From 12504d4ab74bf83bb6e3617e892be184a0d2d03e Mon Sep 17 00:00:00 2001 From: Roeland Jago Douma Date: Mon, 19 Apr 2021 09:08:32 +0200 Subject: [PATCH] Do not allow adding file drop shares to your own cloud There is no reason for this and you can't create such shares normally anyway. Signed-off-by: Roeland Jago Douma --- .../Controller/MountPublicLinkController.php | 10 ++++++++ .../MountPublicLinkControllerTest.php | 23 +++++++++++-------- 2 files changed, 23 insertions(+), 10 deletions(-) diff --git a/apps/federatedfilesharing/lib/Controller/MountPublicLinkController.php b/apps/federatedfilesharing/lib/Controller/MountPublicLinkController.php index c4190e0691..9e79215fe8 100644 --- a/apps/federatedfilesharing/lib/Controller/MountPublicLinkController.php +++ b/apps/federatedfilesharing/lib/Controller/MountPublicLinkController.php @@ -37,6 +37,7 @@ use OCA\FederatedFileSharing\FederatedShareProvider; use OCP\AppFramework\Controller; use OCP\AppFramework\Http; use OCP\AppFramework\Http\JSONResponse; +use OCP\Constants; use OCP\Federation\ICloudIdManager; use OCP\Http\Client\IClientService; use OCP\IL10N; @@ -157,6 +158,15 @@ class MountPublicLinkController extends Controller { return $response; } + if (($share->getPermissions() & Constants::PERMISSION_READ) === 0) { + $response = new JSONResponse( + ['message' => 'Mounting file drop not supported'], + Http::STATUS_BAD_REQUEST + ); + $response->throttle(); + return $response; + } + $share->setSharedWith($shareWith); $share->setShareType(IShare::TYPE_REMOTE); diff --git a/apps/federatedfilesharing/tests/Controller/MountPublicLinkControllerTest.php b/apps/federatedfilesharing/tests/Controller/MountPublicLinkControllerTest.php index 412b5b82d6..b38fb17bf0 100644 --- a/apps/federatedfilesharing/tests/Controller/MountPublicLinkControllerTest.php +++ b/apps/federatedfilesharing/tests/Controller/MountPublicLinkControllerTest.php @@ -138,7 +138,8 @@ class MountPublicLinkControllerTest extends \Test\TestCase { $token, $validToken, $createSuccessful, - $expectedReturnData + $expectedReturnData, + $permissions ) { $this->federatedShareProvider->expects($this->any()) ->method('isOutgoingServer2serverShareEnabled') @@ -156,6 +157,7 @@ class MountPublicLinkControllerTest extends \Test\TestCase { ); $share = $this->share; + $share->setPermissions($permissions); $this->shareManager->expects($this->any())->method('getShareByToken') ->with($token) @@ -198,15 +200,16 @@ class MountPublicLinkControllerTest extends \Test\TestCase { public function dataTestCreateFederatedShare() { return [ //shareWith, outgoingSharesAllowed, validShareWith, token, validToken, createSuccessful, expectedReturnData - ['user@server', true, true, 'token', true, true, 'server'], - ['user@server', true, false, 'token', true, true, 'invalid federated cloud id'], - ['user@server', true, false, 'token', false, true, 'invalid federated cloud id'], - ['user@server', true, false, 'token', false, false, 'invalid federated cloud id'], - ['user@server', true, false, 'token', true, false, 'invalid federated cloud id'], - ['user@server', true, true, 'token', false, true, 'invalid token'], - ['user@server', true, true, 'token', false, false, 'invalid token'], - ['user@server', true, true, 'token', true, false, 'can not create share'], - ['user@server', false, true, 'token', true, true, 'This server doesn\'t support outgoing federated shares'], + ['user@server', true, true, 'token', true, true, 'server', 31], + ['user@server', true, true, 'token', false, false, 'server', 4], + ['user@server', true, false, 'token', true, true, 'invalid federated cloud id', 31], + ['user@server', true, false, 'token', false, true, 'invalid federated cloud id', 31], + ['user@server', true, false, 'token', false, false, 'invalid federated cloud id', 31], + ['user@server', true, false, 'token', true, false, 'invalid federated cloud id', 31], + ['user@server', true, true, 'token', false, true, 'invalid token', 31], + ['user@server', true, true, 'token', false, false, 'invalid token', 31], + ['user@server', true, true, 'token', true, false, 'can not create share', 31], + ['user@server', false, true, 'token', true, true, 'This server doesn\'t support outgoing federated shares', 31], ]; } }