allow password protected mail shares

Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
This commit is contained in:
Bjoern Schiessle 2017-03-28 14:39:38 +02:00
parent c6613ee8fc
commit c191173d59
No known key found for this signature in database
GPG Key ID: 2378A753E2BF04F6
8 changed files with 315 additions and 18 deletions

View File

@ -742,12 +742,31 @@ class ShareAPIController extends OCSController {
} else { } else {
// For other shares only permissions is valid. // For other shares only permissions is valid.
if ($permissions === null) { if ($share->getShareType() !== \OCP\Share::SHARE_TYPE_EMAIL && $permissions === null) {
throw new OCSBadRequestException($this->l->t('Wrong or no update parameter given')); throw new OCSBadRequestException($this->l->t('Wrong or no update parameter given'));
} else { } elseif ($permissions !== null) {
$permissions = (int)$permissions; $permissions = (int)$permissions;
$share->setPermissions($permissions); $share->setPermissions($permissions);
} }
if ($share->getShareType() === \OCP\Share::SHARE_TYPE_EMAIL) {
if ($expireDate === '') {
$share->setExpirationDate(null);
} else if ($expireDate !== null) {
try {
$expireDate = $this->parseDate($expireDate);
} catch (\Exception $e) {
throw new OCSBadRequestException($e->getMessage());
}
$share->setExpirationDate($expireDate);
}
if ($password === '') {
$share->setPassword(null);
} else if ($password !== null) {
$share->setPassword($password);
}
}
} }
if ($permissions !== null && $share->getShareOwner() !== $this->currentUser) { if ($permissions !== null && $share->getShareOwner() !== $this->currentUser) {

View File

@ -275,10 +275,10 @@ class ShareByMailProvider implements IShareProvider {
protected function createMailBody($template, $filename, $link, $owner, $initiator) { protected function createMailBody($template, $filename, $link, $owner, $initiator) {
$mailBodyTemplate = new Template('sharebymail', $template, ''); $mailBodyTemplate = new Template('sharebymail', $template, '');
$mailBodyTemplate->assign ('filename', $filename); $mailBodyTemplate->assign ('filename', \OCP\Util::sanitizeHTML($filename));
$mailBodyTemplate->assign ('link', $link); $mailBodyTemplate->assign ('link', $link);
$mailBodyTemplate->assign ('owner', $owner); $mailBodyTemplate->assign ('owner', \OCP\Util::sanitizeHTML($owner));
$mailBodyTemplate->assign ('initiator', $initiator); $mailBodyTemplate->assign ('initiator', \OCP\Util::sanitizeHTML($initiator));
$mailBodyTemplate->assign ('onBehalfOf', $initiator !== $owner); $mailBodyTemplate->assign ('onBehalfOf', $initiator !== $owner);
$mailBody = $mailBodyTemplate->fetchPage(); $mailBody = $mailBodyTemplate->fetchPage();
@ -290,6 +290,55 @@ class ShareByMailProvider implements IShareProvider {
$this->l->t('Failed to create the E-mail')); $this->l->t('Failed to create the E-mail'));
} }
/**
* send password to recipient of a mail share
*
* @param string $filename
* @param string $initiator
* @param string $shareWith
*/
protected function sendPassword($filename, $initiator, $shareWith, $password) {
$initiatorUser = $this->userManager->get($initiator);
$initiatorDisplayName = ($initiatorUser instanceof IUser) ? $initiatorUser->getDisplayName() : $initiator;
$subject = (string)$this->l->t('Password to access »%s« shared to you by %s', [$filename, $initiatorDisplayName]);
$message = $this->mailer->createMessage();
$htmlBody = $this->createMailBodyToSendPassword('mailpassword', $filename, $initiatorDisplayName, $password);
$textBody = $this->createMailBodyToSendPassword('altmailpassword', $filename,$initiatorDisplayName, $password);
$message->setTo([$shareWith]);
$message->setSubject($subject);
$message->setBody($textBody, 'text/plain');
$message->setHtmlBody($htmlBody);
$this->mailer->send($message);
}
/**
* create mail body to send password to recipient
*
* @param string $filename
* @param string $initiator
* @param string $password
* @return string plain text mail
* @throws HintException
*/
protected function createMailBodyToSendPassword($template, $filename, $initiator, $password) {
$mailBodyTemplate = new Template('sharebymail', $template, '');
$mailBodyTemplate->assign ('filename', \OCP\Util::sanitizeHTML($filename));
$mailBodyTemplate->assign ('password', \OCP\Util::sanitizeHTML($password));
$mailBodyTemplate->assign ('initiator', \OCP\Util::sanitizeHTML($initiator));
$mailBody = $mailBodyTemplate->fetchPage();
if (is_string($mailBody)) {
return $mailBody;
}
throw new HintException('Failed to create the E-mail',
$this->l->t('Failed to create the E-mail'));
}
/** /**
* generate share token * generate share token
* *
@ -368,19 +417,30 @@ class ShareByMailProvider implements IShareProvider {
* Update a share * Update a share
* *
* @param IShare $share * @param IShare $share
* @param string|null $plainTextPassword
* @return IShare The share object * @return IShare The share object
*/ */
public function update(IShare $share) { public function update(IShare $share, $plainTextPassword = null) {
$originalShare = $this->getShareById($share->getId());
// a real password was given
$validPassword = $plainTextPassword !== null && $plainTextPassword !== '';
if($validPassword && $originalShare->getPassword() !== $share->getPassword()) {
$this->sendPassword($share->getNode()->getName(), $share->getSharedBy(), $share->getSharedWith(), $plainTextPassword);
}
/* /*
* We allow updating the permissions of mail shares * We allow updating the permissions and password of mail shares
*/ */
$qb = $this->dbConnection->getQueryBuilder(); $qb = $this->dbConnection->getQueryBuilder();
$qb->update('share') $qb->update('share')
->where($qb->expr()->eq('id', $qb->createNamedParameter($share->getId()))) ->where($qb->expr()->eq('id', $qb->createNamedParameter($share->getId())))
->set('permissions', $qb->createNamedParameter($share->getPermissions())) ->set('permissions', $qb->createNamedParameter($share->getPermissions()))
->set('uid_owner', $qb->createNamedParameter($share->getShareOwner())) ->set('uid_owner', $qb->createNamedParameter($share->getShareOwner()))
->set('uid_initiator', $qb->createNamedParameter($share->getSharedBy())) ->set('uid_initiator', $qb->createNamedParameter($share->getSharedBy()))
->execute(); ->set('password', $qb->createNamedParameter($share->getPassword()))
->execute();
return $share; return $share;
} }
@ -625,6 +685,7 @@ class ShareByMailProvider implements IShareProvider {
$shareTime->setTimestamp((int)$data['stime']); $shareTime->setTimestamp((int)$data['stime']);
$share->setShareTime($shareTime); $share->setShareTime($shareTime);
$share->setSharedWith($data['share_with']); $share->setSharedWith($data['share_with']);
$share->setPassword($data['password']);
if ($data['uid_initiator'] !== null) { if ($data['uid_initiator'] !== null) {
$share->setShareOwner($data['uid_owner']); $share->setShareOwner($data['uid_owner']);

View File

@ -0,0 +1,32 @@
<?php
/**
* @copyright Copyright (c) 2016 Bjoern Schiessle <bjoern@schiessle.org>
*
* @license GNU AGPL version 3 or any later version
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
/** @var OC_Theme $theme */
/** @var array $_ */
print_unescaped($l->t("Hey there,\n\n%s shared »%s« with you.\nYou should have already received a separate mail with a link to access it.\n\nIt is protected with the following password: %s\n\n", [$_['initiator'], $_['filename'], $_['password']]));
// TRANSLATORS term at the end of a mail
p($l->t("Cheers!"));
print_unescaped("\n");
?>
--
<?php p($theme->getName() . ' - ' . $theme->getSlogan()); ?>
<?php print_unescaped("\n".$theme->getBaseUrl());

View File

@ -0,0 +1,59 @@
<?php
/**
* @copyright Copyright (c) 2016 Bjoern Schiessle <bjoern@schiessle.org>
*
* @license GNU AGPL version 3 or any later version
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
/** @var OC_Theme $theme */
/** @var array $_ */
?>
<table cellspacing="0" cellpadding="0" border="0" width="100%">
<tr><td>
<table cellspacing="0" cellpadding="0" border="0" width="600px">
<tr>
<td colspan="2" bgcolor="<?php p($theme->getMailHeaderColor());?>">
<img src="<?php p(\OC::$server->getURLGenerator()->getAbsoluteURL(image_path('', 'logo-mail.png'))); ?>" alt="<?php p($theme->getName()); ?>"/>
</td>
</tr>
<tr><td colspan="2">&nbsp;</td></tr>
<tr>
<td width="20px">&nbsp;</td>
<td style="font-weight:normal; font-size:0.8em; line-height:1.2em; font-family:verdana,'arial',sans;">
<?php
print_unescaped($l->t('Hey there,<br><br>%s shared <i>%s</i> with you.<br>You should have already received a separate mail with a link to access it.<br><br>It is protected with the following password: %s<br><br>', [$_['initiator'], $_['filename'], $_['password']]));
// TRANSLATORS term at the end of a mail
p($l->t('Cheers!'));
?>
</td>
</tr>
<tr><td colspan="2">&nbsp;</td></tr>
<tr>
<td width="20px">&nbsp;</td>
<td style="font-weight:normal; font-size:0.8em; line-height:1.2em; font-family:verdana,'arial',sans;">--<br>
<?php p($theme->getName()); ?> -
<?php p($theme->getSlogan()); ?>
<br><a href="<?php p($theme->getBaseUrl()); ?>"><?php p($theme->getBaseUrl());?></a>
</td>
</tr>
<tr>
<td colspan="2">&nbsp;</td>
</tr>
</table>
</td></tr>
</table>

View File

@ -32,6 +32,7 @@ use OCP\ILogger;
use OCP\IURLGenerator; use OCP\IURLGenerator;
use OCP\IUserManager; use OCP\IUserManager;
use OCP\Mail\IMailer; use OCP\Mail\IMailer;
use OCP\Security\IHasher;
use OCP\Security\ISecureRandom; use OCP\Security\ISecureRandom;
use OCP\Share\Exceptions\ShareNotFound; use OCP\Share\Exceptions\ShareNotFound;
use OCP\Share\IManager; use OCP\Share\IManager;

View File

@ -188,3 +188,9 @@ a {
.popovermenu .datepicker { .popovermenu .datepicker {
margin-left: 35px; margin-left: 35px;
} }
.popovermenu .passwordField {
margin-left: 35px;
width: inherit !important;
}

View File

@ -13,6 +13,10 @@
/* globals Handlebars */ /* globals Handlebars */
(function() { (function() {
var PASSWORD_PLACEHOLDER = '**********';
var PASSWORD_PLACEHOLDER_MESSAGE = t('core', 'Choose a password for the mail share');
if (!OC.Share) { if (!OC.Share) {
OC.Share = {}; OC.Share = {};
} }
@ -97,7 +101,20 @@
'</div>' + '</div>' +
'</span>' + '</span>' +
'</li>' + '</li>' +
'<li>' + '{{#if isMailShare}}' +
'<li>' +
'<span class="shareOption menuitem">' +
'<input id="password-{{cid}}-{{shareId}}" type="checkbox" name="password" class="password checkbox" {{#if isPasswordSet}}checked="checked"{{/if}}" />' +
'<label for="password-{{cid}}-{{shareId}}">{{passwordLabel}}</label>' +
'<div class="passwordContainer-{{cid}}-{{shareId}} {{#unless isPasswordSet}}hidden{{/unless}}">' +
' <label for="passwordField-{{cid}}-{{shareId}}" class="hidden-visually" value="{{password}}">{{passwordLabel}}</label>' +
' <input id="passwordField-{{cid}}-{{shareId}}" class="passwordField" type="password" placeholder="{{passwordPlaceholder}}" value="{{passwordValue}}" />' +
' <span class="icon-loading-small hidden"></span>' +
'</div>' +
'</span>' +
'</li>' +
'{{/if}}' +
'<li>' +
'<a href="#" class="unshare"><span class="icon-loading-small hidden"></span><span class="icon icon-delete"></span><span>{{unshareLabel}}</span></a>' + '<a href="#" class="unshare"><span class="icon-loading-small hidden"></span><span class="icon icon-delete"></span><span>{{unshareLabel}}</span></a>' +
'</li>' + '</li>' +
'</ul>' + '</ul>' +
@ -135,7 +152,10 @@
'click .unshare': 'onUnshare', 'click .unshare': 'onUnshare',
'click .icon-more': 'onToggleMenu', 'click .icon-more': 'onToggleMenu',
'click .permissions': 'onPermissionChange', 'click .permissions': 'onPermissionChange',
'click .expireDate' : 'onExpireDateChange' 'click .expireDate' : 'onExpireDateChange',
'click .password' : 'onMailSharePasswordProtectChange',
'keyup input.passwordField': 'onMailSharePasswordKeyUp',
'focusout input.passwordField': 'onMailSharePasswordEntered'
}, },
initialize: function(options) { initialize: function(options) {
@ -182,6 +202,11 @@
shareWithTitle = shareWith; shareWithTitle = shareWith;
} }
var share = this.model.get('shares')[shareIndex];
var password = share.password;
var hasPassword = password !== null && password !== '';
return _.extend(hasPermissionOverride, { return _.extend(hasPermissionOverride, {
cid: this.cid, cid: this.cid,
hasSharePermission: this.model.hasSharePermission(shareIndex), hasSharePermission: this.model.hasSharePermission(shareIndex),
@ -198,7 +223,9 @@
isRemoteShare: shareType === OC.Share.SHARE_TYPE_REMOTE, isRemoteShare: shareType === OC.Share.SHARE_TYPE_REMOTE,
isMailShare: shareType === OC.Share.SHARE_TYPE_EMAIL, isMailShare: shareType === OC.Share.SHARE_TYPE_EMAIL,
isCircleShare: shareType === OC.Share.SHARE_TYPE_CIRCLE, isCircleShare: shareType === OC.Share.SHARE_TYPE_CIRCLE,
isFileSharedByMail: shareType === OC.Share.SHARE_TYPE_EMAIL && !this.model.isFolder() isFileSharedByMail: shareType === OC.Share.SHARE_TYPE_EMAIL && !this.model.isFolder(),
isPasswordSet: hasPassword,
passwordPlaceholder: hasPassword ? PASSWORD_PLACEHOLDER : PASSWORD_PLACEHOLDER_MESSAGE,
}); });
}, },
@ -211,6 +238,7 @@
updatePermissionLabel: t('core', 'can change'), updatePermissionLabel: t('core', 'can change'),
deletePermissionLabel: t('core', 'can delete'), deletePermissionLabel: t('core', 'can delete'),
expireDateLabel: t('core', 'set expiration data'), expireDateLabel: t('core', 'set expiration data'),
passwordLabel: t('core', 'password protect'),
crudsLabel: t('core', 'access control'), crudsLabel: t('core', 'access control'),
triangleSImage: OC.imagePath('core', 'actions/triangle-s'), triangleSImage: OC.imagePath('core', 'actions/triangle-s'),
isResharingAllowed: this.configModel.get('isResharingAllowed'), isResharingAllowed: this.configModel.get('isResharingAllowed'),
@ -435,6 +463,76 @@
} }
}, },
onMailSharePasswordProtectChange: function(event) {
var element = $(event.target);
var li = element.closest('li[data-share-id]');
var shareId = li.data('share-id');
var passwordContainerClass = '.passwordContainer-' + this.cid + '-' + shareId;
var passwordContainer = $(passwordContainerClass);
var inputClass = '#passwordField-' + this.cid + '-' + shareId;
var passwordField = $(inputClass);
var state = element.prop('checked');
passwordContainer.toggleClass('hidden', !state);
if (!state) {
this.model.updateShare(shareId, {password: ''});
passwordField.attr('value', '');
passwordField.attr('placeholder', PASSWORD_PLACEHOLDER_MESSAGE);
} else {
var passwordField = '#passwordField-' + this.cid + '-' + shareId;
this.$(passwordField).focus();
}
},
onMailSharePasswordKeyUp: function(event) {
if(event.keyCode === 13) {
this.onMailSharePasswordEntered(event);
}
},
onMailSharePasswordEntered: function(event) {
var passwordField = $(event.target);
var li = passwordField.closest('li[data-share-id]');
var shareId = li.data('share-id');
var passwordContainerClass = '.passwordContainer-' + this.cid + '-' + shareId;
var loading = this.$el.find(passwordContainerClass + ' .icon-loading-small');
if (!loading.hasClass('hidden')) {
// still in process
return;
}
passwordField.removeClass('error');
var password = passwordField.val();
// in IE9 the password might be the placeholder due to bugs in the placeholders polyfill
if(password === '' || password === PASSWORD_PLACEHOLDER || password === PASSWORD_PLACEHOLDER_MESSAGE) {
return;
}
loading
.removeClass('hidden')
.addClass('inlineblock');
this.model.updateShare(shareId, {
password: password
}, {
error: function(model, msg) {
// destroy old tooltips
passwordField.tooltip('destroy');
loading.removeClass('inlineblock').addClass('hidden');
passwordField.addClass('error');
passwordField.attr('title', msg);
passwordField.tooltip({placement: 'bottom', trigger: 'manual'});
passwordField.tooltip('show');
},
success: function(model, msg) {
passwordField.blur();
passwordField.attr('value', '');
passwordField.attr('placeholder', PASSWORD_PLACEHOLDER);
loading.removeClass('inlineblock').addClass('hidden');
}
});
},
onPermissionChange: function(event) { onPermissionChange: function(event) {
event.preventDefault(); event.preventDefault();
event.stopPropagation(); event.stopPropagation();

View File

@ -730,11 +730,30 @@ class Manager implements IManager {
} }
} }
$plainTextPassword = null;
if ($share->getShareType() === \OCP\Share::SHARE_TYPE_LINK || $share->getShareType() === \OCP\Share::SHARE_TYPE_EMAIL) {
// Password updated.
if ($share->getPassword() !== $originalShare->getPassword()) {
//Verify the password
$this->verifyPassword($share->getPassword());
// If a password is set. Hash it!
if ($share->getPassword() !== null) {
$plainTextPassword = $share->getPassword();
$share->setPassword($this->hasher->hash($plainTextPassword));
}
}
}
$this->pathCreateChecks($share->getNode()); $this->pathCreateChecks($share->getNode());
// Now update the share! // Now update the share!
$provider = $this->factory->getProviderForType($share->getShareType()); $provider = $this->factory->getProviderForType($share->getShareType());
$share = $provider->update($share); if ($share->getShareType() === \OCP\Share::SHARE_TYPE_EMAIL) {
$share = $provider->update($share, $plainTextPassword);
} else {
$share = $provider->update($share);
}
if ($expirationDateUpdated === true) { if ($expirationDateUpdated === true) {
\OC_Hook::emit('OCP\Share', 'post_set_expiration_date', [ \OC_Hook::emit('OCP\Share', 'post_set_expiration_date', [
@ -1091,7 +1110,9 @@ class Manager implements IManager {
* @return bool * @return bool
*/ */
public function checkPassword(\OCP\Share\IShare $share, $password) { public function checkPassword(\OCP\Share\IShare $share, $password) {
if ($share->getShareType() !== \OCP\Share::SHARE_TYPE_LINK) { $passwordProtected = $share->getShareType() !== \OCP\Share::SHARE_TYPE_LINK
|| $share->getShareType() !== \OCP\Share::SHARE_TYPE_EMAIL;
if (!$passwordProtected) {
//TODO maybe exception? //TODO maybe exception?
return false; return false;
} }