aboutsummaryrefslogtreecommitdiffstats
path: root/core/Controller
diff options
context:
space:
mode:
Diffstat (limited to 'core/Controller')
-rw-r--r--core/Controller/ErrorController.php62
-rw-r--r--core/Controller/LostController.php23
-rw-r--r--core/Controller/PreviewController.php11
-rw-r--r--core/Controller/ReferenceController.php11
-rw-r--r--core/Controller/UnsupportedBrowserController.php51
5 files changed, 148 insertions, 10 deletions
diff --git a/core/Controller/ErrorController.php b/core/Controller/ErrorController.php
new file mode 100644
index 00000000000..550b320a989
--- /dev/null
+++ b/core/Controller/ErrorController.php
@@ -0,0 +1,62 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * @copyright Copyright (c) 2022 Julius Härtl <jus@bitgrid.net>
+ *
+ * @author Julius Härtl <jus@bitgrid.net>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OC\Core\Controller;
+
+use OCP\AppFramework\Http;
+use OCP\AppFramework\Http\TemplateResponse;
+
+class ErrorController extends \OCP\AppFramework\Controller {
+ /**
+ * @PublicPage
+ * @NoCSRFRequired
+ */
+ public function error403(): TemplateResponse {
+ $response = new TemplateResponse(
+ 'core',
+ '403',
+ [],
+ 'error'
+ );
+ $response->setStatus(Http::STATUS_FORBIDDEN);
+ return $response;
+ }
+
+ /**
+ * @PublicPage
+ * @NoCSRFRequired
+ */
+ public function error404(): TemplateResponse {
+ $response = new TemplateResponse(
+ 'core',
+ '404',
+ [],
+ 'error'
+ );
+ $response->setStatus(Http::STATUS_NOT_FOUND);
+ return $response;
+ }
+}
diff --git a/core/Controller/LostController.php b/core/Controller/LostController.php
index e5dc5218cb1..fadfa242b93 100644
--- a/core/Controller/LostController.php
+++ b/core/Controller/LostController.php
@@ -36,10 +36,6 @@
namespace OC\Core\Controller;
use Exception;
-use OC\Authentication\TwoFactorAuth\Manager;
-use OC\Core\Events\BeforePasswordResetEvent;
-use OC\Core\Events\PasswordResetEvent;
-use OC\Core\Exception\ResetPasswordException;
use OCP\AppFramework\Controller;
use OCP\AppFramework\Http\JSONResponse;
use OCP\AppFramework\Http\TemplateResponse;
@@ -56,8 +52,14 @@ use OCP\IURLGenerator;
use OCP\IUser;
use OCP\IUserManager;
use OCP\Mail\IMailer;
-use OCP\Security\VerificationToken\InvalidTokenException;
use OCP\Security\VerificationToken\IVerificationToken;
+use OCP\Security\VerificationToken\InvalidTokenException;
+use OC\Authentication\TwoFactorAuth\Manager;
+use OC\Core\Events\BeforePasswordResetEvent;
+use OC\Core\Events\PasswordResetEvent;
+use OC\Core\Exception\ResetPasswordException;
+use OC\Security\RateLimiting\Exception\RateLimitExceededException;
+use OC\Security\RateLimiting\Limiter;
use Psr\Log\LoggerInterface;
use function array_filter;
use function count;
@@ -84,6 +86,7 @@ class LostController extends Controller {
private IInitialState $initialState;
private IVerificationToken $verificationToken;
private IEventDispatcher $eventDispatcher;
+ private Limiter $limiter;
public function __construct(
string $appName,
@@ -100,7 +103,8 @@ class LostController extends Controller {
Manager $twoFactorManager,
IInitialState $initialState,
IVerificationToken $verificationToken,
- IEventDispatcher $eventDispatcher
+ IEventDispatcher $eventDispatcher,
+ Limiter $limiter
) {
parent::__construct($appName, $request);
$this->urlGenerator = $urlGenerator;
@@ -116,6 +120,7 @@ class LostController extends Controller {
$this->initialState = $initialState;
$this->verificationToken = $verificationToken;
$this->eventDispatcher = $eventDispatcher;
+ $this->limiter = $limiter;
}
/**
@@ -267,6 +272,12 @@ class LostController extends Controller {
throw new ResetPasswordException('Could not send reset e-mail since there is no email for username ' . $input);
}
+ try {
+ $this->limiter->registerUserRequest('lostpasswordemail', 5, 1800, $user);
+ } catch (RateLimitExceededException $e) {
+ throw new ResetPasswordException('Could not send reset e-mail, 5 of them were already sent in the last 30 minutes', 0, $e);
+ }
+
// Generate the token. It is stored encrypted in the database with the
// secret being the users' email address appended with the system secret.
// This makes the token automatically invalidate once the user changes
diff --git a/core/Controller/PreviewController.php b/core/Controller/PreviewController.php
index 85dedd0bf68..9b3acaae013 100644
--- a/core/Controller/PreviewController.php
+++ b/core/Controller/PreviewController.php
@@ -27,6 +27,7 @@ declare(strict_types=1);
*/
namespace OC\Core\Controller;
+use OCA\Files_Sharing\SharedStorage;
use OCP\AppFramework\Controller;
use OCP\AppFramework\Http;
use OCP\AppFramework\Http\DataResponse;
@@ -129,6 +130,16 @@ class PreviewController extends Controller {
return new DataResponse([], Http::STATUS_FORBIDDEN);
}
+ $storage = $node->getStorage();
+ if ($storage->instanceOfStorage(SharedStorage::class)) {
+ /** @var SharedStorage $storage */
+ $share = $storage->getShare();
+ $attributes = $share->getAttributes();
+ if ($attributes !== null && $attributes->getAttribute('permissions', 'download') === false) {
+ return new DataResponse([], Http::STATUS_FORBIDDEN);
+ }
+ }
+
try {
$f = $this->preview->getPreview($node, $x, $y, !$a, $mode);
$response = new FileDisplayResponse($f, Http::STATUS_OK, [
diff --git a/core/Controller/ReferenceController.php b/core/Controller/ReferenceController.php
index 591d84f3e7c..a892de03e79 100644
--- a/core/Controller/ReferenceController.php
+++ b/core/Controller/ReferenceController.php
@@ -48,18 +48,21 @@ class ReferenceController extends Controller {
/**
* @PublicPage
* @NoCSRFRequired
+ * @param string $referenceId the reference cache key
+ * @return Response
*/
public function preview(string $referenceId): Response {
$reference = $this->referenceManager->getReferenceByCacheKey($referenceId);
- if ($reference === null) {
- return new DataResponse('', Http::STATUS_NOT_FOUND);
- }
try {
$appData = $this->appDataFactory->get('core');
$folder = $appData->getFolder('opengraph');
$file = $folder->getFile($referenceId);
- $response = new DataDownloadResponse($file->getContent(), $referenceId, $reference->getImageContentType());
+ $response = new DataDownloadResponse(
+ $file->getContent(),
+ $referenceId,
+ $reference === null ? $file->getMimeType() : $reference->getImageContentType()
+ );
} catch (NotFoundException|NotPermittedException $e) {
$response = new DataResponse('', Http::STATUS_NOT_FOUND);
}
diff --git a/core/Controller/UnsupportedBrowserController.php b/core/Controller/UnsupportedBrowserController.php
new file mode 100644
index 00000000000..8cdc190deea
--- /dev/null
+++ b/core/Controller/UnsupportedBrowserController.php
@@ -0,0 +1,51 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * @copyright 2021 John Molakvoæ <skjnldsv@protonmail.com>
+ *
+ * @author John Molakvoæ <skjnldsv@protonmail.com>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OC\Core\Controller;
+
+use OCP\AppFramework\Controller;
+use OCP\AppFramework\Http\Response;
+use OCP\AppFramework\Http\TemplateResponse;
+use OCP\IRequest;
+use OCP\Util;
+
+class UnsupportedBrowserController extends Controller {
+ public function __construct(IRequest $request) {
+ parent::__construct('core', $request);
+ }
+
+ /**
+ * @PublicPage
+ * @NoCSRFRequired
+ *
+ * @return Response
+ */
+ public function index(): Response {
+ Util::addScript('core', 'unsupported-browser');
+ Util::addStyle('core', 'icons');
+ return new TemplateResponse('core', 'unsupportedbrowser', [], TemplateResponse::RENDER_AS_ERROR);
+ }
+}
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-07 04:13:30 +0000