diff options
| author | Pytal <24800714+Pytal@users.noreply.github.com> | 2025-01-15 16:25:35 -0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-01-15 16:25:35 -0800 |
| commit | 76ed55ace1376f376e113bf0ba7a01576d6dc200 (patch) | |
| tree | 432b90fc7af6af96c433a05f9651a6ed9b2f0625 /lib/private | |
| parent | 3fbc85426af226005c6e7e7c0b6b6083068d4f28 (diff) | |
| parent | a3cfc4f28efd17cab0f3cece0fef59fd8a61f02d (diff) | |
| download | nextcloud-server-76ed55ace1376f376e113bf0ba7a01576d6dc200.tar.gz nextcloud-server-76ed55ace1376f376e113bf0ba7a01576d6dc200.zip | |
Merge pull request #49317 from nextcloud/feat/edit-share-token
feat: Make it possible to customize share link tokens
Diffstat (limited to 'lib/private')
| -rw-r--r-- | lib/private/Share20/Manager.php | 82 |
1 files changed, 47 insertions, 35 deletions
diff --git a/lib/private/Share20/Manager.php b/lib/private/Share20/Manager.php index 219f3d86380..3300a5d2e67 100644 --- a/lib/private/Share20/Manager.php +++ b/lib/private/Share20/Manager.php @@ -21,6 +21,7 @@ use OCP\Files\Mount\IShareOwnerlessMount; use OCP\Files\Node; use OCP\Files\NotFoundException; use OCP\HintException; +use OCP\IAppConfig; use OCP\IConfig; use OCP\IDateTimeZone; use OCP\IGroupManager; @@ -43,6 +44,7 @@ use OCP\Share\Events\ShareDeletedFromSelfEvent; use OCP\Share\Exceptions\AlreadySharedException; use OCP\Share\Exceptions\GenericShareException; use OCP\Share\Exceptions\ShareNotFound; +use OCP\Share\Exceptions\ShareTokenException; use OCP\Share\IManager; use OCP\Share\IProviderFactory; use OCP\Share\IShare; @@ -78,6 +80,7 @@ class Manager implements IManager { private KnownUserService $knownUserService, private ShareDisableChecker $shareDisableChecker, private IDateTimeZone $dateTimeZone, + private IAppConfig $appConfig, ) { $this->l = $this->l10nFactory->get('lib'); // The constructor of LegacyHooks registers the listeners of share events @@ -659,41 +662,7 @@ class Manager implements IManager { $this->linkCreateChecks($share); $this->setLinkParent($share); - // Initial token length - $tokenLength = \OC\Share\Helper::getTokenLength(); - - do { - $tokenExists = false; - - for ($i = 0; $i <= 2; $i++) { - // Generate a new token - $token = $this->secureRandom->generate( - $tokenLength, - \OCP\Security\ISecureRandom::CHAR_HUMAN_READABLE - ); - - try { - // Try to fetch a share with the generated token - $this->getShareByToken($token); - $tokenExists = true; // Token exists, we need to try again - } catch (\OCP\Share\Exceptions\ShareNotFound $e) { - // Token is unique, exit the loop - $tokenExists = false; - break; - } - } - - // If we've reached the maximum attempts and the token still exists, increase the token length - if ($tokenExists) { - $tokenLength++; - - // Check if the token length exceeds the maximum allowed length - if ($tokenLength > \OC\Share\Constants::MAX_TOKEN_LENGTH) { - throw new \Exception('Unable to generate a unique share token. Maximum token length exceeded.'); - } - } - } while ($tokenExists); - + $token = $this->generateToken(); // Set the unique token $share->setToken($token); @@ -1939,6 +1908,10 @@ class Manager implements IManager { return $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match_ignore_second_dn', 'no') === 'yes'; } + public function allowCustomTokens(): bool { + return $this->appConfig->getValueBool('core', 'shareapi_allow_custom_tokens', false); + } + public function currentUserCanEnumerateTargetUser(?IUser $currentUser, IUser $targetUser): bool { if ($this->allowEnumerationFullMatch()) { return true; @@ -2025,4 +1998,43 @@ class Manager implements IManager { yield from $provider->getAllShares(); } } + + public function generateToken(): string { + // Initial token length + $tokenLength = \OC\Share\Helper::getTokenLength(); + + do { + $tokenExists = false; + + for ($i = 0; $i <= 2; $i++) { + // Generate a new token + $token = $this->secureRandom->generate( + $tokenLength, + ISecureRandom::CHAR_HUMAN_READABLE, + ); + + try { + // Try to fetch a share with the generated token + $this->getShareByToken($token); + $tokenExists = true; // Token exists, we need to try again + } catch (ShareNotFound $e) { + // Token is unique, exit the loop + $tokenExists = false; + break; + } + } + + // If we've reached the maximum attempts and the token still exists, increase the token length + if ($tokenExists) { + $tokenLength++; + + // Check if the token length exceeds the maximum allowed length + if ($tokenLength > \OC\Share\Constants::MAX_TOKEN_LENGTH) { + throw new ShareTokenException('Unable to generate a unique share token. Maximum token length exceeded.'); + } + } + } while ($tokenExists); + + return $token; + } } |