continue to accept the URL of the remote server instead of the federated cloud id

2 files changed, 44 insertions, 12 deletions

diff --git a/apps/federatedfilesharing/lib/Controller/SaveToOwnCloudController.php b/apps/federatedfilesharing/lib/Controller/SaveToOwnCloudController.php
index a20806e6abb..2318d21afb5 100644
--- a/apps/federatedfilesharing/lib/Controller/SaveToOwnCloudController.php
+++ b/apps/federatedfilesharing/lib/Controller/SaveToOwnCloudController.php
@@ -29,6 +29,7 @@ use OCP\AppFramework\Controller;
 use OCP\AppFramework\Http;
 use OCP\AppFramework\Http\JSONResponse;
 use OCP\IRequest;
+use OCP\ISession;
 use OCP\Share\IManager;
 
 class SaveToOwnCloudController extends Controller {
@@ -42,16 +43,32 @@ class SaveToOwnCloudController extends Controller {
 	/** @var IManager  */
 	private $shareManager;
 
+	/** @var  ISession */
+	private $session;
+
+	/**
+	 * SaveToOwnCloudController constructor.
+	 *
+	 * @param string $appName
+	 * @param IRequest $request
+	 * @param FederatedShareProvider $federatedShareProvider
+	 * @param IManager $shareManager
+	 * @param AddressHandler $addressHandler
+	 * @param ISession $session
+	 */
 	public function __construct($appName,
-								IRequest $request,
-								FederatedShareProvider $federatedShareProvider,
-								IManager $shareManager,
-								AddressHandler $addressHandler) {
+								   IRequest $request,
+								   FederatedShareProvider $federatedShareProvider,
+								   IManager $shareManager,
+								   AddressHandler $addressHandler,
+								   ISession $session
+	) {
 		parent::__construct($appName, $request);
 
 		$this->federatedShareProvider = $federatedShareProvider;
 		$this->shareManager = $shareManager;
 		$this->addressHandler = $addressHandler;
+		$this->session = $session;
 	}
 
 	/**
@@ -63,9 +80,10 @@ class SaveToOwnCloudController extends Controller {
 	 *
 	 * @param string $shareWith
 	 * @param string $token
+	 * @param string $password
 	 * @return JSONResponse
 	 */
-	public function saveToOwnCloud($shareWith, $token) {
+	public function saveToOwnCloud($shareWith, $token, $password = '') {
 
 		try {
 			list(, $server) = $this->addressHandler->splitUserRemote($shareWith);
@@ -74,6 +92,14 @@ class SaveToOwnCloudController extends Controller {
 			return new JSONResponse(['message' => $e->getHint()], Http::STATUS_BAD_REQUEST);
 		}
 
+		// make sure that user is authenticated in case of a password protected link
+		$storedPassword = $share->getPassword();
+		$authenticated = $this->session->get('public_link_authenticated') === $share->getId() ||
+			$this->shareManager->checkPassword($share, $password);
+		if (!empty($storedPassword) && !$authenticated ) {
+			return new JSONResponse(['message' => 'No permission to access the share'], Http::STATUS_BAD_REQUEST);
+		}
+
 		$share->setSharedWith($shareWith);
 
 		try {
@@ -81,8 +107,8 @@ class SaveToOwnCloudController extends Controller {
 		} catch (\Exception $e) {
 			return new JSONResponse(['message' => $e->getMessage()], Http::STATUS_BAD_REQUEST);
 		}
-		
+
 		return new JSONResponse(['remoteUrl' => $server]);
 	}
-	
+
 }
diff --git a/apps/federatedfilesharing/tests/Controller/SaveToOwnCloudControllerTest.php b/apps/federatedfilesharing/tests/Controller/SaveToOwnCloudControllerTest.php
index 24bc18d5644..9189ac76601 100644
--- a/apps/federatedfilesharing/tests/Controller/SaveToOwnCloudControllerTest.php
+++ b/apps/federatedfilesharing/tests/Controller/SaveToOwnCloudControllerTest.php
@@ -28,6 +28,7 @@ use OCA\FederatedFileSharing\Controller\SaveToOwnCloudController;
 use OCA\FederatedFileSharing\FederatedShareProvider;
 use OCP\AppFramework\Http;
 use OCP\Files\IRootFolder;
+use OCP\ISession;
 use OCP\IUserManager;
 use OCP\Share;
 use OCP\Share\IManager;
@@ -56,6 +57,9 @@ class SaveToOwnCloudControllerTest extends \Test\TestCase {
 	/** @var  IUserManager | \PHPUnit_Framework_MockObject_MockObject */
 	private $userManager;
 
+	/** @var  ISession | \PHPUnit_Framework_MockObject_MockObject */
+	private $session;
+
 	/** @var  IShare */
 	private $share;
 
@@ -71,12 +75,14 @@ class SaveToOwnCloudControllerTest extends \Test\TestCase {
 		$this->rootFolder = $this->getMock('OCP\Files\IRootFolder');
 		$this->userManager = $this->getMock('OCP\IUserManager');
 		$this->share = new \OC\Share20\Share($this->rootFolder, $this->userManager);
+		$this->session = $this->getMock('OCP\ISession');
 
 		$this->controller = new SaveToOwnCloudController(
 			'federatedfilesharing', $this->request,
 			$this->federatedShareProvider,
 			$this->shareManager,
-			$this->addressHandler
+			$this->addressHandler,
+			$this->session
 		);
 	}
 
@@ -101,9 +107,9 @@ class SaveToOwnCloudControllerTest extends \Test\TestCase {
 					throw new HintException($expectedReturnData, $expectedReturnData);
 				}
 			);
-		
+
 		$share = $this->share;
-		
+
 		$this->shareManager->expects($this->any())->method('getShareByToken')
 			->with($token)
 			->willReturnCallback(
@@ -114,7 +120,7 @@ class SaveToOwnCloudControllerTest extends \Test\TestCase {
 					throw new HintException($expectedReturnData, $expectedReturnData);
 				}
 			);
-		
+
 		$this->federatedShareProvider->expects($this->any())->method('create')
 			->with($share)
 			->willReturnCallback(
@@ -141,7 +147,7 @@ class SaveToOwnCloudControllerTest extends \Test\TestCase {
 			$this->assertSame($expectedReturnData, $result->getData()['remoteUrl']);
 
 		}
-		
+
 	}
 
 	public function dataTestSaveToOwnCloud() {