Implement WebDAV lock backend

Signed-off-by: Julius Härtl <jus@bitgrid.net>

Author: juliusknorr

lib/DAV/LockBackend.php

@@ -33,8 +33,13 @@
 use OCA\FilesLock\Service\FileService;
 use OCA\FilesLock\Service\LockService;
 use OCP\Files\Lock\ILock;
+use OCP\Files\Lock\LockContext;
+use OCP\Files\Lock\OwnerLockedException;
+use OCP\Files\NotFoundException;
+use Sabre\DAV\Exception\NotFound;
 use Sabre\DAV\Locks\Backend\BackendInterface;
 use Sabre\DAV\Locks\LockInfo;
+use Sabre\DAV\Node;
 use Sabre\DAV\Server;
 
 class LockBackend implements BackendInterface {
@@ -68,15 +73,11 @@ public function getLocks($uri, $returnChildLocks): array {
 		$locks = [];
 		try {
 			// TODO: check parent
-			if ($this->absolute) {
-				$file = $this->fileService->getFileFromAbsoluteUri($uri);
-			} else {
-				$file = $this->fileService->getFileFromUri($uri);
-			}
-
+			$file = $this->getFileFromUri($uri);
 			$lock = $this->lockService->getLockFromFileId($file->getId());
 
-			if ($lock->getType() === ILock::TYPE_USER && $lock->getOwner() === \OC::$server->getUserSession()->getUser()->getUID()) {
+			$userLock = $this->server->httpRequest->getHeader('X-User-Lock');
+			if ($userLock && $lock->getType() === ILock::TYPE_USER && $lock->getOwner() === \OC::$server->getUserSession()->getUser()->getUID()) {
 				return [];
 			}
 
@@ -96,7 +97,25 @@ public function getLocks($uri, $returnChildLocks): array {
 	 * @return bool
 	 */
 	public function lock($uri, LockInfo $lockInfo): bool {
-		return true;
+		try {
+			$file = $this->getFileFromUri($uri);
+			$lock = $this->lockService->lock(new LockContext(
+				$file,
+				ILock::TYPE_TOKEN,
+				$lockInfo->token
+			));
+			$lock->setUserId(\OC::$server->getUserSession()->getUser()->getUID());
+			$lock->setTimeout($lockInfo->timeout);
+			$lock->setToken($lockInfo->token);
+			$lock->setDisplayName($lockInfo->owner);
+			$lock->setScope($lockInfo->scope);
+			$this->lockService->update($lock);
+			return true;
+		} catch (NotFoundException $e) {
+			return true;
+		} catch (OwnerLockedException $e) {
+			return false;
+		}
 	}
 
 
@@ -109,6 +128,27 @@ public function lock($uri, LockInfo $lockInfo): bool {
 	 * @return bool
 	 */
 	public function unlock($uri, LockInfo $lockInfo): bool {
+		try {
+			$file = $this->getFileFromUri($uri);
+		} catch (NotFoundException $e) {
+			return true;
+		}
+		$this->lockService->unlock(new LockContext(
+			$file,
+			ILock::TYPE_TOKEN,
+			$lockInfo->token
+		));
 		return true;
 	}
+
+	/**
+	 * @throws NotFoundException
+	 */
+	private function getFileFromUri(string $uri) {
+		if ($this->absolute) {
+			return $this->fileService->getFileFromAbsoluteUri($uri);
+		}
+
+		return $this->fileService->getFileFromUri($uri);
+	}
 }

lib/DAV/LockPlugin.php

@@ -3,6 +3,7 @@
 namespace OCA\FilesLock\DAV;
 
 use OCA\DAV\Connector\Sabre\CachingTree;
+use OCA\DAV\Connector\Sabre\FakeLockerPlugin;
 use OCA\DAV\Connector\Sabre\Node as SabreNode;
 use OCA\DAV\Connector\Sabre\ObjectTree;
 use OCA\FilesLock\AppInfo\Application;
@@ -38,6 +39,14 @@ public function __construct(LockService $lockService, FileService $fileService,
 	}
 
 	public function initialize(Server $server) {
+		$fakePlugin = $server->getPlugins()[FakeLockerPlugin::class] ?? null;
+		if ($fakePlugin) {
+			$server->removeListener('method:LOCK', [$fakePlugin, 'fakeLockProvider']);
+			$server->removeListener('method:UNLOCK', [$server->getPlugins()[FakeLockerPlugin::class], 'fakeUnlockProvider']);
+			$server->removeListener('propFind', [$server->getPlugins()[FakeLockerPlugin::class], 'propFind']);
+			$server->removeListener('validateTokens', [$server->getPlugins()[FakeLockerPlugin::class], 'validateTokens']);
+		}
+
 		$absolute = false;
 		switch (get_class($server->tree)) {
 			case ObjectTree::class:
@@ -72,7 +81,7 @@ public function customProperties(PropFind $propFind, INode $node) {
 				return null;
 			}
 
-			if ($lock->getType() !== ILock::TYPE_USER) {
+			if ($lock->getType() === ILock::TYPE_APP) {
 				return null;
 			}
 

lib/Db/LocksRequest.php

@@ -58,6 +58,7 @@ public function save(FileLock $lock) {
 
 		try {
 			$qb->execute();
+			$lock->setId($qb->getLastInsertId());
 		} catch (UniqueConstraintViolationException $e) {
 		}
 	}
@@ -66,11 +67,15 @@ public function update(FileLock $lock) {
 		$qb = $this->getLocksUpdateSql();
 		$qb->set('token', $qb->createNamedParameter($lock->getToken()))
 			->set('ttl', $qb->createNamedParameter($lock->getTimeout()))
+			->set('user_id', $qb->createNamedParameter($lock->getOwner()))
+			->set('owner', $qb->createNamedParameter($lock->getDisplayName()))
+			->set('scope', $qb->createNamedParameter($lock->getScope()))
 			->where($qb->expr()->eq('id', $qb->createNamedParameter($lock->getId())));
 
 		try {
 			$qb->executeStatement();
 		} catch (UniqueConstraintViolationException $e) {
+			throw $e;
 		}
 	}
 

lib/Db/LocksRequestBuilder.php

@@ -90,7 +90,7 @@ protected function getLocksUpdateSql(): CoreQueryBuilder {
 	protected function getLocksSelectSql(): CoreQueryBuilder {
 		$qb = $this->getQueryBuilder();
 
-		$qb->select('l.id', 'l.user_id', 'l.file_id', 'l.token', 'l.creation', 'l.type', 'l.ttl')
+		$qb->select('l.id', 'l.user_id', 'l.file_id', 'l.token', 'l.creation', 'l.type', 'l.ttl', 'l.owner')
 		   ->from(self::TABLE_LOCKS, 'l');
 
 		$qb->setDefaultSelectAlias('l');

lib/Migration/Version1000Date20220430180808.php

@@ -0,0 +1,74 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * @copyright Copyright (c) 2022 Your name <your@email.com>
+ *
+ * @author Your name <your@email.com>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OCA\FilesLock\Migration;
+
+use Closure;
+use OCP\DB\ISchemaWrapper;
+use OCP\DB\Types;
+use OCP\Migration\IOutput;
+use OCP\Migration\SimpleMigrationStep;
+
+/**
+ * Auto-generated migration step: Please modify to your needs!
+ */
+class Version1000Date20220430180808 extends SimpleMigrationStep {
+
+	/**
+	 * @param IOutput $output
+	 * @param Closure $schemaClosure The `\Closure` returns a `ISchemaWrapper`
+	 * @param array $options
+	 */
+	public function preSchemaChange(IOutput $output, Closure $schemaClosure, array $options): void {
+	}
+
+	/**
+	 * @param IOutput $output
+	 * @param Closure $schemaClosure The `\Closure` returns a `ISchemaWrapper`
+	 * @param array $options
+	 * @return null|ISchemaWrapper
+	 */
+	public function changeSchema(IOutput $output, Closure $schemaClosure, array $options): ?ISchemaWrapper {
+		/** @var ISchemaWrapper $schema */
+		$schema = $schemaClosure();
+		$table = $schema->getTable('files_lock');
+
+		$hasSchemaChanges = false;
+		if (!$table->hasColumn('owner')) {
+			$table->addColumn(
+				'owner', Types::STRING,
+				[
+					'notnull' => false,
+					'length'  => 255,
+					'default' => ''
+				]
+			);
+			$hasSchemaChanges = true;
+		}
+
+		return $hasSchemaChanges ? $schema : null;
+	}
+}

lib/Model/FileLock.php

@@ -76,6 +76,9 @@ class FileLock implements ILock, IQueryRow, JsonSerializable {
 
 	private ?string $displayName = null;
 
+	private string $owner = '';
+	private $scope = ILock::LOCK_EXCLUSIVE;
+
 	/**
 	 * FileLock constructor.
 	 *
@@ -243,7 +246,13 @@ public function getDepth(): int {
 	}
 
 	public function getScope(): int {
-		return ILock::LOCK_EXCLUSIVE;
+		return $this->scope;
+	}
+
+	public function setScope(int $scope): self {
+		$this->scope = $scope;
+
+		return $this;
 	}
 
 	public function getType(): int {
@@ -294,6 +303,7 @@ public function importFromDatabase(array $data):IQueryRow {
 		$this->setCreation($this->getInt('creation', $data));
 		$this->setLockType($this->getInt('type', $data));
 		$this->setTimeout($this->getInt('ttl', $data));
+		$this->setDisplayName($this->get('owner', $data));
 
 		return $this;
 	}
@@ -311,6 +321,7 @@ public function import(array $data) {
 		$this->setCreation($this->getInt('creation', $data));
 		$this->setLockType($this->getInt('type', $data));
 		$this->setTimeout($this->getInt('ttl', $data));
+		$this->setDisplayName($this->get('owner', $data));
 	}
 
 

lib/Service/LockService.php

@@ -124,8 +124,7 @@ public function lock(LockContext $lockScope): FileLock {
 
 			// Extend lock expiry if matching
 			if (
-				$known->getType() === $lockScope->getType() &&
-				$known->getOwner() === $lockScope->getOwner()
+				$known->getType() === $lockScope->getType() && $known->getOwner() === $lockScope->getOwner()
 			) {
 				$known->setTimeout(
 					$known->getTimeout() - $known->getETA() + $this->configService->getTimeoutSeconds()
@@ -150,6 +149,10 @@ public function lock(LockContext $lockScope): FileLock {
 		}
 	}
 
+	public function update(FileLock $lock) {
+		$this->locksRequest->update($lock);
+	}
+
 	public function getAppName(string $appId): ?string {
 		$appInfo = $this->appManager->getAppInfo($appId);
 		return $appInfo['name'] ?? null;
@@ -165,10 +168,8 @@ public function unlock(LockContext $lock, bool $force = false): FileLock {
 		$this->notice('unlocking file', false, ['fileLock' => $lock]);
 
 		$known = $this->getLockFromFileId($lock->getNode()->getId());
-		if (!$force && ($lock->getOwner() !== $known->getOwner() || $lock->getType() !== $known->getType())) {
-			throw new UnauthorizedUnlockException(
-				$this->l10n->t('File can only be unlocked by the owner of the lock')
-			);
+		if (!$force) {
+			$this->canUnlock($lock, $known);
 		}
 
 		$this->locksRequest->delete($known);
@@ -177,6 +178,33 @@ public function unlock(LockContext $lock, bool $force = false): FileLock {
 		return $known;
 	}
 
+	public function canUnlock(LockContext $request, FileLock $current): void {
+		$isSameUser = $current->getOwner() === $this->userId;
+		$isSameToken = $request->getOwner() === $current->getToken();
+		$isSameOwner = $request->getOwner() === $current->getOwner();
+		$isSameType = $request->getType() === $current->getType();
+
+		// Check the token for token based locks
+		if ($request->getType() === ILock::TYPE_TOKEN) {
+			if ($isSameToken || $isSameUser) {
+				return;
+			}
+
+			throw new UnauthorizedUnlockException(
+				$this->l10n->t('File can only be unlocked by providing a valid owner lock token')
+			);
+		}
+
+		// Otherwise, we check if the owner (user id OR app id) for a match
+		if ($isSameOwner && $isSameType) {
+			return;
+		}
+
+		throw new UnauthorizedUnlockException(
+			$this->l10n->t('File can only be unlocked by the owner of the lock')
+		);
+	}
+
 
 	/**
 	 * @throws InvalidPathException
@@ -254,7 +282,8 @@ public function injectMetadata(FileLock $lock): FileLock {
 			$displayName = $this->getAppName($lock->getOwner()) ?? null;
 		}
 		if ($lock->getType() === ILock::TYPE_TOKEN) {
-			$displayName = $lock->getOwner();
+			$user = $this->userManager->get($lock->getOwner());
+			$displayName = $user ? $user->getDisplayName(): $lock->getDisplayName();
 		}
 
 		$lock->setDisplayName($displayName);

tests/Feature/LockFeatureTest.php

@@ -23,6 +23,7 @@
 
 use OCA\FilesLock\AppInfo\Application;
 use OCA\FilesLock\Service\ConfigService;
+use OC\Files\Lock\LockManager;
 use OCP\AppFramework\Utility\ITimeFactory;
 use OCP\Files\IRootFolder;
 use OCP\Files\Lock\ILock;
@@ -41,7 +42,7 @@ class LockFeatureTest extends TestCase {
 	public const TEST_USER1 = "test-user1";
 	public const TEST_USER2 = "test-user2";
 
-	private \OC\Files\Lock\LockManager $lockManager;
+	private LockManager $lockManager;
 	private IRootFolder $rootFolder;
 	private ?int $time = null;