255 lines
8.4 KiB
PHP
255 lines
8.4 KiB
PHP
<?php
|
|
/* Copyright (C) 2018 Destailleur Laurent <eldy@users.sourceforge.net>
|
|
* Copyright (C) 2019 Regis Houssin <regis.houssin@inodbox.com>
|
|
* Copyright (C) 2024 MDW <mdeweerd@users.noreply.github.com>
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation; either version 3 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program. If not, see <https://www.gnu.org/licenses/>.
|
|
*
|
|
* You can test with the WebDav client cadaver:
|
|
* cadaver http://myurl/dav/fileserver.php
|
|
*/
|
|
|
|
/**
|
|
* \file htdocs/dav/fileserver.php
|
|
* \ingroup dav
|
|
* \brief Server DAV
|
|
*/
|
|
|
|
if (!defined('NOTOKENRENEWAL')) {
|
|
define('NOTOKENRENEWAL', '1');
|
|
}
|
|
if (!defined('NOREQUIREMENU')) {
|
|
define('NOREQUIREMENU', '1'); // If there is no menu to show
|
|
}
|
|
if (!defined('NOREQUIREHTML')) {
|
|
define('NOREQUIREHTML', '1'); // If we don't need to load the html.form.class.php
|
|
}
|
|
if (!defined('NOREQUIREAJAX')) {
|
|
define('NOREQUIREAJAX', '1');
|
|
}
|
|
if (!defined('NOLOGIN')) {
|
|
define("NOLOGIN", 1); // This means this output page does not require to be logged.
|
|
}
|
|
if (!defined('NOCSRFCHECK')) {
|
|
define("NOCSRFCHECK", 1); // We accept to go on this page from external web site.
|
|
}
|
|
|
|
require "../main.inc.php";
|
|
require_once DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php';
|
|
require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php';
|
|
require_once DOL_DOCUMENT_ROOT.'/dav/dav.class.php';
|
|
require_once DOL_DOCUMENT_ROOT.'/dav/dav.lib.php';
|
|
|
|
require_once DOL_DOCUMENT_ROOT.'/includes/sabre/autoload.php';
|
|
//require_once DOL_DOCUMENT_ROOT.'/includes/autoload.php';
|
|
|
|
|
|
$user = new User($db);
|
|
if (isset($_SERVER['PHP_AUTH_USER']) && $_SERVER['PHP_AUTH_USER'] != '') {
|
|
$user->fetch(0, $_SERVER['PHP_AUTH_USER']);
|
|
$user->loadRights();
|
|
}
|
|
|
|
// Load translation files required by the page
|
|
$langs->loadLangs(array("main", "other"));
|
|
|
|
|
|
if (empty($conf->dav->enabled)) {
|
|
accessforbidden();
|
|
}
|
|
|
|
// Restrict API to some IPs
|
|
if (getDolGlobalString('DAV_RESTRICT_ON_IP')) {
|
|
$allowedip = explode(' ', getDolGlobalString('DAV_RESTRICT_ON_IP'));
|
|
$ipremote = getUserRemoteIP();
|
|
if (!in_array($ipremote, $allowedip)) {
|
|
dol_syslog('Remote ip is '.$ipremote.', not into list ' . getDolGlobalString('DAV_RESTRICT_ON_IP'));
|
|
print 'DAV not allowed from the IP '.$ipremote;
|
|
header('HTTP/1.1 503 DAV not allowed from your IP '.$ipremote);
|
|
exit(0);
|
|
}
|
|
}
|
|
|
|
|
|
$entity = (GETPOSTINT('entity') ? GETPOSTINT('entity') : (!empty($conf->entity) ? $conf->entity : 1));
|
|
|
|
// settings
|
|
$publicDir = $conf->dav->multidir_output[$entity].'/public';
|
|
$privateDir = $conf->dav->multidir_output[$entity].'/private';
|
|
$ecmDir = $conf->ecm->multidir_output[$entity];
|
|
$tmpDir = $conf->dav->multidir_output[$entity]; // We need root dir, not a dir that can be deleted
|
|
//var_dump($tmpDir);mkdir($tmpDir);exit;
|
|
|
|
|
|
// Authentication callback function
|
|
$authBackend = new \Sabre\DAV\Auth\Backend\BasicCallBack(
|
|
/**
|
|
* @param string $username Username to validate as a login
|
|
* @param string $password Password to validate for $username
|
|
* @return bool True if login ok, false if not
|
|
*/
|
|
static function ($username, $password) {
|
|
global $user, $conf;
|
|
global $dolibarr_main_authentication, $dolibarr_auto_user;
|
|
|
|
if (empty($user->login)) {
|
|
dol_syslog("Failed to authenticate to DAV, login is not provided", LOG_WARNING);
|
|
return false;
|
|
}
|
|
if ($user->socid > 0) {
|
|
dol_syslog("Failed to authenticate to DAV, user is an external user", LOG_WARNING);
|
|
return false;
|
|
}
|
|
if ($user->login != $username) {
|
|
dol_syslog("Failed to authenticate to DAV, login does not match the login of loaded user", LOG_WARNING);
|
|
return false;
|
|
}
|
|
|
|
// Authentication mode
|
|
if (empty($dolibarr_main_authentication) || $dolibarr_main_authentication == 'openid_connect') {
|
|
$dolibarr_main_authentication = 'dolibarr';
|
|
}
|
|
|
|
// Authentication mode: forceuser
|
|
if ($dolibarr_main_authentication == 'forceuser') {
|
|
if (empty($dolibarr_auto_user)) {
|
|
$dolibarr_auto_user = 'auto';
|
|
}
|
|
if ($dolibarr_auto_user != $username) {
|
|
dol_syslog("Warning: your instance is set to use the automatic forced login '".$dolibarr_auto_user."' that is not the requested login. DAV usage is forbidden in this mode.");
|
|
return false;
|
|
}
|
|
}
|
|
|
|
$authmode = explode(',', $dolibarr_main_authentication);
|
|
$entity = (GETPOSTINT('entity') ? GETPOSTINT('entity') : (!empty($conf->entity) ? $conf->entity : 1));
|
|
|
|
if (checkLoginPassEntity($username, $password, $entity, $authmode, 'dav') != $username) {
|
|
return false;
|
|
}
|
|
|
|
// Check if user status is enabled
|
|
if ($user->statut != $user::STATUS_ENABLED) {
|
|
// Status is disabled
|
|
dol_syslog("The user has been disabled.");
|
|
return false;
|
|
}
|
|
|
|
// Check if session was unvalidated by a password change
|
|
if (($user->flagdelsessionsbefore && !empty($_SESSION["dol_logindate"]) && $user->flagdelsessionsbefore > $_SESSION["dol_logindate"])) {
|
|
// Session is no more valid
|
|
dol_syslog("The user has a date for session invalidation = ".$user->flagdelsessionsbefore." and a session date = ".$_SESSION["dol_logindate"].". We must invalidate its sessions.");
|
|
return false;
|
|
}
|
|
|
|
// Check date validity
|
|
if ($user->isNotIntoValidityDateRange()) {
|
|
// User validity dates are no more valid
|
|
dol_syslog("The user login has a validity between [".$user->datestartvalidity." and ".$user->dateendvalidity."], current date is ".dol_now());
|
|
return false;
|
|
}
|
|
|
|
return true;
|
|
}
|
|
);
|
|
|
|
$authBackend->setRealm(constant('DOL_APPLICATION_TITLE').' - WebDAV');
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
|
* Actions and View
|
|
*/
|
|
|
|
// Create the root node
|
|
// Setting up the directory tree //
|
|
$nodes = array();
|
|
|
|
// Enable directories and features according to DAV setup
|
|
// Public dir
|
|
if (getDolGlobalString('DAV_ALLOW_PUBLIC_DIR')) {
|
|
$nodes[] = new \Sabre\DAV\FS\Directory($publicDir);
|
|
}
|
|
// Private dir
|
|
$nodes[] = new \Sabre\DAV\FS\Directory($privateDir);
|
|
// ECM dir
|
|
if (isModEnabled('ecm') && getDolGlobalString('DAV_ALLOW_ECM_DIR')) {
|
|
$nodes[] = new \Sabre\DAV\FS\Directory($ecmDir);
|
|
}
|
|
|
|
|
|
|
|
// Principals Backend
|
|
//$principalBackend = new \Sabre\DAVACL\PrincipalBackend\Dolibarr($user,$db);
|
|
// /principals
|
|
//$nodes[] = new \Sabre\DAVACL\PrincipalCollection($principalBackend);
|
|
// CardDav & CalDav Backend
|
|
//$carddavBackend = new \Sabre\CardDAV\Backend\Dolibarr($user,$db,$langs);
|
|
//$caldavBackend = new \Sabre\CalDAV\Backend\Dolibarr($user,$db,$langs, $cdavLib);
|
|
// /addressbook
|
|
//$nodes[] = new \Sabre\CardDAV\AddressBookRoot($principalBackend, $carddavBackend);
|
|
// /calendars
|
|
//$nodes[] = new \Sabre\CalDAV\CalendarRoot($principalBackend, $caldavBackend);
|
|
|
|
|
|
// The rootnode needs in turn to be passed to the server class
|
|
$server = new \Sabre\DAV\Server($nodes);
|
|
|
|
// If you want to run the SabreDAV server in a custom location (using mod_rewrite for instance)
|
|
// You can override the baseUri here.
|
|
$baseUri = DOL_URL_ROOT.'/dav/fileserver.php/';
|
|
if (isset($baseUri)) {
|
|
$server->setBaseUri($baseUri);
|
|
}
|
|
|
|
// Add authentication function
|
|
if ((!getDolGlobalString('DAV_ALLOW_PUBLIC_DIR')
|
|
|| !preg_match('/'.preg_quote(DOL_URL_ROOT.'/dav/fileserver.php/public', '/').'/', $_SERVER["PHP_SELF"]))
|
|
&& !preg_match('/^sabreAction=asset&assetName=[a-zA-Z0-9%\-\/]+\.(png|css|woff|ico|ttf)$/', $_SERVER["QUERY_STRING"]) // URL for Sabre browser resources
|
|
) {
|
|
//var_dump($_SERVER["QUERY_STRING"]);exit;
|
|
$server->addPlugin(new \Sabre\DAV\Auth\Plugin($authBackend));
|
|
}
|
|
// Support for LOCK and UNLOCK
|
|
$lockBackend = new \Sabre\DAV\Locks\Backend\File($tmpDir.'/.locksdb');
|
|
$lockPlugin = new \Sabre\DAV\Locks\Plugin($lockBackend);
|
|
$server->addPlugin($lockPlugin);
|
|
|
|
// Support for the html browser
|
|
if (!getDolGlobalString('DAV_DISABLE_BROWSER')) {
|
|
$browser = new \Sabre\DAV\Browser\Plugin();
|
|
$server->addPlugin($browser);
|
|
}
|
|
|
|
// Automatically guess (some) contenttypes, based on extension
|
|
//$server->addPlugin(new \Sabre\DAV\Browser\GuessContentType());
|
|
|
|
//$server->addPlugin(new \Sabre\CardDAV\Plugin());
|
|
//$server->addPlugin(new \Sabre\CalDAV\Plugin());
|
|
//$server->addPlugin(new \Sabre\DAVACL\Plugin());
|
|
|
|
// Temporary file filter
|
|
/*$tempFF = new \Sabre\DAV\TemporaryFileFilterPlugin($tmpDir);
|
|
$server->addPlugin($tempFF);
|
|
*/
|
|
|
|
// And off we go!
|
|
$server->start();
|
|
|
|
if (is_object($db)) {
|
|
$db->close();
|
|
}
|