diff --git a/apps/cloud_federation_api/appinfo/routes.php b/apps/cloud_federation_api/appinfo/routes.php index 6b0774627a4e9..6467005e21bc3 100644 --- a/apps/cloud_federation_api/appinfo/routes.php +++ b/apps/cloud_federation_api/appinfo/routes.php @@ -20,11 +20,11 @@ 'verb' => 'POST', 'root' => '/ocm', ], - // [ - // 'name' => 'RequestHandler#inviteAccepted', - // 'url' => '/invite-accepted', - // 'verb' => 'POST', - // 'root' => '/ocm', - // ] + [ + 'name' => 'RequestHandler#inviteAccepted', + 'url' => '/invite-accepted', + 'verb' => 'POST', + 'root' => '/ocm', + ] ], ]; diff --git a/apps/cloud_federation_api/lib/Controller/RequestHandlerController.php b/apps/cloud_federation_api/lib/Controller/RequestHandlerController.php index 8749b43c67e75..239dc82a184f4 100644 --- a/apps/cloud_federation_api/lib/Controller/RequestHandlerController.php +++ b/apps/cloud_federation_api/lib/Controller/RequestHandlerController.php @@ -188,6 +188,73 @@ public function addShare($shareWith, $name, $description, $providerId, $owner, $ Http::STATUS_CREATED); } + /** + * Inform the sender that an invitation was accepted to start sharing + * + * Inform about an accepted invitation so the user on the sender provider's side + * can initiate the OCM share creation. To protect the identity of the parties, + * for shares created following an OCM invitation, the user id MAY be hashed, + * and recipients implementing the OCM invitation workflow MAY refuse to process + * shares coming from unknown parties. + * + * @param string $recipientProvider + * @param string $token + * @param string $userId + * @param string $email + * @param string $name + * @return JSONResponse + * 200: invitation accepted + * 400: Invalid token + * 403: Invitation token does not exist + * 409: User is allready known by the OCM provider + * spec link: https://cs3org.github.io/OCM-API/docs.html?branch=v1.1.0&repo=OCM-API&user=cs3org#/paths/~1invite-accepted/post + */ + #[PublicPage] + #[NoCSRFRequired] + #[BruteForceProtection(action: 'inviteAccepted')] + public function inviteAccepted(string $recipientProvider, string $token, string $userId, string $email, string $name): JSONResponse { + $this->logger->debug('Invite accepted for ' . $userId . ' with token ' . $token . ' and email ' . $email . ' and name ' . $name); + $found_for_this_user = false; + foreach ($this->ocConfig->getAppKeys($this->appName) as $key) { + if(str_starts_with($key, $token) ){ + $found_for_this_user = $this->getAppValue($this->appName, $token . '_remote_id') === $userId; + } + } + + + + if (!$found_for_this_user) { + $response = ['message' => 'Invalid or non existing token', 'error' => true]; + $status = Http::STATUS_BAD_REQUEST; + return new JSONResponse($response,$status); + } + + if(!$this->trustedServers->isTrustedServer($recipientProvider)) { + $response = ['message' => 'Remote server not trusted', 'error' => true]; + $status = Http::STATUS_FORBIDDEN; + return new JSONResponse($response,$status); + } + // Note: Not implementing 404 Invitation token does not exist, instead using 400 + + if ($this->ocConfig->getAppValue($this->appName, $token . '_accepted') === true ) { + $response = ['message' => 'Invite already accepted', 'error' => true]; + $status = Http::STATUS_CONFLICT; + return new JSONResponse($response,$status); + } + + + $localId = $this->ocConfig->getAppValue($this->appName, $token . '_local_id'); + $response = ['usedID' => $localId, 'email' => $email, 'name' => $name]; + $status = Http::STATUS_OK; + $this->ocConfig->setAppValue($this->appName, $token . '_accepted', true); + // TODO: Set these values where the invitation workflow is implemented + // $this->ocConfig->setAppValue($this->appName, $token . '_accepted', false); + // $this->ocConfig->setAppValue($this->appName, $token . '_local_id', $localId); + // $this->ocConfig->setAppValue($this->appName, $token . '_remote_id', $remoteId); + + return new JSONResponse($response,$status); + } + /** * Send a notification about an existing share *