diff options
| author | skjnldsv <skjnldsv@protonmail.com> | 2024-07-05 14:02:53 +0200 |
|---|---|---|
| committer | John Molakvoæ <skjnldsv@users.noreply.github.com> | 2024-07-12 20:14:30 +0200 |
| commit | c253112cf77411ee374ea29a9566cdd28d3e544d (patch) | |
| tree | e78bde64bbe1746105bb244141036d745ac31971 /apps/files_sharing/lib | |
| parent | d388370c3b4bd50d1ad7668aef9000bd54a8c442 (diff) | |
| download | nextcloud-server-c253112cf77411ee374ea29a9566cdd28d3e544d.tar.gz nextcloud-server-c253112cf77411ee374ea29a9566cdd28d3e544d.zip | |
chore(files_sharing): refactor mail handling
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
Diffstat (limited to 'apps/files_sharing/lib')
| -rw-r--r-- | apps/files_sharing/lib/Controller/ShareAPIController.php | 33 |
1 files changed, 32 insertions, 1 deletions
diff --git a/apps/files_sharing/lib/Controller/ShareAPIController.php b/apps/files_sharing/lib/Controller/ShareAPIController.php index 5e7e2b9c872..72ebd39ea07 100644 --- a/apps/files_sharing/lib/Controller/ShareAPIController.php +++ b/apps/files_sharing/lib/Controller/ShareAPIController.php @@ -2040,18 +2040,49 @@ class ShareAPIController extends OCSController { */ #[NoAdminRequired] #[BruteForceProtection(action: 'sendShareEmail')] - public function sendShareEmail(string $id, $emails = []) { + public function sendShareEmail(string $id, $password = '') { try { $share = $this->getShareById($id); + if (!$this->canAccessShare($share, false)) { + throw new OCSNotFoundException($this->l->t('Wrong share ID, share does not exist')); + } + + if (!$this->canEditShare($share)) { + throw new OCSForbiddenException('You are not allowed to send mail notifications'); + } + + // For mail and link shares, the user must be + // the owner of the share, not only the file owner. + if ($share->getShareType() === IShare::TYPE_EMAIL + || $share->getShareType() === IShare::TYPE_LINK){ + if ($share->getSharedBy() !== $this->currentUser) { + throw new OCSForbiddenException('You are not allowed to send mail notifications'); + } + } + try { $provider = $this->factory->getProviderForType($share->getShareType()); if (!($provider instanceof IShareProviderWithNotification)) { throw new OCSBadRequestException($this->l->t('No mail notification configured for this share type')); } + // Circumvent the password encrypted data by + // setting the password clear. We're not storing + // the password clear, it is just a temporary + // object manipulation. The password will stay + // encrypted in the database. + if ($share->getPassword() && $share->getPassword() !== $password) { + if (!$this->shareManager->checkPassword($share, $password)) { + throw new OCSBadRequestException($this->l->t('Wrong password')); + } + $share = $share->setPassword($password); + } + $provider->sendMailNotification($share); return new JSONResponse(['message' => 'ok']); + } catch(OCSBadRequestException $e) { + throw $e; } catch (Exception $e) { throw new OCSException($this->l->t('Error while sending mail notification')); } |