Permalink
Browse files

Refactor index.php and rest.php into a big $server object.

Remove old preLogUser() method on authDriver interface.
Remove unmaintained plugin auth.phpbb, remove auth.basic_http (replaced by authfront.http_server).
  • Loading branch information...
1 parent 60bce30 commit 81c76d9b620563570fb29302c0498b37073cf10a @cdujeu cdujeu committed May 9, 2016
Showing with 288 additions and 788 deletions.
  1. +1 −73 core/src/core/src/pydio/Core/Controller/Controller.php
  2. +239 −0 core/src/core/src/pydio/Core/Http/Server.php
  3. +1 −5 core/src/core/src/pydio/Core/Services/AuthService.php
  4. +22 −2 core/src/core/src/pydio/Core/Services/ConfService.php
  5. +9 −78 core/src/index.php
  6. +0 −66 core/src/plugins/auth.basic_http/class.basic_httpAuthDriver.php
  7. +0 −28 core/src/plugins/auth.basic_http/i18n/conf/cs.php
  8. +0 −28 core/src/plugins/auth.basic_http/i18n/conf/de.php
  9. +0 −28 core/src/plugins/auth.basic_http/i18n/conf/en.php
  10. +0 −28 core/src/plugins/auth.basic_http/i18n/conf/fr.php
  11. +0 −28 core/src/plugins/auth.basic_http/i18n/conf/it.php
  12. +0 −28 core/src/plugins/auth.basic_http/i18n/conf/pt.php
  13. +0 −46 core/src/plugins/auth.basic_http/manifest.xml
  14. +0 −1 core/src/plugins/auth.basic_http/plugin_doc.html
  15. +2 −1 core/src/plugins/auth.multi/class.multiAuthDriver.php
  16. +0 −110 core/src/plugins/auth.phpbb/class.phpbbAuthDriver.php
  17. +0 −35 core/src/plugins/auth.phpbb/i18n/conf/de.php
  18. +0 −35 core/src/plugins/auth.phpbb/i18n/conf/en.php
  19. +0 −35 core/src/plugins/auth.phpbb/i18n/conf/fr.php
  20. +0 −35 core/src/plugins/auth.phpbb/i18n/conf/it.php
  21. +0 −43 core/src/plugins/auth.phpbb/manifest.xml
  22. +0 −1 core/src/plugins/auth.phpbb/plugin_doc.html
  23. +5 −0 core/src/plugins/auth.remote_ajxp/class.remote_ajxpAuthDriver.php
  24. +1 −7 core/src/plugins/core.auth/class.AbstractAuthDriver.php
  25. +1 −1 core/src/plugins/gui.ajax/class.AJXP_ClientDriver.php
  26. +7 −46 core/src/rest.php
@@ -78,78 +78,7 @@ public static function registryReset(){
self::$xPath = null;
self::$hooksCache = array();
}
-
- /**
- * @bool $rest
- * @return ServerRequestInterface
- */
- public static function initServerRequest($rest = false){
-
- $request = ServerRequestFactory::fromGlobals();
- $httpVars = $request->getQueryParams();
- $postParams = $request->getParsedBody();
- if(is_array($postParams)){
- $httpVars = array_merge($httpVars, $postParams);
- }
- $request = $request->withParsedBody($httpVars);
-
- if($rest){
- $serverData = $request->getServerParams();
- $uri = $serverData["REQUEST_URI"];
- $scriptUri = ltrim(Utils::safeDirname($serverData["SCRIPT_NAME"]),'/')."/api/";
- $uri = substr($uri, strlen($scriptUri));
- $uri = explode("/", trim($uri, "/"));
- $repoID = array_shift($uri);
- $action = array_shift($uri);
- $path = "/".implode("/", $uri);
- return $request->withAttribute("action", $action)
- ->withAttribute("rest_path", $path)
- ->withAttribute("rest_repository_id", $repoID);
-
- }else{
- return $request;
- }
-
- }
-
- /**
- * @param ServerRequestInterface $request
- * @return static
- */
- public static function requestHandlerDetectAction(ServerRequestInterface &$request){
- $serverData = $request->getServerParams();
- $params = $request->getParsedBody();
- if(isSet($params["get_action"])){
- $action = $params["get_action"];
- }else if(isSet($params["action"])){
- $action = $params["action"];
- }else if (preg_match('/MSIE 7/',$serverData['HTTP_USER_AGENT']) || preg_match('/MSIE 8/',$serverData['HTTP_USER_AGENT'])) {
- $action = "get_boot_gui";
- } else {
- $action = (strpos($serverData["HTTP_ACCEPT"], "text/html") !== false ? "get_boot_gui" : "ping");
- }
- $request = $request->withAttribute("action", Utils::sanitize($action, AJXP_SANITIZE_EMAILCHARS));
- }
-
- /**
- * @param ServerRequestInterface $request
- * @throws PydioException
- */
- public static function requestHandlerSecureToken(ServerRequestInterface $request){
-
- $pluginsUnSecureActions = ConfService::getDeclaredUnsecureActions();
- $unSecureActions = array_merge($pluginsUnSecureActions, array("get_secure_token"));
- if (!in_array($request->getAttribute("action"), $unSecureActions) && AuthService::getSecureToken()) {
- $params = $request->getParsedBody();
- if(array_key_exists("secure_token", $params)){
- $token = $params["secure_token"];
- }
- if ( !isSet($token) || !AuthService::checkSecureToken($token)) {
- throw new PydioException("You are not allowed to access this resource.");
- }
- }
- }
-
+
/**
* @param ServerRequestInterface $request
@@ -274,7 +203,6 @@ public static function run(ServerRequestInterface $request, &$actionNode = null)
if($actionName == "ls" & $loggedUser!=null
&& $loggedUser->canWrite(ConfService::getCurrentRepositoryId()."")){
// Special case of "write only" right : return empty listing, no auth error.
- // TODO : Set in Response object
$response = new Response();
$response->getBody()->write(XMLWriter::wrapDocument(""));
return $response;
@@ -0,0 +1,239 @@
+<?php
+/*
+ * Copyright 2007-2015 Abstrium <contact (at) pydio.com>
+ * This file is part of Pydio.
+ *
+ * Pydio is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Pydio is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with Pydio. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * The latest code can be found at <http://pyd.io/>.
+ */
+namespace Pydio\Core\Http;
+
+use Psr\Http\Message\ServerRequestInterface;
+use Pydio\Core\Controller\Controller;
+use Pydio\Core\Exception\PydioException;
+use Pydio\Core\PluginFramework\PluginsService;
+use Pydio\Core\Services\AuthService;
+use Pydio\Core\Services\ConfService;
+use Pydio\Core\Utils\Utils;
+use Zend\Diactoros\ServerRequestFactory;
+
+defined('AJXP_EXEC') or die('Access not allowed');
+
+define('PYDIO_SERVER_MODE_REST', 'rest');
+define('PYDIO_SERVER_MODE_SESSION', 'session');
+
+class Server
+{
+ private $mode;
+ private $request;
+ private $requireAuth = false;
+
+ public function __construct($serverMode = PYDIO_SERVER_MODE_SESSION){
+ $this->mode = $serverMode;
+ if($this->mode == PYDIO_SERVER_MODE_REST){
+ $this->requireAuth = true;
+ }
+ }
+
+ public function getRequest(){
+ if(!isSet($this->request)){
+ $this->request = $this->initServerRequest();
+ }
+ return $this->request;
+ }
+
+
+ public function listen(){
+
+ $action = null;
+ if($this->mode == PYDIO_SERVER_MODE_REST){
+ $action = Controller::parseRestParameters($this->request);
+ }
+ try{
+ $response = Controller::run($this->getRequest(), $action);
+ if($response !== false && ($response->getBody()->getSize() || $response instanceof \Zend\Diactoros\Response\EmptyResponse)) {
+ $emitter = new \Zend\Diactoros\Response\SapiEmitter();
+ $emitter->emit($response);
+ }
+ }catch (\Pydio\Core\Exception\AuthRequiredException $authExc){
+ if($this->requireAuth){
+ throw $authExc;
+ }
+ }
+
+ }
+
+ /**
+ * @param bool $rest
+ * @return ServerRequestInterface
+ */
+ protected function initServerRequest($rest = false){
+
+ $request = ServerRequestFactory::fromGlobals();
+ $httpVars = $request->getQueryParams();
+ $postParams = $request->getParsedBody();
+ if(is_array($postParams)){
+ $httpVars = array_merge($httpVars, $postParams);
+ }
+ $request = $request->withParsedBody($httpVars);
+
+ if($this->mode == PYDIO_SERVER_MODE_REST){
+
+ $serverData = $request->getServerParams();
+ $uri = $serverData["REQUEST_URI"];
+ $scriptUri = ltrim(Utils::safeDirname($serverData["SCRIPT_NAME"]),'/')."/api/";
+ $uri = substr($uri, strlen($scriptUri));
+ $uri = explode("/", trim($uri, "/"));
+ $repoID = array_shift($uri);
+ $action = array_shift($uri);
+ $path = "/".implode("/", $uri);
+ return $request->withAttribute("action", $action)
+ ->withAttribute("rest_path", $path)
+ ->withAttribute("repository_id", $repoID);
+
+ }else{
+
+ $this->requestHandlerDetectAction($request);
+ $this->requestHandlerSecureToken($request);
+ return $request;
+
+ }
+
+ }
+
+ public function bootSessionServer(ServerRequestInterface $request){
+
+ $parameters = $request->getParsedBody();
+ if (AuthService::usersEnabled()) {
+
+ AuthService::logUser(null, null);
+ // Check that current user can access current repository, try to switch otherwise.
+ $loggedUser = AuthService::getLoggedUser();
+ if ($loggedUser == null || $loggedUser->getId() == "guest") {
+ // Now try to log the user with the various credentials that could be detected in the request
+ PluginsService::getInstance()->initActivePlugins();
+ AuthService::preLogUser($parameters);
+ $loggedUser = AuthService::getLoggedUser();
+ if($loggedUser == null) $this->requireAuth = true;
+ }
+ if ($loggedUser != null) {
+ $res = ConfService::switchUserToActiveRepository($loggedUser, (isSet($parameters["tmp_repository_id"])?$parameters["tmp_repository_id"]:"-1"));
+ if (!$res) {
+ AuthService::disconnect();
+ $this->requireAuth = true;
+ }
+ }
+
+ }else{
+
+ if (isSet($parameters["tmp_repository_id"])) {
+ try{
+ ConfService::switchRootDir($parameters["tmp_repository_id"], true);
+ }catch(PydioException $e){}
+ } else if (isSet($_SESSION["SWITCH_BACK_REPO_ID"])) {
+ ConfService::switchRootDir($_SESSION["SWITCH_BACK_REPO_ID"]);
+ unset($_SESSION["SWITCH_BACK_REPO_ID"]);
+ }
+
+ }
+
+ //Set language
+ $loggedUser = AuthService::getLoggedUser();
+ if($loggedUser != null && $loggedUser->getPref("lang") != "") ConfService::setLanguage($loggedUser->getPref("lang"));
+ else if(isSet($request->getCookieParams()["AJXP_lang"])) ConfService::setLanguage($request->getCookieParams()["AJXP_lang"]);
+
+ //------------------------------------------------------------
+ // SPECIAL HANDLING FOR FLEX UPLOADER RIGHTS FOR THIS ACTION
+ //------------------------------------------------------------
+ if (AuthService::usersEnabled()) {
+ $loggedUser = AuthService::getLoggedUser();
+ if ($request->getAttribute("action") == "upload" &&
+ ($loggedUser == null || !$loggedUser->canWrite(ConfService::getCurrentRepositoryId().""))
+ && isSet($request->getUploadedFiles()['Filedata'])) {
+ header('HTTP/1.0 ' . '410 Not authorized');
+ die('Error 410 Not authorized!');
+ }
+ }
+
+ }
+
+ public function bootRestServer(ServerRequestInterface $request){
+
+ PluginsService::getInstance()->initActivePlugins();
+ AuthService::preLogUser(array_merge($_GET, $_POST));
+ if(AuthService::getLoggedUser() == null){
+ header('HTTP/1.0 401 Unauthorized');
+ echo 'You are not authorized to access this API.';
+ exit;
+ }
+
+ $repoID = $request->getAttribute("repository_id");
+ if($repoID == 'pydio'){
+ ConfService::switchRootDir();
+ $repo = ConfService::getRepository();
+ }else{
+ $repo = ConfService::findRepositoryByIdOrAlias($repoID);
+ if ($repo == null) {
+ die("Cannot find repository with ID ".$repoID);
+ }
+ if(!ConfService::repositoryIsAccessible($repo->getId(), $repo, AuthService::getLoggedUser(), false, true)){
+ header('HTTP/1.0 401 Unauthorized');
+ echo 'You are not authorized to access this workspace.';
+ exit;
+ }
+ ConfService::switchRootDir($repo->getId());
+ }
+
+ }
+
+ /**
+ * @param ServerRequestInterface $request
+ * @return static
+ */
+ private function requestHandlerDetectAction(ServerRequestInterface &$request){
+ $serverData = $request->getServerParams();
+ $params = $request->getParsedBody();
+ if(isSet($params["get_action"])){
+ $action = $params["get_action"];
+ }else if(isSet($params["action"])){
+ $action = $params["action"];
+ }else if (preg_match('/MSIE 7/',$serverData['HTTP_USER_AGENT']) || preg_match('/MSIE 8/',$serverData['HTTP_USER_AGENT'])) {
+ $action = "get_boot_gui";
+ } else {
+ $action = (strpos($serverData["HTTP_ACCEPT"], "text/html") !== false ? "get_boot_gui" : "ping");
+ }
+ $request = $request->withAttribute("action", Utils::sanitize($action, AJXP_SANITIZE_EMAILCHARS));
+ }
+
+ /**
+ * @param ServerRequestInterface $request
+ * @throws PydioException
+ */
+ private function requestHandlerSecureToken(ServerRequestInterface $request){
+
+ $pluginsUnSecureActions = ConfService::getDeclaredUnsecureActions();
+ $unSecureActions = array_merge($pluginsUnSecureActions, array("get_secure_token"));
+ if (!in_array($request->getAttribute("action"), $unSecureActions) && AuthService::getSecureToken()) {
+ $params = $request->getParsedBody();
+ if(array_key_exists("secure_token", $params)){
+ $token = $params["secure_token"];
+ }
+ if ( !isSet($token) || !AuthService::checkSecureToken($token)) {
+ throw new PydioException("You are not allowed to access this resource.");
+ }
+ }
+ }
+
+}
@@ -140,7 +140,7 @@ public static function getLoggedUser()
return null;
}
/**
- * Call the preLogUser() functino on the auth driver implementation
+ * Call tryToLogUser() functions on the registered authfront drivers
* @static
* @param array $httpVars
* @return void
@@ -164,11 +164,7 @@ public static function preLogUser($httpVars)
$index ++;
if($res) break;
}
- // Keep old-fashioned test, should be removed
- $authDriver = ConfService::getAuthDriverImpl();
- $authDriver->preLogUser((isSet($httpVars["remote_session"])?$httpVars["remote_session"]:""));
- return ;
}
/**
* The array is located in the AjxpTmpDir/failedAJXP.log
@@ -286,6 +286,8 @@ public static function currentContextIsRestAPI($restBase = '')
{
if(!empty($restBase)){
self::$restAPIContext = $restBase;
+ self::$useSession = false;
+ AuthService::$useSession = false;
return $restBase;
}else{
return self::$restAPIContext;
@@ -360,6 +362,23 @@ public static function getCacheDriverImpl()
return PluginsService::getInstance()->getPluginById("core.cache")->getCacheImpl();
}
+ /**
+ * @throws \Exception
+ */
+ public static function reloadServicesAndActivePlugins(){
+
+ // THIS FIRST DRIVERS DO NOT NEED ID CHECK
+ ConfService::getAuthDriverImpl();
+ // DRIVERS BELOW NEED IDENTIFICATION CHECK
+ if (!AuthService::usersEnabled() || ConfService::getCoreConf("ALLOW_GUEST_BROWSING", "auth") || AuthService::getLoggedUser()!=null) {
+ ConfService::getConfStorageImpl();
+ ConfService::loadRepositoryDriver();
+ }
+ PluginsService::getInstance()->initActivePlugins();
+
+ }
+
+
public static function getFilteredXMLRegistry($extendedVersion = true, $clone = false, $useCache = false){
if($useCache){
@@ -503,11 +522,12 @@ public static function switchRootDir($rootDirIndex = -1, $temporary = false)
{
self::getInstance()->switchRootDirInst($rootDirIndex, $temporary);
}
+
/**
* Switch the current repository
- * @param $rootDirIndex
+ * @param int $rootDirIndex
* @param bool $temporary
- * @return void
+ * @throws PydioException
*/
public function switchRootDirInst($rootDirIndex=-1, $temporary=false)
{
Oops, something went wrong.

0 comments on commit 81c76d9

Please sign in to comment.