nextcloud_server/apps/updatenotification/lib/Controller/AdminController.php

<?php

declare(strict_types=1);

/**
 * SPDX-FileCopyrightText: 2016 ownCloud, Inc.
 * SPDX-License-Identifier: AGPL-3.0-only
 */
namespace OCA\UpdateNotification\Controller;

use OCA\UpdateNotification\BackgroundJob\ResetToken;
use OCP\AppFramework\Controller;
use OCP\AppFramework\Http;
use OCP\AppFramework\Http\DataResponse;
use OCP\AppFramework\Utility\ITimeFactory;
use OCP\BackgroundJob\IJobList;
use OCP\IAppConfig;
use OCP\IConfig;
use OCP\IL10N;
use OCP\IRequest;
use OCP\Security\ISecureRandom;
use OCP\Util;

class AdminController extends Controller {

	public function __construct(
		string $appName,
		IRequest $request,
		private IJobList $jobList,
		private ISecureRandom $secureRandom,
		private IConfig $config,
		private IAppConfig $appConfig,
		private ITimeFactory $timeFactory,
		private IL10N $l10n,
	) {
		parent::__construct($appName, $request);
	}

	private function isUpdaterEnabled() {
		return !$this->config->getSystemValue('upgrade.disable-web', false);
	}

	/**
	 * @param string $channel
	 * @return DataResponse
	 */
	public function setChannel(string $channel): DataResponse {
		Util::setChannel($channel);
		$this->appConfig->setValueInt('core', 'lastupdatedat', 0);
		return new DataResponse(['status' => 'success', 'data' => ['message' => $this->l10n->t('Channel updated')]]);
	}

	/**
	 * @return DataResponse
	 */
	public function createCredentials(): DataResponse {
		if (!$this->isUpdaterEnabled()) {
			return new DataResponse(['status' => 'error', 'message' => $this->l10n->t('Web updater is disabled')], Http::STATUS_FORBIDDEN);
		}

		// Create a new job and store the creation date
		$this->jobList->add(ResetToken::class);
		$this->appConfig->setValueInt('core', 'updater.secret.created', $this->timeFactory->getTime());

		// Create a new token
		$newToken = $this->secureRandom->generate(64);
		$this->config->setSystemValue('updater.secret', password_hash($newToken, PASSWORD_DEFAULT));

		return new DataResponse($newToken);
	}
}
Add SSO for updater application Allows logging-in into the updater application by visiting the admin panel and pressing "Open updater". 2016-02-09 18:58:29 +00:00			`<?php`
Update license headers Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2019-12-03 18:57:53 +00:00
Make Update notficiations strict and fix all inspections Signed-off-by: Joas Schilling <coding@schilljs.com> 2018-01-17 12:42:02 +00:00			`declare(strict_types=1);`
Update license headers Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2019-12-03 18:57:53 +00:00
Add SSO for updater application Allows logging-in into the updater application by visiting the admin panel and pressing "Open updater". 2016-02-09 18:58:29 +00:00			`/**`
chore: Add SPDX header Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de> 2024-05-30 18:13:41 +00:00			`* SPDX-FileCopyrightText: 2016 ownCloud, Inc.`
			`* SPDX-License-Identifier: AGPL-3.0-only`
Add SSO for updater application Allows logging-in into the updater application by visiting the admin panel and pressing "Open updater". 2016-02-09 18:58:29 +00:00			`*/`
			`namespace OCA\UpdateNotification\Controller;`

fix(updatenotification): Replace deprecated code and move background jobs into `BackgroundJobs` subfolder Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de> 2024-03-02 20:04:56 +00:00			`use OCA\UpdateNotification\BackgroundJob\ResetToken;`
Add SSO for updater application Allows logging-in into the updater application by visiting the admin panel and pressing "Open updater". 2016-02-09 18:58:29 +00:00			`use OCP\AppFramework\Controller;`
Hide updater button when web updater is disabled Whenever the web updater is disabled, the updater button and its matching token requesting endpoints are disabled. Signed-off-by: Vincent Petry <vincent@nextcloud.com> 2021-02-17 08:34:01 +00:00			`use OCP\AppFramework\Http;`
Add SSO for updater application Allows logging-in into the updater application by visiting the admin panel and pressing "Open updater". 2016-02-09 18:58:29 +00:00			`use OCP\AppFramework\Http\DataResponse;`
			`use OCP\AppFramework\Utility\ITimeFactory;`
			`use OCP\BackgroundJob\IJobList;`
fix(updatenotification): Replace deprecated code and move background jobs into `BackgroundJobs` subfolder Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de> 2024-03-02 20:04:56 +00:00			`use OCP\IAppConfig;`
Add SSO for updater application Allows logging-in into the updater application by visiting the admin panel and pressing "Open updater". 2016-02-09 18:58:29 +00:00			`use OCP\IConfig;`
Add release channel selection back Allows to select the release channels again and also shows the last check date 2016-03-04 12:56:13 +00:00			`use OCP\IL10N;`
Add SSO for updater application Allows logging-in into the updater application by visiting the admin panel and pressing "Open updater". 2016-02-09 18:58:29 +00:00			`use OCP\IRequest;`
			`use OCP\Security\ISecureRandom;`
Automatic DI for Controllers also works Signed-off-by: Joas Schilling <coding@schilljs.com> 2018-01-11 10:38:26 +00:00			`use OCP\Util;`
Add SSO for updater application Allows logging-in into the updater application by visiting the admin panel and pressing "Open updater". 2016-02-09 18:58:29 +00:00
Split controller and settings Signed-off-by: Joas Schilling <coding@schilljs.com> 2018-01-15 11:06:03 +00:00			`class AdminController extends Controller {`
Add SSO for updater application Allows logging-in into the updater application by visiting the admin panel and pressing "Open updater". 2016-02-09 18:58:29 +00:00
fix(updatenotification): Replace deprecated code and move background jobs into `BackgroundJobs` subfolder Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de> 2024-03-02 20:04:56 +00:00			`public function __construct(`
			`string $appName,`
Add SSO for updater application Allows logging-in into the updater application by visiting the admin panel and pressing "Open updater". 2016-02-09 18:58:29 +00:00			`IRequest $request,`
fix(updatenotification): Replace deprecated code and move background jobs into `BackgroundJobs` subfolder Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de> 2024-03-02 20:04:56 +00:00			`private IJobList $jobList,`
			`private ISecureRandom $secureRandom,`
			`private IConfig $config,`
			`private IAppConfig $appConfig,`
			`private ITimeFactory $timeFactory,`
			`private IL10N $l10n,`
			`) {`
Add SSO for updater application Allows logging-in into the updater application by visiting the admin panel and pressing "Open updater". 2016-02-09 18:58:29 +00:00			`parent::__construct($appName, $request);`
Add release channel selection back Allows to select the release channels again and also shows the last check date 2016-03-04 12:56:13 +00:00			`}`

Hide updater button when web updater is disabled Whenever the web updater is disabled, the updater button and its matching token requesting endpoints are disabled. Signed-off-by: Vincent Petry <vincent@nextcloud.com> 2021-02-17 08:34:01 +00:00			`private function isUpdaterEnabled() {`
			`return !$this->config->getSystemValue('upgrade.disable-web', false);`
			`}`

Add release channel selection back Allows to select the release channels again and also shows the last check date 2016-03-04 12:56:13 +00:00			`/**`
			`* @param string $channel`
			`* @return DataResponse`
			`*/`
Make Update notficiations strict and fix all inspections Signed-off-by: Joas Schilling <coding@schilljs.com> 2018-01-17 12:42:02 +00:00			`public function setChannel(string $channel): DataResponse {`
Automatic DI for Controllers also works Signed-off-by: Joas Schilling <coding@schilljs.com> 2018-01-11 10:38:26 +00:00			`Util::setChannel($channel);`
fix(updatenotification): Replace deprecated code and move background jobs into `BackgroundJobs` subfolder Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de> 2024-03-02 20:04:56 +00:00			`$this->appConfig->setValueInt('core', 'lastupdatedat', 0);`
Fix layout of success message and text 2016-09-07 14:38:12 +00:00			`return new DataResponse(['status' => 'success', 'data' => ['message' => $this->l10n->t('Channel updated')]]);`
Add SSO for updater application Allows logging-in into the updater application by visiting the admin panel and pressing "Open updater". 2016-02-09 18:58:29 +00:00			`}`

			`/**`
			`* @return DataResponse`
			`*/`
Make Update notficiations strict and fix all inspections Signed-off-by: Joas Schilling <coding@schilljs.com> 2018-01-17 12:42:02 +00:00			`public function createCredentials(): DataResponse {`
Hide updater button when web updater is disabled Whenever the web updater is disabled, the updater button and its matching token requesting endpoints are disabled. Signed-off-by: Vincent Petry <vincent@nextcloud.com> 2021-02-17 08:34:01 +00:00			`if (!$this->isUpdaterEnabled()) {`
			`return new DataResponse(['status' => 'error', 'message' => $this->l10n->t('Web updater is disabled')], Http::STATUS_FORBIDDEN);`
			`}`

Add SSO for updater application Allows logging-in into the updater application by visiting the admin panel and pressing "Open updater". 2016-02-09 18:58:29 +00:00			`// Create a new job and store the creation date`
fix(updatenotification): Replace deprecated code and move background jobs into `BackgroundJobs` subfolder Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de> 2024-03-02 20:04:56 +00:00			`$this->jobList->add(ResetToken::class);`
			`$this->appConfig->setValueInt('core', 'updater.secret.created', $this->timeFactory->getTime());`
Add SSO for updater application Allows logging-in into the updater application by visiting the admin panel and pressing "Open updater". 2016-02-09 18:58:29 +00:00
			`// Create a new token`
Harden updater authentication - Reset tokens after 2 hours as discussed at https://github.com/owncloud/updater/issues/220#issuecomment-182033453 - Used BCrypt for storing the password in the config.php. This makes it substantially harder in case of a leakage of the token to bruteforce it. In the future we can evaluate also an HMAC including the IP. That's a bit tricker though at the moment considering that we support reverse proxies. Didn't feel brave enough to touch that dragon now as well ;) 2016-02-10 13:41:47 +00:00			`$newToken = $this->secureRandom->generate(64);`
			`$this->config->setSystemValue('updater.secret', password_hash($newToken, PASSWORD_DEFAULT));`
Add SSO for updater application Allows logging-in into the updater application by visiting the admin panel and pressing "Open updater". 2016-02-09 18:58:29 +00:00
			`return new DataResponse($newToken);`
			`}`
			`}`
No results found.