diff options
Diffstat (limited to 'vendor/sabre/dav/lib')
18 files changed, 206 insertions, 42 deletions
diff --git a/vendor/sabre/dav/lib/CalDAV/Backend/PDO.php b/vendor/sabre/dav/lib/CalDAV/Backend/PDO.php index 0d5df3968..2f48ab982 100644 --- a/vendor/sabre/dav/lib/CalDAV/Backend/PDO.php +++ b/vendor/sabre/dav/lib/CalDAV/Backend/PDO.php @@ -948,42 +948,46 @@ SQL; } list($calendarId, $instanceId) = $calendarId; - // Current synctoken - $stmt = $this->pdo->prepare('SELECT synctoken FROM '.$this->calendarTableName.' WHERE id = ?'); - $stmt->execute([$calendarId]); - $currentToken = $stmt->fetchColumn(0); - - if (is_null($currentToken)) { - return null; - } - $result = [ - 'syncToken' => $currentToken, 'added' => [], 'modified' => [], 'deleted' => [], ]; if ($syncToken) { - $query = 'SELECT uri, operation FROM '.$this->calendarChangesTableName.' WHERE synctoken >= ? AND synctoken < ? AND calendarid = ? ORDER BY synctoken'; + $query = 'SELECT uri, operation, synctoken FROM '.$this->calendarChangesTableName.' WHERE synctoken >= ? AND calendarid = ? ORDER BY synctoken'; if ($limit > 0) { - $query .= ' LIMIT '.(int) $limit; + // Fetch one more raw to detect result truncation + $query .= ' LIMIT '.((int) $limit + 1); } // Fetching all changes $stmt = $this->pdo->prepare($query); - $stmt->execute([$syncToken, $currentToken, $calendarId]); + $stmt->execute([$syncToken, $calendarId]); $changes = []; // This loop ensures that any duplicates are overwritten, only the // last change on a node is relevant. while ($row = $stmt->fetch(\PDO::FETCH_ASSOC)) { - $changes[$row['uri']] = $row['operation']; + $changes[$row['uri']] = $row; } + $currentToken = null; + $result_count = 0; foreach ($changes as $uri => $operation) { - switch ($operation) { + if (!is_null($limit) && $result_count >= $limit) { + $result['result_truncated'] = true; + break; + } + + if (null === $currentToken || $currentToken < $operation['synctoken'] + 1) { + // SyncToken in CalDAV perspective is consistently the next number of the last synced change event in this class. + $currentToken = $operation['synctoken'] + 1; + } + + ++$result_count; + switch ($operation['operation']) { case 1: $result['added'][] = $uri; break; @@ -995,7 +999,24 @@ SQL; break; } } + + if (!is_null($currentToken)) { + $result['syncToken'] = $currentToken; + } else { + // This means returned value is equivalent to syncToken + $result['syncToken'] = $syncToken; + } } else { + // Current synctoken + $stmt = $this->pdo->prepare('SELECT synctoken FROM '.$this->calendarTableName.' WHERE id = ?'); + $stmt->execute([$calendarId]); + $currentToken = $stmt->fetchColumn(0); + + if (is_null($currentToken)) { + return null; + } + $result['syncToken'] = $currentToken; + // No synctoken supplied, this is the initial sync. $query = 'SELECT uri FROM '.$this->calendarObjectTableName.' WHERE calendarid = ?'; $stmt = $this->pdo->prepare($query); diff --git a/vendor/sabre/dav/lib/CalDAV/Calendar.php b/vendor/sabre/dav/lib/CalDAV/Calendar.php index 9f32e702a..6e989314d 100644 --- a/vendor/sabre/dav/lib/CalDAV/Calendar.php +++ b/vendor/sabre/dav/lib/CalDAV/Calendar.php @@ -396,7 +396,8 @@ class Calendar implements ICalendar, DAV\IProperties, DAV\Sync\ISyncCollection, * 'deleted' => [ * 'foo.php.bak', * 'old.txt' - * ] + * ], + * 'result_truncated' : true * ]; * * The syncToken property should reflect the *current* syncToken of the @@ -406,6 +407,9 @@ class Calendar implements ICalendar, DAV\IProperties, DAV\Sync\ISyncCollection, * If the syncToken is specified as null, this is an initial sync, and all * members should be reported. * + * If result is truncated due to server limitation or limit by client, + * set result_truncated to true, otherwise set to false or do not add the key. + * * The modified property is an array of nodenames that have changed since * the last token. * @@ -422,12 +426,17 @@ class Calendar implements ICalendar, DAV\IProperties, DAV\Sync\ISyncCollection, * should be treated as infinite. * * If the limit (infinite or not) is higher than you're willing to return, - * you should throw a Sabre\DAV\Exception\TooMuchMatches() exception. + * the result should be truncated to fit the limit. + * Note that even when the result is truncated, syncToken must be consistent + * with the truncated result, not the result before truncation. + * (See RFC6578 Section 3.6 for detail) * * If the syncToken is expired (due to data cleanup) or unknown, you must * return null. * * The limit is 'suggestive'. You are free to ignore it. + * TODO: RFC6578 Setion 3.7 says that the server must fail when the server + * cannot truncate according to the limit, so it may not be just suggestive. * * @param string $syncToken * @param int $syncLevel diff --git a/vendor/sabre/dav/lib/CalDAV/Plugin.php b/vendor/sabre/dav/lib/CalDAV/Plugin.php index da172049e..98f4f554c 100644 --- a/vendor/sabre/dav/lib/CalDAV/Plugin.php +++ b/vendor/sabre/dav/lib/CalDAV/Plugin.php @@ -243,7 +243,7 @@ class Plugin extends DAV\ServerPlugin * @param mixed $report * @param mixed $path * - * @return bool + * @return bool|null */ public function report($reportName, $report, $path) { diff --git a/vendor/sabre/dav/lib/CalDAV/Schedule/Plugin.php b/vendor/sabre/dav/lib/CalDAV/Schedule/Plugin.php index 38a7ca96f..3cc360f1d 100644 --- a/vendor/sabre/dav/lib/CalDAV/Schedule/Plugin.php +++ b/vendor/sabre/dav/lib/CalDAV/Schedule/Plugin.php @@ -735,9 +735,7 @@ class Plugin extends ServerPlugin /** * This method is responsible for parsing a free-busy query request and - * returning it's result. - * - * @return string + * returning its result in $response. */ protected function handleFreeBusyRequest(IOutbox $outbox, VObject\Component $vObject, RequestInterface $request, ResponseInterface $response) { diff --git a/vendor/sabre/dav/lib/CalDAV/Subscriptions/Subscription.php b/vendor/sabre/dav/lib/CalDAV/Subscriptions/Subscription.php index 3be1b609e..8d56e6441 100644 --- a/vendor/sabre/dav/lib/CalDAV/Subscriptions/Subscription.php +++ b/vendor/sabre/dav/lib/CalDAV/Subscriptions/Subscription.php @@ -75,7 +75,7 @@ class Subscription extends Collection implements ISubscription, IACL /** * Returns the last modification time. * - * @return int + * @return int|null */ public function getLastModified() { diff --git a/vendor/sabre/dav/lib/DAV/Auth/Backend/PDOBasicAuth.php b/vendor/sabre/dav/lib/DAV/Auth/Backend/PDOBasicAuth.php new file mode 100644 index 000000000..39324e4db --- /dev/null +++ b/vendor/sabre/dav/lib/DAV/Auth/Backend/PDOBasicAuth.php @@ -0,0 +1,114 @@ +<?php + +namespace Sabre\DAV\Auth\Backend; + +/** + * This is an authentication backend that uses a database to manage passwords. + * + * @copyright Copyright (C) fruux GmbH (https://fruux.com/) + * @license http://sabre.io/license/ Modified BSD License + */ +class PDOBasicAuth extends AbstractBasic +{ + /** + * Reference to PDO connection. + * + * @var PDO + */ + protected $pdo; + + /** + * PDO table name we'll be using. + * + * @var string + */ + protected $tableName; + + /** + * PDO digest column name we'll be using + * (i.e. digest, password, password_hash). + * + * @var string + */ + protected $digestColumn; + + /** + * PDO uuid(unique user identifier) column name we'll be using + * (i.e. username, email). + * + * @var string + */ + protected $uuidColumn; + + /** + * Digest prefix: + * if the backend you are using for is prefixing + * your password hashes set this option to your prefix to + * cut it off before verfiying. + * + * @var string + */ + protected $digestPrefix; + + /** + * Creates the backend object. + * + * If the filename argument is passed in, it will parse out the specified file fist. + */ + public function __construct(\PDO $pdo, array $options = []) + { + $this->pdo = $pdo; + if (isset($options['tableName'])) { + $this->tableName = $options['tableName']; + } else { + $this->tableName = 'users'; + } + if (isset($options['digestColumn'])) { + $this->digestColumn = $options['digestColumn']; + } else { + $this->digestColumn = 'digest'; + } + if (isset($options['uuidColumn'])) { + $this->uuidColumn = $options['uuidColumn']; + } else { + $this->uuidColumn = 'username'; + } + if (isset($options['digestPrefix'])) { + $this->digestPrefix = $options['digestPrefix']; + } + } + + /** + * Validates a username and password. + * + * This method should return true or false depending on if login + * succeeded. + * + * @param string $username + * @param string $password + * + * @return bool + */ + public function validateUserPass($username, $password) + { + $stmt = $this->pdo->prepare('SELECT '.$this->digestColumn.' FROM '.$this->tableName.' WHERE '.$this->uuidColumn.' = ?'); + $stmt->execute([$username]); + $result = $stmt->fetchAll(); + + if (!count($result)) { + return false; + } else { + $digest = $result[0][$this->digestColumn]; + + if (isset($this->digestPrefix)) { + $digest = substr($digest, strlen($this->digestPrefix)); + } + + if (password_verify($password, $digest)) { + return true; + } + + return false; + } + } +} diff --git a/vendor/sabre/dav/lib/DAV/Auth/Plugin.php b/vendor/sabre/dav/lib/DAV/Auth/Plugin.php index 68adbede5..eb4f27ca6 100644 --- a/vendor/sabre/dav/lib/DAV/Auth/Plugin.php +++ b/vendor/sabre/dav/lib/DAV/Auth/Plugin.php @@ -113,8 +113,6 @@ class Plugin extends ServerPlugin /** * This method is called before any HTTP method and forces users to be authenticated. - * - * @return bool */ public function beforeMethod(RequestInterface $request, ResponseInterface $response) { @@ -204,8 +202,6 @@ class Plugin extends ServerPlugin * This method will for example cause a HTTP Basic backend to set a * WWW-Authorization header, indicating to the client that it should * authenticate. - * - * @return array */ public function challenge(RequestInterface $request, ResponseInterface $response) { diff --git a/vendor/sabre/dav/lib/DAV/Browser/Plugin.php b/vendor/sabre/dav/lib/DAV/Browser/Plugin.php index 2f155d9ea..89495e5db 100644 --- a/vendor/sabre/dav/lib/DAV/Browser/Plugin.php +++ b/vendor/sabre/dav/lib/DAV/Browser/Plugin.php @@ -85,8 +85,6 @@ class Plugin extends DAV\ServerPlugin /** * This method intercepts GET requests that have ?sabreAction=info * appended to the URL. - * - * @return bool */ public function httpGetEarly(RequestInterface $request, ResponseInterface $response) { diff --git a/vendor/sabre/dav/lib/DAV/Locks/Plugin.php b/vendor/sabre/dav/lib/DAV/Locks/Plugin.php index 110bfce06..2443f204c 100644 --- a/vendor/sabre/dav/lib/DAV/Locks/Plugin.php +++ b/vendor/sabre/dav/lib/DAV/Locks/Plugin.php @@ -295,6 +295,10 @@ class Plugin extends DAV\ServerPlugin { $locks = $this->getLocks($path, $includeChildren = true); foreach ($locks as $lock) { + // don't delete a lock on a parent dir + if (0 !== strpos($lock->uri, $path)) { + continue; + } $this->unlockNode($path, $lock); } } diff --git a/vendor/sabre/dav/lib/DAV/Server.php b/vendor/sabre/dav/lib/DAV/Server.php index de663d0c1..1f8300d4a 100644 --- a/vendor/sabre/dav/lib/DAV/Server.php +++ b/vendor/sabre/dav/lib/DAV/Server.php @@ -895,7 +895,7 @@ class Server implements LoggerAwareInterface, EmitterInterface } $propertyNames = $propFind->getRequestedProperties(); - $propFindType = !empty($propertyNames) ? PropFind::NORMAL : PropFind::ALLPROPS; + $propFindType = !$propFind->isAllProps() ? PropFind::NORMAL : PropFind::ALLPROPS; foreach ($this->tree->getChildren($path) as $childNode) { if ('' !== $path) { @@ -1237,6 +1237,7 @@ class Server implements LoggerAwareInterface, EmitterInterface $this->tree->markDirty($parentUri); $this->emit('afterBind', [$uri]); + $this->emit('afterCreateCollection', [$uri]); } /** diff --git a/vendor/sabre/dav/lib/DAV/Sync/Plugin.php b/vendor/sabre/dav/lib/DAV/Sync/Plugin.php index 32106abb3..8609f759e 100644 --- a/vendor/sabre/dav/lib/DAV/Sync/Plugin.php +++ b/vendor/sabre/dav/lib/DAV/Sync/Plugin.php @@ -124,6 +124,10 @@ class Plugin extends DAV\ServerPlugin throw new DAV\Exception\InvalidSyncToken('Invalid or unknown sync token'); } + if (!array_key_exists('result_truncated', $changeInfo)) { + $changeInfo['result_truncated'] = false; + } + // Encoding the response $this->sendSyncCollectionResponse( $changeInfo['syncToken'], @@ -131,7 +135,8 @@ class Plugin extends DAV\ServerPlugin $changeInfo['added'], $changeInfo['modified'], $changeInfo['deleted'], - $report->properties + $report->properties, + $changeInfo['result_truncated'] ); } @@ -141,7 +146,7 @@ class Plugin extends DAV\ServerPlugin * @param string $syncToken * @param string $collectionUrl */ - protected function sendSyncCollectionResponse($syncToken, $collectionUrl, array $added, array $modified, array $deleted, array $properties) + protected function sendSyncCollectionResponse($syncToken, $collectionUrl, array $added, array $modified, array $deleted, array $properties, bool $resultTruncated = false) { $fullPaths = []; @@ -164,6 +169,10 @@ class Plugin extends DAV\ServerPlugin $fullPath = $collectionUrl.'/'.$item; $responses[] = new DAV\Xml\Element\Response($fullPath, [], 404); } + if ($resultTruncated) { + $responses[] = new DAV\Xml\Element\Response($collectionUrl.'/', [], 507); + } + $multiStatus = new DAV\Xml\Response\MultiStatus($responses, self::SYNCTOKEN_PREFIX.$syncToken); $this->server->httpResponse->setStatus(207); diff --git a/vendor/sabre/dav/lib/DAV/Tree.php b/vendor/sabre/dav/lib/DAV/Tree.php index 2417979a6..8215e2c39 100644 --- a/vendor/sabre/dav/lib/DAV/Tree.php +++ b/vendor/sabre/dav/lib/DAV/Tree.php @@ -226,7 +226,7 @@ class Tree // flushing the entire cache $path = trim($path, '/'); foreach ($this->cache as $nodePath => $node) { - if ('' === $path || $nodePath == $path || 0 === strpos($nodePath, $path.'/')) { + if ('' === $path || $nodePath == $path || 0 === strpos((string) $nodePath, $path.'/')) { unset($this->cache[$nodePath]); } } diff --git a/vendor/sabre/dav/lib/DAV/Version.php b/vendor/sabre/dav/lib/DAV/Version.php index b25d6c07a..f8b56bb98 100644 --- a/vendor/sabre/dav/lib/DAV/Version.php +++ b/vendor/sabre/dav/lib/DAV/Version.php @@ -16,5 +16,5 @@ class Version /** * Full version number. */ - public const VERSION = '4.1.5'; + public const VERSION = '4.3.1'; } diff --git a/vendor/sabre/dav/lib/DAV/Xml/Element/Response.php b/vendor/sabre/dav/lib/DAV/Xml/Element/Response.php index 45c161fa4..79f06a09b 100644 --- a/vendor/sabre/dav/lib/DAV/Xml/Element/Response.php +++ b/vendor/sabre/dav/lib/DAV/Xml/Element/Response.php @@ -121,7 +121,7 @@ class Response implements Element foreach ($this->getResponseProperties() as $status => $properties) { // Skipping empty lists - if (!$properties || (!ctype_digit($status) && !is_int($status))) { + if (!$properties || (!is_int($status) && !ctype_digit($status))) { continue; } $empty = false; @@ -186,8 +186,21 @@ class Response implements Element return []; } + + if (!$reader->read()) { + $reader->next(); + + return []; + } + + if (Reader::END_ELEMENT === $reader->nodeType) { + $reader->next(); + + return []; + } + $values = []; - $reader->read(); + do { if (Reader::ELEMENT === $reader->nodeType) { $clark = $reader->getClark(); @@ -199,9 +212,12 @@ class Response implements Element $values[$clark] = $reader->parseCurrentElement()['value']; } } else { - $reader->read(); + if (!$reader->read()) { + break; + } } } while (Reader::END_ELEMENT !== $reader->nodeType); + $reader->read(); return $values; diff --git a/vendor/sabre/dav/lib/DAVACL/Plugin.php b/vendor/sabre/dav/lib/DAVACL/Plugin.php index 6f071927d..46d680e15 100644 --- a/vendor/sabre/dav/lib/DAVACL/Plugin.php +++ b/vendor/sabre/dav/lib/DAVACL/Plugin.php @@ -927,8 +927,6 @@ class Plugin extends DAV\ServerPlugin * Triggered before properties are looked up in specific nodes. * * @TODO really should be broken into multiple methods, or even a class. - * - * @return bool */ public function propFind(DAV\PropFind $propFind, DAV\INode $node) { @@ -1070,8 +1068,6 @@ class Plugin extends DAV\ServerPlugin * @param string $reportName * @param mixed $report * @param mixed $path - * - * @return bool */ public function report($reportName, $report, $path) { diff --git a/vendor/sabre/dav/lib/DAVACL/PrincipalBackend/AbstractBackend.php b/vendor/sabre/dav/lib/DAVACL/PrincipalBackend/AbstractBackend.php index 03a9c4bad..f61a0c953 100644 --- a/vendor/sabre/dav/lib/DAVACL/PrincipalBackend/AbstractBackend.php +++ b/vendor/sabre/dav/lib/DAVACL/PrincipalBackend/AbstractBackend.php @@ -33,7 +33,7 @@ abstract class AbstractBackend implements BackendInterface * @param string $uri * @param string $principalPrefix * - * @return string + * @return string|null */ public function findByUri($uri, $principalPrefix) { diff --git a/vendor/sabre/dav/lib/DAVACL/PrincipalBackend/BackendInterface.php b/vendor/sabre/dav/lib/DAVACL/PrincipalBackend/BackendInterface.php index 72717a59b..7140a9295 100644 --- a/vendor/sabre/dav/lib/DAVACL/PrincipalBackend/BackendInterface.php +++ b/vendor/sabre/dav/lib/DAVACL/PrincipalBackend/BackendInterface.php @@ -110,7 +110,7 @@ interface BackendInterface * @param string $uri * @param string $principalPrefix * - * @return string + * @return string|null */ public function findByUri($uri, $principalPrefix); diff --git a/vendor/sabre/dav/lib/DAVACL/Xml/Property/Principal.php b/vendor/sabre/dav/lib/DAVACL/Xml/Property/Principal.php index 24aeffad9..52092128f 100644 --- a/vendor/sabre/dav/lib/DAVACL/Xml/Property/Principal.php +++ b/vendor/sabre/dav/lib/DAVACL/Xml/Property/Principal.php @@ -142,6 +142,8 @@ class Principal extends DAV\Xml\Property\Href case self::ALL: return '<em>all</em>'; } + + return '<em>unknown</em>'; } /** |