summaryrefslogtreecommitdiffstats
path: root/apps/files_sharing
diff options
context:
space:
mode:
authorVincent Petry <vincent@nextcloud.com>2022-04-12 09:46:31 +0200
committerGitHub <noreply@github.com>2022-04-12 09:46:31 +0200
commit483741ff36ab5ce56d37f65226b76afffb858356 (patch)
treea50478ba2112ef95d8899ce8d994c1b27a49cdf7 /apps/files_sharing
parent4626bfbc83c3b5779d6688c0b9357514e08799ed (diff)
parentc6a5c07041d2e5d20771409aede8b755d28372ac (diff)
downloadnextcloud-server-483741ff36ab5ce56d37f65226b76afffb858356.tar.gz
nextcloud-server-483741ff36ab5ce56d37f65226b76afffb858356.zip
Merge pull request #31220 from nextcloud/enhancement/31005/temporary-passwords
Temporary passwords for public non-anonymous protected shares (ie: files shared with an email recipient).
Diffstat (limited to 'apps/files_sharing')
-rw-r--r--apps/files_sharing/appinfo/info.xml2
-rw-r--r--apps/files_sharing/composer/composer/autoload_classmap.php1
-rw-r--r--apps/files_sharing/composer/composer/autoload_static.php1
-rw-r--r--apps/files_sharing/composer/composer/installed.php4
-rw-r--r--apps/files_sharing/lib/Controller/ShareAPIController.php37
-rw-r--r--apps/files_sharing/lib/Controller/ShareController.php113
-rw-r--r--apps/files_sharing/lib/Migration/Version24000Date20220208195521.php51
-rw-r--r--apps/files_sharing/src/components/SharingEntryLink.vue4
-rw-r--r--apps/files_sharing/tests/Controller/ShareAPIControllerTest.php2
-rw-r--r--apps/files_sharing/tests/Controller/ShareControllerTest.php4
10 files changed, 168 insertions, 51 deletions
diff --git a/apps/files_sharing/appinfo/info.xml b/apps/files_sharing/appinfo/info.xml
index a2446f99163..7ab8a1fcfa2 100644
--- a/apps/files_sharing/appinfo/info.xml
+++ b/apps/files_sharing/appinfo/info.xml
@@ -9,7 +9,7 @@
Turning the feature off removes shared files and folders on the server for all share recipients, and also on the sync clients and mobile apps. More information is available in the Nextcloud Documentation.
</description>
- <version>1.16.1</version>
+ <version>1.16.2</version>
<licence>agpl</licence>
<author>Michael Gapczynski</author>
<author>Bjoern Schiessle</author>
diff --git a/apps/files_sharing/composer/composer/autoload_classmap.php b/apps/files_sharing/composer/composer/autoload_classmap.php
index 95bee7323b7..2810910c8c9 100644
--- a/apps/files_sharing/composer/composer/autoload_classmap.php
+++ b/apps/files_sharing/composer/composer/autoload_classmap.php
@@ -68,6 +68,7 @@ return array(
'OCA\\Files_Sharing\\Migration\\Version11300Date20201120141438' => $baseDir . '/../lib/Migration/Version11300Date20201120141438.php',
'OCA\\Files_Sharing\\Migration\\Version21000Date20201223143245' => $baseDir . '/../lib/Migration/Version21000Date20201223143245.php',
'OCA\\Files_Sharing\\Migration\\Version22000Date20210216084241' => $baseDir . '/../lib/Migration/Version22000Date20210216084241.php',
+ 'OCA\\Files_Sharing\\Migration\\Version24000Date20220208195521' => $baseDir . '/../lib/Migration/Version24000Date20220208195521.php',
'OCA\\Files_Sharing\\Migration\\Version24000Date20220404142216' => $baseDir . '/../lib/Migration/Version24000Date20220404142216.php',
'OCA\\Files_Sharing\\MountProvider' => $baseDir . '/../lib/MountProvider.php',
'OCA\\Files_Sharing\\Notification\\Listener' => $baseDir . '/../lib/Notification/Listener.php',
diff --git a/apps/files_sharing/composer/composer/autoload_static.php b/apps/files_sharing/composer/composer/autoload_static.php
index dd8e9e2b7f9..70149b1cdc0 100644
--- a/apps/files_sharing/composer/composer/autoload_static.php
+++ b/apps/files_sharing/composer/composer/autoload_static.php
@@ -83,6 +83,7 @@ class ComposerStaticInitFiles_Sharing
'OCA\\Files_Sharing\\Migration\\Version11300Date20201120141438' => __DIR__ . '/..' . '/../lib/Migration/Version11300Date20201120141438.php',
'OCA\\Files_Sharing\\Migration\\Version21000Date20201223143245' => __DIR__ . '/..' . '/../lib/Migration/Version21000Date20201223143245.php',
'OCA\\Files_Sharing\\Migration\\Version22000Date20210216084241' => __DIR__ . '/..' . '/../lib/Migration/Version22000Date20210216084241.php',
+ 'OCA\\Files_Sharing\\Migration\\Version24000Date20220208195521' => __DIR__ . '/..' . '/../lib/Migration/Version24000Date20220208195521.php',
'OCA\\Files_Sharing\\Migration\\Version24000Date20220404142216' => __DIR__ . '/..' . '/../lib/Migration/Version24000Date20220404142216.php',
'OCA\\Files_Sharing\\MountProvider' => __DIR__ . '/..' . '/../lib/MountProvider.php',
'OCA\\Files_Sharing\\Notification\\Listener' => __DIR__ . '/..' . '/../lib/Notification/Listener.php',
diff --git a/apps/files_sharing/composer/composer/installed.php b/apps/files_sharing/composer/composer/installed.php
index 5440719fa40..1d332e29100 100644
--- a/apps/files_sharing/composer/composer/installed.php
+++ b/apps/files_sharing/composer/composer/installed.php
@@ -5,7 +5,7 @@
'type' => 'library',
'install_path' => __DIR__ . '/../',
'aliases' => array(),
- 'reference' => 'c6429e6cd19c57582364338362e543580821cf99',
+ 'reference' => 'ea4531aaaa6eb9fb3859e05b69ab773bfbfe7437',
'name' => '__root__',
'dev' => false,
),
@@ -16,7 +16,7 @@
'type' => 'library',
'install_path' => __DIR__ . '/../',
'aliases' => array(),
- 'reference' => 'c6429e6cd19c57582364338362e543580821cf99',
+ 'reference' => 'ea4531aaaa6eb9fb3859e05b69ab773bfbfe7437',
'dev_requirement' => false,
),
),
diff --git a/apps/files_sharing/lib/Controller/ShareAPIController.php b/apps/files_sharing/lib/Controller/ShareAPIController.php
index 069cba42bb6..d324af3e9f2 100644
--- a/apps/files_sharing/lib/Controller/ShareAPIController.php
+++ b/apps/files_sharing/lib/Controller/ShareAPIController.php
@@ -279,6 +279,7 @@ class ShareAPIController extends OCSController {
} elseif ($share->getShareType() === IShare::TYPE_EMAIL) {
$result['share_with'] = $share->getSharedWith();
$result['password'] = $share->getPassword();
+ $result['password_expiration_time'] = $share->getPasswordExpirationTime();
$result['send_password_by_talk'] = $share->getSendPasswordByTalk();
$result['share_with_displayname'] = $this->getDisplayNameFromAddressBook($share->getSharedWith(), 'EMAIL');
$result['token'] = $share->getToken();
@@ -570,6 +571,10 @@ class ShareAPIController extends OCSController {
// Set password
if ($password !== '') {
$share->setPassword($password);
+ // Shares shared by email have temporary passwords by default
+ if ($shareType === IShare::TYPE_EMAIL) {
+ $this->setSharePasswordExpirationTime($share);
+ }
}
// Only share by mail have a recipient
@@ -1177,6 +1182,9 @@ class ShareAPIController extends OCSController {
$share->setPassword(null);
} elseif ($password !== null) {
$share->setPassword($password);
+ if ($share->getShareType() === IShare::TYPE_EMAIL) {
+ $this->setSharePasswordExpirationTime($share);
+ }
}
if ($label !== null) {
@@ -1514,6 +1522,35 @@ class ShareAPIController extends OCSController {
}
/**
+ * Set the share's password expiration time
+ */
+ private function setSharePasswordExpirationTime(IShare $share): void {
+ if ($this->config->getSystemValue('allow_mail_share_permanent_password')) {
+ // Sets password expiration date to NULL
+ $share->setPasswordExpirationTime();
+ return;
+ }
+ // Sets password expiration date
+ $expirationTime = null;
+ try {
+ $now = new \DateTime();
+ $expirationInterval = $this->config->getSystemValue('share_temporary_password_expiration_interval');
+ if ($expirationInterval === '' || is_null($expirationInterval)) {
+ $expirationInterval = 'P0DT15M';
+ }
+ $expirationTime = $now->add(new \DateInterval($expirationInterval));
+ } catch (\Exception $e) {
+ // Catches invalid format for system value 'share_temporary_password_expiration_interval'
+ \OC::$server->getLogger()->logException($e, [
+ 'message' => 'The \'share_temporary_password_expiration_interval\' system setting does not respect the DateInterval::__construct() format. Setting it to \'P0DT15M\''
+ ]);
+ $expirationTime = $now->add(new \DateInterval('P0DT15M'));
+ } finally {
+ $share->setPasswordExpirationTime($expirationTime);
+ }
+ }
+
+ /**
* Since we have multiple providers but the OCS Share API v1 does
* not support this we need to check all backends.
*
diff --git a/apps/files_sharing/lib/Controller/ShareController.php b/apps/files_sharing/lib/Controller/ShareController.php
index 411873c9c86..a12878e6de2 100644
--- a/apps/files_sharing/lib/Controller/ShareController.php
+++ b/apps/files_sharing/lib/Controller/ShareController.php
@@ -72,6 +72,7 @@ use OCP\ISession;
use OCP\IURLGenerator;
use OCP\IUser;
use OCP\IUserManager;
+use OCP\Security\ISecureRandom;
use OCP\Share;
use OCP\Share\Exceptions\ShareNotFound;
use OCP\Share\IManager as ShareManager;
@@ -84,53 +85,21 @@ use OCP\Template;
* @package OCA\Files_Sharing\Controllers
*/
class ShareController extends AuthPublicShareController {
+ protected IConfig $config;
+ protected IUserManager $userManager;
+ protected ILogger $logger;
+ protected \OCP\Activity\IManager $activityManager;
+ protected IPreview $previewManager;
+ protected IRootFolder $rootFolder;
+ protected FederatedShareProvider $federatedShareProvider;
+ protected IAccountManager $accountManager;
+ protected IEventDispatcher $eventDispatcher;
+ protected IL10N $l10n;
+ protected Defaults $defaults;
+ protected ShareManager $shareManager;
+ protected ISecureRandom $secureRandom;
+ protected ?Share\IShare $share = null;
- /** @var IConfig */
- protected $config;
- /** @var IUserManager */
- protected $userManager;
- /** @var ILogger */
- protected $logger;
- /** @var \OCP\Activity\IManager */
- protected $activityManager;
- /** @var IPreview */
- protected $previewManager;
- /** @var IRootFolder */
- protected $rootFolder;
- /** @var FederatedShareProvider */
- protected $federatedShareProvider;
- /** @var IAccountManager */
- protected $accountManager;
- /** @var IEventDispatcher */
- protected $eventDispatcher;
- /** @var IL10N */
- protected $l10n;
- /** @var Defaults */
- protected $defaults;
- /** @var ShareManager */
- protected $shareManager;
-
- /** @var Share\IShare */
- protected $share;
-
- /**
- * @param string $appName
- * @param IRequest $request
- * @param IConfig $config
- * @param IURLGenerator $urlGenerator
- * @param IUserManager $userManager
- * @param ILogger $logger
- * @param \OCP\Activity\IManager $activityManager
- * @param \OCP\Share\IManager $shareManager
- * @param ISession $session
- * @param IPreview $previewManager
- * @param IRootFolder $rootFolder
- * @param FederatedShareProvider $federatedShareProvider
- * @param IAccountManager $accountManager
- * @param IEventDispatcher $eventDispatcher
- * @param IL10N $l10n
- * @param Defaults $defaults
- */
public function __construct(string $appName,
IRequest $request,
IConfig $config,
@@ -146,6 +115,7 @@ class ShareController extends AuthPublicShareController {
IAccountManager $accountManager,
IEventDispatcher $eventDispatcher,
IL10N $l10n,
+ ISecureRandom $secureRandom,
Defaults $defaults) {
parent::__construct($appName, $request, $session, $urlGenerator);
@@ -159,6 +129,7 @@ class ShareController extends AuthPublicShareController {
$this->accountManager = $accountManager;
$this->eventDispatcher = $eventDispatcher;
$this->l10n = $l10n;
+ $this->secureRandom = $secureRandom;
$this->defaults = $defaults;
$this->shareManager = $shareManager;
}
@@ -209,6 +180,56 @@ class ShareController extends AuthPublicShareController {
return $response;
}
+ /**
+ * The template to show after user identification
+ */
+ protected function showIdentificationResult(bool $success = false): TemplateResponse {
+ $templateParameters = ['share' => $this->share, 'identityOk' => $success];
+
+ $this->eventDispatcher->dispatchTyped(new BeforeTemplateRenderedEvent($this->share, BeforeTemplateRenderedEvent::SCOPE_PUBLIC_SHARE_AUTH));
+
+ $response = new TemplateResponse('core', 'publicshareauth', $templateParameters, 'guest');
+ if ($this->share->getSendPasswordByTalk()) {
+ $csp = new ContentSecurityPolicy();
+ $csp->addAllowedConnectDomain('*');
+ $csp->addAllowedMediaDomain('blob:');
+ $response->setContentSecurityPolicy($csp);
+ }
+
+ return $response;
+ }
+
+ /**
+ * Validate the identity token of a public share
+ *
+ * @param ?string $identityToken
+ * @return bool
+ */
+ protected function validateIdentity(?string $identityToken = null): bool {
+
+ if ($this->share->getShareType() !== IShare::TYPE_EMAIL) {
+ return false;
+ }
+
+ if ($identityToken === null || $this->share->getSharedWith() === null) {
+ return false;
+ }
+
+ return $identityToken === $this->share->getSharedWith();
+ }
+
+ /**
+ * Generates a password for the share, respecting any password policy defined
+ */
+ protected function generatePassword(): void {
+ $event = new \OCP\Security\Events\GenerateSecurePasswordEvent();
+ $this->eventDispatcher->dispatchTyped($event);
+ $password = $event->getPassword() ?? $this->secureRandom->generate(20);
+
+ $this->share->setPassword($password);
+ $this->shareManager->updateShare($this->share);
+ }
+
protected function verifyPassword(string $password): bool {
return $this->shareManager->checkPassword($this->share, $password);
}
diff --git a/apps/files_sharing/lib/Migration/Version24000Date20220208195521.php b/apps/files_sharing/lib/Migration/Version24000Date20220208195521.php
new file mode 100644
index 00000000000..d5f938dde6d
--- /dev/null
+++ b/apps/files_sharing/lib/Migration/Version24000Date20220208195521.php
@@ -0,0 +1,51 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * @copyright Copyright (c) 2022 Vincent Petry <vincent@nextloud.com>
+ *
+ * @author Vincent Petry <vincent@nextcloud.com>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+namespace OCA\Files_Sharing\Migration;
+
+use Closure;
+use OCP\DB\Types;
+use OCP\DB\ISchemaWrapper;
+use OCP\Migration\IOutput;
+use OCP\Migration\SimpleMigrationStep;
+
+class Version24000Date20220208195521 extends SimpleMigrationStep {
+
+ /**
+ * @param IOutput $output
+ * @param Closure $schemaClosure The `\Closure` returns a `ISchemaWrapper`
+ * @param array $options
+ * @return null|ISchemaWrapper
+ */
+ public function changeSchema(IOutput $output, Closure $schemaClosure, array $options): ?ISchemaWrapper {
+ $schema = $schemaClosure();
+ $table = $schema->getTable('share');
+ $table->addColumn('password_expiration_time', Types::DATETIME, [
+ 'notnull' => false,
+ ]);
+ return $schema;
+ }
+
+}
diff --git a/apps/files_sharing/src/components/SharingEntryLink.vue b/apps/files_sharing/src/components/SharingEntryLink.vue
index 52215d37ec8..ee7e8d4b930 100644
--- a/apps/files_sharing/src/components/SharingEntryLink.vue
+++ b/apps/files_sharing/src/components/SharingEntryLink.vue
@@ -780,8 +780,8 @@ export default {
/**
* Uncheck password protection
* We need this method because @update:checked
- * is ran simultaneously as @uncheck, so
- * so we cannot ensure data is up-to-date
+ * is ran simultaneously as @uncheck, so we
+ * cannot ensure data is up-to-date
*/
onPasswordDisable() {
this.share.password = ''
diff --git a/apps/files_sharing/tests/Controller/ShareAPIControllerTest.php b/apps/files_sharing/tests/Controller/ShareAPIControllerTest.php
index 4b52f7a2a36..5555aef1425 100644
--- a/apps/files_sharing/tests/Controller/ShareAPIControllerTest.php
+++ b/apps/files_sharing/tests/Controller/ShareAPIControllerTest.php
@@ -4410,6 +4410,7 @@ class ShareAPIControllerTest extends TestCase {
'hide_download' => 0,
'can_edit' => false,
'can_delete' => false,
+ 'password_expiration_time' => null,
], $share, [], false
];
@@ -4459,6 +4460,7 @@ class ShareAPIControllerTest extends TestCase {
'hide_download' => 0,
'can_edit' => false,
'can_delete' => false,
+ 'password_expiration_time' => null,
], $share, [], false
];
diff --git a/apps/files_sharing/tests/Controller/ShareControllerTest.php b/apps/files_sharing/tests/Controller/ShareControllerTest.php
index be2616f70fc..04d2a08b4e6 100644
--- a/apps/files_sharing/tests/Controller/ShareControllerTest.php
+++ b/apps/files_sharing/tests/Controller/ShareControllerTest.php
@@ -106,6 +106,8 @@ class ShareControllerTest extends \Test\TestCase {
private $eventDispatcher;
/** @var IL10N */
private $l10n;
+ /** @var ISecureRandom */
+ private $secureRandom;
/** @var Defaults|MockObject */
private $defaults;
@@ -127,6 +129,7 @@ class ShareControllerTest extends \Test\TestCase {
$this->accountManager = $this->createMock(IAccountManager::class);
$this->eventDispatcher = $this->createMock(IEventDispatcher::class);
$this->l10n = $this->createMock(IL10N::class);
+ $this->secureRandom = $this->createMock(ISecureRandom::class);
$this->defaults = $this->createMock(Defaults::class);
$this->shareController = new \OCA\Files_Sharing\Controller\ShareController(
@@ -145,6 +148,7 @@ class ShareControllerTest extends \Test\TestCase {
$this->accountManager,
$this->eventDispatcher,
$this->l10n,
+ $this->secureRandom,
$this->defaults
);