diff options
| author | Björn Schießle <bjoern@schiessle.org> | 2015-12-09 12:00:00 +0100 |
|---|---|---|
| committer | Björn Schießle <bjoern@schiessle.org> | 2015-12-14 17:16:14 +0100 |
| commit | efc030aa25b047a7c9f720cf781f26cbe1d274e0 (patch) | |
| tree | c5fb0f9eb12ec53a9f9e20a3a6ede8841e64b25c /lib/private/share | |
| parent | db41c4f4b5f27757838ba17c03f6f263b91af527 (diff) | |
| download | nextcloud-server-efc030aa25b047a7c9f720cf781f26cbe1d274e0.tar.gz nextcloud-server-efc030aa25b047a7c9f720cf781f26cbe1d274e0.zip | |
don't allow to create a federated share if source and target server are the same
Diffstat (limited to 'lib/private/share')
| -rw-r--r-- | lib/private/share/helper.php | 34 | ||||
| -rw-r--r-- | lib/private/share/share.php | 13 |
2 files changed, 45 insertions, 2 deletions
diff --git a/lib/private/share/helper.php b/lib/private/share/helper.php index 26bbca81317..0441647df83 100644 --- a/lib/private/share/helper.php +++ b/lib/private/share/helper.php @@ -289,4 +289,38 @@ class Helper extends \OC\Share\Constants { $hint = $l->t('Invalid Federated Cloud ID'); throw new HintException('Invalid Fededrated Cloud ID', $hint); } + + /** + * check if two federated cloud IDs refer to the same user + * + * @param string $user1 + * @param string $server1 + * @param string $user2 + * @param string $server2 + * @return bool true if both users and servers are the same + */ + public static function isSameUserOnSameServer($user1, $server1, $user2, $server2) { + $normalizedServer1 = strtolower(\OC\Share\Share::removeProtocolFromUrl($server1)); + $normalizedServer2 = strtolower(\OC\Share\Share::removeProtocolFromUrl($server2)); + + if (rtrim($normalizedServer1, '/') === rtrim($normalizedServer2, '/')) { + // FIXME this should be a method in the user management instead + \OCP\Util::emitHook( + '\OCA\Files_Sharing\API\Server2Server', + 'preLoginNameUsedAsUserName', + array('uid' => &$user1) + ); + \OCP\Util::emitHook( + '\OCA\Files_Sharing\API\Server2Server', + 'preLoginNameUsedAsUserName', + array('uid' => &$user2) + ); + + if ($user1 === $user2) { + return true; + } + } + + return false; + } } diff --git a/lib/private/share/share.php b/lib/private/share/share.php index 3edffba8a3f..fff437b3ff7 100644 --- a/lib/private/share/share.php +++ b/lib/private/share/share.php @@ -849,11 +849,20 @@ class Share extends Constants { throw new \Exception($message_t); } + // don't allow federated shares if source and target server are the same + list($user, $remote) = Helper::splitUserRemote($shareWith); + $currentServer = self::removeProtocolFromUrl(\OC::$server->getURLGenerator()->getAbsoluteURL('/')); + $currentUser = \OC::$server->getUserSession()->getUser()->getUID(); + if (Helper::isSameUserOnSameServer($user, $remote, $currentUser, $currentServer)) { + $message = 'Not allowed to create a federated share with the same user.'; + $message_t = $l->t('Not allowed to create a federated share with the same user'); + \OCP\Util::writeLog('OCP\Share', $message, \OCP\Util::DEBUG); + throw new \Exception($message_t); + } $token = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(self::TOKEN_LENGTH, \OCP\Security\ISecureRandom::CHAR_LOWER . \OCP\Security\ISecureRandom::CHAR_UPPER . \OCP\Security\ISecureRandom::CHAR_DIGITS); - list($user, $remote) = Helper::splitUserRemote($shareWith); $shareWith = $user . '@' . $remote; $shareId = self::put($itemType, $itemSource, $shareType, $shareWith, $uidOwner, $permissions, null, $token, $itemSourceName); @@ -2510,7 +2519,7 @@ class Share extends Constants { * @param string $url * @return string */ - private static function removeProtocolFromUrl($url) { + public static function removeProtocolFromUrl($url) { if (strpos($url, 'https://') === 0) { return substr($url, strlen('https://')); } else if (strpos($url, 'http://') === 0) { |