1
0

AjaxController.php 3.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128
  1. <?php
  2. /**
  3. * @copyright Copyright (c) 2016, ownCloud, Inc.
  4. *
  5. * @author Christoph Wurst <christoph@winzerhof-wurst.at>
  6. * @author Lukas Reschke <lukas@statuscode.ch>
  7. * @author Martin Mattel <martin.mattel@diemattels.at>
  8. * @author Morris Jobke <hey@morrisjobke.de>
  9. * @author Robin Appelman <robin@icewind.nl>
  10. * @author Robin McCorkell <robin@mccorkell.me.uk>
  11. * @author Roeland Jago Douma <roeland@famdouma.nl>
  12. * @author Ross Nicoll <jrn@jrn.me.uk>
  13. *
  14. * @license AGPL-3.0
  15. *
  16. * This code is free software: you can redistribute it and/or modify
  17. * it under the terms of the GNU Affero General Public License, version 3,
  18. * as published by the Free Software Foundation.
  19. *
  20. * This program is distributed in the hope that it will be useful,
  21. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  22. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  23. * GNU Affero General Public License for more details.
  24. *
  25. * You should have received a copy of the GNU Affero General Public License, version 3,
  26. * along with this program. If not, see <http://www.gnu.org/licenses/>
  27. *
  28. */
  29. namespace OCA\Files_External\Controller;
  30. use OCA\Files_External\Lib\Auth\Password\GlobalAuth;
  31. use OCA\Files_External\Lib\Auth\PublicKey\RSA;
  32. use OCP\AppFramework\Controller;
  33. use OCP\AppFramework\Http\Attribute\NoAdminRequired;
  34. use OCP\AppFramework\Http\Attribute\PasswordConfirmationRequired;
  35. use OCP\AppFramework\Http\JSONResponse;
  36. use OCP\IGroupManager;
  37. use OCP\IRequest;
  38. use OCP\IUserSession;
  39. class AjaxController extends Controller {
  40. /** @var RSA */
  41. private $rsaMechanism;
  42. /** @var GlobalAuth */
  43. private $globalAuth;
  44. /** @var IUserSession */
  45. private $userSession;
  46. /** @var IGroupManager */
  47. private $groupManager;
  48. /**
  49. * @param string $appName
  50. * @param IRequest $request
  51. * @param RSA $rsaMechanism
  52. * @param GlobalAuth $globalAuth
  53. * @param IUserSession $userSession
  54. * @param IGroupManager $groupManager
  55. */
  56. public function __construct($appName,
  57. IRequest $request,
  58. RSA $rsaMechanism,
  59. GlobalAuth $globalAuth,
  60. IUserSession $userSession,
  61. IGroupManager $groupManager) {
  62. parent::__construct($appName, $request);
  63. $this->rsaMechanism = $rsaMechanism;
  64. $this->globalAuth = $globalAuth;
  65. $this->userSession = $userSession;
  66. $this->groupManager = $groupManager;
  67. }
  68. /**
  69. * @param int $keyLength
  70. * @return array
  71. */
  72. private function generateSshKeys($keyLength) {
  73. $key = $this->rsaMechanism->createKey($keyLength);
  74. // Replace the placeholder label with a more meaningful one
  75. $key['publickey'] = str_replace('phpseclib-generated-key', gethostname(), $key['publickey']);
  76. return $key;
  77. }
  78. /**
  79. * Generates an SSH public/private key pair.
  80. *
  81. * @NoAdminRequired
  82. * @param int $keyLength
  83. */
  84. public function getSshKeys($keyLength = 1024) {
  85. $key = $this->generateSshKeys($keyLength);
  86. return new JSONResponse(
  87. ['data' => [
  88. 'private_key' => $key['privatekey'],
  89. 'public_key' => $key['publickey']
  90. ],
  91. 'status' => 'success'
  92. ]);
  93. }
  94. /**
  95. * @param string $uid
  96. * @param string $user
  97. * @param string $password
  98. * @return bool
  99. */
  100. #[NoAdminRequired]
  101. #[PasswordConfirmationRequired]
  102. public function saveGlobalCredentials($uid, $user, $password) {
  103. $currentUser = $this->userSession->getUser();
  104. if ($currentUser === null) {
  105. return false;
  106. }
  107. // Non-admins can only edit their own credentials
  108. // Admin can edit global credentials
  109. $allowedToEdit = $uid === ''
  110. ? $this->groupManager->isAdmin($currentUser->getUID())
  111. : $currentUser->getUID() === $uid;
  112. if ($allowedToEdit) {
  113. $this->globalAuth->saveAuth($uid, $user, $password);
  114. return true;
  115. }
  116. return false;
  117. }
  118. }