diff options
author | Bjoern Schiessle <schiessle@owncloud.com> | 2014-05-12 12:19:07 +0200 |
---|---|---|
committer | Bjoern Schiessle <schiessle@owncloud.com> | 2014-05-16 17:41:09 +0200 |
commit | b6e14af861481d0b2ebf6ca752d994c5adfce866 (patch) | |
tree | 522434e1a85c90b7212a0c9ebed0174e24a11e8e /apps/files_sharing | |
parent | dab3cb65cf16d78796ce8dc23fa1f72aa9846b7e (diff) | |
download | nextcloud-server-b6e14af861481d0b2ebf6ca752d994c5adfce866.tar.gz nextcloud-server-b6e14af861481d0b2ebf6ca752d994c5adfce866.zip |
allow admin to enforce passwords for public link shares
Diffstat (limited to 'apps/files_sharing')
-rw-r--r-- | apps/files_sharing/lib/api.php | 19 | ||||
-rw-r--r-- | apps/files_sharing/tests/api.php | 54 |
2 files changed, 66 insertions, 7 deletions
diff --git a/apps/files_sharing/lib/api.php b/apps/files_sharing/lib/api.php index d554d68c6bd..fd3c4a7756a 100644 --- a/apps/files_sharing/lib/api.php +++ b/apps/files_sharing/lib/api.php @@ -418,13 +418,18 @@ class Api { return new \OC_OCS_Result(null, 404, "share doesn't exists, can't change password"); } - $result = \OCP\Share::shareItem( - $itemType, - $itemSource, - \OCP\Share::SHARE_TYPE_LINK, - $shareWith, - $permissions - ); + try { + $result = \OCP\Share::shareItem( + $itemType, + $itemSource, + \OCP\Share::SHARE_TYPE_LINK, + $shareWith, + $permissions + ); + } catch (\Exception $e) { + return new \OC_OCS_Result(null, 403, $e->getMessage()); + } + if($result) { return new \OC_OCS_Result(); } diff --git a/apps/files_sharing/tests/api.php b/apps/files_sharing/tests/api.php index 2193717f4b4..a908caf6632 100644 --- a/apps/files_sharing/tests/api.php +++ b/apps/files_sharing/tests/api.php @@ -113,11 +113,65 @@ class Test_Files_Sharing_Api extends Test_Files_Sharing_Base { $fileinfo = $this->view->getFileInfo($this->folder); \OCP\Share::unshare('folder', $fileinfo['fileid'], \OCP\Share::SHARE_TYPE_LINK, null); + } + + function testEnfoceLinkPassword() { + + $appConfig = \OC::$server->getAppConfig(); + $appConfig->setValue('core', 'shareapi_enforce_links_password', 'yes'); + + // don't allow to share link without a password + $_POST['path'] = $this->folder; + $_POST['shareType'] = \OCP\Share::SHARE_TYPE_LINK; + + + $result = Share\Api::createShare(array()); + $this->assertFalse($result->succeeded()); + + + // don't allow to share link without a empty password + $_POST['path'] = $this->folder; + $_POST['shareType'] = \OCP\Share::SHARE_TYPE_LINK; + $_POST['password'] = ''; + + $result = Share\Api::createShare(array()); + $this->assertFalse($result->succeeded()); + + // share with password should succeed + $_POST['path'] = $this->folder; + $_POST['shareType'] = \OCP\Share::SHARE_TYPE_LINK; + $_POST['password'] = 'foo'; + $result = Share\Api::createShare(array()); + $this->assertTrue($result->succeeded()); + + $data = $result->getData(); + + // setting new password should succeed + $params = array(); + $params['id'] = $data['id']; + $params['_put'] = array(); + $params['_put']['password'] = 'bar'; + + $result = Share\Api::updateShare($params); + $this->assertTrue($result->succeeded()); + // removing password should fail + $params = array(); + $params['id'] = $data['id']; + $params['_put'] = array(); + $params['_put']['password'] = ''; + + $result = Share\Api::updateShare($params); + $this->assertFalse($result->succeeded()); + // cleanup + $fileinfo = $this->view->getFileInfo($this->folder); + \OCP\Share::unshare('folder', $fileinfo['fileid'], \OCP\Share::SHARE_TYPE_LINK, null); + $appConfig->setValue('core', 'shareapi_enforce_links_password', 'no'); } + /** * @medium * @depends testCreateShare |