Merge pull request #12410 from owncloud/no_session_for_public_share_key
don't store private public-share-key in session
This commit is contained in:
Thomas Müller
commit
e6a7022037
|
|
@ -1,5 +1,7 @@
|
|||
<?php
|
||||
|
||||
\OC::$server->getSession()->close();
|
||||
|
||||
// Firefox and Konqueror tries to download application/json for me. --Arthur
|
||||
OCP\JSON::setContentTypeHeader('text/plain');
|
||||
|
||||
|
|
@ -64,13 +66,7 @@ if (empty($_POST['dirToken'])) {
|
|||
}
|
||||
}
|
||||
|
||||
|
||||
OCP\JSON::callCheck();
|
||||
if (!\OCP\App::isEnabled('files_encryption')) {
|
||||
// encryption app need to create keys later, so can't close too early
|
||||
\OC::$server->getSession()->close();
|
||||
}
|
||||
|
||||
|
||||
// get array with current storage stats (e.g. max file size)
|
||||
$storageStats = \OCA\Files\Helper::buildFileStorageStatistics($dir);
|
||||
|
|
|
|||
|
|
@ -91,7 +91,6 @@ class Proxy extends \OC_FileProxy {
|
|||
private function shouldEncrypt($path, $mode = 'w') {
|
||||
|
||||
$userId = Helper::getUser($path);
|
||||
$session = new Session(new \OC\Files\View());
|
||||
|
||||
// don't call the crypt stream wrapper, if...
|
||||
if (
|
||||
|
|
|
|||
|
|
@ -29,6 +29,7 @@ namespace OCA\Encryption;
|
|||
class Session {
|
||||
|
||||
private $view;
|
||||
private static $publicShareKey = false;
|
||||
|
||||
const NOT_INITIALIZED = '0';
|
||||
const INIT_EXECUTED = '1';
|
||||
|
|
@ -92,7 +93,7 @@ class Session {
|
|||
|
||||
}
|
||||
|
||||
if (\OCA\Encryption\Helper::isPublicAccess()) {
|
||||
if (\OCA\Encryption\Helper::isPublicAccess() && !self::getPublicSharePrivateKey()) {
|
||||
// Disable encryption proxy to prevent recursive calls
|
||||
$proxyStatus = \OC_FileProxy::$enabled;
|
||||
\OC_FileProxy::$enabled = false;
|
||||
|
|
@ -100,9 +101,7 @@ class Session {
|
|||
$encryptedKey = $this->view->file_get_contents(
|
||||
'/owncloud_private_key/' . $publicShareKeyId . '.private.key');
|
||||
$privateKey = Crypt::decryptPrivateKey($encryptedKey, '');
|
||||
$this->setPublicSharePrivateKey($privateKey);
|
||||
|
||||
$this->setInitialized(\OCA\Encryption\Session::INIT_SUCCESSFUL);
|
||||
self::setPublicSharePrivateKey($privateKey);
|
||||
|
||||
\OC_FileProxy::$enabled = $proxyStatus;
|
||||
}
|
||||
|
|
@ -127,8 +126,8 @@ class Session {
|
|||
* remove keys from session
|
||||
*/
|
||||
public function removeKeys() {
|
||||
\OC::$session->remove('publicSharePrivateKey');
|
||||
\OC::$session->remove('privateKey');
|
||||
\OC::$server->getSession()->remove('publicSharePrivateKey');
|
||||
\OC::$server->getSession()->remove('privateKey');
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -164,6 +163,8 @@ class Session {
|
|||
public function getInitialized() {
|
||||
if (!is_null(\OC::$server->getSession()->get('encryptionInitialized'))) {
|
||||
return \OC::$server->getSession()->get('encryptionInitialized');
|
||||
} else if (\OCA\Encryption\Helper::isPublicAccess() && self::getPublicSharePrivateKey()) {
|
||||
return self::INIT_SUCCESSFUL;
|
||||
} else {
|
||||
return self::NOT_INITIALIZED;
|
||||
}
|
||||
|
|
@ -177,7 +178,7 @@ class Session {
|
|||
public function getPrivateKey() {
|
||||
// return the public share private key if this is a public access
|
||||
if (\OCA\Encryption\Helper::isPublicAccess()) {
|
||||
return $this->getPublicSharePrivateKey();
|
||||
return self::getPublicSharePrivateKey();
|
||||
} else {
|
||||
if (!is_null(\OC::$server->getSession()->get('privateKey'))) {
|
||||
return \OC::$server->getSession()->get('privateKey');
|
||||
|
|
@ -192,12 +193,9 @@ class Session {
|
|||
* @param string $privateKey
|
||||
* @return bool
|
||||
*/
|
||||
public function setPublicSharePrivateKey($privateKey) {
|
||||
|
||||
\OC::$server->getSession()->set('publicSharePrivateKey', $privateKey);
|
||||
|
||||
private static function setPublicSharePrivateKey($privateKey) {
|
||||
self::$publicShareKey = $privateKey;
|
||||
return true;
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -205,13 +203,8 @@ class Session {
|
|||
* @return string $privateKey
|
||||
*
|
||||
*/
|
||||
public function getPublicSharePrivateKey() {
|
||||
|
||||
if (!is_null(\OC::$server->getSession()->get('publicSharePrivateKey'))) {
|
||||
return \OC::$server->getSession()->get('publicSharePrivateKey');
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
private static function getPublicSharePrivateKey() {
|
||||
return self::$publicShareKey;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -203,7 +203,6 @@ class ShareController extends Controller {
|
|||
/**
|
||||
* @PublicPage
|
||||
* @NoCSRFRequired
|
||||
* @UseSession
|
||||
*
|
||||
* @param string $token
|
||||
* @param string $files
|
||||
|
|
@ -213,12 +212,6 @@ class ShareController extends Controller {
|
|||
public function downloadShare($token, $files = null, $path = '') {
|
||||
\OC_User::setIncognitoMode(true);
|
||||
|
||||
// FIXME: Use DI once there is a suitable class
|
||||
if (!\OCP\App::isEnabled('files_encryption')) {
|
||||
// encryption app requires the session to store the keys in
|
||||
\OC::$server->getSession()->close();
|
||||
}
|
||||
|
||||
$linkItem = OCP\Share::getShareByToken($token, false);
|
||||
|
||||
// Share is password protected - check whether the user is permitted to access the share
|
||||
|
|
@ -244,7 +237,7 @@ class ShareController extends Controller {
|
|||
}
|
||||
|
||||
// FIXME: The exit is required here because otherwise the AppFramework is trying to add headers as well
|
||||
// after dispatching the request which results in a "Cannot modify header information" notice.
|
||||
// after dispatching the request which results in a "Cannot modify header information" notice.
|
||||
OC_Files::get($originalSharePath, $files_list, $_SERVER['REQUEST_METHOD'] == 'HEAD');
|
||||
exit();
|
||||
} else {
|
||||
|
|
|
|||
Loading…
Reference in New Issue