[Pkg-owncloud-commits] [owncloud] 05/215: Block old legacy clients

Tue May 5 01:01:11 UTC 2015

This is an automated email from the git hooks/post-receive script.

taffit pushed a commit to branch stable8
in repository owncloud.

commit 4ea205e2629455d908a30367d5f42f9d07c1fd45
Author: Lukas Reschke <lukas at owncloud.com>
Date:   Thu Apr 16 22:39:44 2015 +0200

    Block old legacy clients
    
    This Pull Request introduces a SabreDAV plugin that will block all older clients than 1.6.1 to connect and sync with the ownCloud instance.
    
    This has multiple reasons:
    
    1. Old ownCloud client versions before 1.6.0 are not properly working with sticky cookies for load balancers and thus generating sessions en masse
    2. Old ownCloud client versions tend to be horrible buggy
    
    In some cases we had in 80minutes about 10'000 sessions created by a single user. While this change set does not really "fix" the problem as 3rdparty legacy clients are affected as well, it is a good work-around and hopefully should force users to update their client
---
 apps/files/appinfo/remote.php                      |   1 +
 config/config.sample.php                           |   8 ++
 .../connector/sabre/blocklegacyclientplugin.php    |  76 +++++++++++++
 .../sabre/BlockLegacyClientPluginTest.php          | 117 +++++++++++++++++++++
 4 files changed, 202 insertions(+)

diff --git a/apps/files/appinfo/remote.php b/apps/files/appinfo/remote.php
index 1e54fc1..b8dc68f 100644
--- a/apps/files/appinfo/remote.php
+++ b/apps/files/appinfo/remote.php
@@ -43,6 +43,7 @@ $server->setBaseUri($baseuri);
 
 // Load plugins
 $defaults = new OC_Defaults();
+$server->addPlugin(new \OC\Connector\Sabre\BlockLegacyClientPlugin(\OC::$server->getConfig()));
 $server->addPlugin(new \Sabre\DAV\Auth\Plugin($authBackend, $defaults->getName()));
 // FIXME: The following line is a workaround for legacy components relying on being able to send a GET to /
 $server->addPlugin(new \OC\Connector\Sabre\DummyGetResponsePlugin());
diff --git a/config/config.sample.php b/config/config.sample.php
index 61ae595..e0e4a3c 100644
--- a/config/config.sample.php
+++ b/config/config.sample.php
@@ -799,6 +799,14 @@ $CONFIG = array(
  */
 'cipher' => 'AES-256-CFB',
 
+/**
+ * The minimum ownCloud desktop client version that is required to sync with
+ * this instance. Defaults to the official supported releases by ownCloud.
+ *
+ * When adjusting this please be aware of the fact that older versions may
+ * be buggy and for best user experience we recommend setting
+ */
+'minimum.supported.desktop.version' => '1.7.0',
 
 /**
  * Memory caching backend configuration
diff --git a/lib/private/connector/sabre/blocklegacyclientplugin.php b/lib/private/connector/sabre/blocklegacyclientplugin.php
new file mode 100644
index 0000000..4d595b5
--- /dev/null
+++ b/lib/private/connector/sabre/blocklegacyclientplugin.php
@@ -0,0 +1,76 @@
+<?php
+/**
+ * @author Lukas Reschke <lukas at owncloud.com>
+ *
+ * @copyright Copyright (c) 2015, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+namespace OC\Connector\Sabre;
+
+use OC\ServiceUnavailableException;
+use OCP\IConfig;
+use Sabre\HTTP\RequestInterface;
+use Sabre\DAV\ServerPlugin;
+use Sabre\DAV\Server;
+
+/**
+ * Class BlockLegacyClientPlugin is used to detect old legacy sync clients and
+ * returns a 503 status to those clients.
+ *
+ * @package OC\Connector\Sabre
+ */
+class BlockLegacyClientPlugin extends ServerPlugin {
+	/** @var Server */
+	protected $server;
+	/** @var IConfig */
+	protected $config;
+
+	/**
+	 * @param IConfig $config
+	 */
+	public function __construct(IConfig $config) {
+		$this->config = $config;
+	}
+
+	/**
+	 * @param Server $server
+	 * @return void
+	 */
+	public function initialize(Server  $server) {
+		$this->server = $server;
+		$this->server->on('beforeMethod', [$this, 'beforeHandler'], 200);
+	}
+
+	/**
+	 * Detects all unsupported clients and throws a ServiceUnavailableException
+	 * which will result in a 503 to them.
+	 * @param RequestInterface $request
+	 * @throws ServiceUnavailableException If the client version is not supported
+	 */
+	public function beforeHandler(RequestInterface $request) {
+		$userAgent = $request->getHeader('User-Agent');
+		$minimumSupportedDesktopVersion = $this->config->getSystemValue('minimum.supported.desktop.version', '1.7.0');
+
+		// Match on the mirall version which is in scheme "Mozilla/5.0 (%1) mirall/%2" or
+		// "mirall/%1" for older releases
+		preg_match("/(?:mirall\\/)([\d.]+)/i", $userAgent, $versionMatches);
+		if(isset($versionMatches[1]) &&
+			version_compare($versionMatches[1], $minimumSupportedDesktopVersion) === -1) {
+			throw new ServiceUnavailableException('Unsupported client version.');
+		}
+	}
+}
diff --git a/tests/lib/connector/sabre/BlockLegacyClientPluginTest.php b/tests/lib/connector/sabre/BlockLegacyClientPluginTest.php
new file mode 100644
index 0000000..ed735f0
--- /dev/null
+++ b/tests/lib/connector/sabre/BlockLegacyClientPluginTest.php
@@ -0,0 +1,117 @@
+<?php
+/**
+ * @author Lukas Reschke <lukas at owncloud.com>
+ *
+ * @copyright Copyright (c) 2015, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+namespace Test\Connector\Sabre;
+
+use OC\Connector\Sabre\BlockLegacyClientPlugin;
+use Test\TestCase;
+use OCP\IConfig;
+
+/**
+ * Class BlockLegacyClientPluginTest
+ *
+ * @package Test\Connector\Sabre
+ */
+class BlockLegacyClientPluginTest extends TestCase {
+	/** @var IConfig */
+	private $config;
+	/** @var BlockLegacyClientPlugin */
+	private $blockLegacyClientVersionPlugin;
+
+	public function setUp() {
+		parent::setUp();
+
+		$this->config = $this->getMock('\OCP\IConfig');
+		$this->blockLegacyClientVersionPlugin = new BlockLegacyClientPlugin($this->config);
+	}
+
+	/**
+	 * @return array
+	 */
+	public function oldDesktopClientProvider() {
+		return [
+			['Mozilla/5.0 (1.5.0) mirall/1.5.0'],
+			['mirall/1.5.0'],
+			['mirall/1.5.4'],
+			['mirall/1.6.0'],
+			['Mozilla/5.0 (Bogus Text) mirall/1.6.9'],
+		];
+	}
+
+	/**
+	 * @dataProvider oldDesktopClientProvider
+	 * @param string $userAgent
+	 * @expectedException \OC\ServiceUnavailableException
+	 * @expectedExceptionMessage Unsupported client version.
+	 */
+	public function testBeforeHandlerException($userAgent) {
+		/** @var \Sabre\HTTP\RequestInterface $request */
+		$request = $this->getMock('\Sabre\HTTP\RequestInterface');
+		$request
+			->expects($this->once())
+			->method('getHeader')
+			->with('User-Agent')
+			->will($this->returnValue($userAgent));
+
+		$this->config
+			->expects($this->once())
+			->method('getSystemValue')
+			->with('minimum.supported.desktop.version', '1.7.0')
+			->will($this->returnValue('1.7.0'));
+
+		$this->blockLegacyClientVersionPlugin->beforeHandler($request);
+	}
+
+	/**
+	 * @return array
+	 */
+	public function newAndAlternateDesktopClientProvider() {
+		return [
+			['Mozilla/5.0 (1.7.0) mirall/1.7.0'],
+			['mirall/1.8.3'],
+			['mirall/1.7.2'],
+			['mirall/1.7.0'],
+			['Mozilla/5.0 (Bogus Text) mirall/1.9.3'],
+		];
+	}
+
+	/**
+	 * @dataProvider newAndAlternateDesktopClientProvider
+	 * @param string $userAgent
+	 */
+	public function testBeforeHandlerSucess($userAgent) {
+		/** @var \Sabre\HTTP\RequestInterface $request */
+		$request = $this->getMock('\Sabre\HTTP\RequestInterface');
+		$request
+			->expects($this->once())
+			->method('getHeader')
+			->with('User-Agent')
+			->will($this->returnValue($userAgent));
+
+		$this->config
+			->expects($this->once())
+			->method('getSystemValue')
+			->with('minimum.supported.desktop.version', '1.7.0')
+			->will($this->returnValue('1.7.0'));
+
+		$this->blockLegacyClientVersionPlugin->beforeHandler($request);
+	}
+
+}

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/owncloud.git

