Issues in RequestHandlerController.php (master) - Issues in master - nextcloud/server - Measure and Improve Code Quality continuously with Scrutinizer

Issues (2553)

lib/Controller/RequestHandlerController.php (4 issues)

Labels

Severity

<?php
/**
 * @copyright Copyright (c) 2018 Bjoern Schiessle <[email protected]>
 *
 * @author Bjoern Schiessle <[email protected]>
 * @author Christoph Wurst <[email protected]>
 * @author Roeland Jago Douma <[email protected]>
 *
 * @license GNU AGPL version 3 or any later version
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program. If not, see <http://www.gnu.org/licenses/>.
 *
 */
namespace OCA\CloudFederationAPI\Controller;

use OCA\CloudFederationAPI\Config;
use OCP\AppFramework\Controller;
use OCP\AppFramework\Http;
use OCP\AppFramework\Http\JSONResponse;
use OCP\Federation\Exceptions\ActionNotSupportedException;
use OCP\Federation\Exceptions\AuthenticationFailedException;
use OCP\Federation\Exceptions\BadRequestException;
use OCP\Federation\Exceptions\ProviderCouldNotAddShareException;
use OCP\Federation\Exceptions\ProviderDoesNotExistsException;
use OCP\Federation\ICloudFederationFactory;
use OCP\Federation\ICloudFederationProviderManager;
use OCP\Federation\ICloudIdManager;
use OCP\IGroupManager;
use OCP\IRequest;
use OCP\IURLGenerator;
use OCP\IUserManager;
use OCP\Share\Exceptions\ShareNotFound;
use Psr\Log\LoggerInterface;

/**
 * Class RequestHandlerController
 *
 * handle API between different Cloud instances
 *
 * @package OCA\CloudFederationAPI\Controller
 */
class RequestHandlerController extends Controller {

	/** @var LoggerInterface */
	private $logger;

	/** @var IUserManager */
	private $userManager;

	/** @var IGroupManager */
	private $groupManager;

	/** @var IURLGenerator */
	private $urlGenerator;

	/** @var ICloudFederationProviderManager */
	private $cloudFederationProviderManager;

	/** @var Config */
	private $config;

	/** @var ICloudFederationFactory */
	private $factory;

	/** @var ICloudIdManager */
	private $cloudIdManager;

	public function __construct($appName,
								IRequest $request,
								LoggerInterface $logger,
								IUserManager $userManager,
								IGroupManager $groupManager,
								IURLGenerator $urlGenerator,
								ICloudFederationProviderManager $cloudFederationProviderManager,
								Config $config,
								ICloudFederationFactory $factory,
								ICloudIdManager $cloudIdManager
	) {
		parent::__construct($appName, $request);

		$this->logger = $logger;
		$this->userManager = $userManager;
		$this->groupManager = $groupManager;
		$this->urlGenerator = $urlGenerator;
		$this->cloudFederationProviderManager = $cloudFederationProviderManager;
		$this->config = $config;
		$this->factory = $factory;
		$this->cloudIdManager = $cloudIdManager;
	}

	/**
	 * add share
	 *
	 * @NoCSRFRequired
	 * @PublicPage
	 * @BruteForceProtection(action=receiveFederatedShare)
	 *
	 * @param string $shareWith
	 * @param string $name resource name (e.g. document.odt)
	 * @param string $description share description (optional)
	 * @param string $providerId resource UID on the provider side
	 * @param string $owner provider specific UID of the user who owns the resource
	 * @param string $ownerDisplayName display name of the user who shared the item
	 * @param string $sharedBy provider specific UID of the user who shared the resource
	 * @param string $sharedByDisplayName display name of the user who shared the resource
	 * @param array $protocol (e,.g. ['name' => 'webdav', 'options' => ['username' => 'john', 'permissions' => 31]])
	 * @param string $shareType ('group' or 'user' share)
	 * @param $resourceType ('file', 'calendar',...)

	 * @return Http\DataResponse|JSONResponse
	 *
	 * Example: curl -H "Content-Type: application/json" -X POST -d '{"shareWith":"admin1@serve1","name":"welcome server2.txt","description":"desc","providerId":"2","owner":"admin2@http://localhost/server2","ownerDisplayName":"admin2 display","shareType":"user","resourceType":"file","protocol":{"name":"webdav","options":{"sharedSecret":"secret","permissions":"webdav-property"}}}' http://localhost/server/index.php/ocm/shares
	 */
	public function addShare($shareWith, $name, $description, $providerId, $owner, $ownerDisplayName, $sharedBy, $sharedByDisplayName, $protocol, $shareType, $resourceType) {

		// check if all required parameters are set
		if ($shareWith === null ||
			$name === null ||
			$providerId === null ||
			$owner === null ||
			$resourceType === null ||
			$shareType === null ||
			!is_array($protocol) ||
			!isset($protocol['name']) ||
			!isset($protocol['options']) ||
			!is_array($protocol['options']) ||
			!isset($protocol['options']['sharedSecret'])
		) {
			return new JSONResponse(
				['message' => 'Missing arguments'],
				Http::STATUS_BAD_REQUEST
			);
		}

		$supportedShareTypes = $this->config->getSupportedShareTypes($resourceType);
		if (!in_array($shareType, $supportedShareTypes)) {
			return new JSONResponse(
				['message' => 'Share type "' . $shareType . '" not implemented'],
				Http::STATUS_NOT_IMPLEMENTED
			);
		}

		$cloudId = $this->cloudIdManager->resolveCloudId($shareWith);
		$shareWith = $cloudId->getUser();

		if ($shareType === 'user') {
			$shareWith = $this->mapUid($shareWith);

			if (!$this->userManager->userExists($shareWith)) {
				$response = new JSONResponse(
					['message' => 'User "' . $shareWith . '" does not exists at ' . $this->urlGenerator->getBaseUrl()],
					Http::STATUS_BAD_REQUEST
				);
				$response->throttle();
				return $response;
			}
		}

		if ($shareType === 'group') {
			if (!$this->groupManager->groupExists($shareWith)) {
				$response = new JSONResponse(
					['message' => 'Group "' . $shareWith . '" does not exists at ' . $this->urlGenerator->getBaseUrl()],
					Http::STATUS_BAD_REQUEST
				);
				$response->throttle();
				return $response;
			}
		}

		// if no explicit display name is given, we use the uid as display name
		$ownerDisplayName = $ownerDisplayName === null ? $owner : $ownerDisplayName;
		$sharedByDisplayName = $sharedByDisplayName === null ? $sharedBy : $sharedByDisplayName;

		// sharedBy* parameter is optional, if nothing is set we assume that it is the same user as the owner
		if ($sharedBy === null) {
			$sharedBy = $owner;
			$sharedByDisplayName = $ownerDisplayName;
		}

		try {
			$provider = $this->cloudFederationProviderManager->getCloudFederationProvider($resourceType);
			$share = $this->factory->getCloudFederationShare($shareWith, $name, $description, $providerId, $owner, $ownerDisplayName, $sharedBy, $sharedByDisplayName, '', $shareType, $resourceType);
			$share->setProtocol($protocol);
			$provider->shareReceived($share);
		} catch (ProviderDoesNotExistsException $e) {
			return new JSONResponse(
				['message' => $e->getMessage()],
				Http::STATUS_NOT_IMPLEMENTED
			);
		} catch (ProviderCouldNotAddShareException $e) {
			return new JSONResponse(
				['message' => $e->getMessage()],
				$e->getCode()
			);
		} catch (\Exception $e) {
			$this->logger->error($e->getMessage(), ['exception' => $e]);
			return new JSONResponse(
				['message' => 'Internal error at ' . $this->urlGenerator->getBaseUrl()],
				Http::STATUS_BAD_REQUEST
			);
		}

		$user = $this->userManager->get($shareWith);
		$recipientDisplayName = '';
		if ($user) {
			$recipientDisplayName = $user->getDisplayName();
		}

		return new JSONResponse(
			['recipientDisplayName' => $recipientDisplayName],
			Http::STATUS_CREATED);
	}

	/**
	 * receive notification about existing share
	 *
	 * @NoCSRFRequired
	 * @PublicPage
	 * @BruteForceProtection(action=receiveFederatedShareNotification)
	 *
	 * @param string $notificationType (notification type, e.g. SHARE_ACCEPTED)
	 * @param string $resourceType (calendar, file, contact,...)
	 * @param string $providerId id of the share
	 * @param array $notification the actual payload of the notification
	 * @return JSONResponse
	 */
	public function receiveNotification($notificationType, $resourceType, $providerId, array $notification) {

		// check if all required parameters are set
		if ($notificationType === null ||
			$resourceType === null ||

			$providerId === null ||

			!is_array($notification)

		) {
			return new JSONResponse(
				['message' => 'Missing arguments'],
				Http::STATUS_BAD_REQUEST
			);
		}

		try {
			$provider = $this->cloudFederationProviderManager->getCloudFederationProvider($resourceType);
			$result = $provider->notificationReceived($notificationType, $providerId, $notification);
		} catch (ProviderDoesNotExistsException $e) {
			return new JSONResponse(
				['message' => $e->getMessage()],
				Http::STATUS_BAD_REQUEST
			);
		} catch (ShareNotFound $e) {
			$response = new JSONResponse(
				['message' => $e->getMessage()],
				Http::STATUS_BAD_REQUEST
			);
			$response->throttle();
			return $response;
		} catch (ActionNotSupportedException $e) {
			return new JSONResponse(
				['message' => $e->getMessage()],
				Http::STATUS_NOT_IMPLEMENTED
			);
		} catch (BadRequestException $e) {
			return new JSONResponse($e->getReturnMessage(), Http::STATUS_BAD_REQUEST);
		} catch (AuthenticationFailedException $e) {
			$response = new JSONResponse(['message' => 'RESOURCE_NOT_FOUND'], Http::STATUS_FORBIDDEN);
			$response->throttle();
			return $response;
		} catch (\Exception $e) {
			return new JSONResponse(
				['message' => 'Internal error at ' . $this->urlGenerator->getBaseUrl()],
				Http::STATUS_BAD_REQUEST
			);
		}

		return new JSONResponse($result,Http::STATUS_CREATED);
	}

	/**
	 * map login name to internal LDAP UID if a LDAP backend is in use
	 *
	 * @param string $uid
	 * @return string mixed
	 */
	private function mapUid($uid) {
		// FIXME this should be a method in the user management instead
		$this->logger->debug('shareWith before, ' . $uid, ['app' => $this->appName]);
		\OCP\Util::emitHook(
			'\OCA\Files_Sharing\API\Server2Server',
			'preLoginNameUsedAsUserName',
			['uid' => &$uid]
		);
		$this->logger->debug('shareWith after, ' . $uid, ['app' => $this->appName]);

		return $uid;
	}
}


1			<?php
2			/**
3			* @copyright Copyright (c) 2018 Bjoern Schiessle <[email protected]>
4			*
5			* @author Bjoern Schiessle <[email protected]>
6			* @author Christoph Wurst <[email protected]>
7			* @author Roeland Jago Douma <[email protected]>
8			*
9			* @license GNU AGPL version 3 or any later version
10			*
11			* This program is free software: you can redistribute it and/or modify
12			* it under the terms of the GNU Affero General Public License as
13			* published by the Free Software Foundation, either version 3 of the
14			* License, or (at your option) any later version.
15			*
16			* This program is distributed in the hope that it will be useful,
17			* but WITHOUT ANY WARRANTY; without even the implied warranty of
18			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19			* GNU Affero General Public License for more details.
20			*
21			* You should have received a copy of the GNU Affero General Public License
22			* along with this program. If not, see <http://www.gnu.org/licenses/>.
23			*
24			*/
25			namespace OCA\CloudFederationAPI\Controller;
26
27			use OCA\CloudFederationAPI\Config;
28			use OCP\AppFramework\Controller;
29			use OCP\AppFramework\Http;
30			use OCP\AppFramework\Http\JSONResponse;
31			use OCP\Federation\Exceptions\ActionNotSupportedException;
32			use OCP\Federation\Exceptions\AuthenticationFailedException;
33			use OCP\Federation\Exceptions\BadRequestException;
34			use OCP\Federation\Exceptions\ProviderCouldNotAddShareException;
35			use OCP\Federation\Exceptions\ProviderDoesNotExistsException;
36			use OCP\Federation\ICloudFederationFactory;
37			use OCP\Federation\ICloudFederationProviderManager;
38			use OCP\Federation\ICloudIdManager;
39			use OCP\IGroupManager;
40			use OCP\IRequest;
41			use OCP\IURLGenerator;
42			use OCP\IUserManager;
43			use OCP\Share\Exceptions\ShareNotFound;
44			use Psr\Log\LoggerInterface;
45
46			/**
47			* Class RequestHandlerController
48			*
49			* handle API between different Cloud instances
50			*
51			* @package OCA\CloudFederationAPI\Controller
52			*/
53			class RequestHandlerController extends Controller {
54
55			/** @var LoggerInterface */
56			private $logger;
57
58			/** @var IUserManager */
59			private $userManager;
60
61			/** @var IGroupManager */
62			private $groupManager;
63
64			/** @var IURLGenerator */
65			private $urlGenerator;
66
67			/** @var ICloudFederationProviderManager */
68			private $cloudFederationProviderManager;
69
70			/** @var Config */
71			private $config;
72
73			/** @var ICloudFederationFactory */
74			private $factory;
75
76			/** @var ICloudIdManager */
77			private $cloudIdManager;
78
79			public function __construct($appName,
80			IRequest $request,
81			LoggerInterface $logger,
82			IUserManager $userManager,
83			IGroupManager $groupManager,
84			IURLGenerator $urlGenerator,
85			ICloudFederationProviderManager $cloudFederationProviderManager,
86			Config $config,
87			ICloudFederationFactory $factory,
88			ICloudIdManager $cloudIdManager
89			) {
90			parent::__construct($appName, $request);
91
92			$this->logger = $logger;
93			$this->userManager = $userManager;
94			$this->groupManager = $groupManager;
95			$this->urlGenerator = $urlGenerator;
96			$this->cloudFederationProviderManager = $cloudFederationProviderManager;
97			$this->config = $config;
98			$this->factory = $factory;
99			$this->cloudIdManager = $cloudIdManager;
100			}
101
102			/**
103			* add share
104			*
105			* @NoCSRFRequired
106			* @PublicPage
107			* @BruteForceProtection(action=receiveFederatedShare)
108			*
109			* @param string $shareWith
110			* @param string $name resource name (e.g. document.odt)
111			* @param string $description share description (optional)
112			* @param string $providerId resource UID on the provider side
113			* @param string $owner provider specific UID of the user who owns the resource
114			* @param string $ownerDisplayName display name of the user who shared the item
115			* @param string $sharedBy provider specific UID of the user who shared the resource
116			* @param string $sharedByDisplayName display name of the user who shared the resource
117			* @param array $protocol (e,.g. ['name' => 'webdav', 'options' => ['username' => 'john', 'permissions' => 31]])
118			* @param string $shareType ('group' or 'user' share)
119			* @param $resourceType ('file', 'calendar',...)
			0 ignored issues – show Documentation Bug introduced 2018-10-24 12:40 UTC by Report Bug Copy Issue Report Show Similar Issues like this The doc comment `('file', 'calendar',...)` at position `1` could not be parsed: Unknown type name ''file'' at position 1 in ('file', 'calendar',...). Loading history...
120			* @return Http\DataResponse\|JSONResponse
121			*
122			* Example: curl -H "Content-Type: application/json" -X POST -d '{"shareWith":"admin1@serve1","name":"welcome server2.txt","description":"desc","providerId":"2","owner":"admin2@http://localhost/server2","ownerDisplayName":"admin2 display","shareType":"user","resourceType":"file","protocol":{"name":"webdav","options":{"sharedSecret":"secret","permissions":"webdav-property"}}}' http://localhost/server/index.php/ocm/shares
123			*/
124			public function addShare($shareWith, $name, $description, $providerId, $owner, $ownerDisplayName, $sharedBy, $sharedByDisplayName, $protocol, $shareType, $resourceType) {
125
126			// check if all required parameters are set
127			if ($shareWith === null \|\|
128			$name === null \|\|
129			$providerId === null \|\|
130			$owner === null \|\|
131			$resourceType === null \|\|
132			$shareType === null \|\|
133			!is_array($protocol) \|\|
134			!isset($protocol['name']) \|\|
135			!isset($protocol['options']) \|\|
136			!is_array($protocol['options']) \|\|
137			!isset($protocol['options']['sharedSecret'])
138			) {
139			return new JSONResponse(
140			['message' => 'Missing arguments'],
141			Http::STATUS_BAD_REQUEST
142			);
143			}
144
145			$supportedShareTypes = $this->config->getSupportedShareTypes($resourceType);
146			if (!in_array($shareType, $supportedShareTypes)) {
147			return new JSONResponse(
148			['message' => 'Share type "' . $shareType . '" not implemented'],
149			Http::STATUS_NOT_IMPLEMENTED
150			);
151			}
152
153			$cloudId = $this->cloudIdManager->resolveCloudId($shareWith);
154			$shareWith = $cloudId->getUser();
155
156			if ($shareType === 'user') {
157			$shareWith = $this->mapUid($shareWith);
158
159			if (!$this->userManager->userExists($shareWith)) {
160			$response = new JSONResponse(
161			['message' => 'User "' . $shareWith . '" does not exists at ' . $this->urlGenerator->getBaseUrl()],
162			Http::STATUS_BAD_REQUEST
163			);
164			$response->throttle();
165			return $response;
166			}
167			}
168
169			if ($shareType === 'group') {
170			if (!$this->groupManager->groupExists($shareWith)) {
171			$response = new JSONResponse(
172			['message' => 'Group "' . $shareWith . '" does not exists at ' . $this->urlGenerator->getBaseUrl()],
173			Http::STATUS_BAD_REQUEST
174			);
175			$response->throttle();
176			return $response;
177			}
178			}
179
180			// if no explicit display name is given, we use the uid as display name
181			$ownerDisplayName = $ownerDisplayName === null ? $owner : $ownerDisplayName;
182			$sharedByDisplayName = $sharedByDisplayName === null ? $sharedBy : $sharedByDisplayName;
183
184			// sharedBy* parameter is optional, if nothing is set we assume that it is the same user as the owner
185			if ($sharedBy === null) {
186			$sharedBy = $owner;
187			$sharedByDisplayName = $ownerDisplayName;
188			}
189
190			try {
191			$provider = $this->cloudFederationProviderManager->getCloudFederationProvider($resourceType);
192			$share = $this->factory->getCloudFederationShare($shareWith, $name, $description, $providerId, $owner, $ownerDisplayName, $sharedBy, $sharedByDisplayName, '', $shareType, $resourceType);
193			$share->setProtocol($protocol);
194			$provider->shareReceived($share);
195			} catch (ProviderDoesNotExistsException $e) {
196			return new JSONResponse(
197			['message' => $e->getMessage()],
198			Http::STATUS_NOT_IMPLEMENTED
199			);
200			} catch (ProviderCouldNotAddShareException $e) {
201			return new JSONResponse(
202			['message' => $e->getMessage()],
203			$e->getCode()
204			);
205			} catch (\Exception $e) {
206			$this->logger->error($e->getMessage(), ['exception' => $e]);
207			return new JSONResponse(
208			['message' => 'Internal error at ' . $this->urlGenerator->getBaseUrl()],
209			Http::STATUS_BAD_REQUEST
210			);
211			}
212
213			$user = $this->userManager->get($shareWith);
214			$recipientDisplayName = '';
215			if ($user) {
216			$recipientDisplayName = $user->getDisplayName();
217			}
218
219			return new JSONResponse(
220			['recipientDisplayName' => $recipientDisplayName],
221			Http::STATUS_CREATED);
222			}
223
224			/**
225			* receive notification about existing share
226			*
227			* @NoCSRFRequired
228			* @PublicPage
229			* @BruteForceProtection(action=receiveFederatedShareNotification)
230			*
231			* @param string $notificationType (notification type, e.g. SHARE_ACCEPTED)
232			* @param string $resourceType (calendar, file, contact,...)
233			* @param string $providerId id of the share
234			* @param array $notification the actual payload of the notification
235			* @return JSONResponse
236			*/
237			public function receiveNotification($notificationType, $resourceType, $providerId, array $notification) {
238
239			// check if all required parameters are set
240			if ($notificationType === null \|\|
241			$resourceType === null \|\|
			0 ignored issues – show introduced 2018-10-24 12:40 UTC by Report Bug Copy Issue Report Show Similar Issues like this The condition `$resourceType === null` is always `false`. Loading history...
242			$providerId === null \|\|
			0 ignored issues – show introduced 2018-10-24 12:40 UTC by Report Bug Copy Issue Report Show Similar Issues like this The condition `$providerId === null` is always `false`. Loading history...
243			!is_array($notification)
			0 ignored issues – show introduced 2018-10-24 12:40 UTC by Report Bug Copy Issue Report Show Similar Issues like this The condition `is_array($notification)` is always `true`. Loading history...
244			) {
245			return new JSONResponse(
246			['message' => 'Missing arguments'],
247			Http::STATUS_BAD_REQUEST
248			);
249			}
250
251			try {
252			$provider = $this->cloudFederationProviderManager->getCloudFederationProvider($resourceType);
253			$result = $provider->notificationReceived($notificationType, $providerId, $notification);
254			} catch (ProviderDoesNotExistsException $e) {
255			return new JSONResponse(
256			['message' => $e->getMessage()],
257			Http::STATUS_BAD_REQUEST
258			);
259			} catch (ShareNotFound $e) {
260			$response = new JSONResponse(
261			['message' => $e->getMessage()],
262			Http::STATUS_BAD_REQUEST
263			);
264			$response->throttle();
265			return $response;
266			} catch (ActionNotSupportedException $e) {
267			return new JSONResponse(
268			['message' => $e->getMessage()],
269			Http::STATUS_NOT_IMPLEMENTED
270			);
271			} catch (BadRequestException $e) {
272			return new JSONResponse($e->getReturnMessage(), Http::STATUS_BAD_REQUEST);
273			} catch (AuthenticationFailedException $e) {
274			$response = new JSONResponse(['message' => 'RESOURCE_NOT_FOUND'], Http::STATUS_FORBIDDEN);
275			$response->throttle();
276			return $response;
277			} catch (\Exception $e) {
278			return new JSONResponse(
279			['message' => 'Internal error at ' . $this->urlGenerator->getBaseUrl()],
280			Http::STATUS_BAD_REQUEST
281			);
282			}
283
284			return new JSONResponse($result,Http::STATUS_CREATED);
285			}
286
287			/**
288			* map login name to internal LDAP UID if a LDAP backend is in use
289			*
290			* @param string $uid
291			* @return string mixed
292			*/
293			private function mapUid($uid) {
294			// FIXME this should be a method in the user management instead
295			$this->logger->debug('shareWith before, ' . $uid, ['app' => $this->appName]);
296			\OCP\Util::emitHook(
297			'\OCA\Files_Sharing\API\Server2Server',
298			'preLoginNameUsedAsUserName',
299			['uid' => &$uid]
300			);
301			$this->logger->debug('shareWith after, ' . $uid, ['app' => $this->appName]);
302
303			return $uid;
304			}
305			}
306

nextcloud / server

Issues (2553)

lib/Controller/RequestHandlerController.php (4 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like