2014-10-15 13:58:44 +04:00
< ? php
/**
2016-07-21 17:49:16 +03:00
* @ copyright Copyright ( c ) 2016 , ownCloud , Inc .
*
2016-05-26 20:56:05 +03:00
* @ author Arthur Schiwon < blizzz @ arthur - schiwon . de >
2016-07-21 17:49:16 +03:00
* @ author Bjoern Schiessle < bjoern @ schiessle . org >
2016-05-26 20:56:05 +03:00
* @ author Björn Schießle < bjoern @ schiessle . org >
2017-11-06 22:15:27 +03:00
* @ author Georg Ehrke < oc . list @ georgehrke . com >
2016-07-21 17:49:16 +03:00
* @ author Joas Schilling < coding @ schilljs . com >
2016-05-26 20:56:05 +03:00
* @ author Lukas Reschke < lukas @ statuscode . ch >
2017-11-06 17:56:42 +03:00
* @ author Maxence Lange < maxence @ pontapreta . net >
2015-03-26 13:44:34 +03:00
* @ author Morris Jobke < hey @ morrisjobke . de >
2016-05-26 20:56:05 +03:00
* @ author Piotr Filiciak < piotr @ filiciak . pl >
2016-07-21 19:13:36 +03:00
* @ author Robin Appelman < robin @ icewind . nl >
2016-07-21 17:49:16 +03:00
* @ author Roeland Jago Douma < roeland @ famdouma . nl >
2017-11-06 17:56:42 +03:00
* @ author Sascha Sambale < mastixmc @ gmail . com >
* @ author Thomas Müller < thomas . mueller @ tmit . eu >
2015-10-26 15:54:55 +03:00
* @ author Vincent Petry < pvince81 @ owncloud . com >
2015-03-26 13:44:34 +03:00
*
* @ license AGPL - 3.0
*
* This code is free software : you can redistribute it and / or modify
* it under the terms of the GNU Affero General Public License , version 3 ,
* as published by the Free Software Foundation .
*
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU Affero General Public License for more details .
*
* You should have received a copy of the GNU Affero General Public License , version 3 ,
* along with this program . If not , see < http :// www . gnu . org / licenses />
2014-10-15 13:58:44 +04:00
*
*/
2015-02-26 13:37:37 +03:00
2016-10-24 12:46:25 +03:00
namespace OCA\Files_Sharing\Controller ;
2014-10-15 13:58:44 +04:00
2018-10-22 11:57:55 +03:00
use OC\Security\CSP\ContentSecurityPolicy ;
2014-10-15 13:58:44 +04:00
use OC_Files ;
use OC_Util ;
2016-04-18 19:17:08 +03:00
use OCA\FederatedFileSharing\FederatedShareProvider ;
2018-05-18 13:29:10 +03:00
use OCP\AppFramework\AuthPublicShareController ;
2018-01-25 20:53:09 +03:00
use OCP\AppFramework\Http\Template\SimpleMenuAction ;
2018-04-05 12:09:19 +03:00
use OCP\AppFramework\Http\Template\ExternalShareMenuAction ;
use OCP\AppFramework\Http\Template\LinkMenuAction ;
2018-01-25 20:53:09 +03:00
use OCP\AppFramework\Http\Template\PublicTemplateResponse ;
2016-07-22 17:13:26 +03:00
use OCP\Defaults ;
use OCP\IL10N ;
2014-10-15 13:58:44 +04:00
use OCP\Template ;
use OCP\Share ;
use OCP\IRequest ;
use OCP\AppFramework\Http\TemplateResponse ;
2015-03-24 13:21:58 +03:00
use OCP\AppFramework\Http\NotFoundResponse ;
2016-01-15 11:41:51 +03:00
use OCP\IURLGenerator ;
use OCP\IConfig ;
2014-10-15 13:58:44 +04:00
use OCP\ILogger ;
2016-01-15 11:41:51 +03:00
use OCP\IUserManager ;
use OCP\ISession ;
use OCP\IPreview ;
2016-11-16 14:09:41 +03:00
use OCA\Files_Sharing\Activity\Providers\Downloads ;
2018-05-18 13:29:10 +03:00
use OCP\Files\NotFoundException ;
2016-01-15 13:49:50 +03:00
use OCP\Files\IRootFolder ;
2016-02-02 16:07:11 +03:00
use OCP\Share\Exceptions\ShareNotFound ;
2016-07-15 16:01:14 +03:00
use Symfony\Component\EventDispatcher\EventDispatcherInterface ;
Add event to load additional scripts in the auth page for public shares
Before the public share authentication page is rendered now an event to
load additional scripts is dispatched. Thanks to this any app can load
its own scripts that, when run on the browser, adjust as needed the page
generated by the server.
Note, however, that during the handling of the event apps are only able
to add scripts or styles to be loaded; they can not render arbitrary
content on the page, or change how the content is rendered by the
original template; all those changes have to be done by the scripts at
run-time.
This implies that the scripts of the apps can use only those parameters,
like the token of the share, added to the page when it is generated by
the "publicshareauth" template. Due to this, and given that the event is
being introduced to be used by Talk to inject the UI needed to request
the password for a share, the token of the share is now provided in the
generated page, just like done in the public share page.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-07-12 15:52:36 +03:00
use Symfony\Component\EventDispatcher\GenericEvent ;
2018-05-18 13:29:10 +03:00
use OCP\Share\IManager as ShareManager ;
2014-10-15 13:58:44 +04:00
/**
* Class ShareController
*
* @ package OCA\Files_Sharing\Controllers
*/
2018-05-18 13:29:10 +03:00
class ShareController extends AuthPublicShareController {
2014-10-15 13:58:44 +04:00
2016-01-15 11:41:51 +03:00
/** @var IConfig */
2014-10-15 13:58:44 +04:00
protected $config ;
2016-01-15 11:41:51 +03:00
/** @var IUserManager */
2014-10-15 13:58:44 +04:00
protected $userManager ;
2016-01-15 11:41:51 +03:00
/** @var ILogger */
2014-10-15 13:58:44 +04:00
protected $logger ;
2016-07-18 14:34:18 +03:00
/** @var \OCP\Activity\IManager */
2014-12-22 14:35:50 +03:00
protected $activityManager ;
2016-01-15 11:41:51 +03:00
/** @var IPreview */
2016-01-15 10:11:11 +03:00
protected $previewManager ;
2016-01-15 13:49:50 +03:00
/** @var IRootFolder */
protected $rootFolder ;
2016-04-18 19:17:08 +03:00
/** @var FederatedShareProvider */
protected $federatedShareProvider ;
2016-07-15 16:01:14 +03:00
/** @var EventDispatcherInterface */
protected $eventDispatcher ;
2016-07-22 17:13:26 +03:00
/** @var IL10N */
protected $l10n ;
/** @var Defaults */
protected $defaults ;
2018-05-18 13:29:10 +03:00
/** @var ShareManager */
protected $shareManager ;
/** @var Share\IShare */
protected $share ;
2014-10-15 13:58:44 +04:00
/**
* @ param string $appName
* @ param IRequest $request
2016-01-15 11:41:51 +03:00
* @ param IConfig $config
* @ param IURLGenerator $urlGenerator
* @ param IUserManager $userManager
2014-10-15 13:58:44 +04:00
* @ param ILogger $logger
2016-07-18 14:34:18 +03:00
* @ param \OCP\Activity\IManager $activityManager
2016-02-09 12:36:44 +03:00
* @ param \OCP\Share\IManager $shareManager
2016-01-15 11:41:51 +03:00
* @ param ISession $session
* @ param IPreview $previewManager
2016-01-20 12:14:03 +03:00
* @ param IRootFolder $rootFolder
2016-04-18 19:17:08 +03:00
* @ param FederatedShareProvider $federatedShareProvider
2016-07-15 16:01:14 +03:00
* @ param EventDispatcherInterface $eventDispatcher
2016-07-22 17:13:26 +03:00
* @ param IL10N $l10n
2017-04-07 23:42:43 +03:00
* @ param Defaults $defaults
2014-10-15 13:58:44 +04:00
*/
2018-06-14 11:20:10 +03:00
public function __construct ( string $appName ,
2014-10-15 13:58:44 +04:00
IRequest $request ,
2016-01-15 11:41:51 +03:00
IConfig $config ,
IURLGenerator $urlGenerator ,
IUserManager $userManager ,
2014-12-22 14:35:50 +03:00
ILogger $logger ,
2016-01-15 11:41:51 +03:00
\OCP\Activity\IManager $activityManager ,
2018-05-18 13:29:10 +03:00
ShareManager $shareManager ,
2016-01-15 11:41:51 +03:00
ISession $session ,
2016-01-15 13:49:50 +03:00
IPreview $previewManager ,
2016-04-18 19:17:08 +03:00
IRootFolder $rootFolder ,
2016-07-15 16:01:14 +03:00
FederatedShareProvider $federatedShareProvider ,
2016-07-22 17:13:26 +03:00
EventDispatcherInterface $eventDispatcher ,
IL10N $l10n ,
2017-04-07 23:42:43 +03:00
Defaults $defaults ) {
2018-05-18 13:29:10 +03:00
parent :: __construct ( $appName , $request , $session , $urlGenerator );
2014-10-15 13:58:44 +04:00
$this -> config = $config ;
$this -> userManager = $userManager ;
$this -> logger = $logger ;
2014-12-22 14:35:50 +03:00
$this -> activityManager = $activityManager ;
2016-01-15 10:11:11 +03:00
$this -> previewManager = $previewManager ;
2016-01-15 13:49:50 +03:00
$this -> rootFolder = $rootFolder ;
2016-04-18 19:17:08 +03:00
$this -> federatedShareProvider = $federatedShareProvider ;
2016-07-15 16:01:14 +03:00
$this -> eventDispatcher = $eventDispatcher ;
2016-07-22 17:13:26 +03:00
$this -> l10n = $l10n ;
$this -> defaults = $defaults ;
2018-05-18 13:29:10 +03:00
$this -> shareManager = $shareManager ;
2014-10-15 13:58:44 +04:00
}
Add event to load additional scripts in the auth page for public shares
Before the public share authentication page is rendered now an event to
load additional scripts is dispatched. Thanks to this any app can load
its own scripts that, when run on the browser, adjust as needed the page
generated by the server.
Note, however, that during the handling of the event apps are only able
to add scripts or styles to be loaded; they can not render arbitrary
content on the page, or change how the content is rendered by the
original template; all those changes have to be done by the scripts at
run-time.
This implies that the scripts of the apps can use only those parameters,
like the token of the share, added to the page when it is generated by
the "publicshareauth" template. Due to this, and given that the event is
being introduced to be used by Talk to inject the UI needed to request
the password for a share, the token of the share is now provided in the
generated page, just like done in the public share page.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-07-12 15:52:36 +03:00
/**
* @ PublicPage
* @ NoCSRFRequired
*
* Show the authentication page
* The form has to submit to the authenticate method route
*/
public function showAuthenticate () : TemplateResponse {
$templateParameters = [ 'share' => $this -> share ];
$event = new GenericEvent ( null , $templateParameters );
$this -> eventDispatcher -> dispatch ( 'OCA\Files_Sharing::loadAdditionalScripts::publicShareAuth' , $event );
2018-10-22 11:57:55 +03:00
$response = new TemplateResponse ( 'core' , 'publicshareauth' , $templateParameters , 'guest' );
if ( $this -> share -> getSendPasswordByTalk ()) {
$csp = new ContentSecurityPolicy ();
$csp -> addAllowedConnectDomain ( '*' );
$csp -> addAllowedMediaDomain ( 'blob:' );
$csp -> allowEvalScript ( true );
$response -> setContentSecurityPolicy ( $csp );
}
return $response ;
Add event to load additional scripts in the auth page for public shares
Before the public share authentication page is rendered now an event to
load additional scripts is dispatched. Thanks to this any app can load
its own scripts that, when run on the browser, adjust as needed the page
generated by the server.
Note, however, that during the handling of the event apps are only able
to add scripts or styles to be loaded; they can not render arbitrary
content on the page, or change how the content is rendered by the
original template; all those changes have to be done by the scripts at
run-time.
This implies that the scripts of the apps can use only those parameters,
like the token of the share, added to the page when it is generated by
the "publicshareauth" template. Due to this, and given that the event is
being introduced to be used by Talk to inject the UI needed to request
the password for a share, the token of the share is now provided in the
generated page, just like done in the public share page.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-07-12 15:52:36 +03:00
}
/**
* The template to show when authentication failed
*/
protected function showAuthFailed () : TemplateResponse {
$templateParameters = [ 'share' => $this -> share , 'wrongpw' => true ];
$event = new GenericEvent ( null , $templateParameters );
$this -> eventDispatcher -> dispatch ( 'OCA\Files_Sharing::loadAdditionalScripts::publicShareAuth' , $event );
2018-10-22 11:57:55 +03:00
$response = new TemplateResponse ( 'core' , 'publicshareauth' , $templateParameters , 'guest' );
if ( $this -> share -> getSendPasswordByTalk ()) {
$csp = new ContentSecurityPolicy ();
$csp -> addAllowedConnectDomain ( '*' );
$csp -> addAllowedMediaDomain ( 'blob:' );
$csp -> allowEvalScript ( true );
$response -> setContentSecurityPolicy ( $csp );
}
return $response ;
Add event to load additional scripts in the auth page for public shares
Before the public share authentication page is rendered now an event to
load additional scripts is dispatched. Thanks to this any app can load
its own scripts that, when run on the browser, adjust as needed the page
generated by the server.
Note, however, that during the handling of the event apps are only able
to add scripts or styles to be loaded; they can not render arbitrary
content on the page, or change how the content is rendered by the
original template; all those changes have to be done by the scripts at
run-time.
This implies that the scripts of the apps can use only those parameters,
like the token of the share, added to the page when it is generated by
the "publicshareauth" template. Due to this, and given that the event is
being introduced to be used by Talk to inject the UI needed to request
the password for a share, the token of the share is now provided in the
generated page, just like done in the public share page.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-07-12 15:52:36 +03:00
}
2018-05-18 13:29:10 +03:00
protected function verifyPassword ( string $password ) : bool {
return $this -> shareManager -> checkPassword ( $this -> share , $password );
}
protected function getPasswordHash () : string {
return $this -> share -> getPassword ();
}
2014-10-15 13:58:44 +04:00
2018-05-18 13:29:10 +03:00
public function isValidToken () : bool {
try {
$this -> share = $this -> shareManager -> getShareByToken ( $this -> getToken ());
} catch ( ShareNotFound $e ) {
return false ;
2014-10-15 13:58:44 +04:00
}
2018-05-18 13:29:10 +03:00
return true ;
}
protected function isPasswordProtected () : bool {
return $this -> share -> getPassword () !== null ;
}
protected function authSucceeded () {
// For share this was always set so it is still used in other apps
$this -> session -> set ( 'public_link_authenticated' , ( string ) $this -> share -> getId ());
2014-10-15 13:58:44 +04:00
}
2018-06-14 11:20:10 +03:00
protected function authFailed () {
$this -> emitAccessShareHook ( $this -> share , 403 , 'Wrong password' );
2016-01-15 10:11:11 +03:00
}
2016-02-09 02:34:10 +03:00
/**
* throws hooks when a share is attempted to be accessed
*
2016-02-09 12:36:44 +03:00
* @ param \OCP\Share\IShare | string $share the Share instance if available ,
2016-02-09 02:34:10 +03:00
* otherwise token
* @ param int $errorCode
* @ param string $errorMessage
2016-07-18 14:34:18 +03:00
* @ throws \OC\HintException
* @ throws \OC\ServerNotAvailableException
2016-02-09 02:34:10 +03:00
*/
protected function emitAccessShareHook ( $share , $errorCode = 200 , $errorMessage = '' ) {
$itemType = $itemSource = $uidOwner = '' ;
$token = $share ;
$exception = null ;
2016-02-09 12:36:44 +03:00
if ( $share instanceof \OCP\Share\IShare ) {
2016-02-09 02:34:10 +03:00
try {
$token = $share -> getToken ();
$uidOwner = $share -> getSharedBy ();
2016-02-09 12:36:44 +03:00
$itemType = $share -> getNodeType ();
$itemSource = $share -> getNodeId ();
2016-02-09 02:34:10 +03:00
} catch ( \Exception $e ) {
// we log what we know and pass on the exception afterwards
$exception = $e ;
}
}
2018-01-26 01:16:13 +03:00
\OC_Hook :: emit ( Share :: class , 'share_link_access' , [
2016-02-09 02:34:10 +03:00
'itemType' => $itemType ,
'itemSource' => $itemSource ,
'uidOwner' => $uidOwner ,
'token' => $token ,
'errorCode' => $errorCode ,
'errorMessage' => $errorMessage ,
]);
if ( ! is_null ( $exception )) {
throw $exception ;
}
}
2016-02-09 15:00:08 +03:00
/**
* Validate the permissions of the share
*
* @ param Share\IShare $share
* @ return bool
*/
private function validateShare ( \OCP\Share\IShare $share ) {
return $share -> getNode () -> isReadable () && $share -> getNode () -> isShareable ();
}
2014-10-15 13:58:44 +04:00
/**
* @ PublicPage
* @ NoCSRFRequired
*
2018-05-18 13:29:10 +03:00
2014-10-15 13:58:44 +04:00
* @ param string $path
2018-05-18 13:29:10 +03:00
* @ return TemplateResponse
2015-09-30 14:32:20 +03:00
* @ throws NotFoundException
2016-06-08 16:38:11 +03:00
* @ throws \Exception
2014-10-15 13:58:44 +04:00
*/
2018-05-18 13:29:10 +03:00
public function showShare ( $path = '' ) : TemplateResponse {
2014-10-15 13:58:44 +04:00
\OC_User :: setIncognitoMode ( true );
// Check whether share exists
2016-01-15 10:11:11 +03:00
try {
2018-05-18 13:29:10 +03:00
$share = $this -> shareManager -> getShareByToken ( $this -> getToken ());
2016-02-02 16:07:11 +03:00
} catch ( ShareNotFound $e ) {
2018-05-18 13:29:10 +03:00
$this -> emitAccessShareHook ( $this -> getToken (), 404 , 'Share not found' );
throw new NotFoundException ();
2014-10-15 13:58:44 +04:00
}
2016-02-09 15:00:08 +03:00
if ( ! $this -> validateShare ( $share )) {
throw new NotFoundException ();
}
2018-11-05 22:17:00 +03:00
$shareNode = $share -> getNode ();
2016-01-15 10:11:11 +03:00
// We can't get the path of a file share
2016-02-09 02:34:10 +03:00
try {
2018-11-05 22:17:00 +03:00
if ( $shareNode instanceof \OCP\Files\File && $path !== '' ) {
2016-02-09 02:34:10 +03:00
$this -> emitAccessShareHook ( $share , 404 , 'Share not found' );
throw new NotFoundException ();
}
} catch ( \Exception $e ) {
$this -> emitAccessShareHook ( $share , 404 , 'Share not found' );
throw $e ;
2014-10-15 13:58:44 +04:00
}
2015-03-24 13:21:58 +03:00
$shareTmpl = [];
2016-02-03 10:25:57 +03:00
$shareTmpl [ 'displayName' ] = $this -> userManager -> get ( $share -> getShareOwner ()) -> getDisplayName ();
$shareTmpl [ 'owner' ] = $share -> getShareOwner ();
2018-11-05 22:17:00 +03:00
$shareTmpl [ 'filename' ] = $shareNode -> getName ();
2016-01-15 10:11:11 +03:00
$shareTmpl [ 'directory_path' ] = $share -> getTarget ();
2018-07-12 17:58:36 +03:00
$shareTmpl [ 'note' ] = $share -> getNote ();
2018-11-05 22:17:00 +03:00
$shareTmpl [ 'mimetype' ] = $shareNode -> getMimetype ();
$shareTmpl [ 'previewSupported' ] = $this -> previewManager -> isMimeSupported ( $shareNode -> getMimetype ());
2018-05-18 13:29:10 +03:00
$shareTmpl [ 'dirToken' ] = $this -> getToken ();
$shareTmpl [ 'sharingToken' ] = $this -> getToken ();
2016-04-18 19:17:08 +03:00
$shareTmpl [ 'server2serversharing' ] = $this -> federatedShareProvider -> isOutgoingServer2serverShareEnabled ();
2016-01-15 10:11:11 +03:00
$shareTmpl [ 'protected' ] = $share -> getPassword () !== null ? 'true' : 'false' ;
2014-11-18 16:54:08 +03:00
$shareTmpl [ 'dir' ] = '' ;
2018-11-05 22:17:00 +03:00
$shareTmpl [ 'nonHumanFileSize' ] = $shareNode -> getSize ();
$shareTmpl [ 'fileSize' ] = \OCP\Util :: humanFileSize ( $shareNode -> getSize ());
2018-10-18 13:43:08 +03:00
$shareTmpl [ 'hideDownload' ] = $share -> getHideDownload ();
2014-10-15 13:58:44 +04:00
2016-06-07 13:28:02 +03:00
$hideFileList = false ;
2018-11-05 22:17:00 +03:00
2018-11-06 12:55:49 +03:00
if ( $shareNode instanceof \OCP\Files\Folder ) {
2018-11-05 22:17:00 +03:00
$shareIsFolder = true ;
2016-07-06 00:35:32 +03:00
try {
2018-11-05 22:17:00 +03:00
$folderNode = $shareNode -> get ( $path );
2016-07-06 00:35:32 +03:00
} catch ( \OCP\Files\NotFoundException $e ) {
$this -> emitAccessShareHook ( $share , 404 , 'Share not found' );
throw new NotFoundException ();
}
2018-11-05 22:17:00 +03:00
$shareTmpl [ 'dir' ] = $shareNode -> getRelativePath ( $folderNode -> getPath ());
2016-01-19 12:17:29 +03:00
/*
* The OC_Util methods require a view . This just uses the node API
*/
2016-01-27 22:51:26 +03:00
$freeSpace = $share -> getNode () -> getStorage () -> free_space ( $share -> getNode () -> getInternalPath ());
2016-06-02 16:27:16 +03:00
if ( $freeSpace < \OCP\Files\FileInfo :: SPACE_UNLIMITED ) {
2016-01-19 12:17:29 +03:00
$freeSpace = max ( $freeSpace , 0 );
} else {
$freeSpace = ( INF > 0 ) ? INF : PHP_INT_MAX ; // work around https://bugs.php.net/bug.php?id=69188
}
2018-01-26 14:36:25 +03:00
$hideFileList = ! ( $share -> getPermissions () & \OCP\Constants :: PERMISSION_READ );
2016-09-19 22:29:48 +03:00
$maxUploadFilesize = $freeSpace ;
2016-01-19 12:17:29 +03:00
2014-10-15 13:58:44 +04:00
$folder = new Template ( 'files' , 'list' , '' );
2018-11-05 22:17:00 +03:00
$folder -> assign ( 'dir' , $shareNode -> getRelativePath ( $folderNode -> getPath ()));
2018-05-18 13:29:10 +03:00
$folder -> assign ( 'dirToken' , $this -> getToken ());
2014-11-25 18:28:41 +03:00
$folder -> assign ( 'permissions' , \OCP\Constants :: PERMISSION_READ );
2014-10-15 13:58:44 +04:00
$folder -> assign ( 'isPublic' , true );
2016-06-07 13:28:02 +03:00
$folder -> assign ( 'hideFileList' , $hideFileList );
2014-10-15 13:58:44 +04:00
$folder -> assign ( 'publicUploadEnabled' , 'no' );
2018-11-15 22:29:10 +03:00
$folder -> assign ( 'showgridview' , false );
2014-10-15 13:58:44 +04:00
$folder -> assign ( 'uploadMaxFilesize' , $maxUploadFilesize );
2016-07-18 14:34:18 +03:00
$folder -> assign ( 'uploadMaxHumanFilesize' , \OCP\Util :: humanFileSize ( $maxUploadFilesize ));
2014-10-15 13:58:44 +04:00
$folder -> assign ( 'freeSpace' , $freeSpace );
$folder -> assign ( 'usedSpacePercent' , 0 );
$folder -> assign ( 'trash' , false );
$shareTmpl [ 'folder' ] = $folder -> fetchPage ();
2018-11-05 22:17:00 +03:00
} else {
$shareIsFolder = false ;
2014-10-15 13:58:44 +04:00
}
2018-11-15 22:29:10 +03:00
$shareTmpl [ 'showgridview' ] = false ;
2018-11-06 11:06:24 +03:00
2016-06-07 13:28:02 +03:00
$shareTmpl [ 'hideFileList' ] = $hideFileList ;
$shareTmpl [ 'shareOwner' ] = $this -> userManager -> get ( $share -> getShareOwner ()) -> getDisplayName ();
2018-05-18 13:29:10 +03:00
$shareTmpl [ 'downloadURL' ] = $this -> urlGenerator -> linkToRouteAbsolute ( 'files_sharing.sharecontroller.downloadShare' , [ 'token' => $this -> getToken ()]);
$shareTmpl [ 'shareUrl' ] = $this -> urlGenerator -> linkToRouteAbsolute ( 'files_sharing.sharecontroller.showShare' , [ 'token' => $this -> getToken ()]);
2015-01-17 14:11:52 +03:00
$shareTmpl [ 'maxSizeAnimateGif' ] = $this -> config -> getSystemValue ( 'max_filesize_animated_gifs_public_sharing' , 10 );
2015-06-09 17:33:26 +03:00
$shareTmpl [ 'previewEnabled' ] = $this -> config -> getSystemValue ( 'enable_previews' , true );
2016-05-24 13:34:37 +03:00
$shareTmpl [ 'previewMaxX' ] = $this -> config -> getSystemValue ( 'preview_max_x' , 1024 );
$shareTmpl [ 'previewMaxY' ] = $this -> config -> getSystemValue ( 'preview_max_y' , 1024 );
2016-09-08 10:13:59 +03:00
$shareTmpl [ 'disclaimer' ] = $this -> config -> getAppValue ( 'core' , 'shareapi_public_link_disclaimertext' , null );
2017-09-25 22:47:09 +03:00
$shareTmpl [ 'previewURL' ] = $shareTmpl [ 'downloadURL' ];
2018-11-05 22:17:00 +03:00
2016-07-22 17:13:26 +03:00
if ( $shareTmpl [ 'previewSupported' ]) {
2016-11-28 18:16:01 +03:00
$shareTmpl [ 'previewImage' ] = $this -> urlGenerator -> linkToRouteAbsolute ( 'files_sharing.PublicPreview.getPreview' ,
2018-05-23 11:50:44 +03:00
[ 'x' => 200 , 'y' => 200 , 'file' => $shareTmpl [ 'directory_path' ], 'token' => $shareTmpl [ 'dirToken' ]]);
2017-10-31 23:00:36 +03:00
$ogPreview = $shareTmpl [ 'previewImage' ];
2017-09-25 22:47:09 +03:00
// We just have direct previews for image files
2018-11-05 22:17:00 +03:00
if ( $shareNode -> getMimePart () === 'image' ) {
2018-05-18 13:29:10 +03:00
$shareTmpl [ 'previewURL' ] = $this -> urlGenerator -> linkToRouteAbsolute ( 'files_sharing.publicpreview.directLink' , [ 'token' => $this -> getToken ()]);
2018-02-12 12:42:18 +03:00
2017-10-31 23:00:36 +03:00
$ogPreview = $shareTmpl [ 'previewURL' ];
2018-02-12 12:42:18 +03:00
//Whatapp is kind of picky about their size requirements
if ( $this -> request -> isUserAgent ([ '/^WhatsApp/' ])) {
$ogPreview = $this -> urlGenerator -> linkToRouteAbsolute ( 'files_sharing.PublicPreview.getPreview' , [
2018-05-18 13:29:10 +03:00
'token' => $this -> getToken (),
2018-02-12 12:42:18 +03:00
'x' => 256 ,
'y' => 256 ,
'a' => true ,
]);
}
2017-09-25 22:47:09 +03:00
}
2016-07-22 17:13:26 +03:00
} else {
$shareTmpl [ 'previewImage' ] = $this -> urlGenerator -> getAbsoluteURL ( $this -> urlGenerator -> imagePath ( 'core' , 'favicon-fb.png' ));
2017-10-31 23:00:36 +03:00
$ogPreview = $shareTmpl [ 'previewImage' ];
2016-07-22 17:13:26 +03:00
}
2014-10-15 13:58:44 +04:00
2016-07-15 15:39:57 +03:00
// Load files we need
2016-07-18 14:34:18 +03:00
\OCP\Util :: addScript ( 'files' , 'file-upload' );
2017-03-21 18:35:31 +03:00
\OCP\Util :: addStyle ( 'files_sharing' , 'publicView' );
2016-07-18 14:34:18 +03:00
\OCP\Util :: addScript ( 'files_sharing' , 'public' );
2018-10-03 10:40:22 +03:00
\OCP\Util :: addScript ( 'files_sharing' , 'templates' );
2016-07-18 14:34:18 +03:00
\OCP\Util :: addScript ( 'files' , 'fileactions' );
\OCP\Util :: addScript ( 'files' , 'fileactionsmenu' );
\OCP\Util :: addScript ( 'files' , 'jquery.fileupload' );
\OCP\Util :: addScript ( 'files_sharing' , 'files_drop' );
2016-07-15 15:39:57 +03:00
if ( isset ( $shareTmpl [ 'folder' ])) {
// JS required for folders
2017-03-21 18:35:31 +03:00
\OCP\Util :: addStyle ( 'files' , 'merged' );
2016-07-18 14:34:18 +03:00
\OCP\Util :: addScript ( 'files' , 'filesummary' );
2018-10-01 11:43:17 +03:00
\OCP\Util :: addScript ( 'files' , 'templates' );
2016-07-18 14:34:18 +03:00
\OCP\Util :: addScript ( 'files' , 'breadcrumb' );
\OCP\Util :: addScript ( 'files' , 'fileinfomodel' );
\OCP\Util :: addScript ( 'files' , 'newfilemenu' );
\OCP\Util :: addScript ( 'files' , 'files' );
2018-08-04 19:09:37 +03:00
\OCP\Util :: addScript ( 'files' , 'filemultiselectmenu' );
2016-07-18 14:34:18 +03:00
\OCP\Util :: addScript ( 'files' , 'filelist' );
\OCP\Util :: addScript ( 'files' , 'keyboardshortcuts' );
2016-07-15 15:39:57 +03:00
}
2016-07-22 17:13:26 +03:00
// OpenGraph Support: http://ogp.me/
2017-10-25 07:26:19 +03:00
\OCP\Util :: addHeader ( 'meta' , [ 'property' => " og:title " , 'content' => $shareTmpl [ 'filename' ]]);
\OCP\Util :: addHeader ( 'meta' , [ 'property' => " og:description " , 'content' => $this -> defaults -> getName () . ( $this -> defaults -> getSlogan () !== '' ? ' - ' . $this -> defaults -> getSlogan () : '' )]);
2016-07-22 17:13:26 +03:00
\OCP\Util :: addHeader ( 'meta' , [ 'property' => " og:site_name " , 'content' => $this -> defaults -> getName ()]);
\OCP\Util :: addHeader ( 'meta' , [ 'property' => " og:url " , 'content' => $shareTmpl [ 'shareUrl' ]]);
\OCP\Util :: addHeader ( 'meta' , [ 'property' => " og:type " , 'content' => " object " ]);
2017-10-31 23:00:36 +03:00
\OCP\Util :: addHeader ( 'meta' , [ 'property' => " og:image " , 'content' => $ogPreview ]);
2016-07-22 17:13:26 +03:00
2016-07-15 16:01:14 +03:00
$this -> eventDispatcher -> dispatch ( 'OCA\Files_Sharing::loadAdditionalScripts' );
2016-07-18 14:34:18 +03:00
$csp = new \OCP\AppFramework\Http\ContentSecurityPolicy ();
2015-03-10 12:06:15 +03:00
$csp -> addAllowedFrameDomain ( '\'self\'' );
2018-01-25 20:53:09 +03:00
$response = new PublicTemplateResponse ( $this -> appName , 'public' , $shareTmpl );
2018-02-09 13:34:34 +03:00
$response -> setHeaderTitle ( $shareTmpl [ 'filename' ]);
2018-01-25 20:53:09 +03:00
$response -> setHeaderDetails ( $this -> l10n -> t ( 'shared by %s' , [ $shareTmpl [ 'displayName' ]]));
2018-11-05 22:17:00 +03:00
$isNoneFileDropFolder = $shareIsFolder === false || $share -> getPermissions () !== \OCP\Constants :: PERMISSION_CREATE ;
if ( $isNoneFileDropFolder && ! $share -> getHideDownload ()) {
2018-10-03 10:40:22 +03:00
\OCP\Util :: addScript ( 'files_sharing' , 'public_note' );
2018-11-10 21:10:31 +03:00
if ( $shareIsFolder ) {
$response -> setHeaderActions ([
new SimpleMenuAction ( 'download' , $this -> l10n -> t ( 'Download all files' ), 'icon-download-white' , $shareTmpl [ 'downloadURL' ], 0 ),
new SimpleMenuAction ( 'download' , $this -> l10n -> t ( 'Download all files' ), 'icon-download' , $shareTmpl [ 'downloadURL' ], 10 , $shareTmpl [ 'fileSize' ]),
new LinkMenuAction ( $this -> l10n -> t ( 'Direct link' ), 'icon-public' , $shareTmpl [ 'previewURL' ]),
new ExternalShareMenuAction ( $this -> l10n -> t ( 'Add to your Nextcloud' ), 'icon-external' , $shareTmpl [ 'owner' ], $shareTmpl [ 'displayName' ], $shareTmpl [ 'filename' ]),
]);
} else {
$response -> setHeaderActions ([
new SimpleMenuAction ( 'download' , $this -> l10n -> t ( 'Download' ), 'icon-download-white' , $shareTmpl [ 'downloadURL' ], 0 ),
new SimpleMenuAction ( 'download' , $this -> l10n -> t ( 'Download' ), 'icon-download' , $shareTmpl [ 'downloadURL' ], 10 , $shareTmpl [ 'fileSize' ]),
new LinkMenuAction ( $this -> l10n -> t ( 'Direct link' ), 'icon-public' , $shareTmpl [ 'previewURL' ]),
new ExternalShareMenuAction ( $this -> l10n -> t ( 'Add to your Nextcloud' ), 'icon-external' , $shareTmpl [ 'owner' ], $shareTmpl [ 'displayName' ], $shareTmpl [ 'filename' ]),
]);
}
2018-10-22 11:54:01 +03:00
}
2018-01-25 20:53:09 +03:00
2015-03-10 12:06:15 +03:00
$response -> setContentSecurityPolicy ( $csp );
2016-02-09 02:34:10 +03:00
$this -> emitAccessShareHook ( $share );
2015-03-10 12:06:15 +03:00
return $response ;
2014-10-15 13:58:44 +04:00
}
/**
* @ PublicPage
* @ NoCSRFRequired
2014-11-24 17:02:49 +03:00
*
2014-10-15 13:58:44 +04:00
* @ param string $token
* @ param string $files
* @ param string $path
2015-10-08 12:21:17 +03:00
* @ param string $downloadStartSecret
2016-07-18 14:34:18 +03:00
* @ return void | \OCP\AppFramework\Http\Response
2016-06-08 16:38:11 +03:00
* @ throws NotFoundException
2014-10-15 13:58:44 +04:00
*/
2015-10-08 12:21:17 +03:00
public function downloadShare ( $token , $files = null , $path = '' , $downloadStartSecret = '' ) {
2014-10-15 13:58:44 +04:00
\OC_User :: setIncognitoMode ( true );
2016-01-15 13:49:50 +03:00
$share = $this -> shareManager -> getShareByToken ( $token );
2014-10-15 13:58:44 +04:00
2016-06-08 16:38:11 +03:00
if ( ! ( $share -> getPermissions () & \OCP\Constants :: PERMISSION_READ )) {
2016-07-18 14:34:18 +03:00
return new \OCP\AppFramework\Http\DataResponse ( 'Share is read-only' );
2016-06-08 16:38:11 +03:00
}
2015-02-17 17:08:16 +03:00
$files_list = null ;
if ( ! is_null ( $files )) { // download selected files
$files_list = json_decode ( $files );
// in case we get only a single file
if ( $files_list === null ) {
2016-01-15 13:49:50 +03:00
$files_list = [ $files ];
2015-02-17 17:08:16 +03:00
}
2017-10-30 23:06:35 +03:00
// Just in case $files is a single int like '1234'
if ( ! is_array ( $files_list )) {
$files_list = [ $files_list ];
}
2015-02-17 17:08:16 +03:00
}
2016-01-15 13:49:50 +03:00
2016-02-09 15:00:08 +03:00
if ( ! $this -> validateShare ( $share )) {
throw new NotFoundException ();
}
2018-06-14 11:20:10 +03:00
$userFolder = $this -> rootFolder -> getUserFolder ( $share -> getShareOwner ());
$originalSharePath = $userFolder -> getRelativePath ( $share -> getNode () -> getPath ());
2016-01-15 13:49:50 +03:00
// Single file share
2016-01-27 22:51:26 +03:00
if ( $share -> getNode () instanceof \OCP\Files\File ) {
2016-01-20 11:39:05 +03:00
// Single file download
2016-11-03 14:06:22 +03:00
$this -> singleFileDownloaded ( $share , $share -> getNode ());
2016-01-15 13:49:50 +03:00
}
// Directory share
else {
/** @var \OCP\Files\Folder $node */
2016-01-27 22:51:26 +03:00
$node = $share -> getNode ();
2016-01-15 13:49:50 +03:00
// Try to get the path
if ( $path !== '' ) {
try {
$node = $node -> get ( $path );
} catch ( NotFoundException $e ) {
2016-02-09 02:34:10 +03:00
$this -> emitAccessShareHook ( $share , 404 , 'Share not found' );
2016-01-15 13:49:50 +03:00
return new NotFoundResponse ();
}
}
2014-10-15 13:58:44 +04:00
2016-01-15 13:49:50 +03:00
$originalSharePath = $userFolder -> getRelativePath ( $node -> getPath ());
2014-10-15 13:58:44 +04:00
2016-01-15 13:49:50 +03:00
if ( $node instanceof \OCP\Files\File ) {
// Single file download
2016-11-03 14:06:22 +03:00
$this -> singleFileDownloaded ( $share , $share -> getNode ());
2015-02-17 17:08:16 +03:00
} else if ( ! empty ( $files_list )) {
2016-12-11 22:32:28 +03:00
$this -> fileListDownloaded ( $share , $files_list , $node );
2015-02-17 17:08:16 +03:00
} else {
// The folder is downloaded
2016-11-03 14:06:22 +03:00
$this -> singleFileDownloaded ( $share , $share -> getNode ());
2015-02-17 17:08:16 +03:00
}
}
2016-01-15 13:49:50 +03:00
/* FIXME: We should do this all nicely in OCP */
OC_Util :: tearDownFS ();
2016-02-03 10:25:57 +03:00
OC_Util :: setupFS ( $share -> getShareOwner ());
2016-01-15 13:49:50 +03:00
2015-10-08 12:21:17 +03:00
/**
* this sets a cookie to be able to recognize the start of the download
* the content must not be longer than 32 characters and must only contain
* alphanumeric characters
*/
if ( ! empty ( $downloadStartSecret )
&& ! isset ( $downloadStartSecret [ 32 ])
&& preg_match ( '!^[a-zA-Z0-9]+$!' , $downloadStartSecret ) === 1 ) {
// FIXME: set on the response once we use an actual app framework response
setcookie ( 'ocDownloadStarted' , $downloadStartSecret , time () + 20 , '/' );
}
2016-02-09 02:34:10 +03:00
$this -> emitAccessShareHook ( $share );
2017-05-10 15:16:22 +03:00
$server_params = array ( 'head' => $this -> request -> getMethod () === 'HEAD' );
2016-05-20 19:16:44 +03:00
/**
* Http range requests support
*/
if ( isset ( $_SERVER [ 'HTTP_RANGE' ])) {
$server_params [ 'range' ] = $this -> request -> getHeader ( 'Range' );
}
2015-02-17 17:08:16 +03:00
// download selected files
2016-03-07 13:37:49 +03:00
if ( ! is_null ( $files ) && $files !== '' ) {
2014-10-15 13:58:44 +04:00
// FIXME: The exit is required here because otherwise the AppFramework is trying to add headers as well
2014-11-25 12:17:31 +03:00
// after dispatching the request which results in a "Cannot modify header information" notice.
2016-05-20 19:16:44 +03:00
OC_Files :: get ( $originalSharePath , $files_list , $server_params );
2014-10-15 13:58:44 +04:00
exit ();
} else {
// FIXME: The exit is required here because otherwise the AppFramework is trying to add headers as well
// after dispatching the request which results in a "Cannot modify header information" notice.
2016-05-20 19:16:44 +03:00
OC_Files :: get ( dirname ( $originalSharePath ), basename ( $originalSharePath ), $server_params );
2014-10-15 13:58:44 +04:00
exit ();
}
}
2016-11-03 14:06:22 +03:00
/**
* create activity for every downloaded file
*
* @ param Share\IShare $share
* @ param array $files_list
2016-12-12 20:15:13 +03:00
* @ param \OCP\Files\Folder $node
2016-11-03 14:06:22 +03:00
*/
2016-12-11 22:32:28 +03:00
protected function fileListDownloaded ( Share\IShare $share , array $files_list , \OCP\Files\Folder $node ) {
2016-11-03 14:06:22 +03:00
foreach ( $files_list as $file ) {
2016-12-11 22:32:28 +03:00
$subNode = $node -> get ( $file );
2016-11-03 14:06:22 +03:00
$this -> singleFileDownloaded ( $share , $subNode );
}
}
/**
* create activity if a single file was downloaded from a link share
*
* @ param Share\IShare $share
*/
protected function singleFileDownloaded ( Share\IShare $share , \OCP\Files\Node $node ) {
$fileId = $node -> getId ();
$userFolder = $this -> rootFolder -> getUserFolder ( $share -> getSharedBy ());
$userNodeList = $userFolder -> getById ( $fileId );
$userNode = $userNodeList [ 0 ];
$ownerFolder = $this -> rootFolder -> getUserFolder ( $share -> getShareOwner ());
$userPath = $userFolder -> getRelativePath ( $userNode -> getPath ());
$ownerPath = $ownerFolder -> getRelativePath ( $node -> getPath ());
$parameters = [ $userPath ];
if ( $share -> getShareType () === \OCP\Share :: SHARE_TYPE_EMAIL ) {
if ( $node instanceof \OCP\Files\File ) {
2016-11-16 14:09:41 +03:00
$subject = Downloads :: SUBJECT_SHARED_FILE_BY_EMAIL_DOWNLOADED ;
2016-11-03 14:06:22 +03:00
} else {
2016-11-16 14:09:41 +03:00
$subject = Downloads :: SUBJECT_SHARED_FOLDER_BY_EMAIL_DOWNLOADED ;
2016-11-03 14:06:22 +03:00
}
$parameters [] = $share -> getSharedWith ();
} else {
if ( $node instanceof \OCP\Files\File ) {
2016-11-16 14:09:41 +03:00
$subject = Downloads :: SUBJECT_PUBLIC_SHARED_FILE_DOWNLOADED ;
2016-11-03 14:06:22 +03:00
} else {
2016-11-16 14:09:41 +03:00
$subject = Downloads :: SUBJECT_PUBLIC_SHARED_FOLDER_DOWNLOADED ;
2016-11-03 14:06:22 +03:00
}
}
$this -> publishActivity ( $subject , $parameters , $share -> getSharedBy (), $fileId , $userPath );
if ( $share -> getShareOwner () !== $share -> getSharedBy ()) {
$parameters [ 0 ] = $ownerPath ;
$this -> publishActivity ( $subject , $parameters , $share -> getShareOwner (), $fileId , $ownerPath );
}
}
/**
* publish activity
*
* @ param string $subject
* @ param array $parameters
* @ param string $affectedUser
* @ param int $fileId
* @ param string $filePath
*/
protected function publishActivity ( $subject ,
array $parameters ,
$affectedUser ,
$fileId ,
$filePath ) {
$event = $this -> activityManager -> generateEvent ();
$event -> setApp ( 'files_sharing' )
2016-11-16 14:09:41 +03:00
-> setType ( 'public_links' )
2016-11-03 14:06:22 +03:00
-> setSubject ( $subject , $parameters )
-> setAffectedUser ( $affectedUser )
-> setObject ( 'files' , $fileId , $filePath );
$this -> activityManager -> publish ( $event );
}
2014-10-15 13:58:44 +04:00
}