diff --git a/apps/unhosted/appinfo/app.php b/apps/unhosted/appinfo/app.php
new file mode 100644
index 0000000000000000000000000000000000000000..84e07304534111bd092f98d96b44bcfa45a26e11
--- /dev/null
+++ b/apps/unhosted/appinfo/app.php
@@ -0,0 +1,5 @@
+<?php
+OC_App::register( array(
+ 'order' => 10,
+ 'id' => 'unhosted',
+ 'name' => 'Unhosted Web' ));
diff --git a/apps/unhosted/appinfo/database.xml b/apps/unhosted/appinfo/database.xml
new file mode 100644
index 0000000000000000000000000000000000000000..db25657085b841427421feacb95b21c739369b8e
--- /dev/null
+++ b/apps/unhosted/appinfo/database.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="ISO-8859-1" ?>
+<database>
+ <name>*dbname*</name>
+ <create>true</create>
+ <overwrite>false</overwrite>
+ <charset>latin1</charset>
+ <table>
+ <name>*dbprefix*authtoken</name>
+ <declaration>
+ <field>
+ <name>token</name>
+ <type>text</type>
+ <default></default>
+ <notnull>true</notnull>
+ <length>40</length>
+ </field>
+ <field>
+ <name>appUrl</name>
+ <type>text</type>
+ <default></default>
+ <notnull>true</notnull>
+ <length>128</length>
+ </field>
+ <field>
+ <name>user</name>
+ <type>text</type>
+ <default></default>
+ <notnull>true</notnull>
+ <length>64</length>
+ </field>
+ <field>
+ <name>dataScope</name>
+ <type>text</type>
+ <default></default>
+ <notnull>true</notnull>
+ <length>64</length>
+ </field>
+ <field>
+ <name>userAddress</name>
+ <type>text</type>
+ <default></default>
+ <notnull>true</notnull>
+ <length>64</length>
+ </field>
+ <index>
+ <name>a_app_unhostedweb_user</name>
+ <unique>true</unique>
+ <field>
+ <name>user</name>
+ <sorting>ascending</sorting>
+ </field>
+ <field>
+ <name>token</name>
+ <sorting>ascending</sorting>
+ </field>
+ </index>
+ </declaration>
+ </table>
+</database>
diff --git a/apps/unhosted/appinfo/info.xml b/apps/unhosted/appinfo/info.xml
new file mode 100644
index 0000000000000000000000000000000000000000..359620f457807c86457ab6d8e9ac9fc7d5c08038
--- /dev/null
+++ b/apps/unhosted/appinfo/info.xml
@@ -0,0 +1,10 @@
+<?xml version="1.0"?>
+<info>
+ <id>unhosted</id>
+ <name>Unhosted Web</name>
+ <description>On websites that allow unhosted accounts, use your owncloud as the storage for your user data</description>
+ <version>0.1</version>
+ <licence>AGPL</licence>
+ <author>Michiel de Jong</author>
+ <require>2</require>
+</info>
diff --git a/apps/unhosted/compat.php b/apps/unhosted/compat.php
new file mode 100644
index 0000000000000000000000000000000000000000..88dac5e7b5541b70115405f816357d2eeb10162c
--- /dev/null
+++ b/apps/unhosted/compat.php
@@ -0,0 +1,110 @@
+<?php
+
+/**
+* ownCloud
+*
+* Original:
+* @author Frank Karlitschek
+* @copyright 2010 Frank Karlitschek karlitschek@kde.org
+*
+* Adapted:
+* @author Michiel de Jong, 2011
+*
+* This library is free software; you can redistribute it and/or
+* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
+* License as published by the Free Software Foundation; either
+* version 3 of the License, or any later version.
+*
+* This library is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
+*
+* You should have received a copy of the GNU Affero General Public
+* License along with this library. If not, see <http://www.gnu.org/licenses/>.
+*
+*/
+
+
+// Do not load FS ...
+$RUNTIME_NOSETUPFS = true;
+
+require_once('../../lib/base.php');
+require_once('Sabre/autoload.php');
+require_once('lib_unhosted.php');
+require_once('oauth_ro_auth.php');
+
+ini_set('default_charset', 'UTF-8');
+#ini_set('error_reporting', '');
+@ob_clean();
+
+//allow use as unhosted storage for other websites
+if(isset($_SERVER['HTTP_ORIGIN'])) {
+ header('Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN']);
+ header('Access-Control-Max-Age: 3600');
+ header('Access-Control-Allow-Methods: OPTIONS, GET, PUT, DELETE, PROPFIND');
+ header('Access-Control-Allow-Headers: Authorization');
+} else {
+ header('Access-Control-Allow-Origin: *');
+}
+
+$path = substr($_SERVER["REQUEST_URI"], strlen($_SERVER["SCRIPT_NAME"]));
+$pathParts = explode('/', $path);
+// for webdav:
+// 0/ 1 / 2 / 3 / 4 / 5 / 6 / 7
+// /$ownCloudUser/unhosted/webdav/$userHost/$userName/$dataScope/$key
+// for oauth:
+// 0/ 1 / 2 / 3 / 4
+// /$ownCloudUser/unhosted/oauth/auth
+
+if(count($pathParts) >= 8 && $pathParts[0] == '' && $pathParts[2] == 'unhosted' && $pathParts[3] == 'webdav') {
+ list($dummy0, $ownCloudUser, $dummy2, $dummy3, $userHost, $userName, $dataScope) = $pathParts;
+
+ OC_Util::setupFS($ownCloudUser);
+
+ // Create ownCloud Dir
+ $publicDir = new OC_Connector_Sabre_Directory('');
+ $server = new Sabre_DAV_Server($publicDir);
+
+ // Path to our script
+ $server->setBaseUri("$WEBROOT/apps/core_unhosted/compat.php/$ownCloudUser");
+
+ // Auth backend
+ $authBackend = new OC_Connector_Sabre_Auth_ro_oauth(OC_UnhostedWeb::getValidTokens($ownCloudUser, $userName.'@'.$userHost, $dataScope));
+
+ $authPlugin = new Sabre_DAV_Auth_Plugin($authBackend,'ownCloud');//should use $validTokens here
+ $server->addPlugin($authPlugin);
+
+ // Also make sure there is a 'data' directory, writable by the server. This directory is used to store information about locks
+ $lockBackend = new OC_Connector_Sabre_Locks();
+ $lockPlugin = new Sabre_DAV_Locks_Plugin($lockBackend);
+ $server->addPlugin($lockPlugin);
+
+ // And off we go!
+ $server->exec();
+} else if(count($pathParts) >= 4 && $pathParts[0] == '' && $pathParts[2] == 'unhosted' && $pathParts[3] == 'oauth2' && $pathParts[4] = 'auth') {
+ if(isset($_POST['allow'])) {
+ //TODO: input checking. these explodes may fail to produces the desired arrays:
+ $ownCloudUser = $pathParts[1];
+ foreach($_GET as $k => $v) {
+ if($k=='user_address'){
+ $userAddress=$v;
+ } else if($k=='redirect_uri'){
+ $appUrl=$v;
+ } else if($k=='scope'){
+ $dataScope=$v;
+ }
+ }
+ if(OC_User::getUser() == $ownCloudUser) {
+ //TODO: check if this can be faked by editing the cookie in firebug!
+ $token=OC_UnhostedWeb::createDataScope($appUrl, $userAddress, $dataScope);
+ header('Location: '.$_GET['redirect_uri'].'#access_token='.$token.'&token_type=unhosted');
+ } else {
+ die('not logged in: '.var_export($pathParts, true));
+ }
+ } else {
+ echo '<form method="POST"><input name="allow" type="submit" value="Allow this web app to store stuff on your owncloud."></form>';
+ }
+} else {
+ die('not webdav and not oauth. dont know what to do '.var_export($pathParts, true));
+}
diff --git a/apps/unhosted/lib_unhosted.php b/apps/unhosted/lib_unhosted.php
new file mode 100644
index 0000000000000000000000000000000000000000..304759c521c8d53327b10820e99851777c33645e
--- /dev/null
+++ b/apps/unhosted/lib_unhosted.php
@@ -0,0 +1,86 @@
+<?php
+
+class OC_UnhostedWeb {
+ public static function getValidTokens($ownCloudUser, $userAddress, $dataScope) {
+ $user=OC_DB::escape($ownCloudUser);
+ $userAddress=OC_DB::escape($userAddress);
+ $dataScope=OC_DB::escape($dataScope);
+ $query=OC_DB::prepare("SELECT token,appUrl FROM *PREFIX*authtoken WHERE user=? AND userAddress=? AND dataScope=? LIMIT 100");
+ $result=$query->execute(array($user,$userAddress,$dataScope));
+ if( PEAR::isError($result)) {
+ $entry = 'DB Error: "'.$result->getMessage().'"<br />';
+ $entry .= 'Offending command was: '.$result->getDebugInfo().'<br />';
+ error_log( $entry );
+ die( $entry );
+ }
+ $ret = array();
+ while($row=$result->fetchRow()){
+ $ret[$row['token']]=$userAddress;
+ }
+ return $ret;
+ }
+
+ public static function getAllTokens() {
+ $user=OC_User::getUser();
+ $query=OC_DB::prepare("SELECT token,appUrl,userAddress,dataScope FROM *PREFIX*authtoken WHERE user=? LIMIT 100");
+ $result=$query->execute(array($user));
+ if( PEAR::isError($result)) {
+ $entry = 'DB Error: "'.$result->getMessage().'"<br />';
+ $entry .= 'Offending command was: '.$result->getDebugInfo().'<br />';
+ error_log( $entry );
+ die( $entry );
+ }
+ $ret = array();
+ while($row=$result->fetchRow()){
+ $ret[$row['token']] = array(
+ 'appUrl' => $row['appurl'],
+ 'userAddress' => $row['useraddress'],
+ 'dataScope' => $row['datascope'],
+ );
+ }
+ return $ret;
+ }
+
+ public static function deleteToken($token) {
+ $user=OC_User::getUser();
+ $token=OC_DB::escape($token);
+ $query=OC_DB::prepare("DELETE FROM *PREFIX*authtoken WHERE token=? AND user=?");
+ $result=$query->execute(array($token,$user));
+ if( PEAR::isError($result)) {
+ $entry = 'DB Error: "'.$result->getMessage().'"<br />';
+ $entry .= 'Offending command was: '.$result->getDebugInfo().'<br />';
+ error_log( $entry );
+ die( $entry );
+ }
+ }
+ private static function addToken($token, $appUrl, $userAddress, $dataScope){
+ $user=OC_User::getUser();
+ $token=OC_DB::escape($token);
+ $appUrl=OC_DB::escape($appUrl);
+ $userAddress=OC_DB::escape($userAddress);
+ $dataScope=OC_DB::escape($dataScope);
+ $query=OC_DB::prepare("INSERT INTO *PREFIX*authtoken (`token`,`appUrl`,`user`,`userAddress`,`dataScope`) VALUES(?,?,?,?,?)");
+ $result=$query->execute(array($token,$appUrl,$user,$userAddress,$dataScope));
+ if( PEAR::isError($result)) {
+ $entry = 'DB Error: "'.$result->getMessage().'"<br />';
+ $entry .= 'Offending command was: '.$result->getDebugInfo().'<br />';
+ error_log( $entry );
+ die( $entry );
+ }
+ }
+ public static function createDataScope($appUrl, $userAddress, $dataScope){
+ $token=uniqid();
+ self::addToken($token, $appUrl, $userAddress, $dataScope);
+ //TODO: input checking on $userAddress and $dataScope
+ list($userName, $userHost) = explode('@', $userAddress);
+ OC_Util::setupFS(OC_User::getUser());
+ $scopePathParts = array('unhosted', 'webdav', $userHost, $userName, $dataScope);
+ for($i=0;$i<=count($scopePathParts);$i++){
+ $thisPath = '/'.implode('/', array_slice($scopePathParts, 0, $i));
+ if(!OC_Filesystem::file_exists($thisPath)) {
+ OC_Filesystem::mkdir($thisPath);
+ }
+ }
+ return $token;
+ }
+}
diff --git a/apps/unhosted/oauth_ro_auth.php b/apps/unhosted/oauth_ro_auth.php
new file mode 100644
index 0000000000000000000000000000000000000000..b785d85fead0996b4c83443f60fea48d9278444a
--- /dev/null
+++ b/apps/unhosted/oauth_ro_auth.php
@@ -0,0 +1,73 @@
+<?php
+/**
+ * HTTP Basic authentication backend class
+ *
+ * This class can be used by authentication objects wishing to use HTTP Basic
+ * Most of the digest logic is handled, implementors just need to worry about
+ * the validateUserPass method.
+ *
+ * @package Sabre
+ * @subpackage DAV
+ * @copyright Copyright (C) 2007-2011 Rooftop Solutions. All rights reserved.
+ * @author James David Low (http://jameslow.com/)
+ * @author Evert Pot (http://www.rooftopsolutions.nl/)
+ * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License
+ */
+class OC_Connector_Sabre_Auth_ro_oauth extends Sabre_DAV_Auth_Backend_AbstractBasic {
+ private $validTokens;
+
+ public function __construct($validTokensArg) {
+ $this->validTokens = $validTokensArg;
+ }
+
+ /**
+ * Validates a username and password
+ *
+ * This method should return true or false depending on if login
+ * succeeded.
+ *
+ * @return bool
+ */
+ protected function validateUserPass($username, $password){
+ //always give read-only:
+ if(in_array($_SERVER['REQUEST_METHOD'], array('GET', 'HEAD', 'OPTIONS'))) {
+ OC_Util::setUpFS();
+ return true;
+ } else if(isset($this->validTokens[$password]) && $this->validTokens[$password] == $username) {
+ OC_Util::setUpFS();
+ return true;
+ } else {
+var_export($_SERVER);
+var_export($this->validTokens);
+die('not getting in with "'.$username.'"/"'.$password.'"!');
+ return false;
+ }
+ }
+
+ //overwriting this to make it not automatically fail if no auth header is found:
+ public function authenticate(Sabre_DAV_Server $server,$realm) {
+ $auth = new Sabre_HTTP_BasicAuth();
+ $auth->setHTTPRequest($server->httpRequest);
+ $auth->setHTTPResponse($server->httpResponse);
+ $auth->setRealm($realm);
+ $userpass = $auth->getUserPass();
+ if (!$userpass) {
+ if(in_array($_SERVER['REQUEST_METHOD'], array('GET', 'HEAD', 'OPTIONS'))) {
+ $userpass = array('', '');
+ } else {
+ $auth->requireLogin();
+ throw new Sabre_DAV_Exception_NotAuthenticated('No basic authentication headers were found');
+ }
+ }
+
+ // Authenticates the user
+ if (!$this->validateUserPass($userpass[0],$userpass[1])) {
+ $auth->requireLogin();
+ throw new Sabre_DAV_Exception_NotAuthenticated('Username or password does not match');
+ }
+ $this->currentUser = $userpass[0];
+ return true;
+ }
+
+}
+