aboutsummaryrefslogtreecommitdiffstats
path: root/lib/public/AppFramework/PublicShareController.php
blob: 52acbe841b420834fb667bc1621a9f3ec9bac416 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
<?php

declare(strict_types=1);

/**
 * @copyright 2018, Roeland Jago Douma <roeland@famdouma.nl>
 *
 * @author Roeland Jago Douma <roeland@famdouma.nl>
 *
 * @license GNU AGPL version 3 or any later version
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program. If not, see <http://www.gnu.org/licenses/>.
 *
 */
namespace OCP\AppFramework;

use OCP\IRequest;
use OCP\ISession;

/**
 * Base controller for public shares
 *
 * It will verify if the user is properly authenticated to the share. If not a 404
 * is thrown by the PublicShareMiddleware.
 *
 * Use this for example for a controller that is not to be called via a webbrowser
 * directly. For example a PublicPreviewController. As this is not meant to be
 * called by a user directly.
 *
 * To show an auth page extend the AuthPublicShareController
 *
 * @since 14.0.0
 */
abstract class PublicShareController extends Controller {
	/** @var ISession */
	protected $session;

	/** @var string */
	private $token;

	/**
	 * @since 14.0.0
	 */
	public function __construct(string $appName,
								IRequest $request,
								ISession $session) {
		parent::__construct($appName, $request);

		$this->session = $session;
	}

	/**
	 * Middleware set the token for the request
	 *
	 * @since 14.0.0
	 */
	final public function setToken(string $token) {
		$this->token = $token;
	}

	/**
	 * Get the token for this request
	 *
	 * @since 14.0.0
	 */
	final public function getToken(): string {
		return $this->token;
	}

	/**
	 * Get a hash of the password for this share
	 *
	 * To ensure access is blocked when the password to a share is changed we store
	 * a hash of the password for this token.
	 *
	 * @since 14.0.0
	 */
	abstract protected function getPasswordHash(): string;

	/**
	 * Is the provided token a valid token
	 *
	 * This function is already called from the middleware directly after setting the token.
	 *
	 * @since 14.0.0
	 */
	abstract public function isValidToken(): bool;

	/**
	 * Is a share with this token password protected
	 *
	 * @since 14.0.0
	 */
	abstract protected function isPasswordProtected(): bool;

	/**
	 * Check if a share is authenticated or not
	 *
	 * @since 14.0.0
	 */
	public function isAuthenticated(): bool {
		// Always authenticated against non password protected shares
		if (!$this->isPasswordProtected()) {
			return true;
		}

		// If we are authenticated properly
		if ($this->session->get('public_link_authenticated_token') === $this->getToken() &&
			$this->session->get('public_link_authenticated_password_hash') === $this->getPasswordHash()) {
			return true;
		}

		// Fail by default if nothing matches
		return false;
	}

	/**
	 * Function called if the share is not found.
	 *
	 * You can use this to do some logging for example
	 *
	 * @since 14.0.0
	 */
	public function shareNotFound() {
	}
}