From f36ef8ca80d92727857fe398491fce6eb17ee996 Mon Sep 17 00:00:00 2001
From: Roeland Jago Douma <roeland@famdouma.nl>
Date: Fri, 18 May 2018 12:28:52 +0200
Subject: Add the new PublicShareController and PublicShareMiddleware

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
---
 .../DependencyInjection/DIContainer.php            |  8 +-
 .../Exceptions/NeedAuthenticationException.php     |  7 ++
 .../PublicShare/PublicShareMiddleware.php          | 85 ++++++++++++++++++++++
 3 files changed, 99 insertions(+), 1 deletion(-)
 create mode 100644 lib/private/AppFramework/Middleware/PublicShare/Exceptions/NeedAuthenticationException.php
 create mode 100644 lib/private/AppFramework/Middleware/PublicShare/PublicShareMiddleware.php

(limited to 'lib/private')

diff --git a/lib/private/AppFramework/DependencyInjection/DIContainer.php b/lib/private/AppFramework/DependencyInjection/DIContainer.php
index c82ac5255dd..8803ef8c47d 100644
--- a/lib/private/AppFramework/DependencyInjection/DIContainer.php
+++ b/lib/private/AppFramework/DependencyInjection/DIContainer.php
@@ -62,6 +62,7 @@ use OCP\IL10N;
 use OCP\ILogger;
 use OCP\IRequest;
 use OCP\IServerContainer;
+use OCP\ISession;
 use OCP\IUserSession;
 use OCP\RichObjectStrings\IValidator;
 use OCP\Encryption\IManager;
@@ -304,7 +305,7 @@ class DIContainer extends SimpleContainer implements IAppContainer {
 		});
 
 		$middleWares = &$this->middleWares;
-		$this->registerService('MiddlewareDispatcher', function($c) use (&$middleWares) {
+		$this->registerService('MiddlewareDispatcher', function(SimpleContainer $c) use (&$middleWares) {
 			$dispatcher = new MiddlewareDispatcher();
 			$dispatcher->registerMiddleware($c[OC\AppFramework\Middleware\Security\SameSiteCookieMiddleware::class]);
 			$dispatcher->registerMiddleware($c['CORSMiddleware']);
@@ -314,6 +315,11 @@ class DIContainer extends SimpleContainer implements IAppContainer {
 			$dispatcher->registerMiddleware($c['TwoFactorMiddleware']);
 			$dispatcher->registerMiddleware($c['BruteForceMiddleware']);
 			$dispatcher->registerMiddleware($c['RateLimitingMiddleware']);
+			$dispatcher->registerMiddleware(new OC\AppFramework\Middleware\PublicShare\PublicShareMiddleware(
+				$c['Request'],
+				$c->query(ISession::class),
+				$c->query(\OCP\IConfig::class)
+			));
 
 			foreach($middleWares as $middleWare) {
 				$dispatcher->registerMiddleware($c[$middleWare]);
diff --git a/lib/private/AppFramework/Middleware/PublicShare/Exceptions/NeedAuthenticationException.php b/lib/private/AppFramework/Middleware/PublicShare/Exceptions/NeedAuthenticationException.php
new file mode 100644
index 00000000000..27e57fe9505
--- /dev/null
+++ b/lib/private/AppFramework/Middleware/PublicShare/Exceptions/NeedAuthenticationException.php
@@ -0,0 +1,7 @@
+<?php
+
+namespace OC\AppFramework\Middleware\PublicShare\Exceptions;
+
+class NeedAuthenticationException extends \Exception {
+
+}
diff --git a/lib/private/AppFramework/Middleware/PublicShare/PublicShareMiddleware.php b/lib/private/AppFramework/Middleware/PublicShare/PublicShareMiddleware.php
new file mode 100644
index 00000000000..2b3f384fcd4
--- /dev/null
+++ b/lib/private/AppFramework/Middleware/PublicShare/PublicShareMiddleware.php
@@ -0,0 +1,85 @@
+<?php
+
+namespace OC\AppFramework\Middleware\PublicShare;
+
+use OC\AppFramework\Middleware\PublicShare\Exceptions\NeedAuthenticationException;
+use OCP\AppFramework\AuthPublicShareController;
+use OCP\AppFramework\Http\NotFoundResponse;
+use OCP\AppFramework\Http\Response;
+use OCP\AppFramework\Middleware;
+use OCP\AppFramework\PublicShareController;
+use OCP\Files\NotFoundException;
+use OCP\IRequest;
+use OCP\ISession;
+
+class PublicShareMiddleware extends Middleware {
+	/** @var IRequest */
+	private $request;
+
+	/** @var ISession */
+	private $session;
+
+	public function __construct(IRequest $request, ISession $session) {
+		$this->request = $request;
+		$this->session = $session;
+	}
+
+	public function beforeController($controller, $methodName) {
+		if (!($controller instanceof PublicShareController)) {
+			return;
+		}
+
+		// We require the token parameter to be set
+		$token = $this->request->getParam('token');
+		if ($token === null) {
+			throw new NotFoundException();
+		}
+
+		// Set the token
+		$controller->setToken($token);
+
+		if (!$controller->isValidToken()) {
+			$controller->shareNotFound();
+			throw new NotFoundException();
+		}
+
+		// No need to check for authentication when we try to authenticate
+		if ($methodName === 'authenticate' || $methodName === 'showAuthenticate') {
+			return;
+		}
+
+		// If authentication succeeds just continue
+		if ($controller->isAuthenticated($token)) {
+			return;
+		}
+
+		// If we can authenticate to this controller do it else we throw a 404 to not leak any info
+		if ($controller instanceof AuthPublicShareController) {
+			$this->session->set('public_link_authenticate_redirect', json_encode($this->request->getParams()));
+			throw new NeedAuthenticationException();
+		}
+
+		throw new NotFoundException();
+
+	}
+
+	public function afterException($controller, $methodName, \Exception $exception) {
+		if (!($controller instanceof PublicShareController)) {
+			throw $exception;
+		}
+
+		if ($exception instanceof NotFoundException) {
+			return new NotFoundResponse();
+		}
+
+		if ($controller instanceof AuthPublicShareController && $exception instanceof NeedAuthenticationException) {
+			return $controller->getAuthenticationRedirect($this->getFunctionForRoute($this->request->getParam('_route')));
+		}
+
+		throw $exception;
+	}
+
+	private function getFunctionForRoute(string $route): string {
+		return array_pop(explode('.', $route));
+	}
+}
-- 
cgit v1.2.3