don't allow to create a federated share if source and target server are the same

diff --git a/apps/files_sharing/ajax/external.php b/apps/files_sharing/ajax/external.php
index 0f8a3d56cf0109aa8d09f9e199c0f3426206865d..65861ac6a041214f33b599d7db1f042e02cbd1f4 100644 (file)
--- a/apps/files_sharing/ajax/external.php
+++ b/apps/files_sharing/ajax/external.php
@@ -49,6 +49,14 @@ if(!\OCP\Util::isValidFileName($name)) {
        exit();
 }
 
+$currentUser = \OC::$server->getUserSession()->getUser()->getUID();
+$currentServer = \OC::$server->getURLGenerator()->getAbsoluteURL('/');
+if (\OC\Share\Helper::isSameUserOnSameServer($owner, $remote, $currentUser, $currentServer )) {
+       \OCP\JSON::error(array('data' => array('message' => $l->t('Not allowed to create a federated share with the same user server'))));
+       exit();
+}
+
+
 $externalManager = new \OCA\Files_Sharing\External\Manager(
                \OC::$server->getDatabaseConnection(),
                \OC\Files\Filesystem::getMountManager(),

diff --git a/lib/private/share/helper.php b/lib/private/share/helper.php
index 26bbca813171b0928abd50c963c4145b5d3a641e..0441647df839106d9f89d2d98251fd7ed6d9e647 100644 (file)
--- a/lib/private/share/helper.php
+++ b/lib/private/share/helper.php
@@ -289,4 +289,38 @@ class Helper extends \OC\Share\Constants {
                $hint = $l->t('Invalid Federated Cloud ID');
                throw new HintException('Invalid Fededrated Cloud ID', $hint);
        }
+
+       /**
+        * check if two federated cloud IDs refer to the same user
+        *
+        * @param string $user1
+        * @param string $server1
+        * @param string $user2
+        * @param string $server2
+        * @return bool true if both users and servers are the same
+        */
+       public static function isSameUserOnSameServer($user1, $server1, $user2, $server2) {
+               $normalizedServer1 = strtolower(\OC\Share\Share::removeProtocolFromUrl($server1));
+               $normalizedServer2 = strtolower(\OC\Share\Share::removeProtocolFromUrl($server2));
+
+               if (rtrim($normalizedServer1, '/') === rtrim($normalizedServer2, '/')) {
+                       // FIXME this should be a method in the user management instead
+                       \OCP\Util::emitHook(
+                                       '\OCA\Files_Sharing\API\Server2Server',
+                                       'preLoginNameUsedAsUserName',
+                                       array('uid' => &$user1)
+                       );
+                       \OCP\Util::emitHook(
+                                       '\OCA\Files_Sharing\API\Server2Server',
+                                       'preLoginNameUsedAsUserName',
+                                       array('uid' => &$user2)
+                       );
+
+                       if ($user1 === $user2) {
+                               return true;
+                       }
+               }
+
+               return false;
+       }
 }

diff --git a/lib/private/share/share.php b/lib/private/share/share.php
index 3edffba8a3f5e4df367b145ec3b9bed9526238ec..fff437b3ff72f601cc6bdb48bd4f20ae5672771d 100644 (file)
--- a/lib/private/share/share.php
+++ b/lib/private/share/share.php
@@ -849,11 +849,20 @@ class Share extends Constants {
                                        throw new \Exception($message_t);
                        }
 
+                       // don't allow federated shares if source and target server are the same
+                       list($user, $remote) = Helper::splitUserRemote($shareWith);
+                       $currentServer = self::removeProtocolFromUrl(\OC::$server->getURLGenerator()->getAbsoluteURL('/'));
+                       $currentUser = \OC::$server->getUserSession()->getUser()->getUID();
+                       if (Helper::isSameUserOnSameServer($user, $remote, $currentUser, $currentServer)) {
+                               $message = 'Not allowed to create a federated share with the same user.';
+                               $message_t = $l->t('Not allowed to create a federated share with the same user');
+                               \OCP\Util::writeLog('OCP\Share', $message, \OCP\Util::DEBUG);
+                               throw new \Exception($message_t);
+                       }
 
                        $token = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(self::TOKEN_LENGTH, \OCP\Security\ISecureRandom::CHAR_LOWER . \OCP\Security\ISecureRandom::CHAR_UPPER .
                                \OCP\Security\ISecureRandom::CHAR_DIGITS);
 
-                       list($user, $remote) = Helper::splitUserRemote($shareWith);
                        $shareWith = $user . '@' . $remote;
                        $shareId = self::put($itemType, $itemSource, $shareType, $shareWith, $uidOwner, $permissions, null, $token, $itemSourceName);
 
@@ -2510,7 +2519,7 @@ class Share extends Constants {
         * @param string $url
         * @return string
         */
-       private static function removeProtocolFromUrl($url) {
+       public static function removeProtocolFromUrl($url) {
                if (strpos($url, 'https://') === 0) {
                        return substr($url, strlen('https://'));
                } else if (strpos($url, 'http://') === 0) {

diff --git a/tests/lib/share/helper.php b/tests/lib/share/helper.php
index e37a3db8bf09ce94c2e4c44965f4eebc3395c793..eaa29c8cb900e3b6218d2b561b571aa99c1c46d9 100644 (file)
--- a/tests/lib/share/helper.php
+++ b/tests/lib/share/helper.php
@@ -19,6 +19,10 @@
 * License along with this library.  If not, see <http://www.gnu.org/licenses/>.
 */
 
+/**
+ * @group DB
+ * Class Test_Share_Helper
+ */
 class Test_Share_Helper extends \Test\TestCase {
 
        public function expireDateProvider() {
@@ -121,4 +125,37 @@ class Test_Share_Helper extends \Test\TestCase {
        public function testSplitUserRemoteError($id) {
                \OC\Share\Helper::splitUserRemote($id);
        }
+
+       /**
+        * @dataProvider dataTestCompareServerAddresses
+        *
+        * @param string $server1
+        * @param string $server2
+        * @param bool $expected
+        */
+       public function testIsSameUserOnSameServer($user1, $server1, $user2, $server2, $expected) {
+               $this->assertSame($expected,
+                       \OC\Share\Helper::isSameUserOnSameServer($user1, $server1, $user2, $server2)
+               );
+       }
+
+       public function dataTestCompareServerAddresses() {
+               return [
+                       ['user1', 'http://server1', 'user1', 'http://server1', true],
+                       ['user1', 'https://server1', 'user1', 'http://server1', true],
+                       ['user1', 'http://serVer1', 'user1', 'http://server1', true],
+                       ['user1', 'http://server1/',  'user1', 'http://server1', true],
+                       ['user1', 'server1', 'user1', 'http://server1', true],
+                       ['user1', 'http://server1', 'user1', 'http://server2', false],
+                       ['user1', 'https://server1', 'user1', 'http://server2', false],
+                       ['user1', 'http://serVer1', 'user1', 'http://serer2', false],
+                       ['user1', 'http://server1/', 'user1', 'http://server2', false],
+                       ['user1', 'server1', 'user1', 'http://server2', false],
+                       ['user1', 'http://server1', 'user2', 'http://server1', false],
+                       ['user1', 'https://server1', 'user2', 'http://server1', false],
+                       ['user1', 'http://serVer1', 'user2', 'http://server1', false],
+                       ['user1', 'http://server1/',  'user2', 'http://server1', false],
+                       ['user1', 'server1', 'user2', 'http://server1', false],
+               ];
+       }
 }