requestsharedsecret.php 4.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178
  1. <?php
  2. /**
  3. * @author Björn Schießle <schiessle@owncloud.com>
  4. * @author Robin Appelman <icewind@owncloud.com>
  5. * @author Thomas Müller <thomas.mueller@tmit.eu>
  6. *
  7. * @copyright Copyright (c) 2016, ownCloud, Inc.
  8. * @license AGPL-3.0
  9. *
  10. * This code is free software: you can redistribute it and/or modify
  11. * it under the terms of the GNU Affero General Public License, version 3,
  12. * as published by the Free Software Foundation.
  13. *
  14. * This program is distributed in the hope that it will be useful,
  15. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  16. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  17. * GNU Affero General Public License for more details.
  18. *
  19. * You should have received a copy of the GNU Affero General Public License, version 3,
  20. * along with this program. If not, see <http://www.gnu.org/licenses/>
  21. *
  22. */
  23. namespace OCA\Federation\BackgroundJob;
  24. use GuzzleHttp\Exception\ClientException;
  25. use OC\BackgroundJob\JobList;
  26. use OC\BackgroundJob\QueuedJob;
  27. use OCA\Federation\DbHandler;
  28. use OCA\Federation\TrustedServers;
  29. use OCP\AppFramework\Http;
  30. use OCP\BackgroundJob\IJobList;
  31. use OCP\Http\Client\IClient;
  32. use OCP\ILogger;
  33. use OCP\IURLGenerator;
  34. /**
  35. * Class RequestSharedSecret
  36. *
  37. * Ask remote ownCloud to request a sharedSecret from this server
  38. *
  39. * @package OCA\Federation\Backgroundjob
  40. */
  41. class RequestSharedSecret extends QueuedJob {
  42. /** @var IClient */
  43. private $httpClient;
  44. /** @var IJobList */
  45. private $jobList;
  46. /** @var IURLGenerator */
  47. private $urlGenerator;
  48. /** @var DbHandler */
  49. private $dbHandler;
  50. /** @var TrustedServers */
  51. private $trustedServers;
  52. private $endPoint = '/ocs/v2.php/apps/federation/api/v1/request-shared-secret?format=json';
  53. /** @var ILogger */
  54. private $logger;
  55. /**
  56. * RequestSharedSecret constructor.
  57. *
  58. * @param IClient $httpClient
  59. * @param IURLGenerator $urlGenerator
  60. * @param IJobList $jobList
  61. * @param TrustedServers $trustedServers
  62. * @param DbHandler $dbHandler
  63. */
  64. public function __construct(
  65. IClient $httpClient = null,
  66. IURLGenerator $urlGenerator = null,
  67. IJobList $jobList = null,
  68. TrustedServers $trustedServers = null,
  69. dbHandler $dbHandler = null
  70. ) {
  71. $this->httpClient = $httpClient ? $httpClient : \OC::$server->getHTTPClientService()->newClient();
  72. $this->jobList = $jobList ? $jobList : \OC::$server->getJobList();
  73. $this->urlGenerator = $urlGenerator ? $urlGenerator : \OC::$server->getURLGenerator();
  74. $this->dbHandler = $dbHandler ? $dbHandler : new DbHandler(\OC::$server->getDatabaseConnection(), \OC::$server->getL10N('federation'));
  75. $this->logger = \OC::$server->getLogger();
  76. if ($trustedServers) {
  77. $this->trustedServers = $trustedServers;
  78. } else {
  79. $this->trustedServers = new TrustedServers(
  80. $this->dbHandler,
  81. \OC::$server->getHTTPClientService(),
  82. $this->logger,
  83. $this->jobList,
  84. \OC::$server->getSecureRandom(),
  85. \OC::$server->getConfig()
  86. );
  87. }
  88. }
  89. /**
  90. * run the job, then remove it from the joblist
  91. *
  92. * @param JobList $jobList
  93. * @param ILogger $logger
  94. */
  95. public function execute($jobList, ILogger $logger = null) {
  96. $jobList->remove($this, $this->argument);
  97. $target = $this->argument['url'];
  98. // only execute if target is still in the list of trusted domains
  99. if ($this->trustedServers->isTrustedServer($target)) {
  100. $this->parentExecute($jobList, $logger);
  101. }
  102. }
  103. /**
  104. * @param JobList $jobList
  105. * @param ILogger $logger
  106. */
  107. protected function parentExecute($jobList, $logger) {
  108. parent::execute($jobList, $logger);
  109. }
  110. protected function run($argument) {
  111. $target = $argument['url'];
  112. $source = $this->urlGenerator->getAbsoluteURL('/');
  113. $source = rtrim($source, '/');
  114. $token = $argument['token'];
  115. try {
  116. $result = $this->httpClient->post(
  117. $target . $this->endPoint,
  118. [
  119. 'body' => [
  120. 'url' => $source,
  121. 'token' => $token,
  122. ],
  123. 'timeout' => 3,
  124. 'connect_timeout' => 3,
  125. ]
  126. );
  127. $status = $result->getStatusCode();
  128. } catch (ClientException $e) {
  129. $status = $e->getCode();
  130. if ($status === Http::STATUS_FORBIDDEN) {
  131. $this->logger->info($target . ' refused to ask for a shared secret.', ['app' => 'federation']);
  132. } else {
  133. $this->logger->logException($e, ['app' => 'federation']);
  134. }
  135. } catch (\Exception $e) {
  136. $status = HTTP::STATUS_INTERNAL_SERVER_ERROR;
  137. $this->logger->logException($e, ['app' => 'federation']);
  138. }
  139. // if we received a unexpected response we try again later
  140. if (
  141. $status !== Http::STATUS_OK
  142. && $status !== Http::STATUS_FORBIDDEN
  143. ) {
  144. $this->jobList->add(
  145. 'OCA\Federation\BackgroundJob\RequestSharedSecret',
  146. $argument
  147. );
  148. }
  149. if ($status === Http::STATUS_FORBIDDEN) {
  150. // clear token if remote server refuses to ask for shared secret
  151. $this->dbHandler->addToken($target, '');
  152. }
  153. }
  154. }