Browse Source
Move public webdav auth over to share manager
The public webdav auth should use the shiny new share manager.tags/v9.1.0beta1
Roeland Jago Douma
8 years ago
2 changed files with 44 additions and 50 deletions
+ 8
- 5
apps/dav/appinfo/v1/publicwebdav.php
View File
| @@ -32,7 +32,11 @@ OC_App::loadApps($RUNTIME_APPTYPES); | |||
| OC_Util::obEnd(); | |||
| // Backends | |||
| $authBackend = new OCA\DAV\Connector\PublicAuth(\OC::$server->getConfig(), \OC::$server->getRequest()); | |||
| $authBackend = new OCA\DAV\Connector\PublicAuth( | |||
| \OC::$server->getRequest(), | |||
| \OC::$server->getShareManager(), | |||
| \OC::$server->getSession() | |||
| ); | |||
| $serverFactory = new OCA\DAV\Connector\Sabre\ServerFactory( | |||
| \OC::$server->getConfig(), | |||
| @@ -56,10 +60,9 @@ $server = $serverFactory->createServer($baseuri, $requestUri, $authBackend, func | |||
| } | |||
| $share = $authBackend->getShare(); | |||
| $rootShare = \OCP\Share::resolveReShare($share); | |||
| $owner = $rootShare['uid_owner']; | |||
| $isWritable = $share['permissions'] & (\OCP\Constants::PERMISSION_UPDATE | \OCP\Constants::PERMISSION_CREATE); | |||
| $fileId = $share['file_source']; | |||
| $owner = $share->getShareOwner(); | |||
| $isWritable = $share->getPermissions() & (\OCP\Constants::PERMISSION_UPDATE | \OCP\Constants::PERMISSION_CREATE); | |||
| $fileId = $share->getNodeId(); | |||
| if (!$isWritable) { | |||
| \OC\Files\Filesystem::addStorageWrapper('readonly', function ($mountPoint, $storage) { | |||
+ 36
- 45
apps/dav/lib/connector/publicauth.php
View File
| @@ -26,31 +26,41 @@ | |||
| namespace OCA\DAV\Connector; | |||
| use OCP\IConfig; | |||
| use OCP\IRequest; | |||
| use OCP\ISession; | |||
| use OCP\Share\Exceptions\ShareNotFound; | |||
| use OCP\Share\IManager; | |||
| /** | |||
| * Class PublicAuth | |||
| * | |||
| * @package OCA\DAV\Connector | |||
| */ | |||
| class PublicAuth extends \Sabre\DAV\Auth\Backend\AbstractBasic { | |||
| /** | |||
| * @var \OCP\IConfig | |||
| */ | |||
| private $config; | |||
| /** @var \OCP\Share\IShare */ | |||
| private $share; | |||
| /** | |||
| * @var IRequest | |||
| */ | |||
| /** @var IManager */ | |||
| private $shareManager; | |||
| /** @var ISession */ | |||
| private $session; | |||
| /** @var IRequest */ | |||
| private $request; | |||
| /** | |||
| * @param \OCP\IConfig $config | |||
| * @param IRequest $request | |||
| * @param IManager $shareManager | |||
| * @param ISession $session | |||
| */ | |||
| public function __construct(IConfig $config, | |||
| IRequest $request) { | |||
| $this->config = $config; | |||
| public function __construct(IRequest $request, | |||
| IManager $shareManager, | |||
| ISession $session) { | |||
| $this->request = $request; | |||
| $this->shareManager = $shareManager; | |||
| $this->session = $session; | |||
| } | |||
| /** | |||
| @@ -66,42 +76,23 @@ class PublicAuth extends \Sabre\DAV\Auth\Backend\AbstractBasic { | |||
| * @throws \Sabre\DAV\Exception\NotAuthenticated | |||
| */ | |||
| protected function validateUserPass($username, $password) { | |||
| $linkItem = \OCP\Share::getShareByToken($username, false); | |||
| \OC_User::setIncognitoMode(true); | |||
| $this->share = $linkItem; | |||
| if (!$linkItem) { | |||
| try { | |||
| $share = $this->shareManager->getShareByToken($username); | |||
| } catch (ShareNotFound $e) { | |||
| return false; | |||
| } | |||
| if ((int)$linkItem['share_type'] === \OCP\Share::SHARE_TYPE_LINK && | |||
| $this->config->getAppValue('core', 'shareapi_allow_public_upload', 'yes') !== 'yes') { | |||
| $this->share['permissions'] &= ~(\OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE); | |||
| } | |||
| $this->share = $share; | |||
| // check if the share is password protected | |||
| if (isset($linkItem['share_with'])) { | |||
| if ($linkItem['share_type'] == \OCP\Share::SHARE_TYPE_LINK) { | |||
| // Check Password | |||
| $newHash = ''; | |||
| if(\OC::$server->getHasher()->verify($password, $linkItem['share_with'], $newHash)) { | |||
| /** | |||
| * FIXME: Migrate old hashes to new hash format | |||
| * Due to the fact that there is no reasonable functionality to update the password | |||
| * of an existing share no migration is yet performed there. | |||
| * The only possibility is to update the existing share which will result in a new | |||
| * share ID and is a major hack. | |||
| * | |||
| * In the future the migration should be performed once there is a proper method | |||
| * to update the share's password. (for example `$share->updatePassword($password)` | |||
| * | |||
| * @link https://github.com/owncloud/core/issues/10671 | |||
| */ | |||
| if(!empty($newHash)) { | |||
| \OC_User::setIncognitoMode(true); | |||
| } | |||
| // check if the share is password protected | |||
| if ($share->getPassword() !== null) { | |||
| if ($share->getShareType() === \OCP\Share::SHARE_TYPE_LINK) { | |||
| if ($this->shareManager->checkPassword($share, $password)) { | |||
| return true; | |||
| } else if (\OC::$server->getSession()->exists('public_link_authenticated') | |||
| && \OC::$server->getSession()->get('public_link_authenticated') === $linkItem['id']) { | |||
| } else if ($this->session->exists('public_link_authenticated') | |||
| && $this->session->get('public_link_authenticated') === $share->getId()) { | |||
| return true; | |||
| } else { | |||
| if (in_array('XMLHttpRequest', explode(',', $this->request->getHeader('X-Requested-With')))) { | |||
| @@ -112,7 +103,7 @@ class PublicAuth extends \Sabre\DAV\Auth\Backend\AbstractBasic { | |||
| } | |||
| return false; | |||
| } | |||
| } else if ($linkItem['share_type'] == \OCP\Share::SHARE_TYPE_REMOTE) { | |||
| } else if ($share->getShareType() === \OCP\Share::SHARE_TYPE_REMOTE) { | |||
| return true; | |||
| } else { | |||
| return false; | |||
| @@ -123,7 +114,7 @@ class PublicAuth extends \Sabre\DAV\Auth\Backend\AbstractBasic { | |||
| } | |||
| /** | |||
| * @return array | |||
| * @return \OCP\Share\IShare | |||
| */ | |||
| public function getShare() { | |||
| return $this->share; | |||
Loading…