occ web executor (#24957)

* Initial web executor

* Fix PHPDoc

Fix broken integration test

OccControllerTests do not require database access - moch them all!

Kill unused sprintf

7 files changed, 324 insertions, 6 deletions

diff --git a/core/Application.php b/core/Application.php
index a87917b626a..8ea2672e54e 100644
--- a/core/Application.php
+++ b/core/Application.php
@@ -32,6 +32,7 @@ use OC\AppFramework\Utility\TimeFactory;
 use OC\Core\Controller\AvatarController;
 use OC\Core\Controller\LoginController;
 use OC\Core\Controller\LostController;
+use OC\Core\Controller\OccController;
 use OC\Core\Controller\TokenController;
 use OC\Core\Controller\TwoFactorChallengeController;
 use OC\Core\Controller\UserController;
@@ -125,6 +126,18 @@ class Application extends App {
 				$c->query('SecureRandom')
 			);
 		});
+		$container->registerService('OccController', function(SimpleContainer $c) {
+			return new OccController(
+				$c->query('AppName'),
+				$c->query('Request'),
+				$c->query('Config'),
+				new \OC\Console\Application(
+					$c->query('Config'),
+					$c->query('ServerContainer')->getEventDispatcher(),
+					$c->query('Request')
+				)
+			);
+		});
 
 		/**
 		 * Core class wrappers
diff --git a/core/Controller/OccController.php b/core/Controller/OccController.php
new file mode 100644
index 00000000000..917d02f37f1
--- /dev/null
+++ b/core/Controller/OccController.php
@@ -0,0 +1,147 @@
+<?php
+/**
+ * @author Victor Dubiniuk <dubiniuk@owncloud.com>
+ *
+ * @copyright Copyright (c) 2016, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+namespace OC\Core\Controller;
+
+use OCP\AppFramework\Controller;
+use OCP\AppFramework\Http\JSONResponse;
+use OC\Console\Application;
+use OCP\IConfig;
+use OCP\IRequest;
+use Symfony\Component\Console\Input\ArrayInput;
+use Symfony\Component\Console\Output\BufferedOutput;
+
+class OccController extends Controller {
+	
+	/** @var array  */
+	private $allowedCommands = [
+		'app:disable',
+		'app:enable',
+		'app:getpath',
+		'app:list',
+		'check',
+		'config:list',
+		'maintenance:mode',
+		'status',
+		'upgrade'
+	];
+
+	/** @var IConfig */
+	private $config;
+	/** @var Application */
+	private $console;
+
+	/**
+	 * OccController constructor.
+	 *
+	 * @param string $appName
+	 * @param IRequest $request
+	 * @param IConfig $config
+	 * @param Application $console
+	 */
+	public function __construct($appName, IRequest $request,
+								IConfig $config, Application $console) {
+		parent::__construct($appName, $request);
+		$this->config = $config;
+		$this->console = $console;
+	}
+
+	/**
+	 * @PublicPage
+	 * @NoCSRFRequired
+	 *
+	 * Execute occ command
+	 * Sample request
+	 *	POST http://domain.tld/index.php/occ/status',
+	 * 		{
+	 *			'params': {
+	 * 					'--no-warnings':'1',
+	 *		 			'--output':'json'
+	 * 			},
+	 * 			'token': 'someToken'
+	 * 		}
+	 *
+	 * @param string $command
+	 * @param string $token
+	 * @param array $params
+	 *
+	 * @return JSONResponse
+	 * @throws \Exception
+	 */
+	public function execute($command, $token, $params = []) {
+		try {
+			$this->validateRequest($command, $token);
+
+			$output = new BufferedOutput();
+			$formatter = $output->getFormatter();
+			$formatter->setDecorated(false);
+			$this->console->setAutoExit(false);
+			$this->console->loadCommands(new ArrayInput([]), $output);
+
+			$inputArray = array_merge(['command' => $command], $params);
+			$input = new ArrayInput($inputArray);
+
+			$exitCode = $this->console->run($input, $output);
+			$response = $output->fetch();
+
+			$json = [
+				'exitCode' => $exitCode,
+				'response' => $response
+			];
+
+		} catch (\UnexpectedValueException $e){
+			$json = [
+				'exitCode' => 126,
+				'response' => 'Not allowed',
+				'details' => $e->getMessage()
+			];
+		}
+		return new JSONResponse($json);
+	}
+
+	/**
+	 * Check if command is allowed and has a valid security token
+	 * @param $command
+	 * @param $token
+	 */
+	protected function validateRequest($command, $token){
+		if (!in_array($this->request->getRemoteAddress(), ['::1', '127.0.0.1', 'localhost'])) {
+			throw new \UnexpectedValueException('Web executor is not allowed to run from a different host');
+		}
+
+		if (!in_array($command, $this->allowedCommands)) {
+			throw new \UnexpectedValueException(sprintf('Command "%s" is not allowed to run via web request', $command));
+		}
+
+		$coreToken = $this->config->getSystemValue('updater.secret', '');
+		if ($coreToken === '') {
+			throw new \UnexpectedValueException(
+				'updater.secret is undefined in config/config.php. Either browse the admin settings in your ownCloud and click "Open updater" or define a strong secret using <pre>php -r \'echo password_hash("MyStrongSecretDoUseYourOwn!", PASSWORD_DEFAULT)."\n";\'</pre> and set this in the config.php.'
+			);
+		}
+
+		if (!password_verify($token, $coreToken)) {
+			throw new \UnexpectedValueException(
+				'updater.secret does not match the provided token'
+			);
+		}
+	}
+}
diff --git a/core/routes.php b/core/routes.php
index 402277d8f3e..c473408e2e9 100644
--- a/core/routes.php
+++ b/core/routes.php
@@ -48,6 +48,7 @@ $application->registerRoutes($this, [
 		['name' => 'login#showLoginForm', 'url' => '/login', 'verb' => 'GET'],
 		['name' => 'login#logout', 'url' => '/logout', 'verb' => 'GET'],
 		['name' => 'token#generateToken', 'url' => '/token/generate', 'verb' => 'POST'],
+		['name' => 'occ#execute', 'url' => '/occ/{command}', 'verb' => 'POST'],
 		['name' => 'TwoFactorChallenge#selectChallenge', 'url' => '/login/selectchallenge', 'verb' => 'GET'],
 		['name' => 'TwoFactorChallenge#showChallenge', 'url' => '/login/challenge/{challengeProviderId}', 'verb' => 'GET'],
 		['name' => 'TwoFactorChallenge#solveChallenge', 'url' => '/login/challenge/{challengeProviderId}', 'verb' => 'POST'],
diff --git a/lib/base.php b/lib/base.php
index b33687dbab7..45f291e5cb7 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -49,6 +49,8 @@
  *
  */
 
+use OCP\IRequest;
+
 require_once 'public/Constants.php';
 
 /**
@@ -271,9 +273,20 @@ class OC {
 		}
 	}
 
-	public static function checkMaintenanceMode() {
+	/**
+	 * Limit maintenance mode access
+	 * @param IRequest $request
+	 */
+	public static function checkMaintenanceMode(IRequest $request) {
+		// Check if requested URL matches 'index.php/occ'
+		$isOccControllerRequested = preg_match('|/index\.php$|', $request->getScriptName()) === 1
+				&& strpos($request->getPathInfo(), '/occ/') === 0;
 		// Allow ajax update script to execute without being stopped
-		if (\OC::$server->getSystemConfig()->getValue('maintenance', false) && OC::$SUBURI != '/core/ajax/update.php') {
+		if (
+			\OC::$server->getSystemConfig()->getValue('maintenance', false)
+			&& OC::$SUBURI != '/core/ajax/update.php'
+			&& !$isOccControllerRequested
+		) {
 			// send http status 503
 			header('HTTP/1.1 503 Service Temporarily Unavailable');
 			header('Status: 503 Service Temporarily Unavailable');
@@ -820,7 +833,7 @@ class OC {
 		$request = \OC::$server->getRequest();
 		$requestPath = $request->getRawPathInfo();
 		if (substr($requestPath, -3) !== '.js') { // we need these files during the upgrade
-			self::checkMaintenanceMode();
+			self::checkMaintenanceMode($request);
 			self::checkUpgrade();
 		}
 
diff --git a/lib/private/Console/Application.php b/lib/private/Console/Application.php
index ec91064278e..8a9191a4c53 100644
--- a/lib/private/Console/Application.php
+++ b/lib/private/Console/Application.php
@@ -138,9 +138,10 @@ class Application {
 	 * @throws \Exception
 	 */
 	public function run(InputInterface $input = null, OutputInterface $output = null) {
+		$args = isset($this->request->server['argv']) ? $this->request->server['argv'] : [];
 		$this->dispatcher->dispatch(ConsoleEvent::EVENT_RUN, new ConsoleEvent(
 			ConsoleEvent::EVENT_RUN,
-			$this->request->server['argv']
+			$args
 		));
 		return $this->application->run($input, $output);
 	}
diff --git a/public.php b/public.php
index 964ed03c1aa..b7125502ee8 100644
--- a/public.php
+++ b/public.php
@@ -35,9 +35,9 @@ try {
 		exit;
 	}
 
-	OC::checkMaintenanceMode();
-	OC::checkSingleUserMode(true);
 	$request = \OC::$server->getRequest();
+	OC::checkMaintenanceMode($request);
+	OC::checkSingleUserMode(true);
 	$pathInfo = $request->getPathInfo();
 
 	if (!$pathInfo && $request->getParam('service', '') === '') {
diff --git a/tests/Core/Controller/OccControllerTest.php b/tests/Core/Controller/OccControllerTest.php
new file mode 100644
index 00000000000..682d9170096
--- /dev/null
+++ b/tests/Core/Controller/OccControllerTest.php
@@ -0,0 +1,143 @@
+<?php
+/**
+ * @author Victor Dubiniuk <dubiniuk@owncloud.com>
+ *
+ * @copyright Copyright (c) 2015, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+namespace Tests\Core\Controller;
+
+use OC\Console\Application;
+use OC\Core\Controller\OccController;
+use OCP\IConfig;
+use Symfony\Component\Console\Output\Output;
+use Test\TestCase;
+
+/**
+ * Class OccControllerTest
+ *
+ * @package OC\Core\Controller
+ */
+class OccControllerTest extends TestCase {
+
+	const TEMP_SECRET = 'test';
+
+	/** @var \OC\AppFramework\Http\Request | \PHPUnit_Framework_MockObject_MockObject */
+	private $request;
+	/** @var  \OC\Core\Controller\OccController | \PHPUnit_Framework_MockObject_MockObject */
+	private $controller;
+	/** @var IConfig | \PHPUnit_Framework_MockObject_MockObject */
+	private $config;
+	/** @var  Application | \PHPUnit_Framework_MockObject_MockObject */
+	private $console;
+
+	public function testFromInvalidLocation(){
+		$this->getControllerMock('example.org');
+
+		$response = $this->controller->execute('status', '');
+		$responseData = $response->getData();
+
+		$this->assertArrayHasKey('exitCode', $responseData);
+		$this->assertEquals(126, $responseData['exitCode']);
+
+		$this->assertArrayHasKey('details', $responseData);
+		$this->assertEquals('Web executor is not allowed to run from a different host', $responseData['details']);
+	}
+
+	public function testNotWhiteListedCommand(){
+		$this->getControllerMock('localhost');
+
+		$response = $this->controller->execute('missing_command', '');
+		$responseData = $response->getData();
+
+		$this->assertArrayHasKey('exitCode', $responseData);
+		$this->assertEquals(126, $responseData['exitCode']);
+
+		$this->assertArrayHasKey('details', $responseData);
+		$this->assertEquals('Command "missing_command" is not allowed to run via web request', $responseData['details']);
+	}
+
+	public function testWrongToken(){
+		$this->getControllerMock('localhost');
+
+		$response = $this->controller->execute('status', self::TEMP_SECRET . '-');
+		$responseData = $response->getData();
+
+		$this->assertArrayHasKey('exitCode', $responseData);
+		$this->assertEquals(126, $responseData['exitCode']);
+
+		$this->assertArrayHasKey('details', $responseData);
+		$this->assertEquals('updater.secret does not match the provided token', $responseData['details']);
+	}
+
+	public function testSuccess(){
+		$this->getControllerMock('localhost');
+		$this->console->expects($this->once())->method('run')
+			->willReturnCallback(
+				function ($input, $output) {
+					/** @var Output $output */
+					$output->writeln('{"installed":true,"version":"9.1.0.8","versionstring":"9.1.0 beta 2","edition":""}');
+					return 0;
+				}
+			);
+
+		$response = $this->controller->execute('status', self::TEMP_SECRET, ['--output'=>'json']);
+		$responseData = $response->getData();
+
+		$this->assertArrayHasKey('exitCode', $responseData);
+		$this->assertEquals(0, $responseData['exitCode']);
+
+		$this->assertArrayHasKey('response', $responseData);
+		$decoded = json_decode($responseData['response'], true);
+
+		$this->assertArrayHasKey('installed', $decoded);
+		$this->assertEquals(true, $decoded['installed']);
+	}
+
+	private function getControllerMock($host){
+		$this->request = $this->getMockBuilder('OC\AppFramework\Http\Request')
+			->setConstructorArgs([
+				['server' => []],
+				\OC::$server->getSecureRandom(),
+				\OC::$server->getConfig()
+			])
+			->setMethods(['getRemoteAddress'])
+			->getMock();
+
+		$this->request->expects($this->any())->method('getRemoteAddress')
+			->will($this->returnValue($host));
+
+		$this->config = $this->getMockBuilder('\OCP\IConfig')
+			->disableOriginalConstructor()
+			->getMock();
+		$this->config->expects($this->any())->method('getSystemValue')
+			->with('updater.secret')
+			->willReturn(password_hash(self::TEMP_SECRET, PASSWORD_DEFAULT));
+
+		$this->console = $this->getMockBuilder('\OC\Console\Application')
+			->disableOriginalConstructor()
+			->getMock();
+
+		$this->controller = new OccController(
+			'core',
+			$this->request,
+			$this->config,
+			$this->console
+		);
+	}
+
+}