aboutsummaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/private/Share20/Manager.php6
-rw-r--r--lib/private/Share20/ProviderFactory.php1
-rw-r--r--lib/private/Share20/Share.php16
-rw-r--r--lib/public/AppFramework/AuthPublicShareController.php47
-rw-r--r--lib/public/Share/IShare.php13
5 files changed, 80 insertions, 3 deletions
diff --git a/lib/private/Share20/Manager.php b/lib/private/Share20/Manager.php
index 3fca9e3fe14..4e87c37fedb 100644
--- a/lib/private/Share20/Manager.php
+++ b/lib/private/Share20/Manager.php
@@ -1552,6 +1552,12 @@ class Manager implements IManager {
return false;
}
+ // Makes sure password hasn't expired
+ $expirationTime = $share->getPasswordExpirationTime();
+ if ($expirationTime !== null && $expirationTime < new \DateTime()) {
+ return false;
+ }
+
$newHash = '';
if (!$this->hasher->verify($password, $share->getPassword(), $newHash)) {
return false;
diff --git a/lib/private/Share20/ProviderFactory.php b/lib/private/Share20/ProviderFactory.php
index 42677d6bcf7..434c0017d21 100644
--- a/lib/private/Share20/ProviderFactory.php
+++ b/lib/private/Share20/ProviderFactory.php
@@ -185,6 +185,7 @@ class ProviderFactory implements IProviderFactory {
$settingsManager = new SettingsManager($this->serverContainer->getConfig());
$this->shareByMailProvider = new ShareByMailProvider(
+ $this->serverContainer->getConfig(),
$this->serverContainer->getDatabaseConnection(),
$this->serverContainer->getSecureRandom(),
$this->serverContainer->getUserManager(),
diff --git a/lib/private/Share20/Share.php b/lib/private/Share20/Share.php
index f1df71b1143..7ed03832e4c 100644
--- a/lib/private/Share20/Share.php
+++ b/lib/private/Share20/Share.php
@@ -73,6 +73,7 @@ class Share implements IShare {
private $expireDate;
/** @var string */
private $password;
+ private ?\DateTimeInterface $passwordExpirationTime = null;
/** @var bool */
private $sendPasswordByTalk = false;
/** @var string */
@@ -464,6 +465,21 @@ class Share implements IShare {
/**
* @inheritdoc
*/
+ public function setPasswordExpirationTime(?\DateTimeInterface $passwordExpirationTime = null): IShare {
+ $this->passwordExpirationTime = $passwordExpirationTime;
+ return $this;
+ }
+
+ /**
+ * @inheritdoc
+ */
+ public function getPasswordExpirationTime(): ?\DateTimeInterface {
+ return $this->passwordExpirationTime;
+ }
+
+ /**
+ * @inheritdoc
+ */
public function setSendPasswordByTalk(bool $sendPasswordByTalk) {
$this->sendPasswordByTalk = $sendPasswordByTalk;
return $this;
diff --git a/lib/public/AppFramework/AuthPublicShareController.php b/lib/public/AppFramework/AuthPublicShareController.php
index 33adf7b5fe4..bd0e32f566d 100644
--- a/lib/public/AppFramework/AuthPublicShareController.php
+++ b/lib/public/AppFramework/AuthPublicShareController.php
@@ -85,11 +85,39 @@ abstract class AuthPublicShareController extends PublicShareController {
}
/**
+ * The template to show after user identification
+ *
+ * @since 24.0.0
+ */
+ protected function showIdentificationResult(bool $success): TemplateResponse {
+ return new TemplateResponse('core', 'publicshareauth', ['identityOk' => $success], 'guest');
+ }
+
+ /**
+ * Validates that the provided identity is allowed to receive a temporary password
+ *
+ * @since 24.0.0
+ */
+ protected function validateIdentity(?string $identityToken = null): bool {
+ return false;
+ }
+
+ /**
+ * Generates a password
+ *
+ * @since 24.0.0
+ */
+ protected function generatePassword(): void {
+ }
+
+ /**
* Verify the password
*
- * @since 14.0.0
+ * @since 24.0.0
*/
- abstract protected function verifyPassword(string $password): bool;
+ protected function verifyPassword(string $password): bool {
+ return false;
+ }
/**
* Function called after failed authentication
@@ -120,12 +148,25 @@ abstract class AuthPublicShareController extends PublicShareController {
*
* @since 14.0.0
*/
- final public function authenticate(string $password = '') {
+ final public function authenticate(string $password = '', string $passwordRequest = 'no', string $identityToken = '') {
// Already authenticated
if ($this->isAuthenticated()) {
return $this->getRedirect();
}
+ // Is user requesting a temporary password?
+ if ($passwordRequest == '') {
+ if ($this->validateIdentity($identityToken)) {
+ $this->generatePassword();
+ $response = $this->showIdentificationResult(true);
+ return $response;
+ } else {
+ $response = $this->showIdentificationResult(false);
+ $response->throttle();
+ return $response;
+ }
+ }
+
if (!$this->verifyPassword($password)) {
$this->authFailed();
$response = $this->showAuthFailed();
diff --git a/lib/public/Share/IShare.php b/lib/public/Share/IShare.php
index 8ff3f5f0394..1d3cf9bbbdf 100644
--- a/lib/public/Share/IShare.php
+++ b/lib/public/Share/IShare.php
@@ -448,6 +448,19 @@ interface IShare {
*/
public function getPassword();
+ /**
+ * Set the password's expiration time of this share.
+ *
+ * @return self The modified object
+ * @since 24.0.0
+ */
+ public function setPasswordExpirationTime(?\DateTimeInterface $passwordExpirationTime = null): IShare;
+
+ /**
+ * Get the password's expiration time of this share.
+ * @since 24.0.0
+ */
+ public function getPasswordExpirationTime(): ?\DateTimeInterface;
/**
* Set if the recipient can start a conversation with the owner to get the