 
-		$server->addPlugin(new \OCA\DAV\Connector\Sabre\ExceptionLoggerPlugin('webdav', $this->logger));
118 
-		$server->addPlugin(new \OCA\DAV\Connector\Sabre\LockPlugin());
119 
-		// Some WebDAV clients do require Class 2 WebDAV support (locking), since
120 
-		// we do not provide locking we emulate it using a fake locking plugin.
121 
-		if($this->request->isUserAgent([
122 
-				'/WebDAVFS/',
123 
-				'/Microsoft Office OneNote 2013/',
124 
-				'/Microsoft-WebDAV-MiniRedir/',
125 
-		])) {
126 
-			$server->addPlugin(new \OCA\DAV\Connector\Sabre\FakeLockerPlugin());
127 
-		}
111 
+        // Load plugins
112 
+        $server->addPlugin(new \OCA\DAV\Connector\Sabre\MaintenancePlugin($this->config));
113 
+        $server->addPlugin(new \OCA\DAV\Connector\Sabre\BlockLegacyClientPlugin($this->config));
114 
+        $server->addPlugin($authPlugin);
115 
+        // FIXME: The following line is a workaround for legacy components relying on being able to send a GET to /
116 
+        $server->addPlugin(new \OCA\DAV\Connector\Sabre\DummyGetResponsePlugin());
117 
+        $server->addPlugin(new \OCA\DAV\Connector\Sabre\ExceptionLoggerPlugin('webdav', $this->logger));
118 
+        $server->addPlugin(new \OCA\DAV\Connector\Sabre\LockPlugin());
119 
+        // Some WebDAV clients do require Class 2 WebDAV support (locking), since
120 
+        // we do not provide locking we emulate it using a fake locking plugin.
121 
+        if($this->request->isUserAgent([
122 
+                '/WebDAVFS/',
123 
+                '/Microsoft Office OneNote 2013/',
124 
+                '/Microsoft-WebDAV-MiniRedir/',
125 
+        ])) {
126 
+            $server->addPlugin(new \OCA\DAV\Connector\Sabre\FakeLockerPlugin());
127 
+        }
128 128
129 
-		if (BrowserErrorPagePlugin::isBrowserRequest($this->request)) {
130 
-			$server->addPlugin(new BrowserErrorPagePlugin());
131 
-		}
129 
+        if (BrowserErrorPagePlugin::isBrowserRequest($this->request)) {
130 
+            $server->addPlugin(new BrowserErrorPagePlugin());
131 
+        }
132 132
133 
-		// wait with registering these until auth is handled and the filesystem is setup
134 
-		$server->on('beforeMethod', function () use ($server, $objectTree, $viewCallBack) {
135 
-			// ensure the skeleton is copied
136 
-			$userFolder = \OC::$server->getUserFolder();
133 
+        // wait with registering these until auth is handled and the filesystem is setup
134 
+        $server->on('beforeMethod', function () use ($server, $objectTree, $viewCallBack) {
135 
+            // ensure the skeleton is copied
136 
+            $userFolder = \OC::$server->getUserFolder();
137 137
138 
-			/** @var \OC\Files\View $view */
139 
-			$view = $viewCallBack($server);
140 
-			if ($userFolder instanceof Folder && $userFolder->getPath() === $view->getRoot()) {
141 
-				$rootInfo = $userFolder;
142 
-			} else {
143 
-				$rootInfo = $view->getFileInfo('');
144 
-			}
138 
+            /** @var \OC\Files\View $view */
139 
+            $view = $viewCallBack($server);
140 
+            if ($userFolder instanceof Folder && $userFolder->getPath() === $view->getRoot()) {
141 
+                $rootInfo = $userFolder;
142 
+            } else {
143 
+                $rootInfo = $view->getFileInfo('');
144 
+            }
145 145
146 
-			// Create Nextcloud Dir
147 
-			if ($rootInfo->getType() === 'dir') {
148 
-				$root = new \OCA\DAV\Connector\Sabre\Directory($view, $rootInfo, $objectTree);
149 
-			} else {
150 
-				$root = new \OCA\DAV\Connector\Sabre\File($view, $rootInfo);
151 
-			}
152 
-			$objectTree->init($root, $view, $this->mountManager);
146 
+            // Create Nextcloud Dir
147 
+            if ($rootInfo->getType() === 'dir') {
148 
+                $root = new \OCA\DAV\Connector\Sabre\Directory($view, $rootInfo, $objectTree);
149 
+            } else {
150 
+                $root = new \OCA\DAV\Connector\Sabre\File($view, $rootInfo);
151 
+            }
152 
+            $objectTree->init($root, $view, $this->mountManager);
153 153
154 
-			$server->addPlugin(
155 
-				new \OCA\DAV\Connector\Sabre\FilesPlugin(
156 
-					$objectTree,
157 
-					$this->config,
158 
-					$this->request,
159 
-					$this->previewManager,
160 
-					false,
161 
-					!$this->config->getSystemValue('debug', false)
162 
-				)
163 
-			);
164 
-			$server->addPlugin(new \OCA\DAV\Connector\Sabre\QuotaPlugin($view));
154 
+            $server->addPlugin(
155 
+                new \OCA\DAV\Connector\Sabre\FilesPlugin(
156 
+                    $objectTree,
157 
+                    $this->config,
158 
+                    $this->request,
159 
+                    $this->previewManager,
160 
+                    false,
161 
+                    !$this->config->getSystemValue('debug', false)
162 
+                )
163 
+            );
164 
+            $server->addPlugin(new \OCA\DAV\Connector\Sabre\QuotaPlugin($view));
165 165
166 
-			if($this->userSession->isLoggedIn()) {
167 
-				$server->addPlugin(new \OCA\DAV\Connector\Sabre\TagsPlugin($objectTree, $this->tagManager));
168 
-				$server->addPlugin(new \OCA\DAV\Connector\Sabre\SharesPlugin(
169 
-					$objectTree,
170 
-					$this->userSession,
171 
-					$userFolder,
172 
-					\OC::$server->getShareManager()
173 
-				));
174 
-				$server->addPlugin(new \OCA\DAV\Connector\Sabre\CommentPropertiesPlugin(\OC::$server->getCommentsManager(), $this->userSession));
175 
-				$server->addPlugin(new \OCA\DAV\Connector\Sabre\FilesReportPlugin(
176 
-					$objectTree,
177 
-					$view,
178 
-					\OC::$server->getSystemTagManager(),
179 
-					\OC::$server->getSystemTagObjectMapper(),
180 
-					\OC::$server->getTagManager(),
181 
-					$this->userSession,
182 
-					\OC::$server->getGroupManager(),
183 
-					$userFolder
184 
-				));
185 
-				// custom properties plugin must be the last one
186 
-				$server->addPlugin(
187 
-					new \Sabre\DAV\PropertyStorage\Plugin(
188 
-						new \OCA\DAV\Connector\Sabre\CustomPropertiesBackend(
189 
-							$objectTree,
190 
-							$this->databaseConnection,
191 
-							$this->userSession->getUser()
192 
-						)
193 
-					)
194 
-				);
195 
-			}
196 
-			$server->addPlugin(new \OCA\DAV\Connector\Sabre\CopyEtagHeaderPlugin());
197 
-		}, 30); // priority 30: after auth (10) and acl(20), before lock(50) and handling the request
198 
-		return $server;
199 
-	}
166 
+            if($this->userSession->isLoggedIn()) {
167 
+                $server->addPlugin(new \OCA\DAV\Connector\Sabre\TagsPlugin($objectTree, $this->tagManager));
168 
+                $server->addPlugin(new \OCA\DAV\Connector\Sabre\SharesPlugin(
169 
+                    $objectTree,
170 
+                    $this->userSession,
171 
+                    $userFolder,
172 
+                    \OC::$server->getShareManager()
173 
+                ));
174 
+                $server->addPlugin(new \OCA\DAV\Connector\Sabre\CommentPropertiesPlugin(\OC::$server->getCommentsManager(), $this->userSession));
175 
+                $server->addPlugin(new \OCA\DAV\Connector\Sabre\FilesReportPlugin(
176 
+                    $objectTree,
177 
+                    $view,
178 
+                    \OC::$server->getSystemTagManager(),
179 
+                    \OC::$server->getSystemTagObjectMapper(),
180 
+                    \OC::$server->getTagManager(),
181 
+                    $this->userSession,
182 
+                    \OC::$server->getGroupManager(),
183 
+                    $userFolder
184 
+                ));
185 
+                // custom properties plugin must be the last one
186 
+                $server->addPlugin(
187 
+                    new \Sabre\DAV\PropertyStorage\Plugin(
188 
+                        new \OCA\DAV\Connector\Sabre\CustomPropertiesBackend(
189 
+                            $objectTree,
190 
+                            $this->databaseConnection,
191 
+                            $this->userSession->getUser()
192 
+                        )
193 
+                    )
194 
+                );
195 
+            }
196 
+            $server->addPlugin(new \OCA\DAV\Connector\Sabre\CopyEtagHeaderPlugin());
197 
+        }, 30); // priority 30: after auth (10) and acl(20), before lock(50) and handling the request
198 
+        return $server;
199 
+    }
200 200 
 }
Please login to merge, or discard this patch.
apps/dav/lib/Connector/Sabre/BearerAuth.php 1 patch
Indentation   +44 added lines, -44 removed lines patch added patch discarded remove patch 
@@ -27,54 +27,54 @@
 
 block discarded – undo
27 27 
 use Sabre\DAV\Auth\Backend\AbstractBearer;
28 28
29 29 
 class BearerAuth extends AbstractBearer {
30 
-	/** @var IUserSession */
31 
-	private $userSession;
32 
-	/** @var ISession */
33 
-	private $session;
34 
-	/** @var IRequest */
35 
-	private $request;
36 
-	/** @var string */
37 
-	private $principalPrefix;
30 
+    /** @var IUserSession */
31 
+    private $userSession;
32 
+    /** @var ISession */
33 
+    private $session;
34 
+    /** @var IRequest */
35 
+    private $request;
36 
+    /** @var string */
37 
+    private $principalPrefix;
38 38
39 
-	/**
40 
-	 * @param IUserSession $userSession
41 
-	 * @param ISession $session
42 
-	 * @param string $principalPrefix
43 
-	 * @param IRequest $request
44 
-	 */
45 
-	public function __construct(IUserSession $userSession,
46 
-								ISession $session,
47 
-								IRequest $request,
48 
-								$principalPrefix = 'principals/users/') {
49 
-		$this->userSession = $userSession;
50 
-		$this->session = $session;
51 
-		$this->request = $request;
52 
-		$this->principalPrefix = $principalPrefix;
39 
+    /**
40 
+     * @param IUserSession $userSession
41 
+     * @param ISession $session
42 
+     * @param string $principalPrefix
43 
+     * @param IRequest $request
44 
+     */
45 
+    public function __construct(IUserSession $userSession,
46 
+                                ISession $session,
47 
+                                IRequest $request,
48 
+                                $principalPrefix = 'principals/users/') {
49 
+        $this->userSession = $userSession;
50 
+        $this->session = $session;
51 
+        $this->request = $request;
52 
+        $this->principalPrefix = $principalPrefix;
53 53
54 
-		// setup realm
55 
-		$defaults = new \OCP\Defaults();
56 
-		$this->realm = $defaults->getName();
57 
-	}
54 
+        // setup realm
55 
+        $defaults = new \OCP\Defaults();
56 
+        $this->realm = $defaults->getName();
57 
+    }
58 58
59 
-	private function setupUserFs($userId) {
60 
-		\OC_Util::setupFS($userId);
61 
-		$this->session->close();
62 
-		return $this->principalPrefix . $userId;
63 
-	}
59 
+    private function setupUserFs($userId) {
60 
+        \OC_Util::setupFS($userId);
61 
+        $this->session->close();
62 
+        return $this->principalPrefix . $userId;
63 
+    }
64 64
65 
-	/**
66 
-	 * {@inheritdoc}
67 
-	 */
68 
-	public function validateBearerToken($bearerToken) {
69 
-		\OC_Util::setupFS();
65 
+    /**
66 
+     * {@inheritdoc}
67 
+     */
68 
+    public function validateBearerToken($bearerToken) {
69 
+        \OC_Util::setupFS();
70 70
71 
-		if(!$this->userSession->isLoggedIn()) {
72 
-			$this->userSession->tryTokenLogin($this->request);
73 
-		}
74 
-		if($this->userSession->isLoggedIn()) {
75 
-			return $this->setupUserFs($this->userSession->getUser()->getUID());
76 
-		}
71 
+        if(!$this->userSession->isLoggedIn()) {
72 
+            $this->userSession->tryTokenLogin($this->request);
73 
+        }
74 
+        if($this->userSession->isLoggedIn()) {
75 
+            return $this->setupUserFs($this->userSession->getUser()->getUID());
76 
+        }
77 77
78 
-		return false;
79 
-	}
78 
+        return false;
79 
+    }
80 80 
 }
Please login to merge, or discard this patch.