From 614210c536d30d9587005b51341082b499e7f12d Mon Sep 17 00:00:00 2001
From: ernolf <raphael.gradenwitz@googlemail.com>
Date: Tue, 20 Aug 2024 12:33:28 +0200
Subject: fix(share): Ensure unique share tokens

- check for token collisions and retry up to three times.
- throw after 3 attempts without finding a unique token.

Signed-off-by: ernolf <raphael.gradenwitz@googlemail.com>
---
 lib/private/Share20/Manager.php | 22 +++++++++++++++++-----
 1 file changed, 17 insertions(+), 5 deletions(-)

(limited to 'lib')

diff --git a/lib/private/Share20/Manager.php b/lib/private/Share20/Manager.php
index d11f2db338f..d965a7c2f2b 100644
--- a/lib/private/Share20/Manager.php
+++ b/lib/private/Share20/Manager.php
@@ -689,13 +689,25 @@ class Manager implements IManager {
 				$this->linkCreateChecks($share);
 				$this->setLinkParent($share);
 
-				// For now ignore a set token.
-				$share->setToken(
-					$this->secureRandom->generate(
+				for ($i = 0; $i <= 3; $i++) {
+					$token = $this->secureRandom->generate(
 						\OC\Share\Constants::TOKEN_LENGTH,
 						\OCP\Security\ISecureRandom::CHAR_HUMAN_READABLE
-					)
-				);
+					);
+
+					try {
+						$this->getShareByToken($token);
+					} catch (\OCP\Share\Exceptions\ShareNotFound $e) {
+						// Set the unique token
+						$share->setToken($token);
+						break;
+					}
+
+					// Abort after 3 failed attempts
+					if ($i >= 3) {
+						throw new \Exception('Unable to generate a unique share token after 3 attempts.');
+					}
+				}
 
 				// Verify the expiration date
 				$share = $this->validateExpirationDateLink($share);
-- 
cgit v1.2.3