implementation of the federated share provider

.gitignore

@@ -13,6 +13,7 @@
 !/apps/dav
 !/apps/files
 !/apps/federation
+!/apps/federatedfilesharing
 !/apps/encryption
 !/apps/files_external
 !/apps/files_sharing

apps/federatedfilesharing/appinfo/app.php

@@ -0,0 +1,27 @@
+<?php
+/**
+ * @author Björn Schießle <schiessle@owncloud.com>
+ *
+ * @copyright Copyright (c) 2016, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+namespace OCA\FederatedFileSharing\AppInfo;
+
+use OCP\AppFramework\App;
+
+new App('federatedfilesharing');
+

apps/federatedfilesharing/appinfo/info.xml

@@ -0,0 +1,14 @@
+<?xml version="1.0"?>
+<info>
+    <id>federatedfilesharing</id>
+    <name>Federated File Sharing</name>
+    <description>Provide federated file sharing across ownCloud servers</description>
+    <licence>AGPL</licence>
+    <author>Bjoern Schiessle, Roeland Jago Douma</author>
+    <version>0.1.0</version>
+    <namespace>FederatedFileSharing</namespace>
+    <category>other</category>
+    <dependencies>
+        <owncloud min-version="9.0" max-version="9.0" />
+    </dependencies>
+</info>

apps/federatedfilesharing/lib/addresshandler.php

@@ -0,0 +1,184 @@
+<?php
+/**
+ * @author Björn Schießle <schiessle@owncloud.com>
+ *
+ * @copyright Copyright (c) 2016, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+namespace OCA\FederatedFileSharing;
+use OC\HintException;
+use OCP\IL10N;
+use OCP\IURLGenerator;
+
+/**
+ * Class AddressHandler - parse, modify and construct federated sharing addresses
+ *
+ * @package OCA\FederatedFileSharing
+ */
+class AddressHandler {
+
+	/** @var IL10N */
+	private $l;
+
+	/** @var IURLGenerator */
+	private $urlGenerator;
+
+	/**
+	 * AddressHandler constructor.
+	 *
+	 * @param IURLGenerator $urlGenerator
+	 * @param IL10N $il10n
+	 */
+	public function __construct(
+		IURLGenerator $urlGenerator,
+		IL10N $il10n
+	) {
+		$this->l = $il10n;
+		$this->urlGenerator = $urlGenerator;
+	}
+
+	/**
+	 * split user and remote from federated cloud id
+	 *
+	 * @param string $address federated share address
+	 * @return array [user, remoteURL]
+	 * @throws HintException
+	 */
+	public function splitUserRemote($address) {
+		if (strpos($address, '@') === false) {
+			$hint = $this->l->t('Invalid Federated Cloud ID');
+			throw new HintException('Invalid Federated Cloud ID', $hint);
+		}
+
+		// Find the first character that is not allowed in user names
+		$id = str_replace('\\', '/', $address);
+		$posSlash = strpos($id, '/');
+		$posColon = strpos($id, ':');
+
+		if ($posSlash === false && $posColon === false) {
+			$invalidPos = strlen($id);
+		} else if ($posSlash === false) {
+			$invalidPos = $posColon;
+		} else if ($posColon === false) {
+			$invalidPos = $posSlash;
+		} else {
+			$invalidPos = min($posSlash, $posColon);
+		}
+
+		// Find the last @ before $invalidPos
+		$pos = $lastAtPos = 0;
+		while ($lastAtPos !== false && $lastAtPos <= $invalidPos) {
+			$pos = $lastAtPos;
+			$lastAtPos = strpos($id, '@', $pos + 1);
+		}
+
+		if ($pos !== false) {
+			$user = substr($id, 0, $pos);
+			$remote = substr($id, $pos + 1);
+			$remote = $this->fixRemoteURL($remote);
+			if (!empty($user) && !empty($remote)) {
+				return array($user, $remote);
+			}
+		}
+
+		$hint = $this->l->t('Invalid Federated Cloud ID');
+		throw new HintException('Invalid Federated Cloud ID', $hint);
+	}
+
+	/**
+	 * generate remote URL part of federated ID
+	 *
+	 * @return string url of the current server
+	 */
+	public function generateRemoteURL() {
+		$url = $this->urlGenerator->getAbsoluteURL('/');
+		return $url;
+	}
+
+	/**
+	 * check if two federated cloud IDs refer to the same user
+	 *
+	 * @param string $user1
+	 * @param string $server1
+	 * @param string $user2
+	 * @param string $server2
+	 * @return bool true if both users and servers are the same
+	 */
+	public function compareAddresses($user1, $server1, $user2, $server2) {
+		$normalizedServer1 = strtolower($this->removeProtocolFromUrl($server1));
+		$normalizedServer2 = strtolower($this->removeProtocolFromUrl($server2));
+
+		if (rtrim($normalizedServer1, '/') === rtrim($normalizedServer2, '/')) {
+			// FIXME this should be a method in the user management instead
+			\OCP\Util::emitHook(
+				'\OCA\Files_Sharing\API\Server2Server',
+				'preLoginNameUsedAsUserName',
+				array('uid' => &$user1)
+			);
+			\OCP\Util::emitHook(
+				'\OCA\Files_Sharing\API\Server2Server',
+				'preLoginNameUsedAsUserName',
+				array('uid' => &$user2)
+			);
+
+			if ($user1 === $user2) {
+				return true;
+			}
+		}
+
+		return false;
+	}
+
+	/**
+	 * remove protocol from URL
+	 *
+	 * @param string $url
+	 * @return string
+	 */
+	public function removeProtocolFromUrl($url) {
+		if (strpos($url, 'https://') === 0) {
+			return substr($url, strlen('https://'));
+		} else if (strpos($url, 'http://') === 0) {
+			return substr($url, strlen('http://'));
+		}
+
+		return $url;
+	}
+
+	/**
+	 * Strips away a potential file names and trailing slashes:
+	 * - http://localhost
+	 * - http://localhost/
+	 * - http://localhost/index.php
+	 * - http://localhost/index.php/s/{shareToken}
+	 *
+	 * all return: http://localhost
+	 *
+	 * @param string $remote
+	 * @return string
+	 */
+	protected function fixRemoteURL($remote) {
+		$remote = str_replace('\\', '/', $remote);
+		if ($fileNamePosition = strpos($remote, '/index.php')) {
+			$remote = substr($remote, 0, $fileNamePosition);
+		}
+		$remote = rtrim($remote, '/');
+
+		return $remote;
+	}
+
+}

apps/federatedfilesharing/lib/federatedshareprovider.php

@@ -0,0 +1,556 @@
+<?php
+/**
+ * @author Björn Schießle <schiessle@owncloud.com>
+ *
+ * @copyright Copyright (c) 2016, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+namespace OCA\FederatedFileSharing;
+
+use OC\Share20\Share;
+use OCP\Files\IRootFolder;
+use OCP\IL10N;
+use OCP\ILogger;
+use OCP\Share\IShare;
+use OCP\Share\IShareProvider;
+use OC\Share20\Exception\InvalidShare;
+use OCP\Share\Exceptions\ShareNotFound;
+use OCP\Files\NotFoundException;
+use OCP\IDBConnection;
+use OCP\Files\Node;
+
+/**
+ * Class FederatedShareProvider
+ *
+ * @package OCA\FederatedFileSharing
+ */
+class FederatedShareProvider implements IShareProvider {
+
+	const SHARE_TYPE_REMOTE = 6;
+
+	/** @var IDBConnection */
+	private $dbConnection;
+
+	/** @var AddressHandler */
+	private $addressHandler;
+
+	/** @var Notifications */
+	private $notifications;
+
+	/** @var TokenHandler */
+	private $tokenHandler;
+
+	/** @var IL10N */
+	private $l;
+
+	/** @var ILogger */
+	private $logger;
+
+	/** @var IRootFolder */
+	private $rootFolder;
+
+	/**
+	 * DefaultShareProvider constructor.
+	 *
+	 * @param IDBConnection $connection
+	 * @param AddressHandler $addressHandler
+	 * @param Notifications $notifications
+	 * @param TokenHandler $tokenHandler
+	 * @param IL10N $l10n
+	 * @param ILogger $logger
+	 * @param IRootFolder $rootFolder
+	 */
+	public function __construct(
+			IDBConnection $connection,
+			AddressHandler $addressHandler,
+			Notifications $notifications,
+			TokenHandler $tokenHandler,
+			IL10N $l10n,
+			ILogger $logger,
+			IRootFolder $rootFolder
+	) {
+		$this->dbConnection = $connection;
+		$this->addressHandler = $addressHandler;
+		$this->notifications = $notifications;
+		$this->tokenHandler = $tokenHandler;
+		$this->l = $l10n;
+		$this->logger = $logger;
+		$this->rootFolder = $rootFolder;
+	}
+
+	/**
+	 * Return the identifier of this provider.
+	 *
+	 * @return string Containing only [a-zA-Z0-9]
+	 */
+	public function identifier() {
+		return 'ocFederatedSharing';
+	}
+
+	/**
+	 * Share a path
+	 *
+	 * @param IShare $share
+	 * @return IShare The share object
+	 * @throws ShareNotFound
+	 * @throws \Exception
+	 */
+	public function create(IShare $share) {
+
+		$shareWith = $share->getSharedWith();
+		$itemSource = $share->getNodeId();
+		$itemType = $share->getNodeType();
+		$uidOwner = $share->getShareOwner();
+		$permissions = $share->getPermissions();
+		$sharedBy = $share->getSharedBy();
+
+		/*
+		 * Check if file is not already shared with the remote user
+		 */
+		$alreadyShared = $this->getSharedWith($shareWith, self::SHARE_TYPE_REMOTE, $share->getNode(), 1, 0);
+		if (!empty($alreadyShared)) {
+			$message = 'Sharing %s failed, because this item is already shared with %s';
+			$message_t = $this->l->t('Sharing %s failed, because this item is already shared with %s', array($share->getNode()->getName(), $shareWith));
+			$this->logger->debug(sprintf($message, $share->getNode()->getName(), $shareWith), ['app' => 'Federated File Sharing']);
+			throw new \Exception($message_t);
+		}
+
+
+		// don't allow federated shares if source and target server are the same
+		list($user, $remote) = $this->addressHandler->splitUserRemote($shareWith);
+		$currentServer = $this->addressHandler->generateRemoteURL();
+		$currentUser = $sharedBy;
+		if ($this->addressHandler->compareAddresses($user, $remote, $currentUser, $currentServer)) {
+			$message = 'Not allowed to create a federated share with the same user.';
+			$message_t = $this->l->t('Not allowed to create a federated share with the same user');
+			$this->logger->debug($message, ['app' => 'Federated File Sharing']);
+			throw new \Exception($message_t);
+		}
+
+		$token = $this->tokenHandler->generateToken();
+
+		$shareWith = $user . '@' . $remote;
+
+		$shareId = $this->addShareToDB($itemSource, $itemType, $shareWith, $sharedBy, $uidOwner, $permissions, $token);
+
+		$send = $this->notifications->sendRemoteShare(
+			$token,
+			$shareWith,
+			$share->getNode()->getName(),
+			$shareId,
+			$share->getSharedBy()
+		);
+
+		$data = $this->getRawShare($shareId);
+		$share = $this->createShare($data);
+
+		if ($send === false) {
+			$this->delete($share);
+			$message_t = $this->l->t('Sharing %s failed, could not find %s, maybe the server is currently unreachable.',
+				[$share->getNode()->getName(), $shareWith]);
+			throw new \Exception($message_t);
+		}
+
+		return $share;
+	}
+
+	/**
+	 * add share to the database and return the ID
+	 *
+	 * @param int $itemSource
+	 * @param string $itemType
+	 * @param string $shareWith
+	 * @param string $sharedBy
+	 * @param string $uidOwner
+	 * @param int $permissions
+	 * @param string $token
+	 * @return int
+	 */
+	private function addShareToDB($itemSource, $itemType, $shareWith, $sharedBy, $uidOwner, $permissions, $token) {
+		$qb = $this->dbConnection->getQueryBuilder();
+		$qb->insert('share')
+			->setValue('share_type', $qb->createNamedParameter(self::SHARE_TYPE_REMOTE))
+			->setValue('item_type', $qb->createNamedParameter($itemType))
+			->setValue('item_source', $qb->createNamedParameter($itemSource))
+			->setValue('file_source', $qb->createNamedParameter($itemSource))
+			->setValue('share_with', $qb->createNamedParameter($shareWith))
+			->setValue('uid_owner', $qb->createNamedParameter($uidOwner))
+			->setValue('uid_initiator', $qb->createNamedParameter($sharedBy))
+			->setValue('permissions', $qb->createNamedParameter($permissions))
+			->setValue('token', $qb->createNamedParameter($token))
+			->setValue('stime', $qb->createNamedParameter(time()));
+
+		$qb->execute();
+		$id = $qb->getLastInsertId();
+
+		return (int)$id;
+	}
+
+	/**
+	 * Update a share
+	 *
+	 * @param IShare $share
+	 * @return IShare The share object
+	 */
+	public function update(IShare $share) {
+		/*
+		 * We allow updating the permissions of federated shares
+		 */
+		$qb = $this->dbConnection->getQueryBuilder();
+			$qb->update('share')
+				->where($qb->expr()->eq('id', $qb->createNamedParameter($share->getId())))
+				->set('permissions', $qb->createNamedParameter($share->getPermissions()))
+				->execute();
+
+		return $share;
+	}
+
+	/**
+	 * @inheritdoc
+	 */
+	public function move(IShare $share, $recipient) {
+		/*
+		 * This function does nothing yet as it is just for outgoing
+		 * federated shares.
+		 */
+		return $share;
+	}
+
+	/**
+	 * Get all children of this share
+	 *
+	 * @param IShare $parent
+	 * @return IShare[]
+	 */
+	public function getChildren(IShare $parent) {
+		$children = [];
+
+		$qb = $this->dbConnection->getQueryBuilder();
+		$qb->select('*')
+			->from('share')
+			->where($qb->expr()->eq('parent', $qb->createNamedParameter($parent->getId())))
+			->andWhere($qb->expr()->eq('share_type', $qb->createNamedParameter(self::SHARE_TYPE_REMOTE)))
+			->orderBy('id');
+
+		$cursor = $qb->execute();
+		while($data = $cursor->fetch()) {
+			$children[] = $this->createShare($data);
+		}
+		$cursor->closeCursor();
+
+		return $children;
+	}
+
+	/**
+	 * Delete a share
+	 *
+	 * @param IShare $share
+	 */
+	public function delete(IShare $share) {
+		$qb = $this->dbConnection->getQueryBuilder();
+		$qb->delete('share')
+			->where($qb->expr()->eq('id', $qb->createNamedParameter($share->getId())));
+		$qb->execute();
+
+		list(, $remote) = $this->addressHandler->splitUserRemote($share->getSharedWith());
+		$this->notifications->sendRemoteUnShare($remote, $share->getId(), $share->getToken());
+	}
+
+	/**
+	 * @inheritdoc
+	 */
+	public function deleteFromSelf(IShare $share, $recipient) {
+		// nothing to do here. Technically deleteFromSelf in the context of federated
+		// shares is a umount of a external storage. This is handled here
+		// apps/files_sharing/lib/external/manager.php
+		// TODO move this code over to this app
+		return;
+	}
+
+	/**
+	 * @inheritdoc
+	 */
+	public function getSharesBy($userId, $shareType, $node, $reshares, $limit, $offset) {
+		$qb = $this->dbConnection->getQueryBuilder();
+		$qb->select('*')
+			->from('share');
+
+		$qb->andWhere($qb->expr()->eq('share_type', $qb->createNamedParameter(self::SHARE_TYPE_REMOTE)));
+
+		/**
+		 * Reshares for this user are shares where they are the owner.
+		 */
+		if ($reshares === false) {
+			//Special case for old shares created via the web UI
+			$or1 = $qb->expr()->andX(
+				$qb->expr()->eq('uid_owner', $qb->createNamedParameter($userId)),
+				$qb->expr()->isNull('uid_initiator')
+			);
+
+			$qb->andWhere(
+				$qb->expr()->orX(
+					$qb->expr()->eq('uid_initiator', $qb->createNamedParameter($userId)),
+					$or1
+				)
+			);
+		} else {
+			$qb->andWhere(
+				$qb->expr()->orX(
+					$qb->expr()->eq('uid_owner', $qb->createNamedParameter($userId)),
+					$qb->expr()->eq('uid_initiator', $qb->createNamedParameter($userId))
+				)
+			);
+		}
+
+		if ($node !== null) {
+			$qb->andWhere($qb->expr()->eq('file_source', $qb->createNamedParameter($node->getId())));
+		}
+
+		if ($limit !== -1) {
+			$qb->setMaxResults($limit);
+		}
+
+		$qb->setFirstResult($offset);
+		$qb->orderBy('id');
+
+		$cursor = $qb->execute();
+		$shares = [];
+		while($data = $cursor->fetch()) {
+			$shares[] = $this->createShare($data);
+		}
+		$cursor->closeCursor();
+
+		return $shares;
+	}
+
+	/**
+	 * @inheritdoc
+	 */
+	public function getShareById($id, $recipientId = null) {
+		$qb = $this->dbConnection->getQueryBuilder();
+
+		$qb->select('*')
+			->from('share')
+			->where($qb->expr()->eq('id', $qb->createNamedParameter($id)))
+			->andWhere($qb->expr()->eq('share_type', $qb->createNamedParameter(self::SHARE_TYPE_REMOTE)));
+		
+		$cursor = $qb->execute();
+		$data = $cursor->fetch();
+		$cursor->closeCursor();
+
+		if ($data === false) {
+			throw new ShareNotFound();
+		}
+
+		try {
+			$share = $this->createShare($data);
+		} catch (InvalidShare $e) {
+			throw new ShareNotFound();
+		}
+
+		return $share;
+	}
+
+	/**
+	 * Get shares for a given path
+	 *
+	 * @param \OCP\Files\Node $path
+	 * @return IShare[]
+	 */
+	public function getSharesByPath(Node $path) {
+		$qb = $this->dbConnection->getQueryBuilder();
+
+		$cursor = $qb->select('*')
+			->from('share')
+			->andWhere($qb->expr()->eq('file_source', $qb->createNamedParameter($path->getId())))
+			->andWhere($qb->expr()->eq('share_type', $qb->createNamedParameter(self::SHARE_TYPE_REMOTE)))
+			->execute();
+
+		$shares = [];
+		while($data = $cursor->fetch()) {
+			$shares[] = $this->createShare($data);
+		}
+		$cursor->closeCursor();
+
+		return $shares;
+	}
+
+	/**
+	 * @inheritdoc
+	 */
+	public function getSharedWith($userId, $shareType, $node, $limit, $offset) {
+		/** @var IShare[] $shares */
+		$shares = [];
+
+		//Get shares directly with this user
+		$qb = $this->dbConnection->getQueryBuilder();
+		$qb->select('*')
+			->from('share');
+
+		// Order by id
+		$qb->orderBy('id');
+
+		// Set limit and offset
+		if ($limit !== -1) {
+			$qb->setMaxResults($limit);
+		}
+		$qb->setFirstResult($offset);
+
+		$qb->where($qb->expr()->eq('share_type', $qb->createNamedParameter(self::SHARE_TYPE_REMOTE)));
+		$qb->andWhere($qb->expr()->eq('share_with', $qb->createNamedParameter($userId)));
+
+		// Filter by node if provided
+		if ($node !== null) {
+			$qb->andWhere($qb->expr()->eq('file_source', $qb->createNamedParameter($node->getId())));
+		}
+
+		$cursor = $qb->execute();
+
+		while($data = $cursor->fetch()) {
+			$shares[] = $this->createShare($data);
+		}
+		$cursor->closeCursor();
+
+
+		return $shares;
+	}
+
+	/**
+	 * Get a share by token
+	 *
+	 * @param string $token
+	 * @return IShare
+	 * @throws ShareNotFound
+	 */
+	public function getShareByToken($token) {
+		$qb = $this->dbConnection->getQueryBuilder();
+
+		$cursor = $qb->select('*')
+			->from('share')
+			->where($qb->expr()->eq('share_type', $qb->createNamedParameter(self::SHARE_TYPE_REMOTE)))
+			->andWhere($qb->expr()->eq('token', $qb->createNamedParameter($token)))
+			->execute();
+
+		$data = $cursor->fetch();
+
+		if ($data === false) {
+			throw new ShareNotFound();
+		}
+
+		try {
+			$share = $this->createShare($data);
+		} catch (InvalidShare $e) {
+			throw new ShareNotFound();
+		}
+
+		return $share;
+	}
+
+	/**
+	 * get database row of a give share
+	 *
+	 * @param $id
+	 * @return array
+	 * @throws ShareNotFound
+	 */
+	private function getRawShare($id) {
+
+		// Now fetch the inserted share and create a complete share object
+		$qb = $this->dbConnection->getQueryBuilder();
+		$qb->select('*')
+			->from('share')
+			->where($qb->expr()->eq('id', $qb->createNamedParameter($id)));
+
+		$cursor = $qb->execute();
+		$data = $cursor->fetch();
+		$cursor->closeCursor();
+
+		if ($data === false) {
+			throw new ShareNotFound;
+		}
+
+		return $data;
+	}
+
+	/**
+	 * Create a share object from an database row
+	 *
+	 * @param array $data
+	 * @return IShare
+	 * @throws InvalidShare
+	 * @throws ShareNotFound
+	 */
+	private function createShare($data) {
+
+		$share = new Share($this->rootFolder);
+		$share->setId((int)$data['id'])
+			->setShareType((int)$data['share_type'])
+			->setPermissions((int)$data['permissions'])
+			->setTarget($data['file_target'])
+			->setMailSend((bool)$data['mail_send'])
+			->setToken($data['token']);
+
+		$shareTime = new \DateTime();
+		$shareTime->setTimestamp((int)$data['stime']);
+		$share->setShareTime($shareTime);
+		$share->setSharedWith($data['share_with']);
+
+		if ($data['uid_initiator'] !== null) {
+			$share->setShareOwner($data['uid_owner']);
+			$share->setSharedBy($data['uid_initiator']);
+		} else {
+			//OLD SHARE
+			$share->setSharedBy($data['uid_owner']);
+			$path = $this->getNode($share->getSharedBy(), (int)$data['file_source']);
+
+			$owner = $path->getOwner();
+			$share->setShareOwner($owner->getUID());
+		}
+
+		$share->setNodeId((int)$data['file_source']);
+		$share->setNodeType($data['item_type']);
+
+		$share->setProviderId($this->identifier());
+
+		return $share;
+	}
+
+	/**
+	 * Get the node with file $id for $user
+	 *
+	 * @param string $userId
+	 * @param int $id
+	 * @return \OCP\Files\File|\OCP\Files\Folder
+	 * @throws InvalidShare
+	 */
+	private function getNode($userId, $id) {
+		try {
+			$userFolder = $this->rootFolder->getUserFolder($userId);
+		} catch (NotFoundException $e) {
+			throw new InvalidShare();
+		}
+
+		$nodes = $userFolder->getById($id);
+
+		if (empty($nodes)) {
+			throw new InvalidShare();
+		}
+
+		return $nodes[0];
+	}
+
+}

apps/federatedfilesharing/lib/notifications.php

@@ -0,0 +1,144 @@
+<?php
+/**
+ * @author Björn Schießle <schiessle@owncloud.com>
+ *
+ * @copyright Copyright (c) 2016, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+
+namespace OCA\FederatedFileSharing;
+
+
+use OCP\Http\Client\IClientService;
+
+class Notifications {
+
+	const BASE_PATH_TO_SHARE_API = '/ocs/v1.php/cloud/shares';
+	const RESPONSE_FORMAT = 'json'; // default response format for ocs calls
+
+	/** @var AddressHandler */
+	private $addressHandler;
+
+	/** @var IClientService */
+	private $httpClientService;
+
+	/**
+	 * Notifications constructor.
+	 *
+	 * @param AddressHandler $addressHandler
+	 * @param IClientService $httpClientService
+	 */
+	public function __construct(
+		AddressHandler $addressHandler,
+		IClientService $httpClientService
+	) {
+		$this->addressHandler = $addressHandler;
+		$this->httpClientService = $httpClientService;
+	}
+
+	/**
+	 * send server-to-server share to remote server
+	 *
+	 * @param string $token
+	 * @param string $shareWith
+	 * @param string $name
+	 * @param int $remote_id
+	 * @param string $owner
+	 * @return bool
+	 */
+	public function sendRemoteShare($token, $shareWith, $name, $remote_id, $owner) {
+
+		list($user, $remote) = $this->addressHandler->splitUserRemote($shareWith);
+
+		if ($user && $remote) {
+			$url = $remote . self::BASE_PATH_TO_SHARE_API . '?format=' . self::RESPONSE_FORMAT;
+			$local = $this->addressHandler->generateRemoteURL();
+
+			$fields = array(
+				'shareWith' => $user,
+				'token' => $token,
+				'name' => $name,
+				'remoteId' => $remote_id,
+				'owner' => $owner,
+				'remote' => $local,
+			);
+
+			$url = $this->addressHandler->removeProtocolFromUrl($url);
+			$result = $this->tryHttpPost($url, $fields);
+			$status = json_decode($result['result'], true);
+
+			if ($result['success'] && $status['ocs']['meta']['statuscode'] === 100) {
+				\OC_Hook::emit('OCP\Share', 'federated_share_added', ['server' => $remote]);
+				return true;
+			}
+
+		}
+
+		return false;
+	}
+
+	/**
+	 * send server-to-server unshare to remote server
+	 *
+	 * @param string $remote url
+	 * @param int $id share id
+	 * @param string $token
+	 * @return bool
+	 */
+	public function sendRemoteUnShare($remote, $id, $token) {
+		$url = rtrim($remote, '/') . self::BASE_PATH_TO_SHARE_API . '/' . $id . '/unshare?format=' . self::RESPONSE_FORMAT;
+		$fields = array('token' => $token, 'format' => 'json');
+		$url = $this->addressHandler->removeProtocolFromUrl($url);
+		$result = $this->tryHttpPost($url, $fields);
+		$status = json_decode($result['result'], true);
+
+		return ($result['success'] && $status['ocs']['meta']['statuscode'] === 100);
+	}
+
+	/**
+	 * try http post first with https and then with http as a fallback
+	 *
+	 * @param string $url
+	 * @param array $fields post parameters
+	 * @return array
+	 */
+	private function tryHttpPost($url, array $fields) {
+		$client = $this->httpClientService->newClient();
+		$protocol = 'https://';
+		$result = [
+			'success' => false,
+			'result' => '',
+		];
+		$try = 0;
+		while ($result['success'] === false && $try < 2) {
+			try {
+				$response = $client->post($protocol . $url, [
+					'body' => $fields
+				]);
+				$result['result'] = $response->getBody();
+				$result['success'] = true;
+				break;
+			} catch (\Exception $e) {
+				$try++;
+				$protocol = 'http://';
+			}
+		}
+
+		return $result;
+	}
+
+}

apps/federatedfilesharing/lib/tokenhandler.php

@@ -0,0 +1,61 @@
+<?php
+/**
+ * @author Björn Schießle <schiessle@owncloud.com>
+ *
+ * @copyright Copyright (c) 2016, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+
+namespace OCA\FederatedFileSharing;
+
+
+use OCP\Security\ISecureRandom;
+
+/**
+ * Class TokenHandler
+ *
+ * @package OCA\FederatedFileSharing
+ */
+class TokenHandler {
+
+	const TOKEN_LENGTH = 15;
+
+	/** @var ISecureRandom */
+	private $secureRandom;
+
+	/**
+	 * TokenHandler constructor.
+	 *
+	 * @param ISecureRandom $secureRandom
+	 */
+	public function __construct(ISecureRandom $secureRandom) {
+		$this->secureRandom = $secureRandom;
+	}
+
+	/**
+	 * generate to token used to authenticate federated shares
+	 *
+	 * @return string
+	 */
+	public function generateToken() {
+		$token = $this->secureRandom->generate(
+			self::TOKEN_LENGTH,
+			ISecureRandom::CHAR_LOWER . ISecureRandom::CHAR_UPPER . ISecureRandom::CHAR_DIGITS);
+		return $token;
+	}
+
+}

apps/federatedfilesharing/tests/lib/addressHandlerTest.php

@@ -0,0 +1,198 @@
+<?php
+/**
+ * @author Björn Schießle <schiessle@owncloud.com>
+ *
+ * @copyright Copyright (c) 2016, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+
+namespace OCA\FederatedFileSharing\Tests\lib;
+
+
+use OCA\FederatedFileSharing\AddressHandler;
+use OCP\IL10N;
+use OCP\IURLGenerator;
+use Test\TestCase;
+
+class AddressHandlerTest extends TestCase {
+
+	/** @var  AddressHandler */
+	private $addressHandler;
+
+	/** @var  IURLGenerator | \PHPUnit_Framework_MockObject_MockObject */
+	private $urlGenerator;
+
+	/** @var  IL10N | \PHPUnit_Framework_MockObject_MockObject */
+	private $il10n;
+
+	public function setUp() {
+		parent::setUp();
+
+		$this->urlGenerator = $this->getMock('OCP\IURLGenerator');
+		$this->il10n = $this->getMock('OCP\IL10N');
+
+		$this->addressHandler = new AddressHandler($this->urlGenerator, $this->il10n);
+	}
+
+	public function dataTestSplitUserRemote() {
+		$userPrefix = ['user@name', 'username'];
+		$protocols = ['', 'http://', 'https://'];
+		$remotes = [
+			'localhost',
+			'local.host',
+			'dev.local.host',
+			'dev.local.host/path',
+			'dev.local.host/at@inpath',
+			'127.0.0.1',
+			'::1',
+			'::192.0.2.128',
+			'::192.0.2.128/at@inpath',
+		];
+
+		$testCases = [];
+		foreach ($userPrefix as $user) {
+			foreach ($remotes as $remote) {
+				foreach ($protocols as $protocol) {
+					$baseUrl = $user . '@' . $protocol . $remote;
+
+					$testCases[] = [$baseUrl, $user, $protocol . $remote];
+					$testCases[] = [$baseUrl . '/', $user, $protocol . $remote];
+					$testCases[] = [$baseUrl . '/index.php', $user, $protocol . $remote];
+					$testCases[] = [$baseUrl . '/index.php/s/token', $user, $protocol . $remote];
+				}
+			}
+		}
+		return $testCases;
+	}
+
+	/**
+	 * @dataProvider dataTestSplitUserRemote
+	 *
+	 * @param string $remote
+	 * @param string $expectedUser
+	 * @param string $expectedUrl
+	 */
+	public function testSplitUserRemote($remote, $expectedUser, $expectedUrl) {
+		list($remoteUser, $remoteUrl) = $this->addressHandler->splitUserRemote($remote);
+		$this->assertSame($expectedUser, $remoteUser);
+		$this->assertSame($expectedUrl, $remoteUrl);
+	}
+
+	public function dataTestSplitUserRemoteError() {
+		return array(
+			// Invalid path
+			array('user@'),
+
+			// Invalid user
+			array('@server'),
+			array('us/er@server'),
+			array('us:er@server'),
+
+			// Invalid splitting
+			array('user'),
+			array(''),
+			array('us/erserver'),
+			array('us:erserver'),
+		);
+	}
+
+	/**
+	 * @dataProvider dataTestSplitUserRemoteError
+	 *
+	 * @param string $id
+	 * @expectedException \OC\HintException
+	 */
+	public function testSplitUserRemoteError($id) {
+		$this->addressHandler->splitUserRemote($id);
+	}
+
+	/**
+	 * @dataProvider dataTestCompareAddresses
+	 *
+	 * @param string $user1
+	 * @param string $server1
+	 * @param string $user2
+	 * @param string $server2
+	 * @param bool $expected
+	 */
+	public function testCompareAddresses($user1, $server1, $user2, $server2, $expected) {
+		$this->assertSame($expected,
+			$this->addressHandler->compareAddresses($user1, $server1, $user2, $server2)
+		);
+	}
+
+	public function dataTestCompareAddresses() {
+		return [
+			['user1', 'http://server1', 'user1', 'http://server1', true],
+			['user1', 'https://server1', 'user1', 'http://server1', true],
+			['user1', 'http://serVer1', 'user1', 'http://server1', true],
+			['user1', 'http://server1/',  'user1', 'http://server1', true],
+			['user1', 'server1', 'user1', 'http://server1', true],
+			['user1', 'http://server1', 'user1', 'http://server2', false],
+			['user1', 'https://server1', 'user1', 'http://server2', false],
+			['user1', 'http://serVer1', 'user1', 'http://serer2', false],
+			['user1', 'http://server1/', 'user1', 'http://server2', false],
+			['user1', 'server1', 'user1', 'http://server2', false],
+			['user1', 'http://server1', 'user2', 'http://server1', false],
+			['user1', 'https://server1', 'user2', 'http://server1', false],
+			['user1', 'http://serVer1', 'user2', 'http://server1', false],
+			['user1', 'http://server1/',  'user2', 'http://server1', false],
+			['user1', 'server1', 'user2', 'http://server1', false],
+		];
+	}
+
+	/**
+	 * @dataProvider dataTestRemoveProtocolFromUrl
+	 *
+	 * @param string $url
+	 * @param string $expectedResult
+	 */
+	public function testRemoveProtocolFromUrl($url, $expectedResult) {
+		$result = $this->addressHandler->removeProtocolFromUrl($url);
+		$this->assertSame($expectedResult, $result);
+	}
+
+	public function dataTestRemoveProtocolFromUrl() {
+		return [
+			['http://owncloud.org', 'owncloud.org'],
+			['https://owncloud.org', 'owncloud.org'],
+			['owncloud.org', 'owncloud.org'],
+		];
+	}
+
+	/**
+	 * @dataProvider dataTestFixRemoteUrl
+	 *
+	 * @param string $url
+	 * @param string $expected
+	 */
+	public function testFixRemoteUrl($url, $expected) {
+		$this->assertSame($expected,
+			$this->invokePrivate($this->addressHandler, 'fixRemoteURL', [$url])
+		);
+	}
+
+	public function dataTestFixRemoteUrl() {
+		return [
+			['http://localhost', 'http://localhost'],
+			['http://localhost/', 'http://localhost'],
+			['http://localhost/index.php', 'http://localhost'],
+			['http://localhost/index.php/s/AShareToken', 'http://localhost'],
+		];
+	}
+
+}

apps/federatedfilesharing/tests/lib/tokenHandlerTest.php

@@ -0,0 +1,62 @@
+<?php
+/**
+ * @author Björn Schießle <schiessle@owncloud.com>
+ *
+ * @copyright Copyright (c) 2016, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+
+namespace OCA\FederatedFileSharing\Tests\lib;
+
+
+use OCA\FederatedFileSharing\TokenHandler;
+use OCP\Security\ISecureRandom;
+use Test\TestCase;
+
+class TokenHandlerTest extends TestCase {
+
+	/** @var  TokenHandler */
+	private $tokenHandler;
+
+	/** @var  ISecureRandom | \PHPUnit_Framework_MockObject_MockObject */
+	private $secureRandom;
+
+	/** @var int */
+	private $expectedTokenLength = 15;
+
+	public function setUp() {
+		parent::setUp();
+
+		$this->secureRandom = $this->getMock('OCP\Security\ISecureRandom');
+
+		$this->tokenHandler = new TokenHandler($this->secureRandom);
+	}
+
+	public function testGenerateToken() {
+
+		$this->secureRandom->expects($this->once())->method('generate')
+			->with(
+				$this->expectedTokenLength,
+				ISecureRandom::CHAR_LOWER . ISecureRandom::CHAR_UPPER . ISecureRandom::CHAR_DIGITS
+			)
+			->willReturn(true);
+
+		$this->assertTrue($this->tokenHandler->generateToken());
+
+	}
+
+}

core/shipped.json

@@ -35,7 +35,8 @@
     "user_ldap",
     "user_shibboleth",
     "windows_network_drive",
-    "workflow"
+    "workflow",
+    "federatedfilesharing"
   ],
   "alwaysEnabled": [
     "files",

tests/enable_all.php

@@ -23,3 +23,4 @@ enableApp('user_ldap');
 enableApp('files_versions');
 enableApp('provisioning_api');
 enableApp('federation');
+enableApp('federatedfilesharing');