TrustedServers.php 6.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279
  1. <?php
  2. /**
  3. * @copyright Copyright (c) 2016, ownCloud, Inc.
  4. *
  5. * @author Björn Schießle <bjoern@schiessle.org>
  6. * @author Morris Jobke <hey@morrisjobke.de>
  7. * @author Roeland Jago Douma <roeland@famdouma.nl>
  8. * @author Thomas Müller <thomas.mueller@tmit.eu>
  9. *
  10. * @license AGPL-3.0
  11. *
  12. * This code is free software: you can redistribute it and/or modify
  13. * it under the terms of the GNU Affero General Public License, version 3,
  14. * as published by the Free Software Foundation.
  15. *
  16. * This program is distributed in the hope that it will be useful,
  17. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  18. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  19. * GNU Affero General Public License for more details.
  20. *
  21. * You should have received a copy of the GNU Affero General Public License, version 3,
  22. * along with this program. If not, see <http://www.gnu.org/licenses/>
  23. *
  24. */
  25. namespace OCA\Federation;
  26. use OC\HintException;
  27. use OCP\AppFramework\Http;
  28. use OCP\BackgroundJob\IJobList;
  29. use OCP\Http\Client\IClientService;
  30. use OCP\IConfig;
  31. use OCP\ILogger;
  32. use OCP\Security\ISecureRandom;
  33. use Symfony\Component\EventDispatcher\EventDispatcherInterface;
  34. use Symfony\Component\EventDispatcher\GenericEvent;
  35. class TrustedServers {
  36. /** after a user list was exchanged at least once successfully */
  37. const STATUS_OK = 1;
  38. /** waiting for shared secret or initial user list exchange */
  39. const STATUS_PENDING = 2;
  40. /** something went wrong, misconfigured server, software bug,... user interaction needed */
  41. const STATUS_FAILURE = 3;
  42. /** remote server revoked access */
  43. const STATUS_ACCESS_REVOKED = 4;
  44. /** @var dbHandler */
  45. private $dbHandler;
  46. /** @var IClientService */
  47. private $httpClientService;
  48. /** @var ILogger */
  49. private $logger;
  50. /** @var IJobList */
  51. private $jobList;
  52. /** @var ISecureRandom */
  53. private $secureRandom;
  54. /** @var IConfig */
  55. private $config;
  56. /** @var EventDispatcherInterface */
  57. private $dispatcher;
  58. /**
  59. * @param DbHandler $dbHandler
  60. * @param IClientService $httpClientService
  61. * @param ILogger $logger
  62. * @param IJobList $jobList
  63. * @param ISecureRandom $secureRandom
  64. * @param IConfig $config
  65. * @param EventDispatcherInterface $dispatcher
  66. */
  67. public function __construct(
  68. DbHandler $dbHandler,
  69. IClientService $httpClientService,
  70. ILogger $logger,
  71. IJobList $jobList,
  72. ISecureRandom $secureRandom,
  73. IConfig $config,
  74. EventDispatcherInterface $dispatcher
  75. ) {
  76. $this->dbHandler = $dbHandler;
  77. $this->httpClientService = $httpClientService;
  78. $this->logger = $logger;
  79. $this->jobList = $jobList;
  80. $this->secureRandom = $secureRandom;
  81. $this->config = $config;
  82. $this->dispatcher = $dispatcher;
  83. }
  84. /**
  85. * add server to the list of trusted servers
  86. *
  87. * @param $url
  88. * @return int server id
  89. */
  90. public function addServer($url) {
  91. $url = $this->updateProtocol($url);
  92. $result = $this->dbHandler->addServer($url);
  93. if ($result) {
  94. $token = $this->secureRandom->generate(16);
  95. $this->dbHandler->addToken($url, $token);
  96. $this->jobList->add(
  97. 'OCA\Federation\BackgroundJob\RequestSharedSecret',
  98. [
  99. 'url' => $url,
  100. 'token' => $token
  101. ]
  102. );
  103. }
  104. return $result;
  105. }
  106. /**
  107. * enable/disable to automatically add servers to the list of trusted servers
  108. * once a federated share was created and accepted successfully
  109. *
  110. * @param bool $status
  111. */
  112. public function setAutoAddServers($status) {
  113. $value = $status ? '1' : '0';
  114. $this->config->setAppValue('federation', 'autoAddServers', $value);
  115. }
  116. /**
  117. * return if we automatically add servers to the list of trusted servers
  118. * once a federated share was created and accepted successfully
  119. *
  120. * @return bool
  121. */
  122. public function getAutoAddServers() {
  123. $value = $this->config->getAppValue('federation', 'autoAddServers', '1');
  124. return $value === '1';
  125. }
  126. /**
  127. * get shared secret for the given server
  128. *
  129. * @param string $url
  130. * @return string
  131. */
  132. public function getSharedSecret($url) {
  133. return $this->dbHandler->getSharedSecret($url);
  134. }
  135. /**
  136. * add shared secret for the given server
  137. *
  138. * @param string $url
  139. * @param $sharedSecret
  140. */
  141. public function addSharedSecret($url, $sharedSecret) {
  142. $this->dbHandler->addSharedSecret($url, $sharedSecret);
  143. }
  144. /**
  145. * remove server from the list of trusted servers
  146. *
  147. * @param int $id
  148. */
  149. public function removeServer($id) {
  150. $server = $this->dbHandler->getServerById($id);
  151. $this->dbHandler->removeServer($id);
  152. $event = new GenericEvent($server['url_hash']);
  153. $this->dispatcher->dispatch('OCP\Federation\TrustedServerEvent::remove', $event);
  154. }
  155. /**
  156. * get all trusted servers
  157. *
  158. * @return array
  159. */
  160. public function getServers() {
  161. return $this->dbHandler->getAllServer();
  162. }
  163. /**
  164. * check if given server is a trusted ownCloud server
  165. *
  166. * @param string $url
  167. * @return bool
  168. */
  169. public function isTrustedServer($url) {
  170. return $this->dbHandler->serverExists($url);
  171. }
  172. /**
  173. * set server status
  174. *
  175. * @param string $url
  176. * @param int $status
  177. */
  178. public function setServerStatus($url, $status) {
  179. $this->dbHandler->setServerStatus($url, $status);
  180. }
  181. /**
  182. * @param string $url
  183. * @return int
  184. */
  185. public function getServerStatus($url) {
  186. return $this->dbHandler->getServerStatus($url);
  187. }
  188. /**
  189. * check if URL point to a ownCloud/Nextcloud server
  190. *
  191. * @param string $url
  192. * @return bool
  193. */
  194. public function isOwnCloudServer($url) {
  195. $isValidOwnCloud = false;
  196. $client = $this->httpClientService->newClient();
  197. try {
  198. $result = $client->get(
  199. $url . '/status.php',
  200. [
  201. 'timeout' => 3,
  202. 'connect_timeout' => 3,
  203. ]
  204. );
  205. if ($result->getStatusCode() === Http::STATUS_OK) {
  206. $isValidOwnCloud = $this->checkOwnCloudVersion($result->getBody());
  207. }
  208. } catch (\Exception $e) {
  209. $this->logger->debug('No Nextcloud server: ' . $e->getMessage());
  210. return false;
  211. }
  212. return $isValidOwnCloud;
  213. }
  214. /**
  215. * check if ownCloud version is >= 9.0
  216. *
  217. * @param $status
  218. * @return bool
  219. * @throws HintException
  220. */
  221. protected function checkOwnCloudVersion($status) {
  222. $decoded = json_decode($status, true);
  223. if (!empty($decoded) && isset($decoded['version'])) {
  224. if (!version_compare($decoded['version'], '9.0.0', '>=')) {
  225. throw new HintException('Remote server version is too low. 9.0 is required.');
  226. }
  227. return true;
  228. }
  229. return false;
  230. }
  231. /**
  232. * check if the URL contain a protocol, if not add https
  233. *
  234. * @param string $url
  235. * @return string
  236. */
  237. protected function updateProtocol($url) {
  238. if (
  239. strpos($url, 'https://') === 0
  240. || strpos($url, 'http://') === 0
  241. ) {
  242. return $url;
  243. }
  244. return 'https://' . $url;
  245. }
  246. }