diff options
author | Roeland Jago Douma <rullzer@owncloud.com> | 2015-10-22 23:13:28 +0200 |
---|---|---|
committer | Roeland Jago Douma <rullzer@owncloud.com> | 2015-10-23 09:24:03 +0200 |
commit | 9071e756a103319c6747974292463f30b89ab4e3 (patch) | |
tree | b9739ecd154f92b9ce863a4688c9d40241c649ce | |
parent | 4f5ff9c105360335d525ac2bf887bdd7ba4fe03a (diff) | |
download | nextcloud-server-9071e756a103319c6747974292463f30b89ab4e3.tar.gz nextcloud-server-9071e756a103319c6747974292463f30b89ab4e3.zip |
Fix for broken ajax/share.php endpoint
Even more code mess :(
All tests pass again. But I'm really not happy with this endpoint.
-rw-r--r-- | core/ajax/share.php | 26 | ||||
-rw-r--r-- | core/js/tests/specs/sharedialogviewSpec.js | 6 | ||||
-rw-r--r-- | lib/private/share/share.php | 24 | ||||
-rw-r--r-- | lib/public/share.php | 7 |
4 files changed, 47 insertions, 16 deletions
diff --git a/core/ajax/share.php b/core/ajax/share.php index 4738d0e0827..a1c573900c9 100644 --- a/core/ajax/share.php +++ b/core/ajax/share.php @@ -48,9 +48,28 @@ if (isset($_POST['action']) && isset($_POST['itemType']) && isset($_POST['itemSo $shareType = (int)$_POST['shareType']; $shareWith = $_POST['shareWith']; $itemSourceName = isset($_POST['itemSourceName']) ? (string)$_POST['itemSourceName'] : null; - if ($shareType === OCP\Share::SHARE_TYPE_LINK && $shareWith == '') { - $shareWith = null; + + /* + * Nasty nasty fix for https://github.com/owncloud/core/issues/19950 + */ + $passwordChanged = null; + if (is_array($shareWith)) { + $passwordChanged = ($shareWith['passwordChanged'] === 'true'); + if ($shareType === OCP\Share::SHARE_TYPE_LINK && $shareWith['password'] === '') { + $shareWith = null; + } else { + $shareWith = $shareWith['password']; + } + } else { + /* + * We need this branch since the calendar and contacts also use this + * endpoint + */ + if ($shareType === OCP\Share::SHARE_TYPE_LINK && $shareWith === '') { + $shareWith = null; + } } + $itemSourceName=(isset($_POST['itemSourceName'])) ? (string)$_POST['itemSourceName']:''; $token = OCP\Share::shareItem( @@ -60,7 +79,8 @@ if (isset($_POST['action']) && isset($_POST['itemType']) && isset($_POST['itemSo $shareWith, $_POST['permissions'], $itemSourceName, - (!empty($_POST['expirationDate']) ? new \DateTime((string)$_POST['expirationDate']) : null) + (!empty($_POST['expirationDate']) ? new \DateTime((string)$_POST['expirationDate']) : null), + $passwordChanged ); if (is_string($token)) { diff --git a/core/js/tests/specs/sharedialogviewSpec.js b/core/js/tests/specs/sharedialogviewSpec.js index 0117f517d4c..1c05bf21968 100644 --- a/core/js/tests/specs/sharedialogviewSpec.js +++ b/core/js/tests/specs/sharedialogviewSpec.js @@ -146,7 +146,8 @@ describe('OC.Share.ShareDialogView', function() { expect(fakeServer.requests[1].method).toEqual('POST'); var body = OC.parseQueryString(fakeServer.requests[1].requestBody); - expect(body.shareWith).toEqual('foo'); + expect(body['shareWith[password]']).toEqual('foo'); + expect(body['shareWith[passwordChanged]']).toEqual('true'); fetchStub.reset(); @@ -185,7 +186,8 @@ describe('OC.Share.ShareDialogView', function() { expect(fakeServer.requests[1].method).toEqual('POST'); var body = OC.parseQueryString(fakeServer.requests[1].requestBody); - expect(body.shareWith).toEqual('foo'); + expect(body['shareWith[password]']).toEqual('foo'); + expect(body['shareWith[passwordChanged]']).toEqual('true'); fetchStub.reset(); diff --git a/lib/private/share/share.php b/lib/private/share/share.php index 1b31df554cb..097c5a14b9f 100644 --- a/lib/private/share/share.php +++ b/lib/private/share/share.php @@ -597,11 +597,12 @@ class Share extends Constants { * @param int $permissions CRUDS * @param string $itemSourceName * @param \DateTime $expirationDate + * @param bool $passwordChanged * @return boolean|string Returns true on success or false on failure, Returns token on success for links * @throws \OC\HintException when the share type is remote and the shareWith is invalid * @throws \Exception */ - public static function shareItem($itemType, $itemSource, $shareType, $shareWith, $permissions, $itemSourceName = null, \DateTime $expirationDate = null) { + public static function shareItem($itemType, $itemSource, $shareType, $shareWith, $permissions, $itemSourceName = null, \DateTime $expirationDate = null, $passwordChanged = null) { $backend = self::getBackend($itemType); $l = \OC::$server->getL10N('lib'); @@ -775,19 +776,26 @@ class Share extends Constants { $updateExistingShare = true; } - // Generate hash of password if the password was changed on the client - if (isset($shareWith['passwordChanged']) && $shareWith['passwordChanged'] === 'true') { - $shareWith = $shareWith['password']; + if ($passwordChanged === null) { + // Generate hash of password - same method as user passwords if (is_string($shareWith) && $shareWith !== '') { self::verifyPassword($shareWith); $shareWith = \OC::$server->getHasher()->hash($shareWith); + } else { + // reuse the already set password, but only if we change permissions + // otherwise the user disabled the password protection + if ($checkExists && (int)$permissions !== (int)$oldPermissions) { + $shareWith = $checkExists['share_with']; + } } } else { - // reuse the existing password if it was not updated from the client - if ($updateExistingShare) { + if ($passwordChanged === true) { + if (is_string($shareWith) && $shareWith !== '') { + self::verifyPassword($shareWith); + $shareWith = \OC::$server->getHasher()->hash($shareWith); + } + } else if ($updateExistingShare) { $shareWith = $checkExists['share_with']; - } else { - $shareWith = ''; } } diff --git a/lib/public/share.php b/lib/public/share.php index 0f5c68c576d..4fcc7d81d16 100644 --- a/lib/public/share.php +++ b/lib/public/share.php @@ -255,13 +255,14 @@ class Share extends \OC\Share\Constants { * @param int $permissions CRUDS * @param string $itemSourceName * @param \DateTime $expirationDate + * @param bool $passwordChanged * @return bool|string Returns true on success or false on failure, Returns token on success for links * @throws \OC\HintException when the share type is remote and the shareWith is invalid * @throws \Exception - * @since 5.0.0 - parameter $itemSourceName was added in 6.0.0, parameter $expirationDate was added in 7.0.0 + * @since 5.0.0 - parameter $itemSourceName was added in 6.0.0, parameter $expirationDate was added in 7.0.0, paramter $passwordChanged added in 9.0.0 */ - public static function shareItem($itemType, $itemSource, $shareType, $shareWith, $permissions, $itemSourceName = null, \DateTime $expirationDate = null) { - return \OC\Share\Share::shareItem($itemType, $itemSource, $shareType, $shareWith, $permissions, $itemSourceName, $expirationDate); + public static function shareItem($itemType, $itemSource, $shareType, $shareWith, $permissions, $itemSourceName = null, \DateTime $expirationDate = null, $passwordChanged = null) { + return \OC\Share\Share::shareItem($itemType, $itemSource, $shareType, $shareWith, $permissions, $itemSourceName, $expirationDate, $passwordChanged); } /** |