allow password protected mail shares

Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>

5 files changed, 185 insertions, 13 deletions

diff --git a/apps/files_sharing/lib/Controller/ShareAPIController.php b/apps/files_sharing/lib/Controller/ShareAPIController.php
index 80ba7534da0..bd3535536e4 100644
--- a/apps/files_sharing/lib/Controller/ShareAPIController.php
+++ b/apps/files_sharing/lib/Controller/ShareAPIController.php
@@ -742,12 +742,31 @@ class ShareAPIController extends OCSController {
 
 		} else {
 			// For other shares only permissions is valid.
-			if ($permissions === null) {
+			if ($share->getShareType() !== \OCP\Share::SHARE_TYPE_EMAIL && $permissions === null) {
 				throw new OCSBadRequestException($this->l->t('Wrong or no update parameter given'));
-			} else {
+			} elseif ($permissions !== null) {
 				$permissions = (int)$permissions;
 				$share->setPermissions($permissions);
 			}
+
+			if ($share->getShareType() === \OCP\Share::SHARE_TYPE_EMAIL) {
+				if ($expireDate === '') {
+					$share->setExpirationDate(null);
+				} else if ($expireDate !== null) {
+					try {
+						$expireDate = $this->parseDate($expireDate);
+					} catch (\Exception $e) {
+						throw new OCSBadRequestException($e->getMessage());
+					}
+					$share->setExpirationDate($expireDate);
+				}
+
+				if ($password === '') {
+					$share->setPassword(null);
+				} else if ($password !== null) {
+					$share->setPassword($password);
+				}
+			}
 		}
 
 		if ($permissions !== null && $share->getShareOwner() !== $this->currentUser) {
diff --git a/apps/sharebymail/lib/ShareByMailProvider.php b/apps/sharebymail/lib/ShareByMailProvider.php
index 86f2a8fd49a..f49a4d07eb9 100644
--- a/apps/sharebymail/lib/ShareByMailProvider.php
+++ b/apps/sharebymail/lib/ShareByMailProvider.php
@@ -275,10 +275,10 @@ class ShareByMailProvider implements IShareProvider {
 	protected function createMailBody($template, $filename, $link, $owner, $initiator) {
 
 		$mailBodyTemplate = new Template('sharebymail', $template, '');
-		$mailBodyTemplate->assign ('filename', $filename);
+		$mailBodyTemplate->assign ('filename', \OCP\Util::sanitizeHTML($filename));
 		$mailBodyTemplate->assign ('link', $link);
-		$mailBodyTemplate->assign ('owner', $owner);
-		$mailBodyTemplate->assign ('initiator', $initiator);
+		$mailBodyTemplate->assign ('owner', \OCP\Util::sanitizeHTML($owner));
+		$mailBodyTemplate->assign ('initiator', \OCP\Util::sanitizeHTML($initiator));
 		$mailBodyTemplate->assign ('onBehalfOf', $initiator !== $owner);
 		$mailBody = $mailBodyTemplate->fetchPage();
 
@@ -291,6 +291,55 @@ class ShareByMailProvider implements IShareProvider {
 	}
 
 	/**
+	 * send password to recipient of a mail share
+	 *
+	 * @param string $filename
+	 * @param string $initiator
+	 * @param string $shareWith
+	 */
+	protected function sendPassword($filename, $initiator, $shareWith, $password) {
+		$initiatorUser = $this->userManager->get($initiator);
+		$initiatorDisplayName = ($initiatorUser instanceof IUser) ? $initiatorUser->getDisplayName() : $initiator;
+		$subject = (string)$this->l->t('Password to access »%s« shared to you by %s', [$filename, $initiatorDisplayName]);
+
+		$message = $this->mailer->createMessage();
+		$htmlBody = $this->createMailBodyToSendPassword('mailpassword', $filename, $initiatorDisplayName, $password);
+		$textBody = $this->createMailBodyToSendPassword('altmailpassword', $filename,$initiatorDisplayName, $password);
+		$message->setTo([$shareWith]);
+		$message->setSubject($subject);
+		$message->setBody($textBody, 'text/plain');
+		$message->setHtmlBody($htmlBody);
+		$this->mailer->send($message);
+
+	}
+
+	/**
+	 * create mail body to send password to recipient
+	 *
+	 * @param string $filename
+	 * @param string $initiator
+	 * @param string $password
+	 * @return string plain text mail
+	 * @throws HintException
+	 */
+	protected function createMailBodyToSendPassword($template, $filename, $initiator, $password) {
+
+		$mailBodyTemplate = new Template('sharebymail', $template, '');
+		$mailBodyTemplate->assign ('filename', \OCP\Util::sanitizeHTML($filename));
+		$mailBodyTemplate->assign ('password', \OCP\Util::sanitizeHTML($password));
+		$mailBodyTemplate->assign ('initiator', \OCP\Util::sanitizeHTML($initiator));
+		$mailBody = $mailBodyTemplate->fetchPage();
+
+		if (is_string($mailBody)) {
+			return $mailBody;
+		}
+
+		throw new HintException('Failed to create the E-mail',
+			$this->l->t('Failed to create the E-mail'));
+	}
+
+
+	/**
 	 * generate share token
 	 *
 	 * @return string
@@ -368,19 +417,30 @@ class ShareByMailProvider implements IShareProvider {
 	 * Update a share
 	 *
 	 * @param IShare $share
+	 * @param string|null $plainTextPassword
 	 * @return IShare The share object
 	 */
-	public function update(IShare $share) {
+	public function update(IShare $share, $plainTextPassword = null) {
+
+		$originalShare = $this->getShareById($share->getId());
+
+		// a real password was given
+		$validPassword = $plainTextPassword !== null && $plainTextPassword !== '';
+
+		if($validPassword && $originalShare->getPassword() !== $share->getPassword()) {
+			$this->sendPassword($share->getNode()->getName(), $share->getSharedBy(), $share->getSharedWith(), $plainTextPassword);
+		}
 		/*
-		 * We allow updating the permissions of mail shares
+		 * We allow updating the permissions and password of mail shares
 		 */
 		$qb = $this->dbConnection->getQueryBuilder();
-			$qb->update('share')
-				->where($qb->expr()->eq('id', $qb->createNamedParameter($share->getId())))
-				->set('permissions', $qb->createNamedParameter($share->getPermissions()))
-				->set('uid_owner', $qb->createNamedParameter($share->getShareOwner()))
-				->set('uid_initiator', $qb->createNamedParameter($share->getSharedBy()))
-				->execute();
+		$qb->update('share')
+			->where($qb->expr()->eq('id', $qb->createNamedParameter($share->getId())))
+			->set('permissions', $qb->createNamedParameter($share->getPermissions()))
+			->set('uid_owner', $qb->createNamedParameter($share->getShareOwner()))
+			->set('uid_initiator', $qb->createNamedParameter($share->getSharedBy()))
+			->set('password', $qb->createNamedParameter($share->getPassword()))
+			->execute();
 
 		return $share;
 	}
@@ -625,6 +685,7 @@ class ShareByMailProvider implements IShareProvider {
 		$shareTime->setTimestamp((int)$data['stime']);
 		$share->setShareTime($shareTime);
 		$share->setSharedWith($data['share_with']);
+		$share->setPassword($data['password']);
 
 		if ($data['uid_initiator'] !== null) {
 			$share->setShareOwner($data['uid_owner']);
diff --git a/apps/sharebymail/templates/altmailpassword.php b/apps/sharebymail/templates/altmailpassword.php
new file mode 100644
index 00000000000..f6e4c5b4158
--- /dev/null
+++ b/apps/sharebymail/templates/altmailpassword.php
@@ -0,0 +1,32 @@
+<?php
+/**
+ * @copyright Copyright (c) 2016 Bjoern Schiessle <bjoern@schiessle.org>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+/** @var OC_Theme $theme */
+/** @var array $_ */
+print_unescaped($l->t("Hey there,\n\n%s shared »%s« with you.\nYou should have already received a separate mail with a link to access it.\n\nIt is protected with the following password: %s\n\n", [$_['initiator'], $_['filename'], $_['password']]));
+// TRANSLATORS term at the end of a mail
+p($l->t("Cheers!"));
+print_unescaped("\n");
+?>
+
+	--
+<?php p($theme->getName() . ' - ' . $theme->getSlogan()); ?>
+<?php print_unescaped("\n".$theme->getBaseUrl());
diff --git a/apps/sharebymail/templates/mailpassword.php b/apps/sharebymail/templates/mailpassword.php
new file mode 100644
index 00000000000..49a4853292b
--- /dev/null
+++ b/apps/sharebymail/templates/mailpassword.php
@@ -0,0 +1,59 @@
+<?php
+/**
+ * @copyright Copyright (c) 2016 Bjoern Schiessle <bjoern@schiessle.org>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+/** @var OC_Theme $theme */
+/** @var array $_ */
+?>
+
+<table cellspacing="0" cellpadding="0" border="0" width="100%">
+	<tr><td>
+			<table cellspacing="0" cellpadding="0" border="0" width="600px">
+				<tr>
+					<td colspan="2" bgcolor="<?php p($theme->getMailHeaderColor());?>">
+						<img src="<?php p(\OC::$server->getURLGenerator()->getAbsoluteURL(image_path('', 'logo-mail.png'))); ?>" alt="<?php p($theme->getName()); ?>"/>
+					</td>
+				</tr>
+				<tr><td colspan="2">&nbsp;</td></tr>
+				<tr>
+					<td width="20px">&nbsp;</td>
+					<td style="font-weight:normal; font-size:0.8em; line-height:1.2em; font-family:verdana,'arial',sans;">
+						<?php
+						print_unescaped($l->t('Hey there,<br><br>%s shared <i>%s</i> with you.<br>You should have already received a separate mail with a link to access it.<br><br>It is protected with the following password: %s<br><br>', [$_['initiator'], $_['filename'], $_['password']]));
+						// TRANSLATORS term at the end of a mail
+						p($l->t('Cheers!'));
+						?>
+					</td>
+				</tr>
+				<tr><td colspan="2">&nbsp;</td></tr>
+				<tr>
+					<td width="20px">&nbsp;</td>
+					<td style="font-weight:normal; font-size:0.8em; line-height:1.2em; font-family:verdana,'arial',sans;">--<br>
+						<?php p($theme->getName()); ?> -
+						<?php p($theme->getSlogan()); ?>
+						<br><a href="<?php p($theme->getBaseUrl()); ?>"><?php p($theme->getBaseUrl());?></a>
+					</td>
+				</tr>
+				<tr>
+					<td colspan="2">&nbsp;</td>
+				</tr>
+			</table>
+		</td></tr>
+</table>
diff --git a/apps/sharebymail/tests/ShareByMailProviderTest.php b/apps/sharebymail/tests/ShareByMailProviderTest.php
index 65eded3eb7d..013507fd35f 100644
--- a/apps/sharebymail/tests/ShareByMailProviderTest.php
+++ b/apps/sharebymail/tests/ShareByMailProviderTest.php
@@ -32,6 +32,7 @@ use OCP\ILogger;
 use OCP\IURLGenerator;
 use OCP\IUserManager;
 use OCP\Mail\IMailer;
+use OCP\Security\IHasher;
 use OCP\Security\ISecureRandom;
 use OCP\Share\Exceptions\ShareNotFound;
 use OCP\Share\IManager;