Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Allow password protected folder shares (fix #165)
- Loading branch information
Showing
5 changed files
with
218 additions
and
49 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,163 @@ | ||
<?php | ||
|
||
namespace OCA\Memories\Controller; | ||
|
||
use OCA\Files\Event\LoadSidebar; | ||
use OCP\App\IAppManager; | ||
use OCP\AppFramework\AuthPublicShareController; | ||
use OCP\AppFramework\Http\ContentSecurityPolicy; | ||
use OCP\AppFramework\Http\TemplateResponse; | ||
use OCP\AppFramework\Services\IInitialState; | ||
use OCP\EventDispatcher\IEventDispatcher; | ||
use OCP\Files\NotFoundException; | ||
use OCP\IConfig; | ||
use OCP\IRequest; | ||
use OCP\ISession; | ||
use OCP\IURLGenerator; | ||
use OCP\IUserManager; | ||
use OCP\Share\IManager as IShareManager; | ||
use OCP\Share\IShare; | ||
use OCP\Util; | ||
|
||
class PublicController extends AuthPublicShareController | ||
{ | ||
protected $appName; | ||
protected IEventDispatcher $eventDispatcher; | ||
protected IInitialState $initialState; | ||
protected IShareManager $shareManager; | ||
protected IUserManager $userManager; | ||
protected IAppManager $appManager; | ||
protected IConfig $config; | ||
|
||
protected IShare $share; | ||
|
||
public function __construct( | ||
string $AppName, | ||
IRequest $request, | ||
ISession $session, | ||
IURLGenerator $urlGenerator, | ||
IEventDispatcher $eventDispatcher, | ||
IInitialState $initialState, | ||
IShareManager $shareManager, | ||
IUserManager $userManager, | ||
IAppManager $appManager, | ||
IConfig $config | ||
) { | ||
parent::__construct($AppName, $request, $session, $urlGenerator); | ||
$this->eventDispatcher = $eventDispatcher; | ||
$this->initialState = $initialState; | ||
$this->shareManager = $shareManager; | ||
$this->userManager = $userManager; | ||
$this->appManager = $appManager; | ||
$this->config = $config; | ||
} | ||
|
||
/** | ||
* @PublicPage | ||
* | ||
* @NoCSRFRequired | ||
* | ||
* Show the authentication page | ||
* The form has to submit to the authenticate method route | ||
*/ | ||
public function showAuthenticate(): TemplateResponse | ||
{ | ||
$templateParameters = ['share' => $this->share]; | ||
|
||
return new TemplateResponse('core', 'publicshareauth', $templateParameters, 'guest'); | ||
} | ||
|
||
public function isValidToken(): bool | ||
{ | ||
try { | ||
$this->share = $this->shareManager->getShareByToken($this->getToken()); | ||
|
||
return true; | ||
} catch (\Exception $e) { | ||
return false; | ||
} | ||
} | ||
|
||
/** | ||
* @PublicPage | ||
* | ||
* @NoCSRFRequired | ||
*/ | ||
public function showShare(): TemplateResponse | ||
{ | ||
\OC_User::setIncognitoMode(true); | ||
|
||
// Check whether share exists | ||
try { | ||
$share = $this->shareManager->getShareByToken($this->getToken()); | ||
} catch (\Exception $e) { | ||
throw new NotFoundException(); | ||
} | ||
|
||
if (!$this->validateShare($share)) { | ||
throw new NotFoundException(); | ||
} | ||
|
||
// Scripts | ||
Util::addScript($this->appName, 'memories-main'); | ||
$this->eventDispatcher->dispatchTyped(new LoadSidebar()); | ||
|
||
// App version | ||
$this->initialState->provideInitialState('version', $this->appManager->getAppInfo('memories')['version']); | ||
|
||
$policy = new ContentSecurityPolicy(); | ||
$policy->addAllowedWorkerSrcDomain("'self'"); | ||
$policy->addAllowedScriptDomain("'self'"); | ||
|
||
$response = new TemplateResponse($this->appName, 'main'); | ||
$response->setContentSecurityPolicy($policy); | ||
|
||
return $response; | ||
} | ||
|
||
protected function showAuthFailed(): TemplateResponse | ||
{ | ||
$templateParameters = ['share' => $this->share, 'wrongpw' => true]; | ||
|
||
return new TemplateResponse('core', 'publicshareauth', $templateParameters, 'guest'); | ||
} | ||
|
||
protected function verifyPassword(string $password): bool | ||
{ | ||
return $this->shareManager->checkPassword($this->share, $password); | ||
} | ||
|
||
protected function getPasswordHash(): string | ||
{ | ||
return $this->share->getPassword(); | ||
} | ||
|
||
protected function isPasswordProtected(): bool | ||
{ | ||
return null !== $this->share->getPassword(); | ||
} | ||
|
||
/** | ||
* Validate the permissions of the share. | ||
* | ||
* @param Share\IShare $share | ||
* | ||
* @return bool | ||
*/ | ||
private function validateShare(IShare $share) | ||
{ | ||
// If the owner is disabled no access to the linke is granted | ||
$owner = $this->userManager->get($share->getShareOwner()); | ||
if (null === $owner || !$owner->isEnabled()) { | ||
return false; | ||
} | ||
|
||
// If the initiator of the share is disabled no access is granted | ||
$initiator = $this->userManager->get($share->getSharedBy()); | ||
if (null === $initiator || !$initiator->isEnabled()) { | ||
return false; | ||
} | ||
|
||
return $share->getNode()->isReadable() && $share->getNode()->isShareable(); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters