summaryrefslogtreecommitdiffstats
path: root/apps/dav
diff options
context:
space:
mode:
authorRoeland Jago Douma <roeland@famdouma.nl>2018-04-23 22:15:29 +0200
committerRoeland Jago Douma <roeland@famdouma.nl>2018-04-26 10:35:37 +0200
commit042340ccf6e7d6408390b91f6904de0425bb3c07 (patch)
treec1f3f2e98b233e57bf2951497d8832156f5855d6 /apps/dav
parent6a385dd20bad8d0e6c7d923f77eea7b5f719fddd (diff)
downloadnextcloud-server-042340ccf6e7d6408390b91f6904de0425bb3c07.tar.gz
nextcloud-server-042340ccf6e7d6408390b91f6904de0425bb3c07.zip
Check if a direct link is expired
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Diffstat (limited to 'apps/dav')
-rw-r--r--apps/dav/lib/Direct/DirectFile.php20
-rw-r--r--apps/dav/lib/Direct/DirectHome.php32
2 files changed, 31 insertions, 21 deletions
diff --git a/apps/dav/lib/Direct/DirectFile.php b/apps/dav/lib/Direct/DirectFile.php
index d327a1752bb..947352c5148 100644
--- a/apps/dav/lib/Direct/DirectFile.php
+++ b/apps/dav/lib/Direct/DirectFile.php
@@ -46,47 +46,47 @@ class DirectFile implements IFile {
$this->rootFolder = $rootFolder;
}
- function put($data) {
+ public function put($data) {
throw new Forbidden();
}
- function get() {
+ public function get() {
$this->getFile();
return $this->file->fopen('rb');
}
- function getContentType() {
+ public function getContentType() {
$this->getFile();
return $this->file->getMimeType();
}
- function getETag() {
+ public function getETag() {
$this->getFile();
return $this->file->getEtag();
}
- function getSize() {
+ public function getSize() {
$this->getFile();
return $this->file->getSize();
}
- function delete() {
+ public function delete() {
throw new Forbidden();
}
- function getName() {
+ public function getName() {
return $this->direct->getToken();
}
- function setName($name) {
+ public function setName($name) {
throw new Forbidden();
}
- function getLastModified() {
+ public function getLastModified() {
$this->getFile();
return $this->file->getMTime();
@@ -97,8 +97,6 @@ class DirectFile implements IFile {
$userFolder = $this->rootFolder->getUserFolder($this->direct->getUserId());
$files = $userFolder->getById($this->direct->getFileId());
- //TODO check expiration
-
if ($files === []) {
throw new NotFound();
}
diff --git a/apps/dav/lib/Direct/DirectHome.php b/apps/dav/lib/Direct/DirectHome.php
index 247cca7a3c9..f56815746a5 100644
--- a/apps/dav/lib/Direct/DirectHome.php
+++ b/apps/dav/lib/Direct/DirectHome.php
@@ -26,6 +26,7 @@ namespace OCA\DAV\Direct;
use OCA\DAV\Db\DirectMapper;
use OCP\AppFramework\Db\DoesNotExistException;
+use OCP\AppFramework\Utility\ITimeFactory;
use OCP\Files\IRootFolder;
use Sabre\DAV\Exception\Forbidden;
use Sabre\DAV\Exception\MethodNotAllowed;
@@ -40,23 +41,34 @@ class DirectHome implements ICollection {
/** @var DirectMapper */
private $mapper;
- public function __construct(IRootFolder $rootFolder, DirectMapper $mapper) {
+ /** @var ITimeFactory */
+ private $timeFactory;
+
+ public function __construct(IRootFolder $rootFolder,
+ DirectMapper $mapper,
+ ITimeFactory $timeFactory) {
$this->rootFolder = $rootFolder;
$this->mapper = $mapper;
+ $this->timeFactory = $timeFactory;
}
- function createFile($name, $data = null) {
+ public function createFile($name, $data = null) {
throw new Forbidden();
}
- function createDirectory($name) {
+ public function createDirectory($name) {
throw new Forbidden();
}
- public function getChild($name) {
+ public function getChild($name): DirectFile {
try {
$direct = $this->mapper->getByToken($name);
+ // Expired
+ if ($direct->getExpiration() >= $this->timeFactory->getTime()) {
+ throw new NotFound();
+ }
+
return new DirectFile($direct, $this->rootFolder);
} catch (DoesNotExistException $e) {
//TODO: throttle the ip to avoid brute forcing
@@ -65,27 +77,27 @@ class DirectHome implements ICollection {
}
}
- function getChildren() {
+ public function getChildren() {
throw new MethodNotAllowed('Listing members of this collection is disabled');
}
- function childExists($name) {
+ public function childExists($name): bool {
return false;
}
- function delete() {
+ public function delete() {
throw new Forbidden();
}
- function getName() {
+ public function getName(): string {
return 'direct';
}
- function setName($name) {
+ public function setName($name) {
throw new Forbidden();
}
- function getLastModified() {
+ public function getLastModified(): int {
return 0;
}