1
0

GetSharedSecret.php 5.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203
  1. <?php
  2. /**
  3. * @copyright Copyright (c) 2016, ownCloud, Inc.
  4. *
  5. * @author Björn Schießle <bjoern@schiessle.org>
  6. * @author Joas Schilling <coding@schilljs.com>
  7. * @author Robin Appelman <robin@icewind.nl>
  8. * @author Thomas Müller <thomas.mueller@tmit.eu>
  9. *
  10. * @license AGPL-3.0
  11. *
  12. * This code is free software: you can redistribute it and/or modify
  13. * it under the terms of the GNU Affero General Public License, version 3,
  14. * as published by the Free Software Foundation.
  15. *
  16. * This program is distributed in the hope that it will be useful,
  17. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  18. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  19. * GNU Affero General Public License for more details.
  20. *
  21. * You should have received a copy of the GNU Affero General Public License, version 3,
  22. * along with this program. If not, see <http://www.gnu.org/licenses/>
  23. *
  24. */
  25. namespace OCA\Federation\BackgroundJob;
  26. use GuzzleHttp\Exception\ClientException;
  27. use OC\BackgroundJob\JobList;
  28. use OC\BackgroundJob\Job;
  29. use OCA\Federation\DbHandler;
  30. use OCA\Federation\TrustedServers;
  31. use OCP\AppFramework\Http;
  32. use OCP\BackgroundJob\IJobList;
  33. use OCP\Http\Client\IClient;
  34. use OCP\Http\Client\IResponse;
  35. use OCP\ILogger;
  36. use OCP\IURLGenerator;
  37. /**
  38. * Class GetSharedSecret
  39. *
  40. * request shared secret from remote ownCloud
  41. *
  42. * @package OCA\Federation\Backgroundjob
  43. */
  44. class GetSharedSecret extends Job{
  45. /** @var IClient */
  46. private $httpClient;
  47. /** @var IJobList */
  48. private $jobList;
  49. /** @var IURLGenerator */
  50. private $urlGenerator;
  51. /** @var TrustedServers */
  52. private $trustedServers;
  53. /** @var DbHandler */
  54. private $dbHandler;
  55. /** @var ILogger */
  56. private $logger;
  57. /** @var bool */
  58. protected $retainJob = false;
  59. private $endPoint = '/ocs/v2.php/apps/federation/api/v1/shared-secret?format=json';
  60. /**
  61. * RequestSharedSecret constructor.
  62. *
  63. * @param IClient $httpClient
  64. * @param IURLGenerator $urlGenerator
  65. * @param IJobList $jobList
  66. * @param TrustedServers $trustedServers
  67. * @param ILogger $logger
  68. * @param DbHandler $dbHandler
  69. */
  70. public function __construct(
  71. IClient $httpClient = null,
  72. IURLGenerator $urlGenerator = null,
  73. IJobList $jobList = null,
  74. TrustedServers $trustedServers = null,
  75. ILogger $logger = null,
  76. DbHandler $dbHandler = null
  77. ) {
  78. $this->logger = $logger ? $logger : \OC::$server->getLogger();
  79. $this->httpClient = $httpClient ? $httpClient : \OC::$server->getHTTPClientService()->newClient();
  80. $this->jobList = $jobList ? $jobList : \OC::$server->getJobList();
  81. $this->urlGenerator = $urlGenerator ? $urlGenerator : \OC::$server->getURLGenerator();
  82. $this->dbHandler = $dbHandler ? $dbHandler : new DbHandler(\OC::$server->getDatabaseConnection(), \OC::$server->getL10N('federation'));
  83. if ($trustedServers) {
  84. $this->trustedServers = $trustedServers;
  85. } else {
  86. $this->trustedServers = new TrustedServers(
  87. $this->dbHandler,
  88. \OC::$server->getHTTPClientService(),
  89. $this->logger,
  90. $this->jobList,
  91. \OC::$server->getSecureRandom(),
  92. \OC::$server->getConfig(),
  93. \OC::$server->getEventDispatcher()
  94. );
  95. }
  96. }
  97. /**
  98. * run the job, then remove it from the joblist
  99. *
  100. * @param JobList $jobList
  101. * @param ILogger $logger
  102. */
  103. public function execute($jobList, ILogger $logger = null) {
  104. $target = $this->argument['url'];
  105. // only execute if target is still in the list of trusted domains
  106. if ($this->trustedServers->isTrustedServer($target)) {
  107. $this->parentExecute($jobList, $logger);
  108. }
  109. if (!$this->retainJob) {
  110. $jobList->remove($this, $this->argument);
  111. }
  112. }
  113. /**
  114. * call execute() method of parent
  115. *
  116. * @param JobList $jobList
  117. * @param ILogger $logger
  118. */
  119. protected function parentExecute($jobList, $logger = null) {
  120. parent::execute($jobList, $logger);
  121. }
  122. protected function run($argument) {
  123. $target = $argument['url'];
  124. $source = $this->urlGenerator->getAbsoluteURL('/');
  125. $source = rtrim($source, '/');
  126. $token = $argument['token'];
  127. $result = null;
  128. try {
  129. $result = $this->httpClient->get(
  130. $target . $this->endPoint,
  131. [
  132. 'query' =>
  133. [
  134. 'url' => $source,
  135. 'token' => $token
  136. ],
  137. 'timeout' => 3,
  138. 'connect_timeout' => 3,
  139. ]
  140. );
  141. $status = $result->getStatusCode();
  142. } catch (ClientException $e) {
  143. $status = $e->getCode();
  144. if ($status === Http::STATUS_FORBIDDEN) {
  145. $this->logger->info($target . ' refused to exchange a shared secret with you.', ['app' => 'federation']);
  146. } else {
  147. $this->logger->logException($e, ['app' => 'federation']);
  148. }
  149. } catch (\Exception $e) {
  150. $status = Http::STATUS_INTERNAL_SERVER_ERROR;
  151. $this->logger->logException($e, ['app' => 'federation']);
  152. }
  153. // if we received a unexpected response we try again later
  154. if (
  155. $status !== Http::STATUS_OK
  156. && $status !== Http::STATUS_FORBIDDEN
  157. ) {
  158. $this->retainJob = true;
  159. } else {
  160. // reset token if we received a valid response
  161. $this->dbHandler->addToken($target, '');
  162. }
  163. if ($status === Http::STATUS_OK && $result instanceof IResponse) {
  164. $body = $result->getBody();
  165. $result = json_decode($body, true);
  166. if (isset($result['ocs']['data']['sharedSecret'])) {
  167. $this->trustedServers->addSharedSecret(
  168. $target,
  169. $result['ocs']['data']['sharedSecret']
  170. );
  171. } else {
  172. $this->logger->error(
  173. 'remote server "' . $target . '"" does not return a valid shared secret',
  174. ['app' => 'federation']
  175. );
  176. $this->trustedServers->setServerStatus($target, TrustedServers::STATUS_FAILURE);
  177. }
  178. }
  179. }
  180. }