aboutsummaryrefslogtreecommitdiffstats
path: root/lib/private
diff options
context:
space:
mode:
Diffstat (limited to 'lib/private')
-rw-r--r--lib/private/AppFramework/Http/Request.php22
-rw-r--r--lib/private/Files/Storage/Wrapper/Encryption.php20
-rw-r--r--lib/private/Log/Syslog.php8
-rw-r--r--lib/private/Profile/ProfileManager.php4
-rw-r--r--lib/private/TaskProcessing/Manager.php33
5 files changed, 75 insertions, 12 deletions
diff --git a/lib/private/AppFramework/Http/Request.php b/lib/private/AppFramework/Http/Request.php
index d177221556c..e662cb8679a 100644
--- a/lib/private/AppFramework/Http/Request.php
+++ b/lib/private/AppFramework/Http/Request.php
@@ -45,7 +45,7 @@ class Request implements \ArrayAccess, \Countable, IRequest {
public const REGEX_LOCALHOST = '/^(127\.0\.0\.1|localhost|\[::1\])$/';
protected string $inputStream;
- protected $content;
+ private bool $isPutStreamContentAlreadySent = false;
protected array $items = [];
protected array $allowedKeys = [
'get',
@@ -64,6 +64,7 @@ class Request implements \ArrayAccess, \Countable, IRequest {
protected ?CsrfTokenManager $csrfTokenManager;
protected bool $contentDecoded = false;
+ private ?\JsonException $decodingException = null;
/**
* @param array $vars An associative array with the following optional values:
@@ -356,13 +357,13 @@ class Request implements \ArrayAccess, \Countable, IRequest {
protected function getContent() {
// If the content can't be parsed into an array then return a stream resource.
if ($this->isPutStreamContent()) {
- if ($this->content === false) {
+ if ($this->isPutStreamContentAlreadySent) {
throw new \LogicException(
'"put" can only be accessed once if not '
. 'application/x-www-form-urlencoded or application/json.'
);
}
- $this->content = false;
+ $this->isPutStreamContentAlreadySent = true;
return fopen($this->inputStream, 'rb');
} else {
$this->decodeContent();
@@ -389,7 +390,14 @@ class Request implements \ArrayAccess, \Countable, IRequest {
// 'application/json' and other JSON-related content types must be decoded manually.
if (preg_match(self::JSON_CONTENT_TYPE_REGEX, $this->getHeader('Content-Type')) === 1) {
- $params = json_decode(file_get_contents($this->inputStream), true);
+ $content = file_get_contents($this->inputStream);
+ if ($content !== '') {
+ try {
+ $params = json_decode($content, true, flags:JSON_THROW_ON_ERROR);
+ } catch (\JsonException $e) {
+ $this->decodingException = $e;
+ }
+ }
if (\is_array($params) && \count($params) > 0) {
$this->items['params'] = $params;
if ($this->method === 'POST') {
@@ -413,6 +421,12 @@ class Request implements \ArrayAccess, \Countable, IRequest {
$this->contentDecoded = true;
}
+ public function throwDecodingExceptionIfAny(): void {
+ if ($this->decodingException !== null) {
+ throw $this->decodingException;
+ }
+ }
+
/**
* Checks if the CSRF check was correct
diff --git a/lib/private/Files/Storage/Wrapper/Encryption.php b/lib/private/Files/Storage/Wrapper/Encryption.php
index 51a5f99908d..58bd4dfddcf 100644
--- a/lib/private/Files/Storage/Wrapper/Encryption.php
+++ b/lib/private/Files/Storage/Wrapper/Encryption.php
@@ -23,6 +23,7 @@ use OCP\Encryption\IManager;
use OCP\Encryption\Keys\IStorage;
use OCP\Files;
use OCP\Files\Cache\ICacheEntry;
+use OCP\Files\GenericFileException;
use OCP\Files\Mount\IMountPoint;
use OCP\Files\Storage;
use Psr\Log\LoggerInterface;
@@ -685,12 +686,16 @@ class Encryption extends Wrapper {
try {
$source = $sourceStorage->fopen($sourceInternalPath, 'r');
$target = $this->fopen($targetInternalPath, 'w');
- [, $result] = Files::streamCopy($source, $target, true);
+ if ($source === false || $target === false) {
+ $result = false;
+ } else {
+ [, $result] = Files::streamCopy($source, $target, true);
+ }
} finally {
- if (is_resource($source)) {
+ if (isset($source) && $source !== false) {
fclose($source);
}
- if (is_resource($target)) {
+ if (isset($target) && $target !== false) {
fclose($target);
}
}
@@ -740,6 +745,9 @@ class Encryption extends Wrapper {
public function hash(string $type, string $path, bool $raw = false): string|false {
$fh = $this->fopen($path, 'rb');
+ if ($fh === false) {
+ return false;
+ }
$ctx = hash_init($type);
hash_update_stream($ctx, $fh);
fclose($fh);
@@ -764,6 +772,9 @@ class Encryption extends Wrapper {
$firstBlock = '';
if ($this->storage->is_file($path)) {
$handle = $this->storage->fopen($path, 'r');
+ if ($handle === false) {
+ return '';
+ }
$firstBlock = fread($handle, $this->util->getHeaderSize());
fclose($handle);
}
@@ -894,6 +905,9 @@ class Encryption extends Wrapper {
public function writeStream(string $path, $stream, ?int $size = null): int {
// always fall back to fopen
$target = $this->fopen($path, 'w');
+ if ($target === false) {
+ throw new GenericFileException("Failed to open $path for writing");
+ }
[$count, $result] = Files::streamCopy($stream, $target, true);
fclose($stream);
fclose($target);
diff --git a/lib/private/Log/Syslog.php b/lib/private/Log/Syslog.php
index bd2c39509b1..46214599eb8 100644
--- a/lib/private/Log/Syslog.php
+++ b/lib/private/Log/Syslog.php
@@ -20,15 +20,18 @@ class Syslog extends LogDetails implements IWriter {
ILogger::FATAL => LOG_CRIT,
];
+ private string $tag;
+
public function __construct(
SystemConfig $config,
?string $tag = null,
) {
parent::__construct($config);
if ($tag === null) {
- $tag = $config->getValue('syslog_tag', 'Nextcloud');
+ $this->tag = $config->getValue('syslog_tag', 'Nextcloud');
+ } else {
+ $this->tag = $tag;
}
- openlog($tag, LOG_PID | LOG_CONS, LOG_USER);
}
public function __destruct() {
@@ -41,6 +44,7 @@ class Syslog extends LogDetails implements IWriter {
*/
public function write(string $app, $message, int $level): void {
$syslog_level = $this->levels[$level];
+ openlog($this->tag, LOG_PID | LOG_CONS, LOG_USER);
syslog($syslog_level, $this->logDetailsAsJSON($app, $message, $level));
}
}
diff --git a/lib/private/Profile/ProfileManager.php b/lib/private/Profile/ProfileManager.php
index 84c7ea48373..1ade208fbcf 100644
--- a/lib/private/Profile/ProfileManager.php
+++ b/lib/private/Profile/ProfileManager.php
@@ -350,7 +350,7 @@ class ProfileManager implements IProfileManager {
}
/**
- * Return the profile config of the target user with additional medatata,
+ * Return the profile config of the target user with additional metadata,
* if a config does not already exist a default config is created and returned
*/
public function getProfileConfigWithMetadata(IUser $targetUser, ?IUser $visitingUser): array {
@@ -399,7 +399,7 @@ class ProfileManager implements IProfileManager {
],
IAccountManager::PROPERTY_ORGANISATION => [
'appId' => self::CORE_APP_ID,
- 'displayId' => $this->l10nFactory->get('lib')->t('Organisation'),
+ 'displayId' => $this->l10nFactory->get('lib')->t('Organization'),
],
IAccountManager::PROPERTY_ROLE => [
'appId' => self::CORE_APP_ID,
diff --git a/lib/private/TaskProcessing/Manager.php b/lib/private/TaskProcessing/Manager.php
index 9992310dbbb..0ffd141543f 100644
--- a/lib/private/TaskProcessing/Manager.php
+++ b/lib/private/TaskProcessing/Manager.php
@@ -36,6 +36,8 @@ use OCP\ICacheFactory;
use OCP\IConfig;
use OCP\IL10N;
use OCP\IServerContainer;
+use OCP\IUserManager;
+use OCP\IUserSession;
use OCP\L10N\IFactory;
use OCP\Lock\LockedException;
use OCP\SpeechToText\ISpeechToTextProvider;
@@ -103,6 +105,8 @@ class Manager implements IManager {
private IUserMountCache $userMountCache,
private IClientService $clientService,
private IAppManager $appManager,
+ private IUserManager $userManager,
+ private IUserSession $userSession,
ICacheFactory $cacheFactory,
) {
$this->appData = $appDataFactory->get('core');
@@ -809,7 +813,11 @@ class Manager implements IManager {
throw new \OCP\TaskProcessing\Exception\Exception('No matching provider found');
}
- public function getAvailableTaskTypes(bool $showDisabled = false): array {
+ public function getAvailableTaskTypes(bool $showDisabled = false, ?string $userId = null): array {
+ // userId will be obtained from the session if left to null
+ if (!$this->checkGuestAccess($userId)) {
+ return [];
+ }
if ($this->availableTaskTypes === null) {
$cachedValue = $this->distributedCache->get('available_task_types_v2');
if ($cachedValue !== null) {
@@ -868,7 +876,27 @@ class Manager implements IManager {
return isset($this->getAvailableTaskTypes()[$task->getTaskTypeId()]);
}
+ private function checkGuestAccess(?string $userId = null): bool {
+ if ($userId === null && !$this->userSession->isLoggedIn()) {
+ return true;
+ }
+ if ($userId === null) {
+ $user = $this->userSession->getUser();
+ } else {
+ $user = $this->userManager->get($userId);
+ }
+
+ $guestsAllowed = $this->config->getAppValue('core', 'ai.taskprocessing_guests', 'false');
+ if ($guestsAllowed == 'true' || !class_exists(\OCA\Guests\UserBackend::class) || !($user->getBackend() instanceof \OCA\Guests\UserBackend)) {
+ return true;
+ }
+ return false;
+ }
+
public function scheduleTask(Task $task): void {
+ if (!$this->checkGuestAccess($task->getUserId())) {
+ throw new \OCP\TaskProcessing\Exception\PreConditionNotMetException('Access to this resource is forbidden for guests.');
+ }
if (!$this->canHandleTask($task)) {
throw new \OCP\TaskProcessing\Exception\PreConditionNotMetException('No task processing provider is installed that can handle this task type: ' . $task->getTaskTypeId());
}
@@ -883,6 +911,9 @@ class Manager implements IManager {
}
public function runTask(Task $task): Task {
+ if (!$this->checkGuestAccess($task->getUserId())) {
+ throw new \OCP\TaskProcessing\Exception\PreConditionNotMetException('Access to this resource is forbidden for guests.');
+ }
if (!$this->canHandleTask($task)) {
throw new \OCP\TaskProcessing\Exception\PreConditionNotMetException('No task processing provider is installed that can handle this task type: ' . $task->getTaskTypeId());
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-07-04 08:09:15 +0000