Merge pull request #19982 from owncloud/fix-link-sharing-regression-master
Ensure the password is only hashed in case it's changed on the client…
This commit is contained in:
commit
d4d954b2d9
|
@ -48,9 +48,28 @@ if (isset($_POST['action']) && isset($_POST['itemType']) && isset($_POST['itemSo
|
||||||
$shareType = (int)$_POST['shareType'];
|
$shareType = (int)$_POST['shareType'];
|
||||||
$shareWith = $_POST['shareWith'];
|
$shareWith = $_POST['shareWith'];
|
||||||
$itemSourceName = isset($_POST['itemSourceName']) ? (string)$_POST['itemSourceName'] : null;
|
$itemSourceName = isset($_POST['itemSourceName']) ? (string)$_POST['itemSourceName'] : null;
|
||||||
if ($shareType === OCP\Share::SHARE_TYPE_LINK && $shareWith == '') {
|
|
||||||
$shareWith = null;
|
/*
|
||||||
|
* Nasty nasty fix for https://github.com/owncloud/core/issues/19950
|
||||||
|
*/
|
||||||
|
$passwordChanged = null;
|
||||||
|
if (is_array($shareWith)) {
|
||||||
|
$passwordChanged = ($shareWith['passwordChanged'] === 'true');
|
||||||
|
if ($shareType === OCP\Share::SHARE_TYPE_LINK && $shareWith['password'] === '') {
|
||||||
|
$shareWith = null;
|
||||||
|
} else {
|
||||||
|
$shareWith = $shareWith['password'];
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
/*
|
||||||
|
* We need this branch since the calendar and contacts also use this
|
||||||
|
* endpoint
|
||||||
|
*/
|
||||||
|
if ($shareType === OCP\Share::SHARE_TYPE_LINK && $shareWith === '') {
|
||||||
|
$shareWith = null;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$itemSourceName=(isset($_POST['itemSourceName'])) ? (string)$_POST['itemSourceName']:'';
|
$itemSourceName=(isset($_POST['itemSourceName'])) ? (string)$_POST['itemSourceName']:'';
|
||||||
|
|
||||||
$token = OCP\Share::shareItem(
|
$token = OCP\Share::shareItem(
|
||||||
|
@ -60,7 +79,8 @@ if (isset($_POST['action']) && isset($_POST['itemType']) && isset($_POST['itemSo
|
||||||
$shareWith,
|
$shareWith,
|
||||||
$_POST['permissions'],
|
$_POST['permissions'],
|
||||||
$itemSourceName,
|
$itemSourceName,
|
||||||
(!empty($_POST['expirationDate']) ? new \DateTime((string)$_POST['expirationDate']) : null)
|
(!empty($_POST['expirationDate']) ? new \DateTime((string)$_POST['expirationDate']) : null),
|
||||||
|
$passwordChanged
|
||||||
);
|
);
|
||||||
|
|
||||||
if (is_string($token)) {
|
if (is_string($token)) {
|
||||||
|
|
|
@ -116,7 +116,8 @@
|
||||||
|
|
||||||
// TODO: use backbone's default value mechanism once this is a separate model
|
// TODO: use backbone's default value mechanism once this is a separate model
|
||||||
var requiredAttributes = [
|
var requiredAttributes = [
|
||||||
{ name: 'password', defaultValue: '' },
|
{ name: 'password', defaultValue: '' },
|
||||||
|
{ name: 'passwordChanged', defaultValue: false },
|
||||||
{ name: 'permissions', defaultValue: OC.PERMISSION_READ },
|
{ name: 'permissions', defaultValue: OC.PERMISSION_READ },
|
||||||
{ name: 'expiration', defaultValue: this.configModel.getDefaultExpirationDateString() }
|
{ name: 'expiration', defaultValue: this.configModel.getDefaultExpirationDateString() }
|
||||||
];
|
];
|
||||||
|
@ -136,11 +137,16 @@
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
|
var password = {
|
||||||
|
password: attributes.password,
|
||||||
|
passwordChanged: attributes.passwordChanged
|
||||||
|
};
|
||||||
|
|
||||||
OC.Share.share(
|
OC.Share.share(
|
||||||
itemType,
|
itemType,
|
||||||
itemSource,
|
itemSource,
|
||||||
OC.Share.SHARE_TYPE_LINK,
|
OC.Share.SHARE_TYPE_LINK,
|
||||||
attributes.password,
|
password,
|
||||||
attributes.permissions,
|
attributes.permissions,
|
||||||
this.fileInfoModel.get('name'),
|
this.fileInfoModel.get('name'),
|
||||||
attributes.expiration,
|
attributes.expiration,
|
||||||
|
@ -208,6 +214,7 @@
|
||||||
*/
|
*/
|
||||||
setPassword: function(password) {
|
setPassword: function(password) {
|
||||||
this.get('linkShare').password = password;
|
this.get('linkShare').password = password;
|
||||||
|
this.get('linkShare').passwordChanged = true;
|
||||||
},
|
},
|
||||||
|
|
||||||
addShare: function(attributes, options) {
|
addShare: function(attributes, options) {
|
||||||
|
|
|
@ -146,7 +146,8 @@ describe('OC.Share.ShareDialogView', function() {
|
||||||
|
|
||||||
expect(fakeServer.requests[1].method).toEqual('POST');
|
expect(fakeServer.requests[1].method).toEqual('POST');
|
||||||
var body = OC.parseQueryString(fakeServer.requests[1].requestBody);
|
var body = OC.parseQueryString(fakeServer.requests[1].requestBody);
|
||||||
expect(body.shareWith).toEqual('foo');
|
expect(body['shareWith[password]']).toEqual('foo');
|
||||||
|
expect(body['shareWith[passwordChanged]']).toEqual('true');
|
||||||
|
|
||||||
fetchStub.reset();
|
fetchStub.reset();
|
||||||
|
|
||||||
|
@ -185,7 +186,8 @@ describe('OC.Share.ShareDialogView', function() {
|
||||||
|
|
||||||
expect(fakeServer.requests[1].method).toEqual('POST');
|
expect(fakeServer.requests[1].method).toEqual('POST');
|
||||||
var body = OC.parseQueryString(fakeServer.requests[1].requestBody);
|
var body = OC.parseQueryString(fakeServer.requests[1].requestBody);
|
||||||
expect(body.shareWith).toEqual('foo');
|
expect(body['shareWith[password]']).toEqual('foo');
|
||||||
|
expect(body['shareWith[passwordChanged]']).toEqual('true');
|
||||||
|
|
||||||
fetchStub.reset();
|
fetchStub.reset();
|
||||||
|
|
||||||
|
|
|
@ -597,11 +597,12 @@ class Share extends Constants {
|
||||||
* @param int $permissions CRUDS
|
* @param int $permissions CRUDS
|
||||||
* @param string $itemSourceName
|
* @param string $itemSourceName
|
||||||
* @param \DateTime $expirationDate
|
* @param \DateTime $expirationDate
|
||||||
|
* @param bool $passwordChanged
|
||||||
* @return boolean|string Returns true on success or false on failure, Returns token on success for links
|
* @return boolean|string Returns true on success or false on failure, Returns token on success for links
|
||||||
* @throws \OC\HintException when the share type is remote and the shareWith is invalid
|
* @throws \OC\HintException when the share type is remote and the shareWith is invalid
|
||||||
* @throws \Exception
|
* @throws \Exception
|
||||||
*/
|
*/
|
||||||
public static function shareItem($itemType, $itemSource, $shareType, $shareWith, $permissions, $itemSourceName = null, \DateTime $expirationDate = null) {
|
public static function shareItem($itemType, $itemSource, $shareType, $shareWith, $permissions, $itemSourceName = null, \DateTime $expirationDate = null, $passwordChanged = null) {
|
||||||
|
|
||||||
$backend = self::getBackend($itemType);
|
$backend = self::getBackend($itemType);
|
||||||
$l = \OC::$server->getL10N('lib');
|
$l = \OC::$server->getL10N('lib');
|
||||||
|
@ -775,14 +776,25 @@ class Share extends Constants {
|
||||||
$updateExistingShare = true;
|
$updateExistingShare = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Generate hash of password - same method as user passwords
|
if ($passwordChanged === null) {
|
||||||
if (is_string($shareWith) && $shareWith !== '') {
|
// Generate hash of password - same method as user passwords
|
||||||
self::verifyPassword($shareWith);
|
if (is_string($shareWith) && $shareWith !== '') {
|
||||||
$shareWith = \OC::$server->getHasher()->hash($shareWith);
|
self::verifyPassword($shareWith);
|
||||||
|
$shareWith = \OC::$server->getHasher()->hash($shareWith);
|
||||||
|
} else {
|
||||||
|
// reuse the already set password, but only if we change permissions
|
||||||
|
// otherwise the user disabled the password protection
|
||||||
|
if ($checkExists && (int)$permissions !== (int)$oldPermissions) {
|
||||||
|
$shareWith = $checkExists['share_with'];
|
||||||
|
}
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
// reuse the already set password, but only if we change permissions
|
if ($passwordChanged === true) {
|
||||||
// otherwise the user disabled the password protection
|
if (is_string($shareWith) && $shareWith !== '') {
|
||||||
if ($checkExists && (int)$permissions !== (int)$oldPermissions) {
|
self::verifyPassword($shareWith);
|
||||||
|
$shareWith = \OC::$server->getHasher()->hash($shareWith);
|
||||||
|
}
|
||||||
|
} else if ($updateExistingShare) {
|
||||||
$shareWith = $checkExists['share_with'];
|
$shareWith = $checkExists['share_with'];
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -255,13 +255,14 @@ class Share extends \OC\Share\Constants {
|
||||||
* @param int $permissions CRUDS
|
* @param int $permissions CRUDS
|
||||||
* @param string $itemSourceName
|
* @param string $itemSourceName
|
||||||
* @param \DateTime $expirationDate
|
* @param \DateTime $expirationDate
|
||||||
|
* @param bool $passwordChanged
|
||||||
* @return bool|string Returns true on success or false on failure, Returns token on success for links
|
* @return bool|string Returns true on success or false on failure, Returns token on success for links
|
||||||
* @throws \OC\HintException when the share type is remote and the shareWith is invalid
|
* @throws \OC\HintException when the share type is remote and the shareWith is invalid
|
||||||
* @throws \Exception
|
* @throws \Exception
|
||||||
* @since 5.0.0 - parameter $itemSourceName was added in 6.0.0, parameter $expirationDate was added in 7.0.0
|
* @since 5.0.0 - parameter $itemSourceName was added in 6.0.0, parameter $expirationDate was added in 7.0.0, paramter $passwordChanged added in 9.0.0
|
||||||
*/
|
*/
|
||||||
public static function shareItem($itemType, $itemSource, $shareType, $shareWith, $permissions, $itemSourceName = null, \DateTime $expirationDate = null) {
|
public static function shareItem($itemType, $itemSource, $shareType, $shareWith, $permissions, $itemSourceName = null, \DateTime $expirationDate = null, $passwordChanged = null) {
|
||||||
return \OC\Share\Share::shareItem($itemType, $itemSource, $shareType, $shareWith, $permissions, $itemSourceName, $expirationDate);
|
return \OC\Share\Share::shareItem($itemType, $itemSource, $shareType, $shareWith, $permissions, $itemSourceName, $expirationDate, $passwordChanged);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
Loading…
Reference in New Issue