added handling for public file access via files_sharing link
This commit is contained in:
parent
d92f6b887d
commit
61ed347d26
|
@ -455,7 +455,7 @@ class Keymanager {
|
||||||
|
|
||||||
list($owner, $filename) = $util->getUidAndFilename($filePath);
|
list($owner, $filename) = $util->getUidAndFilename($filePath);
|
||||||
|
|
||||||
$shareKeyPath = '/' . $owner . '/files_encryption/share-keys/' . $filename . '.' . $userId . '.shareKey';
|
$shareKeyPath = \OC\Files\Filesystem::normalizePath('/' . $owner . '/files_encryption/share-keys/' . $filename . '.' . $userId . '.shareKey');
|
||||||
if ( $view->file_exists( $shareKeyPath ) ) {
|
if ( $view->file_exists( $shareKeyPath ) ) {
|
||||||
|
|
||||||
$result = $view->file_get_contents( $shareKeyPath );
|
$result = $view->file_get_contents( $shareKeyPath );
|
||||||
|
|
|
@ -59,9 +59,11 @@ class Session {
|
||||||
) {
|
) {
|
||||||
|
|
||||||
$keypair = Crypt::createKeypair();
|
$keypair = Crypt::createKeypair();
|
||||||
|
|
||||||
\OC_FileProxy::$enabled = false;
|
// Disable encryption proxy to prevent recursive calls
|
||||||
|
$proxyStatus = \OC_FileProxy::$enabled;
|
||||||
|
\OC_FileProxy::$enabled = false;
|
||||||
|
|
||||||
// Save public key
|
// Save public key
|
||||||
|
|
||||||
if (!$view->is_dir('/public-keys')) {
|
if (!$view->is_dir('/public-keys')) {
|
||||||
|
@ -76,9 +78,21 @@ class Session {
|
||||||
// Save private key
|
// Save private key
|
||||||
$this->view->file_put_contents( '/owncloud_private_key/'.$publicShareKeyId.'.private.key', $encryptedPrivateKey );
|
$this->view->file_put_contents( '/owncloud_private_key/'.$publicShareKeyId.'.private.key', $encryptedPrivateKey );
|
||||||
|
|
||||||
\OC_FileProxy::$enabled = true;
|
\OC_FileProxy::$enabled = $proxyStatus;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if(\OCP\USER::getUser() === false) {
|
||||||
|
// Disable encryption proxy to prevent recursive calls
|
||||||
|
$proxyStatus = \OC_FileProxy::$enabled;
|
||||||
|
\OC_FileProxy::$enabled = false;
|
||||||
|
|
||||||
|
$encryptedKey = $this->view->file_get_contents( '/owncloud_private_key/'.$publicShareKeyId.'.private.key' );
|
||||||
|
$privateKey = Crypt::symmetricDecryptFileContent( $encryptedKey, '' );
|
||||||
|
$this->setPrivateKey($privateKey);
|
||||||
|
|
||||||
|
\OC_FileProxy::$enabled = $proxyStatus;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -72,20 +72,20 @@ class Stream {
|
||||||
private $rootView; // a fsview object set to '/'
|
private $rootView; // a fsview object set to '/'
|
||||||
|
|
||||||
public function stream_open( $path, $mode, $options, &$opened_path ) {
|
public function stream_open( $path, $mode, $options, &$opened_path ) {
|
||||||
|
|
||||||
$this->userId = \OCP\User::getUser();
|
|
||||||
|
|
||||||
if ( ! isset( $this->rootView ) ) {
|
if ( ! isset( $this->rootView ) ) {
|
||||||
|
|
||||||
$this->rootView = new \OC_FilesystemView( '/' );
|
$this->rootView = new \OC_FilesystemView( '/' );
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Strip identifier text from path, this gives us the path relative to data/<user>/files
|
$util = new Util( $this->rootView, \OCP\USER::getUser());
|
||||||
$this->relPath = str_replace( 'crypt://', '', $path );
|
|
||||||
|
$this->userId = $util->getUserId();
|
||||||
|
|
||||||
|
// Strip identifier text from path, this gives us the path relative to data/<user>/files
|
||||||
|
$this->relPath = \OC\Files\Filesystem::normalizePath(str_replace( 'crypt://', '', $path ));
|
||||||
|
|
||||||
// rawPath is relative to the data directory
|
// rawPath is relative to the data directory
|
||||||
$this->rawPath = $this->userId . '/files/' . $this->relPath;
|
$this->rawPath = $util->getUserFilesDir() . $this->relPath;
|
||||||
|
|
||||||
if (
|
if (
|
||||||
dirname( $this->rawPath ) == 'streams'
|
dirname( $this->rawPath ) == 'streams'
|
||||||
|
|
|
@ -110,23 +110,47 @@ class Util {
|
||||||
private $privateKeyPath; // Path to user's private key
|
private $privateKeyPath; // Path to user's private key
|
||||||
private $publicShareKeyId;
|
private $publicShareKeyId;
|
||||||
private $recoveryKeyId;
|
private $recoveryKeyId;
|
||||||
|
private $isPublic;
|
||||||
|
|
||||||
public function __construct( \OC_FilesystemView $view, $userId, $client = false ) {
|
public function __construct( \OC_FilesystemView $view, $userId, $client = false ) {
|
||||||
|
|
||||||
$this->view = $view;
|
$this->view = $view;
|
||||||
$this->userId = $userId;
|
$this->userId = $userId;
|
||||||
$this->client = $client;
|
$this->client = $client;
|
||||||
$this->userDir = '/' . $this->userId;
|
$this->isPublic = false;
|
||||||
$this->fileFolderName = 'files';
|
|
||||||
$this->userFilesDir = '/' . $this->userId . '/' . $this->fileFolderName; // TODO: Does this need to be user configurable?
|
$this->publicShareKeyId = \OC_Appconfig::getValue('files_encryption', 'publicShareKeyId');
|
||||||
$this->publicKeyDir = '/' . 'public-keys';
|
$this->recoveryKeyId = \OC_Appconfig::getValue('files_encryption', 'recoveryKeyId');
|
||||||
$this->encryptionDir = '/' . $this->userId . '/' . 'files_encryption';
|
|
||||||
$this->keyfilesPath = $this->encryptionDir . '/' . 'keyfiles';
|
// if we are anonymous/public
|
||||||
$this->shareKeysPath = $this->encryptionDir . '/' . 'share-keys';
|
if($this->userId === false) {
|
||||||
$this->publicKeyPath = $this->publicKeyDir . '/' . $this->userId . '.public.key'; // e.g. data/public-keys/admin.public.key
|
$this->userId = $this->publicShareKeyId;
|
||||||
$this->privateKeyPath = $this->encryptionDir . '/' . $this->userId . '.private.key'; // e.g. data/admin/admin.private.key
|
|
||||||
$this->publicShareKeyId = \OC_Appconfig::getValue('files_encryption', 'publicShareKeyId');
|
// only handle for files_sharing app
|
||||||
$this->recoveryKeyId = \OC_Appconfig::getValue('files_encryption', 'recoveryKeyId');
|
if($GLOBALS['app'] === 'files_sharing') {
|
||||||
|
$this->userDir = '/' . $GLOBALS['fileOwner'];
|
||||||
|
$this->fileFolderName = 'files';
|
||||||
|
$this->userFilesDir = '/' . $GLOBALS['fileOwner'] . '/' . $this->fileFolderName; // TODO: Does this need to be user configurable?
|
||||||
|
$this->publicKeyDir = '/' . 'public-keys';
|
||||||
|
$this->encryptionDir = '/' . $GLOBALS['fileOwner'] . '/' . 'files_encryption';
|
||||||
|
$this->keyfilesPath = $this->encryptionDir . '/' . 'keyfiles';
|
||||||
|
$this->shareKeysPath = $this->encryptionDir . '/' . 'share-keys';
|
||||||
|
$this->publicKeyPath = $this->publicKeyDir . '/' . $this->userId . '.public.key'; // e.g. data/public-keys/admin.public.key
|
||||||
|
$this->privateKeyPath = '/owncloud_private_key/' . $this->userId . '.private.key'; // e.g. data/admin/admin.private.key
|
||||||
|
$this->isPublic = true;
|
||||||
|
}
|
||||||
|
|
||||||
|
} else {
|
||||||
|
$this->userDir = '/' . $this->userId;
|
||||||
|
$this->fileFolderName = 'files';
|
||||||
|
$this->userFilesDir = '/' . $this->userId . '/' . $this->fileFolderName; // TODO: Does this need to be user configurable?
|
||||||
|
$this->publicKeyDir = '/' . 'public-keys';
|
||||||
|
$this->encryptionDir = '/' . $this->userId . '/' . 'files_encryption';
|
||||||
|
$this->keyfilesPath = $this->encryptionDir . '/' . 'keyfiles';
|
||||||
|
$this->shareKeysPath = $this->encryptionDir . '/' . 'share-keys';
|
||||||
|
$this->publicKeyPath = $this->publicKeyDir . '/' . $this->userId . '.public.key'; // e.g. data/public-keys/admin.public.key
|
||||||
|
$this->privateKeyPath = $this->encryptionDir . '/' . $this->userId . '.private.key'; // e.g. data/admin/admin.private.key
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public function ready() {
|
public function ready() {
|
||||||
|
@ -1069,46 +1093,54 @@ class Util {
|
||||||
|
|
||||||
$view = new \OC\Files\View($this->userFilesDir);
|
$view = new \OC\Files\View($this->userFilesDir);
|
||||||
$fileOwnerUid = $view->getOwner( $path );
|
$fileOwnerUid = $view->getOwner( $path );
|
||||||
|
|
||||||
// Check that UID is valid
|
|
||||||
if ( ! \OCP\User::userExists( $fileOwnerUid ) ) {
|
|
||||||
|
|
||||||
throw new \Exception( 'Could not find owner (UID = "' . var_export( $fileOwnerUid, 1 ) . '") of file "' . $path . '"' );
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
// NOTE: Bah, this dependency should be elsewhere
|
// handle public access
|
||||||
\OC\Files\Filesystem::initMountPoints( $fileOwnerUid );
|
if($fileOwnerUid === false && $this->isPublic) {
|
||||||
|
$filename = $view->getPath( $GLOBALS['fileSource'] );
|
||||||
// If the file owner is the currently logged in user
|
$fileOwnerUid = $GLOBALS['fileOwner'];
|
||||||
if ( $fileOwnerUid == $this->userId ) {
|
|
||||||
|
return array ( $fileOwnerUid, $filename );
|
||||||
// Assume the path supplied is correct
|
} else {
|
||||||
$filename = $path;
|
|
||||||
|
// Check that UID is valid
|
||||||
} else {
|
if ( ! \OCP\User::userExists( $fileOwnerUid ) ) {
|
||||||
|
throw new \Exception( 'Could not find owner (UID = "' . var_export( $fileOwnerUid, 1 ) . '") of file "' . $path . '"' );
|
||||||
$info = $view->getFileInfo( $path );
|
}
|
||||||
$ownerView = new \OC\Files\View( '/' . $fileOwnerUid . '/files' );
|
|
||||||
|
// NOTE: Bah, this dependency should be elsewhere
|
||||||
// Fetch real file path from DB
|
\OC\Files\Filesystem::initMountPoints( $fileOwnerUid );
|
||||||
$filename = $ownerView->getPath( $info['fileid'] ); // TODO: Check that this returns a path without including the user data dir
|
|
||||||
|
// If the file owner is the currently logged in user
|
||||||
}
|
if ( $fileOwnerUid == $this->userId ) {
|
||||||
|
|
||||||
// Make path relative for use by $view
|
// Assume the path supplied is correct
|
||||||
$relpath = \OC\Files\Filesystem::normalizePath($fileOwnerUid . '/' . $this->fileFolderName . '/' . $filename);
|
$filename = $path;
|
||||||
|
|
||||||
// Check that the filename we're using is working
|
} else {
|
||||||
if ( $this->view->file_exists( $relpath ) ) {
|
|
||||||
|
$info = $view->getFileInfo( $path );
|
||||||
return array ( $fileOwnerUid, $filename );
|
$ownerView = new \OC\Files\View( '/' . $fileOwnerUid . '/files' );
|
||||||
|
|
||||||
} else {
|
// Fetch real file path from DB
|
||||||
|
$filename = $ownerView->getPath( $info['fileid'] ); // TODO: Check that this returns a path without including the user data dir
|
||||||
return false;
|
|
||||||
|
}
|
||||||
}
|
|
||||||
|
// Make path relative for use by $view
|
||||||
|
$relpath = \OC\Files\Filesystem::normalizePath($fileOwnerUid . '/' . $this->fileFolderName . '/' . $filename);
|
||||||
|
|
||||||
|
// Check that the filename we're using is working
|
||||||
|
if ( $this->view->file_exists( $relpath ) ) {
|
||||||
|
|
||||||
|
return array ( $fileOwnerUid, $filename );
|
||||||
|
|
||||||
|
} else {
|
||||||
|
|
||||||
|
return false;
|
||||||
|
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1233,4 +1265,14 @@ class Util {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function getUserId()
|
||||||
|
{
|
||||||
|
return $this->userId;
|
||||||
|
}
|
||||||
|
|
||||||
|
public function getUserFilesDir()
|
||||||
|
{
|
||||||
|
return $this->userFilesDir;
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue