RequestSharedSecret.php 6.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219
  1. <?php
  2. /**
  3. * @copyright Copyright (c) 2016, ownCloud, Inc.
  4. *
  5. * @author Bjoern Schiessle <bjoern@schiessle.org>
  6. * @author Björn Schießle <bjoern@schiessle.org>
  7. * @author Christoph Wurst <christoph@winzerhof-wurst.at>
  8. * @author Joas Schilling <coding@schilljs.com>
  9. * @author Lukas Reschke <lukas@statuscode.ch>
  10. * @author Morris Jobke <hey@morrisjobke.de>
  11. * @author Robin Appelman <robin@icewind.nl>
  12. * @author Roeland Jago Douma <roeland@famdouma.nl>
  13. *
  14. * @license AGPL-3.0
  15. *
  16. * This code is free software: you can redistribute it and/or modify
  17. * it under the terms of the GNU Affero General Public License, version 3,
  18. * as published by the Free Software Foundation.
  19. *
  20. * This program is distributed in the hope that it will be useful,
  21. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  22. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  23. * GNU Affero General Public License for more details.
  24. *
  25. * You should have received a copy of the GNU Affero General Public License, version 3,
  26. * along with this program. If not, see <http://www.gnu.org/licenses/>
  27. *
  28. */
  29. namespace OCA\Federation\BackgroundJob;
  30. use GuzzleHttp\Exception\ClientException;
  31. use GuzzleHttp\Exception\RequestException;
  32. use OCA\Federation\TrustedServers;
  33. use OCP\AppFramework\Http;
  34. use OCP\AppFramework\Utility\ITimeFactory;
  35. use OCP\BackgroundJob\IJobList;
  36. use OCP\BackgroundJob\Job;
  37. use OCP\Http\Client\IClient;
  38. use OCP\Http\Client\IClientService;
  39. use OCP\ILogger;
  40. use OCP\IURLGenerator;
  41. use OCP\OCS\IDiscoveryService;
  42. /**
  43. * Class RequestSharedSecret
  44. *
  45. * Ask remote Nextcloud to request a sharedSecret from this server
  46. *
  47. * @package OCA\Federation\Backgroundjob
  48. */
  49. class RequestSharedSecret extends Job {
  50. /** @var IClient */
  51. private $httpClient;
  52. /** @var IJobList */
  53. private $jobList;
  54. /** @var IURLGenerator */
  55. private $urlGenerator;
  56. /** @var TrustedServers */
  57. private $trustedServers;
  58. /** @var IDiscoveryService */
  59. private $ocsDiscoveryService;
  60. /** @var ILogger */
  61. private $logger;
  62. /** @var bool */
  63. protected $retainJob = false;
  64. private $defaultEndPoint = '/ocs/v2.php/apps/federation/api/v1/request-shared-secret';
  65. /** @var int 30 day = 2592000sec */
  66. private $maxLifespan = 2592000;
  67. /**
  68. * RequestSharedSecret constructor.
  69. *
  70. * @param IClientService $httpClientService
  71. * @param IURLGenerator $urlGenerator
  72. * @param IJobList $jobList
  73. * @param TrustedServers $trustedServers
  74. * @param IDiscoveryService $ocsDiscoveryService
  75. * @param ILogger $logger
  76. * @param ITimeFactory $timeFactory
  77. */
  78. public function __construct(
  79. IClientService $httpClientService,
  80. IURLGenerator $urlGenerator,
  81. IJobList $jobList,
  82. TrustedServers $trustedServers,
  83. IDiscoveryService $ocsDiscoveryService,
  84. ILogger $logger,
  85. ITimeFactory $timeFactory
  86. ) {
  87. parent::__construct($timeFactory);
  88. $this->httpClient = $httpClientService->newClient();
  89. $this->jobList = $jobList;
  90. $this->urlGenerator = $urlGenerator;
  91. $this->logger = $logger;
  92. $this->ocsDiscoveryService = $ocsDiscoveryService;
  93. $this->trustedServers = $trustedServers;
  94. }
  95. /**
  96. * run the job, then remove it from the joblist
  97. *
  98. * @param IJobList $jobList
  99. * @param ILogger|null $logger
  100. */
  101. public function execute(IJobList $jobList, ILogger $logger = null) {
  102. $target = $this->argument['url'];
  103. // only execute if target is still in the list of trusted domains
  104. if ($this->trustedServers->isTrustedServer($target)) {
  105. $this->parentExecute($jobList, $logger);
  106. }
  107. $jobList->remove($this, $this->argument);
  108. if ($this->retainJob) {
  109. $this->reAddJob($this->argument);
  110. }
  111. }
  112. /**
  113. * call execute() method of parent
  114. *
  115. * @param IJobList $jobList
  116. * @param ILogger $logger
  117. */
  118. protected function parentExecute($jobList, $logger) {
  119. parent::execute($jobList, $logger);
  120. }
  121. protected function run($argument) {
  122. $target = $argument['url'];
  123. $created = isset($argument['created']) ? (int)$argument['created'] : $this->time->getTime();
  124. $currentTime = $this->time->getTime();
  125. $source = $this->urlGenerator->getAbsoluteURL('/');
  126. $source = rtrim($source, '/');
  127. $token = $argument['token'];
  128. // kill job after 30 days of trying
  129. $deadline = $currentTime - $this->maxLifespan;
  130. if ($created < $deadline) {
  131. $this->retainJob = false;
  132. $this->trustedServers->setServerStatus($target, TrustedServers::STATUS_FAILURE);
  133. return;
  134. }
  135. $endPoints = $this->ocsDiscoveryService->discover($target, 'FEDERATED_SHARING');
  136. $endPoint = isset($endPoints['shared-secret']) ? $endPoints['shared-secret'] : $this->defaultEndPoint;
  137. // make sure that we have a well formatted url
  138. $url = rtrim($target, '/') . '/' . trim($endPoint, '/');
  139. try {
  140. $result = $this->httpClient->post(
  141. $url,
  142. [
  143. 'body' => [
  144. 'url' => $source,
  145. 'token' => $token,
  146. 'format' => 'json',
  147. ],
  148. 'timeout' => 3,
  149. 'connect_timeout' => 3,
  150. ]
  151. );
  152. $status = $result->getStatusCode();
  153. } catch (ClientException $e) {
  154. $status = $e->getCode();
  155. if ($status === Http::STATUS_FORBIDDEN) {
  156. $this->logger->info($target . ' refused to ask for a shared secret.', ['app' => 'federation']);
  157. } else {
  158. $this->logger->info($target . ' responded with a ' . $status . ' containing: ' . $e->getMessage(), ['app' => 'federation']);
  159. }
  160. } catch (RequestException $e) {
  161. $status = -1; // There is no status code if we could not connect
  162. $this->logger->info('Could not connect to ' . $target, ['app' => 'federation']);
  163. } catch (\Throwable $e) {
  164. $status = Http::STATUS_INTERNAL_SERVER_ERROR;
  165. $this->logger->logException($e, ['app' => 'federation']);
  166. }
  167. // if we received a unexpected response we try again later
  168. if (
  169. $status !== Http::STATUS_OK
  170. && $status !== Http::STATUS_FORBIDDEN
  171. ) {
  172. $this->retainJob = true;
  173. }
  174. }
  175. /**
  176. * re-add background job
  177. *
  178. * @param array $argument
  179. */
  180. protected function reAddJob(array $argument) {
  181. $url = $argument['url'];
  182. $created = isset($argument['created']) ? (int)$argument['created'] : $this->time->getTime();
  183. $token = $argument['token'];
  184. $this->jobList->add(
  185. RequestSharedSecret::class,
  186. [
  187. 'url' => $url,
  188. 'token' => $token,
  189. 'created' => $created
  190. ]
  191. );
  192. }
  193. }