diff options
Diffstat (limited to 'apps/files_external/lib/Controller/AjaxController.php')
| -rw-r--r-- | apps/files_external/lib/Controller/AjaxController.php | 71 |
1 files changed, 40 insertions, 31 deletions
diff --git a/apps/files_external/lib/Controller/AjaxController.php b/apps/files_external/lib/Controller/AjaxController.php index 72c8b6cd25b..5cee6422530 100644 --- a/apps/files_external/lib/Controller/AjaxController.php +++ b/apps/files_external/lib/Controller/AjaxController.php @@ -1,4 +1,5 @@ <?php + /** * SPDX-FileCopyrightText: 2017-2024 Nextcloud GmbH and Nextcloud contributors * SPDX-FileCopyrightText: 2016 ownCloud, Inc. @@ -9,21 +10,16 @@ namespace OCA\Files_External\Controller; use OCA\Files_External\Lib\Auth\Password\GlobalAuth; use OCA\Files_External\Lib\Auth\PublicKey\RSA; use OCP\AppFramework\Controller; +use OCP\AppFramework\Http; +use OCP\AppFramework\Http\Attribute\NoAdminRequired; +use OCP\AppFramework\Http\Attribute\PasswordConfirmationRequired; use OCP\AppFramework\Http\JSONResponse; use OCP\IGroupManager; +use OCP\IL10N; use OCP\IRequest; use OCP\IUserSession; class AjaxController extends Controller { - /** @var RSA */ - private $rsaMechanism; - /** @var GlobalAuth */ - private $globalAuth; - /** @var IUserSession */ - private $userSession; - /** @var IGroupManager */ - private $groupManager; - /** * @param string $appName * @param IRequest $request @@ -32,17 +28,16 @@ class AjaxController extends Controller { * @param IUserSession $userSession * @param IGroupManager $groupManager */ - public function __construct($appName, + public function __construct( + $appName, IRequest $request, - RSA $rsaMechanism, - GlobalAuth $globalAuth, - IUserSession $userSession, - IGroupManager $groupManager) { + private RSA $rsaMechanism, + private GlobalAuth $globalAuth, + private IUserSession $userSession, + private IGroupManager $groupManager, + private IL10N $l10n, + ) { parent::__construct($appName, $request); - $this->rsaMechanism = $rsaMechanism; - $this->globalAuth = $globalAuth; - $this->userSession = $userSession; - $this->groupManager = $groupManager; } /** @@ -60,39 +55,53 @@ class AjaxController extends Controller { /** * Generates an SSH public/private key pair. * - * @NoAdminRequired * @param int $keyLength */ + #[NoAdminRequired] public function getSshKeys($keyLength = 1024) { $key = $this->generateSshKeys($keyLength); - return new JSONResponse( - ['data' => [ + return new JSONResponse([ + 'data' => [ 'private_key' => $key['privatekey'], 'public_key' => $key['publickey'] ], - 'status' => 'success' - ]); + 'status' => 'success', + ]); } /** - * @NoAdminRequired - * * @param string $uid * @param string $user * @param string $password - * @return bool + * @return JSONResponse */ - public function saveGlobalCredentials($uid, $user, $password) { + #[NoAdminRequired] + #[PasswordConfirmationRequired(strict: true)] + public function saveGlobalCredentials($uid, $user, $password): JSONResponse { $currentUser = $this->userSession->getUser(); + if ($currentUser === null) { + return new JSONResponse([ + 'status' => 'error', + 'message' => $this->l10n->t('You are not logged in'), + ], Http::STATUS_UNAUTHORIZED); + } // Non-admins can only edit their own credentials - $allowedToEdit = ($currentUser->getUID() === $uid); + // Admin can edit global credentials + $allowedToEdit = $uid === '' + ? $this->groupManager->isAdmin($currentUser->getUID()) + : $currentUser->getUID() === $uid; if ($allowedToEdit) { $this->globalAuth->saveAuth($uid, $user, $password); - return true; - } else { - return false; + return new JSONResponse([ + 'status' => 'success', + ]); } + + return new JSONResponse([ + 'status' => 'success', + 'message' => $this->l10n->t('Permission denied'), + ], Http::STATUS_FORBIDDEN); } } |