diff options
| -rw-r--r-- | lib/private/share/share.php | 13 | ||||
| -rw-r--r-- | tests/lib/share/share.php | 36 |
2 files changed, 49 insertions, 0 deletions
diff --git a/lib/private/share/share.php b/lib/private/share/share.php index c0285125234..40fcc59f219 100644 --- a/lib/private/share/share.php +++ b/lib/private/share/share.php @@ -782,6 +782,19 @@ class Share extends Constants { \OCP\Util::writeLog('OCP\Share', sprintf($message, $itemSourceName), \OCP\Util::ERROR); throw new \Exception($message_t); } else if ($shareType === self::SHARE_TYPE_REMOTE) { + + /* + * Check if file is not already shared with the remote user + */ + if ($checkExists = self::getItems($itemType, $itemSource, self::SHARE_TYPE_REMOTE, + $shareWith, $uidOwner, self::FORMAT_NONE, null, 1, true, true)) { + $message = 'Sharing %s failed, because this item is already shared with %s'; + $message_t = $l->t('Sharing %s failed, because this item is already shared with %s', array($itemSourceName, $shareWith)); + \OCP\Util::writeLog('OCP\Share', sprintf($message, $itemSourceName, $shareWith), \OCP\Util::ERROR); + throw new \Exception($message_t); + } + + $token = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(self::TOKEN_LENGTH, \OCP\Security\ISecureRandom::CHAR_LOWER . \OCP\Security\ISecureRandom::CHAR_UPPER . \OCP\Security\ISecureRandom::CHAR_DIGITS); diff --git a/tests/lib/share/share.php b/tests/lib/share/share.php index 52511810efa..b6d3e16826d 100644 --- a/tests/lib/share/share.php +++ b/tests/lib/share/share.php @@ -1531,6 +1531,42 @@ class Test_Share extends \Test\TestCase { \OC\Share\Share::setPassword($userSession, $connection, $config, 1, 'pass'); } + /** + * Make sure that a user cannot have multiple identical shares to remote users + */ + public function testOnlyOneRemoteShare() { + $oldHttpHelper = \OC::$server->query('HTTPHelper'); + $httpHelperMock = $this->getMockBuilder('OC\HttpHelper') + ->disableOriginalConstructor() + ->getMock(); + $this->setHttpHelper($httpHelperMock); + + $httpHelperMock->expects($this->at(0)) + ->method('post') + ->with($this->stringStartsWith('https://localhost/ocs/v1.php/cloud/shares'), $this->anything()) + ->willReturn(['success' => true, 'result' => json_encode(['ocs' => ['meta' => ['statuscode' => 100]]])]); + + \OCP\Share::shareItem('test', 'test.txt', \OCP\Share::SHARE_TYPE_REMOTE, 'foo@localhost', \OCP\Constants::PERMISSION_READ); + $shares = \OCP\Share::getItemShared('test', 'test.txt'); + $share = array_shift($shares); + + //Try share again + try { + \OCP\Share::shareItem('test', 'test.txt', \OCP\Share::SHARE_TYPE_REMOTE, 'foo@localhost', \OCP\Constants::PERMISSION_READ); + $this->fail('Identical remote shares are not allowed'); + } catch (\Exception $e) { + $this->assertEquals('Sharing test.txt failed, because this item is already shared with foo@localhost', $e->getMessage()); + } + + $httpHelperMock->expects($this->at(0)) + ->method('post') + ->with($this->stringStartsWith('https://localhost/ocs/v1.php/cloud/shares/' . $share['id'] . '/unshare'), $this->anything()) + ->willReturn(['success' => true, 'result' => json_encode(['ocs' => ['meta' => ['statuscode' => 100]]])]); + + \OCP\Share::unshare('test', 'test.txt', \OCP\Share::SHARE_TYPE_REMOTE, 'foo@localhost'); + $this->setHttpHelper($oldHttpHelper); + } + } class DummyShareClass extends \OC\Share\Share { |