2016-09-09 23:36:35 +08:00
|
|
|
<?php
|
|
|
|
|
/**
|
|
|
|
|
* Nextcloud - passman
|
|
|
|
|
*
|
|
|
|
|
* This file is licensed under the Affero General Public License version 3 or
|
|
|
|
|
* later. See the COPYING file.
|
|
|
|
|
*
|
|
|
|
|
* @author Sander Brand <brantje@gmail.com>
|
|
|
|
|
* @copyright Sander Brand 2016
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
namespace OCA\Passman\Controller;
|
|
|
|
|
|
2016-10-07 23:04:26 +08:00
|
|
|
use OCA\Passman\Utility\NotFoundJSONResponse;
|
2016-10-07 18:58:41 +08:00
|
|
|
use OCP\AppFramework\Db\DoesNotExistException;
|
2016-09-09 23:36:35 +08:00
|
|
|
use OCP\IRequest;
|
2016-09-11 05:30:17 +08:00
|
|
|
use OCP\AppFramework\Http\JSONResponse;
|
2016-09-10 00:02:53 +08:00
|
|
|
use OCP\AppFramework\ApiController;
|
2016-09-11 18:33:09 +08:00
|
|
|
use OCA\Passman\Service\VaultService;
|
2016-09-12 02:47:29 +08:00
|
|
|
use OCA\Passman\Service\CredentialService;
|
2016-09-12 01:45:20 +08:00
|
|
|
|
2016-09-15 00:57:38 +08:00
|
|
|
|
2016-09-10 00:02:53 +08:00
|
|
|
class VaultController extends ApiController {
|
2016-09-09 23:36:35 +08:00
|
|
|
private $userId;
|
2016-09-11 18:33:09 +08:00
|
|
|
private $vaultService;
|
2016-09-12 02:47:29 +08:00
|
|
|
private $credentialService;
|
2016-09-09 23:36:35 +08:00
|
|
|
|
2016-09-11 18:33:09 +08:00
|
|
|
public function __construct($AppName,
|
|
|
|
|
IRequest $request,
|
|
|
|
|
$UserId,
|
2016-09-12 02:47:29 +08:00
|
|
|
VaultService $vaultService,
|
|
|
|
|
CredentialService $credentialService) {
|
2016-12-23 20:46:43 +08:00
|
|
|
parent::__construct(
|
|
|
|
|
$AppName,
|
|
|
|
|
$request,
|
|
|
|
|
'GET, POST, DELETE, PUT, PATCH',
|
|
|
|
|
'Authorization, Content-Type, Accept',
|
|
|
|
|
86400);
|
2016-09-09 23:36:35 +08:00
|
|
|
$this->userId = $UserId;
|
2016-09-11 18:33:09 +08:00
|
|
|
$this->vaultService = $vaultService;
|
2016-09-12 02:47:29 +08:00
|
|
|
$this->credentialService = $credentialService;
|
2016-09-09 23:36:35 +08:00
|
|
|
}
|
|
|
|
|
|
2016-09-11 05:30:17 +08:00
|
|
|
/**
|
|
|
|
|
* @NoAdminRequired
|
2016-12-23 20:46:43 +08:00
|
|
|
* @NoCSRFRequired
|
2016-09-11 05:30:17 +08:00
|
|
|
*/
|
|
|
|
|
public function listVaults() {
|
2016-10-01 02:43:20 +08:00
|
|
|
$result = array();
|
2016-09-11 18:33:09 +08:00
|
|
|
$vaults = $this->vaultService->getByUser($this->userId);
|
2016-10-01 02:43:20 +08:00
|
|
|
|
2016-10-07 19:01:57 +08:00
|
|
|
$protected_credential_fields = array('getDescription', 'getEmail', 'getUsername', 'getPassword');
|
2017-01-04 18:55:48 +08:00
|
|
|
if ($vaults) {
|
|
|
|
|
foreach ($vaults as $vault) {
|
|
|
|
|
$credential = $this->credentialService->getRandomCredentialByVaultId($vault->getId(), $this->userId);
|
|
|
|
|
$secret_field = $protected_credential_fields[array_rand($protected_credential_fields)];
|
|
|
|
|
array_push($result, array(
|
|
|
|
|
'vault_id' => $vault->getId(),
|
|
|
|
|
'guid' => $vault->getGuid(),
|
|
|
|
|
'name' => $vault->getName(),
|
|
|
|
|
'created' => $vault->getCreated(),
|
|
|
|
|
'public_sharing_key' => $vault->getPublicSharingKey(),
|
|
|
|
|
'last_access' => $vault->getlastAccess(),
|
|
|
|
|
'challenge_password' => $credential->{$secret_field}()
|
|
|
|
|
));
|
|
|
|
|
}
|
2016-10-01 02:43:20 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return new JSONResponse($result);
|
2016-09-11 05:30:17 +08:00
|
|
|
}
|
|
|
|
|
|
2016-09-09 23:36:35 +08:00
|
|
|
/**
|
|
|
|
|
* @NoAdminRequired
|
2016-12-23 20:46:43 +08:00
|
|
|
* @NoCSRFRequired
|
2016-09-09 23:36:35 +08:00
|
|
|
*/
|
2016-09-11 18:33:09 +08:00
|
|
|
public function create($vault_name) {
|
|
|
|
|
$vault = $this->vaultService->createVault($vault_name, $this->userId);
|
|
|
|
|
return new JSONResponse($vault);
|
2016-09-09 23:36:35 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @NoAdminRequired
|
2016-12-23 20:46:43 +08:00
|
|
|
* @NoCSRFRequired
|
2016-09-09 23:36:35 +08:00
|
|
|
*/
|
2016-10-07 18:58:41 +08:00
|
|
|
public function get($vault_guid) {
|
|
|
|
|
//$vault_guid
|
|
|
|
|
$vault = null;
|
2016-10-07 19:01:57 +08:00
|
|
|
try {
|
2016-10-07 18:58:41 +08:00
|
|
|
$vault = $this->vaultService->getByGuid($vault_guid, $this->userId);
|
2016-12-29 07:07:27 +08:00
|
|
|
} catch (\Exception $e) {
|
2017-01-04 18:55:48 +08:00
|
|
|
return new NotFoundJSONResponse();
|
2016-09-29 03:22:49 +08:00
|
|
|
}
|
2016-10-07 18:58:41 +08:00
|
|
|
$result = array();
|
2016-10-07 19:01:57 +08:00
|
|
|
if ($vault) {
|
2016-10-07 18:58:41 +08:00
|
|
|
$credentials = $this->credentialService->getCredentialsByVaultId($vault->getId(), $this->userId);
|
2016-10-07 19:01:57 +08:00
|
|
|
|
|
|
|
|
$result = array(
|
|
|
|
|
'vault_id' => $vault->getId(),
|
|
|
|
|
'guid' => $vault->getGuid(),
|
|
|
|
|
'name' => $vault->getName(),
|
|
|
|
|
'created' => $vault->getCreated(),
|
|
|
|
|
'private_sharing_key' => $vault->getPrivateSharingKey(),
|
|
|
|
|
'public_sharing_key' => $vault->getPublicSharingKey(),
|
|
|
|
|
'sharing_keys_generated' => $vault->getSharingKeysGenerated(),
|
|
|
|
|
'vault_settings' => $vault->getVaultSettings(),
|
|
|
|
|
'last_access' => $vault->getlastAccess()
|
|
|
|
|
);
|
|
|
|
|
$result['credentials'] = $credentials;
|
|
|
|
|
|
|
|
|
|
$this->vaultService->setLastAccess($vault->getId(), $this->userId);
|
2016-10-07 18:58:41 +08:00
|
|
|
}
|
|
|
|
|
|
2016-10-07 19:01:57 +08:00
|
|
|
|
2016-09-29 02:27:52 +08:00
|
|
|
return new JSONResponse($result);
|
2016-09-09 23:36:35 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @NoAdminRequired
|
2016-12-23 20:46:43 +08:00
|
|
|
* @NoCSRFRequired
|
2016-09-09 23:36:35 +08:00
|
|
|
*/
|
2016-10-07 18:58:41 +08:00
|
|
|
public function update($vault_guid, $name, $vault_settings) {
|
|
|
|
|
$vault = $this->vaultService->getByGuid($vault_guid, $this->userId);
|
2017-01-04 18:55:48 +08:00
|
|
|
if ($name && $vault) {
|
2016-09-29 04:05:09 +08:00
|
|
|
$vault->setName($name);
|
|
|
|
|
}
|
2017-01-04 18:55:48 +08:00
|
|
|
if ($vault_settings && $vault) {
|
2016-09-29 04:05:09 +08:00
|
|
|
$vault->setVaultSettings($vault_settings);
|
|
|
|
|
}
|
|
|
|
|
$this->vaultService->updateVault($vault);
|
2016-09-09 23:36:35 +08:00
|
|
|
}
|
|
|
|
|
|
2016-09-26 00:34:33 +08:00
|
|
|
/**
|
|
|
|
|
* @NoAdminRequired
|
2016-12-23 20:46:43 +08:00
|
|
|
* @NoCSRFRequired
|
2016-09-26 00:34:33 +08:00
|
|
|
*/
|
2016-10-07 18:58:41 +08:00
|
|
|
public function updateSharingKeys($vault_guid, $private_sharing_key, $public_sharing_key) {
|
|
|
|
|
$vault = null;
|
2016-10-07 19:01:57 +08:00
|
|
|
try {
|
2016-10-07 18:58:41 +08:00
|
|
|
$vault = $this->vaultService->getByGuid($vault_guid, $this->userId);
|
2016-12-29 07:07:27 +08:00
|
|
|
} catch (\Exception $e) {
|
2017-01-04 18:55:48 +08:00
|
|
|
// No need to catch the execption
|
|
|
|
|
}
|
2016-10-07 18:58:41 +08:00
|
|
|
|
2017-01-04 18:55:48 +08:00
|
|
|
if ($vault) {
|
|
|
|
|
$this->vaultService->updateSharingKeys($vault->getId(), $private_sharing_key, $public_sharing_key);
|
2016-10-07 18:58:41 +08:00
|
|
|
}
|
|
|
|
|
|
2016-09-26 00:34:33 +08:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2016-09-09 23:36:35 +08:00
|
|
|
/**
|
|
|
|
|
* @NoAdminRequired
|
2016-12-23 20:46:43 +08:00
|
|
|
* @NoCSRFRequired
|
2016-09-09 23:36:35 +08:00
|
|
|
*/
|
2016-09-09 23:41:02 +08:00
|
|
|
public function delete($vault_id) {
|
2017-01-04 04:12:24 +08:00
|
|
|
return new JSONResponse($vault_id);
|
2016-09-09 23:36:35 +08:00
|
|
|
}
|
|
|
|
|
}
|
