Merge pull request #12410 from owncloud/no_session_for_public_share_key

don't store private public-share-key in session

4 files changed, 15 insertions, 34 deletions

diff --git a/apps/files/ajax/upload.php b/apps/files/ajax/upload.php
index b960e02ced7..aeb0008a7b9 100644
--- a/apps/files/ajax/upload.php
+++ b/apps/files/ajax/upload.php
@@ -1,5 +1,7 @@
 <?php
 
+\OC::$server->getSession()->close();
+
 // Firefox and Konqueror tries to download application/json for me.  --Arthur
 OCP\JSON::setContentTypeHeader('text/plain');
 
@@ -64,13 +66,7 @@ if (empty($_POST['dirToken'])) {
 	}
 }
 
-
 OCP\JSON::callCheck();
-if (!\OCP\App::isEnabled('files_encryption')) {
-	// encryption app need to create keys later, so can't close too early
-	\OC::$server->getSession()->close();
-}
-
 
 // get array with current storage stats (e.g. max file size)
 $storageStats = \OCA\Files\Helper::buildFileStorageStatistics($dir);
diff --git a/apps/files_encryption/lib/proxy.php b/apps/files_encryption/lib/proxy.php
index 55f2df783c4..a358a46a6e7 100644
--- a/apps/files_encryption/lib/proxy.php
+++ b/apps/files_encryption/lib/proxy.php
@@ -91,7 +91,6 @@ class Proxy extends \OC_FileProxy {
 	private function shouldEncrypt($path, $mode = 'w') {
 
 		$userId = Helper::getUser($path);
-		$session = new Session(new \OC\Files\View());
 
 		// don't call the crypt stream wrapper, if...
 		if (
diff --git a/apps/files_encryption/lib/session.php b/apps/files_encryption/lib/session.php
index 7bd4fd02421..132748b6ea5 100644
--- a/apps/files_encryption/lib/session.php
+++ b/apps/files_encryption/lib/session.php
@@ -29,6 +29,7 @@ namespace OCA\Encryption;
 class Session {
 
 	private $view;
+	private static $publicShareKey = false;
 
 	const NOT_INITIALIZED = '0';
 	const INIT_EXECUTED = '1';
@@ -92,7 +93,7 @@ class Session {
 
 		}
 
-		if (\OCA\Encryption\Helper::isPublicAccess()) {
+		if (\OCA\Encryption\Helper::isPublicAccess() && !self::getPublicSharePrivateKey()) {
 			// Disable encryption proxy to prevent recursive calls
 			$proxyStatus = \OC_FileProxy::$enabled;
 			\OC_FileProxy::$enabled = false;
@@ -100,9 +101,7 @@ class Session {
 			$encryptedKey = $this->view->file_get_contents(
 				'/owncloud_private_key/' . $publicShareKeyId . '.private.key');
 			$privateKey = Crypt::decryptPrivateKey($encryptedKey, '');
-			$this->setPublicSharePrivateKey($privateKey);
-
-			$this->setInitialized(\OCA\Encryption\Session::INIT_SUCCESSFUL);
+			self::setPublicSharePrivateKey($privateKey);
 
 			\OC_FileProxy::$enabled = $proxyStatus;
 		}
@@ -127,8 +126,8 @@ class Session {
 	 * remove keys from session
 	 */
 	public function removeKeys() {
-		\OC::$session->remove('publicSharePrivateKey');
-		\OC::$session->remove('privateKey');
+		\OC::$server->getSession()->remove('publicSharePrivateKey');
+		\OC::$server->getSession()->remove('privateKey');
 	}
 
 	/**
@@ -164,6 +163,8 @@ class Session {
 	public function getInitialized() {
 		if (!is_null(\OC::$server->getSession()->get('encryptionInitialized'))) {
 			return \OC::$server->getSession()->get('encryptionInitialized');
+		} else if (\OCA\Encryption\Helper::isPublicAccess() && self::getPublicSharePrivateKey()) {
+			return self::INIT_SUCCESSFUL;
 		} else {
 			return self::NOT_INITIALIZED;
 		}
@@ -177,7 +178,7 @@ class Session {
 	public function getPrivateKey() {
 		// return the public share private key if this is a public access
 		if (\OCA\Encryption\Helper::isPublicAccess()) {
-			return $this->getPublicSharePrivateKey();
+			return self::getPublicSharePrivateKey();
 		} else {
 			if (!is_null(\OC::$server->getSession()->get('privateKey'))) {
 				return \OC::$server->getSession()->get('privateKey');
@@ -192,12 +193,9 @@ class Session {
 	 * @param string $privateKey
 	 * @return bool
 	 */
-	public function setPublicSharePrivateKey($privateKey) {
-
-		\OC::$server->getSession()->set('publicSharePrivateKey', $privateKey);
-
+	private static function setPublicSharePrivateKey($privateKey) {
+		self::$publicShareKey = $privateKey;
 		return true;
-
 	}
 
 	/**
@@ -205,13 +203,8 @@ class Session {
 	 * @return string $privateKey
 	 *
 	 */
-	public function getPublicSharePrivateKey() {
-
-		if (!is_null(\OC::$server->getSession()->get('publicSharePrivateKey'))) {
-			return \OC::$server->getSession()->get('publicSharePrivateKey');
-		} else {
-			return false;
-		}
+	private static function getPublicSharePrivateKey() {
+		return self::$publicShareKey;
 	}
 
 }
diff --git a/apps/files_sharing/lib/controllers/sharecontroller.php b/apps/files_sharing/lib/controllers/sharecontroller.php
index 076df3c46f6..7518292131c 100644
--- a/apps/files_sharing/lib/controllers/sharecontroller.php
+++ b/apps/files_sharing/lib/controllers/sharecontroller.php
@@ -203,7 +203,6 @@ class ShareController extends Controller {
 	/**
 	 * @PublicPage
 	 * @NoCSRFRequired
-	 * @UseSession
 	 *
 	 * @param string $token
 	 * @param string $files
@@ -213,12 +212,6 @@ class ShareController extends Controller {
 	public function downloadShare($token, $files = null, $path = '') {
 		\OC_User::setIncognitoMode(true);
 
-		// FIXME: Use DI once there is a suitable class
-		if (!\OCP\App::isEnabled('files_encryption')) {
-			// encryption app requires the session to store the keys in
-			\OC::$server->getSession()->close();
-		}
-
 		$linkItem = OCP\Share::getShareByToken($token, false);
 
 		// Share is password protected - check whether the user is permitted to access the share
@@ -244,7 +237,7 @@ class ShareController extends Controller {
 			}
 
 			// FIXME: The exit is required here because otherwise the AppFramework is trying to add headers as well
-			// after dispatching the request which results in a "Cannot modify header information" notice. 
+			// after dispatching the request which results in a "Cannot modify header information" notice.
 			OC_Files::get($originalSharePath, $files_list, $_SERVER['REQUEST_METHOD'] == 'HEAD');
 			exit();
 		} else {