diff options
| author | Roeland Jago Douma <roeland@famdouma.nl> | 2018-05-18 12:28:52 +0200 |
|---|---|---|
| committer | Roeland Jago Douma <roeland@famdouma.nl> | 2018-06-20 08:53:35 +0200 |
| commit | f36ef8ca80d92727857fe398491fce6eb17ee996 (patch) | |
| tree | 5388c45bda5a719b6737d39756f2597cb658a0fa /lib/private | |
| parent | cad8824a8e7da7fcf61960b6502b307672651c2b (diff) | |
| download | nextcloud-server-f36ef8ca80d92727857fe398491fce6eb17ee996.tar.gz nextcloud-server-f36ef8ca80d92727857fe398491fce6eb17ee996.zip | |
Add the new PublicShareController and PublicShareMiddleware
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Diffstat (limited to 'lib/private')
3 files changed, 99 insertions, 1 deletions
diff --git a/lib/private/AppFramework/DependencyInjection/DIContainer.php b/lib/private/AppFramework/DependencyInjection/DIContainer.php index c82ac5255dd..8803ef8c47d 100644 --- a/lib/private/AppFramework/DependencyInjection/DIContainer.php +++ b/lib/private/AppFramework/DependencyInjection/DIContainer.php @@ -62,6 +62,7 @@ use OCP\IL10N; use OCP\ILogger; use OCP\IRequest; use OCP\IServerContainer; +use OCP\ISession; use OCP\IUserSession; use OCP\RichObjectStrings\IValidator; use OCP\Encryption\IManager; @@ -304,7 +305,7 @@ class DIContainer extends SimpleContainer implements IAppContainer { }); $middleWares = &$this->middleWares; - $this->registerService('MiddlewareDispatcher', function($c) use (&$middleWares) { + $this->registerService('MiddlewareDispatcher', function(SimpleContainer $c) use (&$middleWares) { $dispatcher = new MiddlewareDispatcher(); $dispatcher->registerMiddleware($c[OC\AppFramework\Middleware\Security\SameSiteCookieMiddleware::class]); $dispatcher->registerMiddleware($c['CORSMiddleware']); @@ -314,6 +315,11 @@ class DIContainer extends SimpleContainer implements IAppContainer { $dispatcher->registerMiddleware($c['TwoFactorMiddleware']); $dispatcher->registerMiddleware($c['BruteForceMiddleware']); $dispatcher->registerMiddleware($c['RateLimitingMiddleware']); + $dispatcher->registerMiddleware(new OC\AppFramework\Middleware\PublicShare\PublicShareMiddleware( + $c['Request'], + $c->query(ISession::class), + $c->query(\OCP\IConfig::class) + )); foreach($middleWares as $middleWare) { $dispatcher->registerMiddleware($c[$middleWare]); diff --git a/lib/private/AppFramework/Middleware/PublicShare/Exceptions/NeedAuthenticationException.php b/lib/private/AppFramework/Middleware/PublicShare/Exceptions/NeedAuthenticationException.php new file mode 100644 index 00000000000..27e57fe9505 --- /dev/null +++ b/lib/private/AppFramework/Middleware/PublicShare/Exceptions/NeedAuthenticationException.php @@ -0,0 +1,7 @@ +<?php + +namespace OC\AppFramework\Middleware\PublicShare\Exceptions; + +class NeedAuthenticationException extends \Exception { + +} diff --git a/lib/private/AppFramework/Middleware/PublicShare/PublicShareMiddleware.php b/lib/private/AppFramework/Middleware/PublicShare/PublicShareMiddleware.php new file mode 100644 index 00000000000..2b3f384fcd4 --- /dev/null +++ b/lib/private/AppFramework/Middleware/PublicShare/PublicShareMiddleware.php @@ -0,0 +1,85 @@ +<?php + +namespace OC\AppFramework\Middleware\PublicShare; + +use OC\AppFramework\Middleware\PublicShare\Exceptions\NeedAuthenticationException; +use OCP\AppFramework\AuthPublicShareController; +use OCP\AppFramework\Http\NotFoundResponse; +use OCP\AppFramework\Http\Response; +use OCP\AppFramework\Middleware; +use OCP\AppFramework\PublicShareController; +use OCP\Files\NotFoundException; +use OCP\IRequest; +use OCP\ISession; + +class PublicShareMiddleware extends Middleware { + /** @var IRequest */ + private $request; + + /** @var ISession */ + private $session; + + public function __construct(IRequest $request, ISession $session) { + $this->request = $request; + $this->session = $session; + } + + public function beforeController($controller, $methodName) { + if (!($controller instanceof PublicShareController)) { + return; + } + + // We require the token parameter to be set + $token = $this->request->getParam('token'); + if ($token === null) { + throw new NotFoundException(); + } + + // Set the token + $controller->setToken($token); + + if (!$controller->isValidToken()) { + $controller->shareNotFound(); + throw new NotFoundException(); + } + + // No need to check for authentication when we try to authenticate + if ($methodName === 'authenticate' || $methodName === 'showAuthenticate') { + return; + } + + // If authentication succeeds just continue + if ($controller->isAuthenticated($token)) { + return; + } + + // If we can authenticate to this controller do it else we throw a 404 to not leak any info + if ($controller instanceof AuthPublicShareController) { + $this->session->set('public_link_authenticate_redirect', json_encode($this->request->getParams())); + throw new NeedAuthenticationException(); + } + + throw new NotFoundException(); + + } + + public function afterException($controller, $methodName, \Exception $exception) { + if (!($controller instanceof PublicShareController)) { + throw $exception; + } + + if ($exception instanceof NotFoundException) { + return new NotFoundResponse(); + } + + if ($controller instanceof AuthPublicShareController && $exception instanceof NeedAuthenticationException) { + return $controller->getAuthenticationRedirect($this->getFunctionForRoute($this->request->getParam('_route'))); + } + + throw $exception; + } + + private function getFunctionForRoute(string $route): string { + return array_pop(explode('.', $route)); + } +} |