1
0

RequestSharedSecret.php 4.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186
  1. <?php
  2. /**
  3. * @copyright Copyright (c) 2016, ownCloud, Inc.
  4. *
  5. * @author Björn Schießle <bjoern@schiessle.org>
  6. * @author Joas Schilling <coding@schilljs.com>
  7. * @author Robin Appelman <robin@icewind.nl>
  8. * @author Thomas Müller <thomas.mueller@tmit.eu>
  9. *
  10. * @license AGPL-3.0
  11. *
  12. * This code is free software: you can redistribute it and/or modify
  13. * it under the terms of the GNU Affero General Public License, version 3,
  14. * as published by the Free Software Foundation.
  15. *
  16. * This program is distributed in the hope that it will be useful,
  17. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  18. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  19. * GNU Affero General Public License for more details.
  20. *
  21. * You should have received a copy of the GNU Affero General Public License, version 3,
  22. * along with this program. If not, see <http://www.gnu.org/licenses/>
  23. *
  24. */
  25. namespace OCA\Federation\BackgroundJob;
  26. use GuzzleHttp\Exception\ClientException;
  27. use OC\BackgroundJob\JobList;
  28. use OC\BackgroundJob\Job;
  29. use OCA\Federation\DbHandler;
  30. use OCA\Federation\TrustedServers;
  31. use OCP\AppFramework\Http;
  32. use OCP\BackgroundJob\IJobList;
  33. use OCP\Http\Client\IClient;
  34. use OCP\ILogger;
  35. use OCP\IURLGenerator;
  36. /**
  37. * Class RequestSharedSecret
  38. *
  39. * Ask remote ownCloud to request a sharedSecret from this server
  40. *
  41. * @package OCA\Federation\Backgroundjob
  42. */
  43. class RequestSharedSecret extends Job {
  44. /** @var IClient */
  45. private $httpClient;
  46. /** @var IJobList */
  47. private $jobList;
  48. /** @var IURLGenerator */
  49. private $urlGenerator;
  50. /** @var DbHandler */
  51. private $dbHandler;
  52. /** @var TrustedServers */
  53. private $trustedServers;
  54. private $endPoint = '/ocs/v2.php/apps/federation/api/v1/request-shared-secret?format=json';
  55. /** @var ILogger */
  56. private $logger;
  57. /** @var bool */
  58. protected $retainJob = false;
  59. /**
  60. * RequestSharedSecret constructor.
  61. *
  62. * @param IClient $httpClient
  63. * @param IURLGenerator $urlGenerator
  64. * @param IJobList $jobList
  65. * @param TrustedServers $trustedServers
  66. * @param DbHandler $dbHandler
  67. */
  68. public function __construct(
  69. IClient $httpClient = null,
  70. IURLGenerator $urlGenerator = null,
  71. IJobList $jobList = null,
  72. TrustedServers $trustedServers = null,
  73. DbHandler $dbHandler = null
  74. ) {
  75. $this->httpClient = $httpClient ? $httpClient : \OC::$server->getHTTPClientService()->newClient();
  76. $this->jobList = $jobList ? $jobList : \OC::$server->getJobList();
  77. $this->urlGenerator = $urlGenerator ? $urlGenerator : \OC::$server->getURLGenerator();
  78. $this->dbHandler = $dbHandler ? $dbHandler : new DbHandler(\OC::$server->getDatabaseConnection(), \OC::$server->getL10N('federation'));
  79. $this->logger = \OC::$server->getLogger();
  80. if ($trustedServers) {
  81. $this->trustedServers = $trustedServers;
  82. } else {
  83. $this->trustedServers = new TrustedServers(
  84. $this->dbHandler,
  85. \OC::$server->getHTTPClientService(),
  86. $this->logger,
  87. $this->jobList,
  88. \OC::$server->getSecureRandom(),
  89. \OC::$server->getConfig(),
  90. \OC::$server->getEventDispatcher()
  91. );
  92. }
  93. }
  94. /**
  95. * run the job, then remove it from the joblist
  96. *
  97. * @param JobList $jobList
  98. * @param ILogger $logger
  99. */
  100. public function execute($jobList, ILogger $logger = null) {
  101. $target = $this->argument['url'];
  102. // only execute if target is still in the list of trusted domains
  103. if ($this->trustedServers->isTrustedServer($target)) {
  104. $this->parentExecute($jobList, $logger);
  105. }
  106. if (!$this->retainJob) {
  107. $jobList->remove($this, $this->argument);
  108. }
  109. }
  110. /**
  111. * call execute() method of parent
  112. *
  113. * @param JobList $jobList
  114. * @param ILogger $logger
  115. */
  116. protected function parentExecute($jobList, $logger) {
  117. parent::execute($jobList, $logger);
  118. }
  119. protected function run($argument) {
  120. $target = $argument['url'];
  121. $source = $this->urlGenerator->getAbsoluteURL('/');
  122. $source = rtrim($source, '/');
  123. $token = $argument['token'];
  124. try {
  125. $result = $this->httpClient->post(
  126. $target . $this->endPoint,
  127. [
  128. 'body' => [
  129. 'url' => $source,
  130. 'token' => $token,
  131. ],
  132. 'timeout' => 3,
  133. 'connect_timeout' => 3,
  134. ]
  135. );
  136. $status = $result->getStatusCode();
  137. } catch (ClientException $e) {
  138. $status = $e->getCode();
  139. if ($status === Http::STATUS_FORBIDDEN) {
  140. $this->logger->info($target . ' refused to ask for a shared secret.', ['app' => 'federation']);
  141. } else {
  142. $this->logger->logException($e, ['app' => 'federation']);
  143. }
  144. } catch (\Exception $e) {
  145. $status = Http::STATUS_INTERNAL_SERVER_ERROR;
  146. $this->logger->logException($e, ['app' => 'federation']);
  147. }
  148. // if we received a unexpected response we try again later
  149. if (
  150. $status !== Http::STATUS_OK
  151. && $status !== Http::STATUS_FORBIDDEN
  152. ) {
  153. $this->retainJob = true;
  154. }
  155. if ($status === Http::STATUS_FORBIDDEN) {
  156. // clear token if remote server refuses to ask for shared secret
  157. $this->dbHandler->addToken($target, '');
  158. }
  159. }
  160. }