From 375f6fcab1897803ea52e8f64954929f854ee8f1 Mon Sep 17 00:00:00 2001 From: Roeland Jago Douma Date: Fri, 1 Apr 2016 17:04:10 +0200 Subject: [PATCH] Move public webdav auth over to share manager The public webdav auth should use the shiny new share manager. --- apps/dav/appinfo/v1/publicwebdav.php | 13 +++-- apps/dav/lib/connector/publicauth.php | 81 ++++++++++++--------------- 2 files changed, 44 insertions(+), 50 deletions(-) diff --git a/apps/dav/appinfo/v1/publicwebdav.php b/apps/dav/appinfo/v1/publicwebdav.php index 558a823866..b26e9ebe7c 100644 --- a/apps/dav/appinfo/v1/publicwebdav.php +++ b/apps/dav/appinfo/v1/publicwebdav.php @@ -32,7 +32,11 @@ OC_App::loadApps($RUNTIME_APPTYPES); OC_Util::obEnd(); // Backends -$authBackend = new OCA\DAV\Connector\PublicAuth(\OC::$server->getConfig(), \OC::$server->getRequest()); +$authBackend = new OCA\DAV\Connector\PublicAuth( + \OC::$server->getRequest(), + \OC::$server->getShareManager(), + \OC::$server->getSession() +); $serverFactory = new OCA\DAV\Connector\Sabre\ServerFactory( \OC::$server->getConfig(), @@ -56,10 +60,9 @@ $server = $serverFactory->createServer($baseuri, $requestUri, $authBackend, func } $share = $authBackend->getShare(); - $rootShare = \OCP\Share::resolveReShare($share); - $owner = $rootShare['uid_owner']; - $isWritable = $share['permissions'] & (\OCP\Constants::PERMISSION_UPDATE | \OCP\Constants::PERMISSION_CREATE); - $fileId = $share['file_source']; + $owner = $share->getShareOwner(); + $isWritable = $share->getPermissions() & (\OCP\Constants::PERMISSION_UPDATE | \OCP\Constants::PERMISSION_CREATE); + $fileId = $share->getNodeId(); if (!$isWritable) { \OC\Files\Filesystem::addStorageWrapper('readonly', function ($mountPoint, $storage) { diff --git a/apps/dav/lib/connector/publicauth.php b/apps/dav/lib/connector/publicauth.php index 0d75a4db49..3aa58cda24 100644 --- a/apps/dav/lib/connector/publicauth.php +++ b/apps/dav/lib/connector/publicauth.php @@ -26,31 +26,41 @@ namespace OCA\DAV\Connector; -use OCP\IConfig; use OCP\IRequest; +use OCP\ISession; +use OCP\Share\Exceptions\ShareNotFound; +use OCP\Share\IManager; +/** + * Class PublicAuth + * + * @package OCA\DAV\Connector + */ class PublicAuth extends \Sabre\DAV\Auth\Backend\AbstractBasic { - /** - * @var \OCP\IConfig - */ - private $config; - + /** @var \OCP\Share\IShare */ private $share; - /** - * @var IRequest - */ + /** @var IManager */ + private $shareManager; + + /** @var ISession */ + private $session; + + /** @var IRequest */ private $request; /** - * @param \OCP\IConfig $config * @param IRequest $request + * @param IManager $shareManager + * @param ISession $session */ - public function __construct(IConfig $config, - IRequest $request) { - $this->config = $config; + public function __construct(IRequest $request, + IManager $shareManager, + ISession $session) { $this->request = $request; + $this->shareManager = $shareManager; + $this->session = $session; } /** @@ -66,42 +76,23 @@ class PublicAuth extends \Sabre\DAV\Auth\Backend\AbstractBasic { * @throws \Sabre\DAV\Exception\NotAuthenticated */ protected function validateUserPass($username, $password) { - $linkItem = \OCP\Share::getShareByToken($username, false); - \OC_User::setIncognitoMode(true); - $this->share = $linkItem; - if (!$linkItem) { + try { + $share = $this->shareManager->getShareByToken($username); + } catch (ShareNotFound $e) { return false; } - if ((int)$linkItem['share_type'] === \OCP\Share::SHARE_TYPE_LINK && - $this->config->getAppValue('core', 'shareapi_allow_public_upload', 'yes') !== 'yes') { - $this->share['permissions'] &= ~(\OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE); - } + $this->share = $share; + + \OC_User::setIncognitoMode(true); // check if the share is password protected - if (isset($linkItem['share_with'])) { - if ($linkItem['share_type'] == \OCP\Share::SHARE_TYPE_LINK) { - // Check Password - $newHash = ''; - if(\OC::$server->getHasher()->verify($password, $linkItem['share_with'], $newHash)) { - /** - * FIXME: Migrate old hashes to new hash format - * Due to the fact that there is no reasonable functionality to update the password - * of an existing share no migration is yet performed there. - * The only possibility is to update the existing share which will result in a new - * share ID and is a major hack. - * - * In the future the migration should be performed once there is a proper method - * to update the share's password. (for example `$share->updatePassword($password)` - * - * @link https://github.com/owncloud/core/issues/10671 - */ - if(!empty($newHash)) { - - } + if ($share->getPassword() !== null) { + if ($share->getShareType() === \OCP\Share::SHARE_TYPE_LINK) { + if ($this->shareManager->checkPassword($share, $password)) { return true; - } else if (\OC::$server->getSession()->exists('public_link_authenticated') - && \OC::$server->getSession()->get('public_link_authenticated') === $linkItem['id']) { + } else if ($this->session->exists('public_link_authenticated') + && $this->session->get('public_link_authenticated') === $share->getId()) { return true; } else { if (in_array('XMLHttpRequest', explode(',', $this->request->getHeader('X-Requested-With')))) { @@ -112,7 +103,7 @@ class PublicAuth extends \Sabre\DAV\Auth\Backend\AbstractBasic { } return false; } - } else if ($linkItem['share_type'] == \OCP\Share::SHARE_TYPE_REMOTE) { + } else if ($share->getShareType() === \OCP\Share::SHARE_TYPE_REMOTE) { return true; } else { return false; @@ -123,7 +114,7 @@ class PublicAuth extends \Sabre\DAV\Auth\Backend\AbstractBasic { } /** - * @return array + * @return \OCP\Share\IShare */ public function getShare() { return $this->share;