Merge pull request #22686 from owncloud/cleanup_remote_address_books

remove remote address book if access was revoked
This commit is contained in:
Thomas Müller 2016-03-01 14:46:51 +01:00
commit a83af96dd3
18 changed files with 155 additions and 39 deletions

View file

@ -20,6 +20,7 @@
*/
use OCA\Dav\AppInfo\Application;
use Symfony\Component\EventDispatcher\GenericEvent;
$app = new Application();
$app->registerHooks();
@ -28,6 +29,20 @@ $app->registerHooks();
return $app->getSyncService();
});
$eventDispatcher = \OC::$server->getEventDispatcher();
$eventDispatcher->addListener('OCP\Federation\TrustedServerEvent::remove',
function(GenericEvent $event) use ($app) {
/** @var \OCA\DAV\CardDAV\CardDavBackend $cardDavBackend */
$cardDavBackend = $app->getContainer()->query('CardDavBackend');
$addressBookUri = $event->getSubject();
$addressBook = $cardDavBackend->getAddressBooksByUri('principals/system/system', $addressBookUri);
if (!is_null($addressBook)) {
$cardDavBackend->deleteAddressBook($addressBook['id']);
}
}
);
$cm = \OC::$server->getContactsManager();
$cm->register(function() use ($cm, $app) {
$userId = \OC::$server->getUserSession()->getUser()->getUID();

View file

@ -69,7 +69,8 @@ class Application extends App {
/** @var IAppContainer $c */
return new SyncService(
$c->query('CardDavBackend'),
$c->getServer()->getUserManager()
$c->getServer()->getUserManager(),
$c->getServer()->getLogger()
);
});

View file

@ -21,11 +21,14 @@
namespace OCA\DAV\CardDAV;
use OCP\AppFramework\Http;
use OCP\ILogger;
use OCP\IUser;
use OCP\IUserManager;
use Sabre\DAV\Client;
use Sabre\DAV\Xml\Response\MultiStatus;
use Sabre\DAV\Xml\Service;
use Sabre\HTTP\ClientHttpException;
use Sabre\VObject\Reader;
class SyncService {
@ -36,12 +39,16 @@ class SyncService {
/** @var IUserManager */
private $userManager;
/** @var ILogger */
private $logger;
/** @var array */
private $localSystemAddressBook;
public function __construct(CardDavBackend $backend, IUserManager $userManager) {
public function __construct(CardDavBackend $backend, IUserManager $userManager, ILogger $logger) {
$this->backend = $backend;
$this->userManager = $userManager;
$this->logger = $logger;
}
/**
@ -53,6 +60,7 @@ class SyncService {
* @param string $targetPrincipal
* @param array $targetProperties
* @return string
* @throws \Exception
*/
public function syncRemoteAddressBook($url, $userName, $sharedSecret, $syncToken, $targetBookId, $targetPrincipal, $targetProperties) {
// 1. create addressbook
@ -60,7 +68,16 @@ class SyncService {
$addressBookId = $book['id'];
// 2. query changes
$response = $this->requestSyncReport($url, $userName, $sharedSecret, $syncToken);
try {
$response = $this->requestSyncReport($url, $userName, $sharedSecret, $syncToken);
} catch (ClientHttpException $ex) {
if ($ex->getCode() === Http::STATUS_UNAUTHORIZED) {
// remote server revoked access to the address book, remove it
$this->backend->deleteAddressBook($addressBookId);
$this->logger->info('Authorization failed, remove address book: ' . $url, ['app' => 'dav']);
throw $ex;
}
}
// 3. apply changes
// TODO: use multi-get for download

View file

@ -68,13 +68,15 @@ class SyncServiceTest extends TestCase {
/** @var IUserManager $userManager */
$userManager = $this->getMockBuilder('OCP\IUserManager')->disableOriginalConstructor()->getMock();
$ss = new SyncService($backend, $userManager);
$logger = $this->getMockBuilder('OCP\ILogger')->disableOriginalConstructor()->getMock();
$ss = new SyncService($backend, $userManager, $logger);
$book = $ss->ensureSystemAddressBookExists('principals/users/adam', 'contacts', []);
}
public function testUpdateAndDeleteUser() {
/** @var CardDavBackend | \PHPUnit_Framework_MockObject_MockObject $backend */
$backend = $this->getMockBuilder('OCA\DAV\CardDAV\CardDAVBackend')->disableOriginalConstructor()->getMock();
$logger = $this->getMockBuilder('OCP\ILogger')->disableOriginalConstructor()->getMock();
$backend->expects($this->once())->method('createCard');
$backend->expects($this->once())->method('updateCard');
@ -92,7 +94,7 @@ class SyncServiceTest extends TestCase {
$user->method('getBackendClassName')->willReturn('unittest');
$user->method('getUID')->willReturn('test-user');
$ss = new SyncService($backend, $userManager);
$ss = new SyncService($backend, $userManager, $logger);
$ss->updateUser($user);
$user->method('getDisplayName')->willReturn('A test user for unit testing');
@ -123,8 +125,9 @@ class SyncServiceTest extends TestCase {
*/
private function getSyncServiceMock($backend, $response) {
$userManager = $this->getMockBuilder('OCP\IUserManager')->disableOriginalConstructor()->getMock();
$logger = $this->getMockBuilder('OCP\ILogger')->disableOriginalConstructor()->getMock();
/** @var SyncService | \PHPUnit_Framework_MockObject_MockObject $ss */
$ss = $this->getMock('OCA\DAV\CardDAV\SyncService', ['ensureSystemAddressBookExists', 'requestSyncReport', 'download'], [$backend, $userManager]);
$ss = $this->getMock('OCA\DAV\CardDAV\SyncService', ['ensureSystemAddressBookExists', 'requestSyncReport', 'download'], [$backend, $userManager, $logger]);
$ss->method('requestSyncReport')->withAnyParameters()->willReturn(['response' => $response, 'token' => 'sync-token-1']);
$ss->method('ensureSystemAddressBookExists')->willReturn(['id' => 1]);
$ss->method('download')->willReturn([

View file

@ -75,13 +75,15 @@ class Application extends \OCP\AppFramework\App {
});
$container->registerService('TrustedServers', function(IAppContainer $c) {
$server = $c->getServer();
return new TrustedServers(
$c->query('DbHandler'),
\OC::$server->getHTTPClientService(),
\OC::$server->getLogger(),
\OC::$server->getJobList(),
\OC::$server->getSecureRandom(),
\OC::$server->getConfig()
$server->getHTTPClientService(),
$server->getLogger(),
$server->getJobList(),
$server->getSecureRandom(),
$server->getConfig(),
$server->getEventDispatcher()
);
});
@ -94,6 +96,7 @@ class Application extends \OCP\AppFramework\App {
$c->query('TrustedServers')
);
});
}
private function registerMiddleware() {

View file

@ -27,8 +27,7 @@
<type>text</type>
<default></default>
<notnull>true</notnull>
<length>32</length>
<comments>md5 hash of the url without the protocol</comments>
<comments>sha1 hash of the url without the protocol</comments>
</field>
<field>
<name>token</name>

View file

@ -5,7 +5,7 @@
<description>ownCloud Federation allows you to connect with other trusted ownClouds to exchange the user directory. For example this will be used to auto-complete external users for federated sharing.</description>
<licence>AGPL</licence>
<author>Bjoern Schiessle</author>
<version>0.0.3</version>
<version>0.0.4</version>
<namespace>Federation</namespace>
<category>other</category>
<dependencies>

View file

@ -91,12 +91,13 @@ class GetSharedSecret extends QueuedJob{
$this->trustedServers = $trustedServers;
} else {
$this->trustedServers = new TrustedServers(
$this->dbHandler,
\OC::$server->getHTTPClientService(),
$this->logger,
$this->jobList,
\OC::$server->getSecureRandom(),
\OC::$server->getConfig()
$this->dbHandler,
\OC::$server->getHTTPClientService(),
$this->logger,
$this->jobList,
\OC::$server->getSecureRandom(),
\OC::$server->getConfig(),
\OC::$server->getEventDispatcher()
);
}
}

View file

@ -95,7 +95,8 @@ class RequestSharedSecret extends QueuedJob {
$this->logger,
$this->jobList,
\OC::$server->getSecureRandom(),
\OC::$server->getConfig()
\OC::$server->getConfig(),
\OC::$server->getEventDispatcher()
);
}
}

View file

@ -40,6 +40,7 @@ class SyncFederationAddressBooks extends Command {
$this->syncService->syncThemAll(function($url, $ex) use ($progress, $output) {
if ($ex instanceof \Exception) {
$output->writeln("Error while syncing $url : " . $ex->getMessage());
} else {
$progress->advance();
}

View file

@ -105,6 +105,28 @@ class DbHandler {
$query->execute();
}
/**
* get trusted server with given ID
*
* @param int $id
* @return array
* @throws \Exception
*/
public function getServerById($id) {
$query = $this->connection->getQueryBuilder();
$query->select('*')->from($this->dbTable)
->where($query->expr()->eq('id', $query->createParameter('id')))
->setParameter('id', $id);
$query->execute();
$result = $query->execute()->fetchAll();
if (empty($result)) {
throw new \Exception('No Server found with ID: ' . $id);
}
return $result[0];
}
/**
* get all trusted servers
*
@ -112,7 +134,7 @@ class DbHandler {
*/
public function getAllServer() {
$query = $this->connection->getQueryBuilder();
$query->select(['url', 'id', 'status', 'shared_secret', 'sync_token'])->from($this->dbTable);
$query->select(['url', 'url_hash', 'id', 'status', 'shared_secret', 'sync_token'])->from($this->dbTable);
$result = $query->execute()->fetchAll();
return $result;
}
@ -252,11 +274,11 @@ class DbHandler {
*/
protected function hash($url) {
$normalized = $this->normalizeUrl($url);
return md5($normalized);
return sha1($normalized);
}
/**
* normalize URL, used to create the md5 hash
* normalize URL, used to create the sha1 hash
*
* @param string $url
* @return string

View file

@ -3,6 +3,7 @@
namespace OCA\Federation;
use OCA\DAV\CardDAV\SyncService;
use OCP\AppFramework\Http;
use Symfony\Component\Console\Command\Command;
use Symfony\Component\Console\Helper\ProgressBar;
use Symfony\Component\Console\Input\InputInterface;
@ -40,7 +41,7 @@ class SyncFederationAddressBooks {
if (is_null($sharedSecret)) {
continue;
}
$targetBookId = sha1($url);
$targetBookId = $trustedServer['url_hash'];
$targetPrincipal = "principals/system/system";
$targetBookProperties = [
'{DAV:}displayname' => $url
@ -51,6 +52,9 @@ class SyncFederationAddressBooks {
$this->dbHandler->setServerStatus($url, TrustedServers::STATUS_OK, $newToken);
}
} catch (\Exception $ex) {
if ($ex->getCode() === Http::STATUS_UNAUTHORIZED) {
$this->dbHandler->setServerStatus($url, TrustedServers::STATUS_ACCESS_REVOKED);
}
$callback($url, $ex);
}
}

View file

@ -30,6 +30,8 @@ use OCP\Http\Client\IClientService;
use OCP\IConfig;
use OCP\ILogger;
use OCP\Security\ISecureRandom;
use Symfony\Component\EventDispatcher\EventDispatcherInterface;
use Symfony\Component\EventDispatcher\GenericEvent;
class TrustedServers {
@ -39,6 +41,8 @@ class TrustedServers {
const STATUS_PENDING = 2;
/** something went wrong, misconfigured server, software bug,... user interaction needed */
const STATUS_FAILURE = 3;
/** remote server revoked access */
const STATUS_ACCESS_REVOKED = 4;
/** @var dbHandler */
private $dbHandler;
@ -58,6 +62,9 @@ class TrustedServers {
/** @var IConfig */
private $config;
/** @var EventDispatcherInterface */
private $dispatcher;
/**
* @param DbHandler $dbHandler
* @param IClientService $httpClientService
@ -65,6 +72,7 @@ class TrustedServers {
* @param IJobList $jobList
* @param ISecureRandom $secureRandom
* @param IConfig $config
* @param EventDispatcherInterface $dispatcher
*/
public function __construct(
DbHandler $dbHandler,
@ -72,7 +80,8 @@ class TrustedServers {
ILogger $logger,
IJobList $jobList,
ISecureRandom $secureRandom,
IConfig $config
IConfig $config,
EventDispatcherInterface $dispatcher
) {
$this->dbHandler = $dbHandler;
$this->httpClientService = $httpClientService;
@ -80,6 +89,7 @@ class TrustedServers {
$this->jobList = $jobList;
$this->secureRandom = $secureRandom;
$this->config = $config;
$this->dispatcher = $dispatcher;
}
/**
@ -154,7 +164,10 @@ class TrustedServers {
* @param int $id
*/
public function removeServer($id) {
$server = $this->dbHandler->getServerById($id);
$this->dbHandler->removeServer($id);
$event = new GenericEvent($server['url_hash']);
$this->dispatcher->dispatch('OCP\Federation\TrustedServerEvent::remove', $event);
}
/**
@ -222,6 +235,7 @@ class TrustedServers {
*
* @param $status
* @return bool
* @throws HintException
*/
protected function checkOwnCloudVersion($status) {
$decoded = json_decode($status, true);

View file

@ -34,7 +34,8 @@ $trustedServers = new \OCA\Federation\TrustedServers(
\OC::$server->getLogger(),
\OC::$server->getJobList(),
\OC::$server->getSecureRandom(),
\OC::$server->getConfig()
\OC::$server->getConfig(),
\OC::$server->getEventDispatcher()
);
$template->assign('trustedServers', $trustedServers->getServers());

View file

@ -26,7 +26,11 @@ style('federation', 'settings-admin')
<li id="<?php p($trustedServer['id']); ?>" class="icon-delete">
<?php if((int)$trustedServer['status'] === TrustedServers::STATUS_OK) { ?>
<span class="status success"></span>
<?php } elseif((int)$trustedServer['status'] === TrustedServers::STATUS_PENDING) { ?>
<?php
} elseif(
(int)$trustedServer['status'] === TrustedServers::STATUS_PENDING ||
(int)$trustedServer['status'] === TrustedServers::STATUS_ACCESS_REVOKED
) { ?>
<span class="status indeterminate"></span>
<?php } else {?>
<span class="status error"></span>

View file

@ -89,9 +89,9 @@ class DbHandlerTest extends TestCase {
public function dataTestAddServer() {
return [
['http://owncloud.org', 'http://owncloud.org', md5('owncloud.org')],
['https://owncloud.org', 'https://owncloud.org', md5('owncloud.org')],
['http://owncloud.org/', 'http://owncloud.org', md5('owncloud.org')],
['http://owncloud.org', 'http://owncloud.org', sha1('owncloud.org')],
['https://owncloud.org', 'https://owncloud.org', sha1('owncloud.org')],
['http://owncloud.org/', 'http://owncloud.org', sha1('owncloud.org')],
];
}
@ -115,6 +115,15 @@ class DbHandlerTest extends TestCase {
$this->assertSame($id1, (int)$result[0]['id']);
}
public function testGetServerById() {
$this->dbHandler->addServer('server1');
$id = $this->dbHandler->addServer('server2');
$result = $this->dbHandler->getServerById($id);
$this->assertSame('server2', $result['url']);
}
public function testGetAll() {
$id1 = $this->dbHandler->addServer('server1');
$id2 = $this->dbHandler->addServer('server2');
@ -233,10 +242,10 @@ class DbHandlerTest extends TestCase {
public function dataTestHash() {
return [
['server1', md5('server1')],
['http://server1', md5('server1')],
['https://server1', md5('server1')],
['http://server1/', md5('server1')],
['server1', sha1('server1')],
['http://server1', sha1('server1')],
['https://server1', sha1('server1')],
['http://server1/', sha1('server1')],
];
}

View file

@ -19,6 +19,7 @@ class SyncFederationAddressbooksTest extends \Test\TestCase {
willReturn([
[
'url' => 'https://cloud.drop.box',
'url_hash' => 'sha1',
'shared_secret' => 'iloveowncloud',
'sync_token' => '0'
]
@ -47,6 +48,7 @@ class SyncFederationAddressbooksTest extends \Test\TestCase {
willReturn([
[
'url' => 'https://cloud.drop.box',
'url_hash' => 'sha1',
'shared_secret' => 'iloveowncloud',
'sync_token' => '0'
]

View file

@ -23,7 +23,6 @@
namespace OCA\Federation\Tests\lib;
use OC\HintException;
use OCA\Federation\DbHandler;
use OCA\Federation\TrustedServers;
use OCP\BackgroundJob\IJobList;
@ -33,6 +32,7 @@ use OCP\Http\Client\IResponse;
use OCP\IConfig;
use OCP\ILogger;
use OCP\Security\ISecureRandom;
use Symfony\Component\EventDispatcher\EventDispatcherInterface;
use Test\TestCase;
class TrustedServersTest extends TestCase {
@ -64,11 +64,16 @@ class TrustedServersTest extends TestCase {
/** @var \PHPUnit_Framework_MockObject_MockObject | IConfig */
private $config;
/** @var \PHPUnit_Framework_MockObject_MockObject | EventDispatcherInterface */
private $dispatcher;
public function setUp() {
parent::setUp();
$this->dbHandler = $this->getMockBuilder('\OCA\Federation\DbHandler')
->disableOriginalConstructor()->getMock();
$this->dispatcher = $this->getMockBuilder('Symfony\Component\EventDispatcher\EventDispatcherInterface')
->disableOriginalConstructor()->getMock();
$this->httpClientService = $this->getMock('OCP\Http\Client\IClientService');
$this->httpClient = $this->getMock('OCP\Http\Client\IClient');
$this->response = $this->getMock('OCP\Http\Client\IResponse');
@ -83,7 +88,8 @@ class TrustedServersTest extends TestCase {
$this->logger,
$this->jobList,
$this->secureRandom,
$this->config
$this->config,
$this->dispatcher
);
}
@ -103,7 +109,8 @@ class TrustedServersTest extends TestCase {
$this->logger,
$this->jobList,
$this->secureRandom,
$this->config
$this->config,
$this->dispatcher
]
)
->setMethods(['normalizeUrl', 'updateProtocol'])
@ -191,7 +198,18 @@ class TrustedServersTest extends TestCase {
public function testRemoveServer() {
$id = 42;
$server = ['url_hash' => 'url_hash'];
$this->dbHandler->expects($this->once())->method('removeServer')->with($id);
$this->dbHandler->expects($this->once())->method('getServerById')->with($id)
->willReturn($server);
$this->dispatcher->expects($this->once())->method('dispatch')
->willReturnCallback(
function($eventId, $event) {
$this->assertSame($eventId, 'OCP\Federation\TrustedServerEvent::remove');
$this->assertInstanceOf('Symfony\Component\EventDispatcher\GenericEvent', $event);
$this->assertSame('url_hash', $event->getSubject());
}
);
$this->trustedServers->removeServer($id);
}
@ -247,7 +265,8 @@ class TrustedServersTest extends TestCase {
$this->logger,
$this->jobList,
$this->secureRandom,
$this->config
$this->config,
$this->dispatcher
]
)
->setMethods(['checkOwnCloudVersion'])