server/lib/private/AppFramework/Middleware/OCSMiddleware.php
Roeland Jago Douma e3b0e50dda
Extend OCSMiddleware
* Always set 401 (v1.php and v2.php)
* Set proper error codes for v2.php
* Proper OCS output on unhandled exceptions
2016-08-14 18:34:01 +02:00

144 lines
4.5 KiB
PHP

<?php
/**
*
* @author Roeland Jago Douma <roeland@famdouma.nl>
*
* @license GNU AGPL version 3 or any later version
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
namespace OC\AppFramework\Middleware;
use OC\AppFramework\Http;
use OCP\API;
use OCP\AppFramework\Http\DataResponse;
use OCP\AppFramework\Http\JSONResponse;
use OCP\AppFramework\Http\OCSResponse;
use OCP\AppFramework\Http\Response;
use OCP\AppFramework\OCS\OCSException;
use OCP\AppFramework\OCS\OCSForbiddenException;
use OCP\AppFramework\OCS\OCSNotFoundException;
use OCP\AppFramework\OCSController;
use OCP\IRequest;
use OCP\AppFramework\Middleware;
class OCSMiddleware extends Middleware {
/** @var IRequest */
private $request;
/**
* @param IRequest $request
*/
public function __construct(IRequest $request) {
$this->request = $request;
}
/**
* @param \OCP\AppFramework\Controller $controller
* @param string $methodName
* @param \Exception $exception
* @throws \Exception
* @return OCSResponse
*/
public function afterException($controller, $methodName, \Exception $exception) {
if ($controller instanceof OCSController && $exception instanceof OCSException) {
$format = $this->getFormat($controller);
$code = $exception->getCode();
if ($code === 0) {
$code = API::RESPOND_UNKNOWN_ERROR;
}
// Build the response
$response = new OCSResponse($format, $code, $exception->getMessage());
// Forbidden always sets 401 (even on v1.php)
if ($exception instanceof OCSForbiddenException || $code === API::RESPOND_UNAUTHORISED) {
$response->setStatus(Http::STATUS_UNAUTHORIZED);
}
// On v2.php we set actual HTTP error codes
if (substr_compare($this->request->getScriptName(), '/ocs/v2.php', -strlen('/ocs/v2.php')) === 0) {
if ($code === API::RESPOND_NOT_FOUND) {
$response->setStatus(Http::STATUS_NOT_FOUND);
} else if ($code === API::RESPOND_SERVER_ERROR) {
$response->setStatus(Http::STATUS_INTERNAL_SERVER_ERROR);
} else if ($code === API::RESPOND_UNKNOWN_ERROR) {
$response->setStatus(Http::STATUS_INTERNAL_SERVER_ERROR);
} else if ($code === API::RESPOND_UNAUTHORISED) {
// Already set
}
// 4xx and 5xx codes are forwarded as is.
else if ($code >= 400 && $code < 600) {
$response->setStatus($code);
} else {
// All other codes get a bad request
$response->setStatus(Http::STATUS_BAD_REQUEST);
}
}
return $response;
}
throw $exception;
}
/**
* @param \OCP\AppFramework\Controller $controller
* @param string $methodName
* @param Response $response
* @return \OCP\AppFramework\Http\Response
*/
public function afterController($controller, $methodName, Response $response) {
/*
* If a different middleware has detected that a request unauthorized or forbidden
* we need to catch the response and convert it to a proper OCS response.
*/
if ($controller instanceof OCSController && !($response instanceof OCSResponse)) {
if ($response->getStatus() === Http::STATUS_UNAUTHORIZED ||
$response->getStatus() === Http::STATUS_FORBIDDEN) {
$format = $this->getFormat($controller);
$message = '';
if ($response instanceof JSONResponse) {
/** @var DataResponse $response */
$message = $response->getData()['message'];
}
$response = new OCSResponse($format, \OCP\API::RESPOND_UNAUTHORISED, $message);
$response->setStatus(Http::STATUS_UNAUTHORIZED);
}
}
return $response;
}
/**
* @param \OCP\AppFramework\Controller $controller
* @return string
*/
private function getFormat($controller) {
// get format from the url format or request format parameter
$format = $this->request->getParam('format');
// if none is given try the first Accept header
if($format === null) {
$headers = $this->request->getHeader('Accept');
$format = $controller->getResponderByHTTPHeader($headers, 'xml');
}
return $format;
}
}