Added remote wipe option when unlinking a device.

2025-09-14 14:21:23 +00:00 · 2016-05-07 11:45:47 +08:00
parent 7514c587d5
commit 7dc7034de4
10 changed files with 93 additions and 13 deletions
--- a/seahub/api2/authentication.py
+++ b/seahub/api2/authentication.py
@@ -7,7 +7,7 @@ from rest_framework.exceptions import APIException
 import seaserv
 from seahub.base.accounts import User
 from seahub.constants import GUEST_USER
-from seahub.api2.models import Token, TokenV2
+from seahub.api2.models import Token, TokenV2, WipedDevice
 from seahub.api2.utils import get_client_ip
 from seahub.utils import within_time_range
 try:
@@ -28,6 +28,8 @@ class AuthenticationFailed(APIException):
    def __init__(self, detail=None):
        self.detail = detail or self.default_detail

+class DeviceRemoteWipedException(AuthenticationFailed):
+    pass

 class TokenAuthentication(BaseAuthentication):
    """
@@ -98,7 +100,15 @@ class TokenAuthentication(BaseAuthentication):
        try:
            token = TokenV2.objects.get(key=key)
        except TokenV2.DoesNotExist:
-            return None         # Continue authentication in token v1
+            try:
+                token = WipedDevice.objects.get(key=key)
+            except WipedDevice.DoesNotExist:
+                pass
+            else:
+                raise DeviceRemoteWipedException('Device set to be remote wiped')
+
+            # Continue authentication in token v1
+            return None

        try:
            user = User.objects.get(email=token.user)
--- a/seahub/api2/base.py
+++ b/seahub/api2/base.py
@@ -0,0 +1,25 @@
+#coding: UTF-8
+
+from rest_framework.views import APIView as RestFrameworkAPIView
+
+from seahub.api2.authentication import DeviceRemoteWipedException
+
+class APIView(RestFrameworkAPIView):
+    """
+    Subclass restframework's APIView to implement some custom feature like
+    adding a `X-Seafile-Wiped` header if the current client device has been
+    marked to be remote wiped by the user.
+    """
+    def __init__(self, *a, **kw):
+        super(APIView, self).__init__(*a, **kw)
+        self._seafile_exc = None
+
+    def handle_exception(self, exc):
+        self._seafile_exc = exc
+        return super(APIView, self).handle_exception(exc)
+
+    def dispatch(self, *a, **kw):
+        response = super(APIView, self).dispatch(*a, **kw)
+        if self._seafile_exc and isinstance(self._seafile_exc, DeviceRemoteWipedException):
+            response['X-Seafile-Wiped'] = 'true'
+        return response
--- a/seahub/api2/models.py
+++ b/seahub/api2/models.py
@@ -1,7 +1,8 @@
 import uuid
 import hmac
+import datetime
 from hashlib import sha1
-from django.db import models
+from django.db import models, transaction

 from seahub.base.fields import LowerCaseCharField

@@ -101,6 +102,14 @@ class TokenV2Manager(models.Manager):
    def delete_device_token(self, username, platform, device_id):
        super(TokenV2Manager, self).filter(user=username, platform=platform, device_id=device_id).delete()

+    def mark_device_to_be_remote_wiped(self, username, platform, device_id):
+        token = self._get_token_by_user_device(username, platform, device_id)
+        if not token:
+            return
+        with transaction.atomic():
+            wiped_device = WipedDevice(key=token.key)
+            wiped_device.save()
+            token.delete()

 class TokenV2(models.Model):
    """
@@ -162,3 +171,8 @@ class TokenV2(models.Model):
                    platform_version=self.platform_version,
                    last_accessed=self.last_accessed,
                    last_login_ip=self.last_login_ip)
+
+class WipedDevice(models.Model):
+    key = models.CharField(max_length=40, primary_key=True)
+
+    wiped_at = models.DateTimeField(auto_now=True)
--- a/seahub/api2/urls.py
+++ b/seahub/api2/urls.py
@@ -23,6 +23,7 @@ urlpatterns = patterns('',
    url(r'^server-info/$', ServerInfoView.as_view()),
    url(r'^logout-device/$', LogoutDeviceView.as_view()),
    url(r'^client-login/$', ClientLoginTokenView.as_view()),
+    url(r'^device-wiped/$', RemoteWipeReportView.as_view()),

    # RESTful API
    url(r'^accounts/$', Accounts.as_view(), name="accounts"),
--- a/seahub/api2/views.py
+++ b/seahub/api2/views.py
@@ -16,7 +16,6 @@ from rest_framework.authentication import SessionAuthentication
 from rest_framework.permissions import IsAuthenticated, IsAdminUser
 from rest_framework.reverse import reverse
 from rest_framework.response import Response
-from rest_framework.views import APIView

 from django.contrib.auth.hashers import check_password
 from django.contrib.sites.models import RequestSite
@@ -40,6 +39,7 @@ from .utils import get_diff_details, \
    api_repo_user_folder_perm_check, api_repo_setting_permission_check, \
    api_repo_group_folder_perm_check

+from seahub.api2.base import APIView
 from seahub.avatar.templatetags.avatar_tags import api_avatar_url, avatar
 from seahub.avatar.templatetags.group_avatar_tags import api_grp_avatar_url, \
        grp_avatar
@@ -1914,6 +1914,7 @@ class DevicesView(APIView):

        platform = request.data.get('platform', '')
        device_id = request.data.get('device_id', '')
+        remote_wipe = request.data.get('wipe_device', '')

        if not platform:
            error_msg = 'platform invalid.'
@@ -1924,7 +1925,10 @@ class DevicesView(APIView):
            return api_error(status.HTTP_400_BAD_REQUEST, error_msg)

        try:
-            do_unlink_device(request.user.username, platform, device_id)
+            do_unlink_device(request.user.username,
+                             platform,
+                             device_id,
+                             remote_wipe=remote_wipe)
        except SearpcError as e:
            logger.error(e)
            error_msg = 'Internal Server Error'
@@ -4534,3 +4538,20 @@ class RepoGroupFolderPerm(APIView):
            logger.error(e)
            error_msg = 'Internal Server Error'
            return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
+
+class RemoteWipeReportView(APIView):
+    throttle_classes = (UserRateThrottle,)
+
+    @json_response
+    def post(self, request):
+        from seahub.api2.models import WipedDevice
+        token = request.POST.get('token', '')
+        if not token or len(token) != 40:
+            return api_error(status.HTTP_400_BAD_REQUEST, "device token is missing")
+        try:
+            entry = WipedDevice.objects.get(key=token)
+            entry.delete()
+        except WipedDevice.DoesNotExist:
+            return api_error(status.HTTP_400_BAD_REQUEST, "invalid device token")
+
+        return {}
--- a/seahub/api2/views_auth.py
+++ b/seahub/api2/views_auth.py
@@ -1,9 +1,9 @@
 from rest_framework import status
-from rest_framework.views import APIView
 from rest_framework.permissions import IsAuthenticated

 from seaserv import seafile_api
 from seahub import settings
+from seahub.api2.base import APIView
 from seahub.api2.throttling import AnonRateThrottle, UserRateThrottle
 from seahub.api2.utils import json_response, api_error
 from seahub.api2.authentication import TokenAuthentication
--- a/seahub/api2/views_misc.py
+++ b/seahub/api2/views_misc.py
@@ -1,5 +1,4 @@
-from rest_framework.views import APIView
-
+from seahub.api2.base import APIView
 from seahub.api2.utils import json_response, is_seafile_pro
 from seahub import settings
 from seahub.utils import HAS_OFFICE_CONVERTER, HAS_FILE_SEARCH
--- a/seahub/utils/devices.py
+++ b/seahub/utils/devices.py
@@ -68,7 +68,7 @@ def get_user_synced_repo_infos(username):

    return ret

-def do_unlink_device(username, platform, device_id):
+def do_unlink_device(username, platform, device_id, remote_wipe=False):
    if platform in DESKTOP_PLATFORMS:
        # For desktop client, we also remove the sync tokens
        msg = 'failed to delete_repo_tokens_by_peer_id'
@@ -80,4 +80,7 @@ def do_unlink_device(username, platform, device_id):
            logger.exception(msg)
            raise

+    if remote_wipe:
+        TokenV2.objects.mark_device_to_be_remote_wiped(username, platform, device_id)
+    else:
        TokenV2.objects.delete_device_token(username, platform, device_id)
--- a/static/scripts/app/models/device.js
+++ b/static/scripts/app/models/device.js
@@ -11,6 +11,9 @@ define([
                'platform': this.get('platform'),
                'device_id': this.get('device_id')
            };
+            if (options.wipe_device) {
+                data['wipe_device'] = 'true';
+            }

            $.ajax({
                url: Common.getUrl({name: 'devices'}),
--- a/static/scripts/app/views/device.js
+++ b/static/scripts/app/views/device.js
@@ -73,9 +73,13 @@ define([
                device_name = this.model.get('device_name');
            var title = gettext('Unlink device');
            var content = gettext('Are you sure you want to unlink this device?');
+            var extraOption = gettext('Delete files from this device the next time it comes online.');

-            var yesCallback = function () {
+            var yesCallback = function (wipe_device) {
+                console.log('wipe_device = ' + wipe_device);
                _this.model.unlink({
+                    wipe_device: wipe_device,
+
                    success: function() {
                        _this.remove();

@@ -92,7 +96,7 @@ define([
                });
                return false;
            };
-            Common.showConfirm(title, content, yesCallback);
+            Common.showConfirmWithExtraOption(title, content, extraOption, yesCallback);
        }
    });