blob: 05783b21900df8146c52a4266b00ecca8eb14d26 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
|
<?php
namespace OC\AppFramework\Middleware\PublicShare;
use OC\AppFramework\Middleware\PublicShare\Exceptions\NeedAuthenticationException;
use OCP\AppFramework\AuthPublicShareController;
use OCP\AppFramework\Http\NotFoundResponse;
use OCP\AppFramework\Http\Response;
use OCP\AppFramework\Middleware;
use OCP\AppFramework\PublicShareController;
use OCP\Files\NotFoundException;
use OCP\IConfig;
use OCP\IRequest;
use OCP\ISession;
class PublicShareMiddleware extends Middleware {
/** @var IRequest */
private $request;
/** @var ISession */
private $session;
/** @var IConfig */
private $config;
public function __construct(IRequest $request, ISession $session, IConfig $config) {
$this->request = $request;
$this->session = $session;
$this->config = $config;
}
public function beforeController($controller, $methodName) {
if (!($controller instanceof PublicShareController)) {
return;
}
if (!$this->isLinkSharingEnabled()) {
throw new NotFoundException('Link sharing is disabled');
}
// We require the token parameter to be set
$token = $this->request->getParam('token');
if ($token === null) {
throw new NotFoundException();
}
// Set the token
$controller->setToken($token);
if (!$controller->isValidToken()) {
$controller->shareNotFound();
throw new NotFoundException();
}
// No need to check for authentication when we try to authenticate
if ($methodName === 'authenticate' || $methodName === 'showAuthenticate') {
return;
}
// If authentication succeeds just continue
if ($controller->isAuthenticated()) {
return;
}
// If we can authenticate to this controller do it else we throw a 404 to not leak any info
if ($controller instanceof AuthPublicShareController) {
$this->session->set('public_link_authenticate_redirect', json_encode($this->request->getParams()));
throw new NeedAuthenticationException();
}
throw new NotFoundException();
}
public function afterException($controller, $methodName, \Exception $exception) {
if (!($controller instanceof PublicShareController)) {
throw $exception;
}
if ($exception instanceof NotFoundException) {
return new NotFoundResponse();
}
if ($controller instanceof AuthPublicShareController && $exception instanceof NeedAuthenticationException) {
return $controller->getAuthenticationRedirect($this->getFunctionForRoute($this->request->getParam('_route')));
}
throw $exception;
}
private function getFunctionForRoute(string $route): string {
$tmp = explode('.', $route);
return array_pop($tmp);
}
/**
* Check if link sharing is allowed
*/
private function isLinkSharingEnabled(): bool {
// Check if the shareAPI is enabled
if ($this->config->getAppValue('core', 'shareapi_enabled', 'yes') !== 'yes') {
return false;
}
// Check whether public sharing is enabled
if($this->config->getAppValue('core', 'shareapi_allow_links', 'yes') !== 'yes') {
return false;
}
return true;
}
}
|
