nextcloud / server

core/Controller/LostController.php

Unused Use Statements -1 removed lines

@@ -30,7 +30,6 @@
 
 namespace OC\Core\Controller;
 
-use OCA\Encryption\Exceptions\PrivateKeyMissingException;
 use \OCP\AppFramework\Controller;
 use OCP\AppFramework\Http\JSONResponse;
 use \OCP\AppFramework\Http\TemplateResponse;

Indentation +282 added lines, -282 removed lines

@@ -56,286 +56,286 @@
  */
 class LostController extends Controller {
 
-	/** @var IURLGenerator */
-	protected $urlGenerator;
-	/** @var IUserManager */
-	protected $userManager;
-	/** @var Defaults */
-	protected $defaults;
-	/** @var IL10N */
-	protected $l10n;
-	/** @var string */
-	protected $from;
-	/** @var IManager */
-	protected $encryptionManager;
-	/** @var IConfig */
-	protected $config;
-	/** @var ISecureRandom */
-	protected $secureRandom;
-	/** @var IMailer */
-	protected $mailer;
-	/** @var ITimeFactory */
-	protected $timeFactory;
-	/** @var ICrypto */
-	protected $crypto;
-
-	/**
-	 * @param string $appName
-	 * @param IRequest $request
-	 * @param IURLGenerator $urlGenerator
-	 * @param IUserManager $userManager
-	 * @param Defaults $defaults
-	 * @param IL10N $l10n
-	 * @param IConfig $config
-	 * @param ISecureRandom $secureRandom
-	 * @param string $defaultMailAddress
-	 * @param IManager $encryptionManager
-	 * @param IMailer $mailer
-	 * @param ITimeFactory $timeFactory
-	 * @param ICrypto $crypto
-	 */
-	public function __construct($appName,
-								IRequest $request,
-								IURLGenerator $urlGenerator,
-								IUserManager $userManager,
-								Defaults $defaults,
-								IL10N $l10n,
-								IConfig $config,
-								ISecureRandom $secureRandom,
-								$defaultMailAddress,
-								IManager $encryptionManager,
-								IMailer $mailer,
-								ITimeFactory $timeFactory,
-								ICrypto $crypto) {
-		parent::__construct($appName, $request);
-		$this->urlGenerator = $urlGenerator;
-		$this->userManager = $userManager;
-		$this->defaults = $defaults;
-		$this->l10n = $l10n;
-		$this->secureRandom = $secureRandom;
-		$this->from = $defaultMailAddress;
-		$this->encryptionManager = $encryptionManager;
-		$this->config = $config;
-		$this->mailer = $mailer;
-		$this->timeFactory = $timeFactory;
-		$this->crypto = $crypto;
-	}
-
-	/**
-	 * Someone wants to reset their password:
-	 *
-	 * @PublicPage
-	 * @NoCSRFRequired
-	 *
-	 * @param string $token
-	 * @param string $userId
-	 * @return TemplateResponse
-	 */
-	public function resetform($token, $userId) {
-		try {
-			$this->checkPasswordResetToken($token, $userId);
-		} catch (\Exception $e) {
-			return new TemplateResponse(
-				'core', 'error', [
-					"errors" => array(array("error" => $e->getMessage()))
-				],
-				'guest'
-			);
-		}
-
-		return new TemplateResponse(
-			'core',
-			'lostpassword/resetpassword',
-			array(
-				'link' => $this->urlGenerator->linkToRouteAbsolute('core.lost.setPassword', array('userId' => $userId, 'token' => $token)),
-			),
-			'guest'
-		);
-	}
-
-	/**
-	 * @param string $token
-	 * @param string $userId
-	 * @throws \Exception
-	 */
-	protected function checkPasswordResetToken($token, $userId) {
-		$user = $this->userManager->get($userId);
-		if($user === null) {
-			throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid'));
-		}
-
-		try {
-			$encryptedToken = $this->config->getUserValue($userId, 'core', 'lostpassword', null);
-			$mailAddress = !is_null($user->getEMailAddress()) ? $user->getEMailAddress() : '';
-			$decryptedToken = $this->crypto->decrypt($encryptedToken, $mailAddress.$this->config->getSystemValue('secret'));
-		} catch (\Exception $e) {
-			throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid'));
-		}
-
-		$splittedToken = explode(':', $decryptedToken);
-		if(count($splittedToken) !== 2) {
-			throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid'));
-		}
-
-		if ($splittedToken[0] < ($this->timeFactory->getTime() - 60*60*12) ||
-			$user->getLastLogin() > $splittedToken[0]) {
-			throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is expired'));
-		}
-
-		if (!hash_equals($splittedToken[1], $token)) {
-			throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid'));
-		}
-	}
-
-	/**
-	 * @param $message
-	 * @param array $additional
-	 * @return array
-	 */
-	private function error($message, array $additional=array()) {
-		return array_merge(array('status' => 'error', 'msg' => $message), $additional);
-	}
-
-	/**
-	 * @return array
-	 */
-	private function success() {
-		return array('status'=>'success');
-	}
-
-	/**
-	 * @PublicPage
-	 * @BruteForceProtection(action=passwordResetEmail)
-	 *
-	 * @param string $user
-	 * @return JSONResponse
-	 */
-	public function email($user){
-		// FIXME: use HTTP error codes
-		try {
-			$this->sendEmail($user);
-		} catch (\Exception $e){
-			$response = new JSONResponse($this->error($e->getMessage()));
-			$response->throttle();
-			return $response;
-		}
-
-		$response = new JSONResponse($this->success());
-		$response->throttle();
-		return $response;
-	}
-
-	/**
-	 * @PublicPage
-	 * @param string $token
-	 * @param string $userId
-	 * @param string $password
-	 * @param boolean $proceed
-	 * @return array
-	 */
-	public function setPassword($token, $userId, $password, $proceed) {
-		if ($this->encryptionManager->isEnabled() && !$proceed) {
-			return $this->error('', array('encryption' => true));
-		}
-
-		try {
-			$this->checkPasswordResetToken($token, $userId);
-			$user = $this->userManager->get($userId);
-
-			\OC_Hook::emit('\OC\Core\LostPassword\Controller\LostController', 'pre_passwordReset', array('uid' => $userId, 'password' => $password));
-
-			if (!$user->setPassword($password)) {
-				throw new \Exception();
-			}
-
-			\OC_Hook::emit('\OC\Core\LostPassword\Controller\LostController', 'post_passwordReset', array('uid' => $userId, 'password' => $password));
-
-			$this->config->deleteUserValue($userId, 'core', 'lostpassword');
-			@\OC_User::unsetMagicInCookie();
-		} catch (\Exception $e){
-			return $this->error($e->getMessage());
-		}
-
-		return $this->success();
-	}
-
-	/**
-	 * @param string $input
-	 * @throws \Exception
-	 */
-	protected function sendEmail($input) {
-		$user = $this->findUserByIdOrMail($input);
-		$email = $user->getEMailAddress();
-
-		if (empty($email)) {
-			throw new \Exception(
-				$this->l10n->t('Could not send reset email because there is no email address for this username. Please contact your administrator.')
-			);
-		}
-
-		// Generate the token. It is stored encrypted in the database with the
-		// secret being the users' email address appended with the system secret.
-		// This makes the token automatically invalidate once the user changes
-		// their email address.
-		$token = $this->secureRandom->generate(
-			21,
-			ISecureRandom::CHAR_DIGITS.
-			ISecureRandom::CHAR_LOWER.
-			ISecureRandom::CHAR_UPPER
-		);
-		$tokenValue = $this->timeFactory->getTime() .':'. $token;
-		$encryptedValue = $this->crypto->encrypt($tokenValue, $email . $this->config->getSystemValue('secret'));
-		$this->config->setUserValue($user->getUID(), 'core', 'lostpassword', $encryptedValue);
-
-		$link = $this->urlGenerator->linkToRouteAbsolute('core.lost.resetform', array('userId' => $user->getUID(), 'token' => $token));
-
-		$emailTemplate = $this->mailer->createEMailTemplate();
-
-		$emailTemplate->addHeader();
-		$emailTemplate->addHeading($this->l10n->t('Password reset'));
-
-		$emailTemplate->addBodyText(
-			$this->l10n->t('Click the following button to reset your password. If you have not requested the password reset, then ignore this email.'),
-			$this->l10n->t('Click the following link to reset your password. If you have not requested the password reset, then ignore this email.')
-		);
-
-		$emailTemplate->addBodyButton(
-			$this->l10n->t('Reset your password'),
-			$link,
-			false
-		);
-		$emailTemplate->addFooter();
-
-		try {
-			$message = $this->mailer->createMessage();
-			$message->setTo([$email => $user->getUID()]);
-			$message->setSubject($this->l10n->t('%s password reset', [$this->defaults->getName()]));
-			$message->setPlainBody($emailTemplate->renderText());
-			$message->setHtmlBody($emailTemplate->renderHTML());
-			$message->setFrom([$this->from => $this->defaults->getName()]);
-			$this->mailer->send($message);
-		} catch (\Exception $e) {
-			throw new \Exception($this->l10n->t(
-				'Couldn\'t send reset email. Please contact your administrator.'
-			));
-		}
-	}
-
-	/**
-	 * @param string $input
-	 * @return IUser
-	 * @throws \Exception
-	 */
-	protected function findUserByIdOrMail($input) {
-		$user = $this->userManager->get($input);
-		if ($user instanceof IUser) {
-			return $user;
-		}
-		$users = $this->userManager->getByEmail($input);
-		if (count($users) === 1) {
-			return $users[0];
-		}
-
-		throw new \InvalidArgumentException($this->l10n->t('Couldn\'t send reset email. Please make sure your username is correct.'));
-	}
+    /** @var IURLGenerator */
+    protected $urlGenerator;
+    /** @var IUserManager */
+    protected $userManager;
+    /** @var Defaults */
+    protected $defaults;
+    /** @var IL10N */
+    protected $l10n;
+    /** @var string */
+    protected $from;
+    /** @var IManager */
+    protected $encryptionManager;
+    /** @var IConfig */
+    protected $config;
+    /** @var ISecureRandom */
+    protected $secureRandom;
+    /** @var IMailer */
+    protected $mailer;
+    /** @var ITimeFactory */
+    protected $timeFactory;
+    /** @var ICrypto */
+    protected $crypto;
+
+    /**
+     * @param string $appName
+     * @param IRequest $request
+     * @param IURLGenerator $urlGenerator
+     * @param IUserManager $userManager
+     * @param Defaults $defaults
+     * @param IL10N $l10n
+     * @param IConfig $config
+     * @param ISecureRandom $secureRandom
+     * @param string $defaultMailAddress
+     * @param IManager $encryptionManager
+     * @param IMailer $mailer
+     * @param ITimeFactory $timeFactory
+     * @param ICrypto $crypto
+     */
+    public function __construct($appName,
+                                IRequest $request,
+                                IURLGenerator $urlGenerator,
+                                IUserManager $userManager,
+                                Defaults $defaults,
+                                IL10N $l10n,
+                                IConfig $config,
+                                ISecureRandom $secureRandom,
+                                $defaultMailAddress,
+                                IManager $encryptionManager,
+                                IMailer $mailer,
+                                ITimeFactory $timeFactory,
+                                ICrypto $crypto) {
+        parent::__construct($appName, $request);
+        $this->urlGenerator = $urlGenerator;
+        $this->userManager = $userManager;
+        $this->defaults = $defaults;
+        $this->l10n = $l10n;
+        $this->secureRandom = $secureRandom;
+        $this->from = $defaultMailAddress;
+        $this->encryptionManager = $encryptionManager;
+        $this->config = $config;
+        $this->mailer = $mailer;
+        $this->timeFactory = $timeFactory;
+        $this->crypto = $crypto;
+    }
+
+    /**
+     * Someone wants to reset their password:
+     *
+     * @PublicPage
+     * @NoCSRFRequired
+     *
+     * @param string $token
+     * @param string $userId
+     * @return TemplateResponse
+     */
+    public function resetform($token, $userId) {
+        try {
+            $this->checkPasswordResetToken($token, $userId);
+        } catch (\Exception $e) {
+            return new TemplateResponse(
+                'core', 'error', [
+                    "errors" => array(array("error" => $e->getMessage()))
+                ],
+                'guest'
+            );
+        }
+
+        return new TemplateResponse(
+            'core',
+            'lostpassword/resetpassword',
+            array(
+                'link' => $this->urlGenerator->linkToRouteAbsolute('core.lost.setPassword', array('userId' => $userId, 'token' => $token)),
+            ),
+            'guest'
+        );
+    }
+
+    /**
+     * @param string $token
+     * @param string $userId
+     * @throws \Exception
+     */
+    protected function checkPasswordResetToken($token, $userId) {
+        $user = $this->userManager->get($userId);
+        if($user === null) {
+            throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid'));
+        }
+
+        try {
+            $encryptedToken = $this->config->getUserValue($userId, 'core', 'lostpassword', null);
+            $mailAddress = !is_null($user->getEMailAddress()) ? $user->getEMailAddress() : '';
+            $decryptedToken = $this->crypto->decrypt($encryptedToken, $mailAddress.$this->config->getSystemValue('secret'));
+        } catch (\Exception $e) {
+            throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid'));
+        }
+
+        $splittedToken = explode(':', $decryptedToken);
+        if(count($splittedToken) !== 2) {
+            throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid'));
+        }
+
+        if ($splittedToken[0] < ($this->timeFactory->getTime() - 60*60*12) ||
+            $user->getLastLogin() > $splittedToken[0]) {
+            throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is expired'));
+        }
+
+        if (!hash_equals($splittedToken[1], $token)) {
+            throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid'));
+        }
+    }
+
+    /**
+     * @param $message
+     * @param array $additional
+     * @return array
+     */
+    private function error($message, array $additional=array()) {
+        return array_merge(array('status' => 'error', 'msg' => $message), $additional);
+    }
+
+    /**
+     * @return array
+     */
+    private function success() {
+        return array('status'=>'success');
+    }
+
+    /**
+     * @PublicPage
+     * @BruteForceProtection(action=passwordResetEmail)
+     *
+     * @param string $user
+     * @return JSONResponse
+     */
+    public function email($user){
+        // FIXME: use HTTP error codes
+        try {
+            $this->sendEmail($user);
+        } catch (\Exception $e){
+            $response = new JSONResponse($this->error($e->getMessage()));
+            $response->throttle();
+            return $response;
+        }
+
+        $response = new JSONResponse($this->success());
+        $response->throttle();
+        return $response;
+    }
+
+    /**
+     * @PublicPage
+     * @param string $token
+     * @param string $userId
+     * @param string $password
+     * @param boolean $proceed
+     * @return array
+     */
+    public function setPassword($token, $userId, $password, $proceed) {
+        if ($this->encryptionManager->isEnabled() && !$proceed) {
+            return $this->error('', array('encryption' => true));
+        }
+
+        try {
+            $this->checkPasswordResetToken($token, $userId);
+            $user = $this->userManager->get($userId);
+
+            \OC_Hook::emit('\OC\Core\LostPassword\Controller\LostController', 'pre_passwordReset', array('uid' => $userId, 'password' => $password));
+
+            if (!$user->setPassword($password)) {
+                throw new \Exception();
+            }
+
+            \OC_Hook::emit('\OC\Core\LostPassword\Controller\LostController', 'post_passwordReset', array('uid' => $userId, 'password' => $password));
+
+            $this->config->deleteUserValue($userId, 'core', 'lostpassword');
+            @\OC_User::unsetMagicInCookie();
+        } catch (\Exception $e){
+            return $this->error($e->getMessage());
+        }
+
+        return $this->success();
+    }
+
+    /**
+     * @param string $input
+     * @throws \Exception
+     */
+    protected function sendEmail($input) {
+        $user = $this->findUserByIdOrMail($input);
+        $email = $user->getEMailAddress();
+
+        if (empty($email)) {
+            throw new \Exception(
+                $this->l10n->t('Could not send reset email because there is no email address for this username. Please contact your administrator.')
+            );
+        }
+
+        // Generate the token. It is stored encrypted in the database with the
+        // secret being the users' email address appended with the system secret.
+        // This makes the token automatically invalidate once the user changes
+        // their email address.
+        $token = $this->secureRandom->generate(
+            21,
+            ISecureRandom::CHAR_DIGITS.
+            ISecureRandom::CHAR_LOWER.
+            ISecureRandom::CHAR_UPPER
+        );
+        $tokenValue = $this->timeFactory->getTime() .':'. $token;
+        $encryptedValue = $this->crypto->encrypt($tokenValue, $email . $this->config->getSystemValue('secret'));
+        $this->config->setUserValue($user->getUID(), 'core', 'lostpassword', $encryptedValue);
+
+        $link = $this->urlGenerator->linkToRouteAbsolute('core.lost.resetform', array('userId' => $user->getUID(), 'token' => $token));
+
+        $emailTemplate = $this->mailer->createEMailTemplate();
+
+        $emailTemplate->addHeader();
+        $emailTemplate->addHeading($this->l10n->t('Password reset'));
+
+        $emailTemplate->addBodyText(
+            $this->l10n->t('Click the following button to reset your password. If you have not requested the password reset, then ignore this email.'),
+            $this->l10n->t('Click the following link to reset your password. If you have not requested the password reset, then ignore this email.')
+        );
+
+        $emailTemplate->addBodyButton(
+            $this->l10n->t('Reset your password'),
+            $link,
+            false
+        );
+        $emailTemplate->addFooter();
+
+        try {
+            $message = $this->mailer->createMessage();
+            $message->setTo([$email => $user->getUID()]);
+            $message->setSubject($this->l10n->t('%s password reset', [$this->defaults->getName()]));
+            $message->setPlainBody($emailTemplate->renderText());
+            $message->setHtmlBody($emailTemplate->renderHTML());
+            $message->setFrom([$this->from => $this->defaults->getName()]);
+            $this->mailer->send($message);
+        } catch (\Exception $e) {
+            throw new \Exception($this->l10n->t(
+                'Couldn\'t send reset email. Please contact your administrator.'
+            ));
+        }
+    }
+
+    /**
+     * @param string $input
+     * @return IUser
+     * @throws \Exception
+     */
+    protected function findUserByIdOrMail($input) {
+        $user = $this->userManager->get($input);
+        if ($user instanceof IUser) {
+            return $user;
+        }
+        $users = $this->userManager->getByEmail($input);
+        if (count($users) === 1) {
+            return $users[0];
+        }
+
+        throw new \InvalidArgumentException($this->l10n->t('Couldn\'t send reset email. Please make sure your username is correct.'));
+    }
 }

Spacing +9 added lines, -9 removed lines

@@ -160,7 +160,7 @@ 
 	 */
 	protected function checkPasswordResetToken($token, $userId) {
 		$user = $this->userManager->get($userId);
-		if($user === null) {
+		if ($user === null) {
 			throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid'));
 		}
 
@@ -173,11 +173,11 @@ 
 		}
 
 		$splittedToken = explode(':', $decryptedToken);
-		if(count($splittedToken) !== 2) {
+		if (count($splittedToken) !== 2) {
 			throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid'));
 		}
 
-		if ($splittedToken[0] < ($this->timeFactory->getTime() - 60*60*12) ||
+		if ($splittedToken[0] < ($this->timeFactory->getTime() - 60 * 60 * 12) ||
 			$user->getLastLogin() > $splittedToken[0]) {
 			throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is expired'));
 		}
@@ -192,7 +192,7 @@ 
 	 * @param array $additional
 	 * @return array
 	 */
-	private function error($message, array $additional=array()) {
+	private function error($message, array $additional = array()) {
 		return array_merge(array('status' => 'error', 'msg' => $message), $additional);
 	}
 
@@ -210,11 +210,11 @@ 
 	 * @param string $user
 	 * @return JSONResponse
 	 */
-	public function email($user){
+	public function email($user) {
 		// FIXME: use HTTP error codes
 		try {
 			$this->sendEmail($user);
-		} catch (\Exception $e){
+		} catch (\Exception $e) {
 			$response = new JSONResponse($this->error($e->getMessage()));
 			$response->throttle();
 			return $response;
@@ -252,7 +252,7 @@ 
 
 			$this->config->deleteUserValue($userId, 'core', 'lostpassword');
 			@\OC_User::unsetMagicInCookie();
-		} catch (\Exception $e){
+		} catch (\Exception $e) {
 			return $this->error($e->getMessage());
 		}
 
@@ -283,8 +283,8 @@ 
 			ISecureRandom::CHAR_LOWER.
 			ISecureRandom::CHAR_UPPER
 		);
-		$tokenValue = $this->timeFactory->getTime() .':'. $token;
-		$encryptedValue = $this->crypto->encrypt($tokenValue, $email . $this->config->getSystemValue('secret'));
+		$tokenValue = $this->timeFactory->getTime().':'.$token;
+		$encryptedValue = $this->crypto->encrypt($tokenValue, $email.$this->config->getSystemValue('secret'));
 		$this->config->setUserValue($user->getUID(), 'core', 'lostpassword', $encryptedValue);
 
 		$link = $this->urlGenerator->linkToRouteAbsolute('core.lost.resetform', array('userId' => $user->getUID(), 'token' => $token));

apps/user_ldap/lib/Controller/ConfigAPIController.php

Indentation +260 added lines, -260 removed lines

@@ -39,281 +39,281 @@
 
 class ConfigAPIController extends OCSController {
 
-	/** @var Helper */
-	private $ldapHelper;
+    /** @var Helper */
+    private $ldapHelper;
 
-	/** @var ILogger */
-	private $logger;
+    /** @var ILogger */
+    private $logger;
 
-	public function __construct(
-		$appName,
-		IRequest $request,
-		CapabilitiesManager $capabilitiesManager,
-		IUserSession $userSession,
-		IUserManager $userManager,
-		Manager $keyManager,
-		Helper $ldapHelper,
-		ILogger $logger
-	) {
-		parent::__construct(
-			$appName,
-			$request,
-			$capabilitiesManager,
-			$userSession,
-			$userManager,
-			$keyManager
-		);
+    public function __construct(
+        $appName,
+        IRequest $request,
+        CapabilitiesManager $capabilitiesManager,
+        IUserSession $userSession,
+        IUserManager $userManager,
+        Manager $keyManager,
+        Helper $ldapHelper,
+        ILogger $logger
+    ) {
+        parent::__construct(
+            $appName,
+            $request,
+            $capabilitiesManager,
+            $userSession,
+            $userManager,
+            $keyManager
+        );
 
 
-		$this->ldapHelper = $ldapHelper;
-		$this->logger = $logger;
-	}
+        $this->ldapHelper = $ldapHelper;
+        $this->logger = $logger;
+    }
 
-	/**
-	 * creates a new (empty) configuration and returns the resulting prefix
-	 *
-	 * Example: curl -X POST -H "OCS-APIREQUEST: true"  -u $admin:$password \
-	 *   https://nextcloud.server/ocs/v2.php/apps/user_ldap/api/v1/config
-	 *
-	 * results in:
-	 *
-	 * <?xml version="1.0"?>
-	 * <ocs>
-	 *   <meta>
-	 *     <status>ok</status>
-	 *     <statuscode>200</statuscode>
-	 *     <message>OK</message>
-	 *   </meta>
-	 *   <data>
-	 *     <configID>s40</configID>
-	 *   </data>
-	 * </ocs>
-	 *
-	 * Failing example: if an exception is thrown (e.g. Database connection lost)
-	 * the detailed error will be logged. The output will then look like:
-	 *
-	 * <?xml version="1.0"?>
-	 * <ocs>
-	 *   <meta>
-	 *     <status>failure</status>
-	 *     <statuscode>999</statuscode>
-	 *     <message>An issue occurred when creating the new config.</message>
-	 *   </meta>
-	 *   <data/>
-	 * </ocs>
-	 *
-	 * For JSON output provide the format=json parameter
-	 *
-	 * @return DataResponse
-	 * @throws OCSException
-	 */
-	public function create() {
-		try {
-			$configPrefix = $this->ldapHelper->getNextServerConfigurationPrefix();
-			$configHolder = new Configuration($configPrefix);
-			$configHolder->saveConfiguration();
-		} catch (\Exception $e) {
-			$this->logger->logException($e);
-			throw new OCSException('An issue occurred when creating the new config.');
-		}
-		return new DataResponse(['configID' => $configPrefix]);
-	}
+    /**
+     * creates a new (empty) configuration and returns the resulting prefix
+     *
+     * Example: curl -X POST -H "OCS-APIREQUEST: true"  -u $admin:$password \
+     *   https://nextcloud.server/ocs/v2.php/apps/user_ldap/api/v1/config
+     *
+     * results in:
+     *
+     * <?xml version="1.0"?>
+     * <ocs>
+     *   <meta>
+     *     <status>ok</status>
+     *     <statuscode>200</statuscode>
+     *     <message>OK</message>
+     *   </meta>
+     *   <data>
+     *     <configID>s40</configID>
+     *   </data>
+     * </ocs>
+     *
+     * Failing example: if an exception is thrown (e.g. Database connection lost)
+     * the detailed error will be logged. The output will then look like:
+     *
+     * <?xml version="1.0"?>
+     * <ocs>
+     *   <meta>
+     *     <status>failure</status>
+     *     <statuscode>999</statuscode>
+     *     <message>An issue occurred when creating the new config.</message>
+     *   </meta>
+     *   <data/>
+     * </ocs>
+     *
+     * For JSON output provide the format=json parameter
+     *
+     * @return DataResponse
+     * @throws OCSException
+     */
+    public function create() {
+        try {
+            $configPrefix = $this->ldapHelper->getNextServerConfigurationPrefix();
+            $configHolder = new Configuration($configPrefix);
+            $configHolder->saveConfiguration();
+        } catch (\Exception $e) {
+            $this->logger->logException($e);
+            throw new OCSException('An issue occurred when creating the new config.');
+        }
+        return new DataResponse(['configID' => $configPrefix]);
+    }
 
-	/**
-	 * Deletes a LDAP configuration, if present.
-	 *
-	 * Example:
-	 *   curl -X DELETE -H "OCS-APIREQUEST: true" -u $admin:$password \
-	 *    https://nextcloud.server/ocs/v2.php/apps/user_ldap/api/v1/config/s60
-	 *
-	 * <?xml version="1.0"?>
-	 * <ocs>
-	 *   <meta>
-	 *     <status>ok</status>
-	 *     <statuscode>200</statuscode>
-	 *     <message>OK</message>
-	 *   </meta>
-	 *   <data/>
-	 * </ocs>
-	 *
-	 * @param string $configID
-	 * @return DataResponse
-	 * @throws OCSBadRequestException
-	 * @throws OCSException
-	 */
-	public function delete($configID) {
-		try {
-			$this->ensureConfigIDExists($configID);
-			if(!$this->ldapHelper->deleteServerConfiguration($configID)) {
-				throw new OCSException('Could not delete configuration');
-			}
-		} catch(OCSException $e) {
-			throw $e;
-		} catch(\Exception $e) {
-			$this->logger->logException($e);
-			throw new OCSException('An issue occurred when deleting the config.');
-		}
+    /**
+     * Deletes a LDAP configuration, if present.
+     *
+     * Example:
+     *   curl -X DELETE -H "OCS-APIREQUEST: true" -u $admin:$password \
+     *    https://nextcloud.server/ocs/v2.php/apps/user_ldap/api/v1/config/s60
+     *
+     * <?xml version="1.0"?>
+     * <ocs>
+     *   <meta>
+     *     <status>ok</status>
+     *     <statuscode>200</statuscode>
+     *     <message>OK</message>
+     *   </meta>
+     *   <data/>
+     * </ocs>
+     *
+     * @param string $configID
+     * @return DataResponse
+     * @throws OCSBadRequestException
+     * @throws OCSException
+     */
+    public function delete($configID) {
+        try {
+            $this->ensureConfigIDExists($configID);
+            if(!$this->ldapHelper->deleteServerConfiguration($configID)) {
+                throw new OCSException('Could not delete configuration');
+            }
+        } catch(OCSException $e) {
+            throw $e;
+        } catch(\Exception $e) {
+            $this->logger->logException($e);
+            throw new OCSException('An issue occurred when deleting the config.');
+        }
 
-		return new DataResponse();
-	}
+        return new DataResponse();
+    }
 
-	/**
-	 * modifies a configuration
-	 *
-	 * Example:
-	 *   curl -X PUT -d "configData[ldapHost]=ldaps://my.ldap.server&configData[ldapPort]=636" \
-	 *    -H "OCS-APIREQUEST: true" -u $admin:$password \
-	 *    https://nextcloud.server/ocs/v2.php/apps/user_ldap/api/v1/config/s60
-	 *
-	 * <?xml version="1.0"?>
-	 * <ocs>
-	 *   <meta>
-	 *     <status>ok</status>
-	 *     <statuscode>200</statuscode>
-	 *     <message>OK</message>
-	 *   </meta>
-	 *   <data/>
-	 * </ocs>
-	 *
-	 * @param string $configID
-	 * @param array $configData
-	 * @return DataResponse
-	 * @throws OCSException
-	 */
-	public function modify($configID, $configData) {
-		try {
-			$this->ensureConfigIDExists($configID);
+    /**
+     * modifies a configuration
+     *
+     * Example:
+     *   curl -X PUT -d "configData[ldapHost]=ldaps://my.ldap.server&configData[ldapPort]=636" \
+     *    -H "OCS-APIREQUEST: true" -u $admin:$password \
+     *    https://nextcloud.server/ocs/v2.php/apps/user_ldap/api/v1/config/s60
+     *
+     * <?xml version="1.0"?>
+     * <ocs>
+     *   <meta>
+     *     <status>ok</status>
+     *     <statuscode>200</statuscode>
+     *     <message>OK</message>
+     *   </meta>
+     *   <data/>
+     * </ocs>
+     *
+     * @param string $configID
+     * @param array $configData
+     * @return DataResponse
+     * @throws OCSException
+     */
+    public function modify($configID, $configData) {
+        try {
+            $this->ensureConfigIDExists($configID);
 
-			if(!is_array($configData)) {
-				throw new OCSBadRequestException('configData is not properly set');
-			}
+            if(!is_array($configData)) {
+                throw new OCSBadRequestException('configData is not properly set');
+            }
 
-			$configuration = new Configuration($configID);
-			$configKeys = $configuration->getConfigTranslationArray();
+            $configuration = new Configuration($configID);
+            $configKeys = $configuration->getConfigTranslationArray();
 
-			foreach ($configKeys as $i => $key) {
-				if(isset($configData[$key])) {
-					$configuration->$key = $configData[$key];
-				}
-			}
+            foreach ($configKeys as $i => $key) {
+                if(isset($configData[$key])) {
+                    $configuration->$key = $configData[$key];
+                }
+            }
 
-			$configuration->saveConfiguration();
-		} catch(OCSException $e) {
-			throw $e;
-		} catch (\Exception $e) {
-			$this->logger->logException($e);
-			throw new OCSException('An issue occurred when modifying the config.');
-		}
+            $configuration->saveConfiguration();
+        } catch(OCSException $e) {
+            throw $e;
+        } catch (\Exception $e) {
+            $this->logger->logException($e);
+            throw new OCSException('An issue occurred when modifying the config.');
+        }
 
-		return new DataResponse();
-	}
+        return new DataResponse();
+    }
 
-	/**
-	 * retrieves a configuration
-	 *
-	 * <?xml version="1.0"?>
-	 * <ocs>
-	 *   <meta>
-	 *     <status>ok</status>
-	 *     <statuscode>200</statuscode>
-	 *     <message>OK</message>
-	 *   </meta>
-	 *   <data>
-	 *     <ldapHost>ldaps://my.ldap.server</ldapHost>
-	 *     <ldapPort>7770</ldapPort>
-	 *     <ldapBackupHost></ldapBackupHost>
-	 *     <ldapBackupPort></ldapBackupPort>
-	 *     <ldapBase>ou=small,dc=my,dc=ldap,dc=server</ldapBase>
-	 *     <ldapBaseUsers>ou=users,ou=small,dc=my,dc=ldap,dc=server</ldapBaseUsers>
-	 *     <ldapBaseGroups>ou=small,dc=my,dc=ldap,dc=server</ldapBaseGroups>
-	 *     <ldapAgentName>cn=root,dc=my,dc=ldap,dc=server</ldapAgentName>
-	 *     <ldapAgentPassword>clearTextWithShowPassword=1</ldapAgentPassword>
-	 *     <ldapTLS>1</ldapTLS>
-	 *     <turnOffCertCheck>0</turnOffCertCheck>
-	 *     <ldapIgnoreNamingRules/>
-	 *     <ldapUserDisplayName>displayname</ldapUserDisplayName>
-	 *     <ldapUserDisplayName2>uid</ldapUserDisplayName2>
-	 *     <ldapUserFilterObjectclass>inetOrgPerson</ldapUserFilterObjectclass>
-	 *     <ldapUserFilterGroups></ldapUserFilterGroups>
-	 *     <ldapUserFilter>(&amp;(objectclass=nextcloudUser)(nextcloudEnabled=TRUE))</ldapUserFilter>
-	 *     <ldapUserFilterMode>1</ldapUserFilterMode>
-	 *     <ldapGroupFilter>(&amp;(|(objectclass=nextcloudGroup)))</ldapGroupFilter>
-	 *     <ldapGroupFilterMode>0</ldapGroupFilterMode>
-	 *     <ldapGroupFilterObjectclass>nextcloudGroup</ldapGroupFilterObjectclass>
-	 *     <ldapGroupFilterGroups></ldapGroupFilterGroups>
-	 *     <ldapGroupDisplayName>cn</ldapGroupDisplayName>
-	 *     <ldapGroupMemberAssocAttr>memberUid</ldapGroupMemberAssocAttr>
-	 *     <ldapLoginFilter>(&amp;(|(objectclass=inetOrgPerson))(uid=%uid))</ldapLoginFilter>
-	 *     <ldapLoginFilterMode>0</ldapLoginFilterMode>
-	 *     <ldapLoginFilterEmail>0</ldapLoginFilterEmail>
-	 *     <ldapLoginFilterUsername>1</ldapLoginFilterUsername>
-	 *     <ldapLoginFilterAttributes></ldapLoginFilterAttributes>
-	 *     <ldapQuotaAttribute></ldapQuotaAttribute>
-	 *     <ldapQuotaDefault></ldapQuotaDefault>
-	 *     <ldapEmailAttribute>mail</ldapEmailAttribute>
-	 *     <ldapCacheTTL>20</ldapCacheTTL>
-	 *     <ldapUuidUserAttribute>auto</ldapUuidUserAttribute>
-	 *     <ldapUuidGroupAttribute>auto</ldapUuidGroupAttribute>
-	 *     <ldapOverrideMainServer></ldapOverrideMainServer>
-	 *     <ldapConfigurationActive>1</ldapConfigurationActive>
-	 *     <ldapAttributesForUserSearch>uid;sn;givenname</ldapAttributesForUserSearch>
-	 *     <ldapAttributesForGroupSearch></ldapAttributesForGroupSearch>
-	 *     <ldapExperiencedAdmin>0</ldapExperiencedAdmin>
-	 *     <homeFolderNamingRule></homeFolderNamingRule>
-	 *     <hasPagedResultSupport></hasPagedResultSupport>
-	 *     <hasMemberOfFilterSupport></hasMemberOfFilterSupport>
-	 *     <useMemberOfToDetectMembership>1</useMemberOfToDetectMembership>
-	 *     <ldapExpertUsernameAttr>uid</ldapExpertUsernameAttr>
-	 *     <ldapExpertUUIDUserAttr>uid</ldapExpertUUIDUserAttr>
-	 *     <ldapExpertUUIDGroupAttr></ldapExpertUUIDGroupAttr>
-	 *     <lastJpegPhotoLookup>0</lastJpegPhotoLookup>
-	 *     <ldapNestedGroups>0</ldapNestedGroups>
-	 *     <ldapPagingSize>500</ldapPagingSize>
-	 *     <turnOnPasswordChange>1</turnOnPasswordChange>
-	 *     <ldapDynamicGroupMemberURL></ldapDynamicGroupMemberURL>
-	 *   </data>
-	 * </ocs>
-	 *
-	 * @param string $configID
-	 * @param bool|string $showPassword
-	 * @return DataResponse
-	 * @throws OCSException
-	 */
-	public function show($configID, $showPassword = false) {
-		try {
-			$this->ensureConfigIDExists($configID);
+    /**
+     * retrieves a configuration
+     *
+     * <?xml version="1.0"?>
+     * <ocs>
+     *   <meta>
+     *     <status>ok</status>
+     *     <statuscode>200</statuscode>
+     *     <message>OK</message>
+     *   </meta>
+     *   <data>
+     *     <ldapHost>ldaps://my.ldap.server</ldapHost>
+     *     <ldapPort>7770</ldapPort>
+     *     <ldapBackupHost></ldapBackupHost>
+     *     <ldapBackupPort></ldapBackupPort>
+     *     <ldapBase>ou=small,dc=my,dc=ldap,dc=server</ldapBase>
+     *     <ldapBaseUsers>ou=users,ou=small,dc=my,dc=ldap,dc=server</ldapBaseUsers>
+     *     <ldapBaseGroups>ou=small,dc=my,dc=ldap,dc=server</ldapBaseGroups>
+     *     <ldapAgentName>cn=root,dc=my,dc=ldap,dc=server</ldapAgentName>
+     *     <ldapAgentPassword>clearTextWithShowPassword=1</ldapAgentPassword>
+     *     <ldapTLS>1</ldapTLS>
+     *     <turnOffCertCheck>0</turnOffCertCheck>
+     *     <ldapIgnoreNamingRules/>
+     *     <ldapUserDisplayName>displayname</ldapUserDisplayName>
+     *     <ldapUserDisplayName2>uid</ldapUserDisplayName2>
+     *     <ldapUserFilterObjectclass>inetOrgPerson</ldapUserFilterObjectclass>
+     *     <ldapUserFilterGroups></ldapUserFilterGroups>
+     *     <ldapUserFilter>(&amp;(objectclass=nextcloudUser)(nextcloudEnabled=TRUE))</ldapUserFilter>
+     *     <ldapUserFilterMode>1</ldapUserFilterMode>
+     *     <ldapGroupFilter>(&amp;(|(objectclass=nextcloudGroup)))</ldapGroupFilter>
+     *     <ldapGroupFilterMode>0</ldapGroupFilterMode>
+     *     <ldapGroupFilterObjectclass>nextcloudGroup</ldapGroupFilterObjectclass>
+     *     <ldapGroupFilterGroups></ldapGroupFilterGroups>
+     *     <ldapGroupDisplayName>cn</ldapGroupDisplayName>
+     *     <ldapGroupMemberAssocAttr>memberUid</ldapGroupMemberAssocAttr>
+     *     <ldapLoginFilter>(&amp;(|(objectclass=inetOrgPerson))(uid=%uid))</ldapLoginFilter>
+     *     <ldapLoginFilterMode>0</ldapLoginFilterMode>
+     *     <ldapLoginFilterEmail>0</ldapLoginFilterEmail>
+     *     <ldapLoginFilterUsername>1</ldapLoginFilterUsername>
+     *     <ldapLoginFilterAttributes></ldapLoginFilterAttributes>
+     *     <ldapQuotaAttribute></ldapQuotaAttribute>
+     *     <ldapQuotaDefault></ldapQuotaDefault>
+     *     <ldapEmailAttribute>mail</ldapEmailAttribute>
+     *     <ldapCacheTTL>20</ldapCacheTTL>
+     *     <ldapUuidUserAttribute>auto</ldapUuidUserAttribute>
+     *     <ldapUuidGroupAttribute>auto</ldapUuidGroupAttribute>
+     *     <ldapOverrideMainServer></ldapOverrideMainServer>
+     *     <ldapConfigurationActive>1</ldapConfigurationActive>
+     *     <ldapAttributesForUserSearch>uid;sn;givenname</ldapAttributesForUserSearch>
+     *     <ldapAttributesForGroupSearch></ldapAttributesForGroupSearch>
+     *     <ldapExperiencedAdmin>0</ldapExperiencedAdmin>
+     *     <homeFolderNamingRule></homeFolderNamingRule>
+     *     <hasPagedResultSupport></hasPagedResultSupport>
+     *     <hasMemberOfFilterSupport></hasMemberOfFilterSupport>
+     *     <useMemberOfToDetectMembership>1</useMemberOfToDetectMembership>
+     *     <ldapExpertUsernameAttr>uid</ldapExpertUsernameAttr>
+     *     <ldapExpertUUIDUserAttr>uid</ldapExpertUUIDUserAttr>
+     *     <ldapExpertUUIDGroupAttr></ldapExpertUUIDGroupAttr>
+     *     <lastJpegPhotoLookup>0</lastJpegPhotoLookup>
+     *     <ldapNestedGroups>0</ldapNestedGroups>
+     *     <ldapPagingSize>500</ldapPagingSize>
+     *     <turnOnPasswordChange>1</turnOnPasswordChange>
+     *     <ldapDynamicGroupMemberURL></ldapDynamicGroupMemberURL>
+     *   </data>
+     * </ocs>
+     *
+     * @param string $configID
+     * @param bool|string $showPassword
+     * @return DataResponse
+     * @throws OCSException
+     */
+    public function show($configID, $showPassword = false) {
+        try {
+            $this->ensureConfigIDExists($configID);
 
-			$config = new Configuration($configID);
-			$data = $config->getConfiguration();
-			if(!boolval(intval($showPassword))) {
-				$data['ldapAgentPassword'] = '***';
-			}
-			foreach ($data as $key => $value) {
-				if(is_array($value)) {
-					$value = implode(';', $value);
-					$data[$key] = $value;
-				}
-			}
-		} catch(OCSException $e) {
-			throw $e;
-		} catch (\Exception $e) {
-			$this->logger->logException($e);
-			throw new OCSException('An issue occurred when modifying the config.');
-		}
+            $config = new Configuration($configID);
+            $data = $config->getConfiguration();
+            if(!boolval(intval($showPassword))) {
+                $data['ldapAgentPassword'] = '***';
+            }
+            foreach ($data as $key => $value) {
+                if(is_array($value)) {
+                    $value = implode(';', $value);
+                    $data[$key] = $value;
+                }
+            }
+        } catch(OCSException $e) {
+            throw $e;
+        } catch (\Exception $e) {
+            $this->logger->logException($e);
+            throw new OCSException('An issue occurred when modifying the config.');
+        }
 
-		return new DataResponse($data);
-	}
+        return new DataResponse($data);
+    }
 
-	/**
-	 * if the given config ID is not available, an exception is thrown
-	 *
-	 * @param string $configID
-	 * @throws OCSNotFoundException
-	 */
-	private function ensureConfigIDExists($configID) {
-		$prefixes = $this->ldapHelper->getServerConfigurationPrefixes();
-		if(!in_array($configID, $prefixes, true)) {
-			throw new OCSNotFoundException('Config ID not found');
-		}
-	}
+    /**
+     * if the given config ID is not available, an exception is thrown
+     *
+     * @param string $configID
+     * @throws OCSNotFoundException
+     */
+    private function ensureConfigIDExists($configID) {
+        $prefixes = $this->ldapHelper->getServerConfigurationPrefixes();
+        if(!in_array($configID, $prefixes, true)) {
+            throw new OCSNotFoundException('Config ID not found');
+        }
+    }
 }

apps/files_sharing/lib/Controller/ShareController.php

Indentation +550 added lines, -550 removed lines

@@ -64,558 +64,558 @@
  */
 class ShareController extends Controller {
 
-	/** @var IConfig */
-	protected $config;
-	/** @var IURLGenerator */
-	protected $urlGenerator;
-	/** @var IUserManager */
-	protected $userManager;
-	/** @var ILogger */
-	protected $logger;
-	/** @var \OCP\Activity\IManager */
-	protected $activityManager;
-	/** @var \OCP\Share\IManager */
-	protected $shareManager;
-	/** @var ISession */
-	protected $session;
-	/** @var IPreview */
-	protected $previewManager;
-	/** @var IRootFolder */
-	protected $rootFolder;
-	/** @var FederatedShareProvider */
-	protected $federatedShareProvider;
-	/** @var EventDispatcherInterface */
-	protected $eventDispatcher;
-	/** @var IL10N */
-	protected $l10n;
-	/** @var Defaults */
-	protected $defaults;
-
-	/**
-	 * @param string $appName
-	 * @param IRequest $request
-	 * @param IConfig $config
-	 * @param IURLGenerator $urlGenerator
-	 * @param IUserManager $userManager
-	 * @param ILogger $logger
-	 * @param \OCP\Activity\IManager $activityManager
-	 * @param \OCP\Share\IManager $shareManager
-	 * @param ISession $session
-	 * @param IPreview $previewManager
-	 * @param IRootFolder $rootFolder
-	 * @param FederatedShareProvider $federatedShareProvider
-	 * @param EventDispatcherInterface $eventDispatcher
-	 * @param IL10N $l10n
-	 * @param Defaults $defaults
-	 */
-	public function __construct($appName,
-								IRequest $request,
-								IConfig $config,
-								IURLGenerator $urlGenerator,
-								IUserManager $userManager,
-								ILogger $logger,
-								\OCP\Activity\IManager $activityManager,
-								\OCP\Share\IManager $shareManager,
-								ISession $session,
-								IPreview $previewManager,
-								IRootFolder $rootFolder,
-								FederatedShareProvider $federatedShareProvider,
-								EventDispatcherInterface $eventDispatcher,
-								IL10N $l10n,
-								Defaults $defaults) {
-		parent::__construct($appName, $request);
-
-		$this->config = $config;
-		$this->urlGenerator = $urlGenerator;
-		$this->userManager = $userManager;
-		$this->logger = $logger;
-		$this->activityManager = $activityManager;
-		$this->shareManager = $shareManager;
-		$this->session = $session;
-		$this->previewManager = $previewManager;
-		$this->rootFolder = $rootFolder;
-		$this->federatedShareProvider = $federatedShareProvider;
-		$this->eventDispatcher = $eventDispatcher;
-		$this->l10n = $l10n;
-		$this->defaults = $defaults;
-	}
-
-	/**
-	 * @PublicPage
-	 * @NoCSRFRequired
-	 *
-	 * @param string $token
-	 * @return TemplateResponse|RedirectResponse
-	 */
-	public function showAuthenticate($token) {
-		$share = $this->shareManager->getShareByToken($token);
-
-		if($this->linkShareAuth($share)) {
-			return new RedirectResponse($this->urlGenerator->linkToRoute('files_sharing.sharecontroller.showShare', array('token' => $token)));
-		}
-
-		return new TemplateResponse($this->appName, 'authenticate', array(), 'guest');
-	}
-
-	/**
-	 * @PublicPage
-	 * @UseSession
-	 * @BruteForceProtection(action=publicLinkAuth)
-	 *
-	 * Authenticates against password-protected shares
-	 * @param string $token
-	 * @param string $password
-	 * @return RedirectResponse|TemplateResponse|NotFoundResponse
-	 */
-	public function authenticate($token, $password = '') {
-
-		// Check whether share exists
-		try {
-			$share = $this->shareManager->getShareByToken($token);
-		} catch (ShareNotFound $e) {
-			return new NotFoundResponse();
-		}
-
-		$authenticate = $this->linkShareAuth($share, $password);
-
-		if($authenticate === true) {
-			return new RedirectResponse($this->urlGenerator->linkToRoute('files_sharing.sharecontroller.showShare', array('token' => $token)));
-		}
-
-		$response = new TemplateResponse($this->appName, 'authenticate', array('wrongpw' => true), 'guest');
-		$response->throttle();
-		return $response;
-	}
-
-	/**
-	 * Authenticate a link item with the given password.
-	 * Or use the session if no password is provided.
-	 *
-	 * This is a modified version of Helper::authenticate
-	 * TODO: Try to merge back eventually with Helper::authenticate
-	 *
-	 * @param \OCP\Share\IShare $share
-	 * @param string|null $password
-	 * @return bool
-	 */
-	private function linkShareAuth(\OCP\Share\IShare $share, $password = null) {
-		if ($password !== null) {
-			if ($this->shareManager->checkPassword($share, $password)) {
-				$this->session->set('public_link_authenticated', (string)$share->getId());
-			} else {
-				$this->emitAccessShareHook($share, 403, 'Wrong password');
-				return false;
-			}
-		} else {
-			// not authenticated ?
-			if ( ! $this->session->exists('public_link_authenticated')
-				|| $this->session->get('public_link_authenticated') !== (string)$share->getId()) {
-				return false;
-			}
-		}
-		return true;
-	}
-
-	/**
-	 * throws hooks when a share is attempted to be accessed
-	 *
-	 * @param \OCP\Share\IShare|string $share the Share instance if available,
-	 * otherwise token
-	 * @param int $errorCode
-	 * @param string $errorMessage
-	 * @throws \OC\HintException
-	 * @throws \OC\ServerNotAvailableException
-	 */
-	protected function emitAccessShareHook($share, $errorCode = 200, $errorMessage = '') {
-		$itemType = $itemSource = $uidOwner = '';
-		$token = $share;
-		$exception = null;
-		if($share instanceof \OCP\Share\IShare) {
-			try {
-				$token = $share->getToken();
-				$uidOwner = $share->getSharedBy();
-				$itemType = $share->getNodeType();
-				$itemSource = $share->getNodeId();
-			} catch (\Exception $e) {
-				// we log what we know and pass on the exception afterwards
-				$exception = $e;
-			}
-		}
-		\OC_Hook::emit('OCP\Share', 'share_link_access', [
-			'itemType' => $itemType,
-			'itemSource' => $itemSource,
-			'uidOwner' => $uidOwner,
-			'token' => $token,
-			'errorCode' => $errorCode,
-			'errorMessage' => $errorMessage,
-		]);
-		if(!is_null($exception)) {
-			throw $exception;
-		}
-	}
-
-	/**
-	 * Validate the permissions of the share
-	 *
-	 * @param Share\IShare $share
-	 * @return bool
-	 */
-	private function validateShare(\OCP\Share\IShare $share) {
-		return $share->getNode()->isReadable() && $share->getNode()->isShareable();
-	}
-
-	/**
-	 * @PublicPage
-	 * @NoCSRFRequired
-	 *
-	 * @param string $token
-	 * @param string $path
-	 * @return TemplateResponse|RedirectResponse|NotFoundResponse
-	 * @throws NotFoundException
-	 * @throws \Exception
-	 */
-	public function showShare($token, $path = '') {
-		\OC_User::setIncognitoMode(true);
-
-		// Check whether share exists
-		try {
-			$share = $this->shareManager->getShareByToken($token);
-		} catch (ShareNotFound $e) {
-			$this->emitAccessShareHook($token, 404, 'Share not found');
-			return new NotFoundResponse();
-		}
-
-		// Share is password protected - check whether the user is permitted to access the share
-		if ($share->getPassword() !== null && !$this->linkShareAuth($share)) {
-			return new RedirectResponse($this->urlGenerator->linkToRoute('files_sharing.sharecontroller.authenticate',
-				array('token' => $token)));
-		}
-
-		if (!$this->validateShare($share)) {
-			throw new NotFoundException();
-		}
-		// We can't get the path of a file share
-		try {
-			if ($share->getNode() instanceof \OCP\Files\File && $path !== '') {
-				$this->emitAccessShareHook($share, 404, 'Share not found');
-				throw new NotFoundException();
-			}
-		} catch (\Exception $e) {
-			$this->emitAccessShareHook($share, 404, 'Share not found');
-			throw $e;
-		}
-
-		$shareTmpl = [];
-		$shareTmpl['displayName'] = $this->userManager->get($share->getShareOwner())->getDisplayName();
-		$shareTmpl['owner'] = $share->getShareOwner();
-		$shareTmpl['filename'] = $share->getNode()->getName();
-		$shareTmpl['directory_path'] = $share->getTarget();
-		$shareTmpl['mimetype'] = $share->getNode()->getMimetype();
-		$shareTmpl['previewSupported'] = $this->previewManager->isMimeSupported($share->getNode()->getMimetype());
-		$shareTmpl['dirToken'] = $token;
-		$shareTmpl['sharingToken'] = $token;
-		$shareTmpl['server2serversharing'] = $this->federatedShareProvider->isOutgoingServer2serverShareEnabled();
-		$shareTmpl['protected'] = $share->getPassword() !== null ? 'true' : 'false';
-		$shareTmpl['dir'] = '';
-		$shareTmpl['nonHumanFileSize'] = $share->getNode()->getSize();
-		$shareTmpl['fileSize'] = \OCP\Util::humanFileSize($share->getNode()->getSize());
-
-		// Show file list
-		$hideFileList = false;
-		if ($share->getNode() instanceof \OCP\Files\Folder) {
-			/** @var \OCP\Files\Folder $rootFolder */
-			$rootFolder = $share->getNode();
-
-			try {
-				$folderNode = $rootFolder->get($path);
-			} catch (\OCP\Files\NotFoundException $e) {
-				$this->emitAccessShareHook($share, 404, 'Share not found');
-				throw new NotFoundException();
-			}
-
-			$shareTmpl['dir'] = $rootFolder->getRelativePath($folderNode->getPath());
-
-			/*
+    /** @var IConfig */
+    protected $config;
+    /** @var IURLGenerator */
+    protected $urlGenerator;
+    /** @var IUserManager */
+    protected $userManager;
+    /** @var ILogger */
+    protected $logger;
+    /** @var \OCP\Activity\IManager */
+    protected $activityManager;
+    /** @var \OCP\Share\IManager */
+    protected $shareManager;
+    /** @var ISession */
+    protected $session;
+    /** @var IPreview */
+    protected $previewManager;
+    /** @var IRootFolder */
+    protected $rootFolder;
+    /** @var FederatedShareProvider */
+    protected $federatedShareProvider;
+    /** @var EventDispatcherInterface */
+    protected $eventDispatcher;
+    /** @var IL10N */
+    protected $l10n;
+    /** @var Defaults */
+    protected $defaults;
+
+    /**
+     * @param string $appName
+     * @param IRequest $request
+     * @param IConfig $config
+     * @param IURLGenerator $urlGenerator
+     * @param IUserManager $userManager
+     * @param ILogger $logger
+     * @param \OCP\Activity\IManager $activityManager
+     * @param \OCP\Share\IManager $shareManager
+     * @param ISession $session
+     * @param IPreview $previewManager
+     * @param IRootFolder $rootFolder
+     * @param FederatedShareProvider $federatedShareProvider
+     * @param EventDispatcherInterface $eventDispatcher
+     * @param IL10N $l10n
+     * @param Defaults $defaults
+     */
+    public function __construct($appName,
+                                IRequest $request,
+                                IConfig $config,
+                                IURLGenerator $urlGenerator,
+                                IUserManager $userManager,
+                                ILogger $logger,
+                                \OCP\Activity\IManager $activityManager,
+                                \OCP\Share\IManager $shareManager,
+                                ISession $session,
+                                IPreview $previewManager,
+                                IRootFolder $rootFolder,
+                                FederatedShareProvider $federatedShareProvider,
+                                EventDispatcherInterface $eventDispatcher,
+                                IL10N $l10n,
+                                Defaults $defaults) {
+        parent::__construct($appName, $request);
+
+        $this->config = $config;
+        $this->urlGenerator = $urlGenerator;
+        $this->userManager = $userManager;
+        $this->logger = $logger;
+        $this->activityManager = $activityManager;
+        $this->shareManager = $shareManager;
+        $this->session = $session;
+        $this->previewManager = $previewManager;
+        $this->rootFolder = $rootFolder;
+        $this->federatedShareProvider = $federatedShareProvider;
+        $this->eventDispatcher = $eventDispatcher;
+        $this->l10n = $l10n;
+        $this->defaults = $defaults;
+    }
+
+    /**
+     * @PublicPage
+     * @NoCSRFRequired
+     *
+     * @param string $token
+     * @return TemplateResponse|RedirectResponse
+     */
+    public function showAuthenticate($token) {
+        $share = $this->shareManager->getShareByToken($token);
+
+        if($this->linkShareAuth($share)) {
+            return new RedirectResponse($this->urlGenerator->linkToRoute('files_sharing.sharecontroller.showShare', array('token' => $token)));
+        }
+
+        return new TemplateResponse($this->appName, 'authenticate', array(), 'guest');
+    }
+
+    /**
+     * @PublicPage
+     * @UseSession
+     * @BruteForceProtection(action=publicLinkAuth)
+     *
+     * Authenticates against password-protected shares
+     * @param string $token
+     * @param string $password
+     * @return RedirectResponse|TemplateResponse|NotFoundResponse
+     */
+    public function authenticate($token, $password = '') {
+
+        // Check whether share exists
+        try {
+            $share = $this->shareManager->getShareByToken($token);
+        } catch (ShareNotFound $e) {
+            return new NotFoundResponse();
+        }
+
+        $authenticate = $this->linkShareAuth($share, $password);
+
+        if($authenticate === true) {
+            return new RedirectResponse($this->urlGenerator->linkToRoute('files_sharing.sharecontroller.showShare', array('token' => $token)));
+        }
+
+        $response = new TemplateResponse($this->appName, 'authenticate', array('wrongpw' => true), 'guest');
+        $response->throttle();
+        return $response;
+    }
+
+    /**
+     * Authenticate a link item with the given password.
+     * Or use the session if no password is provided.
+     *
+     * This is a modified version of Helper::authenticate
+     * TODO: Try to merge back eventually with Helper::authenticate
+     *
+     * @param \OCP\Share\IShare $share
+     * @param string|null $password
+     * @return bool
+     */
+    private function linkShareAuth(\OCP\Share\IShare $share, $password = null) {
+        if ($password !== null) {
+            if ($this->shareManager->checkPassword($share, $password)) {
+                $this->session->set('public_link_authenticated', (string)$share->getId());
+            } else {
+                $this->emitAccessShareHook($share, 403, 'Wrong password');
+                return false;
+            }
+        } else {
+            // not authenticated ?
+            if ( ! $this->session->exists('public_link_authenticated')
+                || $this->session->get('public_link_authenticated') !== (string)$share->getId()) {
+                return false;
+            }
+        }
+        return true;
+    }
+
+    /**
+     * throws hooks when a share is attempted to be accessed
+     *
+     * @param \OCP\Share\IShare|string $share the Share instance if available,
+     * otherwise token
+     * @param int $errorCode
+     * @param string $errorMessage
+     * @throws \OC\HintException
+     * @throws \OC\ServerNotAvailableException
+     */
+    protected function emitAccessShareHook($share, $errorCode = 200, $errorMessage = '') {
+        $itemType = $itemSource = $uidOwner = '';
+        $token = $share;
+        $exception = null;
+        if($share instanceof \OCP\Share\IShare) {
+            try {
+                $token = $share->getToken();
+                $uidOwner = $share->getSharedBy();
+                $itemType = $share->getNodeType();
+                $itemSource = $share->getNodeId();
+            } catch (\Exception $e) {
+                // we log what we know and pass on the exception afterwards
+                $exception = $e;
+            }
+        }
+        \OC_Hook::emit('OCP\Share', 'share_link_access', [
+            'itemType' => $itemType,
+            'itemSource' => $itemSource,
+            'uidOwner' => $uidOwner,
+            'token' => $token,
+            'errorCode' => $errorCode,
+            'errorMessage' => $errorMessage,
+        ]);
+        if(!is_null($exception)) {
+            throw $exception;
+        }
+    }
+
+    /**
+     * Validate the permissions of the share
+     *
+     * @param Share\IShare $share
+     * @return bool
+     */
+    private function validateShare(\OCP\Share\IShare $share) {
+        return $share->getNode()->isReadable() && $share->getNode()->isShareable();
+    }
+
+    /**
+     * @PublicPage
+     * @NoCSRFRequired
+     *
+     * @param string $token
+     * @param string $path
+     * @return TemplateResponse|RedirectResponse|NotFoundResponse
+     * @throws NotFoundException
+     * @throws \Exception
+     */
+    public function showShare($token, $path = '') {
+        \OC_User::setIncognitoMode(true);
+
+        // Check whether share exists
+        try {
+            $share = $this->shareManager->getShareByToken($token);
+        } catch (ShareNotFound $e) {
+            $this->emitAccessShareHook($token, 404, 'Share not found');
+            return new NotFoundResponse();
+        }
+
+        // Share is password protected - check whether the user is permitted to access the share
+        if ($share->getPassword() !== null && !$this->linkShareAuth($share)) {
+            return new RedirectResponse($this->urlGenerator->linkToRoute('files_sharing.sharecontroller.authenticate',
+                array('token' => $token)));
+        }
+
+        if (!$this->validateShare($share)) {
+            throw new NotFoundException();
+        }
+        // We can't get the path of a file share
+        try {
+            if ($share->getNode() instanceof \OCP\Files\File && $path !== '') {
+                $this->emitAccessShareHook($share, 404, 'Share not found');
+                throw new NotFoundException();
+            }
+        } catch (\Exception $e) {
+            $this->emitAccessShareHook($share, 404, 'Share not found');
+            throw $e;
+        }
+
+        $shareTmpl = [];
+        $shareTmpl['displayName'] = $this->userManager->get($share->getShareOwner())->getDisplayName();
+        $shareTmpl['owner'] = $share->getShareOwner();
+        $shareTmpl['filename'] = $share->getNode()->getName();
+        $shareTmpl['directory_path'] = $share->getTarget();
+        $shareTmpl['mimetype'] = $share->getNode()->getMimetype();
+        $shareTmpl['previewSupported'] = $this->previewManager->isMimeSupported($share->getNode()->getMimetype());
+        $shareTmpl['dirToken'] = $token;
+        $shareTmpl['sharingToken'] = $token;
+        $shareTmpl['server2serversharing'] = $this->federatedShareProvider->isOutgoingServer2serverShareEnabled();
+        $shareTmpl['protected'] = $share->getPassword() !== null ? 'true' : 'false';
+        $shareTmpl['dir'] = '';
+        $shareTmpl['nonHumanFileSize'] = $share->getNode()->getSize();
+        $shareTmpl['fileSize'] = \OCP\Util::humanFileSize($share->getNode()->getSize());
+
+        // Show file list
+        $hideFileList = false;
+        if ($share->getNode() instanceof \OCP\Files\Folder) {
+            /** @var \OCP\Files\Folder $rootFolder */
+            $rootFolder = $share->getNode();
+
+            try {
+                $folderNode = $rootFolder->get($path);
+            } catch (\OCP\Files\NotFoundException $e) {
+                $this->emitAccessShareHook($share, 404, 'Share not found');
+                throw new NotFoundException();
+            }
+
+            $shareTmpl['dir'] = $rootFolder->getRelativePath($folderNode->getPath());
+
+            /*
 			 * The OC_Util methods require a view. This just uses the node API
 			 */
-			$freeSpace = $share->getNode()->getStorage()->free_space($share->getNode()->getInternalPath());
-			if ($freeSpace < \OCP\Files\FileInfo::SPACE_UNLIMITED) {
-				$freeSpace = max($freeSpace, 0);
-			} else {
-				$freeSpace = (INF > 0) ? INF: PHP_INT_MAX; // work around https://bugs.php.net/bug.php?id=69188
-			}
-
-			$hideFileList = $share->getPermissions() & \OCP\Constants::PERMISSION_READ ? false : true;
-			$maxUploadFilesize = $freeSpace;
-
-			$folder = new Template('files', 'list', '');
-			$folder->assign('dir', $rootFolder->getRelativePath($folderNode->getPath()));
-			$folder->assign('dirToken', $token);
-			$folder->assign('permissions', \OCP\Constants::PERMISSION_READ);
-			$folder->assign('isPublic', true);
-			$folder->assign('hideFileList', $hideFileList);
-			$folder->assign('publicUploadEnabled', 'no');
-			$folder->assign('uploadMaxFilesize', $maxUploadFilesize);
-			$folder->assign('uploadMaxHumanFilesize', \OCP\Util::humanFileSize($maxUploadFilesize));
-			$folder->assign('freeSpace', $freeSpace);
-			$folder->assign('usedSpacePercent', 0);
-			$folder->assign('trash', false);
-			$shareTmpl['folder'] = $folder->fetchPage();
-		}
-
-		$shareTmpl['hideFileList'] = $hideFileList;
-		$shareTmpl['shareOwner'] = $this->userManager->get($share->getShareOwner())->getDisplayName();
-		$shareTmpl['downloadURL'] = $this->urlGenerator->linkToRouteAbsolute('files_sharing.sharecontroller.downloadShare', ['token' => $token]);
-		$shareTmpl['shareUrl'] = $this->urlGenerator->linkToRouteAbsolute('files_sharing.sharecontroller.showShare', ['token' => $token]);
-		$shareTmpl['maxSizeAnimateGif'] = $this->config->getSystemValue('max_filesize_animated_gifs_public_sharing', 10);
-		$shareTmpl['previewEnabled'] = $this->config->getSystemValue('enable_previews', true);
-		$shareTmpl['previewMaxX'] = $this->config->getSystemValue('preview_max_x', 1024);
-		$shareTmpl['previewMaxY'] = $this->config->getSystemValue('preview_max_y', 1024);
-		$shareTmpl['disclaimer'] = $this->config->getAppValue('core', 'shareapi_public_link_disclaimertext', null);
-		if ($shareTmpl['previewSupported']) {
-			$shareTmpl['previewImage'] = $this->urlGenerator->linkToRouteAbsolute( 'files_sharing.PublicPreview.getPreview',
-				['x' => 200, 'y' => 200, 'file' => $shareTmpl['directory_path'], 't' => $shareTmpl['dirToken']]);
-		} else {
-			$shareTmpl['previewImage'] = $this->urlGenerator->getAbsoluteURL($this->urlGenerator->imagePath('core', 'favicon-fb.png'));
-		}
-
-		// Load files we need
-		\OCP\Util::addScript('files', 'file-upload');
-		\OCP\Util::addStyle('files_sharing', 'publicView');
-		\OCP\Util::addScript('files_sharing', 'public');
-		\OCP\Util::addScript('files', 'fileactions');
-		\OCP\Util::addScript('files', 'fileactionsmenu');
-		\OCP\Util::addScript('files', 'jquery.fileupload');
-		\OCP\Util::addScript('files_sharing', 'files_drop');
-
-		if (isset($shareTmpl['folder'])) {
-			// JS required for folders
-			\OCP\Util::addStyle('files', 'merged');
-			\OCP\Util::addScript('files', 'filesummary');
-			\OCP\Util::addScript('files', 'breadcrumb');
-			\OCP\Util::addScript('files', 'fileinfomodel');
-			\OCP\Util::addScript('files', 'newfilemenu');
-			\OCP\Util::addScript('files', 'files');
-			\OCP\Util::addScript('files', 'filelist');
-			\OCP\Util::addScript('files', 'keyboardshortcuts');
-		}
-
-		// OpenGraph Support: http://ogp.me/
-		\OCP\Util::addHeader('meta', ['property' => "og:title", 'content' => $this->defaults->getName() . ' - ' . $this->defaults->getSlogan()]);
-		\OCP\Util::addHeader('meta', ['property' => "og:description", 'content' => $this->l10n->t('%s is publicly shared', [$shareTmpl['filename']])]);
-		\OCP\Util::addHeader('meta', ['property' => "og:site_name", 'content' => $this->defaults->getName()]);
-		\OCP\Util::addHeader('meta', ['property' => "og:url", 'content' => $shareTmpl['shareUrl']]);
-		\OCP\Util::addHeader('meta', ['property' => "og:type", 'content' => "object"]);
-		\OCP\Util::addHeader('meta', ['property' => "og:image", 'content' => $shareTmpl['previewImage']]);
-
-		$this->eventDispatcher->dispatch('OCA\Files_Sharing::loadAdditionalScripts');
-
-		$csp = new \OCP\AppFramework\Http\ContentSecurityPolicy();
-		$csp->addAllowedFrameDomain('\'self\'');
-		$response = new TemplateResponse($this->appName, 'public', $shareTmpl, 'base');
-		$response->setContentSecurityPolicy($csp);
-
-		$this->emitAccessShareHook($share);
-
-		return $response;
-	}
-
-	/**
-	 * @PublicPage
-	 * @NoCSRFRequired
-	 *
-	 * @param string $token
-	 * @param string $files
-	 * @param string $path
-	 * @param string $downloadStartSecret
-	 * @return void|\OCP\AppFramework\Http\Response
-	 * @throws NotFoundException
-	 */
-	public function downloadShare($token, $files = null, $path = '', $downloadStartSecret = '') {
-		\OC_User::setIncognitoMode(true);
-
-		$share = $this->shareManager->getShareByToken($token);
-
-		if(!($share->getPermissions() & \OCP\Constants::PERMISSION_READ)) {
-			return new \OCP\AppFramework\Http\DataResponse('Share is read-only');
-		}
-
-		// Share is password protected - check whether the user is permitted to access the share
-		if ($share->getPassword() !== null && !$this->linkShareAuth($share)) {
-			return new RedirectResponse($this->urlGenerator->linkToRoute('files_sharing.sharecontroller.authenticate',
-				['token' => $token]));
-		}
-
-		$files_list = null;
-		if (!is_null($files)) { // download selected files
-			$files_list = json_decode($files);
-			// in case we get only a single file
-			if ($files_list === null) {
-				$files_list = [$files];
-			}
-		}
-
-		$userFolder = $this->rootFolder->getUserFolder($share->getShareOwner());
-		$originalSharePath = $userFolder->getRelativePath($share->getNode()->getPath());
-
-		if (!$this->validateShare($share)) {
-			throw new NotFoundException();
-		}
-
-		// Single file share
-		if ($share->getNode() instanceof \OCP\Files\File) {
-			// Single file download
-			$this->singleFileDownloaded($share, $share->getNode());
-		}
-		// Directory share
-		else {
-			/** @var \OCP\Files\Folder $node */
-			$node = $share->getNode();
-
-			// Try to get the path
-			if ($path !== '') {
-				try {
-					$node = $node->get($path);
-				} catch (NotFoundException $e) {
-					$this->emitAccessShareHook($share, 404, 'Share not found');
-					return new NotFoundResponse();
-				}
-			}
-
-			$originalSharePath = $userFolder->getRelativePath($node->getPath());
-
-			if ($node instanceof \OCP\Files\File) {
-				// Single file download
-				$this->singleFileDownloaded($share, $share->getNode());
-			} else if (!empty($files_list)) {
-				$this->fileListDownloaded($share, $files_list, $node);
-			} else {
-				// The folder is downloaded
-				$this->singleFileDownloaded($share, $share->getNode());
-			}
-		}
-
-		/* FIXME: We should do this all nicely in OCP */
-		OC_Util::tearDownFS();
-		OC_Util::setupFS($share->getShareOwner());
-
-		/**
-		 * this sets a cookie to be able to recognize the start of the download
-		 * the content must not be longer than 32 characters and must only contain
-		 * alphanumeric characters
-		 */
-		if (!empty($downloadStartSecret)
-			&& !isset($downloadStartSecret[32])
-			&& preg_match('!^[a-zA-Z0-9]+$!', $downloadStartSecret) === 1) {
-
-			// FIXME: set on the response once we use an actual app framework response
-			setcookie('ocDownloadStarted', $downloadStartSecret, time() + 20, '/');
-		}
-
-		$this->emitAccessShareHook($share);
-
-		$server_params = array( 'head' => $this->request->getMethod() == 'HEAD' );
-
-		/**
-		 * Http range requests support
-		 */
-		if (isset($_SERVER['HTTP_RANGE'])) {
-			$server_params['range'] = $this->request->getHeader('Range');
-		}
-
-		// download selected files
-		if (!is_null($files) && $files !== '') {
-			// FIXME: The exit is required here because otherwise the AppFramework is trying to add headers as well
-			// after dispatching the request which results in a "Cannot modify header information" notice.
-			OC_Files::get($originalSharePath, $files_list, $server_params);
-			exit();
-		} else {
-			// FIXME: The exit is required here because otherwise the AppFramework is trying to add headers as well
-			// after dispatching the request which results in a "Cannot modify header information" notice.
-			OC_Files::get(dirname($originalSharePath), basename($originalSharePath), $server_params);
-			exit();
-		}
-	}
-
-	/**
-	 * create activity for every downloaded file
-	 *
-	 * @param Share\IShare $share
-	 * @param array $files_list
-	 * @param \OCP\Files\Folder $node
-	 */
-	protected function fileListDownloaded(Share\IShare $share, array $files_list, \OCP\Files\Folder $node) {
-		foreach ($files_list as $file) {
-			$subNode = $node->get($file);
-			$this->singleFileDownloaded($share, $subNode);
-		}
-
-	}
-
-	/**
-	 * create activity if a single file was downloaded from a link share
-	 *
-	 * @param Share\IShare $share
-	 */
-	protected function singleFileDownloaded(Share\IShare $share, \OCP\Files\Node $node) {
-
-		$fileId = $node->getId();
-
-		$userFolder = $this->rootFolder->getUserFolder($share->getSharedBy());
-		$userNodeList = $userFolder->getById($fileId);
-		$userNode = $userNodeList[0];
-		$ownerFolder = $this->rootFolder->getUserFolder($share->getShareOwner());
-		$userPath = $userFolder->getRelativePath($userNode->getPath());
-		$ownerPath = $ownerFolder->getRelativePath($node->getPath());
-
-		$parameters = [$userPath];
-
-		if ($share->getShareType() === \OCP\Share::SHARE_TYPE_EMAIL) {
-			if ($node instanceof \OCP\Files\File) {
-				$subject = Downloads::SUBJECT_SHARED_FILE_BY_EMAIL_DOWNLOADED;
-			} else {
-				$subject = Downloads::SUBJECT_SHARED_FOLDER_BY_EMAIL_DOWNLOADED;
-			}
-			$parameters[] = $share->getSharedWith();
-		} else {
-			if ($node instanceof \OCP\Files\File) {
-				$subject = Downloads::SUBJECT_PUBLIC_SHARED_FILE_DOWNLOADED;
-			} else {
-				$subject = Downloads::SUBJECT_PUBLIC_SHARED_FOLDER_DOWNLOADED;
-			}
-		}
-
-		$this->publishActivity($subject, $parameters, $share->getSharedBy(), $fileId, $userPath);
-
-		if ($share->getShareOwner() !== $share->getSharedBy()) {
-			$parameters[0] = $ownerPath;
-			$this->publishActivity($subject, $parameters, $share->getShareOwner(), $fileId, $ownerPath);
-		}
-	}
-
-	/**
-	 * publish activity
-	 *
-	 * @param string $subject
-	 * @param array $parameters
-	 * @param string $affectedUser
-	 * @param int $fileId
-	 * @param string $filePath
-	 */
-	protected function publishActivity($subject,
-										array $parameters,
-										$affectedUser,
-										$fileId,
-										$filePath) {
-
-		$event = $this->activityManager->generateEvent();
-		$event->setApp('files_sharing')
-			->setType('public_links')
-			->setSubject($subject, $parameters)
-			->setAffectedUser($affectedUser)
-			->setObject('files', $fileId, $filePath);
-		$this->activityManager->publish($event);
-	}
+            $freeSpace = $share->getNode()->getStorage()->free_space($share->getNode()->getInternalPath());
+            if ($freeSpace < \OCP\Files\FileInfo::SPACE_UNLIMITED) {
+                $freeSpace = max($freeSpace, 0);
+            } else {
+                $freeSpace = (INF > 0) ? INF: PHP_INT_MAX; // work around https://bugs.php.net/bug.php?id=69188
+            }
+
+            $hideFileList = $share->getPermissions() & \OCP\Constants::PERMISSION_READ ? false : true;
+            $maxUploadFilesize = $freeSpace;
+
+            $folder = new Template('files', 'list', '');
+            $folder->assign('dir', $rootFolder->getRelativePath($folderNode->getPath()));
+            $folder->assign('dirToken', $token);
+            $folder->assign('permissions', \OCP\Constants::PERMISSION_READ);
+            $folder->assign('isPublic', true);
+            $folder->assign('hideFileList', $hideFileList);
+            $folder->assign('publicUploadEnabled', 'no');
+            $folder->assign('uploadMaxFilesize', $maxUploadFilesize);
+            $folder->assign('uploadMaxHumanFilesize', \OCP\Util::humanFileSize($maxUploadFilesize));
+            $folder->assign('freeSpace', $freeSpace);
+            $folder->assign('usedSpacePercent', 0);
+            $folder->assign('trash', false);
+            $shareTmpl['folder'] = $folder->fetchPage();
+        }
+
+        $shareTmpl['hideFileList'] = $hideFileList;
+        $shareTmpl['shareOwner'] = $this->userManager->get($share->getShareOwner())->getDisplayName();
+        $shareTmpl['downloadURL'] = $this->urlGenerator->linkToRouteAbsolute('files_sharing.sharecontroller.downloadShare', ['token' => $token]);
+        $shareTmpl['shareUrl'] = $this->urlGenerator->linkToRouteAbsolute('files_sharing.sharecontroller.showShare', ['token' => $token]);
+        $shareTmpl['maxSizeAnimateGif'] = $this->config->getSystemValue('max_filesize_animated_gifs_public_sharing', 10);
+        $shareTmpl['previewEnabled'] = $this->config->getSystemValue('enable_previews', true);
+        $shareTmpl['previewMaxX'] = $this->config->getSystemValue('preview_max_x', 1024);
+        $shareTmpl['previewMaxY'] = $this->config->getSystemValue('preview_max_y', 1024);
+        $shareTmpl['disclaimer'] = $this->config->getAppValue('core', 'shareapi_public_link_disclaimertext', null);
+        if ($shareTmpl['previewSupported']) {
+            $shareTmpl['previewImage'] = $this->urlGenerator->linkToRouteAbsolute( 'files_sharing.PublicPreview.getPreview',
+                ['x' => 200, 'y' => 200, 'file' => $shareTmpl['directory_path'], 't' => $shareTmpl['dirToken']]);
+        } else {
+            $shareTmpl['previewImage'] = $this->urlGenerator->getAbsoluteURL($this->urlGenerator->imagePath('core', 'favicon-fb.png'));
+        }
+
+        // Load files we need
+        \OCP\Util::addScript('files', 'file-upload');
+        \OCP\Util::addStyle('files_sharing', 'publicView');
+        \OCP\Util::addScript('files_sharing', 'public');
+        \OCP\Util::addScript('files', 'fileactions');
+        \OCP\Util::addScript('files', 'fileactionsmenu');
+        \OCP\Util::addScript('files', 'jquery.fileupload');
+        \OCP\Util::addScript('files_sharing', 'files_drop');
+
+        if (isset($shareTmpl['folder'])) {
+            // JS required for folders
+            \OCP\Util::addStyle('files', 'merged');
+            \OCP\Util::addScript('files', 'filesummary');
+            \OCP\Util::addScript('files', 'breadcrumb');
+            \OCP\Util::addScript('files', 'fileinfomodel');
+            \OCP\Util::addScript('files', 'newfilemenu');
+            \OCP\Util::addScript('files', 'files');
+            \OCP\Util::addScript('files', 'filelist');
+            \OCP\Util::addScript('files', 'keyboardshortcuts');
+        }
+
+        // OpenGraph Support: http://ogp.me/
+        \OCP\Util::addHeader('meta', ['property' => "og:title", 'content' => $this->defaults->getName() . ' - ' . $this->defaults->getSlogan()]);
+        \OCP\Util::addHeader('meta', ['property' => "og:description", 'content' => $this->l10n->t('%s is publicly shared', [$shareTmpl['filename']])]);
+        \OCP\Util::addHeader('meta', ['property' => "og:site_name", 'content' => $this->defaults->getName()]);
+        \OCP\Util::addHeader('meta', ['property' => "og:url", 'content' => $shareTmpl['shareUrl']]);
+        \OCP\Util::addHeader('meta', ['property' => "og:type", 'content' => "object"]);
+        \OCP\Util::addHeader('meta', ['property' => "og:image", 'content' => $shareTmpl['previewImage']]);
+
+        $this->eventDispatcher->dispatch('OCA\Files_Sharing::loadAdditionalScripts');
+
+        $csp = new \OCP\AppFramework\Http\ContentSecurityPolicy();
+        $csp->addAllowedFrameDomain('\'self\'');
+        $response = new TemplateResponse($this->appName, 'public', $shareTmpl, 'base');
+        $response->setContentSecurityPolicy($csp);
+
+        $this->emitAccessShareHook($share);
+
+        return $response;
+    }
+
+    /**
+     * @PublicPage
+     * @NoCSRFRequired
+     *
+     * @param string $token
+     * @param string $files
+     * @param string $path
+     * @param string $downloadStartSecret
+     * @return void|\OCP\AppFramework\Http\Response
+     * @throws NotFoundException
+     */
+    public function downloadShare($token, $files = null, $path = '', $downloadStartSecret = '') {
+        \OC_User::setIncognitoMode(true);
+
+        $share = $this->shareManager->getShareByToken($token);
+
+        if(!($share->getPermissions() & \OCP\Constants::PERMISSION_READ)) {
+            return new \OCP\AppFramework\Http\DataResponse('Share is read-only');
+        }
+
+        // Share is password protected - check whether the user is permitted to access the share
+        if ($share->getPassword() !== null && !$this->linkShareAuth($share)) {
+            return new RedirectResponse($this->urlGenerator->linkToRoute('files_sharing.sharecontroller.authenticate',
+                ['token' => $token]));
+        }
+
+        $files_list = null;
+        if (!is_null($files)) { // download selected files
+            $files_list = json_decode($files);
+            // in case we get only a single file
+            if ($files_list === null) {
+                $files_list = [$files];
+            }
+        }
+
+        $userFolder = $this->rootFolder->getUserFolder($share->getShareOwner());
+        $originalSharePath = $userFolder->getRelativePath($share->getNode()->getPath());
+
+        if (!$this->validateShare($share)) {
+            throw new NotFoundException();
+        }
+
+        // Single file share
+        if ($share->getNode() instanceof \OCP\Files\File) {
+            // Single file download
+            $this->singleFileDownloaded($share, $share->getNode());
+        }
+        // Directory share
+        else {
+            /** @var \OCP\Files\Folder $node */
+            $node = $share->getNode();
+
+            // Try to get the path
+            if ($path !== '') {
+                try {
+                    $node = $node->get($path);
+                } catch (NotFoundException $e) {
+                    $this->emitAccessShareHook($share, 404, 'Share not found');
+                    return new NotFoundResponse();
+                }
+            }
+
+            $originalSharePath = $userFolder->getRelativePath($node->getPath());
+
+            if ($node instanceof \OCP\Files\File) {
+                // Single file download
+                $this->singleFileDownloaded($share, $share->getNode());
+            } else if (!empty($files_list)) {
+                $this->fileListDownloaded($share, $files_list, $node);
+            } else {
+                // The folder is downloaded
+                $this->singleFileDownloaded($share, $share->getNode());
+            }
+        }
+
+        /* FIXME: We should do this all nicely in OCP */
+        OC_Util::tearDownFS();
+        OC_Util::setupFS($share->getShareOwner());
+
+        /**
+         * this sets a cookie to be able to recognize the start of the download
+         * the content must not be longer than 32 characters and must only contain
+         * alphanumeric characters
+         */
+        if (!empty($downloadStartSecret)
+            && !isset($downloadStartSecret[32])
+            && preg_match('!^[a-zA-Z0-9]+$!', $downloadStartSecret) === 1) {
+
+            // FIXME: set on the response once we use an actual app framework response
+            setcookie('ocDownloadStarted', $downloadStartSecret, time() + 20, '/');
+        }
+
+        $this->emitAccessShareHook($share);
+
+        $server_params = array( 'head' => $this->request->getMethod() == 'HEAD' );
+
+        /**
+         * Http range requests support
+         */
+        if (isset($_SERVER['HTTP_RANGE'])) {
+            $server_params['range'] = $this->request->getHeader('Range');
+        }
+
+        // download selected files
+        if (!is_null($files) && $files !== '') {
+            // FIXME: The exit is required here because otherwise the AppFramework is trying to add headers as well
+            // after dispatching the request which results in a "Cannot modify header information" notice.
+            OC_Files::get($originalSharePath, $files_list, $server_params);
+            exit();
+        } else {
+            // FIXME: The exit is required here because otherwise the AppFramework is trying to add headers as well
+            // after dispatching the request which results in a "Cannot modify header information" notice.
+            OC_Files::get(dirname($originalSharePath), basename($originalSharePath), $server_params);
+            exit();
+        }
+    }
+
+    /**
+     * create activity for every downloaded file
+     *
+     * @param Share\IShare $share
+     * @param array $files_list
+     * @param \OCP\Files\Folder $node
+     */
+    protected function fileListDownloaded(Share\IShare $share, array $files_list, \OCP\Files\Folder $node) {
+        foreach ($files_list as $file) {
+            $subNode = $node->get($file);
+            $this->singleFileDownloaded($share, $subNode);
+        }
+
+    }
+
+    /**
+     * create activity if a single file was downloaded from a link share
+     *
+     * @param Share\IShare $share
+     */
+    protected function singleFileDownloaded(Share\IShare $share, \OCP\Files\Node $node) {
+
+        $fileId = $node->getId();
+
+        $userFolder = $this->rootFolder->getUserFolder($share->getSharedBy());
+        $userNodeList = $userFolder->getById($fileId);
+        $userNode = $userNodeList[0];
+        $ownerFolder = $this->rootFolder->getUserFolder($share->getShareOwner());
+        $userPath = $userFolder->getRelativePath($userNode->getPath());
+        $ownerPath = $ownerFolder->getRelativePath($node->getPath());
+
+        $parameters = [$userPath];
+
+        if ($share->getShareType() === \OCP\Share::SHARE_TYPE_EMAIL) {
+            if ($node instanceof \OCP\Files\File) {
+                $subject = Downloads::SUBJECT_SHARED_FILE_BY_EMAIL_DOWNLOADED;
+            } else {
+                $subject = Downloads::SUBJECT_SHARED_FOLDER_BY_EMAIL_DOWNLOADED;
+            }
+            $parameters[] = $share->getSharedWith();
+        } else {
+            if ($node instanceof \OCP\Files\File) {
+                $subject = Downloads::SUBJECT_PUBLIC_SHARED_FILE_DOWNLOADED;
+            } else {
+                $subject = Downloads::SUBJECT_PUBLIC_SHARED_FOLDER_DOWNLOADED;
+            }
+        }
+
+        $this->publishActivity($subject, $parameters, $share->getSharedBy(), $fileId, $userPath);
+
+        if ($share->getShareOwner() !== $share->getSharedBy()) {
+            $parameters[0] = $ownerPath;
+            $this->publishActivity($subject, $parameters, $share->getShareOwner(), $fileId, $ownerPath);
+        }
+    }
+
+    /**
+     * publish activity
+     *
+     * @param string $subject
+     * @param array $parameters
+     * @param string $affectedUser
+     * @param int $fileId
+     * @param string $filePath
+     */
+    protected function publishActivity($subject,
+                                        array $parameters,
+                                        $affectedUser,
+                                        $fileId,
+                                        $filePath) {
+
+        $event = $this->activityManager->generateEvent();
+        $event->setApp('files_sharing')
+            ->setType('public_links')
+            ->setSubject($subject, $parameters)
+            ->setAffectedUser($affectedUser)
+            ->setObject('files', $fileId, $filePath);
+        $this->activityManager->publish($event);
+    }
 
 
 }

apps/federatedfilesharing/lib/Controller/MountPublicLinkController.php

Indentation +280 added lines, -280 removed lines

@@ -54,285 +54,285 @@
  */
 class MountPublicLinkController extends Controller {
 
-	/** @var FederatedShareProvider */
-	private $federatedShareProvider;
-
-	/** @var AddressHandler */
-	private $addressHandler;
-
-	/** @var IManager  */
-	private $shareManager;
-
-	/** @var  ISession */
-	private $session;
-
-	/** @var IL10N */
-	private $l;
-
-	/** @var IUserSession */
-	private $userSession;
-
-	/** @var IClientService */
-	private $clientService;
-
-	/** @var ICloudIdManager  */
-	private $cloudIdManager;
-
-	/**
-	 * MountPublicLinkController constructor.
-	 *
-	 * @param string $appName
-	 * @param IRequest $request
-	 * @param FederatedShareProvider $federatedShareProvider
-	 * @param IManager $shareManager
-	 * @param AddressHandler $addressHandler
-	 * @param ISession $session
-	 * @param IL10N $l
-	 * @param IUserSession $userSession
-	 * @param IClientService $clientService
-	 * @param ICloudIdManager $cloudIdManager
-	 */
-	public function __construct($appName,
-								IRequest $request,
-								FederatedShareProvider $federatedShareProvider,
-								IManager $shareManager,
-								AddressHandler $addressHandler,
-								ISession $session,
-								IL10N $l,
-								IUserSession $userSession,
-								IClientService $clientService,
-								ICloudIdManager $cloudIdManager
-	) {
-		parent::__construct($appName, $request);
-
-		$this->federatedShareProvider = $federatedShareProvider;
-		$this->shareManager = $shareManager;
-		$this->addressHandler = $addressHandler;
-		$this->session = $session;
-		$this->l = $l;
-		$this->userSession = $userSession;
-		$this->clientService = $clientService;
-		$this->cloudIdManager = $cloudIdManager;
-	}
-
-	/**
-	 * send federated share to a user of a public link
-	 *
-	 * @NoCSRFRequired
-	 * @PublicPage
-	 * @BruteForceProtection(action=publicLink2FederatedShare)
-	 *
-	 * @param string $shareWith
-	 * @param string $token
-	 * @param string $password
-	 * @return JSONResponse
-	 */
-	public function createFederatedShare($shareWith, $token, $password = '') {
-
-		if (!$this->federatedShareProvider->isOutgoingServer2serverShareEnabled()) {
-			return new JSONResponse(
-				['message' => 'This server doesn\'t support outgoing federated shares'],
-				Http::STATUS_BAD_REQUEST
-			);
-		}
-
-		try {
-			list(, $server) = $this->addressHandler->splitUserRemote($shareWith);
-			$share = $this->shareManager->getShareByToken($token);
-		} catch (HintException $e) {
-			return new JSONResponse(['message' => $e->getHint()], Http::STATUS_BAD_REQUEST);
-		}
-
-		// make sure that user is authenticated in case of a password protected link
-		$storedPassword = $share->getPassword();
-		$authenticated = $this->session->get('public_link_authenticated') === $share->getId() ||
-			$this->shareManager->checkPassword($share, $password);
-		if (!empty($storedPassword) && !$authenticated ) {
-			$response = new JSONResponse(
-				['message' => 'No permission to access the share'],
-				Http::STATUS_BAD_REQUEST
-			);
-			$response->throttle();
-			return $response;
-		}
-
-		$share->setSharedWith($shareWith);
-
-		try {
-			$this->federatedShareProvider->create($share);
-		} catch (\Exception $e) {
-			return new JSONResponse(['message' => $e->getMessage()], Http::STATUS_BAD_REQUEST);
-		}
-
-		return new JSONResponse(['remoteUrl' => $server]);
-	}
-
-	/**
-	 * ask other server to get a federated share
-	 *
-	 * @NoAdminRequired
-	 *
-	 * @param string $token
-	 * @param string $remote
-	 * @param string $password
-	 * @param string $owner (only for legacy reasons, can be removed with legacyMountPublicLink())
-	 * @param string $ownerDisplayName (only for legacy reasons, can be removed with legacyMountPublicLink())
-	 * @param string $name (only for legacy reasons, can be removed with legacyMountPublicLink())
-	 * @return JSONResponse
-	 */
-	public function askForFederatedShare($token, $remote, $password = '', $owner = '', $ownerDisplayName = '', $name = '') {
-		// check if server admin allows to mount public links from other servers
-		if ($this->federatedShareProvider->isIncomingServer2serverShareEnabled() === false) {
-			return new JSONResponse(['message' => $this->l->t('Server to server sharing is not enabled on this server')], Http::STATUS_BAD_REQUEST);
-		}
-
-		$cloudId = $this->cloudIdManager->getCloudId($this->userSession->getUser()->getUID(), $this->addressHandler->generateRemoteURL());
-
-		$httpClient = $this->clientService->newClient();
-
-		try {
-			$response = $httpClient->post($remote . '/index.php/apps/federatedfilesharing/createFederatedShare',
-				[
-					'body' =>
-						[
-							'token' => $token,
-							'shareWith' => rtrim($cloudId->getId(), '/'),
-							'password' => $password
-						],
-					'connect_timeout' => 10,
-				]
-			);
-		} catch (\Exception $e) {
-			if (empty($password)) {
-				$message = $this->l->t("Couldn't establish a federated share.");
-			} else {
-				$message = $this->l->t("Couldn't establish a federated share, maybe the password was wrong.");
-			}
-			return new JSONResponse(['message' => $message], Http::STATUS_BAD_REQUEST);
-		}
-
-		$body = $response->getBody();
-		$result = json_decode($body, true);
-
-		if (is_array($result) && isset($result['remoteUrl'])) {
-			return new JSONResponse(['message' => $this->l->t('Federated Share request was successful, you will receive a invitation. Check your notifications.')]);
-		}
-
-		// if we doesn't get the expected response we assume that we try to add
-		// a federated share from a Nextcloud <= 9 server
-		return $this->legacyMountPublicLink($token, $remote, $password, $name, $owner, $ownerDisplayName);
-	}
-
-	/**
-	 * Allow Nextcloud to mount a public link directly
-	 *
-	 * This code was copied from the apps/files_sharing/ajax/external.php with
-	 * minimal changes, just to guarantee backward compatibility
-	 *
-	 * ToDo: Remove this method once Nextcloud 9 reaches end of life
-	 *
-	 * @param string $token
-	 * @param string $remote
-	 * @param string $password
-	 * @param string $name
-	 * @param string $owner
-	 * @param string $ownerDisplayName
-	 * @return JSONResponse
-	 */
-	private function legacyMountPublicLink($token, $remote, $password, $name, $owner, $ownerDisplayName) {
-
-		// Check for invalid name
-		if (!Util::isValidFileName($name)) {
-			return new JSONResponse(['message' => $this->l->t('The mountpoint name contains invalid characters.')], Http::STATUS_BAD_REQUEST);
-		}
-		$currentUser = $this->userSession->getUser()->getUID();
-		$currentServer = $this->addressHandler->generateRemoteURL();
-		if (Helper::isSameUserOnSameServer($owner, $remote, $currentUser, $currentServer)) {
-			return new JSONResponse(['message' => $this->l->t('Not allowed to create a federated share with the owner.')], Http::STATUS_BAD_REQUEST);
-		}
-		$externalManager = new Manager(
-			\OC::$server->getDatabaseConnection(),
-			Filesystem::getMountManager(),
-			Filesystem::getLoader(),
-			\OC::$server->getHTTPClientService(),
-			\OC::$server->getNotificationManager(),
-			\OC::$server->query(\OCP\OCS\IDiscoveryService::class),
-			\OC::$server->getUserSession()->getUser()->getUID()
-		);
-
-		// check for ssl cert
-
-		if (strpos($remote, 'https') === 0) {
-			try {
-				$client = $this->clientService->newClient();
-				$client->get($remote, [
-					'timeout' => 10,
-					'connect_timeout' => 10,
-				])->getBody();
-			} catch (\Exception $e) {
-				return new JSONResponse(['message' => $this->l->t('Invalid or untrusted SSL certificate')], Http::STATUS_BAD_REQUEST);
-			}
-		}
-		$mount = $externalManager->addShare($remote, $token, $password, $name, $ownerDisplayName, true);
-		/**
-		 * @var \OCA\Files_Sharing\External\Storage $storage
-		 */
-		$storage = $mount->getStorage();
-		try {
-			// check if storage exists
-			$storage->checkStorageAvailability();
-		} catch (StorageInvalidException $e) {
-			// note: checkStorageAvailability will already remove the invalid share
-			Util::writeLog(
-				'federatedfilesharing',
-				'Invalid remote storage: ' . get_class($e) . ': ' . $e->getMessage(),
-				Util::DEBUG
-			);
-			return new JSONResponse(['message' => $this->l->t('Could not authenticate to remote share, password might be wrong')], Http::STATUS_BAD_REQUEST);
-		} catch (\Exception $e) {
-			Util::writeLog(
-				'federatedfilesharing',
-				'Invalid remote storage: ' . get_class($e) . ': ' . $e->getMessage(),
-				Util::DEBUG
-			);
-			$externalManager->removeShare($mount->getMountPoint());
-			return new JSONResponse(['message' => $this->l->t('Storage not valid')], Http::STATUS_BAD_REQUEST);
-		}
-		$result = $storage->file_exists('');
-		if ($result) {
-			try {
-				$storage->getScanner()->scanAll();
-				return new JSONResponse(
-					[
-						'message' => $this->l->t('Federated Share successfully added'),
-						'legacyMount' => '1'
-					]
-				);
-			} catch (StorageInvalidException $e) {
-				Util::writeLog(
-					'federatedfilesharing',
-					'Invalid remote storage: ' . get_class($e) . ': ' . $e->getMessage(),
-					Util::DEBUG
-				);
-				return new JSONResponse(['message' => $this->l->t('Storage not valid')], Http::STATUS_BAD_REQUEST);
-			} catch (\Exception $e) {
-				Util::writeLog(
-					'federatedfilesharing',
-					'Invalid remote storage: ' . get_class($e) . ': ' . $e->getMessage(),
-					Util::DEBUG
-				);
-				return new JSONResponse(['message' => $this->l->t('Couldn\'t add remote share')], Http::STATUS_BAD_REQUEST);
-			}
-		} else {
-			$externalManager->removeShare($mount->getMountPoint());
-			Util::writeLog(
-				'federatedfilesharing',
-				'Couldn\'t add remote share',
-				Util::DEBUG
-			);
-			return new JSONResponse(['message' => $this->l->t('Couldn\'t add remote share')], Http::STATUS_BAD_REQUEST);
-		}
-
-	}
+    /** @var FederatedShareProvider */
+    private $federatedShareProvider;
+
+    /** @var AddressHandler */
+    private $addressHandler;
+
+    /** @var IManager  */
+    private $shareManager;
+
+    /** @var  ISession */
+    private $session;
+
+    /** @var IL10N */
+    private $l;
+
+    /** @var IUserSession */
+    private $userSession;
+
+    /** @var IClientService */
+    private $clientService;
+
+    /** @var ICloudIdManager  */
+    private $cloudIdManager;
+
+    /**
+     * MountPublicLinkController constructor.
+     *
+     * @param string $appName
+     * @param IRequest $request
+     * @param FederatedShareProvider $federatedShareProvider
+     * @param IManager $shareManager
+     * @param AddressHandler $addressHandler
+     * @param ISession $session
+     * @param IL10N $l
+     * @param IUserSession $userSession
+     * @param IClientService $clientService
+     * @param ICloudIdManager $cloudIdManager
+     */
+    public function __construct($appName,
+                                IRequest $request,
+                                FederatedShareProvider $federatedShareProvider,
+                                IManager $shareManager,
+                                AddressHandler $addressHandler,
+                                ISession $session,
+                                IL10N $l,
+                                IUserSession $userSession,
+                                IClientService $clientService,
+                                ICloudIdManager $cloudIdManager
+    ) {
+        parent::__construct($appName, $request);
+
+        $this->federatedShareProvider = $federatedShareProvider;
+        $this->shareManager = $shareManager;
+        $this->addressHandler = $addressHandler;
+        $this->session = $session;
+        $this->l = $l;
+        $this->userSession = $userSession;
+        $this->clientService = $clientService;
+        $this->cloudIdManager = $cloudIdManager;
+    }
+
+    /**
+     * send federated share to a user of a public link
+     *
+     * @NoCSRFRequired
+     * @PublicPage
+     * @BruteForceProtection(action=publicLink2FederatedShare)
+     *
+     * @param string $shareWith
+     * @param string $token
+     * @param string $password
+     * @return JSONResponse
+     */
+    public function createFederatedShare($shareWith, $token, $password = '') {
+
+        if (!$this->federatedShareProvider->isOutgoingServer2serverShareEnabled()) {
+            return new JSONResponse(
+                ['message' => 'This server doesn\'t support outgoing federated shares'],
+                Http::STATUS_BAD_REQUEST
+            );
+        }
+
+        try {
+            list(, $server) = $this->addressHandler->splitUserRemote($shareWith);
+            $share = $this->shareManager->getShareByToken($token);
+        } catch (HintException $e) {
+            return new JSONResponse(['message' => $e->getHint()], Http::STATUS_BAD_REQUEST);
+        }
+
+        // make sure that user is authenticated in case of a password protected link
+        $storedPassword = $share->getPassword();
+        $authenticated = $this->session->get('public_link_authenticated') === $share->getId() ||
+            $this->shareManager->checkPassword($share, $password);
+        if (!empty($storedPassword) && !$authenticated ) {
+            $response = new JSONResponse(
+                ['message' => 'No permission to access the share'],
+                Http::STATUS_BAD_REQUEST
+            );
+            $response->throttle();
+            return $response;
+        }
+
+        $share->setSharedWith($shareWith);
+
+        try {
+            $this->federatedShareProvider->create($share);
+        } catch (\Exception $e) {
+            return new JSONResponse(['message' => $e->getMessage()], Http::STATUS_BAD_REQUEST);
+        }
+
+        return new JSONResponse(['remoteUrl' => $server]);
+    }
+
+    /**
+     * ask other server to get a federated share
+     *
+     * @NoAdminRequired
+     *
+     * @param string $token
+     * @param string $remote
+     * @param string $password
+     * @param string $owner (only for legacy reasons, can be removed with legacyMountPublicLink())
+     * @param string $ownerDisplayName (only for legacy reasons, can be removed with legacyMountPublicLink())
+     * @param string $name (only for legacy reasons, can be removed with legacyMountPublicLink())
+     * @return JSONResponse
+     */
+    public function askForFederatedShare($token, $remote, $password = '', $owner = '', $ownerDisplayName = '', $name = '') {
+        // check if server admin allows to mount public links from other servers
+        if ($this->federatedShareProvider->isIncomingServer2serverShareEnabled() === false) {
+            return new JSONResponse(['message' => $this->l->t('Server to server sharing is not enabled on this server')], Http::STATUS_BAD_REQUEST);
+        }
+
+        $cloudId = $this->cloudIdManager->getCloudId($this->userSession->getUser()->getUID(), $this->addressHandler->generateRemoteURL());
+
+        $httpClient = $this->clientService->newClient();
+
+        try {
+            $response = $httpClient->post($remote . '/index.php/apps/federatedfilesharing/createFederatedShare',
+                [
+                    'body' =>
+                        [
+                            'token' => $token,
+                            'shareWith' => rtrim($cloudId->getId(), '/'),
+                            'password' => $password
+                        ],
+                    'connect_timeout' => 10,
+                ]
+            );
+        } catch (\Exception $e) {
+            if (empty($password)) {
+                $message = $this->l->t("Couldn't establish a federated share.");
+            } else {
+                $message = $this->l->t("Couldn't establish a federated share, maybe the password was wrong.");
+            }
+            return new JSONResponse(['message' => $message], Http::STATUS_BAD_REQUEST);
+        }
+
+        $body = $response->getBody();
+        $result = json_decode($body, true);
+
+        if (is_array($result) && isset($result['remoteUrl'])) {
+            return new JSONResponse(['message' => $this->l->t('Federated Share request was successful, you will receive a invitation. Check your notifications.')]);
+        }
+
+        // if we doesn't get the expected response we assume that we try to add
+        // a federated share from a Nextcloud <= 9 server
+        return $this->legacyMountPublicLink($token, $remote, $password, $name, $owner, $ownerDisplayName);
+    }
+
+    /**
+     * Allow Nextcloud to mount a public link directly
+     *
+     * This code was copied from the apps/files_sharing/ajax/external.php with
+     * minimal changes, just to guarantee backward compatibility
+     *
+     * ToDo: Remove this method once Nextcloud 9 reaches end of life
+     *
+     * @param string $token
+     * @param string $remote
+     * @param string $password
+     * @param string $name
+     * @param string $owner
+     * @param string $ownerDisplayName
+     * @return JSONResponse
+     */
+    private function legacyMountPublicLink($token, $remote, $password, $name, $owner, $ownerDisplayName) {
+
+        // Check for invalid name
+        if (!Util::isValidFileName($name)) {
+            return new JSONResponse(['message' => $this->l->t('The mountpoint name contains invalid characters.')], Http::STATUS_BAD_REQUEST);
+        }
+        $currentUser = $this->userSession->getUser()->getUID();
+        $currentServer = $this->addressHandler->generateRemoteURL();
+        if (Helper::isSameUserOnSameServer($owner, $remote, $currentUser, $currentServer)) {
+            return new JSONResponse(['message' => $this->l->t('Not allowed to create a federated share with the owner.')], Http::STATUS_BAD_REQUEST);
+        }
+        $externalManager = new Manager(
+            \OC::$server->getDatabaseConnection(),
+            Filesystem::getMountManager(),
+            Filesystem::getLoader(),
+            \OC::$server->getHTTPClientService(),
+            \OC::$server->getNotificationManager(),
+            \OC::$server->query(\OCP\OCS\IDiscoveryService::class),
+            \OC::$server->getUserSession()->getUser()->getUID()
+        );
+
+        // check for ssl cert
+
+        if (strpos($remote, 'https') === 0) {
+            try {
+                $client = $this->clientService->newClient();
+                $client->get($remote, [
+                    'timeout' => 10,
+                    'connect_timeout' => 10,
+                ])->getBody();
+            } catch (\Exception $e) {
+                return new JSONResponse(['message' => $this->l->t('Invalid or untrusted SSL certificate')], Http::STATUS_BAD_REQUEST);
+            }
+        }
+        $mount = $externalManager->addShare($remote, $token, $password, $name, $ownerDisplayName, true);
+        /**
+         * @var \OCA\Files_Sharing\External\Storage $storage
+         */
+        $storage = $mount->getStorage();
+        try {
+            // check if storage exists
+            $storage->checkStorageAvailability();
+        } catch (StorageInvalidException $e) {
+            // note: checkStorageAvailability will already remove the invalid share
+            Util::writeLog(
+                'federatedfilesharing',
+                'Invalid remote storage: ' . get_class($e) . ': ' . $e->getMessage(),
+                Util::DEBUG
+            );
+            return new JSONResponse(['message' => $this->l->t('Could not authenticate to remote share, password might be wrong')], Http::STATUS_BAD_REQUEST);
+        } catch (\Exception $e) {
+            Util::writeLog(
+                'federatedfilesharing',
+                'Invalid remote storage: ' . get_class($e) . ': ' . $e->getMessage(),
+                Util::DEBUG
+            );
+            $externalManager->removeShare($mount->getMountPoint());
+            return new JSONResponse(['message' => $this->l->t('Storage not valid')], Http::STATUS_BAD_REQUEST);
+        }
+        $result = $storage->file_exists('');
+        if ($result) {
+            try {
+                $storage->getScanner()->scanAll();
+                return new JSONResponse(
+                    [
+                        'message' => $this->l->t('Federated Share successfully added'),
+                        'legacyMount' => '1'
+                    ]
+                );
+            } catch (StorageInvalidException $e) {
+                Util::writeLog(
+                    'federatedfilesharing',
+                    'Invalid remote storage: ' . get_class($e) . ': ' . $e->getMessage(),
+                    Util::DEBUG
+                );
+                return new JSONResponse(['message' => $this->l->t('Storage not valid')], Http::STATUS_BAD_REQUEST);
+            } catch (\Exception $e) {
+                Util::writeLog(
+                    'federatedfilesharing',
+                    'Invalid remote storage: ' . get_class($e) . ': ' . $e->getMessage(),
+                    Util::DEBUG
+                );
+                return new JSONResponse(['message' => $this->l->t('Couldn\'t add remote share')], Http::STATUS_BAD_REQUEST);
+            }
+        } else {
+            $externalManager->removeShare($mount->getMountPoint());
+            Util::writeLog(
+                'federatedfilesharing',
+                'Couldn\'t add remote share',
+                Util::DEBUG
+            );
+            return new JSONResponse(['message' => $this->l->t('Couldn\'t add remote share')], Http::STATUS_BAD_REQUEST);
+        }
+
+    }
 
 }

Spacing +6 added lines, -6 removed lines

@@ -147,7 +147,7 @@ 
 		$storedPassword = $share->getPassword();
 		$authenticated = $this->session->get('public_link_authenticated') === $share->getId() ||
 			$this->shareManager->checkPassword($share, $password);
-		if (!empty($storedPassword) && !$authenticated ) {
+		if (!empty($storedPassword) && !$authenticated) {
 			$response = new JSONResponse(
 				['message' => 'No permission to access the share'],
 				Http::STATUS_BAD_REQUEST
@@ -191,7 +191,7 @@ 
 		$httpClient = $this->clientService->newClient();
 
 		try {
-			$response = $httpClient->post($remote . '/index.php/apps/federatedfilesharing/createFederatedShare',
+			$response = $httpClient->post($remote.'/index.php/apps/federatedfilesharing/createFederatedShare',
 				[
 					'body' =>
 						[
@@ -285,14 +285,14 @@ 
 			// note: checkStorageAvailability will already remove the invalid share
 			Util::writeLog(
 				'federatedfilesharing',
-				'Invalid remote storage: ' . get_class($e) . ': ' . $e->getMessage(),
+				'Invalid remote storage: '.get_class($e).': '.$e->getMessage(),
 				Util::DEBUG
 			);
 			return new JSONResponse(['message' => $this->l->t('Could not authenticate to remote share, password might be wrong')], Http::STATUS_BAD_REQUEST);
 		} catch (\Exception $e) {
 			Util::writeLog(
 				'federatedfilesharing',
-				'Invalid remote storage: ' . get_class($e) . ': ' . $e->getMessage(),
+				'Invalid remote storage: '.get_class($e).': '.$e->getMessage(),
 				Util::DEBUG
 			);
 			$externalManager->removeShare($mount->getMountPoint());
@@ -311,14 +311,14 @@ 
 			} catch (StorageInvalidException $e) {
 				Util::writeLog(
 					'federatedfilesharing',
-					'Invalid remote storage: ' . get_class($e) . ': ' . $e->getMessage(),
+					'Invalid remote storage: '.get_class($e).': '.$e->getMessage(),
 					Util::DEBUG
 				);
 				return new JSONResponse(['message' => $this->l->t('Storage not valid')], Http::STATUS_BAD_REQUEST);
 			} catch (\Exception $e) {
 				Util::writeLog(
 					'federatedfilesharing',
-					'Invalid remote storage: ' . get_class($e) . ': ' . $e->getMessage(),
+					'Invalid remote storage: '.get_class($e).': '.$e->getMessage(),
 					Util::DEBUG
 				);
 				return new JSONResponse(['message' => $this->l->t('Couldn\'t add remote share')], Http::STATUS_BAD_REQUEST);

core/Controller/OCSController.php

Indentation +102 added lines, -102 removed lines

@@ -30,117 +30,117 @@
 
 class OCSController extends \OCP\AppFramework\OCSController {
 
-	/** @var CapabilitiesManager */
-	private $capabilitiesManager;
-	/** @var IUserSession */
-	private $userSession;
-	/** @var IUserManager */
-	private $userManager;
-	/** @var Manager */
-	private $keyManager;
+    /** @var CapabilitiesManager */
+    private $capabilitiesManager;
+    /** @var IUserSession */
+    private $userSession;
+    /** @var IUserManager */
+    private $userManager;
+    /** @var Manager */
+    private $keyManager;
 
-	/**
-	 * OCSController constructor.
-	 *
-	 * @param string $appName
-	 * @param IRequest $request
-	 * @param CapabilitiesManager $capabilitiesManager
-	 * @param IUserSession $userSession
-	 * @param IUserManager $userManager
-	 * @param Manager $keyManager
-	 */
-	public function __construct($appName,
-								IRequest $request,
-								CapabilitiesManager $capabilitiesManager,
-								IUserSession $userSession,
-								IUserManager $userManager,
-								Manager $keyManager) {
-		parent::__construct($appName, $request);
-		$this->capabilitiesManager = $capabilitiesManager;
-		$this->userSession = $userSession;
-		$this->userManager = $userManager;
-		$this->keyManager = $keyManager;
-	}
+    /**
+     * OCSController constructor.
+     *
+     * @param string $appName
+     * @param IRequest $request
+     * @param CapabilitiesManager $capabilitiesManager
+     * @param IUserSession $userSession
+     * @param IUserManager $userManager
+     * @param Manager $keyManager
+     */
+    public function __construct($appName,
+                                IRequest $request,
+                                CapabilitiesManager $capabilitiesManager,
+                                IUserSession $userSession,
+                                IUserManager $userManager,
+                                Manager $keyManager) {
+        parent::__construct($appName, $request);
+        $this->capabilitiesManager = $capabilitiesManager;
+        $this->userSession = $userSession;
+        $this->userManager = $userManager;
+        $this->keyManager = $keyManager;
+    }
 
-	/**
-	 * @PublicPage
-	 *
-	 * @return DataResponse
-	 */
-	public function getConfig() {
-		$data = [
-			'version' => '1.7',
-			'website' => 'Nextcloud',
-			'host' => $this->request->getServerHost(),
-			'contact' => '',
-			'ssl' => 'false',
-		];
+    /**
+     * @PublicPage
+     *
+     * @return DataResponse
+     */
+    public function getConfig() {
+        $data = [
+            'version' => '1.7',
+            'website' => 'Nextcloud',
+            'host' => $this->request->getServerHost(),
+            'contact' => '',
+            'ssl' => 'false',
+        ];
 
-		return new DataResponse($data);
-	}
+        return new DataResponse($data);
+    }
 
-	/**
-	 * @NoAdminRequired
-	 * @return DataResponse
-	 */
-	public function getCapabilities() {
-		$result = [];
-		list($major, $minor, $micro) = \OCP\Util::getVersion();
-		$result['version'] = array(
-			'major' => $major,
-			'minor' => $minor,
-			'micro' => $micro,
-			'string' => \OC_Util::getVersionString(),
-			'edition' => '',
-		);
+    /**
+     * @NoAdminRequired
+     * @return DataResponse
+     */
+    public function getCapabilities() {
+        $result = [];
+        list($major, $minor, $micro) = \OCP\Util::getVersion();
+        $result['version'] = array(
+            'major' => $major,
+            'minor' => $minor,
+            'micro' => $micro,
+            'string' => \OC_Util::getVersionString(),
+            'edition' => '',
+        );
 
-		$result['capabilities'] = $this->capabilitiesManager->getCapabilities();
+        $result['capabilities'] = $this->capabilitiesManager->getCapabilities();
 
-		return new DataResponse($result);
-	}
+        return new DataResponse($result);
+    }
 
-	/**
-	 * @PublicPage
-	 * @BruteForceProtection(action=login)
-	 *
-	 * @param string $login
-	 * @param string $password
-	 * @return DataResponse
-	 */
-	public function personCheck($login = '', $password = '') {
-		if ($login !== '' && $password !== '') {
-			if ($this->userManager->checkPassword($login, $password)) {
-				return new DataResponse([
-					'person' => [
-						'personid' => $login
-					]
-				]);
-			}
+    /**
+     * @PublicPage
+     * @BruteForceProtection(action=login)
+     *
+     * @param string $login
+     * @param string $password
+     * @return DataResponse
+     */
+    public function personCheck($login = '', $password = '') {
+        if ($login !== '' && $password !== '') {
+            if ($this->userManager->checkPassword($login, $password)) {
+                return new DataResponse([
+                    'person' => [
+                        'personid' => $login
+                    ]
+                ]);
+            }
 
-			$response = new DataResponse(null, 102);
-			$response->throttle();
-			return $response;
-		}
-		return new DataResponse(null, 101);
-	}
+            $response = new DataResponse(null, 102);
+            $response->throttle();
+            return $response;
+        }
+        return new DataResponse(null, 101);
+    }
 
-	/**
-	 * @PublicPage
-	 *
-	 * @param string $cloudId
-	 * @return DataResponse
-	 */
-	public function getIdentityProof($cloudId) {
-		$userObject = $this->userManager->get($cloudId);
+    /**
+     * @PublicPage
+     *
+     * @param string $cloudId
+     * @return DataResponse
+     */
+    public function getIdentityProof($cloudId) {
+        $userObject = $this->userManager->get($cloudId);
 
-		if($userObject !== null) {
-			$key = $this->keyManager->getKey($userObject);
-			$data = [
-				'public' => $key->getPublic(),
-			];
-			return new DataResponse($data);
-		}
+        if($userObject !== null) {
+            $key = $this->keyManager->getKey($userObject);
+            $data = [
+                'public' => $key->getPublic(),
+            ];
+            return new DataResponse($data);
+        }
 
-		return new DataResponse('User not found', 404);
-	}
+        return new DataResponse('User not found', 404);
+    }
 }