don't allow to create a federated share if source and target server are the same

This commit is contained in:
Björn Schießle 2015-12-09 12:00:00 +01:00
parent db41c4f4b5
commit efc030aa25
4 changed files with 90 additions and 2 deletions

View File

@ -49,6 +49,14 @@ if(!\OCP\Util::isValidFileName($name)) {
exit(); exit();
} }
$currentUser = \OC::$server->getUserSession()->getUser()->getUID();
$currentServer = \OC::$server->getURLGenerator()->getAbsoluteURL('/');
if (\OC\Share\Helper::isSameUserOnSameServer($owner, $remote, $currentUser, $currentServer )) {
\OCP\JSON::error(array('data' => array('message' => $l->t('Not allowed to create a federated share with the same user server'))));
exit();
}
$externalManager = new \OCA\Files_Sharing\External\Manager( $externalManager = new \OCA\Files_Sharing\External\Manager(
\OC::$server->getDatabaseConnection(), \OC::$server->getDatabaseConnection(),
\OC\Files\Filesystem::getMountManager(), \OC\Files\Filesystem::getMountManager(),

View File

@ -289,4 +289,38 @@ class Helper extends \OC\Share\Constants {
$hint = $l->t('Invalid Federated Cloud ID'); $hint = $l->t('Invalid Federated Cloud ID');
throw new HintException('Invalid Fededrated Cloud ID', $hint); throw new HintException('Invalid Fededrated Cloud ID', $hint);
} }
/**
* check if two federated cloud IDs refer to the same user
*
* @param string $user1
* @param string $server1
* @param string $user2
* @param string $server2
* @return bool true if both users and servers are the same
*/
public static function isSameUserOnSameServer($user1, $server1, $user2, $server2) {
$normalizedServer1 = strtolower(\OC\Share\Share::removeProtocolFromUrl($server1));
$normalizedServer2 = strtolower(\OC\Share\Share::removeProtocolFromUrl($server2));
if (rtrim($normalizedServer1, '/') === rtrim($normalizedServer2, '/')) {
// FIXME this should be a method in the user management instead
\OCP\Util::emitHook(
'\OCA\Files_Sharing\API\Server2Server',
'preLoginNameUsedAsUserName',
array('uid' => &$user1)
);
\OCP\Util::emitHook(
'\OCA\Files_Sharing\API\Server2Server',
'preLoginNameUsedAsUserName',
array('uid' => &$user2)
);
if ($user1 === $user2) {
return true;
}
}
return false;
}
} }

View File

@ -849,11 +849,20 @@ class Share extends Constants {
throw new \Exception($message_t); throw new \Exception($message_t);
} }
// don't allow federated shares if source and target server are the same
list($user, $remote) = Helper::splitUserRemote($shareWith);
$currentServer = self::removeProtocolFromUrl(\OC::$server->getURLGenerator()->getAbsoluteURL('/'));
$currentUser = \OC::$server->getUserSession()->getUser()->getUID();
if (Helper::isSameUserOnSameServer($user, $remote, $currentUser, $currentServer)) {
$message = 'Not allowed to create a federated share with the same user.';
$message_t = $l->t('Not allowed to create a federated share with the same user');
\OCP\Util::writeLog('OCP\Share', $message, \OCP\Util::DEBUG);
throw new \Exception($message_t);
}
$token = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(self::TOKEN_LENGTH, \OCP\Security\ISecureRandom::CHAR_LOWER . \OCP\Security\ISecureRandom::CHAR_UPPER . $token = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(self::TOKEN_LENGTH, \OCP\Security\ISecureRandom::CHAR_LOWER . \OCP\Security\ISecureRandom::CHAR_UPPER .
\OCP\Security\ISecureRandom::CHAR_DIGITS); \OCP\Security\ISecureRandom::CHAR_DIGITS);
list($user, $remote) = Helper::splitUserRemote($shareWith);
$shareWith = $user . '@' . $remote; $shareWith = $user . '@' . $remote;
$shareId = self::put($itemType, $itemSource, $shareType, $shareWith, $uidOwner, $permissions, null, $token, $itemSourceName); $shareId = self::put($itemType, $itemSource, $shareType, $shareWith, $uidOwner, $permissions, null, $token, $itemSourceName);
@ -2510,7 +2519,7 @@ class Share extends Constants {
* @param string $url * @param string $url
* @return string * @return string
*/ */
private static function removeProtocolFromUrl($url) { public static function removeProtocolFromUrl($url) {
if (strpos($url, 'https://') === 0) { if (strpos($url, 'https://') === 0) {
return substr($url, strlen('https://')); return substr($url, strlen('https://'));
} else if (strpos($url, 'http://') === 0) { } else if (strpos($url, 'http://') === 0) {

View File

@ -19,6 +19,10 @@
* License along with this library. If not, see <http://www.gnu.org/licenses/>. * License along with this library. If not, see <http://www.gnu.org/licenses/>.
*/ */
/**
* @group DB
* Class Test_Share_Helper
*/
class Test_Share_Helper extends \Test\TestCase { class Test_Share_Helper extends \Test\TestCase {
public function expireDateProvider() { public function expireDateProvider() {
@ -121,4 +125,37 @@ class Test_Share_Helper extends \Test\TestCase {
public function testSplitUserRemoteError($id) { public function testSplitUserRemoteError($id) {
\OC\Share\Helper::splitUserRemote($id); \OC\Share\Helper::splitUserRemote($id);
} }
/**
* @dataProvider dataTestCompareServerAddresses
*
* @param string $server1
* @param string $server2
* @param bool $expected
*/
public function testIsSameUserOnSameServer($user1, $server1, $user2, $server2, $expected) {
$this->assertSame($expected,
\OC\Share\Helper::isSameUserOnSameServer($user1, $server1, $user2, $server2)
);
}
public function dataTestCompareServerAddresses() {
return [
['user1', 'http://server1', 'user1', 'http://server1', true],
['user1', 'https://server1', 'user1', 'http://server1', true],
['user1', 'http://serVer1', 'user1', 'http://server1', true],
['user1', 'http://server1/', 'user1', 'http://server1', true],
['user1', 'server1', 'user1', 'http://server1', true],
['user1', 'http://server1', 'user1', 'http://server2', false],
['user1', 'https://server1', 'user1', 'http://server2', false],
['user1', 'http://serVer1', 'user1', 'http://serer2', false],
['user1', 'http://server1/', 'user1', 'http://server2', false],
['user1', 'server1', 'user1', 'http://server2', false],
['user1', 'http://server1', 'user2', 'http://server1', false],
['user1', 'https://server1', 'user2', 'http://server1', false],
['user1', 'http://serVer1', 'user2', 'http://server1', false],
['user1', 'http://server1/', 'user2', 'http://server1', false],
['user1', 'server1', 'user2', 'http://server1', false],
];
}
} }