upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-05-28 04:32:30 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 25

Use true random string as uri for public calendars - as a result we can no longer return the pre-publish-url

Browse source
This commit is contained in:
Thomas Müller 2016-09-03 10:52:05 +02:00 committed by Lukas Reschke
parent 4659e3ab59
commit d884370844
No known key found for this signature in database
GPG key ID: B9F6980CF6E759B1
11 changed files with 74 additions and 48 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
apps/dav/appinfo/v1/caldav.php
View file

@ -47,7 +47,9 @@ $principalBackend = new Principal(
);
$db = \OC::$server->getDatabaseConnection();
$config = \OC::$server->getConfig();
$calDavBackend = new CalDavBackend($db, $principalBackend, \OC::$server->getUserManager(), $config);
$userManager = \OC::$server->getUserManager();
$random = \OC::$server->getSecureRandom();
$calDavBackend = new CalDavBackend($db, $principalBackend, $userManager, $config, $random);
$debugging = \OC::$server->getConfig()->getSystemValue('debug', false);

5
apps/dav/lib/AppInfo/Application.php
View file

@ -81,12 +81,15 @@ class Application extends App {
$container->registerService('CalDavBackend', function($c) {
/** @var IAppContainer $c */
$db = $c->getServer()->getDatabaseConnection();
$userManager = $c->getServer()->getUserManager();
$config = $c->getServer()->getConfig();
$random = $c->getServer()->getSecureRandom();
$principal = new Principal(
$c->getServer()->getUserManager(),
$c->getServer()->getGroupManager()
);
return new CalDavBackend($db, $principal, $c->getServer()->getUserManager(), $config);
return new CalDavBackend($db, $principal, $userManager, $config, $random);
});
$container->registerService('BirthdayService', function($c) {

26
apps/dav/lib/CalDAV/CalDavBackend.php
View file

@ -33,6 +33,7 @@ use OCP\IConfig;
use OCP\IDBConnection;
use OCP\IUser;
use OCP\IUserManager;
use OCP\Security\ISecureRandom;
use Sabre\CalDAV\Backend\AbstractBackend;
use Sabre\CalDAV\Backend\SchedulingSupport;
use Sabre\CalDAV\Backend\SubscriptionSupport;
@ -124,6 +125,9 @@ class CalDavBackend extends AbstractBackend implements SyncSupport, Subscription
/** @var IConfig */
private $config;
/** @var ISecureRandom */
private $random;
/**
* CalDavBackend constructor.
*
@ -131,16 +135,19 @@ class CalDavBackend extends AbstractBackend implements SyncSupport, Subscription
* @param Principal $principalBackend
* @param IUserManager $userManager
* @param IConfig $config
* @param ISecureRandom $random
*/
public function __construct(IDBConnection $db,
Principal $principalBackend,
IUserManager $userManager,
IConfig $config) {
IConfig $config,
ISecureRandom $random) {
$this->db = $db;
$this->principalBackend = $principalBackend;
$this->userManager = $userManager;
$this->sharingBackend = new Backend($this->db, $principalBackend, 'calendar');
$this->config = $config;
$this->random = $random;
}
/**
@ -400,10 +407,9 @@ class CalDavBackend extends AbstractBackend implements SyncSupport, Subscription
if ($row['components']) {
$components = explode(',',$row['components']);
}
$uri = md5($this->config->getSystemValue('secret', '') . $row['id']);
$calendar = [
'id' => $row['id'],
'uri' => $uri,
'uri' => $row['publicuri'],
'principaluri' => $row['principaluri'],
'{' . Plugin::NS_CALENDARSERVER . '}getctag' => 'http://sabre.io/ns/sync/' . ($row['synctoken']?$row['synctoken']:'0'),
'{http://sabredav.org/ns}sync-token' => $row['synctoken']?$row['synctoken']:'0',
@ -1601,24 +1607,28 @@ class CalDavBackend extends AbstractBackend implements SyncSupport, Subscription
/**
* @param boolean $value
* @param \OCA\DAV\CalDAV\Calendar $calendar
* @return string|null
*/
public function setPublishStatus($value, $calendar) {
$query = $this->db->getQueryBuilder();
if ($value) {
$publicUri = $this->random->generate(16, ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_DIGITS);
$query->insert('dav_shares')
->values([
'principaluri' => $query->createNamedParameter($calendar->getPrincipalURI()),
'type' => $query->createNamedParameter('calendar'),
'access' => $query->createNamedParameter(self::ACCESS_PUBLIC),
'resourceid' => $query->createNamedParameter($calendar->getResourceId()),
'publicuri' => $query->createNamedParameter(md5($this->config->getSystemValue('secret', '') . $calendar->getResourceId()))
'publicuri' => $query->createNamedParameter($publicUri)
]);
} else {
$query->delete('dav_shares')
->where($query->expr()->eq('resourceid', $query->createNamedParameter($calendar->getResourceId())))
->andWhere($query->expr()->eq('access', $query->createNamedParameter(self::ACCESS_PUBLIC)));
$query->execute();
return $publicUri;
}
$query->delete('dav_shares')
->where($query->expr()->eq('resourceid', $query->createNamedParameter($calendar->getResourceId())))
->andWhere($query->expr()->eq('access', $query->createNamedParameter(self::ACCESS_PUBLIC)));
$query->execute();
return null;
}
/**

5
apps/dav/lib/CalDAV/Calendar.php
View file

@ -252,9 +252,12 @@ class Calendar extends \Sabre\CalDAV\Calendar implements IShareable {
/**
* @param boolean $value
* @return string|null
*/
function setPublishStatus($value) {
$this->caldavBackend->setPublishStatus($value, $this);
$publicUri = $this->caldavBackend->setPublishStatus($value, $this);
$this->calendarInfo['publicuri'] = $publicUri;
return $publicUri;
}
/**

14
apps/dav/lib/CalDAV/Publishing/PublishPlugin.php
View file

@ -94,22 +94,16 @@ class PublishPlugin extends ServerPlugin {
public function propFind(PropFind $propFind, INode $node) {
if ($node instanceof Calendar) {
$token = md5($this->config->getSystemValue('secret', '').$node->getResourceId());
$publishUrl = $this->urlGenerator->getAbsoluteURL($this->server->getBaseUri().'public-calendars/').$token;
$propFind->handle('{'.self::NS_CALENDARSERVER.'}publish-url', function () use ($node, $publishUrl) {
$propFind->handle('{'.self::NS_CALENDARSERVER.'}publish-url', function () use ($node) {
if ($node->getPublishStatus()) {
// We return the publish-url only if the calendar is published.
$token = $node->getName();
$publishUrl = $this->urlGenerator->getAbsoluteURL($this->server->getBaseUri().'public-calendars/').$token;
return new Publisher($publishUrl, true);
}
});
$propFind->handle('{'.self::NS_CALENDARSERVER.'}pre-publish-url', function () use ($node, $publishUrl) {
// The pre-publish-url is always returned
return new Publisher($publishUrl, false);
});
$propFind->handle('{'.self::NS_CALENDARSERVER.'}allowed-sharing-modes', function() use ($node) {
return new AllowedSharingModes(!$node->isSubscription(), !$node->isSubscription());
});

3
apps/dav/lib/Command/CreateCalendar.php
View file

@ -76,9 +76,10 @@ class CreateCalendar extends Command {
$this->groupManager
);
$config = \OC::$server->getConfig();
$random = \OC::$server->getSecureRandom();
$name = $input->getArgument('name');
$caldav = new CalDavBackend($this->dbConnection, $principalBackend, $this->userManager, $config);
$caldav = new CalDavBackend($this->dbConnection, $principalBackend, $this->userManager, $config, $random);
$caldav->createCalendar("principals/users/$user", $name, []);
}
}

4
apps/dav/lib/DAV/PublicAuth.php
View file

@ -86,10 +86,6 @@ class PublicAuth implements BackendInterface {
* @return bool
*/
private function isRequestPublic(RequestInterface $request) {
$params = $request->getQueryParameters();
if (isset($params['sabreAction']) && $params['sabreAction'] == 'asset') {
return true;
}
$url = $request->getPath();
$matchingUrls = array_filter($this->publicURLs, function ($publicUrl) use ($url) {
return strpos($url, $publicUrl, 0) === 0;

6
apps/dav/lib/RootCollection.php
View file

@ -39,10 +39,12 @@ class RootCollection extends SimpleCollection {
public function __construct() {
$config = \OC::$server->getConfig();
$random = \OC::$server->getSecureRandom();
$userManager = \OC::$server->getUserManager();
$db = \OC::$server->getDatabaseConnection();
$dispatcher = \OC::$server->getEventDispatcher();
$userPrincipalBackend = new Principal(
\OC::$server->getUserManager(),
$userManager,
\OC::$server->getGroupManager()
);
$groupPrincipalBackend = new GroupPrincipalBackend(
@ -60,7 +62,7 @@ class RootCollection extends SimpleCollection {
$systemPrincipals->disableListing = $disableListing;
$filesCollection = new Files\RootCollection($userPrincipalBackend, 'principals/users');
$filesCollection->disableListing = $disableListing;
$caldavBackend = new CalDavBackend($db, $userPrincipalBackend, \OC::$server->getUserManager(), $config);
$caldavBackend = new CalDavBackend($db, $userPrincipalBackend, $userManager, $config, $random);
$calendarRoot = new CalendarRoot($userPrincipalBackend, $caldavBackend, 'principals/users');
$calendarRoot->disableListing = $disableListing;
$publicCalendarRoot = new PublicCalendarRoot($caldavBackend);

8
apps/dav/tests/unit/CalDAV/AbstractCalDavBackendTest.php
View file

@ -29,6 +29,7 @@ use OCA\DAV\CalDAV\Calendar;
use OCA\DAV\Connector\Sabre\Principal;
use OCP\IL10N;
use OCP\IConfig;
use OCP\Security\ISecureRandom;
use Sabre\CalDAV\Xml\Property\SupportedCalendarComponentSet;
use Sabre\DAV\PropPatch;
use Sabre\DAV\Xml\Property\Href;
@ -56,6 +57,9 @@ abstract class AbstractCalDavBackendTest extends TestCase {
/** var OCP\IConfig */
protected $config;
/** @var ISecureRandom */
private $random;
const UNIT_TEST_USER = 'principals/users/caldav-unit-test';
const UNIT_TEST_USER1 = 'principals/users/caldav-unit-test1';
const UNIT_TEST_GROUP = 'principals/groups/caldav-unit-test-group';
@ -80,8 +84,8 @@ abstract class AbstractCalDavBackendTest extends TestCase {
$db = \OC::$server->getDatabaseConnection();
$this->config = \OC::$server->getConfig();
$this->backend = new CalDavBackend($db, $this->principal, $this->userManager, $this->config);
$this->random = \OC::$server->getSecureRandom();
$this->backend = new CalDavBackend($db, $this->principal, $this->userManager, $this->config, $this->random);
$this->tearDown();
}

2
apps/dav/tests/unit/CalDAV/CalDavBackendTest.php
View file

@ -350,7 +350,7 @@ EOD;
$this->assertEquals(1, count($publicCalendars));
$this->assertEquals(true, $publicCalendars[0]['{http://owncloud.org/ns}public']);
$publicCalendarURI = md5($this->config->getSystemValue('secret', '') . $calendar->getResourceId());
$publicCalendarURI = $publicCalendars[0]['uri'];
$publicCalendar = $this->backend->getPublicCalendar($publicCalendarURI);
$this->assertEquals(true, $publicCalendar['{http://owncloud.org/ns}public']);

45
apps/dav/tests/unit/CalDAV/PublicCalendarRootTest.php
View file

@ -5,12 +5,11 @@ namespace OCA\DAV\Tests\unit\CalDAV;
use OCA\DAV\CalDAV\Calendar;
use OCA\DAV\Connector\Sabre\Principal;
use OCP\IL10N;
use OCP\IConfig;
use OCA\DAV\CalDAV\CalDavBackend;
use OCA\DAV\CalDAV\PublicCalendarRoot;
use OCP\IUserManager;
use OCP\Security\ISecureRandom;
use Test\TestCase;
use Sabre\Uri;
/**
* Class PublicCalendarRootTest
@ -22,13 +21,10 @@ use Sabre\Uri;
class PublicCalendarRootTest extends TestCase {
const UNIT_TEST_USER = 'principals/users/caldav-unit-test';
/** @var CalDavBackend */
private $backend;
/** @var PublicCalendarRoot */
private $publicCalendarRoot;
/** @var IL10N */
private $l10n;
/** @var IUserManager */
@ -37,6 +33,8 @@ class PublicCalendarRootTest extends TestCase {
private $principal;
/** var IConfig */
protected $config;
/** @var ISecureRandom */
private $random;
public function setUp() {
parent::setUp();
@ -47,12 +45,14 @@ class PublicCalendarRootTest extends TestCase {
->getMock();
$this->config = \OC::$server->getConfig();
$this->userManager = $this->getMockBuilder('\OCP\IUserManager')->getMock();
$this->random = \OC::$server->getSecureRandom();
$this->backend = new CalDavBackend(
$db,
$this->principal,
$this->userManager,
$this->config
$this->config,
$this->random
);
$this->publicCalendarRoot = new PublicCalendarRoot($this->backend);
@ -61,6 +61,18 @@ class PublicCalendarRootTest extends TestCase {
->disableOriginalConstructor()->getMock();
}
public function tearDown() {
parent::tearDown();
if (is_null($this->backend)) {
return;
}
$books = $this->backend->getCalendarsForUser(self::UNIT_TEST_USER);
foreach ($books as $book) {
$this->backend->deleteCalendar($book['id']);
}
}
public function testGetName() {
$name = $this->publicCalendarRoot->getName();
$this->assertEquals('public-calendars', $name);
@ -70,13 +82,18 @@ class PublicCalendarRootTest extends TestCase {
$calendar = $this->createPublicCalendar();
$publicCalendarURI = md5($this->config->getSystemValue('secret', '') . $calendar->getResourceId());
$publicCalendars = $this->backend->getPublicCalendars();
$this->assertEquals(1, count($publicCalendars));
$this->assertEquals(true, $publicCalendars[0]['{http://owncloud.org/ns}public']);
$publicCalendarURI = $publicCalendars[0]['uri'];
$calendarResult = $this->publicCalendarRoot->getChild($publicCalendarURI);
$this->assertEquals($calendar, $calendarResult);
}
public function testGetChildren() {
$this->createPublicCalendar();
$publicCalendars = $this->backend->getPublicCalendars();
@ -84,7 +101,6 @@ class PublicCalendarRootTest extends TestCase {
$this->assertEquals(1, count($calendarResults));
$this->assertEquals(new Calendar($this->backend, $publicCalendars[0], $this->l10n), $calendarResults[0]);
}
/**
@ -94,16 +110,11 @@ class PublicCalendarRootTest extends TestCase {
$this->backend->createCalendar(self::UNIT_TEST_USER, 'Example', []);
$calendarInfo = $this->backend->getCalendarsForUser(self::UNIT_TEST_USER)[0];
$calendarInfo['uri'] = md5($this->config->getSystemValue('secret', '') . $calendarInfo['id']);
list(, $name) = Uri\split($calendarInfo['principaluri']);
$calendarInfo['{DAV:}displayname'] = $calendarInfo['{DAV:}displayname'] . ' (' . $name . ')';
$calendarInfo['{http://owncloud.org/ns}owner-principal'] = $calendarInfo['principaluri'];
$calendarInfo['{http://owncloud.org/ns}read-only'] = false;
$calendarInfo['{http://owncloud.org/ns}public'] = true;
$calendar = new Calendar($this->backend, $calendarInfo, $this->l10n);
$calendar->setPublishStatus(true);
$publicUri = $calendar->setPublishStatus(true);
$calendarInfo = $this->backend->getPublicCalendar($publicUri);
$calendar = new Calendar($this->backend, $calendarInfo, $this->l10n);
return $calendar;
}