nextcloud/apps/federation/lib/BackgroundJob/RequestSharedSecret.php

<?php

declare(strict_types=1);

/**
 * SPDX-FileCopyrightText: 2017-2024 Nextcloud GmbH and Nextcloud contributors
 * SPDX-FileCopyrightText: 2016 ownCloud, Inc.
 * SPDX-License-Identifier: AGPL-3.0-only
 */
namespace OCA\Federation\BackgroundJob;

use GuzzleHttp\Exception\ClientException;
use GuzzleHttp\Exception\RequestException;
use OCA\Federation\TrustedServers;
use OCP\AppFramework\Http;
use OCP\AppFramework\Utility\ITimeFactory;
use OCP\BackgroundJob\IJobList;
use OCP\BackgroundJob\Job;
use OCP\Http\Client\IClient;
use OCP\Http\Client\IClientService;
use OCP\IURLGenerator;
use OCP\OCS\IDiscoveryService;
use Psr\Log\LoggerInterface;

/**
 * Class RequestSharedSecret
 *
 * Ask remote Nextcloud to request a sharedSecret from this server
 *
 * @package OCA\Federation\Backgroundjob
 */
class RequestSharedSecret extends Job {
	private IClient $httpClient;

	protected bool $retainJob = false;

	private string $defaultEndPoint = '/ocs/v2.php/apps/federation/api/v1/request-shared-secret';

	/** @var int 30 day = 2592000sec */
	private int $maxLifespan = 2592000;

	public function __construct(
		IClientService $httpClientService,
		private IURLGenerator $urlGenerator,
		private IJobList $jobList,
		private TrustedServers $trustedServers,
		private IDiscoveryService $ocsDiscoveryService,
		private LoggerInterface $logger,
		ITimeFactory $timeFactory,
	) {
		parent::__construct($timeFactory);
		$this->httpClient = $httpClientService->newClient();
	}


	/**
	 * run the job, then remove it from the joblist
	 */
	public function start(IJobList $jobList): void {
		$target = $this->argument['url'];
		// only execute if target is still in the list of trusted domains
		if ($this->trustedServers->isTrustedServer($target)) {
			$this->parentStart($jobList);
		}

		$jobList->remove($this, $this->argument);

		if ($this->retainJob) {
			$this->reAddJob($this->argument);
		}
	}

	/**
	 * Call start() method of parent
	 * Useful for unit tests
	 */
	protected function parentStart(IJobList $jobList): void {
		parent::start($jobList);
	}

	/**
	 * @param array $argument
	 * @return void
	 */
	protected function run($argument) {
		$target = $argument['url'];
		$created = isset($argument['created']) ? (int)$argument['created'] : $this->time->getTime();
		$currentTime = $this->time->getTime();
		$source = $this->urlGenerator->getAbsoluteURL('/');
		$source = rtrim($source, '/');
		$token = $argument['token'];

		// kill job after 30 days of trying
		$deadline = $currentTime - $this->maxLifespan;
		if ($created < $deadline) {
			$this->logger->warning("The job to request the shared secret job is too old and gets stopped now without retention. Setting server status of '{$target}' to failure.");
			$this->retainJob = false;
			$this->trustedServers->setServerStatus($target, TrustedServers::STATUS_FAILURE);
			return;
		}

		$endPoints = $this->ocsDiscoveryService->discover($target, 'FEDERATED_SHARING');
		$endPoint = $endPoints['shared-secret'] ?? $this->defaultEndPoint;

		// make sure that we have a well formatted url
		$url = rtrim($target, '/') . '/' . trim($endPoint, '/');

		try {
			$result = $this->httpClient->post(
				$url,
				[
					'body' => [
						'url' => $source,
						'token' => $token,
						'format' => 'json',
					],
					'timeout' => 3,
					'connect_timeout' => 3,
				]
			);

			$status = $result->getStatusCode();
		} catch (ClientException $e) {
			$status = $e->getCode();
			if ($status === Http::STATUS_FORBIDDEN) {
				$this->logger->info($target . ' refused to ask for a shared secret.', ['app' => 'federation']);
			} else {
				$this->logger->info($target . ' responded with a ' . $status . ' containing: ' . $e->getMessage(), ['app' => 'federation']);
			}
		} catch (RequestException $e) {
			$status = -1; // There is no status code if we could not connect
			$this->logger->info('Could not connect to ' . $target, ['app' => 'federation']);
		} catch (\Throwable $e) {
			$status = Http::STATUS_INTERNAL_SERVER_ERROR;
			$this->logger->error($e->getMessage(), ['app' => 'federation', 'exception' => $e]);
		}

		// if we received a unexpected response we try again later
		if (
			$status !== Http::STATUS_OK
			&& ($status !== Http::STATUS_FORBIDDEN || $this->getAttempt($argument) < 5)
		) {
			$this->retainJob = true;
		}
	}

	/**
	 * re-add background job
	 */
	protected function reAddJob(array $argument): void {
		$url = $argument['url'];
		$created = isset($argument['created']) ? (int)$argument['created'] : $this->time->getTime();
		$token = $argument['token'];
		$attempt = $this->getAttempt($argument) + 1;

		$this->jobList->add(
			RequestSharedSecret::class,
			[
				'url' => $url,
				'token' => $token,
				'created' => $created,
				'attempt' => $attempt
			]
		);
	}

	protected function getAttempt(array $argument): int {
		return $argument['attempt'] ?? 0;
	}
}
exchange shared secret 2015-11-10 04:50:59 -05:00			`<?php`
Migrate federation application to LoggerInterface Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2023-06-26 11:20:08 -04:00
			`declare(strict_types=1);`

exchange shared secret 2015-11-10 04:50:59 -05:00			`/**`
chore: Add SPDX header Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de> 2024-05-28 10:42:42 -04:00			`* SPDX-FileCopyrightText: 2017-2024 Nextcloud GmbH and Nextcloud contributors`
			`* SPDX-FileCopyrightText: 2016 ownCloud, Inc.`
			`* SPDX-License-Identifier: AGPL-3.0-only`
exchange shared secret 2015-11-10 04:50:59 -05:00			`*/`
			`namespace OCA\Federation\BackgroundJob;`

make sure that both server don't try to exchange the shared secret in parallel 2015-11-19 05:48:21 -05:00			`use GuzzleHttp\Exception\ClientException;`
Catch the errors related to untrusted self signed certificates for federation * Added tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2017-12-11 09:07:08 -05:00			`use GuzzleHttp\Exception\RequestException;`
exchange shared secret 2015-11-10 04:50:59 -05:00			`use OCA\Federation\TrustedServers;`
			`use OCP\AppFramework\Http;`
Use ITimeFactory * Inject the timefacotry so we can mock it properly in the tests. * Extended unit tests to cover the new paths Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2017-08-01 05:23:40 -04:00			`use OCP\AppFramework\Utility\ITimeFactory;`
exchange shared secret 2015-11-10 04:50:59 -05:00			`use OCP\BackgroundJob\IJobList;`
Use proper OCP\BackgroundJobs\Job And typehunt the IJobList Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2020-11-24 08:18:47 -05:00			`use OCP\BackgroundJob\Job;`
exchange shared secret 2015-11-10 04:50:59 -05:00			`use OCP\Http\Client\IClient;`
cleanup constructors Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org> 2017-07-28 08:54:08 -04:00			`use OCP\Http\Client\IClientService;`
exchange shared secret 2015-11-10 04:50:59 -05:00			`use OCP\IURLGenerator;`
use discovered end-point for trusted servers Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org> 2017-02-24 09:33:09 -05:00			`use OCP\OCS\IDiscoveryService;`
Migrate federation application to LoggerInterface Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2023-06-26 11:20:08 -04:00			`use Psr\Log\LoggerInterface;`
exchange shared secret 2015-11-10 04:50:59 -05:00
			`/**`
			`* Class RequestSharedSecret`
			`*`
Update comments to Nextcloud * based on PR by @Ardinis * see #4311 Signed-off-by: Morris Jobke <hey@morrisjobke.de> 2017-04-12 00:16:27 -04:00			`* Ask remote Nextcloud to request a sharedSecret from this server`
exchange shared secret 2015-11-10 04:50:59 -05:00			`*`
			`* @package OCA\Federation\Backgroundjob`
			`*/`
Do not create a new job when it failed to connect atm 2016-03-18 08:22:05 -04:00			`class RequestSharedSecret extends Job {`
Migrate federation application to LoggerInterface Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2023-06-26 11:20:08 -04:00			`private IClient $httpClient;`
exchange shared secret 2015-11-10 04:50:59 -05:00
Migrate federation application to LoggerInterface Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2023-06-26 11:20:08 -04:00			`protected bool $retainJob = false;`
Add error logging to federated sharing handshake 2015-12-21 09:48:02 -05:00
Migrate federation application to LoggerInterface Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2023-06-26 11:20:08 -04:00			`private string $defaultEndPoint = '/ocs/v2.php/apps/federation/api/v1/request-shared-secret';`
Do not create a new job when it failed to connect atm 2016-03-18 08:22:05 -04:00
Migrate federation application to LoggerInterface Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2023-06-26 11:20:08 -04:00			`/** @var int 30 day = 2592000sec */`
			`private int $maxLifespan = 2592000;`
use discovered end-point for trusted servers Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org> 2017-02-24 09:33:09 -05:00
exchange shared secret 2015-11-10 04:50:59 -05:00			`public function __construct(`
cleanup constructors Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org> 2017-07-28 08:54:08 -04:00			`IClientService $httpClientService,`
Migrate federation application to LoggerInterface Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2023-06-26 11:20:08 -04:00			`private IURLGenerator $urlGenerator,`
			`private IJobList $jobList,`
			`private TrustedServers $trustedServers,`
			`private IDiscoveryService $ocsDiscoveryService,`
			`private LoggerInterface $logger,`
			`ITimeFactory $timeFactory,`
exchange shared secret 2015-11-10 04:50:59 -05:00			`) {`
Add missing parent::__construct() calls to Jobs Signed-off-by: Joas Schilling <coding@schilljs.com> 2020-12-14 10:35:12 -05:00			`parent::__construct($timeFactory);`
cleanup constructors Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org> 2017-07-28 08:54:08 -04:00			`$this->httpClient = $httpClientService->newClient();`
exchange shared secret 2015-11-10 04:50:59 -05:00			`}`


			`/**`
			`* run the job, then remove it from the joblist`
			`*/`
Migrate federation application to LoggerInterface Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2023-06-26 11:20:08 -04:00			`public function start(IJobList $jobList): void {`
exchange shared secret 2015-11-10 04:50:59 -05:00			`$target = $this->argument['url'];`
			`// only execute if target is still in the list of trusted domains`
			`if ($this->trustedServers->isTrustedServer($target)) {`
Migrate federation application to LoggerInterface Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2023-06-26 11:20:08 -04:00			`$this->parentStart($jobList);`
exchange shared secret 2015-11-10 04:50:59 -05:00			`}`
Do not create a new job when it failed to connect atm 2016-03-18 08:22:05 -04:00
expire requestSharedSecret job after 30 days Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org> 2017-07-28 08:50:40 -04:00			`$jobList->remove($this, $this->argument);`

			`if ($this->retainJob) {`
Use ITimeFactory * Inject the timefacotry so we can mock it properly in the tests. * Extended unit tests to cover the new paths Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2017-08-01 05:23:40 -04:00			`$this->reAddJob($this->argument);`
Do not create a new job when it failed to connect atm 2016-03-18 08:22:05 -04:00			`}`
exchange shared secret 2015-11-10 04:50:59 -05:00			`}`

unit tests 2015-11-19 11:49:43 -05:00			`/**`
Migrate federation application to LoggerInterface Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2023-06-26 11:20:08 -04:00			`* Call start() method of parent`
			`* Useful for unit tests`
unit tests 2015-11-19 11:49:43 -05:00			`*/`
Migrate federation application to LoggerInterface Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2023-06-26 11:20:08 -04:00			`protected function parentStart(IJobList $jobList): void {`
			`parent::start($jobList);`
unit tests 2015-11-19 11:49:43 -05:00			`}`

Migrate federation application to LoggerInterface Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2023-06-26 11:20:08 -04:00			`/**`
			`* @param array $argument`
			`* @return void`
			`*/`
exchange shared secret 2015-11-10 04:50:59 -05:00			`protected function run($argument) {`
			`$target = $argument['url'];`
Add missing parent::__construct() calls to Jobs Signed-off-by: Joas Schilling <coding@schilljs.com> 2020-12-14 10:35:12 -05:00			`$created = isset($argument['created']) ? (int)$argument['created'] : $this->time->getTime();`
			`$currentTime = $this->time->getTime();`
exchange shared secret 2015-11-10 04:50:59 -05:00			`$source = $this->urlGenerator->getAbsoluteURL('/');`
			`$source = rtrim($source, '/');`
			`$token = $argument['token'];`

expire requestSharedSecret job after 30 days Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org> 2017-07-28 08:50:40 -04:00			`// kill job after 30 days of trying`
			`$deadline = $currentTime - $this->maxLifespan;`
			`if ($created < $deadline) {`
fix(federation): always set server status to OK after successful runs Previously if a server status got set to failure, it stayed that way until an addressbook-sync found changes. Now the server status is set to OK after each successful sync check (if that's not the case already), regardless of addressbook changes. This change also includes two new logging statements, which could help next time someone debugs this. Signed-off-by: Pablo Zimdahl <pablo@nextcloud.com> 2024-08-22 04:22:30 -04:00			`$this->logger->warning("The job to request the shared secret job is too old and gets stopped now without retention. Setting server status of '{$target}' to failure.");`
expire requestSharedSecret job after 30 days Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org> 2017-07-28 08:50:40 -04:00			`$this->retainJob = false;`
			`$this->trustedServers->setServerStatus($target, TrustedServers::STATUS_FAILURE);`
			`return;`
			`}`

use discovered end-point for trusted servers Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org> 2017-02-24 09:33:09 -05:00			`$endPoints = $this->ocsDiscoveryService->discover($target, 'FEDERATED_SHARING');`
Convert isset ternary to null coalescing operator Signed-off-by: Hamid Dehnavi <hamid.dev.pro@gmail.com> 2023-07-07 06:20:21 -04:00			`$endPoint = $endPoints['shared-secret'] ?? $this->defaultEndPoint;`
use discovered end-point for trusted servers Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org> 2017-02-24 09:33:09 -05:00
Fix typos in apps/ subdirectory Found via `codespell -q 3 -S l10n,./apps/files_external/3rdparty -L adn,ba,boxs,keypair,jus,optionel,ressource,tabel ./apps/` Signed-off-by: luz paz <luzpaz@github.com> Signed-off-by: nextcloud-command <nextcloud-command@users.noreply.github.com> 2022-07-28 07:11:38 -04:00			`// make sure that we have a well formatted url`
improve error reporting and move format parameter to the options Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org> 2018-04-20 09:53:10 -04:00			`$url = rtrim($target, '/') . '/' . trim($endPoint, '/');`
use discovered end-point for trusted servers Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org> 2017-02-24 09:33:09 -05:00
make sure that both server don't try to exchange the shared secret in parallel 2015-11-19 05:48:21 -05:00			`try {`
			`$result = $this->httpClient->post(`
use discovered end-point for trusted servers Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org> 2017-02-24 09:33:09 -05:00			`$url,`
make sure that both server don't try to exchange the shared secret in parallel 2015-11-19 05:48:21 -05:00			`[`
			`'body' => [`
			`'url' => $source,`
			`'token' => $token,`
improve error reporting and move format parameter to the options Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org> 2018-04-20 09:53:10 -04:00			`'format' => 'json',`
make sure that both server don't try to exchange the shared secret in parallel 2015-11-19 05:48:21 -05:00			`],`
			`'timeout' => 3,`
			`'connect_timeout' => 3,`
			`]`
			`);`
exchange shared secret 2015-11-10 04:50:59 -05:00
make sure that both server don't try to exchange the shared secret in parallel 2015-11-19 05:48:21 -05:00			`$status = $result->getStatusCode();`
			`} catch (ClientException $e) {`
			`$status = $e->getCode();`
forbidden (403) is a valid return status, don't log the whole exception in this case 2016-02-15 11:33:06 -05:00			`if ($status === Http::STATUS_FORBIDDEN) {`
			`$this->logger->info($target . ' refused to ask for a shared secret.', ['app' => 'federation']);`
			`} else {`
No need to log guzzle exception When getting/requesting a shared secret there is no need to log the full exception when an unexpected status code is returned since this won't really tell us anything as the bad stuff happened on a remote server Fixes #3380 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2017-04-21 05:29:01 -04:00			`$this->logger->info($target . ' responded with a ' . $status . ' containing: ' . $e->getMessage(), ['app' => 'federation']);`
forbidden (403) is a valid return status, don't log the whole exception in this case 2016-02-15 11:33:06 -05:00			`}`
Catch the errors related to untrusted self signed certificates for federation * Added tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2017-12-11 09:07:08 -05:00			`} catch (RequestException $e) {`
			`$status = -1; // There is no status code if we could not connect`
			`$this->logger->info('Could not connect to ' . $target, ['app' => 'federation']);`
Drop all dead packages Apparently we have plenty of leftover of previous sub-dependencies. Composer automatically dumps those with any future dependency update, so I'm dropping them in an atomic step. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2020-12-22 10:29:38 -05:00			`} catch (\Throwable $e) {`
Do not create a new job when it failed to connect atm 2016-03-18 08:22:05 -04:00			`$status = Http::STATUS_INTERNAL_SERVER_ERROR;`
Migrate federation application to LoggerInterface Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2023-06-26 11:20:08 -04:00			`$this->logger->error($e->getMessage(), ['app' => 'federation', 'exception' => $e]);`
make sure that both server don't try to exchange the shared secret in parallel 2015-11-19 05:48:21 -05:00			`}`
exchange shared secret 2015-11-10 04:50:59 -05:00
			`// if we received a unexpected response we try again later`
			`if (`
			`$status !== Http::STATUS_OK`
fix(federation): give some time to prepare both servers - when this background job runs, while the current server was not being added as trusted_server in the other instance, yet, the secret sharing would not be attempted again, without visual feedback. - the change allows 5 attempts, which gives more than 20minutes to complete. More do not really help as the endpoint is brute force protected. Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de> 2024-04-10 15:45:33 -04:00			`&& ($status !== Http::STATUS_FORBIDDEN \|\| $this->getAttempt($argument) < 5)`
exchange shared secret 2015-11-10 04:50:59 -05:00			`) {`
Do not create a new job when it failed to connect atm 2016-03-18 08:22:05 -04:00			`$this->retainJob = true;`
exchange shared secret 2015-11-10 04:50:59 -05:00			`}`
			`}`
expire requestSharedSecret job after 30 days Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org> 2017-07-28 08:50:40 -04:00
			`/**`
			`* re-add background job`
			`*/`
Migrate federation application to LoggerInterface Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2023-06-26 11:20:08 -04:00			`protected function reAddJob(array $argument): void {`
expire requestSharedSecret job after 30 days Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org> 2017-07-28 08:50:40 -04:00			`$url = $argument['url'];`
Add missing parent::__construct() calls to Jobs Signed-off-by: Joas Schilling <coding@schilljs.com> 2020-12-14 10:35:12 -05:00			`$created = isset($argument['created']) ? (int)$argument['created'] : $this->time->getTime();`
expire requestSharedSecret job after 30 days Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org> 2017-07-28 08:50:40 -04:00			`$token = $argument['token'];`
fix(federation): give some time to prepare both servers - when this background job runs, while the current server was not being added as trusted_server in the other instance, yet, the secret sharing would not be attempted again, without visual feedback. - the change allows 5 attempts, which gives more than 20minutes to complete. More do not really help as the endpoint is brute force protected. Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de> 2024-04-10 15:45:33 -04:00			`$attempt = $this->getAttempt($argument) + 1;`
expire requestSharedSecret job after 30 days Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org> 2017-07-28 08:50:40 -04:00
Use ITimeFactory * Inject the timefacotry so we can mock it properly in the tests. * Extended unit tests to cover the new paths Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2017-08-01 05:23:40 -04:00			`$this->jobList->add(`
expire requestSharedSecret job after 30 days Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org> 2017-07-28 08:50:40 -04:00			`RequestSharedSecret::class,`
			`[`
			`'url' => $url,`
			`'token' => $token,`
fix(federation): give some time to prepare both servers - when this background job runs, while the current server was not being added as trusted_server in the other instance, yet, the secret sharing would not be attempted again, without visual feedback. - the change allows 5 attempts, which gives more than 20minutes to complete. More do not really help as the endpoint is brute force protected. Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de> 2024-04-10 15:45:33 -04:00			`'created' => $created,`
			`'attempt' => $attempt`
expire requestSharedSecret job after 30 days Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org> 2017-07-28 08:50:40 -04:00			`]`
			`);`
			`}`
fix(federation): give some time to prepare both servers - when this background job runs, while the current server was not being added as trusted_server in the other instance, yet, the secret sharing would not be attempted again, without visual feedback. - the change allows 5 attempts, which gives more than 20minutes to complete. More do not really help as the endpoint is brute force protected. Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de> 2024-04-10 15:45:33 -04:00
			`protected function getAttempt(array $argument): int {`
			`return $argument['attempt'] ?? 0;`
			`}`
exchange shared secret 2015-11-10 04:50:59 -05:00			`}`