don't allow to create a federated share if source and target server are the same

apps/files_sharing/ajax/external.php

@@ -49,6 +49,14 @@ if(!\OCP\Util::isValidFileName($name)) {
 	exit();
 }
 
+$currentUser = \OC::$server->getUserSession()->getUser()->getUID();
+$currentServer = \OC::$server->getURLGenerator()->getAbsoluteURL('/');
+if (\OC\Share\Helper::isSameUserOnSameServer($owner, $remote, $currentUser, $currentServer )) {
+	\OCP\JSON::error(array('data' => array('message' => $l->t('Not allowed to create a federated share with the same user server'))));
+	exit();
+}
+
+
 $externalManager = new \OCA\Files_Sharing\External\Manager(
 		\OC::$server->getDatabaseConnection(),
 		\OC\Files\Filesystem::getMountManager(),

lib/private/share/helper.php

@@ -289,4 +289,38 @@ class Helper extends \OC\Share\Constants {
 		$hint = $l->t('Invalid Federated Cloud ID');
 		throw new HintException('Invalid Fededrated Cloud ID', $hint);
 	}
+
+	/**
+	 * check if two federated cloud IDs refer to the same user
+	 *
+	 * @param string $user1
+	 * @param string $server1
+	 * @param string $user2
+	 * @param string $server2
+	 * @return bool true if both users and servers are the same
+	 */
+	public static function isSameUserOnSameServer($user1, $server1, $user2, $server2) {
+		$normalizedServer1 = strtolower(\OC\Share\Share::removeProtocolFromUrl($server1));
+		$normalizedServer2 = strtolower(\OC\Share\Share::removeProtocolFromUrl($server2));
+
+		if (rtrim($normalizedServer1, '/') === rtrim($normalizedServer2, '/')) {
+			// FIXME this should be a method in the user management instead
+			\OCP\Util::emitHook(
+					'\OCA\Files_Sharing\API\Server2Server',
+					'preLoginNameUsedAsUserName',
+					array('uid' => &$user1)
+			);
+			\OCP\Util::emitHook(
+					'\OCA\Files_Sharing\API\Server2Server',
+					'preLoginNameUsedAsUserName',
+					array('uid' => &$user2)
+			);
+
+			if ($user1 === $user2) {
+				return true;
+			}
+		}
+
+		return false;
+	}
 }

lib/private/share/share.php

@@ -849,11 +849,20 @@ class Share extends Constants {
 					throw new \Exception($message_t);
 			}
 
+			// don't allow federated shares if source and target server are the same
+			list($user, $remote) = Helper::splitUserRemote($shareWith);
+			$currentServer = self::removeProtocolFromUrl(\OC::$server->getURLGenerator()->getAbsoluteURL('/'));
+			$currentUser = \OC::$server->getUserSession()->getUser()->getUID();
+			if (Helper::isSameUserOnSameServer($user, $remote, $currentUser, $currentServer)) {
+				$message = 'Not allowed to create a federated share with the same user.';
+				$message_t = $l->t('Not allowed to create a federated share with the same user');
+				\OCP\Util::writeLog('OCP\Share', $message, \OCP\Util::DEBUG);
+				throw new \Exception($message_t);
+			}
 
 			$token = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(self::TOKEN_LENGTH, \OCP\Security\ISecureRandom::CHAR_LOWER . \OCP\Security\ISecureRandom::CHAR_UPPER .
 				\OCP\Security\ISecureRandom::CHAR_DIGITS);
 
-			list($user, $remote) = Helper::splitUserRemote($shareWith);
 			$shareWith = $user . '@' . $remote;
 			$shareId = self::put($itemType, $itemSource, $shareType, $shareWith, $uidOwner, $permissions, null, $token, $itemSourceName);
 
@@ -2510,7 +2519,7 @@ class Share extends Constants {
 	 * @param string $url
 	 * @return string
 	 */
-	private static function removeProtocolFromUrl($url) {
+	public static function removeProtocolFromUrl($url) {
 		if (strpos($url, 'https://') === 0) {
 			return substr($url, strlen('https://'));
 		} else if (strpos($url, 'http://') === 0) {

tests/lib/share/helper.php

@@ -19,6 +19,10 @@
 * License along with this library.  If not, see <http://www.gnu.org/licenses/>.
 */
 
+/**
+ * @group DB
+ * Class Test_Share_Helper
+ */
 class Test_Share_Helper extends \Test\TestCase {
 
 	public function expireDateProvider() {
@@ -121,4 +125,37 @@ class Test_Share_Helper extends \Test\TestCase {
 	public function testSplitUserRemoteError($id) {
 		\OC\Share\Helper::splitUserRemote($id);
 	}
+
+	/**
+	 * @dataProvider dataTestCompareServerAddresses
+	 *
+	 * @param string $server1
+	 * @param string $server2
+	 * @param bool $expected
+	 */
+	public function testIsSameUserOnSameServer($user1, $server1, $user2, $server2, $expected) {
+		$this->assertSame($expected,
+			\OC\Share\Helper::isSameUserOnSameServer($user1, $server1, $user2, $server2)
+		);
+	}
+
+	public function dataTestCompareServerAddresses() {
+		return [
+			['user1', 'http://server1', 'user1', 'http://server1', true],
+			['user1', 'https://server1', 'user1', 'http://server1', true],
+			['user1', 'http://serVer1', 'user1', 'http://server1', true],
+			['user1', 'http://server1/',  'user1', 'http://server1', true],
+			['user1', 'server1', 'user1', 'http://server1', true],
+			['user1', 'http://server1', 'user1', 'http://server2', false],
+			['user1', 'https://server1', 'user1', 'http://server2', false],
+			['user1', 'http://serVer1', 'user1', 'http://serer2', false],
+			['user1', 'http://server1/', 'user1', 'http://server2', false],
+			['user1', 'server1', 'user1', 'http://server2', false],
+			['user1', 'http://server1', 'user2', 'http://server1', false],
+			['user1', 'https://server1', 'user2', 'http://server1', false],
+			['user1', 'http://serVer1', 'user2', 'http://server1', false],
+			['user1', 'http://server1/',  'user2', 'http://server1', false],
+			['user1', 'server1', 'user2', 'http://server1', false],
+		];
+	}
 }