don't allow to create a federated share if source and target server are the same
This commit is contained in:
parent
db41c4f4b5
commit
efc030aa25
|
@ -49,6 +49,14 @@ if(!\OCP\Util::isValidFileName($name)) {
|
|||
exit();
|
||||
}
|
||||
|
||||
$currentUser = \OC::$server->getUserSession()->getUser()->getUID();
|
||||
$currentServer = \OC::$server->getURLGenerator()->getAbsoluteURL('/');
|
||||
if (\OC\Share\Helper::isSameUserOnSameServer($owner, $remote, $currentUser, $currentServer )) {
|
||||
\OCP\JSON::error(array('data' => array('message' => $l->t('Not allowed to create a federated share with the same user server'))));
|
||||
exit();
|
||||
}
|
||||
|
||||
|
||||
$externalManager = new \OCA\Files_Sharing\External\Manager(
|
||||
\OC::$server->getDatabaseConnection(),
|
||||
\OC\Files\Filesystem::getMountManager(),
|
||||
|
|
|
@ -289,4 +289,38 @@ class Helper extends \OC\Share\Constants {
|
|||
$hint = $l->t('Invalid Federated Cloud ID');
|
||||
throw new HintException('Invalid Fededrated Cloud ID', $hint);
|
||||
}
|
||||
|
||||
/**
|
||||
* check if two federated cloud IDs refer to the same user
|
||||
*
|
||||
* @param string $user1
|
||||
* @param string $server1
|
||||
* @param string $user2
|
||||
* @param string $server2
|
||||
* @return bool true if both users and servers are the same
|
||||
*/
|
||||
public static function isSameUserOnSameServer($user1, $server1, $user2, $server2) {
|
||||
$normalizedServer1 = strtolower(\OC\Share\Share::removeProtocolFromUrl($server1));
|
||||
$normalizedServer2 = strtolower(\OC\Share\Share::removeProtocolFromUrl($server2));
|
||||
|
||||
if (rtrim($normalizedServer1, '/') === rtrim($normalizedServer2, '/')) {
|
||||
// FIXME this should be a method in the user management instead
|
||||
\OCP\Util::emitHook(
|
||||
'\OCA\Files_Sharing\API\Server2Server',
|
||||
'preLoginNameUsedAsUserName',
|
||||
array('uid' => &$user1)
|
||||
);
|
||||
\OCP\Util::emitHook(
|
||||
'\OCA\Files_Sharing\API\Server2Server',
|
||||
'preLoginNameUsedAsUserName',
|
||||
array('uid' => &$user2)
|
||||
);
|
||||
|
||||
if ($user1 === $user2) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -849,11 +849,20 @@ class Share extends Constants {
|
|||
throw new \Exception($message_t);
|
||||
}
|
||||
|
||||
// don't allow federated shares if source and target server are the same
|
||||
list($user, $remote) = Helper::splitUserRemote($shareWith);
|
||||
$currentServer = self::removeProtocolFromUrl(\OC::$server->getURLGenerator()->getAbsoluteURL('/'));
|
||||
$currentUser = \OC::$server->getUserSession()->getUser()->getUID();
|
||||
if (Helper::isSameUserOnSameServer($user, $remote, $currentUser, $currentServer)) {
|
||||
$message = 'Not allowed to create a federated share with the same user.';
|
||||
$message_t = $l->t('Not allowed to create a federated share with the same user');
|
||||
\OCP\Util::writeLog('OCP\Share', $message, \OCP\Util::DEBUG);
|
||||
throw new \Exception($message_t);
|
||||
}
|
||||
|
||||
$token = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(self::TOKEN_LENGTH, \OCP\Security\ISecureRandom::CHAR_LOWER . \OCP\Security\ISecureRandom::CHAR_UPPER .
|
||||
\OCP\Security\ISecureRandom::CHAR_DIGITS);
|
||||
|
||||
list($user, $remote) = Helper::splitUserRemote($shareWith);
|
||||
$shareWith = $user . '@' . $remote;
|
||||
$shareId = self::put($itemType, $itemSource, $shareType, $shareWith, $uidOwner, $permissions, null, $token, $itemSourceName);
|
||||
|
||||
|
@ -2510,7 +2519,7 @@ class Share extends Constants {
|
|||
* @param string $url
|
||||
* @return string
|
||||
*/
|
||||
private static function removeProtocolFromUrl($url) {
|
||||
public static function removeProtocolFromUrl($url) {
|
||||
if (strpos($url, 'https://') === 0) {
|
||||
return substr($url, strlen('https://'));
|
||||
} else if (strpos($url, 'http://') === 0) {
|
||||
|
|
|
@ -19,6 +19,10 @@
|
|||
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
/**
|
||||
* @group DB
|
||||
* Class Test_Share_Helper
|
||||
*/
|
||||
class Test_Share_Helper extends \Test\TestCase {
|
||||
|
||||
public function expireDateProvider() {
|
||||
|
@ -121,4 +125,37 @@ class Test_Share_Helper extends \Test\TestCase {
|
|||
public function testSplitUserRemoteError($id) {
|
||||
\OC\Share\Helper::splitUserRemote($id);
|
||||
}
|
||||
|
||||
/**
|
||||
* @dataProvider dataTestCompareServerAddresses
|
||||
*
|
||||
* @param string $server1
|
||||
* @param string $server2
|
||||
* @param bool $expected
|
||||
*/
|
||||
public function testIsSameUserOnSameServer($user1, $server1, $user2, $server2, $expected) {
|
||||
$this->assertSame($expected,
|
||||
\OC\Share\Helper::isSameUserOnSameServer($user1, $server1, $user2, $server2)
|
||||
);
|
||||
}
|
||||
|
||||
public function dataTestCompareServerAddresses() {
|
||||
return [
|
||||
['user1', 'http://server1', 'user1', 'http://server1', true],
|
||||
['user1', 'https://server1', 'user1', 'http://server1', true],
|
||||
['user1', 'http://serVer1', 'user1', 'http://server1', true],
|
||||
['user1', 'http://server1/', 'user1', 'http://server1', true],
|
||||
['user1', 'server1', 'user1', 'http://server1', true],
|
||||
['user1', 'http://server1', 'user1', 'http://server2', false],
|
||||
['user1', 'https://server1', 'user1', 'http://server2', false],
|
||||
['user1', 'http://serVer1', 'user1', 'http://serer2', false],
|
||||
['user1', 'http://server1/', 'user1', 'http://server2', false],
|
||||
['user1', 'server1', 'user1', 'http://server2', false],
|
||||
['user1', 'http://server1', 'user2', 'http://server1', false],
|
||||
['user1', 'https://server1', 'user2', 'http://server1', false],
|
||||
['user1', 'http://serVer1', 'user2', 'http://server1', false],
|
||||
['user1', 'http://server1/', 'user2', 'http://server1', false],
|
||||
['user1', 'server1', 'user2', 'http://server1', false],
|
||||
];
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue