nextcloud / server

apps/dav/lib/Comments/CommentNode.php

Doc Comments +1 added lines, -1 removed lines

@@ -93,7 +93,7 @@
 	/**
 	 * returns a list of all possible property names
 	 *
-	 * @return array
+	 * @return string[]
 	 */
 	static public function getPropertyNames() {
 		return [

Indentation +241 added lines, -241 removed lines

@@ -36,270 +36,270 @@
 use Sabre\DAV\PropPatch;
 
 class CommentNode implements \Sabre\DAV\INode, \Sabre\DAV\IProperties {
-	const NS_OWNCLOUD = 'http://owncloud.org/ns';
+    const NS_OWNCLOUD = 'http://owncloud.org/ns';
 
-	const PROPERTY_NAME_UNREAD = '{http://owncloud.org/ns}isUnread';
-	const PROPERTY_NAME_MESSAGE = '{http://owncloud.org/ns}message';
-	const PROPERTY_NAME_ACTOR_DISPLAYNAME = '{http://owncloud.org/ns}actorDisplayName';
-	const PROPERTY_NAME_MENTIONS = '{http://owncloud.org/ns}mentions';
-	const PROPERTY_NAME_MENTION = '{http://owncloud.org/ns}mention';
-	const PROPERTY_NAME_MENTION_TYPE = '{http://owncloud.org/ns}mentionType';
-	const PROPERTY_NAME_MENTION_ID = '{http://owncloud.org/ns}mentionId';
-	const PROPERTY_NAME_MENTION_DISPLAYNAME = '{http://owncloud.org/ns}mentionDisplayName';
+    const PROPERTY_NAME_UNREAD = '{http://owncloud.org/ns}isUnread';
+    const PROPERTY_NAME_MESSAGE = '{http://owncloud.org/ns}message';
+    const PROPERTY_NAME_ACTOR_DISPLAYNAME = '{http://owncloud.org/ns}actorDisplayName';
+    const PROPERTY_NAME_MENTIONS = '{http://owncloud.org/ns}mentions';
+    const PROPERTY_NAME_MENTION = '{http://owncloud.org/ns}mention';
+    const PROPERTY_NAME_MENTION_TYPE = '{http://owncloud.org/ns}mentionType';
+    const PROPERTY_NAME_MENTION_ID = '{http://owncloud.org/ns}mentionId';
+    const PROPERTY_NAME_MENTION_DISPLAYNAME = '{http://owncloud.org/ns}mentionDisplayName';
 
-	/** @var  IComment */
-	public $comment;
+    /** @var  IComment */
+    public $comment;
 
-	/** @var ICommentsManager */
-	protected $commentsManager;
+    /** @var ICommentsManager */
+    protected $commentsManager;
 
-	/** @var  ILogger */
-	protected $logger;
+    /** @var  ILogger */
+    protected $logger;
 
-	/** @var array list of properties with key being their name and value their setter */
-	protected $properties = [];
+    /** @var array list of properties with key being their name and value their setter */
+    protected $properties = [];
 
-	/** @var IUserManager */
-	protected $userManager;
+    /** @var IUserManager */
+    protected $userManager;
 
-	/** @var IUserSession */
-	protected $userSession;
+    /** @var IUserSession */
+    protected $userSession;
 
-	/**
-	 * CommentNode constructor.
-	 *
-	 * @param ICommentsManager $commentsManager
-	 * @param IComment $comment
-	 * @param IUserManager $userManager
-	 * @param IUserSession $userSession
-	 * @param ILogger $logger
-	 */
-	public function __construct(
-		ICommentsManager $commentsManager,
-		IComment $comment,
-		IUserManager $userManager,
-		IUserSession $userSession,
-		ILogger $logger
-	) {
-		$this->commentsManager = $commentsManager;
-		$this->comment = $comment;
-		$this->logger = $logger;
+    /**
+     * CommentNode constructor.
+     *
+     * @param ICommentsManager $commentsManager
+     * @param IComment $comment
+     * @param IUserManager $userManager
+     * @param IUserSession $userSession
+     * @param ILogger $logger
+     */
+    public function __construct(
+        ICommentsManager $commentsManager,
+        IComment $comment,
+        IUserManager $userManager,
+        IUserSession $userSession,
+        ILogger $logger
+    ) {
+        $this->commentsManager = $commentsManager;
+        $this->comment = $comment;
+        $this->logger = $logger;
 
-		$methods = get_class_methods($this->comment);
-		$methods = array_filter($methods, function($name){
-			return strpos($name, 'get') === 0;
-		});
-		foreach($methods as $getter) {
-			if($getter === 'getMentions') {
-				continue;	// special treatment
-			}
-			$name = '{'.self::NS_OWNCLOUD.'}' . lcfirst(substr($getter, 3));
-			$this->properties[$name] = $getter;
-		}
-		$this->userManager = $userManager;
-		$this->userSession = $userSession;
-	}
+        $methods = get_class_methods($this->comment);
+        $methods = array_filter($methods, function($name){
+            return strpos($name, 'get') === 0;
+        });
+        foreach($methods as $getter) {
+            if($getter === 'getMentions') {
+                continue;	// special treatment
+            }
+            $name = '{'.self::NS_OWNCLOUD.'}' . lcfirst(substr($getter, 3));
+            $this->properties[$name] = $getter;
+        }
+        $this->userManager = $userManager;
+        $this->userSession = $userSession;
+    }
 
-	/**
-	 * returns a list of all possible property names
-	 *
-	 * @return array
-	 */
-	static public function getPropertyNames() {
-		return [
-			'{http://owncloud.org/ns}id',
-			'{http://owncloud.org/ns}parentId',
-			'{http://owncloud.org/ns}topmostParentId',
-			'{http://owncloud.org/ns}childrenCount',
-			'{http://owncloud.org/ns}verb',
-			'{http://owncloud.org/ns}actorType',
-			'{http://owncloud.org/ns}actorId',
-			'{http://owncloud.org/ns}creationDateTime',
-			'{http://owncloud.org/ns}latestChildDateTime',
-			'{http://owncloud.org/ns}objectType',
-			'{http://owncloud.org/ns}objectId',
-			// re-used property names are defined as constants
-			self::PROPERTY_NAME_MESSAGE,
-			self::PROPERTY_NAME_ACTOR_DISPLAYNAME,
-			self::PROPERTY_NAME_UNREAD,
-			self::PROPERTY_NAME_MENTIONS,
-			self::PROPERTY_NAME_MENTION,
-			self::PROPERTY_NAME_MENTION_TYPE,
-			self::PROPERTY_NAME_MENTION_ID,
-			self::PROPERTY_NAME_MENTION_DISPLAYNAME,
-		];
-	}
+    /**
+     * returns a list of all possible property names
+     *
+     * @return array
+     */
+    static public function getPropertyNames() {
+        return [
+            '{http://owncloud.org/ns}id',
+            '{http://owncloud.org/ns}parentId',
+            '{http://owncloud.org/ns}topmostParentId',
+            '{http://owncloud.org/ns}childrenCount',
+            '{http://owncloud.org/ns}verb',
+            '{http://owncloud.org/ns}actorType',
+            '{http://owncloud.org/ns}actorId',
+            '{http://owncloud.org/ns}creationDateTime',
+            '{http://owncloud.org/ns}latestChildDateTime',
+            '{http://owncloud.org/ns}objectType',
+            '{http://owncloud.org/ns}objectId',
+            // re-used property names are defined as constants
+            self::PROPERTY_NAME_MESSAGE,
+            self::PROPERTY_NAME_ACTOR_DISPLAYNAME,
+            self::PROPERTY_NAME_UNREAD,
+            self::PROPERTY_NAME_MENTIONS,
+            self::PROPERTY_NAME_MENTION,
+            self::PROPERTY_NAME_MENTION_TYPE,
+            self::PROPERTY_NAME_MENTION_ID,
+            self::PROPERTY_NAME_MENTION_DISPLAYNAME,
+        ];
+    }
 
-	protected function checkWriteAccessOnComment() {
-		$user = $this->userSession->getUser();
-		if(    $this->comment->getActorType() !== 'users'
-			|| is_null($user)
-			|| $this->comment->getActorId() !== $user->getUID()
-		) {
-			throw new Forbidden('Only authors are allowed to edit their comment.');
-		}
-	}
+    protected function checkWriteAccessOnComment() {
+        $user = $this->userSession->getUser();
+        if(    $this->comment->getActorType() !== 'users'
+            || is_null($user)
+            || $this->comment->getActorId() !== $user->getUID()
+        ) {
+            throw new Forbidden('Only authors are allowed to edit their comment.');
+        }
+    }
 
-	/**
-	 * Deleted the current node
-	 *
-	 * @return void
-	 */
-	function delete() {
-		$this->checkWriteAccessOnComment();
-		$this->commentsManager->delete($this->comment->getId());
-	}
+    /**
+     * Deleted the current node
+     *
+     * @return void
+     */
+    function delete() {
+        $this->checkWriteAccessOnComment();
+        $this->commentsManager->delete($this->comment->getId());
+    }
 
-	/**
-	 * Returns the name of the node.
-	 *
-	 * This is used to generate the url.
-	 *
-	 * @return string
-	 */
-	function getName() {
-		return $this->comment->getId();
-	}
+    /**
+     * Returns the name of the node.
+     *
+     * This is used to generate the url.
+     *
+     * @return string
+     */
+    function getName() {
+        return $this->comment->getId();
+    }
 
-	/**
-	 * Renames the node
-	 *
-	 * @param string $name The new name
-	 * @throws MethodNotAllowed
-	 */
-	function setName($name) {
-		throw new MethodNotAllowed();
-	}
+    /**
+     * Renames the node
+     *
+     * @param string $name The new name
+     * @throws MethodNotAllowed
+     */
+    function setName($name) {
+        throw new MethodNotAllowed();
+    }
 
-	/**
-	 * Returns the last modification time, as a unix timestamp
-	 *
-	 * @return int
-	 */
-	function getLastModified() {
-		return null;
-	}
+    /**
+     * Returns the last modification time, as a unix timestamp
+     *
+     * @return int
+     */
+    function getLastModified() {
+        return null;
+    }
 
-	/**
-	 * update the comment's message
-	 *
-	 * @param $propertyValue
-	 * @return bool
-	 * @throws BadRequest
-	 * @throws \Exception
-	 */
-	public function updateComment($propertyValue) {
-		$this->checkWriteAccessOnComment();
-		try {
-			$this->comment->setMessage($propertyValue);
-			$this->commentsManager->save($this->comment);
-			return true;
-		} catch (\Exception $e) {
-			$this->logger->logException($e, ['app' => 'dav/comments']);
-			if($e instanceof MessageTooLongException) {
-				$msg = 'Message exceeds allowed character limit of ';
-				throw new BadRequest($msg . IComment::MAX_MESSAGE_LENGTH, 0, $e);
-			}
-			throw $e;
-		}
-	}
+    /**
+     * update the comment's message
+     *
+     * @param $propertyValue
+     * @return bool
+     * @throws BadRequest
+     * @throws \Exception
+     */
+    public function updateComment($propertyValue) {
+        $this->checkWriteAccessOnComment();
+        try {
+            $this->comment->setMessage($propertyValue);
+            $this->commentsManager->save($this->comment);
+            return true;
+        } catch (\Exception $e) {
+            $this->logger->logException($e, ['app' => 'dav/comments']);
+            if($e instanceof MessageTooLongException) {
+                $msg = 'Message exceeds allowed character limit of ';
+                throw new BadRequest($msg . IComment::MAX_MESSAGE_LENGTH, 0, $e);
+            }
+            throw $e;
+        }
+    }
 
-	/**
-	 * Updates properties on this node.
-	 *
-	 * This method received a PropPatch object, which contains all the
-	 * information about the update.
-	 *
-	 * To update specific properties, call the 'handle' method on this object.
-	 * Read the PropPatch documentation for more information.
-	 *
-	 * @param PropPatch $propPatch
-	 * @return void
-	 */
-	function propPatch(PropPatch $propPatch) {
-		// other properties than 'message' are read only
-		$propPatch->handle(self::PROPERTY_NAME_MESSAGE, [$this, 'updateComment']);
-	}
+    /**
+     * Updates properties on this node.
+     *
+     * This method received a PropPatch object, which contains all the
+     * information about the update.
+     *
+     * To update specific properties, call the 'handle' method on this object.
+     * Read the PropPatch documentation for more information.
+     *
+     * @param PropPatch $propPatch
+     * @return void
+     */
+    function propPatch(PropPatch $propPatch) {
+        // other properties than 'message' are read only
+        $propPatch->handle(self::PROPERTY_NAME_MESSAGE, [$this, 'updateComment']);
+    }
 
-	/**
-	 * Returns a list of properties for this nodes.
-	 *
-	 * The properties list is a list of propertynames the client requested,
-	 * encoded in clark-notation {xmlnamespace}tagname
-	 *
-	 * If the array is empty, it means 'all properties' were requested.
-	 *
-	 * Note that it's fine to liberally give properties back, instead of
-	 * conforming to the list of requested properties.
-	 * The Server class will filter out the extra.
-	 *
-	 * @param array $properties
-	 * @return array
-	 */
-	function getProperties($properties) {
-		$properties = array_keys($this->properties);
+    /**
+     * Returns a list of properties for this nodes.
+     *
+     * The properties list is a list of propertynames the client requested,
+     * encoded in clark-notation {xmlnamespace}tagname
+     *
+     * If the array is empty, it means 'all properties' were requested.
+     *
+     * Note that it's fine to liberally give properties back, instead of
+     * conforming to the list of requested properties.
+     * The Server class will filter out the extra.
+     *
+     * @param array $properties
+     * @return array
+     */
+    function getProperties($properties) {
+        $properties = array_keys($this->properties);
 
-		$result = [];
-		foreach($properties as $property) {
-			$getter = $this->properties[$property];
-			if(method_exists($this->comment, $getter)) {
-				$result[$property] = $this->comment->$getter();
-			}
-		}
+        $result = [];
+        foreach($properties as $property) {
+            $getter = $this->properties[$property];
+            if(method_exists($this->comment, $getter)) {
+                $result[$property] = $this->comment->$getter();
+            }
+        }
 
-		if($this->comment->getActorType() === 'users') {
-			$user = $this->userManager->get($this->comment->getActorId());
-			$displayName = is_null($user) ? null : $user->getDisplayName();
-			$result[self::PROPERTY_NAME_ACTOR_DISPLAYNAME] = $displayName;
-		}
+        if($this->comment->getActorType() === 'users') {
+            $user = $this->userManager->get($this->comment->getActorId());
+            $displayName = is_null($user) ? null : $user->getDisplayName();
+            $result[self::PROPERTY_NAME_ACTOR_DISPLAYNAME] = $displayName;
+        }
 
-		$result[self::PROPERTY_NAME_MENTIONS] = $this->composeMentionsPropertyValue();
+        $result[self::PROPERTY_NAME_MENTIONS] = $this->composeMentionsPropertyValue();
 
-		$unread = null;
-		$user =  $this->userSession->getUser();
-		if(!is_null($user)) {
-			$readUntil = $this->commentsManager->getReadMark(
-				$this->comment->getObjectType(),
-				$this->comment->getObjectId(),
-				$user
-			);
-			if(is_null($readUntil)) {
-				$unread = 'true';
-			} else {
-				$unread = $this->comment->getCreationDateTime() > $readUntil;
-				// re-format for output
-				$unread = $unread ? 'true' : 'false';
-			}
-		}
-		$result[self::PROPERTY_NAME_UNREAD] = $unread;
+        $unread = null;
+        $user =  $this->userSession->getUser();
+        if(!is_null($user)) {
+            $readUntil = $this->commentsManager->getReadMark(
+                $this->comment->getObjectType(),
+                $this->comment->getObjectId(),
+                $user
+            );
+            if(is_null($readUntil)) {
+                $unread = 'true';
+            } else {
+                $unread = $this->comment->getCreationDateTime() > $readUntil;
+                // re-format for output
+                $unread = $unread ? 'true' : 'false';
+            }
+        }
+        $result[self::PROPERTY_NAME_UNREAD] = $unread;
 
-		return $result;
-	}
+        return $result;
+    }
 
-	/**
-	 * transforms a mentions array as returned from IComment->getMentions to an
-	 * array with DAV-compatible structure that can be assigned to the
-	 * PROPERTY_NAME_MENTION property.
-	 *
-	 * @return array
-	 */
-	protected function composeMentionsPropertyValue() {
-		return array_map(function($mention) {
-			try {
-				$displayName = $this->commentsManager->resolveDisplayName($mention['type'], $mention['id']);
-			} catch (\OutOfBoundsException $e) {
-				$this->logger->logException($e);
-				// No displayname, upon client's discretion what to display.
-				$displayName = '';
-			}
+    /**
+     * transforms a mentions array as returned from IComment->getMentions to an
+     * array with DAV-compatible structure that can be assigned to the
+     * PROPERTY_NAME_MENTION property.
+     *
+     * @return array
+     */
+    protected function composeMentionsPropertyValue() {
+        return array_map(function($mention) {
+            try {
+                $displayName = $this->commentsManager->resolveDisplayName($mention['type'], $mention['id']);
+            } catch (\OutOfBoundsException $e) {
+                $this->logger->logException($e);
+                // No displayname, upon client's discretion what to display.
+                $displayName = '';
+            }
 
-			return [
-				self::PROPERTY_NAME_MENTION => [
-					self::PROPERTY_NAME_MENTION_TYPE        => $mention['type'],
-					self::PROPERTY_NAME_MENTION_ID          => $mention['id'],
-					self::PROPERTY_NAME_MENTION_DISPLAYNAME => $displayName,
-				]
-			];
-		}, $this->comment->getMentions());
-	}
+            return [
+                self::PROPERTY_NAME_MENTION => [
+                    self::PROPERTY_NAME_MENTION_TYPE        => $mention['type'],
+                    self::PROPERTY_NAME_MENTION_ID          => $mention['id'],
+                    self::PROPERTY_NAME_MENTION_DISPLAYNAME => $displayName,
+                ]
+            ];
+        }, $this->comment->getMentions());
+    }
 }

apps/dav/lib/Comments/CommentsPlugin.php

Doc Comments +1 added lines, -1 removed lines

@@ -138,7 +138,7 @@
 	 * This will be used in the {DAV:}supported-report-set property.
 	 *
 	 * @param string $uri
-	 * @return array
+	 * @return string[]
 	 */
 	public function getSupportedReportSet($uri) {
 		return [self::REPORT_NAME];

Indentation +207 added lines, -207 removed lines

@@ -43,213 +43,213 @@
  * Sabre plugin to handle comments:
  */
 class CommentsPlugin extends ServerPlugin {
-	// namespace
-	const NS_OWNCLOUD = 'http://owncloud.org/ns';
-
-	const REPORT_NAME            = '{http://owncloud.org/ns}filter-comments';
-	const REPORT_PARAM_LIMIT     = '{http://owncloud.org/ns}limit';
-	const REPORT_PARAM_OFFSET    = '{http://owncloud.org/ns}offset';
-	const REPORT_PARAM_TIMESTAMP = '{http://owncloud.org/ns}datetime';
-
-	/** @var ICommentsManager  */
-	protected $commentsManager;
-
-	/** @var \Sabre\DAV\Server $server */
-	private $server;
-
-	/** @var  \OCP\IUserSession */
-	protected $userSession;
-
-	/**
-	 * Comments plugin
-	 *
-	 * @param ICommentsManager $commentsManager
-	 * @param IUserSession $userSession
-	 */
-	public function __construct(ICommentsManager $commentsManager, IUserSession $userSession) {
-		$this->commentsManager = $commentsManager;
-		$this->userSession = $userSession;
-	}
-
-	/**
-	 * This initializes the plugin.
-	 *
-	 * This function is called by Sabre\DAV\Server, after
-	 * addPlugin is called.
-	 *
-	 * This method should set up the required event subscriptions.
-	 *
-	 * @param Server $server
-	 * @return void
-	 */
-	function initialize(Server $server) {
-		$this->server = $server;
-		if(strpos($this->server->getRequestUri(), 'comments/') !== 0) {
-			return;
-		}
-
-		$this->server->xml->namespaceMap[self::NS_OWNCLOUD] = 'oc';
-
-		$this->server->xml->classMap['DateTime'] = function(Writer $writer, \DateTime $value) {
-			$writer->write(\Sabre\HTTP\toDate($value));
-		};
-
-		$this->server->on('report', [$this, 'onReport']);
-		$this->server->on('method:POST', [$this, 'httpPost']);
-	}
-
-	/**
-	 * POST operation on Comments collections
-	 *
-	 * @param RequestInterface $request request object
-	 * @param ResponseInterface $response response object
-	 * @return null|false
-	 */
-	public function httpPost(RequestInterface $request, ResponseInterface $response) {
-		$path = $request->getPath();
-		$node = $this->server->tree->getNodeForPath($path);
-		if (!$node instanceof EntityCollection) {
-			return null;
-		}
-
-		$data = $request->getBodyAsString();
-		$comment = $this->createComment(
-			$node->getName(),
-			$node->getId(),
-			$data,
-			$request->getHeader('Content-Type')
-		);
-
-		// update read marker for the current user/poster to avoid
-		// having their own comments marked as unread
-		$node->setReadMarker(null);
-
-		$url = rtrim($request->getUrl(), '/') . '/' . urlencode($comment->getId());
-
-		$response->setHeader('Content-Location', $url);
-
-		// created
-		$response->setStatus(201);
-		return false;
-	}
-
-	/**
-	 * Returns a list of reports this plugin supports.
-	 *
-	 * This will be used in the {DAV:}supported-report-set property.
-	 *
-	 * @param string $uri
-	 * @return array
-	 */
-	public function getSupportedReportSet($uri) {
-		return [self::REPORT_NAME];
-	}
-
-	/**
-	 * REPORT operations to look for comments
-	 *
-	 * @param string $reportName
-	 * @param array $report
-	 * @param string $uri
-	 * @return bool
-	 * @throws NotFound
-	 * @throws ReportNotSupported
-	 */
-	public function onReport($reportName, $report, $uri) {
-		$node = $this->server->tree->getNodeForPath($uri);
-		if(!$node instanceof EntityCollection || $reportName !== self::REPORT_NAME) {
-			throw new ReportNotSupported();
-		}
-		$args = ['limit' => 0, 'offset' => 0, 'datetime' => null];
-		$acceptableParameters = [
-			$this::REPORT_PARAM_LIMIT,
-			$this::REPORT_PARAM_OFFSET,
-			$this::REPORT_PARAM_TIMESTAMP
-		];
-		$ns = '{' . $this::NS_OWNCLOUD . '}';
-		foreach($report as $parameter) {
-			if(!in_array($parameter['name'], $acceptableParameters) || empty($parameter['value'])) {
-				continue;
-			}
-			$args[str_replace($ns, '', $parameter['name'])] = $parameter['value'];
-		}
-
-		if(!is_null($args['datetime'])) {
-			$args['datetime'] = new \DateTime($args['datetime']);
-		}
-
-		$results = $node->findChildren($args['limit'], $args['offset'], $args['datetime']);
-
-		$responses = [];
-		foreach($results as $node) {
-			$nodePath = $this->server->getRequestUri() . '/' . $node->comment->getId();
-			$resultSet = $this->server->getPropertiesForPath($nodePath, CommentNode::getPropertyNames());
-			if(isset($resultSet[0]) && isset($resultSet[0][200])) {
-				$responses[] = new Response(
-					$this->server->getBaseUri() . $nodePath,
-					[200 => $resultSet[0][200]],
-					200
-				);
-			}
-
-		}
-
-		$xml = $this->server->xml->write(
-			'{DAV:}multistatus',
-			new MultiStatus($responses)
-		);
-
-		$this->server->httpResponse->setStatus(207);
-		$this->server->httpResponse->setHeader('Content-Type', 'application/xml; charset=utf-8');
-		$this->server->httpResponse->setBody($xml);
-
-		return false;
-	}
-
-	/**
-	 * Creates a new comment
-	 *
-	 * @param string $objectType e.g. "files"
-	 * @param string $objectId e.g. the file id
-	 * @param string $data JSON encoded string containing the properties of the tag to create
-	 * @param string $contentType content type of the data
-	 * @return IComment newly created comment
-	 *
-	 * @throws BadRequest if a field was missing
-	 * @throws UnsupportedMediaType if the content type is not supported
-	 */
-	private function createComment($objectType, $objectId, $data, $contentType = 'application/json') {
-		if (explode(';', $contentType)[0] === 'application/json') {
-			$data = json_decode($data, true);
-		} else {
-			throw new UnsupportedMediaType();
-		}
-
-		$actorType = $data['actorType'];
-		$actorId = null;
-		if($actorType === 'users') {
-			$user = $this->userSession->getUser();
-			if(!is_null($user)) {
-				$actorId = $user->getUID();
-			}
-		}
-		if(is_null($actorId)) {
-			throw new BadRequest('Invalid actor "' .  $actorType .'"');
-		}
-
-		try {
-			$comment = $this->commentsManager->create($actorType, $actorId, $objectType, $objectId);
-			$comment->setMessage($data['message']);
-			$comment->setVerb($data['verb']);
-			$this->commentsManager->save($comment);
-			return $comment;
-		} catch (\InvalidArgumentException $e) {
-			throw new BadRequest('Invalid input values', 0, $e);
-		} catch (\OCP\Comments\MessageTooLongException $e) {
-			$msg = 'Message exceeds allowed character limit of ';
-			throw new BadRequest($msg . \OCP\Comments\IComment::MAX_MESSAGE_LENGTH, 0,	$e);
-		}
-	}
+    // namespace
+    const NS_OWNCLOUD = 'http://owncloud.org/ns';
+
+    const REPORT_NAME            = '{http://owncloud.org/ns}filter-comments';
+    const REPORT_PARAM_LIMIT     = '{http://owncloud.org/ns}limit';
+    const REPORT_PARAM_OFFSET    = '{http://owncloud.org/ns}offset';
+    const REPORT_PARAM_TIMESTAMP = '{http://owncloud.org/ns}datetime';
+
+    /** @var ICommentsManager  */
+    protected $commentsManager;
+
+    /** @var \Sabre\DAV\Server $server */
+    private $server;
+
+    /** @var  \OCP\IUserSession */
+    protected $userSession;
+
+    /**
+     * Comments plugin
+     *
+     * @param ICommentsManager $commentsManager
+     * @param IUserSession $userSession
+     */
+    public function __construct(ICommentsManager $commentsManager, IUserSession $userSession) {
+        $this->commentsManager = $commentsManager;
+        $this->userSession = $userSession;
+    }
+
+    /**
+     * This initializes the plugin.
+     *
+     * This function is called by Sabre\DAV\Server, after
+     * addPlugin is called.
+     *
+     * This method should set up the required event subscriptions.
+     *
+     * @param Server $server
+     * @return void
+     */
+    function initialize(Server $server) {
+        $this->server = $server;
+        if(strpos($this->server->getRequestUri(), 'comments/') !== 0) {
+            return;
+        }
+
+        $this->server->xml->namespaceMap[self::NS_OWNCLOUD] = 'oc';
+
+        $this->server->xml->classMap['DateTime'] = function(Writer $writer, \DateTime $value) {
+            $writer->write(\Sabre\HTTP\toDate($value));
+        };
+
+        $this->server->on('report', [$this, 'onReport']);
+        $this->server->on('method:POST', [$this, 'httpPost']);
+    }
+
+    /**
+     * POST operation on Comments collections
+     *
+     * @param RequestInterface $request request object
+     * @param ResponseInterface $response response object
+     * @return null|false
+     */
+    public function httpPost(RequestInterface $request, ResponseInterface $response) {
+        $path = $request->getPath();
+        $node = $this->server->tree->getNodeForPath($path);
+        if (!$node instanceof EntityCollection) {
+            return null;
+        }
+
+        $data = $request->getBodyAsString();
+        $comment = $this->createComment(
+            $node->getName(),
+            $node->getId(),
+            $data,
+            $request->getHeader('Content-Type')
+        );
+
+        // update read marker for the current user/poster to avoid
+        // having their own comments marked as unread
+        $node->setReadMarker(null);
+
+        $url = rtrim($request->getUrl(), '/') . '/' . urlencode($comment->getId());
+
+        $response->setHeader('Content-Location', $url);
+
+        // created
+        $response->setStatus(201);
+        return false;
+    }
+
+    /**
+     * Returns a list of reports this plugin supports.
+     *
+     * This will be used in the {DAV:}supported-report-set property.
+     *
+     * @param string $uri
+     * @return array
+     */
+    public function getSupportedReportSet($uri) {
+        return [self::REPORT_NAME];
+    }
+
+    /**
+     * REPORT operations to look for comments
+     *
+     * @param string $reportName
+     * @param array $report
+     * @param string $uri
+     * @return bool
+     * @throws NotFound
+     * @throws ReportNotSupported
+     */
+    public function onReport($reportName, $report, $uri) {
+        $node = $this->server->tree->getNodeForPath($uri);
+        if(!$node instanceof EntityCollection || $reportName !== self::REPORT_NAME) {
+            throw new ReportNotSupported();
+        }
+        $args = ['limit' => 0, 'offset' => 0, 'datetime' => null];
+        $acceptableParameters = [
+            $this::REPORT_PARAM_LIMIT,
+            $this::REPORT_PARAM_OFFSET,
+            $this::REPORT_PARAM_TIMESTAMP
+        ];
+        $ns = '{' . $this::NS_OWNCLOUD . '}';
+        foreach($report as $parameter) {
+            if(!in_array($parameter['name'], $acceptableParameters) || empty($parameter['value'])) {
+                continue;
+            }
+            $args[str_replace($ns, '', $parameter['name'])] = $parameter['value'];
+        }
+
+        if(!is_null($args['datetime'])) {
+            $args['datetime'] = new \DateTime($args['datetime']);
+        }
+
+        $results = $node->findChildren($args['limit'], $args['offset'], $args['datetime']);
+
+        $responses = [];
+        foreach($results as $node) {
+            $nodePath = $this->server->getRequestUri() . '/' . $node->comment->getId();
+            $resultSet = $this->server->getPropertiesForPath($nodePath, CommentNode::getPropertyNames());
+            if(isset($resultSet[0]) && isset($resultSet[0][200])) {
+                $responses[] = new Response(
+                    $this->server->getBaseUri() . $nodePath,
+                    [200 => $resultSet[0][200]],
+                    200
+                );
+            }
+
+        }
+
+        $xml = $this->server->xml->write(
+            '{DAV:}multistatus',
+            new MultiStatus($responses)
+        );
+
+        $this->server->httpResponse->setStatus(207);
+        $this->server->httpResponse->setHeader('Content-Type', 'application/xml; charset=utf-8');
+        $this->server->httpResponse->setBody($xml);
+
+        return false;
+    }
+
+    /**
+     * Creates a new comment
+     *
+     * @param string $objectType e.g. "files"
+     * @param string $objectId e.g. the file id
+     * @param string $data JSON encoded string containing the properties of the tag to create
+     * @param string $contentType content type of the data
+     * @return IComment newly created comment
+     *
+     * @throws BadRequest if a field was missing
+     * @throws UnsupportedMediaType if the content type is not supported
+     */
+    private function createComment($objectType, $objectId, $data, $contentType = 'application/json') {
+        if (explode(';', $contentType)[0] === 'application/json') {
+            $data = json_decode($data, true);
+        } else {
+            throw new UnsupportedMediaType();
+        }
+
+        $actorType = $data['actorType'];
+        $actorId = null;
+        if($actorType === 'users') {
+            $user = $this->userSession->getUser();
+            if(!is_null($user)) {
+                $actorId = $user->getUID();
+            }
+        }
+        if(is_null($actorId)) {
+            throw new BadRequest('Invalid actor "' .  $actorType .'"');
+        }
+
+        try {
+            $comment = $this->commentsManager->create($actorType, $actorId, $objectType, $objectId);
+            $comment->setMessage($data['message']);
+            $comment->setVerb($data['verb']);
+            $this->commentsManager->save($comment);
+            return $comment;
+        } catch (\InvalidArgumentException $e) {
+            throw new BadRequest('Invalid input values', 0, $e);
+        } catch (\OCP\Comments\MessageTooLongException $e) {
+            $msg = 'Message exceeds allowed character limit of ';
+            throw new BadRequest($msg . \OCP\Comments\IComment::MAX_MESSAGE_LENGTH, 0,	$e);
+        }
+    }
 
 
 

apps/dav/lib/Comments/EntityCollection.php

Doc Comments +1 added lines, -1 removed lines

@@ -115,7 +115,7 @@
 	/**
 	 * Returns an array with all the child nodes
 	 *
-	 * @return \Sabre\DAV\INode[]
+	 * @return CommentNode[]
 	 */
 	function getChildren() {
 		return $this->findChildren();

Indentation +140 added lines, -140 removed lines

@@ -41,156 +41,156 @@
  * @package OCA\DAV\Comments
  */
 class EntityCollection extends RootCollection implements IProperties {
-	const PROPERTY_NAME_READ_MARKER  = '{http://owncloud.org/ns}readMarker';
+    const PROPERTY_NAME_READ_MARKER  = '{http://owncloud.org/ns}readMarker';
 
-	/** @var  string */
-	protected $id;
+    /** @var  string */
+    protected $id;
 
-	/** @var  ILogger */
-	protected $logger;
+    /** @var  ILogger */
+    protected $logger;
 
-	/**
-	 * @param string $id
-	 * @param string $name
-	 * @param ICommentsManager $commentsManager
-	 * @param IUserManager $userManager
-	 * @param IUserSession $userSession
-	 * @param ILogger $logger
-	 */
-	public function __construct(
-		$id,
-		$name,
-		ICommentsManager $commentsManager,
-		IUserManager $userManager,
-		IUserSession $userSession,
-		ILogger $logger
-	) {
-		foreach(['id', 'name'] as $property) {
-			$$property = trim($$property);
-			if(empty($$property) || !is_string($$property)) {
-				throw new \InvalidArgumentException('"' . $property . '" parameter must be non-empty string');
-			}
-		}
-		$this->id = $id;
-		$this->name = $name;
-		$this->commentsManager = $commentsManager;
-		$this->logger = $logger;
-		$this->userManager = $userManager;
-		$this->userSession = $userSession;
-	}
+    /**
+     * @param string $id
+     * @param string $name
+     * @param ICommentsManager $commentsManager
+     * @param IUserManager $userManager
+     * @param IUserSession $userSession
+     * @param ILogger $logger
+     */
+    public function __construct(
+        $id,
+        $name,
+        ICommentsManager $commentsManager,
+        IUserManager $userManager,
+        IUserSession $userSession,
+        ILogger $logger
+    ) {
+        foreach(['id', 'name'] as $property) {
+            $$property = trim($$property);
+            if(empty($$property) || !is_string($$property)) {
+                throw new \InvalidArgumentException('"' . $property . '" parameter must be non-empty string');
+            }
+        }
+        $this->id = $id;
+        $this->name = $name;
+        $this->commentsManager = $commentsManager;
+        $this->logger = $logger;
+        $this->userManager = $userManager;
+        $this->userSession = $userSession;
+    }
 
-	/**
-	 * returns the ID of this entity
-	 *
-	 * @return string
-	 */
-	public function getId() {
-		return $this->id;
-	}
+    /**
+     * returns the ID of this entity
+     *
+     * @return string
+     */
+    public function getId() {
+        return $this->id;
+    }
 
-	/**
-	 * Returns a specific child node, referenced by its name
-	 *
-	 * This method must throw Sabre\DAV\Exception\NotFound if the node does not
-	 * exist.
-	 *
-	 * @param string $name
-	 * @return \Sabre\DAV\INode
-	 * @throws NotFound
-	 */
-	function getChild($name) {
-		try {
-			$comment = $this->commentsManager->get($name);
-			return new CommentNode(
-				$this->commentsManager,
-				$comment,
-				$this->userManager,
-				$this->userSession,
-				$this->logger
-			);
-		} catch (NotFoundException $e) {
-			throw new NotFound();
-		}
-	}
+    /**
+     * Returns a specific child node, referenced by its name
+     *
+     * This method must throw Sabre\DAV\Exception\NotFound if the node does not
+     * exist.
+     *
+     * @param string $name
+     * @return \Sabre\DAV\INode
+     * @throws NotFound
+     */
+    function getChild($name) {
+        try {
+            $comment = $this->commentsManager->get($name);
+            return new CommentNode(
+                $this->commentsManager,
+                $comment,
+                $this->userManager,
+                $this->userSession,
+                $this->logger
+            );
+        } catch (NotFoundException $e) {
+            throw new NotFound();
+        }
+    }
 
-	/**
-	 * Returns an array with all the child nodes
-	 *
-	 * @return \Sabre\DAV\INode[]
-	 */
-	function getChildren() {
-		return $this->findChildren();
-	}
+    /**
+     * Returns an array with all the child nodes
+     *
+     * @return \Sabre\DAV\INode[]
+     */
+    function getChildren() {
+        return $this->findChildren();
+    }
 
-	/**
-	 * Returns an array of comment nodes. Result can be influenced by offset,
-	 * limit and date time parameters.
-	 *
-	 * @param int $limit
-	 * @param int $offset
-	 * @param \DateTime|null $datetime
-	 * @return CommentNode[]
-	 */
-	function findChildren($limit = 0, $offset = 0, \DateTime $datetime = null) {
-		$comments = $this->commentsManager->getForObject($this->name, $this->id, $limit, $offset, $datetime);
-		$result = [];
-		foreach($comments as $comment) {
-			$result[] = new CommentNode(
-				$this->commentsManager,
-				$comment,
-				$this->userManager,
-				$this->userSession,
-				$this->logger
-			);
-		}
-		return $result;
-	}
+    /**
+     * Returns an array of comment nodes. Result can be influenced by offset,
+     * limit and date time parameters.
+     *
+     * @param int $limit
+     * @param int $offset
+     * @param \DateTime|null $datetime
+     * @return CommentNode[]
+     */
+    function findChildren($limit = 0, $offset = 0, \DateTime $datetime = null) {
+        $comments = $this->commentsManager->getForObject($this->name, $this->id, $limit, $offset, $datetime);
+        $result = [];
+        foreach($comments as $comment) {
+            $result[] = new CommentNode(
+                $this->commentsManager,
+                $comment,
+                $this->userManager,
+                $this->userSession,
+                $this->logger
+            );
+        }
+        return $result;
+    }
 
-	/**
-	 * Checks if a child-node with the specified name exists
-	 *
-	 * @param string $name
-	 * @return bool
-	 */
-	function childExists($name) {
-		try {
-			$this->commentsManager->get($name);
-			return true;
-		} catch (NotFoundException $e) {
-			return false;
-		}
-	}
+    /**
+     * Checks if a child-node with the specified name exists
+     *
+     * @param string $name
+     * @return bool
+     */
+    function childExists($name) {
+        try {
+            $this->commentsManager->get($name);
+            return true;
+        } catch (NotFoundException $e) {
+            return false;
+        }
+    }
 
-	/**
-	 * Sets the read marker to the specified date for the logged in user
-	 *
-	 * @param \DateTime $value
-	 * @return bool
-	 */
-	public function setReadMarker($value) {
-		$dateTime = new \DateTime($value);
-		$user = $this->userSession->getUser();
-		$this->commentsManager->setReadMark($this->name, $this->id, $dateTime, $user);
-		return true;
-	}
+    /**
+     * Sets the read marker to the specified date for the logged in user
+     *
+     * @param \DateTime $value
+     * @return bool
+     */
+    public function setReadMarker($value) {
+        $dateTime = new \DateTime($value);
+        $user = $this->userSession->getUser();
+        $this->commentsManager->setReadMark($this->name, $this->id, $dateTime, $user);
+        return true;
+    }
 
-	/**
-	 * @inheritdoc
-	 */
-	function propPatch(PropPatch $propPatch) {
-		$propPatch->handle(self::PROPERTY_NAME_READ_MARKER, [$this, 'setReadMarker']);
-	}
+    /**
+     * @inheritdoc
+     */
+    function propPatch(PropPatch $propPatch) {
+        $propPatch->handle(self::PROPERTY_NAME_READ_MARKER, [$this, 'setReadMarker']);
+    }
 
-	/**
-	 * @inheritdoc
-	 */
-	function getProperties($properties) {
-		$marker = null;
-		$user = $this->userSession->getUser();
-		if(!is_null($user)) {
-			$marker = $this->commentsManager->getReadMark($this->name, $this->id, $user);
-		}
-		return [self::PROPERTY_NAME_READ_MARKER => $marker];
-	}
+    /**
+     * @inheritdoc
+     */
+    function getProperties($properties) {
+        $marker = null;
+        $user = $this->userSession->getUser();
+        if(!is_null($user)) {
+            $marker = $this->commentsManager->getReadMark($this->name, $this->id, $user);
+        }
+        return [self::PROPERTY_NAME_READ_MARKER => $marker];
+    }
 }
 

apps/dav/lib/Connector/Sabre/CustomPropertiesBackend.php

Doc Comments +1 added lines, -1 removed lines

@@ -75,7 +75,7 @@
 	private $cache = [];
 
 	/**
-	 * @param Tree $tree node tree
+	 * @param ObjectTree $tree node tree
 	 * @param IDBConnection $connection database connection
 	 * @param IUser $user owner of the tree and properties
 	 */

Indentation +317 added lines, -317 removed lines

@@ -36,322 +36,322 @@
 
 class CustomPropertiesBackend implements BackendInterface {
 
-	/**
-	 * Ignored properties
-	 *
-	 * @var array
-	 */
-	private $ignoredProperties = array(
-		'{DAV:}getcontentlength',
-		'{DAV:}getcontenttype',
-		'{DAV:}getetag',
-		'{DAV:}quota-used-bytes',
-		'{DAV:}quota-available-bytes',
-		'{DAV:}quota-available-bytes',
-		'{http://owncloud.org/ns}permissions',
-		'{http://owncloud.org/ns}downloadURL',
-		'{http://owncloud.org/ns}dDC',
-		'{http://owncloud.org/ns}size',
-	);
-
-	/**
-	 * @var Tree
-	 */
-	private $tree;
-
-	/**
-	 * @var IDBConnection
-	 */
-	private $connection;
-
-	/**
-	 * @var IUser
-	 */
-	private $user;
-
-	/**
-	 * Properties cache
-	 *
-	 * @var array
-	 */
-	private $cache = [];
-
-	/**
-	 * @param Tree $tree node tree
-	 * @param IDBConnection $connection database connection
-	 * @param IUser $user owner of the tree and properties
-	 */
-	public function __construct(
-		Tree $tree,
-		IDBConnection $connection,
-		IUser $user) {
-		$this->tree = $tree;
-		$this->connection = $connection;
-		$this->user = $user->getUID();
-	}
-
-	/**
-	 * Fetches properties for a path.
-	 *
-	 * @param string $path
-	 * @param PropFind $propFind
-	 * @return void
-	 */
-	public function propFind($path, PropFind $propFind) {
-		try {
-			$node = $this->tree->getNodeForPath($path);
-			if (!($node instanceof Node)) {
-				return;
-			}
-		} catch (ServiceUnavailable $e) {
-			// might happen for unavailable mount points, skip
-			return;
-		} catch (NotFound $e) {
-			// in some rare (buggy) cases the node might not be found,
-			// we catch the exception to prevent breaking the whole list with a 404
-			// (soft fail)
-			\OC::$server->getLogger()->warning(
-				'Could not get node for path: \"' . $path . '\" : ' . $e->getMessage(),
-				array('app' => 'files')
-			);
-			return;
-		}
-
-		$requestedProps = $propFind->get404Properties();
-
-		// these might appear
-		$requestedProps = array_diff(
-			$requestedProps,
-			$this->ignoredProperties
-		);
-
-		if (empty($requestedProps)) {
-			return;
-		}
-
-		if ($node instanceof Directory
-			&& $propFind->getDepth() !== 0
-		) {
-			// note: pre-fetching only supported for depth <= 1
-			$this->loadChildrenProperties($node, $requestedProps);
-		}
-
-		$props = $this->getProperties($node, $requestedProps);
-		foreach ($props as $propName => $propValue) {
-			$propFind->set($propName, $propValue);
-		}
-	}
-
-	/**
-	 * Updates properties for a path
-	 *
-	 * @param string $path
-	 * @param PropPatch $propPatch
-	 *
-	 * @return void
-	 */
-	public function propPatch($path, PropPatch $propPatch) {
-		$node = $this->tree->getNodeForPath($path);
-		if (!($node instanceof Node)) {
-			return;
-		}
-
-		$propPatch->handleRemaining(function($changedProps) use ($node) {
-			return $this->updateProperties($node, $changedProps);
-		});
-	}
-
-	/**
-	 * This method is called after a node is deleted.
-	 *
-	 * @param string $path path of node for which to delete properties
-	 */
-	public function delete($path) {
-		$statement = $this->connection->prepare(
-			'DELETE FROM `*PREFIX*properties` WHERE `userid` = ? AND `propertypath` = ?'
-		);
-		$statement->execute(array($this->user, '/' . $path));
-		$statement->closeCursor();
-
-		unset($this->cache[$path]);
-	}
-
-	/**
-	 * This method is called after a successful MOVE
-	 *
-	 * @param string $source
-	 * @param string $destination
-	 *
-	 * @return void
-	 */
-	public function move($source, $destination) {
-		$statement = $this->connection->prepare(
-			'UPDATE `*PREFIX*properties` SET `propertypath` = ?' .
-			' WHERE `userid` = ? AND `propertypath` = ?'
-		);
-		$statement->execute(array('/' . $destination, $this->user, '/' . $source));
-		$statement->closeCursor();
-	}
-
-	/**
-	 * Returns a list of properties for this nodes.;
-	 * @param Node $node
-	 * @param array $requestedProperties requested properties or empty array for "all"
-	 * @return array
-	 * @note The properties list is a list of propertynames the client
-	 * requested, encoded as xmlnamespace#tagName, for example:
-	 * http://www.example.org/namespace#author If the array is empty, all
-	 * properties should be returned
-	 */
-	private function getProperties(Node $node, array $requestedProperties) {
-		$path = $node->getPath();
-		if (isset($this->cache[$path])) {
-			return $this->cache[$path];
-		}
-
-		// TODO: chunking if more than 1000 properties
-		$sql = 'SELECT * FROM `*PREFIX*properties` WHERE `userid` = ? AND `propertypath` = ?';
-
-		$whereValues = array($this->user, $path);
-		$whereTypes = array(null, null);
-
-		if (!empty($requestedProperties)) {
-			// request only a subset
-			$sql .= ' AND `propertyname` in (?)';
-			$whereValues[] = $requestedProperties;
-			$whereTypes[] = \Doctrine\DBAL\Connection::PARAM_STR_ARRAY;
-		}
-
-		$result = $this->connection->executeQuery(
-			$sql,
-			$whereValues,
-			$whereTypes
-		);
-
-		$props = [];
-		while ($row = $result->fetch()) {
-			$props[$row['propertyname']] = $row['propertyvalue'];
-		}
-
-		$result->closeCursor();
-
-		$this->cache[$path] = $props;
-		return $props;
-	}
-
-	/**
-	 * Update properties
-	 *
-	 * @param Node $node node for which to update properties
-	 * @param array $properties array of properties to update
-	 *
-	 * @return bool
-	 */
-	private function updateProperties($node, $properties) {
-		$path = $node->getPath();
-
-		$deleteStatement = 'DELETE FROM `*PREFIX*properties`' .
-			' WHERE `userid` = ? AND `propertypath` = ? AND `propertyname` = ?';
-
-		$insertStatement = 'INSERT INTO `*PREFIX*properties`' .
-			' (`userid`,`propertypath`,`propertyname`,`propertyvalue`) VALUES(?,?,?,?)';
-
-		$updateStatement = 'UPDATE `*PREFIX*properties` SET `propertyvalue` = ?' .
-			' WHERE `userid` = ? AND `propertypath` = ? AND `propertyname` = ?';
-
-		// TODO: use "insert or update" strategy ?
-		$existing = $this->getProperties($node, array());
-		$this->connection->beginTransaction();
-		foreach ($properties as $propertyName => $propertyValue) {
-			// If it was null, we need to delete the property
-			if (is_null($propertyValue)) {
-				if (array_key_exists($propertyName, $existing)) {
-					$this->connection->executeUpdate($deleteStatement,
-						array(
-							$this->user,
-							$path,
-							$propertyName
-						)
-					);
-				}
-			} else {
-				if (!array_key_exists($propertyName, $existing)) {
-					$this->connection->executeUpdate($insertStatement,
-						array(
-							$this->user,
-							$path,
-							$propertyName,
-							$propertyValue
-						)
-					);
-				} else {
-					$this->connection->executeUpdate($updateStatement,
-						array(
-							$propertyValue,
-							$this->user,
-							$path,
-							$propertyName
-						)
-					);
-				}
-			}
-		}
-
-		$this->connection->commit();
-		unset($this->cache[$path]);
-
-		return true;
-	}
-
-	/**
-	 * Bulk load properties for directory children
-	 *
-	 * @param Directory $node
-	 * @param array $requestedProperties requested properties
-	 *
-	 * @return void
-	 */
-	private function loadChildrenProperties(Directory $node, $requestedProperties) {
-		$path = $node->getPath();
-		if (isset($this->cache[$path])) {
-			// we already loaded them at some point
-			return;
-		}
-
-		$childNodes = $node->getChildren();
-		// pre-fill cache
-		foreach ($childNodes as $childNode) {
-			$this->cache[$childNode->getPath()] = [];
-		}
-
-		$sql = 'SELECT * FROM `*PREFIX*properties` WHERE `userid` = ? AND `propertypath` LIKE ?';
-		$sql .= ' AND `propertyname` in (?) ORDER BY `propertypath`, `propertyname`';
-
-		$result = $this->connection->executeQuery(
-			$sql,
-			array($this->user, $this->connection->escapeLikeParameter(rtrim($path, '/')) . '/%', $requestedProperties),
-			array(null, null, \Doctrine\DBAL\Connection::PARAM_STR_ARRAY)
-		);
-
-		$oldPath = null;
-		$props = [];
-		while ($row = $result->fetch()) {
-			$path = $row['propertypath'];
-			if ($oldPath !== $path) {
-				// save previously gathered props
-				$this->cache[$oldPath] = $props;
-				$oldPath = $path;
-				// prepare props for next path
-				$props = [];
-			}
-			$props[$row['propertyname']] = $row['propertyvalue'];
-		}
-		if (!is_null($oldPath)) {
-			// save props from last run
-			$this->cache[$oldPath] = $props;
-		}
-
-		$result->closeCursor();
-	}
+    /**
+     * Ignored properties
+     *
+     * @var array
+     */
+    private $ignoredProperties = array(
+        '{DAV:}getcontentlength',
+        '{DAV:}getcontenttype',
+        '{DAV:}getetag',
+        '{DAV:}quota-used-bytes',
+        '{DAV:}quota-available-bytes',
+        '{DAV:}quota-available-bytes',
+        '{http://owncloud.org/ns}permissions',
+        '{http://owncloud.org/ns}downloadURL',
+        '{http://owncloud.org/ns}dDC',
+        '{http://owncloud.org/ns}size',
+    );
+
+    /**
+     * @var Tree
+     */
+    private $tree;
+
+    /**
+     * @var IDBConnection
+     */
+    private $connection;
+
+    /**
+     * @var IUser
+     */
+    private $user;
+
+    /**
+     * Properties cache
+     *
+     * @var array
+     */
+    private $cache = [];
+
+    /**
+     * @param Tree $tree node tree
+     * @param IDBConnection $connection database connection
+     * @param IUser $user owner of the tree and properties
+     */
+    public function __construct(
+        Tree $tree,
+        IDBConnection $connection,
+        IUser $user) {
+        $this->tree = $tree;
+        $this->connection = $connection;
+        $this->user = $user->getUID();
+    }
+
+    /**
+     * Fetches properties for a path.
+     *
+     * @param string $path
+     * @param PropFind $propFind
+     * @return void
+     */
+    public function propFind($path, PropFind $propFind) {
+        try {
+            $node = $this->tree->getNodeForPath($path);
+            if (!($node instanceof Node)) {
+                return;
+            }
+        } catch (ServiceUnavailable $e) {
+            // might happen for unavailable mount points, skip
+            return;
+        } catch (NotFound $e) {
+            // in some rare (buggy) cases the node might not be found,
+            // we catch the exception to prevent breaking the whole list with a 404
+            // (soft fail)
+            \OC::$server->getLogger()->warning(
+                'Could not get node for path: \"' . $path . '\" : ' . $e->getMessage(),
+                array('app' => 'files')
+            );
+            return;
+        }
+
+        $requestedProps = $propFind->get404Properties();
+
+        // these might appear
+        $requestedProps = array_diff(
+            $requestedProps,
+            $this->ignoredProperties
+        );
+
+        if (empty($requestedProps)) {
+            return;
+        }
+
+        if ($node instanceof Directory
+            && $propFind->getDepth() !== 0
+        ) {
+            // note: pre-fetching only supported for depth <= 1
+            $this->loadChildrenProperties($node, $requestedProps);
+        }
+
+        $props = $this->getProperties($node, $requestedProps);
+        foreach ($props as $propName => $propValue) {
+            $propFind->set($propName, $propValue);
+        }
+    }
+
+    /**
+     * Updates properties for a path
+     *
+     * @param string $path
+     * @param PropPatch $propPatch
+     *
+     * @return void
+     */
+    public function propPatch($path, PropPatch $propPatch) {
+        $node = $this->tree->getNodeForPath($path);
+        if (!($node instanceof Node)) {
+            return;
+        }
+
+        $propPatch->handleRemaining(function($changedProps) use ($node) {
+            return $this->updateProperties($node, $changedProps);
+        });
+    }
+
+    /**
+     * This method is called after a node is deleted.
+     *
+     * @param string $path path of node for which to delete properties
+     */
+    public function delete($path) {
+        $statement = $this->connection->prepare(
+            'DELETE FROM `*PREFIX*properties` WHERE `userid` = ? AND `propertypath` = ?'
+        );
+        $statement->execute(array($this->user, '/' . $path));
+        $statement->closeCursor();
+
+        unset($this->cache[$path]);
+    }
+
+    /**
+     * This method is called after a successful MOVE
+     *
+     * @param string $source
+     * @param string $destination
+     *
+     * @return void
+     */
+    public function move($source, $destination) {
+        $statement = $this->connection->prepare(
+            'UPDATE `*PREFIX*properties` SET `propertypath` = ?' .
+            ' WHERE `userid` = ? AND `propertypath` = ?'
+        );
+        $statement->execute(array('/' . $destination, $this->user, '/' . $source));
+        $statement->closeCursor();
+    }
+
+    /**
+     * Returns a list of properties for this nodes.;
+     * @param Node $node
+     * @param array $requestedProperties requested properties or empty array for "all"
+     * @return array
+     * @note The properties list is a list of propertynames the client
+     * requested, encoded as xmlnamespace#tagName, for example:
+     * http://www.example.org/namespace#author If the array is empty, all
+     * properties should be returned
+     */
+    private function getProperties(Node $node, array $requestedProperties) {
+        $path = $node->getPath();
+        if (isset($this->cache[$path])) {
+            return $this->cache[$path];
+        }
+
+        // TODO: chunking if more than 1000 properties
+        $sql = 'SELECT * FROM `*PREFIX*properties` WHERE `userid` = ? AND `propertypath` = ?';
+
+        $whereValues = array($this->user, $path);
+        $whereTypes = array(null, null);
+
+        if (!empty($requestedProperties)) {
+            // request only a subset
+            $sql .= ' AND `propertyname` in (?)';
+            $whereValues[] = $requestedProperties;
+            $whereTypes[] = \Doctrine\DBAL\Connection::PARAM_STR_ARRAY;
+        }
+
+        $result = $this->connection->executeQuery(
+            $sql,
+            $whereValues,
+            $whereTypes
+        );
+
+        $props = [];
+        while ($row = $result->fetch()) {
+            $props[$row['propertyname']] = $row['propertyvalue'];
+        }
+
+        $result->closeCursor();
+
+        $this->cache[$path] = $props;
+        return $props;
+    }
+
+    /**
+     * Update properties
+     *
+     * @param Node $node node for which to update properties
+     * @param array $properties array of properties to update
+     *
+     * @return bool
+     */
+    private function updateProperties($node, $properties) {
+        $path = $node->getPath();
+
+        $deleteStatement = 'DELETE FROM `*PREFIX*properties`' .
+            ' WHERE `userid` = ? AND `propertypath` = ? AND `propertyname` = ?';
+
+        $insertStatement = 'INSERT INTO `*PREFIX*properties`' .
+            ' (`userid`,`propertypath`,`propertyname`,`propertyvalue`) VALUES(?,?,?,?)';
+
+        $updateStatement = 'UPDATE `*PREFIX*properties` SET `propertyvalue` = ?' .
+            ' WHERE `userid` = ? AND `propertypath` = ? AND `propertyname` = ?';
+
+        // TODO: use "insert or update" strategy ?
+        $existing = $this->getProperties($node, array());
+        $this->connection->beginTransaction();
+        foreach ($properties as $propertyName => $propertyValue) {
+            // If it was null, we need to delete the property
+            if (is_null($propertyValue)) {
+                if (array_key_exists($propertyName, $existing)) {
+                    $this->connection->executeUpdate($deleteStatement,
+                        array(
+                            $this->user,
+                            $path,
+                            $propertyName
+                        )
+                    );
+                }
+            } else {
+                if (!array_key_exists($propertyName, $existing)) {
+                    $this->connection->executeUpdate($insertStatement,
+                        array(
+                            $this->user,
+                            $path,
+                            $propertyName,
+                            $propertyValue
+                        )
+                    );
+                } else {
+                    $this->connection->executeUpdate($updateStatement,
+                        array(
+                            $propertyValue,
+                            $this->user,
+                            $path,
+                            $propertyName
+                        )
+                    );
+                }
+            }
+        }
+
+        $this->connection->commit();
+        unset($this->cache[$path]);
+
+        return true;
+    }
+
+    /**
+     * Bulk load properties for directory children
+     *
+     * @param Directory $node
+     * @param array $requestedProperties requested properties
+     *
+     * @return void
+     */
+    private function loadChildrenProperties(Directory $node, $requestedProperties) {
+        $path = $node->getPath();
+        if (isset($this->cache[$path])) {
+            // we already loaded them at some point
+            return;
+        }
+
+        $childNodes = $node->getChildren();
+        // pre-fill cache
+        foreach ($childNodes as $childNode) {
+            $this->cache[$childNode->getPath()] = [];
+        }
+
+        $sql = 'SELECT * FROM `*PREFIX*properties` WHERE `userid` = ? AND `propertypath` LIKE ?';
+        $sql .= ' AND `propertyname` in (?) ORDER BY `propertypath`, `propertyname`';
+
+        $result = $this->connection->executeQuery(
+            $sql,
+            array($this->user, $this->connection->escapeLikeParameter(rtrim($path, '/')) . '/%', $requestedProperties),
+            array(null, null, \Doctrine\DBAL\Connection::PARAM_STR_ARRAY)
+        );
+
+        $oldPath = null;
+        $props = [];
+        while ($row = $result->fetch()) {
+            $path = $row['propertypath'];
+            if ($oldPath !== $path) {
+                // save previously gathered props
+                $this->cache[$oldPath] = $props;
+                $oldPath = $path;
+                // prepare props for next path
+                $props = [];
+            }
+            $props[$row['propertyname']] = $row['propertyvalue'];
+        }
+        if (!is_null($oldPath)) {
+            // save props from last run
+            $this->cache[$oldPath] = $props;
+        }
+
+        $result->closeCursor();
+    }
 
 }

apps/dav/lib/Connector/Sabre/File.php

Doc Comments +3 added lines

@@ -232,6 +232,9 @@
 		return '"' . $this->info->getEtag() . '"';
 	}
 
+	/**
+	 * @param string $path
+	 */
 	private function getPartFileBasePath($path) {
 		$partFileInStorage = \OC::$server->getConfig()->getSystemValue('part_file_in_storage', true);
 		if ($partFileInStorage) {

Indentation +516 added lines, -516 removed lines

@@ -58,521 +58,521 @@
 
 class File extends Node implements IFile {
 
-	/**
-	 * Updates the data
-	 *
-	 * The data argument is a readable stream resource.
-	 *
-	 * After a successful put operation, you may choose to return an ETag. The
-	 * etag must always be surrounded by double-quotes. These quotes must
-	 * appear in the actual string you're returning.
-	 *
-	 * Clients may use the ETag from a PUT request to later on make sure that
-	 * when they update the file, the contents haven't changed in the mean
-	 * time.
-	 *
-	 * If you don't plan to store the file byte-by-byte, and you return a
-	 * different object on a subsequent GET you are strongly recommended to not
-	 * return an ETag, and just return null.
-	 *
-	 * @param resource $data
-	 *
-	 * @throws Forbidden
-	 * @throws UnsupportedMediaType
-	 * @throws BadRequest
-	 * @throws Exception
-	 * @throws EntityTooLarge
-	 * @throws ServiceUnavailable
-	 * @throws FileLocked
-	 * @return string|null
-	 */
-	public function put($data) {
-		try {
-			$exists = $this->fileView->file_exists($this->path);
-			if ($this->info && $exists && !$this->info->isUpdateable()) {
-				throw new Forbidden();
-			}
-		} catch (StorageNotAvailableException $e) {
-			throw new ServiceUnavailable("File is not updatable: " . $e->getMessage());
-		}
-
-		// verify path of the target
-		$this->verifyPath();
-
-		// chunked handling
-		if (isset($_SERVER['HTTP_OC_CHUNKED'])) {
-			try {
-				return $this->createFileChunked($data);
-			} catch (\Exception $e) {
-				$this->convertToSabreException($e);
-			}
-		}
-
-		list($partStorage) = $this->fileView->resolvePath($this->path);
-		$needsPartFile = $this->needsPartFile($partStorage) && (strlen($this->path) > 1);
-
-		if ($needsPartFile) {
-			// mark file as partial while uploading (ignored by the scanner)
-			$partFilePath = $this->getPartFileBasePath($this->path) . '.ocTransferId' . rand() . '.part';
-		} else {
-			// upload file directly as the final path
-			$partFilePath = $this->path;
-		}
-
-		// the part file and target file might be on a different storage in case of a single file storage (e.g. single file share)
-		/** @var \OC\Files\Storage\Storage $partStorage */
-		list($partStorage, $internalPartPath) = $this->fileView->resolvePath($partFilePath);
-		/** @var \OC\Files\Storage\Storage $storage */
-		list($storage, $internalPath) = $this->fileView->resolvePath($this->path);
-		try {
-			$target = $partStorage->fopen($internalPartPath, 'wb');
-			if ($target === false) {
-				\OCP\Util::writeLog('webdav', '\OC\Files\Filesystem::fopen() failed', \OCP\Util::ERROR);
-				// because we have no clue about the cause we can only throw back a 500/Internal Server Error
-				throw new Exception('Could not write file contents');
-			}
-			list($count, $result) = \OC_Helper::streamCopy($data, $target);
-			fclose($target);
-
-			if ($result === false) {
-				$expected = -1;
-				if (isset($_SERVER['CONTENT_LENGTH'])) {
-					$expected = $_SERVER['CONTENT_LENGTH'];
-				}
-				throw new Exception('Error while copying file to target location (copied bytes: ' . $count . ', expected filesize: ' . $expected . ' )');
-			}
-
-			// if content length is sent by client:
-			// double check if the file was fully received
-			// compare expected and actual size
-			if (isset($_SERVER['CONTENT_LENGTH']) && $_SERVER['REQUEST_METHOD'] === 'PUT') {
-				$expected = (int) $_SERVER['CONTENT_LENGTH'];
-				if ($count !== $expected) {
-					throw new BadRequest('expected filesize ' . $expected . ' got ' . $count);
-				}
-			}
-
-		} catch (\Exception $e) {
-			if ($needsPartFile) {
-				$partStorage->unlink($internalPartPath);
-			}
-			$this->convertToSabreException($e);
-		}
-
-		try {
-			$view = \OC\Files\Filesystem::getView();
-			if ($view) {
-				$run = $this->emitPreHooks($exists);
-			} else {
-				$run = true;
-			}
-
-			try {
-				$this->changeLock(ILockingProvider::LOCK_EXCLUSIVE);
-			} catch (LockedException $e) {
-				if ($needsPartFile) {
-					$partStorage->unlink($internalPartPath);
-				}
-				throw new FileLocked($e->getMessage(), $e->getCode(), $e);
-			}
-
-			if ($needsPartFile) {
-				// rename to correct path
-				try {
-					if ($run) {
-						$renameOkay = $storage->moveFromStorage($partStorage, $internalPartPath, $internalPath);
-						$fileExists = $storage->file_exists($internalPath);
-					}
-					if (!$run || $renameOkay === false || $fileExists === false) {
-						\OCP\Util::writeLog('webdav', 'renaming part file to final file failed ($run: ' . ( $run ? 'true' : 'false' ) . ', $renameOkay: '  . ( $renameOkay ? 'true' : 'false' ) . ', $fileExists: ' . ( $fileExists ? 'true' : 'false' ) . ')', \OCP\Util::ERROR);
-						throw new Exception('Could not rename part file to final file');
-					}
-				} catch (ForbiddenException $ex) {
-					throw new DAVForbiddenException($ex->getMessage(), $ex->getRetry());
-				} catch (\Exception $e) {
-					$partStorage->unlink($internalPartPath);
-					$this->convertToSabreException($e);
-				}
-			}
-
-			// since we skipped the view we need to scan and emit the hooks ourselves
-			$storage->getUpdater()->update($internalPath);
-
-			try {
-				$this->changeLock(ILockingProvider::LOCK_SHARED);
-			} catch (LockedException $e) {
-				throw new FileLocked($e->getMessage(), $e->getCode(), $e);
-			}
-
-			// allow sync clients to send the mtime along in a header
-			$request = \OC::$server->getRequest();
-			if (isset($request->server['HTTP_X_OC_MTIME'])) {
-				$mtimeStr = $request->server['HTTP_X_OC_MTIME'];
-				if (!is_numeric($mtimeStr)) {
-					throw new \InvalidArgumentException('X-OC-Mtime header must be an integer (unix timestamp).');
-				}
-				$mtime = intval($mtimeStr);
-				if ($this->fileView->touch($this->path, $mtime)) {
-					header('X-OC-MTime: accepted');
-				}
-			}
+    /**
+     * Updates the data
+     *
+     * The data argument is a readable stream resource.
+     *
+     * After a successful put operation, you may choose to return an ETag. The
+     * etag must always be surrounded by double-quotes. These quotes must
+     * appear in the actual string you're returning.
+     *
+     * Clients may use the ETag from a PUT request to later on make sure that
+     * when they update the file, the contents haven't changed in the mean
+     * time.
+     *
+     * If you don't plan to store the file byte-by-byte, and you return a
+     * different object on a subsequent GET you are strongly recommended to not
+     * return an ETag, and just return null.
+     *
+     * @param resource $data
+     *
+     * @throws Forbidden
+     * @throws UnsupportedMediaType
+     * @throws BadRequest
+     * @throws Exception
+     * @throws EntityTooLarge
+     * @throws ServiceUnavailable
+     * @throws FileLocked
+     * @return string|null
+     */
+    public function put($data) {
+        try {
+            $exists = $this->fileView->file_exists($this->path);
+            if ($this->info && $exists && !$this->info->isUpdateable()) {
+                throw new Forbidden();
+            }
+        } catch (StorageNotAvailableException $e) {
+            throw new ServiceUnavailable("File is not updatable: " . $e->getMessage());
+        }
+
+        // verify path of the target
+        $this->verifyPath();
+
+        // chunked handling
+        if (isset($_SERVER['HTTP_OC_CHUNKED'])) {
+            try {
+                return $this->createFileChunked($data);
+            } catch (\Exception $e) {
+                $this->convertToSabreException($e);
+            }
+        }
+
+        list($partStorage) = $this->fileView->resolvePath($this->path);
+        $needsPartFile = $this->needsPartFile($partStorage) && (strlen($this->path) > 1);
+
+        if ($needsPartFile) {
+            // mark file as partial while uploading (ignored by the scanner)
+            $partFilePath = $this->getPartFileBasePath($this->path) . '.ocTransferId' . rand() . '.part';
+        } else {
+            // upload file directly as the final path
+            $partFilePath = $this->path;
+        }
+
+        // the part file and target file might be on a different storage in case of a single file storage (e.g. single file share)
+        /** @var \OC\Files\Storage\Storage $partStorage */
+        list($partStorage, $internalPartPath) = $this->fileView->resolvePath($partFilePath);
+        /** @var \OC\Files\Storage\Storage $storage */
+        list($storage, $internalPath) = $this->fileView->resolvePath($this->path);
+        try {
+            $target = $partStorage->fopen($internalPartPath, 'wb');
+            if ($target === false) {
+                \OCP\Util::writeLog('webdav', '\OC\Files\Filesystem::fopen() failed', \OCP\Util::ERROR);
+                // because we have no clue about the cause we can only throw back a 500/Internal Server Error
+                throw new Exception('Could not write file contents');
+            }
+            list($count, $result) = \OC_Helper::streamCopy($data, $target);
+            fclose($target);
+
+            if ($result === false) {
+                $expected = -1;
+                if (isset($_SERVER['CONTENT_LENGTH'])) {
+                    $expected = $_SERVER['CONTENT_LENGTH'];
+                }
+                throw new Exception('Error while copying file to target location (copied bytes: ' . $count . ', expected filesize: ' . $expected . ' )');
+            }
+
+            // if content length is sent by client:
+            // double check if the file was fully received
+            // compare expected and actual size
+            if (isset($_SERVER['CONTENT_LENGTH']) && $_SERVER['REQUEST_METHOD'] === 'PUT') {
+                $expected = (int) $_SERVER['CONTENT_LENGTH'];
+                if ($count !== $expected) {
+                    throw new BadRequest('expected filesize ' . $expected . ' got ' . $count);
+                }
+            }
+
+        } catch (\Exception $e) {
+            if ($needsPartFile) {
+                $partStorage->unlink($internalPartPath);
+            }
+            $this->convertToSabreException($e);
+        }
+
+        try {
+            $view = \OC\Files\Filesystem::getView();
+            if ($view) {
+                $run = $this->emitPreHooks($exists);
+            } else {
+                $run = true;
+            }
+
+            try {
+                $this->changeLock(ILockingProvider::LOCK_EXCLUSIVE);
+            } catch (LockedException $e) {
+                if ($needsPartFile) {
+                    $partStorage->unlink($internalPartPath);
+                }
+                throw new FileLocked($e->getMessage(), $e->getCode(), $e);
+            }
+
+            if ($needsPartFile) {
+                // rename to correct path
+                try {
+                    if ($run) {
+                        $renameOkay = $storage->moveFromStorage($partStorage, $internalPartPath, $internalPath);
+                        $fileExists = $storage->file_exists($internalPath);
+                    }
+                    if (!$run || $renameOkay === false || $fileExists === false) {
+                        \OCP\Util::writeLog('webdav', 'renaming part file to final file failed ($run: ' . ( $run ? 'true' : 'false' ) . ', $renameOkay: '  . ( $renameOkay ? 'true' : 'false' ) . ', $fileExists: ' . ( $fileExists ? 'true' : 'false' ) . ')', \OCP\Util::ERROR);
+                        throw new Exception('Could not rename part file to final file');
+                    }
+                } catch (ForbiddenException $ex) {
+                    throw new DAVForbiddenException($ex->getMessage(), $ex->getRetry());
+                } catch (\Exception $e) {
+                    $partStorage->unlink($internalPartPath);
+                    $this->convertToSabreException($e);
+                }
+            }
+
+            // since we skipped the view we need to scan and emit the hooks ourselves
+            $storage->getUpdater()->update($internalPath);
+
+            try {
+                $this->changeLock(ILockingProvider::LOCK_SHARED);
+            } catch (LockedException $e) {
+                throw new FileLocked($e->getMessage(), $e->getCode(), $e);
+            }
+
+            // allow sync clients to send the mtime along in a header
+            $request = \OC::$server->getRequest();
+            if (isset($request->server['HTTP_X_OC_MTIME'])) {
+                $mtimeStr = $request->server['HTTP_X_OC_MTIME'];
+                if (!is_numeric($mtimeStr)) {
+                    throw new \InvalidArgumentException('X-OC-Mtime header must be an integer (unix timestamp).');
+                }
+                $mtime = intval($mtimeStr);
+                if ($this->fileView->touch($this->path, $mtime)) {
+                    header('X-OC-MTime: accepted');
+                }
+            }
 					
-			if ($view) {
-				$this->emitPostHooks($exists);
-			}
-
-			$this->refreshInfo();
-
-			if (isset($request->server['HTTP_OC_CHECKSUM'])) {
-				$checksum = trim($request->server['HTTP_OC_CHECKSUM']);
-				$this->fileView->putFileInfo($this->path, ['checksum' => $checksum]);
-				$this->refreshInfo();
-			} else if ($this->getChecksum() !== null && $this->getChecksum() !== '') {
-				$this->fileView->putFileInfo($this->path, ['checksum' => '']);
-				$this->refreshInfo();
-			}
-
-		} catch (StorageNotAvailableException $e) {
-			throw new ServiceUnavailable("Failed to check file size: " . $e->getMessage());
-		}
-
-		return '"' . $this->info->getEtag() . '"';
-	}
-
-	private function getPartFileBasePath($path) {
-		$partFileInStorage = \OC::$server->getConfig()->getSystemValue('part_file_in_storage', true);
-		if ($partFileInStorage) {
-			return $path;
-		} else {
-			return md5($path); // will place it in the root of the view with a unique name
-		}
-	}
-
-	/**
-	 * @param string $path
-	 */
-	private function emitPreHooks($exists, $path = null) {
-		if (is_null($path)) {
-			$path = $this->path;
-		}
-		$hookPath = Filesystem::getView()->getRelativePath($this->fileView->getAbsolutePath($path));
-		$run = true;
-
-		if (!$exists) {
-			\OC_Hook::emit(\OC\Files\Filesystem::CLASSNAME, \OC\Files\Filesystem::signal_create, array(
-				\OC\Files\Filesystem::signal_param_path => $hookPath,
-				\OC\Files\Filesystem::signal_param_run => &$run,
-			));
-		} else {
-			\OC_Hook::emit(\OC\Files\Filesystem::CLASSNAME, \OC\Files\Filesystem::signal_update, array(
-				\OC\Files\Filesystem::signal_param_path => $hookPath,
-				\OC\Files\Filesystem::signal_param_run => &$run,
-			));
-		}
-		\OC_Hook::emit(\OC\Files\Filesystem::CLASSNAME, \OC\Files\Filesystem::signal_write, array(
-			\OC\Files\Filesystem::signal_param_path => $hookPath,
-			\OC\Files\Filesystem::signal_param_run => &$run,
-		));
-		return $run;
-	}
-
-	/**
-	 * @param string $path
-	 */
-	private function emitPostHooks($exists, $path = null) {
-		if (is_null($path)) {
-			$path = $this->path;
-		}
-		$hookPath = Filesystem::getView()->getRelativePath($this->fileView->getAbsolutePath($path));
-		if (!$exists) {
-			\OC_Hook::emit(\OC\Files\Filesystem::CLASSNAME, \OC\Files\Filesystem::signal_post_create, array(
-				\OC\Files\Filesystem::signal_param_path => $hookPath
-			));
-		} else {
-			\OC_Hook::emit(\OC\Files\Filesystem::CLASSNAME, \OC\Files\Filesystem::signal_post_update, array(
-				\OC\Files\Filesystem::signal_param_path => $hookPath
-			));
-		}
-		\OC_Hook::emit(\OC\Files\Filesystem::CLASSNAME, \OC\Files\Filesystem::signal_post_write, array(
-			\OC\Files\Filesystem::signal_param_path => $hookPath
-		));
-	}
-
-	/**
-	 * Returns the data
-	 *
-	 * @return resource
-	 * @throws Forbidden
-	 * @throws ServiceUnavailable
-	 */
-	public function get() {
-		//throw exception if encryption is disabled but files are still encrypted
-		try {
-			if (!$this->info->isReadable()) {
-				// do a if the file did not exist
-				throw new NotFound();
-			}
-			$res = $this->fileView->fopen(ltrim($this->path, '/'), 'rb');
-			if ($res === false) {
-				throw new ServiceUnavailable("Could not open file");
-			}
-			return $res;
-		} catch (GenericEncryptionException $e) {
-			// returning 503 will allow retry of the operation at a later point in time
-			throw new ServiceUnavailable("Encryption not ready: " . $e->getMessage());
-		} catch (StorageNotAvailableException $e) {
-			throw new ServiceUnavailable("Failed to open file: " . $e->getMessage());
-		} catch (ForbiddenException $ex) {
-			throw new DAVForbiddenException($ex->getMessage(), $ex->getRetry());
-		} catch (LockedException $e) {
-			throw new FileLocked($e->getMessage(), $e->getCode(), $e);
-		}
-	}
-
-	/**
-	 * Delete the current file
-	 *
-	 * @throws Forbidden
-	 * @throws ServiceUnavailable
-	 */
-	public function delete() {
-		if (!$this->info->isDeletable()) {
-			throw new Forbidden();
-		}
-
-		try {
-			if (!$this->fileView->unlink($this->path)) {
-				// assume it wasn't possible to delete due to permissions
-				throw new Forbidden();
-			}
-		} catch (StorageNotAvailableException $e) {
-			throw new ServiceUnavailable("Failed to unlink: " . $e->getMessage());
-		} catch (ForbiddenException $ex) {
-			throw new DAVForbiddenException($ex->getMessage(), $ex->getRetry());
-		} catch (LockedException $e) {
-			throw new FileLocked($e->getMessage(), $e->getCode(), $e);
-		}
-	}
-
-	/**
-	 * Returns the mime-type for a file
-	 *
-	 * If null is returned, we'll assume application/octet-stream
-	 *
-	 * @return string
-	 */
-	public function getContentType() {
-		$mimeType = $this->info->getMimetype();
-
-		// PROPFIND needs to return the correct mime type, for consistency with the web UI
-		if (isset($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] === 'PROPFIND') {
-			return $mimeType;
-		}
-		return \OC::$server->getMimeTypeDetector()->getSecureMimeType($mimeType);
-	}
-
-	/**
-	 * @return array|false
-	 */
-	public function getDirectDownload() {
-		if (\OCP\App::isEnabled('encryption')) {
-			return [];
-		}
-		/** @var \OCP\Files\Storage $storage */
-		list($storage, $internalPath) = $this->fileView->resolvePath($this->path);
-		if (is_null($storage)) {
-			return [];
-		}
-
-		return $storage->getDirectDownload($internalPath);
-	}
-
-	/**
-	 * @param resource $data
-	 * @return null|string
-	 * @throws Exception
-	 * @throws BadRequest
-	 * @throws NotImplemented
-	 * @throws ServiceUnavailable
-	 */
-	private function createFileChunked($data) {
-		list($path, $name) = \Sabre\Uri\split($this->path);
-
-		$info = \OC_FileChunking::decodeName($name);
-		if (empty($info)) {
-			throw new NotImplemented('Invalid chunk name');
-		}
-
-		$chunk_handler = new \OC_FileChunking($info);
-		$bytesWritten = $chunk_handler->store($info['index'], $data);
-
-		//detect aborted upload
-		if (isset ($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] === 'PUT') {
-			if (isset($_SERVER['CONTENT_LENGTH'])) {
-				$expected = (int) $_SERVER['CONTENT_LENGTH'];
-				if ($bytesWritten !== $expected) {
-					$chunk_handler->remove($info['index']);
-					throw new BadRequest(
-						'expected filesize ' . $expected . ' got ' . $bytesWritten);
-				}
-			}
-		}
-
-		if ($chunk_handler->isComplete()) {
-			list($storage,) = $this->fileView->resolvePath($path);
-			$needsPartFile = $this->needsPartFile($storage);
-			$partFile = null;
-
-			$targetPath = $path . '/' . $info['name'];
-			/** @var \OC\Files\Storage\Storage $targetStorage */
-			list($targetStorage, $targetInternalPath) = $this->fileView->resolvePath($targetPath);
-
-			$exists = $this->fileView->file_exists($targetPath);
-
-			try {
-				$this->fileView->lockFile($targetPath, ILockingProvider::LOCK_SHARED);
-
-				$this->emitPreHooks($exists, $targetPath);
-				$this->fileView->changeLock($targetPath, ILockingProvider::LOCK_EXCLUSIVE);
-				/** @var \OC\Files\Storage\Storage $targetStorage */
-				list($targetStorage, $targetInternalPath) = $this->fileView->resolvePath($targetPath);
-
-				if ($needsPartFile) {
-					// we first assembly the target file as a part file
-					$partFile = $this->getPartFileBasePath($path . '/' . $info['name']) . '.ocTransferId' . $info['transferid'] . '.part';
-					/** @var \OC\Files\Storage\Storage $targetStorage */
-					list($partStorage, $partInternalPath) = $this->fileView->resolvePath($partFile);
-
-
-					$chunk_handler->file_assemble($partStorage, $partInternalPath);
-
-					// here is the final atomic rename
-					$renameOkay = $targetStorage->moveFromStorage($partStorage, $partInternalPath, $targetInternalPath);
-					$fileExists = $targetStorage->file_exists($targetInternalPath);
-					if ($renameOkay === false || $fileExists === false) {
-						\OCP\Util::writeLog('webdav', '\OC\Files\Filesystem::rename() failed', \OCP\Util::ERROR);
-						// only delete if an error occurred and the target file was already created
-						if ($fileExists) {
-							// set to null to avoid double-deletion when handling exception
-							// stray part file
-							$partFile = null;
-							$targetStorage->unlink($targetInternalPath);
-						}
-						$this->fileView->changeLock($targetPath, ILockingProvider::LOCK_SHARED);
-						throw new Exception('Could not rename part file assembled from chunks');
-					}
-				} else {
-					// assemble directly into the final file
-					$chunk_handler->file_assemble($targetStorage, $targetInternalPath);
-				}
-
-				// allow sync clients to send the mtime along in a header
-				$request = \OC::$server->getRequest();
-				if (isset($request->server['HTTP_X_OC_MTIME'])) {
-					if ($targetStorage->touch($targetInternalPath, $request->server['HTTP_X_OC_MTIME'])) {
-						header('X-OC-MTime: accepted');
-					}
-				}
-
-				// since we skipped the view we need to scan and emit the hooks ourselves
-				$targetStorage->getUpdater()->update($targetInternalPath);
-
-				$this->fileView->changeLock($targetPath, ILockingProvider::LOCK_SHARED);
-
-				$this->emitPostHooks($exists, $targetPath);
-
-				// FIXME: should call refreshInfo but can't because $this->path is not the of the final file
-				$info = $this->fileView->getFileInfo($targetPath);
-
-				if (isset($request->server['HTTP_OC_CHECKSUM'])) {
-					$checksum = trim($request->server['HTTP_OC_CHECKSUM']);
-					$this->fileView->putFileInfo($targetPath, ['checksum' => $checksum]);
-				} else if ($info->getChecksum() !== null && $info->getChecksum() !== '') {
-					$this->fileView->putFileInfo($this->path, ['checksum' => '']);
-				}
-
-				$this->fileView->unlockFile($targetPath, ILockingProvider::LOCK_SHARED);
-
-				return $info->getEtag();
-			} catch (\Exception $e) {
-				if ($partFile !== null) {
-					$targetStorage->unlink($targetInternalPath);
-				}
-				$this->convertToSabreException($e);
-			}
-		}
-
-		return null;
-	}
-
-	/**
-	 * Returns whether a part file is needed for the given storage
-	 * or whether the file can be assembled/uploaded directly on the
-	 * target storage.
-	 *
-	 * @param \OCP\Files\Storage $storage
-	 * @return bool true if the storage needs part file handling
-	 */
-	private function needsPartFile($storage) {
-		// TODO: in the future use ChunkHandler provided by storage
-		return !$storage->instanceOfStorage('OCA\Files_Sharing\External\Storage') &&
-			!$storage->instanceOfStorage('OC\Files\Storage\OwnCloud') &&
-			$storage->needsPartFile();
-	}
-
-	/**
-	 * Convert the given exception to a SabreException instance
-	 *
-	 * @param \Exception $e
-	 *
-	 * @throws \Sabre\DAV\Exception
-	 */
-	private function convertToSabreException(\Exception $e) {
-		if ($e instanceof \Sabre\DAV\Exception) {
-			throw $e;
-		}
-		if ($e instanceof NotPermittedException) {
-			// a more general case - due to whatever reason the content could not be written
-			throw new Forbidden($e->getMessage(), 0, $e);
-		}
-		if ($e instanceof ForbiddenException) {
-			// the path for the file was forbidden
-			throw new DAVForbiddenException($e->getMessage(), $e->getRetry(), $e);
-		}
-		if ($e instanceof EntityTooLargeException) {
-			// the file is too big to be stored
-			throw new EntityTooLarge($e->getMessage(), 0, $e);
-		}
-		if ($e instanceof InvalidContentException) {
-			// the file content is not permitted
-			throw new UnsupportedMediaType($e->getMessage(), 0, $e);
-		}
-		if ($e instanceof InvalidPathException) {
-			// the path for the file was not valid
-			// TODO: find proper http status code for this case
-			throw new Forbidden($e->getMessage(), 0, $e);
-		}
-		if ($e instanceof LockedException || $e instanceof LockNotAcquiredException) {
-			// the file is currently being written to by another process
-			throw new FileLocked($e->getMessage(), $e->getCode(), $e);
-		}
-		if ($e instanceof GenericEncryptionException) {
-			// returning 503 will allow retry of the operation at a later point in time
-			throw new ServiceUnavailable('Encryption not ready: ' . $e->getMessage(), 0, $e);
-		}
-		if ($e instanceof StorageNotAvailableException) {
-			throw new ServiceUnavailable('Failed to write file contents: ' . $e->getMessage(), 0, $e);
-		}
-
-		throw new \Sabre\DAV\Exception($e->getMessage(), 0, $e);
-	}
-
-	/**
-	 * Get the checksum for this file
-	 *
-	 * @return string
-	 */
-	public function getChecksum() {
-		return $this->info->getChecksum();
-	}
+            if ($view) {
+                $this->emitPostHooks($exists);
+            }
+
+            $this->refreshInfo();
+
+            if (isset($request->server['HTTP_OC_CHECKSUM'])) {
+                $checksum = trim($request->server['HTTP_OC_CHECKSUM']);
+                $this->fileView->putFileInfo($this->path, ['checksum' => $checksum]);
+                $this->refreshInfo();
+            } else if ($this->getChecksum() !== null && $this->getChecksum() !== '') {
+                $this->fileView->putFileInfo($this->path, ['checksum' => '']);
+                $this->refreshInfo();
+            }
+
+        } catch (StorageNotAvailableException $e) {
+            throw new ServiceUnavailable("Failed to check file size: " . $e->getMessage());
+        }
+
+        return '"' . $this->info->getEtag() . '"';
+    }
+
+    private function getPartFileBasePath($path) {
+        $partFileInStorage = \OC::$server->getConfig()->getSystemValue('part_file_in_storage', true);
+        if ($partFileInStorage) {
+            return $path;
+        } else {
+            return md5($path); // will place it in the root of the view with a unique name
+        }
+    }
+
+    /**
+     * @param string $path
+     */
+    private function emitPreHooks($exists, $path = null) {
+        if (is_null($path)) {
+            $path = $this->path;
+        }
+        $hookPath = Filesystem::getView()->getRelativePath($this->fileView->getAbsolutePath($path));
+        $run = true;
+
+        if (!$exists) {
+            \OC_Hook::emit(\OC\Files\Filesystem::CLASSNAME, \OC\Files\Filesystem::signal_create, array(
+                \OC\Files\Filesystem::signal_param_path => $hookPath,
+                \OC\Files\Filesystem::signal_param_run => &$run,
+            ));
+        } else {
+            \OC_Hook::emit(\OC\Files\Filesystem::CLASSNAME, \OC\Files\Filesystem::signal_update, array(
+                \OC\Files\Filesystem::signal_param_path => $hookPath,
+                \OC\Files\Filesystem::signal_param_run => &$run,
+            ));
+        }
+        \OC_Hook::emit(\OC\Files\Filesystem::CLASSNAME, \OC\Files\Filesystem::signal_write, array(
+            \OC\Files\Filesystem::signal_param_path => $hookPath,
+            \OC\Files\Filesystem::signal_param_run => &$run,
+        ));
+        return $run;
+    }
+
+    /**
+     * @param string $path
+     */
+    private function emitPostHooks($exists, $path = null) {
+        if (is_null($path)) {
+            $path = $this->path;
+        }
+        $hookPath = Filesystem::getView()->getRelativePath($this->fileView->getAbsolutePath($path));
+        if (!$exists) {
+            \OC_Hook::emit(\OC\Files\Filesystem::CLASSNAME, \OC\Files\Filesystem::signal_post_create, array(
+                \OC\Files\Filesystem::signal_param_path => $hookPath
+            ));
+        } else {
+            \OC_Hook::emit(\OC\Files\Filesystem::CLASSNAME, \OC\Files\Filesystem::signal_post_update, array(
+                \OC\Files\Filesystem::signal_param_path => $hookPath
+            ));
+        }
+        \OC_Hook::emit(\OC\Files\Filesystem::CLASSNAME, \OC\Files\Filesystem::signal_post_write, array(
+            \OC\Files\Filesystem::signal_param_path => $hookPath
+        ));
+    }
+
+    /**
+     * Returns the data
+     *
+     * @return resource
+     * @throws Forbidden
+     * @throws ServiceUnavailable
+     */
+    public function get() {
+        //throw exception if encryption is disabled but files are still encrypted
+        try {
+            if (!$this->info->isReadable()) {
+                // do a if the file did not exist
+                throw new NotFound();
+            }
+            $res = $this->fileView->fopen(ltrim($this->path, '/'), 'rb');
+            if ($res === false) {
+                throw new ServiceUnavailable("Could not open file");
+            }
+            return $res;
+        } catch (GenericEncryptionException $e) {
+            // returning 503 will allow retry of the operation at a later point in time
+            throw new ServiceUnavailable("Encryption not ready: " . $e->getMessage());
+        } catch (StorageNotAvailableException $e) {
+            throw new ServiceUnavailable("Failed to open file: " . $e->getMessage());
+        } catch (ForbiddenException $ex) {
+            throw new DAVForbiddenException($ex->getMessage(), $ex->getRetry());
+        } catch (LockedException $e) {
+            throw new FileLocked($e->getMessage(), $e->getCode(), $e);
+        }
+    }
+
+    /**
+     * Delete the current file
+     *
+     * @throws Forbidden
+     * @throws ServiceUnavailable
+     */
+    public function delete() {
+        if (!$this->info->isDeletable()) {
+            throw new Forbidden();
+        }
+
+        try {
+            if (!$this->fileView->unlink($this->path)) {
+                // assume it wasn't possible to delete due to permissions
+                throw new Forbidden();
+            }
+        } catch (StorageNotAvailableException $e) {
+            throw new ServiceUnavailable("Failed to unlink: " . $e->getMessage());
+        } catch (ForbiddenException $ex) {
+            throw new DAVForbiddenException($ex->getMessage(), $ex->getRetry());
+        } catch (LockedException $e) {
+            throw new FileLocked($e->getMessage(), $e->getCode(), $e);
+        }
+    }
+
+    /**
+     * Returns the mime-type for a file
+     *
+     * If null is returned, we'll assume application/octet-stream
+     *
+     * @return string
+     */
+    public function getContentType() {
+        $mimeType = $this->info->getMimetype();
+
+        // PROPFIND needs to return the correct mime type, for consistency with the web UI
+        if (isset($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] === 'PROPFIND') {
+            return $mimeType;
+        }
+        return \OC::$server->getMimeTypeDetector()->getSecureMimeType($mimeType);
+    }
+
+    /**
+     * @return array|false
+     */
+    public function getDirectDownload() {
+        if (\OCP\App::isEnabled('encryption')) {
+            return [];
+        }
+        /** @var \OCP\Files\Storage $storage */
+        list($storage, $internalPath) = $this->fileView->resolvePath($this->path);
+        if (is_null($storage)) {
+            return [];
+        }
+
+        return $storage->getDirectDownload($internalPath);
+    }
+
+    /**
+     * @param resource $data
+     * @return null|string
+     * @throws Exception
+     * @throws BadRequest
+     * @throws NotImplemented
+     * @throws ServiceUnavailable
+     */
+    private function createFileChunked($data) {
+        list($path, $name) = \Sabre\Uri\split($this->path);
+
+        $info = \OC_FileChunking::decodeName($name);
+        if (empty($info)) {
+            throw new NotImplemented('Invalid chunk name');
+        }
+
+        $chunk_handler = new \OC_FileChunking($info);
+        $bytesWritten = $chunk_handler->store($info['index'], $data);
+
+        //detect aborted upload
+        if (isset ($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] === 'PUT') {
+            if (isset($_SERVER['CONTENT_LENGTH'])) {
+                $expected = (int) $_SERVER['CONTENT_LENGTH'];
+                if ($bytesWritten !== $expected) {
+                    $chunk_handler->remove($info['index']);
+                    throw new BadRequest(
+                        'expected filesize ' . $expected . ' got ' . $bytesWritten);
+                }
+            }
+        }
+
+        if ($chunk_handler->isComplete()) {
+            list($storage,) = $this->fileView->resolvePath($path);
+            $needsPartFile = $this->needsPartFile($storage);
+            $partFile = null;
+
+            $targetPath = $path . '/' . $info['name'];
+            /** @var \OC\Files\Storage\Storage $targetStorage */
+            list($targetStorage, $targetInternalPath) = $this->fileView->resolvePath($targetPath);
+
+            $exists = $this->fileView->file_exists($targetPath);
+
+            try {
+                $this->fileView->lockFile($targetPath, ILockingProvider::LOCK_SHARED);
+
+                $this->emitPreHooks($exists, $targetPath);
+                $this->fileView->changeLock($targetPath, ILockingProvider::LOCK_EXCLUSIVE);
+                /** @var \OC\Files\Storage\Storage $targetStorage */
+                list($targetStorage, $targetInternalPath) = $this->fileView->resolvePath($targetPath);
+
+                if ($needsPartFile) {
+                    // we first assembly the target file as a part file
+                    $partFile = $this->getPartFileBasePath($path . '/' . $info['name']) . '.ocTransferId' . $info['transferid'] . '.part';
+                    /** @var \OC\Files\Storage\Storage $targetStorage */
+                    list($partStorage, $partInternalPath) = $this->fileView->resolvePath($partFile);
+
+
+                    $chunk_handler->file_assemble($partStorage, $partInternalPath);
+
+                    // here is the final atomic rename
+                    $renameOkay = $targetStorage->moveFromStorage($partStorage, $partInternalPath, $targetInternalPath);
+                    $fileExists = $targetStorage->file_exists($targetInternalPath);
+                    if ($renameOkay === false || $fileExists === false) {
+                        \OCP\Util::writeLog('webdav', '\OC\Files\Filesystem::rename() failed', \OCP\Util::ERROR);
+                        // only delete if an error occurred and the target file was already created
+                        if ($fileExists) {
+                            // set to null to avoid double-deletion when handling exception
+                            // stray part file
+                            $partFile = null;
+                            $targetStorage->unlink($targetInternalPath);
+                        }
+                        $this->fileView->changeLock($targetPath, ILockingProvider::LOCK_SHARED);
+                        throw new Exception('Could not rename part file assembled from chunks');
+                    }
+                } else {
+                    // assemble directly into the final file
+                    $chunk_handler->file_assemble($targetStorage, $targetInternalPath);
+                }
+
+                // allow sync clients to send the mtime along in a header
+                $request = \OC::$server->getRequest();
+                if (isset($request->server['HTTP_X_OC_MTIME'])) {
+                    if ($targetStorage->touch($targetInternalPath, $request->server['HTTP_X_OC_MTIME'])) {
+                        header('X-OC-MTime: accepted');
+                    }
+                }
+
+                // since we skipped the view we need to scan and emit the hooks ourselves
+                $targetStorage->getUpdater()->update($targetInternalPath);
+
+                $this->fileView->changeLock($targetPath, ILockingProvider::LOCK_SHARED);
+
+                $this->emitPostHooks($exists, $targetPath);
+
+                // FIXME: should call refreshInfo but can't because $this->path is not the of the final file
+                $info = $this->fileView->getFileInfo($targetPath);
+
+                if (isset($request->server['HTTP_OC_CHECKSUM'])) {
+                    $checksum = trim($request->server['HTTP_OC_CHECKSUM']);
+                    $this->fileView->putFileInfo($targetPath, ['checksum' => $checksum]);
+                } else if ($info->getChecksum() !== null && $info->getChecksum() !== '') {
+                    $this->fileView->putFileInfo($this->path, ['checksum' => '']);
+                }
+
+                $this->fileView->unlockFile($targetPath, ILockingProvider::LOCK_SHARED);
+
+                return $info->getEtag();
+            } catch (\Exception $e) {
+                if ($partFile !== null) {
+                    $targetStorage->unlink($targetInternalPath);
+                }
+                $this->convertToSabreException($e);
+            }
+        }
+
+        return null;
+    }
+
+    /**
+     * Returns whether a part file is needed for the given storage
+     * or whether the file can be assembled/uploaded directly on the
+     * target storage.
+     *
+     * @param \OCP\Files\Storage $storage
+     * @return bool true if the storage needs part file handling
+     */
+    private function needsPartFile($storage) {
+        // TODO: in the future use ChunkHandler provided by storage
+        return !$storage->instanceOfStorage('OCA\Files_Sharing\External\Storage') &&
+            !$storage->instanceOfStorage('OC\Files\Storage\OwnCloud') &&
+            $storage->needsPartFile();
+    }
+
+    /**
+     * Convert the given exception to a SabreException instance
+     *
+     * @param \Exception $e
+     *
+     * @throws \Sabre\DAV\Exception
+     */
+    private function convertToSabreException(\Exception $e) {
+        if ($e instanceof \Sabre\DAV\Exception) {
+            throw $e;
+        }
+        if ($e instanceof NotPermittedException) {
+            // a more general case - due to whatever reason the content could not be written
+            throw new Forbidden($e->getMessage(), 0, $e);
+        }
+        if ($e instanceof ForbiddenException) {
+            // the path for the file was forbidden
+            throw new DAVForbiddenException($e->getMessage(), $e->getRetry(), $e);
+        }
+        if ($e instanceof EntityTooLargeException) {
+            // the file is too big to be stored
+            throw new EntityTooLarge($e->getMessage(), 0, $e);
+        }
+        if ($e instanceof InvalidContentException) {
+            // the file content is not permitted
+            throw new UnsupportedMediaType($e->getMessage(), 0, $e);
+        }
+        if ($e instanceof InvalidPathException) {
+            // the path for the file was not valid
+            // TODO: find proper http status code for this case
+            throw new Forbidden($e->getMessage(), 0, $e);
+        }
+        if ($e instanceof LockedException || $e instanceof LockNotAcquiredException) {
+            // the file is currently being written to by another process
+            throw new FileLocked($e->getMessage(), $e->getCode(), $e);
+        }
+        if ($e instanceof GenericEncryptionException) {
+            // returning 503 will allow retry of the operation at a later point in time
+            throw new ServiceUnavailable('Encryption not ready: ' . $e->getMessage(), 0, $e);
+        }
+        if ($e instanceof StorageNotAvailableException) {
+            throw new ServiceUnavailable('Failed to write file contents: ' . $e->getMessage(), 0, $e);
+        }
+
+        throw new \Sabre\DAV\Exception($e->getMessage(), 0, $e);
+    }
+
+    /**
+     * Get the checksum for this file
+     *
+     * @return string
+     */
+    public function getChecksum() {
+        return $this->info->getChecksum();
+    }
 }

apps/dav/lib/DAV/SystemPrincipalBackend.php

Doc Comments +1 added lines, -1 removed lines

@@ -132,7 +132,7 @@
 	 * Returns the list of members for a group-principal
 	 *
 	 * @param string $principal
-	 * @return array
+	 * @return string[]
 	 */
 	function getGroupMemberSet($principal) {
 		// TODO: for now the group principal has only one member, the user itself

Indentation +161 added lines, -161 removed lines

@@ -27,165 +27,165 @@
 
 class SystemPrincipalBackend extends AbstractBackend {
 
-	/**
-	 * Returns a list of principals based on a prefix.
-	 *
-	 * This prefix will often contain something like 'principals'. You are only
-	 * expected to return principals that are in this base path.
-	 *
-	 * You are expected to return at least a 'uri' for every user, you can
-	 * return any additional properties if you wish so. Common properties are:
-	 *   {DAV:}displayname
-	 *   {http://sabredav.org/ns}email-address - This is a custom SabreDAV
-	 *     field that's actually injected in a number of other properties. If
-	 *     you have an email address, use this property.
-	 *
-	 * @param string $prefixPath
-	 * @return array
-	 */
-	function getPrincipalsByPrefix($prefixPath) {
-		$principals = [];
-
-		if ($prefixPath === 'principals/system') {
-			$principals[] = [
-				'uri' => 'principals/system/system',
-				'{DAV:}displayname' => 'system',
-			];
-			$principals[] = [
-				'uri' => 'principals/system/public',
-				'{DAV:}displayname' => 'public',
-			];
-		}
-
-		return $principals;
-	}
-
-	/**
-	 * Returns a specific principal, specified by it's path.
-	 * The returned structure should be the exact same as from
-	 * getPrincipalsByPrefix.
-	 *
-	 * @param string $path
-	 * @return array
-	 */
-	function getPrincipalByPath($path) {
-
-		if ($path === 'principals/system/system') {
-			$principal = [
-				'uri' => 'principals/system/system',
-				'{DAV:}displayname' => 'system',
-			];
-			return $principal;
-		}
-		if ($path === 'principals/system/public') {
-			$principal = [
-				'uri' => 'principals/system/public',
-				'{DAV:}displayname' => 'public',
-			];
-			return $principal;
-		}
-
-		return null;
-	}
-
-	/**
-	 * Updates one ore more webdav properties on a principal.
-	 *
-	 * The list of mutations is stored in a Sabre\DAV\PropPatch object.
-	 * To do the actual updates, you must tell this object which properties
-	 * you're going to process with the handle() method.
-	 *
-	 * Calling the handle method is like telling the PropPatch object "I
-	 * promise I can handle updating this property".
-	 *
-	 * Read the PropPatch documentation for more info and examples.
-	 *
-	 * @param string $path
-	 * @param \Sabre\DAV\PropPatch $propPatch
-	 * @return void
-	 */
-	function updatePrincipal($path, \Sabre\DAV\PropPatch $propPatch) {
-	}
-
-	/**
-	 * This method is used to search for principals matching a set of
-	 * properties.
-	 *
-	 * This search is specifically used by RFC3744's principal-property-search
-	 * REPORT.
-	 *
-	 * The actual search should be a unicode-non-case-sensitive search. The
-	 * keys in searchProperties are the WebDAV property names, while the values
-	 * are the property values to search on.
-	 *
-	 * By default, if multiple properties are submitted to this method, the
-	 * various properties should be combined with 'AND'. If $test is set to
-	 * 'anyof', it should be combined using 'OR'.
-	 *
-	 * This method should simply return an array with full principal uri's.
-	 *
-	 * If somebody attempted to search on a property the backend does not
-	 * support, you should simply return 0 results.
-	 *
-	 * You can also just return 0 results if you choose to not support
-	 * searching at all, but keep in mind that this may stop certain features
-	 * from working.
-	 *
-	 * @param string $prefixPath
-	 * @param array $searchProperties
-	 * @param string $test
-	 * @return array
-	 */
-	function searchPrincipals($prefixPath, array $searchProperties, $test = 'allof') {
-		return [];
-	}
-
-	/**
-	 * Returns the list of members for a group-principal
-	 *
-	 * @param string $principal
-	 * @return array
-	 */
-	function getGroupMemberSet($principal) {
-		// TODO: for now the group principal has only one member, the user itself
-		$principal = $this->getPrincipalByPath($principal);
-		if (!$principal) {
-			throw new \Sabre\DAV\Exception('Principal not found');
-		}
-
-		return [$principal['uri']];
-	}
-
-	/**
-	 * Returns the list of groups a principal is a member of
-	 *
-	 * @param string $principal
-	 * @return array
-	 */
-	function getGroupMembership($principal) {
-		list($prefix, $name) = \Sabre\Uri\split($principal);
-
-		if ($prefix === 'principals/system') {
-			$principal = $this->getPrincipalByPath($principal);
-			if (!$principal) {
-				throw new \Sabre\DAV\Exception('Principal not found');
-			}
-
-			return [];
-		}
-		return [];
-	}
-
-	/**
-	 * Updates the list of group members for a group principal.
-	 *
-	 * The principals should be passed as a list of uri's.
-	 *
-	 * @param string $principal
-	 * @param array $members
-	 * @return void
-	 */
-	function setGroupMemberSet($principal, array $members) {
-		throw new \Sabre\DAV\Exception('Setting members of the group is not supported yet');
-	}
+    /**
+     * Returns a list of principals based on a prefix.
+     *
+     * This prefix will often contain something like 'principals'. You are only
+     * expected to return principals that are in this base path.
+     *
+     * You are expected to return at least a 'uri' for every user, you can
+     * return any additional properties if you wish so. Common properties are:
+     *   {DAV:}displayname
+     *   {http://sabredav.org/ns}email-address - This is a custom SabreDAV
+     *     field that's actually injected in a number of other properties. If
+     *     you have an email address, use this property.
+     *
+     * @param string $prefixPath
+     * @return array
+     */
+    function getPrincipalsByPrefix($prefixPath) {
+        $principals = [];
+
+        if ($prefixPath === 'principals/system') {
+            $principals[] = [
+                'uri' => 'principals/system/system',
+                '{DAV:}displayname' => 'system',
+            ];
+            $principals[] = [
+                'uri' => 'principals/system/public',
+                '{DAV:}displayname' => 'public',
+            ];
+        }
+
+        return $principals;
+    }
+
+    /**
+     * Returns a specific principal, specified by it's path.
+     * The returned structure should be the exact same as from
+     * getPrincipalsByPrefix.
+     *
+     * @param string $path
+     * @return array
+     */
+    function getPrincipalByPath($path) {
+
+        if ($path === 'principals/system/system') {
+            $principal = [
+                'uri' => 'principals/system/system',
+                '{DAV:}displayname' => 'system',
+            ];
+            return $principal;
+        }
+        if ($path === 'principals/system/public') {
+            $principal = [
+                'uri' => 'principals/system/public',
+                '{DAV:}displayname' => 'public',
+            ];
+            return $principal;
+        }
+
+        return null;
+    }
+
+    /**
+     * Updates one ore more webdav properties on a principal.
+     *
+     * The list of mutations is stored in a Sabre\DAV\PropPatch object.
+     * To do the actual updates, you must tell this object which properties
+     * you're going to process with the handle() method.
+     *
+     * Calling the handle method is like telling the PropPatch object "I
+     * promise I can handle updating this property".
+     *
+     * Read the PropPatch documentation for more info and examples.
+     *
+     * @param string $path
+     * @param \Sabre\DAV\PropPatch $propPatch
+     * @return void
+     */
+    function updatePrincipal($path, \Sabre\DAV\PropPatch $propPatch) {
+    }
+
+    /**
+     * This method is used to search for principals matching a set of
+     * properties.
+     *
+     * This search is specifically used by RFC3744's principal-property-search
+     * REPORT.
+     *
+     * The actual search should be a unicode-non-case-sensitive search. The
+     * keys in searchProperties are the WebDAV property names, while the values
+     * are the property values to search on.
+     *
+     * By default, if multiple properties are submitted to this method, the
+     * various properties should be combined with 'AND'. If $test is set to
+     * 'anyof', it should be combined using 'OR'.
+     *
+     * This method should simply return an array with full principal uri's.
+     *
+     * If somebody attempted to search on a property the backend does not
+     * support, you should simply return 0 results.
+     *
+     * You can also just return 0 results if you choose to not support
+     * searching at all, but keep in mind that this may stop certain features
+     * from working.
+     *
+     * @param string $prefixPath
+     * @param array $searchProperties
+     * @param string $test
+     * @return array
+     */
+    function searchPrincipals($prefixPath, array $searchProperties, $test = 'allof') {
+        return [];
+    }
+
+    /**
+     * Returns the list of members for a group-principal
+     *
+     * @param string $principal
+     * @return array
+     */
+    function getGroupMemberSet($principal) {
+        // TODO: for now the group principal has only one member, the user itself
+        $principal = $this->getPrincipalByPath($principal);
+        if (!$principal) {
+            throw new \Sabre\DAV\Exception('Principal not found');
+        }
+
+        return [$principal['uri']];
+    }
+
+    /**
+     * Returns the list of groups a principal is a member of
+     *
+     * @param string $principal
+     * @return array
+     */
+    function getGroupMembership($principal) {
+        list($prefix, $name) = \Sabre\Uri\split($principal);
+
+        if ($prefix === 'principals/system') {
+            $principal = $this->getPrincipalByPath($principal);
+            if (!$principal) {
+                throw new \Sabre\DAV\Exception('Principal not found');
+            }
+
+            return [];
+        }
+        return [];
+    }
+
+    /**
+     * Updates the list of group members for a group principal.
+     *
+     * The principals should be passed as a list of uri's.
+     *
+     * @param string $principal
+     * @param array $members
+     * @return void
+     */
+    function setGroupMemberSet($principal, array $members) {
+        throw new \Sabre\DAV\Exception('Setting members of the group is not supported yet');
+    }
 }

apps/encryption/lib/Crypto/Encryption.php

Doc Comments +1 added lines, -1 removed lines

@@ -369,7 +369,7 @@
 	 * @param string $path path to the file which should be updated
 	 * @param string $uid of the user who performs the operation
 	 * @param array $accessList who has access to the file contains the key 'users' and 'public'
-	 * @return boolean
+	 * @return null|boolean
 	 */
 	public function update($path, $uid, array $accessList) {
 

Indentation +554 added lines, -554 removed lines

@@ -43,558 +43,558 @@
 
 class Encryption implements IEncryptionModule {
 
-	const ID = 'OC_DEFAULT_MODULE';
-	const DISPLAY_NAME = 'Default encryption module';
-
-	/**
-	 * @var Crypt
-	 */
-	private $crypt;
-
-	/** @var string */
-	private $cipher;
-
-	/** @var string */
-	private $path;
-
-	/** @var string */
-	private $user;
-
-	/** @var  array */
-	private $owner;
-
-	/** @var string */
-	private $fileKey;
-
-	/** @var string */
-	private $writeCache;
-
-	/** @var KeyManager */
-	private $keyManager;
-
-	/** @var array */
-	private $accessList;
-
-	/** @var boolean */
-	private $isWriteOperation;
-
-	/** @var Util */
-	private $util;
-
-	/** @var  Session */
-	private $session;
-
-	/** @var  ILogger */
-	private $logger;
-
-	/** @var IL10N */
-	private $l;
-
-	/** @var EncryptAll */
-	private $encryptAll;
-
-	/** @var  bool */
-	private $useMasterPassword;
-
-	/** @var DecryptAll  */
-	private $decryptAll;
-
-	/** @var int unencrypted block size if block contains signature */
-	private $unencryptedBlockSizeSigned = 6072;
-
-	/** @var int unencrypted block size */
-	private $unencryptedBlockSize = 6126;
-
-	/** @var int Current version of the file */
-	private $version = 0;
-
-	/** @var array remember encryption signature version */
-	private static $rememberVersion = [];
-
-
-	/**
-	 *
-	 * @param Crypt $crypt
-	 * @param KeyManager $keyManager
-	 * @param Util $util
-	 * @param Session $session
-	 * @param EncryptAll $encryptAll
-	 * @param DecryptAll $decryptAll
-	 * @param ILogger $logger
-	 * @param IL10N $il10n
-	 */
-	public function __construct(Crypt $crypt,
-								KeyManager $keyManager,
-								Util $util,
-								Session $session,
-								EncryptAll $encryptAll,
-								DecryptAll $decryptAll,
-								ILogger $logger,
-								IL10N $il10n) {
-		$this->crypt = $crypt;
-		$this->keyManager = $keyManager;
-		$this->util = $util;
-		$this->session = $session;
-		$this->encryptAll = $encryptAll;
-		$this->decryptAll = $decryptAll;
-		$this->logger = $logger;
-		$this->l = $il10n;
-		$this->owner = [];
-		$this->useMasterPassword = $util->isMasterKeyEnabled();
-	}
-
-	/**
-	 * @return string defining the technical unique id
-	 */
-	public function getId() {
-		return self::ID;
-	}
-
-	/**
-	 * In comparison to getKey() this function returns a human readable (maybe translated) name
-	 *
-	 * @return string
-	 */
-	public function getDisplayName() {
-		return self::DISPLAY_NAME;
-	}
-
-	/**
-	 * start receiving chunks from a file. This is the place where you can
-	 * perform some initial step before starting encrypting/decrypting the
-	 * chunks
-	 *
-	 * @param string $path to the file
-	 * @param string $user who read/write the file
-	 * @param string $mode php stream open mode
-	 * @param array $header contains the header data read from the file
-	 * @param array $accessList who has access to the file contains the key 'users' and 'public'
-	 *
-	 * @return array $header contain data as key-value pairs which should be
-	 *                       written to the header, in case of a write operation
-	 *                       or if no additional data is needed return a empty array
-	 */
-	public function begin($path, $user, $mode, array $header, array $accessList) {
-		$this->path = $this->getPathToRealFile($path);
-		$this->accessList = $accessList;
-		$this->user = $user;
-		$this->isWriteOperation = false;
-		$this->writeCache = '';
-
-		if($this->session->isReady() === false) {
-			// if the master key is enabled we can initialize encryption
-			// with a empty password and user name
-			if ($this->util->isMasterKeyEnabled()) {
-				$this->keyManager->init('', '');
-			}
-		}
-
-		if ($this->session->decryptAllModeActivated()) {
-			$encryptedFileKey = $this->keyManager->getEncryptedFileKey($this->path);
-			$shareKey = $this->keyManager->getShareKey($this->path, $this->session->getDecryptAllUid());
-			$this->fileKey = $this->crypt->multiKeyDecrypt($encryptedFileKey,
-				$shareKey,
-				$this->session->getDecryptAllKey());
-		} else {
-			$this->fileKey = $this->keyManager->getFileKey($this->path, $this->user);
-		}
-
-		// always use the version from the original file, also part files
-		// need to have a correct version number if they get moved over to the
-		// final location
-		$this->version = (int)$this->keyManager->getVersion($this->stripPartFileExtension($path), new View());
-
-		if (
-			$mode === 'w'
-			|| $mode === 'w+'
-			|| $mode === 'wb'
-			|| $mode === 'wb+'
-		) {
-			$this->isWriteOperation = true;
-			if (empty($this->fileKey)) {
-				$this->fileKey = $this->crypt->generateFileKey();
-			}
-		} else {
-			// if we read a part file we need to increase the version by 1
-			// because the version number was also increased by writing
-			// the part file
-			if(Scanner::isPartialFile($path)) {
-				$this->version = $this->version + 1;
-			}
-		}
-
-		if ($this->isWriteOperation) {
-			$this->cipher = $this->crypt->getCipher();
-		} elseif (isset($header['cipher'])) {
-			$this->cipher = $header['cipher'];
-		} else {
-			// if we read a file without a header we fall-back to the legacy cipher
-			// which was used in <=oC6
-			$this->cipher = $this->crypt->getLegacyCipher();
-		}
-
-		return array('cipher' => $this->cipher, 'signed' => 'true');
-	}
-
-	/**
-	 * last chunk received. This is the place where you can perform some final
-	 * operation and return some remaining data if something is left in your
-	 * buffer.
-	 *
-	 * @param string $path to the file
-	 * @param int $position
-	 * @return string remained data which should be written to the file in case
-	 *                of a write operation
-	 * @throws PublicKeyMissingException
-	 * @throws \Exception
-	 * @throws \OCA\Encryption\Exceptions\MultiKeyEncryptException
-	 */
-	public function end($path, $position = 0) {
-		$result = '';
-		if ($this->isWriteOperation) {
-			$this->keyManager->setVersion($path, $this->version + 1, new View());
-			// in case of a part file we remember the new signature versions
-			// the version will be set later on update.
-			// This way we make sure that other apps listening to the pre-hooks
-			// still get the old version which should be the correct value for them
-			if (Scanner::isPartialFile($path)) {
-				self::$rememberVersion[$this->stripPartFileExtension($path)] = $this->version + 1;
-			}
-			if (!empty($this->writeCache)) {
-				$result = $this->crypt->symmetricEncryptFileContent($this->writeCache, $this->fileKey, $this->version + 1, $position);
-				$this->writeCache = '';
-			}
-			$publicKeys = array();
-			if ($this->useMasterPassword === true) {
-				$publicKeys[$this->keyManager->getMasterKeyId()] = $this->keyManager->getPublicMasterKey();
-			} else {
-				foreach ($this->accessList['users'] as $uid) {
-					try {
-						$publicKeys[$uid] = $this->keyManager->getPublicKey($uid);
-					} catch (PublicKeyMissingException $e) {
-						$this->logger->warning(
-							'no public key found for user "{uid}", user will not be able to read the file',
-							['app' => 'encryption', 'uid' => $uid]
-						);
-						// if the public key of the owner is missing we should fail
-						if ($uid === $this->user) {
-							throw $e;
-						}
-					}
-				}
-			}
-
-			$publicKeys = $this->keyManager->addSystemKeys($this->accessList, $publicKeys, $this->getOwner($path));
-			$encryptedKeyfiles = $this->crypt->multiKeyEncrypt($this->fileKey, $publicKeys);
-			$this->keyManager->setAllFileKeys($this->path, $encryptedKeyfiles);
-		}
-		return $result;
-	}
-
-
-
-	/**
-	 * encrypt data
-	 *
-	 * @param string $data you want to encrypt
-	 * @param int $position
-	 * @return string encrypted data
-	 */
-	public function encrypt($data, $position = 0) {
-		// If extra data is left over from the last round, make sure it
-		// is integrated into the next block
-		if ($this->writeCache) {
-
-			// Concat writeCache to start of $data
-			$data = $this->writeCache . $data;
-
-			// Clear the write cache, ready for reuse - it has been
-			// flushed and its old contents processed
-			$this->writeCache = '';
-
-		}
-
-		$encrypted = '';
-		// While there still remains some data to be processed & written
-		while (strlen($data) > 0) {
-
-			// Remaining length for this iteration, not of the
-			// entire file (may be greater than 8192 bytes)
-			$remainingLength = strlen($data);
-
-			// If data remaining to be written is less than the
-			// size of 1 6126 byte block
-			if ($remainingLength < $this->unencryptedBlockSizeSigned) {
-
-				// Set writeCache to contents of $data
-				// The writeCache will be carried over to the
-				// next write round, and added to the start of
-				// $data to ensure that written blocks are
-				// always the correct length. If there is still
-				// data in writeCache after the writing round
-				// has finished, then the data will be written
-				// to disk by $this->flush().
-				$this->writeCache = $data;
-
-				// Clear $data ready for next round
-				$data = '';
-
-			} else {
-
-				// Read the chunk from the start of $data
-				$chunk = substr($data, 0, $this->unencryptedBlockSizeSigned);
-
-				$encrypted .= $this->crypt->symmetricEncryptFileContent($chunk, $this->fileKey, $this->version + 1, $position);
-
-				// Remove the chunk we just processed from
-				// $data, leaving only unprocessed data in $data
-				// var, for handling on the next round
-				$data = substr($data, $this->unencryptedBlockSizeSigned);
-
-			}
-
-		}
-
-		return $encrypted;
-	}
-
-	/**
-	 * decrypt data
-	 *
-	 * @param string $data you want to decrypt
-	 * @param int $position
-	 * @return string decrypted data
-	 * @throws DecryptionFailedException
-	 */
-	public function decrypt($data, $position = 0) {
-		if (empty($this->fileKey)) {
-			$msg = 'Can not decrypt this file, probably this is a shared file. Please ask the file owner to reshare the file with you.';
-			$hint = $this->l->t('Can not decrypt this file, probably this is a shared file. Please ask the file owner to reshare the file with you.');
-			$this->logger->error($msg);
-
-			throw new DecryptionFailedException($msg, $hint);
-		}
-
-		return $this->crypt->symmetricDecryptFileContent($data, $this->fileKey, $this->cipher, $this->version, $position);
-	}
-
-	/**
-	 * update encrypted file, e.g. give additional users access to the file
-	 *
-	 * @param string $path path to the file which should be updated
-	 * @param string $uid of the user who performs the operation
-	 * @param array $accessList who has access to the file contains the key 'users' and 'public'
-	 * @return boolean
-	 */
-	public function update($path, $uid, array $accessList) {
-
-		if (empty($accessList)) {
-			if (isset(self::$rememberVersion[$path])) {
-				$this->keyManager->setVersion($path, self::$rememberVersion[$path], new View());
-				unset(self::$rememberVersion[$path]);
-			}
-			return;
-		}
-
-		$fileKey = $this->keyManager->getFileKey($path, $uid);
-
-		if (!empty($fileKey)) {
-
-			$publicKeys = array();
-			if ($this->useMasterPassword === true) {
-				$publicKeys[$this->keyManager->getMasterKeyId()] = $this->keyManager->getPublicMasterKey();
-			} else {
-				foreach ($accessList['users'] as $user) {
-					try {
-						$publicKeys[$user] = $this->keyManager->getPublicKey($user);
-					} catch (PublicKeyMissingException $e) {
-						$this->logger->warning('Could not encrypt file for ' . $user . ': ' . $e->getMessage());
-					}
-				}
-			}
-
-			$publicKeys = $this->keyManager->addSystemKeys($accessList, $publicKeys, $this->getOwner($path));
-
-			$encryptedFileKey = $this->crypt->multiKeyEncrypt($fileKey, $publicKeys);
-
-			$this->keyManager->deleteAllFileKeys($path);
-
-			$this->keyManager->setAllFileKeys($path, $encryptedFileKey);
-
-		} else {
-			$this->logger->debug('no file key found, we assume that the file "{file}" is not encrypted',
-				array('file' => $path, 'app' => 'encryption'));
-
-			return false;
-		}
-
-		return true;
-	}
-
-	/**
-	 * should the file be encrypted or not
-	 *
-	 * @param string $path
-	 * @return boolean
-	 */
-	public function shouldEncrypt($path) {
-		if ($this->util->shouldEncryptHomeStorage() === false) {
-			$storage = $this->util->getStorage($path);
-			if ($storage->instanceOfStorage('\OCP\Files\IHomeStorage')) {
-				return false;
-			}
-		}
-		$parts = explode('/', $path);
-		if (count($parts) < 4) {
-			return false;
-		}
-
-		if ($parts[2] === 'files') {
-			return true;
-		}
-		if ($parts[2] === 'files_versions') {
-			return true;
-		}
-		if ($parts[2] === 'files_trashbin') {
-			return true;
-		}
-
-		return false;
-	}
-
-	/**
-	 * get size of the unencrypted payload per block.
-	 * Nextcloud read/write files with a block size of 8192 byte
-	 *
-	 * @param bool $signed
-	 * @return int
-	 */
-	public function getUnencryptedBlockSize($signed = false) {
-		if ($signed === false) {
-			return $this->unencryptedBlockSize;
-		}
-
-		return $this->unencryptedBlockSizeSigned;
-	}
-
-	/**
-	 * check if the encryption module is able to read the file,
-	 * e.g. if all encryption keys exists
-	 *
-	 * @param string $path
-	 * @param string $uid user for whom we want to check if he can read the file
-	 * @return bool
-	 * @throws DecryptionFailedException
-	 */
-	public function isReadable($path, $uid) {
-		$fileKey = $this->keyManager->getFileKey($path, $uid);
-		if (empty($fileKey)) {
-			$owner = $this->util->getOwner($path);
-			if ($owner !== $uid) {
-				// if it is a shared file we throw a exception with a useful
-				// error message because in this case it means that the file was
-				// shared with the user at a point where the user didn't had a
-				// valid private/public key
-				$msg = 'Encryption module "' . $this->getDisplayName() .
-					'" is not able to read ' . $path;
-				$hint = $this->l->t('Can not read this file, probably this is a shared file. Please ask the file owner to reshare the file with you.');
-				$this->logger->warning($msg);
-				throw new DecryptionFailedException($msg, $hint);
-			}
-			return false;
-		}
-
-		return true;
-	}
-
-	/**
-	 * Initial encryption of all files
-	 *
-	 * @param InputInterface $input
-	 * @param OutputInterface $output write some status information to the terminal during encryption
-	 */
-	public function encryptAll(InputInterface $input, OutputInterface $output) {
-		$this->encryptAll->encryptAll($input, $output);
-	}
-
-	/**
-	 * prepare module to perform decrypt all operation
-	 *
-	 * @param InputInterface $input
-	 * @param OutputInterface $output
-	 * @param string $user
-	 * @return bool
-	 */
-	public function prepareDecryptAll(InputInterface $input, OutputInterface $output, $user = '') {
-		return $this->decryptAll->prepare($input, $output, $user);
-	}
-
-
-	/**
-	 * @param string $path
-	 * @return string
-	 */
-	protected function getPathToRealFile($path) {
-		$realPath = $path;
-		$parts = explode('/', $path);
-		if ($parts[2] === 'files_versions') {
-			$realPath = '/' . $parts[1] . '/files/' . implode('/', array_slice($parts, 3));
-			$length = strrpos($realPath, '.');
-			$realPath = substr($realPath, 0, $length);
-		}
-
-		return $realPath;
-	}
-
-	/**
-	 * remove .part file extension and the ocTransferId from the file to get the
-	 * original file name
-	 *
-	 * @param string $path
-	 * @return string
-	 */
-	protected function stripPartFileExtension($path) {
-		if (pathinfo($path, PATHINFO_EXTENSION) === 'part') {
-			$pos = strrpos($path, '.', -6);
-			$path = substr($path, 0, $pos);
-		}
-
-		return $path;
-	}
-
-	/**
-	 * get owner of a file
-	 *
-	 * @param string $path
-	 * @return string
-	 */
-	protected function getOwner($path) {
-		if (!isset($this->owner[$path])) {
-			$this->owner[$path] = $this->util->getOwner($path);
-		}
-		return $this->owner[$path];
-	}
-
-	/**
-	 * Check if the module is ready to be used by that specific user.
-	 * In case a module is not ready - because e.g. key pairs have not been generated
-	 * upon login this method can return false before any operation starts and might
-	 * cause issues during operations.
-	 *
-	 * @param string $user
-	 * @return boolean
-	 * @since 9.1.0
-	 */
-	public function isReadyForUser($user) {
-		return $this->keyManager->userHasKeys($user);
-	}
-
-	/**
-	 * We only need a detailed access list if the master key is not enabled
-	 *
-	 * @return bool
-	 */
-	public function needDetailedAccessList() {
-		return !$this->util->isMasterKeyEnabled();
-	}
+    const ID = 'OC_DEFAULT_MODULE';
+    const DISPLAY_NAME = 'Default encryption module';
+
+    /**
+     * @var Crypt
+     */
+    private $crypt;
+
+    /** @var string */
+    private $cipher;
+
+    /** @var string */
+    private $path;
+
+    /** @var string */
+    private $user;
+
+    /** @var  array */
+    private $owner;
+
+    /** @var string */
+    private $fileKey;
+
+    /** @var string */
+    private $writeCache;
+
+    /** @var KeyManager */
+    private $keyManager;
+
+    /** @var array */
+    private $accessList;
+
+    /** @var boolean */
+    private $isWriteOperation;
+
+    /** @var Util */
+    private $util;
+
+    /** @var  Session */
+    private $session;
+
+    /** @var  ILogger */
+    private $logger;
+
+    /** @var IL10N */
+    private $l;
+
+    /** @var EncryptAll */
+    private $encryptAll;
+
+    /** @var  bool */
+    private $useMasterPassword;
+
+    /** @var DecryptAll  */
+    private $decryptAll;
+
+    /** @var int unencrypted block size if block contains signature */
+    private $unencryptedBlockSizeSigned = 6072;
+
+    /** @var int unencrypted block size */
+    private $unencryptedBlockSize = 6126;
+
+    /** @var int Current version of the file */
+    private $version = 0;
+
+    /** @var array remember encryption signature version */
+    private static $rememberVersion = [];
+
+
+    /**
+     *
+     * @param Crypt $crypt
+     * @param KeyManager $keyManager
+     * @param Util $util
+     * @param Session $session
+     * @param EncryptAll $encryptAll
+     * @param DecryptAll $decryptAll
+     * @param ILogger $logger
+     * @param IL10N $il10n
+     */
+    public function __construct(Crypt $crypt,
+                                KeyManager $keyManager,
+                                Util $util,
+                                Session $session,
+                                EncryptAll $encryptAll,
+                                DecryptAll $decryptAll,
+                                ILogger $logger,
+                                IL10N $il10n) {
+        $this->crypt = $crypt;
+        $this->keyManager = $keyManager;
+        $this->util = $util;
+        $this->session = $session;
+        $this->encryptAll = $encryptAll;
+        $this->decryptAll = $decryptAll;
+        $this->logger = $logger;
+        $this->l = $il10n;
+        $this->owner = [];
+        $this->useMasterPassword = $util->isMasterKeyEnabled();
+    }
+
+    /**
+     * @return string defining the technical unique id
+     */
+    public function getId() {
+        return self::ID;
+    }
+
+    /**
+     * In comparison to getKey() this function returns a human readable (maybe translated) name
+     *
+     * @return string
+     */
+    public function getDisplayName() {
+        return self::DISPLAY_NAME;
+    }
+
+    /**
+     * start receiving chunks from a file. This is the place where you can
+     * perform some initial step before starting encrypting/decrypting the
+     * chunks
+     *
+     * @param string $path to the file
+     * @param string $user who read/write the file
+     * @param string $mode php stream open mode
+     * @param array $header contains the header data read from the file
+     * @param array $accessList who has access to the file contains the key 'users' and 'public'
+     *
+     * @return array $header contain data as key-value pairs which should be
+     *                       written to the header, in case of a write operation
+     *                       or if no additional data is needed return a empty array
+     */
+    public function begin($path, $user, $mode, array $header, array $accessList) {
+        $this->path = $this->getPathToRealFile($path);
+        $this->accessList = $accessList;
+        $this->user = $user;
+        $this->isWriteOperation = false;
+        $this->writeCache = '';
+
+        if($this->session->isReady() === false) {
+            // if the master key is enabled we can initialize encryption
+            // with a empty password and user name
+            if ($this->util->isMasterKeyEnabled()) {
+                $this->keyManager->init('', '');
+            }
+        }
+
+        if ($this->session->decryptAllModeActivated()) {
+            $encryptedFileKey = $this->keyManager->getEncryptedFileKey($this->path);
+            $shareKey = $this->keyManager->getShareKey($this->path, $this->session->getDecryptAllUid());
+            $this->fileKey = $this->crypt->multiKeyDecrypt($encryptedFileKey,
+                $shareKey,
+                $this->session->getDecryptAllKey());
+        } else {
+            $this->fileKey = $this->keyManager->getFileKey($this->path, $this->user);
+        }
+
+        // always use the version from the original file, also part files
+        // need to have a correct version number if they get moved over to the
+        // final location
+        $this->version = (int)$this->keyManager->getVersion($this->stripPartFileExtension($path), new View());
+
+        if (
+            $mode === 'w'
+            || $mode === 'w+'
+            || $mode === 'wb'
+            || $mode === 'wb+'
+        ) {
+            $this->isWriteOperation = true;
+            if (empty($this->fileKey)) {
+                $this->fileKey = $this->crypt->generateFileKey();
+            }
+        } else {
+            // if we read a part file we need to increase the version by 1
+            // because the version number was also increased by writing
+            // the part file
+            if(Scanner::isPartialFile($path)) {
+                $this->version = $this->version + 1;
+            }
+        }
+
+        if ($this->isWriteOperation) {
+            $this->cipher = $this->crypt->getCipher();
+        } elseif (isset($header['cipher'])) {
+            $this->cipher = $header['cipher'];
+        } else {
+            // if we read a file without a header we fall-back to the legacy cipher
+            // which was used in <=oC6
+            $this->cipher = $this->crypt->getLegacyCipher();
+        }
+
+        return array('cipher' => $this->cipher, 'signed' => 'true');
+    }
+
+    /**
+     * last chunk received. This is the place where you can perform some final
+     * operation and return some remaining data if something is left in your
+     * buffer.
+     *
+     * @param string $path to the file
+     * @param int $position
+     * @return string remained data which should be written to the file in case
+     *                of a write operation
+     * @throws PublicKeyMissingException
+     * @throws \Exception
+     * @throws \OCA\Encryption\Exceptions\MultiKeyEncryptException
+     */
+    public function end($path, $position = 0) {
+        $result = '';
+        if ($this->isWriteOperation) {
+            $this->keyManager->setVersion($path, $this->version + 1, new View());
+            // in case of a part file we remember the new signature versions
+            // the version will be set later on update.
+            // This way we make sure that other apps listening to the pre-hooks
+            // still get the old version which should be the correct value for them
+            if (Scanner::isPartialFile($path)) {
+                self::$rememberVersion[$this->stripPartFileExtension($path)] = $this->version + 1;
+            }
+            if (!empty($this->writeCache)) {
+                $result = $this->crypt->symmetricEncryptFileContent($this->writeCache, $this->fileKey, $this->version + 1, $position);
+                $this->writeCache = '';
+            }
+            $publicKeys = array();
+            if ($this->useMasterPassword === true) {
+                $publicKeys[$this->keyManager->getMasterKeyId()] = $this->keyManager->getPublicMasterKey();
+            } else {
+                foreach ($this->accessList['users'] as $uid) {
+                    try {
+                        $publicKeys[$uid] = $this->keyManager->getPublicKey($uid);
+                    } catch (PublicKeyMissingException $e) {
+                        $this->logger->warning(
+                            'no public key found for user "{uid}", user will not be able to read the file',
+                            ['app' => 'encryption', 'uid' => $uid]
+                        );
+                        // if the public key of the owner is missing we should fail
+                        if ($uid === $this->user) {
+                            throw $e;
+                        }
+                    }
+                }
+            }
+
+            $publicKeys = $this->keyManager->addSystemKeys($this->accessList, $publicKeys, $this->getOwner($path));
+            $encryptedKeyfiles = $this->crypt->multiKeyEncrypt($this->fileKey, $publicKeys);
+            $this->keyManager->setAllFileKeys($this->path, $encryptedKeyfiles);
+        }
+        return $result;
+    }
+
+
+
+    /**
+     * encrypt data
+     *
+     * @param string $data you want to encrypt
+     * @param int $position
+     * @return string encrypted data
+     */
+    public function encrypt($data, $position = 0) {
+        // If extra data is left over from the last round, make sure it
+        // is integrated into the next block
+        if ($this->writeCache) {
+
+            // Concat writeCache to start of $data
+            $data = $this->writeCache . $data;
+
+            // Clear the write cache, ready for reuse - it has been
+            // flushed and its old contents processed
+            $this->writeCache = '';
+
+        }
+
+        $encrypted = '';
+        // While there still remains some data to be processed & written
+        while (strlen($data) > 0) {
+
+            // Remaining length for this iteration, not of the
+            // entire file (may be greater than 8192 bytes)
+            $remainingLength = strlen($data);
+
+            // If data remaining to be written is less than the
+            // size of 1 6126 byte block
+            if ($remainingLength < $this->unencryptedBlockSizeSigned) {
+
+                // Set writeCache to contents of $data
+                // The writeCache will be carried over to the
+                // next write round, and added to the start of
+                // $data to ensure that written blocks are
+                // always the correct length. If there is still
+                // data in writeCache after the writing round
+                // has finished, then the data will be written
+                // to disk by $this->flush().
+                $this->writeCache = $data;
+
+                // Clear $data ready for next round
+                $data = '';
+
+            } else {
+
+                // Read the chunk from the start of $data
+                $chunk = substr($data, 0, $this->unencryptedBlockSizeSigned);
+
+                $encrypted .= $this->crypt->symmetricEncryptFileContent($chunk, $this->fileKey, $this->version + 1, $position);
+
+                // Remove the chunk we just processed from
+                // $data, leaving only unprocessed data in $data
+                // var, for handling on the next round
+                $data = substr($data, $this->unencryptedBlockSizeSigned);
+
+            }
+
+        }
+
+        return $encrypted;
+    }
+
+    /**
+     * decrypt data
+     *
+     * @param string $data you want to decrypt
+     * @param int $position
+     * @return string decrypted data
+     * @throws DecryptionFailedException
+     */
+    public function decrypt($data, $position = 0) {
+        if (empty($this->fileKey)) {
+            $msg = 'Can not decrypt this file, probably this is a shared file. Please ask the file owner to reshare the file with you.';
+            $hint = $this->l->t('Can not decrypt this file, probably this is a shared file. Please ask the file owner to reshare the file with you.');
+            $this->logger->error($msg);
+
+            throw new DecryptionFailedException($msg, $hint);
+        }
+
+        return $this->crypt->symmetricDecryptFileContent($data, $this->fileKey, $this->cipher, $this->version, $position);
+    }
+
+    /**
+     * update encrypted file, e.g. give additional users access to the file
+     *
+     * @param string $path path to the file which should be updated
+     * @param string $uid of the user who performs the operation
+     * @param array $accessList who has access to the file contains the key 'users' and 'public'
+     * @return boolean
+     */
+    public function update($path, $uid, array $accessList) {
+
+        if (empty($accessList)) {
+            if (isset(self::$rememberVersion[$path])) {
+                $this->keyManager->setVersion($path, self::$rememberVersion[$path], new View());
+                unset(self::$rememberVersion[$path]);
+            }
+            return;
+        }
+
+        $fileKey = $this->keyManager->getFileKey($path, $uid);
+
+        if (!empty($fileKey)) {
+
+            $publicKeys = array();
+            if ($this->useMasterPassword === true) {
+                $publicKeys[$this->keyManager->getMasterKeyId()] = $this->keyManager->getPublicMasterKey();
+            } else {
+                foreach ($accessList['users'] as $user) {
+                    try {
+                        $publicKeys[$user] = $this->keyManager->getPublicKey($user);
+                    } catch (PublicKeyMissingException $e) {
+                        $this->logger->warning('Could not encrypt file for ' . $user . ': ' . $e->getMessage());
+                    }
+                }
+            }
+
+            $publicKeys = $this->keyManager->addSystemKeys($accessList, $publicKeys, $this->getOwner($path));
+
+            $encryptedFileKey = $this->crypt->multiKeyEncrypt($fileKey, $publicKeys);
+
+            $this->keyManager->deleteAllFileKeys($path);
+
+            $this->keyManager->setAllFileKeys($path, $encryptedFileKey);
+
+        } else {
+            $this->logger->debug('no file key found, we assume that the file "{file}" is not encrypted',
+                array('file' => $path, 'app' => 'encryption'));
+
+            return false;
+        }
+
+        return true;
+    }
+
+    /**
+     * should the file be encrypted or not
+     *
+     * @param string $path
+     * @return boolean
+     */
+    public function shouldEncrypt($path) {
+        if ($this->util->shouldEncryptHomeStorage() === false) {
+            $storage = $this->util->getStorage($path);
+            if ($storage->instanceOfStorage('\OCP\Files\IHomeStorage')) {
+                return false;
+            }
+        }
+        $parts = explode('/', $path);
+        if (count($parts) < 4) {
+            return false;
+        }
+
+        if ($parts[2] === 'files') {
+            return true;
+        }
+        if ($parts[2] === 'files_versions') {
+            return true;
+        }
+        if ($parts[2] === 'files_trashbin') {
+            return true;
+        }
+
+        return false;
+    }
+
+    /**
+     * get size of the unencrypted payload per block.
+     * Nextcloud read/write files with a block size of 8192 byte
+     *
+     * @param bool $signed
+     * @return int
+     */
+    public function getUnencryptedBlockSize($signed = false) {
+        if ($signed === false) {
+            return $this->unencryptedBlockSize;
+        }
+
+        return $this->unencryptedBlockSizeSigned;
+    }
+
+    /**
+     * check if the encryption module is able to read the file,
+     * e.g. if all encryption keys exists
+     *
+     * @param string $path
+     * @param string $uid user for whom we want to check if he can read the file
+     * @return bool
+     * @throws DecryptionFailedException
+     */
+    public function isReadable($path, $uid) {
+        $fileKey = $this->keyManager->getFileKey($path, $uid);
+        if (empty($fileKey)) {
+            $owner = $this->util->getOwner($path);
+            if ($owner !== $uid) {
+                // if it is a shared file we throw a exception with a useful
+                // error message because in this case it means that the file was
+                // shared with the user at a point where the user didn't had a
+                // valid private/public key
+                $msg = 'Encryption module "' . $this->getDisplayName() .
+                    '" is not able to read ' . $path;
+                $hint = $this->l->t('Can not read this file, probably this is a shared file. Please ask the file owner to reshare the file with you.');
+                $this->logger->warning($msg);
+                throw new DecryptionFailedException($msg, $hint);
+            }
+            return false;
+        }
+
+        return true;
+    }
+
+    /**
+     * Initial encryption of all files
+     *
+     * @param InputInterface $input
+     * @param OutputInterface $output write some status information to the terminal during encryption
+     */
+    public function encryptAll(InputInterface $input, OutputInterface $output) {
+        $this->encryptAll->encryptAll($input, $output);
+    }
+
+    /**
+     * prepare module to perform decrypt all operation
+     *
+     * @param InputInterface $input
+     * @param OutputInterface $output
+     * @param string $user
+     * @return bool
+     */
+    public function prepareDecryptAll(InputInterface $input, OutputInterface $output, $user = '') {
+        return $this->decryptAll->prepare($input, $output, $user);
+    }
+
+
+    /**
+     * @param string $path
+     * @return string
+     */
+    protected function getPathToRealFile($path) {
+        $realPath = $path;
+        $parts = explode('/', $path);
+        if ($parts[2] === 'files_versions') {
+            $realPath = '/' . $parts[1] . '/files/' . implode('/', array_slice($parts, 3));
+            $length = strrpos($realPath, '.');
+            $realPath = substr($realPath, 0, $length);
+        }
+
+        return $realPath;
+    }
+
+    /**
+     * remove .part file extension and the ocTransferId from the file to get the
+     * original file name
+     *
+     * @param string $path
+     * @return string
+     */
+    protected function stripPartFileExtension($path) {
+        if (pathinfo($path, PATHINFO_EXTENSION) === 'part') {
+            $pos = strrpos($path, '.', -6);
+            $path = substr($path, 0, $pos);
+        }
+
+        return $path;
+    }
+
+    /**
+     * get owner of a file
+     *
+     * @param string $path
+     * @return string
+     */
+    protected function getOwner($path) {
+        if (!isset($this->owner[$path])) {
+            $this->owner[$path] = $this->util->getOwner($path);
+        }
+        return $this->owner[$path];
+    }
+
+    /**
+     * Check if the module is ready to be used by that specific user.
+     * In case a module is not ready - because e.g. key pairs have not been generated
+     * upon login this method can return false before any operation starts and might
+     * cause issues during operations.
+     *
+     * @param string $user
+     * @return boolean
+     * @since 9.1.0
+     */
+    public function isReadyForUser($user) {
+        return $this->keyManager->userHasKeys($user);
+    }
+
+    /**
+     * We only need a detailed access list if the master key is not enabled
+     *
+     * @return bool
+     */
+    public function needDetailedAccessList() {
+        return !$this->util->isMasterKeyEnabled();
+    }
 }

apps/encryption/lib/KeyManager.php

Doc Comments +1 added lines, -1 removed lines

@@ -488,7 +488,7 @@
 
 
 	/**
-	 * @param $path
+	 * @param string $path
 	 * @param $uid
 	 * @return mixed
 	 */

Indentation +681 added lines, -681 removed lines

@@ -38,685 +38,685 @@
 
 class KeyManager {
 
-	/**
-	 * @var Session
-	 */
-	protected $session;
-	/**
-	 * @var IStorage
-	 */
-	private $keyStorage;
-	/**
-	 * @var Crypt
-	 */
-	private $crypt;
-	/**
-	 * @var string
-	 */
-	private $recoveryKeyId;
-	/**
-	 * @var string
-	 */
-	private $publicShareKeyId;
-	/**
-	 * @var string
-	 */
-	private $masterKeyId;
-	/**
-	 * @var string UserID
-	 */
-	private $keyId;
-	/**
-	 * @var string
-	 */
-	private $publicKeyId = 'publicKey';
-	/**
-	 * @var string
-	 */
-	private $privateKeyId = 'privateKey';
-
-	/**
-	 * @var string
-	 */
-	private $shareKeyId = 'shareKey';
-
-	/**
-	 * @var string
-	 */
-	private $fileKeyId = 'fileKey';
-	/**
-	 * @var IConfig
-	 */
-	private $config;
-	/**
-	 * @var ILogger
-	 */
-	private $log;
-	/**
-	 * @var Util
-	 */
-	private $util;
-
-	/**
-	 * @param IStorage $keyStorage
-	 * @param Crypt $crypt
-	 * @param IConfig $config
-	 * @param IUserSession $userSession
-	 * @param Session $session
-	 * @param ILogger $log
-	 * @param Util $util
-	 */
-	public function __construct(
-		IStorage $keyStorage,
-		Crypt $crypt,
-		IConfig $config,
-		IUserSession $userSession,
-		Session $session,
-		ILogger $log,
-		Util $util
-	) {
-
-		$this->util = $util;
-		$this->session = $session;
-		$this->keyStorage = $keyStorage;
-		$this->crypt = $crypt;
-		$this->config = $config;
-		$this->log = $log;
-
-		$this->recoveryKeyId = $this->config->getAppValue('encryption',
-			'recoveryKeyId');
-		if (empty($this->recoveryKeyId)) {
-			$this->recoveryKeyId = 'recoveryKey_' . substr(md5(time()), 0, 8);
-			$this->config->setAppValue('encryption',
-				'recoveryKeyId',
-				$this->recoveryKeyId);
-		}
-
-		$this->publicShareKeyId = $this->config->getAppValue('encryption',
-			'publicShareKeyId');
-		if (empty($this->publicShareKeyId)) {
-			$this->publicShareKeyId = 'pubShare_' . substr(md5(time()), 0, 8);
-			$this->config->setAppValue('encryption', 'publicShareKeyId', $this->publicShareKeyId);
-		}
-
-		$this->masterKeyId = $this->config->getAppValue('encryption',
-			'masterKeyId');
-		if (empty($this->masterKeyId)) {
-			$this->masterKeyId = 'master_' . substr(md5(time()), 0, 8);
-			$this->config->setAppValue('encryption', 'masterKeyId', $this->masterKeyId);
-		}
-
-		$this->keyId = $userSession && $userSession->isLoggedIn() ? $userSession->getUser()->getUID() : false;
-		$this->log = $log;
-	}
-
-	/**
-	 * check if key pair for public link shares exists, if not we create one
-	 */
-	public function validateShareKey() {
-		$shareKey = $this->getPublicShareKey();
-		if (empty($shareKey)) {
-			$keyPair = $this->crypt->createKeyPair();
-
-			// Save public key
-			$this->keyStorage->setSystemUserKey(
-				$this->publicShareKeyId . '.publicKey', $keyPair['publicKey'],
-				Encryption::ID);
-
-			// Encrypt private key empty passphrase
-			$encryptedKey = $this->crypt->encryptPrivateKey($keyPair['privateKey'], '');
-			$header = $this->crypt->generateHeader();
-			$this->setSystemPrivateKey($this->publicShareKeyId, $header . $encryptedKey);
-		}
-	}
-
-	/**
-	 * check if a key pair for the master key exists, if not we create one
-	 */
-	public function validateMasterKey() {
-
-		if ($this->util->isMasterKeyEnabled() === false) {
-			return;
-		}
-
-		$publicMasterKey = $this->getPublicMasterKey();
-		if (empty($publicMasterKey)) {
-			$keyPair = $this->crypt->createKeyPair();
-
-			// Save public key
-			$this->keyStorage->setSystemUserKey(
-				$this->masterKeyId . '.publicKey', $keyPair['publicKey'],
-				Encryption::ID);
-
-			// Encrypt private key with system password
-			$encryptedKey = $this->crypt->encryptPrivateKey($keyPair['privateKey'], $this->getMasterKeyPassword(), $this->masterKeyId);
-			$header = $this->crypt->generateHeader();
-			$this->setSystemPrivateKey($this->masterKeyId, $header . $encryptedKey);
-		}
-
-		if (!$this->session->isPrivateKeySet()) {
-			$masterKey = $this->getSystemPrivateKey($this->masterKeyId);
-			$decryptedMasterKey = $this->crypt->decryptPrivateKey($masterKey, $this->getMasterKeyPassword(), $this->masterKeyId);
-			$this->session->setPrivateKey($decryptedMasterKey);
-		}
-
-		// after the encryption key is available we are ready to go
-		$this->session->setStatus(Session::INIT_SUCCESSFUL);
-	}
-
-	/**
-	 * @return bool
-	 */
-	public function recoveryKeyExists() {
-		$key = $this->getRecoveryKey();
-		return (!empty($key));
-	}
-
-	/**
-	 * get recovery key
-	 *
-	 * @return string
-	 */
-	public function getRecoveryKey() {
-		return $this->keyStorage->getSystemUserKey($this->recoveryKeyId . '.publicKey', Encryption::ID);
-	}
-
-	/**
-	 * get recovery key ID
-	 *
-	 * @return string
-	 */
-	public function getRecoveryKeyId() {
-		return $this->recoveryKeyId;
-	}
-
-	/**
-	 * @param string $password
-	 * @return bool
-	 */
-	public function checkRecoveryPassword($password) {
-		$recoveryKey = $this->keyStorage->getSystemUserKey($this->recoveryKeyId . '.privateKey', Encryption::ID);
-		$decryptedRecoveryKey = $this->crypt->decryptPrivateKey($recoveryKey, $password);
-
-		if ($decryptedRecoveryKey) {
-			return true;
-		}
-		return false;
-	}
-
-	/**
-	 * @param string $uid
-	 * @param string $password
-	 * @param string $keyPair
-	 * @return bool
-	 */
-	public function storeKeyPair($uid, $password, $keyPair) {
-		// Save Public Key
-		$this->setPublicKey($uid, $keyPair['publicKey']);
-
-		$encryptedKey = $this->crypt->encryptPrivateKey($keyPair['privateKey'], $password, $uid);
-
-		$header = $this->crypt->generateHeader();
-
-		if ($encryptedKey) {
-			$this->setPrivateKey($uid, $header . $encryptedKey);
-			return true;
-		}
-		return false;
-	}
-
-	/**
-	 * @param string $password
-	 * @param array $keyPair
-	 * @return bool
-	 */
-	public function setRecoveryKey($password, $keyPair) {
-		// Save Public Key
-		$this->keyStorage->setSystemUserKey($this->getRecoveryKeyId().
-			'.publicKey',
-			$keyPair['publicKey'],
-			Encryption::ID);
-
-		$encryptedKey = $this->crypt->encryptPrivateKey($keyPair['privateKey'], $password);
-		$header = $this->crypt->generateHeader();
-
-		if ($encryptedKey) {
-			$this->setSystemPrivateKey($this->getRecoveryKeyId(), $header . $encryptedKey);
-			return true;
-		}
-		return false;
-	}
-
-	/**
-	 * @param $userId
-	 * @param $key
-	 * @return bool
-	 */
-	public function setPublicKey($userId, $key) {
-		return $this->keyStorage->setUserKey($userId, $this->publicKeyId, $key, Encryption::ID);
-	}
-
-	/**
-	 * @param $userId
-	 * @param string $key
-	 * @return bool
-	 */
-	public function setPrivateKey($userId, $key) {
-		return $this->keyStorage->setUserKey($userId,
-			$this->privateKeyId,
-			$key,
-			Encryption::ID);
-	}
-
-	/**
-	 * write file key to key storage
-	 *
-	 * @param string $path
-	 * @param string $key
-	 * @return boolean
-	 */
-	public function setFileKey($path, $key) {
-		return $this->keyStorage->setFileKey($path, $this->fileKeyId, $key, Encryption::ID);
-	}
-
-	/**
-	 * set all file keys (the file key and the corresponding share keys)
-	 *
-	 * @param string $path
-	 * @param array $keys
-	 */
-	public function setAllFileKeys($path, $keys) {
-		$this->setFileKey($path, $keys['data']);
-		foreach ($keys['keys'] as $uid => $keyFile) {
-			$this->setShareKey($path, $uid, $keyFile);
-		}
-	}
-
-	/**
-	 * write share key to the key storage
-	 *
-	 * @param string $path
-	 * @param string $uid
-	 * @param string $key
-	 * @return boolean
-	 */
-	public function setShareKey($path, $uid, $key) {
-		$keyId = $uid . '.' . $this->shareKeyId;
-		return $this->keyStorage->setFileKey($path, $keyId, $key, Encryption::ID);
-	}
-
-	/**
-	 * Decrypt private key and store it
-	 *
-	 * @param string $uid user id
-	 * @param string $passPhrase users password
-	 * @return boolean
-	 */
-	public function init($uid, $passPhrase) {
-
-		$this->session->setStatus(Session::INIT_EXECUTED);
-
-		try {
-			if($this->util->isMasterKeyEnabled()) {
-				$uid = $this->getMasterKeyId();
-				$passPhrase = $this->getMasterKeyPassword();
-				$privateKey = $this->getSystemPrivateKey($uid);
-			} else {
-				$privateKey = $this->getPrivateKey($uid);
-			}
-			$privateKey = $this->crypt->decryptPrivateKey($privateKey, $passPhrase, $uid);
-		} catch (PrivateKeyMissingException $e) {
-			return false;
-		} catch (DecryptionFailedException $e) {
-			return false;
-		} catch (\Exception $e) {
-			$this->log->warning(
-				'Could not decrypt the private key from user "' . $uid . '"" during login. ' .
-				'Assume password change on the user back-end. Error message: '
-				. $e->getMessage()
-			);
-			return false;
-		}
-
-		if ($privateKey) {
-			$this->session->setPrivateKey($privateKey);
-			$this->session->setStatus(Session::INIT_SUCCESSFUL);
-			return true;
-		}
-
-		return false;
-	}
-
-	/**
-	 * @param $userId
-	 * @return string
-	 * @throws PrivateKeyMissingException
-	 */
-	public function getPrivateKey($userId) {
-		$privateKey = $this->keyStorage->getUserKey($userId,
-			$this->privateKeyId, Encryption::ID);
-
-		if (strlen($privateKey) !== 0) {
-			return $privateKey;
-		}
-		throw new PrivateKeyMissingException($userId);
-	}
-
-	/**
-	 * @param string $path
-	 * @param $uid
-	 * @return string
-	 */
-	public function getFileKey($path, $uid) {
-		if ($uid === '') {
-			$uid = null;
-		}
-		$publicAccess = is_null($uid);
-		$encryptedFileKey = $this->keyStorage->getFileKey($path, $this->fileKeyId, Encryption::ID);
-
-		if (empty($encryptedFileKey)) {
-			return '';
-		}
-
-		if ($this->util->isMasterKeyEnabled()) {
-			$uid = $this->getMasterKeyId();
-			$shareKey = $this->getShareKey($path, $uid);
-			if ($publicAccess) {
-				$privateKey = $this->getSystemPrivateKey($uid);
-				$privateKey = $this->crypt->decryptPrivateKey($privateKey, $this->getMasterKeyPassword(), $uid);
-			} else {
-				// when logged in, the master key is already decrypted in the session
-				$privateKey = $this->session->getPrivateKey();
-			}
-		} else if ($publicAccess) {
-			// use public share key for public links
-			$uid = $this->getPublicShareKeyId();
-			$shareKey = $this->getShareKey($path, $uid);
-			$privateKey = $this->keyStorage->getSystemUserKey($this->publicShareKeyId . '.privateKey', Encryption::ID);
-			$privateKey = $this->crypt->decryptPrivateKey($privateKey);
-		} else {
-			$shareKey = $this->getShareKey($path, $uid);
-			$privateKey = $this->session->getPrivateKey();
-		}
-
-		if ($encryptedFileKey && $shareKey && $privateKey) {
-			return $this->crypt->multiKeyDecrypt($encryptedFileKey,
-				$shareKey,
-				$privateKey);
-		}
-
-		return '';
-	}
-
-	/**
-	 * Get the current version of a file
-	 *
-	 * @param string $path
-	 * @param View $view
-	 * @return int
-	 */
-	public function getVersion($path, View $view) {
-		$fileInfo = $view->getFileInfo($path);
-		if($fileInfo === false) {
-			return 0;
-		}
-		return $fileInfo->getEncryptedVersion();
-	}
-
-	/**
-	 * Set the current version of a file
-	 *
-	 * @param string $path
-	 * @param int $version
-	 * @param View $view
-	 */
-	public function setVersion($path, $version, View $view) {
-		$fileInfo= $view->getFileInfo($path);
-
-		if($fileInfo !== false) {
-			$cache = $fileInfo->getStorage()->getCache();
-			$cache->update($fileInfo->getId(), ['encrypted' => $version, 'encryptedVersion' => $version]);
-		}
-	}
-
-	/**
-	 * get the encrypted file key
-	 *
-	 * @param string $path
-	 * @return string
-	 */
-	public function getEncryptedFileKey($path) {
-		$encryptedFileKey = $this->keyStorage->getFileKey($path,
-			$this->fileKeyId, Encryption::ID);
-
-		return $encryptedFileKey;
-	}
-
-	/**
-	 * delete share key
-	 *
-	 * @param string $path
-	 * @param string $keyId
-	 * @return boolean
-	 */
-	public function deleteShareKey($path, $keyId) {
-		return $this->keyStorage->deleteFileKey(
-			$path,
-			$keyId . '.' . $this->shareKeyId,
-			Encryption::ID);
-	}
-
-
-	/**
-	 * @param $path
-	 * @param $uid
-	 * @return mixed
-	 */
-	public function getShareKey($path, $uid) {
-		$keyId = $uid . '.' . $this->shareKeyId;
-		return $this->keyStorage->getFileKey($path, $keyId, Encryption::ID);
-	}
-
-	/**
-	 * check if user has a private and a public key
-	 *
-	 * @param string $userId
-	 * @return bool
-	 * @throws PrivateKeyMissingException
-	 * @throws PublicKeyMissingException
-	 */
-	public function userHasKeys($userId) {
-		$privateKey = $publicKey = true;
-		$exception = null;
-
-		try {
-			$this->getPrivateKey($userId);
-		} catch (PrivateKeyMissingException $e) {
-			$privateKey = false;
-			$exception = $e;
-		}
-		try {
-			$this->getPublicKey($userId);
-		} catch (PublicKeyMissingException $e) {
-			$publicKey = false;
-			$exception = $e;
-		}
-
-		if ($privateKey && $publicKey) {
-			return true;
-		} elseif (!$privateKey && !$publicKey) {
-			return false;
-		} else {
-			throw $exception;
-		}
-	}
-
-	/**
-	 * @param $userId
-	 * @return mixed
-	 * @throws PublicKeyMissingException
-	 */
-	public function getPublicKey($userId) {
-		$publicKey = $this->keyStorage->getUserKey($userId, $this->publicKeyId, Encryption::ID);
-
-		if (strlen($publicKey) !== 0) {
-			return $publicKey;
-		}
-		throw new PublicKeyMissingException($userId);
-	}
-
-	public function getPublicShareKeyId() {
-		return $this->publicShareKeyId;
-	}
-
-	/**
-	 * get public key for public link shares
-	 *
-	 * @return string
-	 */
-	public function getPublicShareKey() {
-		return $this->keyStorage->getSystemUserKey($this->publicShareKeyId . '.publicKey', Encryption::ID);
-	}
-
-	/**
-	 * @param string $purpose
-	 * @param string $uid
-	 */
-	public function backupUserKeys($purpose, $uid) {
-		$this->keyStorage->backupUserKeys(Encryption::ID, $purpose, $uid);
-	}
-
-	/**
-	 * creat a backup of the users private and public key and then  delete it
-	 *
-	 * @param string $uid
-	 */
-	public function deleteUserKeys($uid) {
-		$this->deletePublicKey($uid);
-		$this->deletePrivateKey($uid);
-	}
-
-	/**
-	 * @param $uid
-	 * @return bool
-	 */
-	public function deletePublicKey($uid) {
-		return $this->keyStorage->deleteUserKey($uid, $this->publicKeyId, Encryption::ID);
-	}
-
-	/**
-	 * @param string $uid
-	 * @return bool
-	 */
-	private function deletePrivateKey($uid) {
-		return $this->keyStorage->deleteUserKey($uid, $this->privateKeyId, Encryption::ID);
-	}
-
-	/**
-	 * @param string $path
-	 * @return bool
-	 */
-	public function deleteAllFileKeys($path) {
-		return $this->keyStorage->deleteAllFileKeys($path);
-	}
-
-	/**
-	 * @param array $userIds
-	 * @return array
-	 * @throws PublicKeyMissingException
-	 */
-	public function getPublicKeys(array $userIds) {
-		$keys = [];
-
-		foreach ($userIds as $userId) {
-			try {
-				$keys[$userId] = $this->getPublicKey($userId);
-			} catch (PublicKeyMissingException $e) {
-				continue;
-			}
-		}
-
-		return $keys;
-
-	}
-
-	/**
-	 * @param string $keyId
-	 * @return string returns openssl key
-	 */
-	public function getSystemPrivateKey($keyId) {
-		return $this->keyStorage->getSystemUserKey($keyId . '.' . $this->privateKeyId, Encryption::ID);
-	}
-
-	/**
-	 * @param string $keyId
-	 * @param string $key
-	 * @return string returns openssl key
-	 */
-	public function setSystemPrivateKey($keyId, $key) {
-		return $this->keyStorage->setSystemUserKey(
-			$keyId . '.' . $this->privateKeyId,
-			$key,
-			Encryption::ID);
-	}
-
-	/**
-	 * add system keys such as the public share key and the recovery key
-	 *
-	 * @param array $accessList
-	 * @param array $publicKeys
-	 * @param string $uid
-	 * @return array
-	 * @throws PublicKeyMissingException
-	 */
-	public function addSystemKeys(array $accessList, array $publicKeys, $uid) {
-		if (!empty($accessList['public'])) {
-			$publicShareKey = $this->getPublicShareKey();
-			if (empty($publicShareKey)) {
-				throw new PublicKeyMissingException($this->getPublicShareKeyId());
-			}
-			$publicKeys[$this->getPublicShareKeyId()] = $publicShareKey;
-		}
-
-		if ($this->recoveryKeyExists() &&
-			$this->util->isRecoveryEnabledForUser($uid)) {
-
-			$publicKeys[$this->getRecoveryKeyId()] = $this->getRecoveryKey();
-		}
-
-		return $publicKeys;
-	}
-
-	/**
-	 * get master key password
-	 *
-	 * @return string
-	 * @throws \Exception
-	 */
-	public function getMasterKeyPassword() {
-		$password = $this->config->getSystemValue('secret');
-		if (empty($password)){
-			throw new \Exception('Can not get secret from Nextcloud instance');
-		}
-
-		return $password;
-	}
-
-	/**
-	 * return master key id
-	 *
-	 * @return string
-	 */
-	public function getMasterKeyId() {
-		return $this->masterKeyId;
-	}
-
-	/**
-	 * get public master key
-	 *
-	 * @return string
-	 */
-	public function getPublicMasterKey() {
-		return $this->keyStorage->getSystemUserKey($this->masterKeyId . '.publicKey', Encryption::ID);
-	}
+    /**
+     * @var Session
+     */
+    protected $session;
+    /**
+     * @var IStorage
+     */
+    private $keyStorage;
+    /**
+     * @var Crypt
+     */
+    private $crypt;
+    /**
+     * @var string
+     */
+    private $recoveryKeyId;
+    /**
+     * @var string
+     */
+    private $publicShareKeyId;
+    /**
+     * @var string
+     */
+    private $masterKeyId;
+    /**
+     * @var string UserID
+     */
+    private $keyId;
+    /**
+     * @var string
+     */
+    private $publicKeyId = 'publicKey';
+    /**
+     * @var string
+     */
+    private $privateKeyId = 'privateKey';
+
+    /**
+     * @var string
+     */
+    private $shareKeyId = 'shareKey';
+
+    /**
+     * @var string
+     */
+    private $fileKeyId = 'fileKey';
+    /**
+     * @var IConfig
+     */
+    private $config;
+    /**
+     * @var ILogger
+     */
+    private $log;
+    /**
+     * @var Util
+     */
+    private $util;
+
+    /**
+     * @param IStorage $keyStorage
+     * @param Crypt $crypt
+     * @param IConfig $config
+     * @param IUserSession $userSession
+     * @param Session $session
+     * @param ILogger $log
+     * @param Util $util
+     */
+    public function __construct(
+        IStorage $keyStorage,
+        Crypt $crypt,
+        IConfig $config,
+        IUserSession $userSession,
+        Session $session,
+        ILogger $log,
+        Util $util
+    ) {
+
+        $this->util = $util;
+        $this->session = $session;
+        $this->keyStorage = $keyStorage;
+        $this->crypt = $crypt;
+        $this->config = $config;
+        $this->log = $log;
+
+        $this->recoveryKeyId = $this->config->getAppValue('encryption',
+            'recoveryKeyId');
+        if (empty($this->recoveryKeyId)) {
+            $this->recoveryKeyId = 'recoveryKey_' . substr(md5(time()), 0, 8);
+            $this->config->setAppValue('encryption',
+                'recoveryKeyId',
+                $this->recoveryKeyId);
+        }
+
+        $this->publicShareKeyId = $this->config->getAppValue('encryption',
+            'publicShareKeyId');
+        if (empty($this->publicShareKeyId)) {
+            $this->publicShareKeyId = 'pubShare_' . substr(md5(time()), 0, 8);
+            $this->config->setAppValue('encryption', 'publicShareKeyId', $this->publicShareKeyId);
+        }
+
+        $this->masterKeyId = $this->config->getAppValue('encryption',
+            'masterKeyId');
+        if (empty($this->masterKeyId)) {
+            $this->masterKeyId = 'master_' . substr(md5(time()), 0, 8);
+            $this->config->setAppValue('encryption', 'masterKeyId', $this->masterKeyId);
+        }
+
+        $this->keyId = $userSession && $userSession->isLoggedIn() ? $userSession->getUser()->getUID() : false;
+        $this->log = $log;
+    }
+
+    /**
+     * check if key pair for public link shares exists, if not we create one
+     */
+    public function validateShareKey() {
+        $shareKey = $this->getPublicShareKey();
+        if (empty($shareKey)) {
+            $keyPair = $this->crypt->createKeyPair();
+
+            // Save public key
+            $this->keyStorage->setSystemUserKey(
+                $this->publicShareKeyId . '.publicKey', $keyPair['publicKey'],
+                Encryption::ID);
+
+            // Encrypt private key empty passphrase
+            $encryptedKey = $this->crypt->encryptPrivateKey($keyPair['privateKey'], '');
+            $header = $this->crypt->generateHeader();
+            $this->setSystemPrivateKey($this->publicShareKeyId, $header . $encryptedKey);
+        }
+    }
+
+    /**
+     * check if a key pair for the master key exists, if not we create one
+     */
+    public function validateMasterKey() {
+
+        if ($this->util->isMasterKeyEnabled() === false) {
+            return;
+        }
+
+        $publicMasterKey = $this->getPublicMasterKey();
+        if (empty($publicMasterKey)) {
+            $keyPair = $this->crypt->createKeyPair();
+
+            // Save public key
+            $this->keyStorage->setSystemUserKey(
+                $this->masterKeyId . '.publicKey', $keyPair['publicKey'],
+                Encryption::ID);
+
+            // Encrypt private key with system password
+            $encryptedKey = $this->crypt->encryptPrivateKey($keyPair['privateKey'], $this->getMasterKeyPassword(), $this->masterKeyId);
+            $header = $this->crypt->generateHeader();
+            $this->setSystemPrivateKey($this->masterKeyId, $header . $encryptedKey);
+        }
+
+        if (!$this->session->isPrivateKeySet()) {
+            $masterKey = $this->getSystemPrivateKey($this->masterKeyId);
+            $decryptedMasterKey = $this->crypt->decryptPrivateKey($masterKey, $this->getMasterKeyPassword(), $this->masterKeyId);
+            $this->session->setPrivateKey($decryptedMasterKey);
+        }
+
+        // after the encryption key is available we are ready to go
+        $this->session->setStatus(Session::INIT_SUCCESSFUL);
+    }
+
+    /**
+     * @return bool
+     */
+    public function recoveryKeyExists() {
+        $key = $this->getRecoveryKey();
+        return (!empty($key));
+    }
+
+    /**
+     * get recovery key
+     *
+     * @return string
+     */
+    public function getRecoveryKey() {
+        return $this->keyStorage->getSystemUserKey($this->recoveryKeyId . '.publicKey', Encryption::ID);
+    }
+
+    /**
+     * get recovery key ID
+     *
+     * @return string
+     */
+    public function getRecoveryKeyId() {
+        return $this->recoveryKeyId;
+    }
+
+    /**
+     * @param string $password
+     * @return bool
+     */
+    public function checkRecoveryPassword($password) {
+        $recoveryKey = $this->keyStorage->getSystemUserKey($this->recoveryKeyId . '.privateKey', Encryption::ID);
+        $decryptedRecoveryKey = $this->crypt->decryptPrivateKey($recoveryKey, $password);
+
+        if ($decryptedRecoveryKey) {
+            return true;
+        }
+        return false;
+    }
+
+    /**
+     * @param string $uid
+     * @param string $password
+     * @param string $keyPair
+     * @return bool
+     */
+    public function storeKeyPair($uid, $password, $keyPair) {
+        // Save Public Key
+        $this->setPublicKey($uid, $keyPair['publicKey']);
+
+        $encryptedKey = $this->crypt->encryptPrivateKey($keyPair['privateKey'], $password, $uid);
+
+        $header = $this->crypt->generateHeader();
+
+        if ($encryptedKey) {
+            $this->setPrivateKey($uid, $header . $encryptedKey);
+            return true;
+        }
+        return false;
+    }
+
+    /**
+     * @param string $password
+     * @param array $keyPair
+     * @return bool
+     */
+    public function setRecoveryKey($password, $keyPair) {
+        // Save Public Key
+        $this->keyStorage->setSystemUserKey($this->getRecoveryKeyId().
+            '.publicKey',
+            $keyPair['publicKey'],
+            Encryption::ID);
+
+        $encryptedKey = $this->crypt->encryptPrivateKey($keyPair['privateKey'], $password);
+        $header = $this->crypt->generateHeader();
+
+        if ($encryptedKey) {
+            $this->setSystemPrivateKey($this->getRecoveryKeyId(), $header . $encryptedKey);
+            return true;
+        }
+        return false;
+    }
+
+    /**
+     * @param $userId
+     * @param $key
+     * @return bool
+     */
+    public function setPublicKey($userId, $key) {
+        return $this->keyStorage->setUserKey($userId, $this->publicKeyId, $key, Encryption::ID);
+    }
+
+    /**
+     * @param $userId
+     * @param string $key
+     * @return bool
+     */
+    public function setPrivateKey($userId, $key) {
+        return $this->keyStorage->setUserKey($userId,
+            $this->privateKeyId,
+            $key,
+            Encryption::ID);
+    }
+
+    /**
+     * write file key to key storage
+     *
+     * @param string $path
+     * @param string $key
+     * @return boolean
+     */
+    public function setFileKey($path, $key) {
+        return $this->keyStorage->setFileKey($path, $this->fileKeyId, $key, Encryption::ID);
+    }
+
+    /**
+     * set all file keys (the file key and the corresponding share keys)
+     *
+     * @param string $path
+     * @param array $keys
+     */
+    public function setAllFileKeys($path, $keys) {
+        $this->setFileKey($path, $keys['data']);
+        foreach ($keys['keys'] as $uid => $keyFile) {
+            $this->setShareKey($path, $uid, $keyFile);
+        }
+    }
+
+    /**
+     * write share key to the key storage
+     *
+     * @param string $path
+     * @param string $uid
+     * @param string $key
+     * @return boolean
+     */
+    public function setShareKey($path, $uid, $key) {
+        $keyId = $uid . '.' . $this->shareKeyId;
+        return $this->keyStorage->setFileKey($path, $keyId, $key, Encryption::ID);
+    }
+
+    /**
+     * Decrypt private key and store it
+     *
+     * @param string $uid user id
+     * @param string $passPhrase users password
+     * @return boolean
+     */
+    public function init($uid, $passPhrase) {
+
+        $this->session->setStatus(Session::INIT_EXECUTED);
+
+        try {
+            if($this->util->isMasterKeyEnabled()) {
+                $uid = $this->getMasterKeyId();
+                $passPhrase = $this->getMasterKeyPassword();
+                $privateKey = $this->getSystemPrivateKey($uid);
+            } else {
+                $privateKey = $this->getPrivateKey($uid);
+            }
+            $privateKey = $this->crypt->decryptPrivateKey($privateKey, $passPhrase, $uid);
+        } catch (PrivateKeyMissingException $e) {
+            return false;
+        } catch (DecryptionFailedException $e) {
+            return false;
+        } catch (\Exception $e) {
+            $this->log->warning(
+                'Could not decrypt the private key from user "' . $uid . '"" during login. ' .
+                'Assume password change on the user back-end. Error message: '
+                . $e->getMessage()
+            );
+            return false;
+        }
+
+        if ($privateKey) {
+            $this->session->setPrivateKey($privateKey);
+            $this->session->setStatus(Session::INIT_SUCCESSFUL);
+            return true;
+        }
+
+        return false;
+    }
+
+    /**
+     * @param $userId
+     * @return string
+     * @throws PrivateKeyMissingException
+     */
+    public function getPrivateKey($userId) {
+        $privateKey = $this->keyStorage->getUserKey($userId,
+            $this->privateKeyId, Encryption::ID);
+
+        if (strlen($privateKey) !== 0) {
+            return $privateKey;
+        }
+        throw new PrivateKeyMissingException($userId);
+    }
+
+    /**
+     * @param string $path
+     * @param $uid
+     * @return string
+     */
+    public function getFileKey($path, $uid) {
+        if ($uid === '') {
+            $uid = null;
+        }
+        $publicAccess = is_null($uid);
+        $encryptedFileKey = $this->keyStorage->getFileKey($path, $this->fileKeyId, Encryption::ID);
+
+        if (empty($encryptedFileKey)) {
+            return '';
+        }
+
+        if ($this->util->isMasterKeyEnabled()) {
+            $uid = $this->getMasterKeyId();
+            $shareKey = $this->getShareKey($path, $uid);
+            if ($publicAccess) {
+                $privateKey = $this->getSystemPrivateKey($uid);
+                $privateKey = $this->crypt->decryptPrivateKey($privateKey, $this->getMasterKeyPassword(), $uid);
+            } else {
+                // when logged in, the master key is already decrypted in the session
+                $privateKey = $this->session->getPrivateKey();
+            }
+        } else if ($publicAccess) {
+            // use public share key for public links
+            $uid = $this->getPublicShareKeyId();
+            $shareKey = $this->getShareKey($path, $uid);
+            $privateKey = $this->keyStorage->getSystemUserKey($this->publicShareKeyId . '.privateKey', Encryption::ID);
+            $privateKey = $this->crypt->decryptPrivateKey($privateKey);
+        } else {
+            $shareKey = $this->getShareKey($path, $uid);
+            $privateKey = $this->session->getPrivateKey();
+        }
+
+        if ($encryptedFileKey && $shareKey && $privateKey) {
+            return $this->crypt->multiKeyDecrypt($encryptedFileKey,
+                $shareKey,
+                $privateKey);
+        }
+
+        return '';
+    }
+
+    /**
+     * Get the current version of a file
+     *
+     * @param string $path
+     * @param View $view
+     * @return int
+     */
+    public function getVersion($path, View $view) {
+        $fileInfo = $view->getFileInfo($path);
+        if($fileInfo === false) {
+            return 0;
+        }
+        return $fileInfo->getEncryptedVersion();
+    }
+
+    /**
+     * Set the current version of a file
+     *
+     * @param string $path
+     * @param int $version
+     * @param View $view
+     */
+    public function setVersion($path, $version, View $view) {
+        $fileInfo= $view->getFileInfo($path);
+
+        if($fileInfo !== false) {
+            $cache = $fileInfo->getStorage()->getCache();
+            $cache->update($fileInfo->getId(), ['encrypted' => $version, 'encryptedVersion' => $version]);
+        }
+    }
+
+    /**
+     * get the encrypted file key
+     *
+     * @param string $path
+     * @return string
+     */
+    public function getEncryptedFileKey($path) {
+        $encryptedFileKey = $this->keyStorage->getFileKey($path,
+            $this->fileKeyId, Encryption::ID);
+
+        return $encryptedFileKey;
+    }
+
+    /**
+     * delete share key
+     *
+     * @param string $path
+     * @param string $keyId
+     * @return boolean
+     */
+    public function deleteShareKey($path, $keyId) {
+        return $this->keyStorage->deleteFileKey(
+            $path,
+            $keyId . '.' . $this->shareKeyId,
+            Encryption::ID);
+    }
+
+
+    /**
+     * @param $path
+     * @param $uid
+     * @return mixed
+     */
+    public function getShareKey($path, $uid) {
+        $keyId = $uid . '.' . $this->shareKeyId;
+        return $this->keyStorage->getFileKey($path, $keyId, Encryption::ID);
+    }
+
+    /**
+     * check if user has a private and a public key
+     *
+     * @param string $userId
+     * @return bool
+     * @throws PrivateKeyMissingException
+     * @throws PublicKeyMissingException
+     */
+    public function userHasKeys($userId) {
+        $privateKey = $publicKey = true;
+        $exception = null;
+
+        try {
+            $this->getPrivateKey($userId);
+        } catch (PrivateKeyMissingException $e) {
+            $privateKey = false;
+            $exception = $e;
+        }
+        try {
+            $this->getPublicKey($userId);
+        } catch (PublicKeyMissingException $e) {
+            $publicKey = false;
+            $exception = $e;
+        }
+
+        if ($privateKey && $publicKey) {
+            return true;
+        } elseif (!$privateKey && !$publicKey) {
+            return false;
+        } else {
+            throw $exception;
+        }
+    }
+
+    /**
+     * @param $userId
+     * @return mixed
+     * @throws PublicKeyMissingException
+     */
+    public function getPublicKey($userId) {
+        $publicKey = $this->keyStorage->getUserKey($userId, $this->publicKeyId, Encryption::ID);
+
+        if (strlen($publicKey) !== 0) {
+            return $publicKey;
+        }
+        throw new PublicKeyMissingException($userId);
+    }
+
+    public function getPublicShareKeyId() {
+        return $this->publicShareKeyId;
+    }
+
+    /**
+     * get public key for public link shares
+     *
+     * @return string
+     */
+    public function getPublicShareKey() {
+        return $this->keyStorage->getSystemUserKey($this->publicShareKeyId . '.publicKey', Encryption::ID);
+    }
+
+    /**
+     * @param string $purpose
+     * @param string $uid
+     */
+    public function backupUserKeys($purpose, $uid) {
+        $this->keyStorage->backupUserKeys(Encryption::ID, $purpose, $uid);
+    }
+
+    /**
+     * creat a backup of the users private and public key and then  delete it
+     *
+     * @param string $uid
+     */
+    public function deleteUserKeys($uid) {
+        $this->deletePublicKey($uid);
+        $this->deletePrivateKey($uid);
+    }
+
+    /**
+     * @param $uid
+     * @return bool
+     */
+    public function deletePublicKey($uid) {
+        return $this->keyStorage->deleteUserKey($uid, $this->publicKeyId, Encryption::ID);
+    }
+
+    /**
+     * @param string $uid
+     * @return bool
+     */
+    private function deletePrivateKey($uid) {
+        return $this->keyStorage->deleteUserKey($uid, $this->privateKeyId, Encryption::ID);
+    }
+
+    /**
+     * @param string $path
+     * @return bool
+     */
+    public function deleteAllFileKeys($path) {
+        return $this->keyStorage->deleteAllFileKeys($path);
+    }
+
+    /**
+     * @param array $userIds
+     * @return array
+     * @throws PublicKeyMissingException
+     */
+    public function getPublicKeys(array $userIds) {
+        $keys = [];
+
+        foreach ($userIds as $userId) {
+            try {
+                $keys[$userId] = $this->getPublicKey($userId);
+            } catch (PublicKeyMissingException $e) {
+                continue;
+            }
+        }
+
+        return $keys;
+
+    }
+
+    /**
+     * @param string $keyId
+     * @return string returns openssl key
+     */
+    public function getSystemPrivateKey($keyId) {
+        return $this->keyStorage->getSystemUserKey($keyId . '.' . $this->privateKeyId, Encryption::ID);
+    }
+
+    /**
+     * @param string $keyId
+     * @param string $key
+     * @return string returns openssl key
+     */
+    public function setSystemPrivateKey($keyId, $key) {
+        return $this->keyStorage->setSystemUserKey(
+            $keyId . '.' . $this->privateKeyId,
+            $key,
+            Encryption::ID);
+    }
+
+    /**
+     * add system keys such as the public share key and the recovery key
+     *
+     * @param array $accessList
+     * @param array $publicKeys
+     * @param string $uid
+     * @return array
+     * @throws PublicKeyMissingException
+     */
+    public function addSystemKeys(array $accessList, array $publicKeys, $uid) {
+        if (!empty($accessList['public'])) {
+            $publicShareKey = $this->getPublicShareKey();
+            if (empty($publicShareKey)) {
+                throw new PublicKeyMissingException($this->getPublicShareKeyId());
+            }
+            $publicKeys[$this->getPublicShareKeyId()] = $publicShareKey;
+        }
+
+        if ($this->recoveryKeyExists() &&
+            $this->util->isRecoveryEnabledForUser($uid)) {
+
+            $publicKeys[$this->getRecoveryKeyId()] = $this->getRecoveryKey();
+        }
+
+        return $publicKeys;
+    }
+
+    /**
+     * get master key password
+     *
+     * @return string
+     * @throws \Exception
+     */
+    public function getMasterKeyPassword() {
+        $password = $this->config->getSystemValue('secret');
+        if (empty($password)){
+            throw new \Exception('Can not get secret from Nextcloud instance');
+        }
+
+        return $password;
+    }
+
+    /**
+     * return master key id
+     *
+     * @return string
+     */
+    public function getMasterKeyId() {
+        return $this->masterKeyId;
+    }
+
+    /**
+     * get public master key
+     *
+     * @return string
+     */
+    public function getPublicMasterKey() {
+        return $this->keyStorage->getSystemUserKey($this->masterKeyId . '.publicKey', Encryption::ID);
+    }
 }

apps/federatedfilesharing/lib/FederatedShareProvider.php

Doc Comments +2 added lines, -2 removed lines

@@ -391,7 +391,7 @@ 
 	/**
 	 * store remote ID in federated reShare table
 	 *
-	 * @param $shareId
+	 * @param integer $shareId
 	 * @param $remoteId
 	 */
 	public function storeRemoteId($shareId, $remoteId) {
@@ -729,7 +729,7 @@ 
 	/**
 	 * get database row of a give share
 	 *
-	 * @param $id
+	 * @param integer $id
 	 * @return array
 	 * @throws ShareNotFound
 	 */

Indentation +974 added lines, -974 removed lines

@@ -50,988 +50,988 @@
  */
 class FederatedShareProvider implements IShareProvider {
 
-	const SHARE_TYPE_REMOTE = 6;
-
-	/** @var IDBConnection */
-	private $dbConnection;
-
-	/** @var AddressHandler */
-	private $addressHandler;
-
-	/** @var Notifications */
-	private $notifications;
-
-	/** @var TokenHandler */
-	private $tokenHandler;
-
-	/** @var IL10N */
-	private $l;
-
-	/** @var ILogger */
-	private $logger;
-
-	/** @var IRootFolder */
-	private $rootFolder;
-
-	/** @var IConfig */
-	private $config;
-
-	/** @var string */
-	private $externalShareTable = 'share_external';
-
-	/** @var IUserManager */
-	private $userManager;
-
-	/** @var ICloudIdManager */
-	private $cloudIdManager;
-
-	/** @var \OCP\GlobalScale\IConfig */
-	private $gsConfig;
-
-	/**
-	 * DefaultShareProvider constructor.
-	 *
-	 * @param IDBConnection $connection
-	 * @param AddressHandler $addressHandler
-	 * @param Notifications $notifications
-	 * @param TokenHandler $tokenHandler
-	 * @param IL10N $l10n
-	 * @param ILogger $logger
-	 * @param IRootFolder $rootFolder
-	 * @param IConfig $config
-	 * @param IUserManager $userManager
-	 * @param ICloudIdManager $cloudIdManager
-	 * @param \OCP\GlobalScale\IConfig $globalScaleConfig
-	 */
-	public function __construct(
-			IDBConnection $connection,
-			AddressHandler $addressHandler,
-			Notifications $notifications,
-			TokenHandler $tokenHandler,
-			IL10N $l10n,
-			ILogger $logger,
-			IRootFolder $rootFolder,
-			IConfig $config,
-			IUserManager $userManager,
-			ICloudIdManager $cloudIdManager,
-			\OCP\GlobalScale\IConfig $globalScaleConfig
-	) {
-		$this->dbConnection = $connection;
-		$this->addressHandler = $addressHandler;
-		$this->notifications = $notifications;
-		$this->tokenHandler = $tokenHandler;
-		$this->l = $l10n;
-		$this->logger = $logger;
-		$this->rootFolder = $rootFolder;
-		$this->config = $config;
-		$this->userManager = $userManager;
-		$this->cloudIdManager = $cloudIdManager;
-		$this->gsConfig = $globalScaleConfig;
-	}
-
-	/**
-	 * Return the identifier of this provider.
-	 *
-	 * @return string Containing only [a-zA-Z0-9]
-	 */
-	public function identifier() {
-		return 'ocFederatedSharing';
-	}
-
-	/**
-	 * Share a path
-	 *
-	 * @param IShare $share
-	 * @return IShare The share object
-	 * @throws ShareNotFound
-	 * @throws \Exception
-	 */
-	public function create(IShare $share) {
-
-		$shareWith = $share->getSharedWith();
-		$itemSource = $share->getNodeId();
-		$itemType = $share->getNodeType();
-		$permissions = $share->getPermissions();
-		$sharedBy = $share->getSharedBy();
-
-		/*
+    const SHARE_TYPE_REMOTE = 6;
+
+    /** @var IDBConnection */
+    private $dbConnection;
+
+    /** @var AddressHandler */
+    private $addressHandler;
+
+    /** @var Notifications */
+    private $notifications;
+
+    /** @var TokenHandler */
+    private $tokenHandler;
+
+    /** @var IL10N */
+    private $l;
+
+    /** @var ILogger */
+    private $logger;
+
+    /** @var IRootFolder */
+    private $rootFolder;
+
+    /** @var IConfig */
+    private $config;
+
+    /** @var string */
+    private $externalShareTable = 'share_external';
+
+    /** @var IUserManager */
+    private $userManager;
+
+    /** @var ICloudIdManager */
+    private $cloudIdManager;
+
+    /** @var \OCP\GlobalScale\IConfig */
+    private $gsConfig;
+
+    /**
+     * DefaultShareProvider constructor.
+     *
+     * @param IDBConnection $connection
+     * @param AddressHandler $addressHandler
+     * @param Notifications $notifications
+     * @param TokenHandler $tokenHandler
+     * @param IL10N $l10n
+     * @param ILogger $logger
+     * @param IRootFolder $rootFolder
+     * @param IConfig $config
+     * @param IUserManager $userManager
+     * @param ICloudIdManager $cloudIdManager
+     * @param \OCP\GlobalScale\IConfig $globalScaleConfig
+     */
+    public function __construct(
+            IDBConnection $connection,
+            AddressHandler $addressHandler,
+            Notifications $notifications,
+            TokenHandler $tokenHandler,
+            IL10N $l10n,
+            ILogger $logger,
+            IRootFolder $rootFolder,
+            IConfig $config,
+            IUserManager $userManager,
+            ICloudIdManager $cloudIdManager,
+            \OCP\GlobalScale\IConfig $globalScaleConfig
+    ) {
+        $this->dbConnection = $connection;
+        $this->addressHandler = $addressHandler;
+        $this->notifications = $notifications;
+        $this->tokenHandler = $tokenHandler;
+        $this->l = $l10n;
+        $this->logger = $logger;
+        $this->rootFolder = $rootFolder;
+        $this->config = $config;
+        $this->userManager = $userManager;
+        $this->cloudIdManager = $cloudIdManager;
+        $this->gsConfig = $globalScaleConfig;
+    }
+
+    /**
+     * Return the identifier of this provider.
+     *
+     * @return string Containing only [a-zA-Z0-9]
+     */
+    public function identifier() {
+        return 'ocFederatedSharing';
+    }
+
+    /**
+     * Share a path
+     *
+     * @param IShare $share
+     * @return IShare The share object
+     * @throws ShareNotFound
+     * @throws \Exception
+     */
+    public function create(IShare $share) {
+
+        $shareWith = $share->getSharedWith();
+        $itemSource = $share->getNodeId();
+        $itemType = $share->getNodeType();
+        $permissions = $share->getPermissions();
+        $sharedBy = $share->getSharedBy();
+
+        /*
 		 * Check if file is not already shared with the remote user
 		 */
-		$alreadyShared = $this->getSharedWith($shareWith, self::SHARE_TYPE_REMOTE, $share->getNode(), 1, 0);
-		if (!empty($alreadyShared)) {
-			$message = 'Sharing %s failed, because this item is already shared with %s';
-			$message_t = $this->l->t('Sharing %s failed, because this item is already shared with %s', array($share->getNode()->getName(), $shareWith));
-			$this->logger->debug(sprintf($message, $share->getNode()->getName(), $shareWith), ['app' => 'Federated File Sharing']);
-			throw new \Exception($message_t);
-		}
-
-
-		// don't allow federated shares if source and target server are the same
-		$cloudId = $this->cloudIdManager->resolveCloudId($shareWith);
-		$currentServer = $this->addressHandler->generateRemoteURL();
-		$currentUser = $sharedBy;
-		if ($this->addressHandler->compareAddresses($cloudId->getUser(), $cloudId->getRemote(), $currentUser, $currentServer)) {
-			$message = 'Not allowed to create a federated share with the same user.';
-			$message_t = $this->l->t('Not allowed to create a federated share with the same user');
-			$this->logger->debug($message, ['app' => 'Federated File Sharing']);
-			throw new \Exception($message_t);
-		}
-
-
-		$share->setSharedWith($cloudId->getId());
-
-		try {
-			$remoteShare = $this->getShareFromExternalShareTable($share);
-		} catch (ShareNotFound $e) {
-			$remoteShare = null;
-		}
-
-		if ($remoteShare) {
-			try {
-				$ownerCloudId = $this->cloudIdManager->getCloudId($remoteShare['owner'], $remoteShare['remote']);
-				$shareId = $this->addShareToDB($itemSource, $itemType, $shareWith, $sharedBy, $ownerCloudId->getId(), $permissions, 'tmp_token_' . time());
-				$share->setId($shareId);
-				list($token, $remoteId) = $this->askOwnerToReShare($shareWith, $share, $shareId);
-				// remote share was create successfully if we get a valid token as return
-				$send = is_string($token) && $token !== '';
-			} catch (\Exception $e) {
-				// fall back to old re-share behavior if the remote server
-				// doesn't support flat re-shares (was introduced with Nextcloud 9.1)
-				$this->removeShareFromTable($share);
-				$shareId = $this->createFederatedShare($share);
-			}
-			if ($send) {
-				$this->updateSuccessfulReshare($shareId, $token);
-				$this->storeRemoteId($shareId, $remoteId);
-			} else {
-				$this->removeShareFromTable($share);
-				$message_t = $this->l->t('File is already shared with %s', [$shareWith]);
-				throw new \Exception($message_t);
-			}
-
-		} else {
-			$shareId = $this->createFederatedShare($share);
-		}
-
-		$data = $this->getRawShare($shareId);
-		return $this->createShareObject($data);
-	}
-
-	/**
-	 * create federated share and inform the recipient
-	 *
-	 * @param IShare $share
-	 * @return int
-	 * @throws ShareNotFound
-	 * @throws \Exception
-	 */
-	protected function createFederatedShare(IShare $share) {
-		$token = $this->tokenHandler->generateToken();
-		$shareId = $this->addShareToDB(
-			$share->getNodeId(),
-			$share->getNodeType(),
-			$share->getSharedWith(),
-			$share->getSharedBy(),
-			$share->getShareOwner(),
-			$share->getPermissions(),
-			$token
-		);
-
-		$failure = false;
-
-		try {
-			$sharedByFederatedId = $share->getSharedBy();
-			if ($this->userManager->userExists($sharedByFederatedId)) {
-				$cloudId = $this->cloudIdManager->getCloudId($sharedByFederatedId, $this->addressHandler->generateRemoteURL());
-				$sharedByFederatedId = $cloudId->getId();
-			}
-			$ownerCloudId = $this->cloudIdManager->getCloudId($share->getShareOwner(), $this->addressHandler->generateRemoteURL());
-			$send = $this->notifications->sendRemoteShare(
-				$token,
-				$share->getSharedWith(),
-				$share->getNode()->getName(),
-				$shareId,
-				$share->getShareOwner(),
-				$ownerCloudId->getId(),
-				$share->getSharedBy(),
-				$sharedByFederatedId
-			);
-
-			if ($send === false) {
-				$failure = true;
-			}
-		} catch (\Exception $e) {
-			$this->logger->error('Failed to notify remote server of federated share, removing share (' . $e->getMessage() . ')');
-			$failure = true;
-		}
-
-		if($failure) {
-			$this->removeShareFromTableById($shareId);
-			$message_t = $this->l->t('Sharing %s failed, could not find %s, maybe the server is currently unreachable or uses a self-signed certificate.',
-				[$share->getNode()->getName(), $share->getSharedWith()]);
-			throw new \Exception($message_t);
-		}
-
-		return $shareId;
-
-	}
-
-	/**
-	 * @param string $shareWith
-	 * @param IShare $share
-	 * @param string $shareId internal share Id
-	 * @return array
-	 * @throws \Exception
-	 */
-	protected function askOwnerToReShare($shareWith, IShare $share, $shareId) {
-
-		$remoteShare = $this->getShareFromExternalShareTable($share);
-		$token = $remoteShare['share_token'];
-		$remoteId = $remoteShare['remote_id'];
-		$remote = $remoteShare['remote'];
-
-		list($token, $remoteId) = $this->notifications->requestReShare(
-			$token,
-			$remoteId,
-			$shareId,
-			$remote,
-			$shareWith,
-			$share->getPermissions()
-		);
-
-		return [$token, $remoteId];
-	}
-
-	/**
-	 * get federated share from the share_external table but exclude mounted link shares
-	 *
-	 * @param IShare $share
-	 * @return array
-	 * @throws ShareNotFound
-	 */
-	protected function getShareFromExternalShareTable(IShare $share) {
-		$query = $this->dbConnection->getQueryBuilder();
-		$query->select('*')->from($this->externalShareTable)
-			->where($query->expr()->eq('user', $query->createNamedParameter($share->getShareOwner())))
-			->andWhere($query->expr()->eq('mountpoint', $query->createNamedParameter($share->getTarget())));
-		$result = $query->execute()->fetchAll();
-
-		if (isset($result[0]) && (int)$result[0]['remote_id'] > 0) {
-			return $result[0];
-		}
-
-		throw new ShareNotFound('share not found in share_external table');
-	}
-
-	/**
-	 * add share to the database and return the ID
-	 *
-	 * @param int $itemSource
-	 * @param string $itemType
-	 * @param string $shareWith
-	 * @param string $sharedBy
-	 * @param string $uidOwner
-	 * @param int $permissions
-	 * @param string $token
-	 * @return int
-	 */
-	private function addShareToDB($itemSource, $itemType, $shareWith, $sharedBy, $uidOwner, $permissions, $token) {
-		$qb = $this->dbConnection->getQueryBuilder();
-		$qb->insert('share')
-			->setValue('share_type', $qb->createNamedParameter(self::SHARE_TYPE_REMOTE))
-			->setValue('item_type', $qb->createNamedParameter($itemType))
-			->setValue('item_source', $qb->createNamedParameter($itemSource))
-			->setValue('file_source', $qb->createNamedParameter($itemSource))
-			->setValue('share_with', $qb->createNamedParameter($shareWith))
-			->setValue('uid_owner', $qb->createNamedParameter($uidOwner))
-			->setValue('uid_initiator', $qb->createNamedParameter($sharedBy))
-			->setValue('permissions', $qb->createNamedParameter($permissions))
-			->setValue('token', $qb->createNamedParameter($token))
-			->setValue('stime', $qb->createNamedParameter(time()));
-
-		/*
+        $alreadyShared = $this->getSharedWith($shareWith, self::SHARE_TYPE_REMOTE, $share->getNode(), 1, 0);
+        if (!empty($alreadyShared)) {
+            $message = 'Sharing %s failed, because this item is already shared with %s';
+            $message_t = $this->l->t('Sharing %s failed, because this item is already shared with %s', array($share->getNode()->getName(), $shareWith));
+            $this->logger->debug(sprintf($message, $share->getNode()->getName(), $shareWith), ['app' => 'Federated File Sharing']);
+            throw new \Exception($message_t);
+        }
+
+
+        // don't allow federated shares if source and target server are the same
+        $cloudId = $this->cloudIdManager->resolveCloudId($shareWith);
+        $currentServer = $this->addressHandler->generateRemoteURL();
+        $currentUser = $sharedBy;
+        if ($this->addressHandler->compareAddresses($cloudId->getUser(), $cloudId->getRemote(), $currentUser, $currentServer)) {
+            $message = 'Not allowed to create a federated share with the same user.';
+            $message_t = $this->l->t('Not allowed to create a federated share with the same user');
+            $this->logger->debug($message, ['app' => 'Federated File Sharing']);
+            throw new \Exception($message_t);
+        }
+
+
+        $share->setSharedWith($cloudId->getId());
+
+        try {
+            $remoteShare = $this->getShareFromExternalShareTable($share);
+        } catch (ShareNotFound $e) {
+            $remoteShare = null;
+        }
+
+        if ($remoteShare) {
+            try {
+                $ownerCloudId = $this->cloudIdManager->getCloudId($remoteShare['owner'], $remoteShare['remote']);
+                $shareId = $this->addShareToDB($itemSource, $itemType, $shareWith, $sharedBy, $ownerCloudId->getId(), $permissions, 'tmp_token_' . time());
+                $share->setId($shareId);
+                list($token, $remoteId) = $this->askOwnerToReShare($shareWith, $share, $shareId);
+                // remote share was create successfully if we get a valid token as return
+                $send = is_string($token) && $token !== '';
+            } catch (\Exception $e) {
+                // fall back to old re-share behavior if the remote server
+                // doesn't support flat re-shares (was introduced with Nextcloud 9.1)
+                $this->removeShareFromTable($share);
+                $shareId = $this->createFederatedShare($share);
+            }
+            if ($send) {
+                $this->updateSuccessfulReshare($shareId, $token);
+                $this->storeRemoteId($shareId, $remoteId);
+            } else {
+                $this->removeShareFromTable($share);
+                $message_t = $this->l->t('File is already shared with %s', [$shareWith]);
+                throw new \Exception($message_t);
+            }
+
+        } else {
+            $shareId = $this->createFederatedShare($share);
+        }
+
+        $data = $this->getRawShare($shareId);
+        return $this->createShareObject($data);
+    }
+
+    /**
+     * create federated share and inform the recipient
+     *
+     * @param IShare $share
+     * @return int
+     * @throws ShareNotFound
+     * @throws \Exception
+     */
+    protected function createFederatedShare(IShare $share) {
+        $token = $this->tokenHandler->generateToken();
+        $shareId = $this->addShareToDB(
+            $share->getNodeId(),
+            $share->getNodeType(),
+            $share->getSharedWith(),
+            $share->getSharedBy(),
+            $share->getShareOwner(),
+            $share->getPermissions(),
+            $token
+        );
+
+        $failure = false;
+
+        try {
+            $sharedByFederatedId = $share->getSharedBy();
+            if ($this->userManager->userExists($sharedByFederatedId)) {
+                $cloudId = $this->cloudIdManager->getCloudId($sharedByFederatedId, $this->addressHandler->generateRemoteURL());
+                $sharedByFederatedId = $cloudId->getId();
+            }
+            $ownerCloudId = $this->cloudIdManager->getCloudId($share->getShareOwner(), $this->addressHandler->generateRemoteURL());
+            $send = $this->notifications->sendRemoteShare(
+                $token,
+                $share->getSharedWith(),
+                $share->getNode()->getName(),
+                $shareId,
+                $share->getShareOwner(),
+                $ownerCloudId->getId(),
+                $share->getSharedBy(),
+                $sharedByFederatedId
+            );
+
+            if ($send === false) {
+                $failure = true;
+            }
+        } catch (\Exception $e) {
+            $this->logger->error('Failed to notify remote server of federated share, removing share (' . $e->getMessage() . ')');
+            $failure = true;
+        }
+
+        if($failure) {
+            $this->removeShareFromTableById($shareId);
+            $message_t = $this->l->t('Sharing %s failed, could not find %s, maybe the server is currently unreachable or uses a self-signed certificate.',
+                [$share->getNode()->getName(), $share->getSharedWith()]);
+            throw new \Exception($message_t);
+        }
+
+        return $shareId;
+
+    }
+
+    /**
+     * @param string $shareWith
+     * @param IShare $share
+     * @param string $shareId internal share Id
+     * @return array
+     * @throws \Exception
+     */
+    protected function askOwnerToReShare($shareWith, IShare $share, $shareId) {
+
+        $remoteShare = $this->getShareFromExternalShareTable($share);
+        $token = $remoteShare['share_token'];
+        $remoteId = $remoteShare['remote_id'];
+        $remote = $remoteShare['remote'];
+
+        list($token, $remoteId) = $this->notifications->requestReShare(
+            $token,
+            $remoteId,
+            $shareId,
+            $remote,
+            $shareWith,
+            $share->getPermissions()
+        );
+
+        return [$token, $remoteId];
+    }
+
+    /**
+     * get federated share from the share_external table but exclude mounted link shares
+     *
+     * @param IShare $share
+     * @return array
+     * @throws ShareNotFound
+     */
+    protected function getShareFromExternalShareTable(IShare $share) {
+        $query = $this->dbConnection->getQueryBuilder();
+        $query->select('*')->from($this->externalShareTable)
+            ->where($query->expr()->eq('user', $query->createNamedParameter($share->getShareOwner())))
+            ->andWhere($query->expr()->eq('mountpoint', $query->createNamedParameter($share->getTarget())));
+        $result = $query->execute()->fetchAll();
+
+        if (isset($result[0]) && (int)$result[0]['remote_id'] > 0) {
+            return $result[0];
+        }
+
+        throw new ShareNotFound('share not found in share_external table');
+    }
+
+    /**
+     * add share to the database and return the ID
+     *
+     * @param int $itemSource
+     * @param string $itemType
+     * @param string $shareWith
+     * @param string $sharedBy
+     * @param string $uidOwner
+     * @param int $permissions
+     * @param string $token
+     * @return int
+     */
+    private function addShareToDB($itemSource, $itemType, $shareWith, $sharedBy, $uidOwner, $permissions, $token) {
+        $qb = $this->dbConnection->getQueryBuilder();
+        $qb->insert('share')
+            ->setValue('share_type', $qb->createNamedParameter(self::SHARE_TYPE_REMOTE))
+            ->setValue('item_type', $qb->createNamedParameter($itemType))
+            ->setValue('item_source', $qb->createNamedParameter($itemSource))
+            ->setValue('file_source', $qb->createNamedParameter($itemSource))
+            ->setValue('share_with', $qb->createNamedParameter($shareWith))
+            ->setValue('uid_owner', $qb->createNamedParameter($uidOwner))
+            ->setValue('uid_initiator', $qb->createNamedParameter($sharedBy))
+            ->setValue('permissions', $qb->createNamedParameter($permissions))
+            ->setValue('token', $qb->createNamedParameter($token))
+            ->setValue('stime', $qb->createNamedParameter(time()));
+
+        /*
 		 * Added to fix https://github.com/owncloud/core/issues/22215
 		 * Can be removed once we get rid of ajax/share.php
 		 */
-		$qb->setValue('file_target', $qb->createNamedParameter(''));
-
-		$qb->execute();
-		$id = $qb->getLastInsertId();
-
-		return (int)$id;
-	}
-
-	/**
-	 * Update a share
-	 *
-	 * @param IShare $share
-	 * @return IShare The share object
-	 */
-	public function update(IShare $share) {
-		/*
+        $qb->setValue('file_target', $qb->createNamedParameter(''));
+
+        $qb->execute();
+        $id = $qb->getLastInsertId();
+
+        return (int)$id;
+    }
+
+    /**
+     * Update a share
+     *
+     * @param IShare $share
+     * @return IShare The share object
+     */
+    public function update(IShare $share) {
+        /*
 		 * We allow updating the permissions of federated shares
 		 */
-		$qb = $this->dbConnection->getQueryBuilder();
-			$qb->update('share')
-				->where($qb->expr()->eq('id', $qb->createNamedParameter($share->getId())))
-				->set('permissions', $qb->createNamedParameter($share->getPermissions()))
-				->set('uid_owner', $qb->createNamedParameter($share->getShareOwner()))
-				->set('uid_initiator', $qb->createNamedParameter($share->getSharedBy()))
-				->execute();
-
-		// send the updated permission to the owner/initiator, if they are not the same
-		if ($share->getShareOwner() !== $share->getSharedBy()) {
-			$this->sendPermissionUpdate($share);
-		}
-
-		return $share;
-	}
-
-	/**
-	 * send the updated permission to the owner/initiator, if they are not the same
-	 *
-	 * @param IShare $share
-	 * @throws ShareNotFound
-	 * @throws \OC\HintException
-	 */
-	protected function sendPermissionUpdate(IShare $share) {
-		$remoteId = $this->getRemoteId($share);
-		// if the local user is the owner we send the permission change to the initiator
-		if ($this->userManager->userExists($share->getShareOwner())) {
-			list(, $remote) = $this->addressHandler->splitUserRemote($share->getSharedBy());
-		} else { // ... if not we send the permission change to the owner
-			list(, $remote) = $this->addressHandler->splitUserRemote($share->getShareOwner());
-		}
-		$this->notifications->sendPermissionChange($remote, $remoteId, $share->getToken(), $share->getPermissions());
-	}
-
-
-	/**
-	 * update successful reShare with the correct token
-	 *
-	 * @param int $shareId
-	 * @param string $token
-	 */
-	protected function updateSuccessfulReShare($shareId, $token) {
-		$query = $this->dbConnection->getQueryBuilder();
-		$query->update('share')
-			->where($query->expr()->eq('id', $query->createNamedParameter($shareId)))
-			->set('token', $query->createNamedParameter($token))
-			->execute();
-	}
-
-	/**
-	 * store remote ID in federated reShare table
-	 *
-	 * @param $shareId
-	 * @param $remoteId
-	 */
-	public function storeRemoteId($shareId, $remoteId) {
-		$query = $this->dbConnection->getQueryBuilder();
-		$query->insert('federated_reshares')
-			->values(
-				[
-					'share_id' =>  $query->createNamedParameter($shareId),
-					'remote_id' => $query->createNamedParameter($remoteId),
-				]
-			);
-		$query->execute();
-	}
-
-	/**
-	 * get share ID on remote server for federated re-shares
-	 *
-	 * @param IShare $share
-	 * @return int
-	 * @throws ShareNotFound
-	 */
-	public function getRemoteId(IShare $share) {
-		$query = $this->dbConnection->getQueryBuilder();
-		$query->select('remote_id')->from('federated_reshares')
-			->where($query->expr()->eq('share_id', $query->createNamedParameter((int)$share->getId())));
-		$data = $query->execute()->fetch();
-
-		if (!is_array($data) || !isset($data['remote_id'])) {
-			throw new ShareNotFound();
-		}
-
-		return (int)$data['remote_id'];
-	}
-
-	/**
-	 * @inheritdoc
-	 */
-	public function move(IShare $share, $recipient) {
-		/*
+        $qb = $this->dbConnection->getQueryBuilder();
+            $qb->update('share')
+                ->where($qb->expr()->eq('id', $qb->createNamedParameter($share->getId())))
+                ->set('permissions', $qb->createNamedParameter($share->getPermissions()))
+                ->set('uid_owner', $qb->createNamedParameter($share->getShareOwner()))
+                ->set('uid_initiator', $qb->createNamedParameter($share->getSharedBy()))
+                ->execute();
+
+        // send the updated permission to the owner/initiator, if they are not the same
+        if ($share->getShareOwner() !== $share->getSharedBy()) {
+            $this->sendPermissionUpdate($share);
+        }
+
+        return $share;
+    }
+
+    /**
+     * send the updated permission to the owner/initiator, if they are not the same
+     *
+     * @param IShare $share
+     * @throws ShareNotFound
+     * @throws \OC\HintException
+     */
+    protected function sendPermissionUpdate(IShare $share) {
+        $remoteId = $this->getRemoteId($share);
+        // if the local user is the owner we send the permission change to the initiator
+        if ($this->userManager->userExists($share->getShareOwner())) {
+            list(, $remote) = $this->addressHandler->splitUserRemote($share->getSharedBy());
+        } else { // ... if not we send the permission change to the owner
+            list(, $remote) = $this->addressHandler->splitUserRemote($share->getShareOwner());
+        }
+        $this->notifications->sendPermissionChange($remote, $remoteId, $share->getToken(), $share->getPermissions());
+    }
+
+
+    /**
+     * update successful reShare with the correct token
+     *
+     * @param int $shareId
+     * @param string $token
+     */
+    protected function updateSuccessfulReShare($shareId, $token) {
+        $query = $this->dbConnection->getQueryBuilder();
+        $query->update('share')
+            ->where($query->expr()->eq('id', $query->createNamedParameter($shareId)))
+            ->set('token', $query->createNamedParameter($token))
+            ->execute();
+    }
+
+    /**
+     * store remote ID in federated reShare table
+     *
+     * @param $shareId
+     * @param $remoteId
+     */
+    public function storeRemoteId($shareId, $remoteId) {
+        $query = $this->dbConnection->getQueryBuilder();
+        $query->insert('federated_reshares')
+            ->values(
+                [
+                    'share_id' =>  $query->createNamedParameter($shareId),
+                    'remote_id' => $query->createNamedParameter($remoteId),
+                ]
+            );
+        $query->execute();
+    }
+
+    /**
+     * get share ID on remote server for federated re-shares
+     *
+     * @param IShare $share
+     * @return int
+     * @throws ShareNotFound
+     */
+    public function getRemoteId(IShare $share) {
+        $query = $this->dbConnection->getQueryBuilder();
+        $query->select('remote_id')->from('federated_reshares')
+            ->where($query->expr()->eq('share_id', $query->createNamedParameter((int)$share->getId())));
+        $data = $query->execute()->fetch();
+
+        if (!is_array($data) || !isset($data['remote_id'])) {
+            throw new ShareNotFound();
+        }
+
+        return (int)$data['remote_id'];
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function move(IShare $share, $recipient) {
+        /*
 		 * This function does nothing yet as it is just for outgoing
 		 * federated shares.
 		 */
-		return $share;
-	}
-
-	/**
-	 * Get all children of this share
-	 *
-	 * @param IShare $parent
-	 * @return IShare[]
-	 */
-	public function getChildren(IShare $parent) {
-		$children = [];
-
-		$qb = $this->dbConnection->getQueryBuilder();
-		$qb->select('*')
-			->from('share')
-			->where($qb->expr()->eq('parent', $qb->createNamedParameter($parent->getId())))
-			->andWhere($qb->expr()->eq('share_type', $qb->createNamedParameter(self::SHARE_TYPE_REMOTE)))
-			->orderBy('id');
-
-		$cursor = $qb->execute();
-		while($data = $cursor->fetch()) {
-			$children[] = $this->createShareObject($data);
-		}
-		$cursor->closeCursor();
-
-		return $children;
-	}
-
-	/**
-	 * Delete a share (owner unShares the file)
-	 *
-	 * @param IShare $share
-	 */
-	public function delete(IShare $share) {
-
-		list(, $remote) = $this->addressHandler->splitUserRemote($share->getSharedWith());
-
-		$isOwner = false;
-
-		$this->removeShareFromTable($share);
-
-		// if the local user is the owner we can send the unShare request directly...
-		if ($this->userManager->userExists($share->getShareOwner())) {
-			$this->notifications->sendRemoteUnShare($remote, $share->getId(), $share->getToken());
-			$this->revokeShare($share, true);
-			$isOwner = true;
-		} else { // ... if not we need to correct ID for the unShare request
-			$remoteId = $this->getRemoteId($share);
-			$this->notifications->sendRemoteUnShare($remote, $remoteId, $share->getToken());
-			$this->revokeShare($share, false);
-		}
-
-		// send revoke notification to the other user, if initiator and owner are not the same user
-		if ($share->getShareOwner() !== $share->getSharedBy()) {
-			$remoteId = $this->getRemoteId($share);
-			if ($isOwner) {
-				list(, $remote) = $this->addressHandler->splitUserRemote($share->getSharedBy());
-			} else {
-				list(, $remote) = $this->addressHandler->splitUserRemote($share->getShareOwner());
-			}
-			$this->notifications->sendRevokeShare($remote, $remoteId, $share->getToken());
-		}
-	}
-
-	/**
-	 * in case of a re-share we need to send the other use (initiator or owner)
-	 * a message that the file was unshared
-	 *
-	 * @param IShare $share
-	 * @param bool $isOwner the user can either be the owner or the user who re-sahred it
-	 * @throws ShareNotFound
-	 * @throws \OC\HintException
-	 */
-	protected function revokeShare($share, $isOwner) {
-		// also send a unShare request to the initiator, if this is a different user than the owner
-		if ($share->getShareOwner() !== $share->getSharedBy()) {
-			if ($isOwner) {
-				list(, $remote) = $this->addressHandler->splitUserRemote($share->getSharedBy());
-			} else {
-				list(, $remote) = $this->addressHandler->splitUserRemote($share->getShareOwner());
-			}
-			$remoteId = $this->getRemoteId($share);
-			$this->notifications->sendRevokeShare($remote, $remoteId, $share->getToken());
-		}
-	}
-
-	/**
-	 * remove share from table
-	 *
-	 * @param IShare $share
-	 */
-	public function removeShareFromTable(IShare $share) {
-		$this->removeShareFromTableById($share->getId());
-	}
-
-	/**
-	 * remove share from table
-	 *
-	 * @param string $shareId
-	 */
-	private function removeShareFromTableById($shareId) {
-		$qb = $this->dbConnection->getQueryBuilder();
-		$qb->delete('share')
-			->where($qb->expr()->eq('id', $qb->createNamedParameter($shareId)));
-		$qb->execute();
-
-		$qb->delete('federated_reshares')
-			->where($qb->expr()->eq('share_id', $qb->createNamedParameter($shareId)));
-		$qb->execute();
-	}
-
-	/**
-	 * @inheritdoc
-	 */
-	public function deleteFromSelf(IShare $share, $recipient) {
-		// nothing to do here. Technically deleteFromSelf in the context of federated
-		// shares is a umount of a external storage. This is handled here
-		// apps/files_sharing/lib/external/manager.php
-		// TODO move this code over to this app
-		return;
-	}
-
-
-	public function getSharesInFolder($userId, Folder $node, $reshares) {
-		$qb = $this->dbConnection->getQueryBuilder();
-		$qb->select('*')
-			->from('share', 's')
-			->andWhere($qb->expr()->orX(
-				$qb->expr()->eq('item_type', $qb->createNamedParameter('file')),
-				$qb->expr()->eq('item_type', $qb->createNamedParameter('folder'))
-			))
-			->andWhere(
-				$qb->expr()->eq('share_type', $qb->createNamedParameter(\OCP\Share::SHARE_TYPE_REMOTE))
-			);
-
-		/**
-		 * Reshares for this user are shares where they are the owner.
-		 */
-		if ($reshares === false) {
-			$qb->andWhere($qb->expr()->eq('uid_initiator', $qb->createNamedParameter($userId)));
-		} else {
-			$qb->andWhere(
-				$qb->expr()->orX(
-					$qb->expr()->eq('uid_owner', $qb->createNamedParameter($userId)),
-					$qb->expr()->eq('uid_initiator', $qb->createNamedParameter($userId))
-				)
-			);
-		}
-
-		$qb->innerJoin('s', 'filecache' ,'f', $qb->expr()->eq('s.file_source', 'f.fileid'));
-		$qb->andWhere($qb->expr()->eq('f.parent', $qb->createNamedParameter($node->getId())));
-
-		$qb->orderBy('id');
-
-		$cursor = $qb->execute();
-		$shares = [];
-		while ($data = $cursor->fetch()) {
-			$shares[$data['fileid']][] = $this->createShareObject($data);
-		}
-		$cursor->closeCursor();
-
-		return $shares;
-	}
-
-	/**
-	 * @inheritdoc
-	 */
-	public function getSharesBy($userId, $shareType, $node, $reshares, $limit, $offset) {
-		$qb = $this->dbConnection->getQueryBuilder();
-		$qb->select('*')
-			->from('share');
-
-		$qb->andWhere($qb->expr()->eq('share_type', $qb->createNamedParameter(self::SHARE_TYPE_REMOTE)));
-
-		/**
-		 * Reshares for this user are shares where they are the owner.
-		 */
-		if ($reshares === false) {
-			//Special case for old shares created via the web UI
-			$or1 = $qb->expr()->andX(
-				$qb->expr()->eq('uid_owner', $qb->createNamedParameter($userId)),
-				$qb->expr()->isNull('uid_initiator')
-			);
-
-			$qb->andWhere(
-				$qb->expr()->orX(
-					$qb->expr()->eq('uid_initiator', $qb->createNamedParameter($userId)),
-					$or1
-				)
-			);
-		} else {
-			$qb->andWhere(
-				$qb->expr()->orX(
-					$qb->expr()->eq('uid_owner', $qb->createNamedParameter($userId)),
-					$qb->expr()->eq('uid_initiator', $qb->createNamedParameter($userId))
-				)
-			);
-		}
-
-		if ($node !== null) {
-			$qb->andWhere($qb->expr()->eq('file_source', $qb->createNamedParameter($node->getId())));
-		}
-
-		if ($limit !== -1) {
-			$qb->setMaxResults($limit);
-		}
-
-		$qb->setFirstResult($offset);
-		$qb->orderBy('id');
-
-		$cursor = $qb->execute();
-		$shares = [];
-		while($data = $cursor->fetch()) {
-			$shares[] = $this->createShareObject($data);
-		}
-		$cursor->closeCursor();
-
-		return $shares;
-	}
-
-	/**
-	 * @inheritdoc
-	 */
-	public function getShareById($id, $recipientId = null) {
-		$qb = $this->dbConnection->getQueryBuilder();
-
-		$qb->select('*')
-			->from('share')
-			->where($qb->expr()->eq('id', $qb->createNamedParameter($id)))
-			->andWhere($qb->expr()->eq('share_type', $qb->createNamedParameter(self::SHARE_TYPE_REMOTE)));
-
-		$cursor = $qb->execute();
-		$data = $cursor->fetch();
-		$cursor->closeCursor();
-
-		if ($data === false) {
-			throw new ShareNotFound();
-		}
-
-		try {
-			$share = $this->createShareObject($data);
-		} catch (InvalidShare $e) {
-			throw new ShareNotFound();
-		}
-
-		return $share;
-	}
-
-	/**
-	 * Get shares for a given path
-	 *
-	 * @param \OCP\Files\Node $path
-	 * @return IShare[]
-	 */
-	public function getSharesByPath(Node $path) {
-		$qb = $this->dbConnection->getQueryBuilder();
-
-		$cursor = $qb->select('*')
-			->from('share')
-			->andWhere($qb->expr()->eq('file_source', $qb->createNamedParameter($path->getId())))
-			->andWhere($qb->expr()->eq('share_type', $qb->createNamedParameter(self::SHARE_TYPE_REMOTE)))
-			->execute();
-
-		$shares = [];
-		while($data = $cursor->fetch()) {
-			$shares[] = $this->createShareObject($data);
-		}
-		$cursor->closeCursor();
-
-		return $shares;
-	}
-
-	/**
-	 * @inheritdoc
-	 */
-	public function getSharedWith($userId, $shareType, $node, $limit, $offset) {
-		/** @var IShare[] $shares */
-		$shares = [];
-
-		//Get shares directly with this user
-		$qb = $this->dbConnection->getQueryBuilder();
-		$qb->select('*')
-			->from('share');
-
-		// Order by id
-		$qb->orderBy('id');
-
-		// Set limit and offset
-		if ($limit !== -1) {
-			$qb->setMaxResults($limit);
-		}
-		$qb->setFirstResult($offset);
-
-		$qb->where($qb->expr()->eq('share_type', $qb->createNamedParameter(self::SHARE_TYPE_REMOTE)));
-		$qb->andWhere($qb->expr()->eq('share_with', $qb->createNamedParameter($userId)));
-
-		// Filter by node if provided
-		if ($node !== null) {
-			$qb->andWhere($qb->expr()->eq('file_source', $qb->createNamedParameter($node->getId())));
-		}
-
-		$cursor = $qb->execute();
-
-		while($data = $cursor->fetch()) {
-			$shares[] = $this->createShareObject($data);
-		}
-		$cursor->closeCursor();
-
-
-		return $shares;
-	}
-
-	/**
-	 * Get a share by token
-	 *
-	 * @param string $token
-	 * @return IShare
-	 * @throws ShareNotFound
-	 */
-	public function getShareByToken($token) {
-		$qb = $this->dbConnection->getQueryBuilder();
-
-		$cursor = $qb->select('*')
-			->from('share')
-			->where($qb->expr()->eq('share_type', $qb->createNamedParameter(self::SHARE_TYPE_REMOTE)))
-			->andWhere($qb->expr()->eq('token', $qb->createNamedParameter($token)))
-			->execute();
-
-		$data = $cursor->fetch();
-
-		if ($data === false) {
-			throw new ShareNotFound('Share not found', $this->l->t('Could not find share'));
-		}
-
-		try {
-			$share = $this->createShareObject($data);
-		} catch (InvalidShare $e) {
-			throw new ShareNotFound('Share not found', $this->l->t('Could not find share'));
-		}
-
-		return $share;
-	}
-
-	/**
-	 * get database row of a give share
-	 *
-	 * @param $id
-	 * @return array
-	 * @throws ShareNotFound
-	 */
-	private function getRawShare($id) {
-
-		// Now fetch the inserted share and create a complete share object
-		$qb = $this->dbConnection->getQueryBuilder();
-		$qb->select('*')
-			->from('share')
-			->where($qb->expr()->eq('id', $qb->createNamedParameter($id)));
-
-		$cursor = $qb->execute();
-		$data = $cursor->fetch();
-		$cursor->closeCursor();
-
-		if ($data === false) {
-			throw new ShareNotFound;
-		}
-
-		return $data;
-	}
-
-	/**
-	 * Create a share object from an database row
-	 *
-	 * @param array $data
-	 * @return IShare
-	 * @throws InvalidShare
-	 * @throws ShareNotFound
-	 */
-	private function createShareObject($data) {
-
-		$share = new Share($this->rootFolder, $this->userManager);
-		$share->setId((int)$data['id'])
-			->setShareType((int)$data['share_type'])
-			->setPermissions((int)$data['permissions'])
-			->setTarget($data['file_target'])
-			->setMailSend((bool)$data['mail_send'])
-			->setToken($data['token']);
-
-		$shareTime = new \DateTime();
-		$shareTime->setTimestamp((int)$data['stime']);
-		$share->setShareTime($shareTime);
-		$share->setSharedWith($data['share_with']);
-
-		if ($data['uid_initiator'] !== null) {
-			$share->setShareOwner($data['uid_owner']);
-			$share->setSharedBy($data['uid_initiator']);
-		} else {
-			//OLD SHARE
-			$share->setSharedBy($data['uid_owner']);
-			$path = $this->getNode($share->getSharedBy(), (int)$data['file_source']);
-
-			$owner = $path->getOwner();
-			$share->setShareOwner($owner->getUID());
-		}
-
-		$share->setNodeId((int)$data['file_source']);
-		$share->setNodeType($data['item_type']);
-
-		$share->setProviderId($this->identifier());
-
-		return $share;
-	}
-
-	/**
-	 * Get the node with file $id for $user
-	 *
-	 * @param string $userId
-	 * @param int $id
-	 * @return \OCP\Files\File|\OCP\Files\Folder
-	 * @throws InvalidShare
-	 */
-	private function getNode($userId, $id) {
-		try {
-			$userFolder = $this->rootFolder->getUserFolder($userId);
-		} catch (NotFoundException $e) {
-			throw new InvalidShare();
-		}
-
-		$nodes = $userFolder->getById($id);
-
-		if (empty($nodes)) {
-			throw new InvalidShare();
-		}
-
-		return $nodes[0];
-	}
-
-	/**
-	 * A user is deleted from the system
-	 * So clean up the relevant shares.
-	 *
-	 * @param string $uid
-	 * @param int $shareType
-	 */
-	public function userDeleted($uid, $shareType) {
-		//TODO: probabaly a good idea to send unshare info to remote servers
-
-		$qb = $this->dbConnection->getQueryBuilder();
-
-		$qb->delete('share')
-			->where($qb->expr()->eq('share_type', $qb->createNamedParameter(\OCP\Share::SHARE_TYPE_REMOTE)))
-			->andWhere($qb->expr()->eq('uid_owner', $qb->createNamedParameter($uid)))
-			->execute();
-	}
-
-	/**
-	 * This provider does not handle groups
-	 *
-	 * @param string $gid
-	 */
-	public function groupDeleted($gid) {
-		// We don't handle groups here
-		return;
-	}
-
-	/**
-	 * This provider does not handle groups
-	 *
-	 * @param string $uid
-	 * @param string $gid
-	 */
-	public function userDeletedFromGroup($uid, $gid) {
-		// We don't handle groups here
-		return;
-	}
-
-	/**
-	 * check if users from other Nextcloud instances are allowed to mount public links share by this instance
-	 *
-	 * @return bool
-	 */
-	public function isOutgoingServer2serverShareEnabled() {
-		if ($this->gsConfig->onlyInternalFederation()) {
-			return false;
-		}
-		$result = $this->config->getAppValue('files_sharing', 'outgoing_server2server_share_enabled', 'yes');
-		return ($result === 'yes');
-	}
-
-	/**
-	 * check if users are allowed to mount public links from other Nextclouds
-	 *
-	 * @return bool
-	 */
-	public function isIncomingServer2serverShareEnabled() {
-		if ($this->gsConfig->onlyInternalFederation()) {
-			return false;
-		}
-		$result = $this->config->getAppValue('files_sharing', 'incoming_server2server_share_enabled', 'yes');
-		return ($result === 'yes');
-	}
-
-	/**
-	 * Check if querying sharees on the lookup server is enabled
-	 *
-	 * @return bool
-	 */
-	public function isLookupServerQueriesEnabled() {
-		// in a global scale setup we should always query the lookup server
-		if ($this->gsConfig->isGlobalScaleEnabled()) {
-			return true;
-		}
-		$result = $this->config->getAppValue('files_sharing', 'lookupServerEnabled', 'no');
-		return ($result === 'yes');
-	}
-
-
-	/**
-	 * Check if it is allowed to publish user specific data to the lookup server
-	 *
-	 * @return bool
-	 */
-	public function isLookupServerUploadEnabled() {
-		// in a global scale setup the admin is responsible to keep the lookup server up-to-date
-		if ($this->gsConfig->isGlobalScaleEnabled()) {
-			return false;
-		}
-		$result = $this->config->getAppValue('files_sharing', 'lookupServerUploadEnabled', 'yes');
-		return ($result === 'yes');
-	}
-
-	/**
-	 * @inheritdoc
-	 */
-	public function getAccessList($nodes, $currentAccess) {
-		$ids = [];
-		foreach ($nodes as $node) {
-			$ids[] = $node->getId();
-		}
-
-		$qb = $this->dbConnection->getQueryBuilder();
-		$qb->select('share_with', 'token', 'file_source')
-			->from('share')
-			->where($qb->expr()->eq('share_type', $qb->createNamedParameter(\OCP\Share::SHARE_TYPE_REMOTE)))
-			->andWhere($qb->expr()->in('file_source', $qb->createNamedParameter($ids, IQueryBuilder::PARAM_INT_ARRAY)))
-			->andWhere($qb->expr()->orX(
-				$qb->expr()->eq('item_type', $qb->createNamedParameter('file')),
-				$qb->expr()->eq('item_type', $qb->createNamedParameter('folder'))
-			));
-		$cursor = $qb->execute();
-
-		if ($currentAccess === false) {
-			$remote = $cursor->fetch() !== false;
-			$cursor->closeCursor();
-
-			return ['remote' => $remote];
-		}
-
-		$remote = [];
-		while ($row = $cursor->fetch()) {
-			$remote[$row['share_with']] = [
-				'node_id' => $row['file_source'],
-				'token' => $row['token'],
-			];
-		}
-		$cursor->closeCursor();
-
-		return ['remote' => $remote];
-	}
+        return $share;
+    }
+
+    /**
+     * Get all children of this share
+     *
+     * @param IShare $parent
+     * @return IShare[]
+     */
+    public function getChildren(IShare $parent) {
+        $children = [];
+
+        $qb = $this->dbConnection->getQueryBuilder();
+        $qb->select('*')
+            ->from('share')
+            ->where($qb->expr()->eq('parent', $qb->createNamedParameter($parent->getId())))
+            ->andWhere($qb->expr()->eq('share_type', $qb->createNamedParameter(self::SHARE_TYPE_REMOTE)))
+            ->orderBy('id');
+
+        $cursor = $qb->execute();
+        while($data = $cursor->fetch()) {
+            $children[] = $this->createShareObject($data);
+        }
+        $cursor->closeCursor();
+
+        return $children;
+    }
+
+    /**
+     * Delete a share (owner unShares the file)
+     *
+     * @param IShare $share
+     */
+    public function delete(IShare $share) {
+
+        list(, $remote) = $this->addressHandler->splitUserRemote($share->getSharedWith());
+
+        $isOwner = false;
+
+        $this->removeShareFromTable($share);
+
+        // if the local user is the owner we can send the unShare request directly...
+        if ($this->userManager->userExists($share->getShareOwner())) {
+            $this->notifications->sendRemoteUnShare($remote, $share->getId(), $share->getToken());
+            $this->revokeShare($share, true);
+            $isOwner = true;
+        } else { // ... if not we need to correct ID for the unShare request
+            $remoteId = $this->getRemoteId($share);
+            $this->notifications->sendRemoteUnShare($remote, $remoteId, $share->getToken());
+            $this->revokeShare($share, false);
+        }
+
+        // send revoke notification to the other user, if initiator and owner are not the same user
+        if ($share->getShareOwner() !== $share->getSharedBy()) {
+            $remoteId = $this->getRemoteId($share);
+            if ($isOwner) {
+                list(, $remote) = $this->addressHandler->splitUserRemote($share->getSharedBy());
+            } else {
+                list(, $remote) = $this->addressHandler->splitUserRemote($share->getShareOwner());
+            }
+            $this->notifications->sendRevokeShare($remote, $remoteId, $share->getToken());
+        }
+    }
+
+    /**
+     * in case of a re-share we need to send the other use (initiator or owner)
+     * a message that the file was unshared
+     *
+     * @param IShare $share
+     * @param bool $isOwner the user can either be the owner or the user who re-sahred it
+     * @throws ShareNotFound
+     * @throws \OC\HintException
+     */
+    protected function revokeShare($share, $isOwner) {
+        // also send a unShare request to the initiator, if this is a different user than the owner
+        if ($share->getShareOwner() !== $share->getSharedBy()) {
+            if ($isOwner) {
+                list(, $remote) = $this->addressHandler->splitUserRemote($share->getSharedBy());
+            } else {
+                list(, $remote) = $this->addressHandler->splitUserRemote($share->getShareOwner());
+            }
+            $remoteId = $this->getRemoteId($share);
+            $this->notifications->sendRevokeShare($remote, $remoteId, $share->getToken());
+        }
+    }
+
+    /**
+     * remove share from table
+     *
+     * @param IShare $share
+     */
+    public function removeShareFromTable(IShare $share) {
+        $this->removeShareFromTableById($share->getId());
+    }
+
+    /**
+     * remove share from table
+     *
+     * @param string $shareId
+     */
+    private function removeShareFromTableById($shareId) {
+        $qb = $this->dbConnection->getQueryBuilder();
+        $qb->delete('share')
+            ->where($qb->expr()->eq('id', $qb->createNamedParameter($shareId)));
+        $qb->execute();
+
+        $qb->delete('federated_reshares')
+            ->where($qb->expr()->eq('share_id', $qb->createNamedParameter($shareId)));
+        $qb->execute();
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function deleteFromSelf(IShare $share, $recipient) {
+        // nothing to do here. Technically deleteFromSelf in the context of federated
+        // shares is a umount of a external storage. This is handled here
+        // apps/files_sharing/lib/external/manager.php
+        // TODO move this code over to this app
+        return;
+    }
+
+
+    public function getSharesInFolder($userId, Folder $node, $reshares) {
+        $qb = $this->dbConnection->getQueryBuilder();
+        $qb->select('*')
+            ->from('share', 's')
+            ->andWhere($qb->expr()->orX(
+                $qb->expr()->eq('item_type', $qb->createNamedParameter('file')),
+                $qb->expr()->eq('item_type', $qb->createNamedParameter('folder'))
+            ))
+            ->andWhere(
+                $qb->expr()->eq('share_type', $qb->createNamedParameter(\OCP\Share::SHARE_TYPE_REMOTE))
+            );
+
+        /**
+         * Reshares for this user are shares where they are the owner.
+         */
+        if ($reshares === false) {
+            $qb->andWhere($qb->expr()->eq('uid_initiator', $qb->createNamedParameter($userId)));
+        } else {
+            $qb->andWhere(
+                $qb->expr()->orX(
+                    $qb->expr()->eq('uid_owner', $qb->createNamedParameter($userId)),
+                    $qb->expr()->eq('uid_initiator', $qb->createNamedParameter($userId))
+                )
+            );
+        }
+
+        $qb->innerJoin('s', 'filecache' ,'f', $qb->expr()->eq('s.file_source', 'f.fileid'));
+        $qb->andWhere($qb->expr()->eq('f.parent', $qb->createNamedParameter($node->getId())));
+
+        $qb->orderBy('id');
+
+        $cursor = $qb->execute();
+        $shares = [];
+        while ($data = $cursor->fetch()) {
+            $shares[$data['fileid']][] = $this->createShareObject($data);
+        }
+        $cursor->closeCursor();
+
+        return $shares;
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function getSharesBy($userId, $shareType, $node, $reshares, $limit, $offset) {
+        $qb = $this->dbConnection->getQueryBuilder();
+        $qb->select('*')
+            ->from('share');
+
+        $qb->andWhere($qb->expr()->eq('share_type', $qb->createNamedParameter(self::SHARE_TYPE_REMOTE)));
+
+        /**
+         * Reshares for this user are shares where they are the owner.
+         */
+        if ($reshares === false) {
+            //Special case for old shares created via the web UI
+            $or1 = $qb->expr()->andX(
+                $qb->expr()->eq('uid_owner', $qb->createNamedParameter($userId)),
+                $qb->expr()->isNull('uid_initiator')
+            );
+
+            $qb->andWhere(
+                $qb->expr()->orX(
+                    $qb->expr()->eq('uid_initiator', $qb->createNamedParameter($userId)),
+                    $or1
+                )
+            );
+        } else {
+            $qb->andWhere(
+                $qb->expr()->orX(
+                    $qb->expr()->eq('uid_owner', $qb->createNamedParameter($userId)),
+                    $qb->expr()->eq('uid_initiator', $qb->createNamedParameter($userId))
+                )
+            );
+        }
+
+        if ($node !== null) {
+            $qb->andWhere($qb->expr()->eq('file_source', $qb->createNamedParameter($node->getId())));
+        }
+
+        if ($limit !== -1) {
+            $qb->setMaxResults($limit);
+        }
+
+        $qb->setFirstResult($offset);
+        $qb->orderBy('id');
+
+        $cursor = $qb->execute();
+        $shares = [];
+        while($data = $cursor->fetch()) {
+            $shares[] = $this->createShareObject($data);
+        }
+        $cursor->closeCursor();
+
+        return $shares;
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function getShareById($id, $recipientId = null) {
+        $qb = $this->dbConnection->getQueryBuilder();
+
+        $qb->select('*')
+            ->from('share')
+            ->where($qb->expr()->eq('id', $qb->createNamedParameter($id)))
+            ->andWhere($qb->expr()->eq('share_type', $qb->createNamedParameter(self::SHARE_TYPE_REMOTE)));
+
+        $cursor = $qb->execute();
+        $data = $cursor->fetch();
+        $cursor->closeCursor();
+
+        if ($data === false) {
+            throw new ShareNotFound();
+        }
+
+        try {
+            $share = $this->createShareObject($data);
+        } catch (InvalidShare $e) {
+            throw new ShareNotFound();
+        }
+
+        return $share;
+    }
+
+    /**
+     * Get shares for a given path
+     *
+     * @param \OCP\Files\Node $path
+     * @return IShare[]
+     */
+    public function getSharesByPath(Node $path) {
+        $qb = $this->dbConnection->getQueryBuilder();
+
+        $cursor = $qb->select('*')
+            ->from('share')
+            ->andWhere($qb->expr()->eq('file_source', $qb->createNamedParameter($path->getId())))
+            ->andWhere($qb->expr()->eq('share_type', $qb->createNamedParameter(self::SHARE_TYPE_REMOTE)))
+            ->execute();
+
+        $shares = [];
+        while($data = $cursor->fetch()) {
+            $shares[] = $this->createShareObject($data);
+        }
+        $cursor->closeCursor();
+
+        return $shares;
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function getSharedWith($userId, $shareType, $node, $limit, $offset) {
+        /** @var IShare[] $shares */
+        $shares = [];
+
+        //Get shares directly with this user
+        $qb = $this->dbConnection->getQueryBuilder();
+        $qb->select('*')
+            ->from('share');
+
+        // Order by id
+        $qb->orderBy('id');
+
+        // Set limit and offset
+        if ($limit !== -1) {
+            $qb->setMaxResults($limit);
+        }
+        $qb->setFirstResult($offset);
+
+        $qb->where($qb->expr()->eq('share_type', $qb->createNamedParameter(self::SHARE_TYPE_REMOTE)));
+        $qb->andWhere($qb->expr()->eq('share_with', $qb->createNamedParameter($userId)));
+
+        // Filter by node if provided
+        if ($node !== null) {
+            $qb->andWhere($qb->expr()->eq('file_source', $qb->createNamedParameter($node->getId())));
+        }
+
+        $cursor = $qb->execute();
+
+        while($data = $cursor->fetch()) {
+            $shares[] = $this->createShareObject($data);
+        }
+        $cursor->closeCursor();
+
+
+        return $shares;
+    }
+
+    /**
+     * Get a share by token
+     *
+     * @param string $token
+     * @return IShare
+     * @throws ShareNotFound
+     */
+    public function getShareByToken($token) {
+        $qb = $this->dbConnection->getQueryBuilder();
+
+        $cursor = $qb->select('*')
+            ->from('share')
+            ->where($qb->expr()->eq('share_type', $qb->createNamedParameter(self::SHARE_TYPE_REMOTE)))
+            ->andWhere($qb->expr()->eq('token', $qb->createNamedParameter($token)))
+            ->execute();
+
+        $data = $cursor->fetch();
+
+        if ($data === false) {
+            throw new ShareNotFound('Share not found', $this->l->t('Could not find share'));
+        }
+
+        try {
+            $share = $this->createShareObject($data);
+        } catch (InvalidShare $e) {
+            throw new ShareNotFound('Share not found', $this->l->t('Could not find share'));
+        }
+
+        return $share;
+    }
+
+    /**
+     * get database row of a give share
+     *
+     * @param $id
+     * @return array
+     * @throws ShareNotFound
+     */
+    private function getRawShare($id) {
+
+        // Now fetch the inserted share and create a complete share object
+        $qb = $this->dbConnection->getQueryBuilder();
+        $qb->select('*')
+            ->from('share')
+            ->where($qb->expr()->eq('id', $qb->createNamedParameter($id)));
+
+        $cursor = $qb->execute();
+        $data = $cursor->fetch();
+        $cursor->closeCursor();
+
+        if ($data === false) {
+            throw new ShareNotFound;
+        }
+
+        return $data;
+    }
+
+    /**
+     * Create a share object from an database row
+     *
+     * @param array $data
+     * @return IShare
+     * @throws InvalidShare
+     * @throws ShareNotFound
+     */
+    private function createShareObject($data) {
+
+        $share = new Share($this->rootFolder, $this->userManager);
+        $share->setId((int)$data['id'])
+            ->setShareType((int)$data['share_type'])
+            ->setPermissions((int)$data['permissions'])
+            ->setTarget($data['file_target'])
+            ->setMailSend((bool)$data['mail_send'])
+            ->setToken($data['token']);
+
+        $shareTime = new \DateTime();
+        $shareTime->setTimestamp((int)$data['stime']);
+        $share->setShareTime($shareTime);
+        $share->setSharedWith($data['share_with']);
+
+        if ($data['uid_initiator'] !== null) {
+            $share->setShareOwner($data['uid_owner']);
+            $share->setSharedBy($data['uid_initiator']);
+        } else {
+            //OLD SHARE
+            $share->setSharedBy($data['uid_owner']);
+            $path = $this->getNode($share->getSharedBy(), (int)$data['file_source']);
+
+            $owner = $path->getOwner();
+            $share->setShareOwner($owner->getUID());
+        }
+
+        $share->setNodeId((int)$data['file_source']);
+        $share->setNodeType($data['item_type']);
+
+        $share->setProviderId($this->identifier());
+
+        return $share;
+    }
+
+    /**
+     * Get the node with file $id for $user
+     *
+     * @param string $userId
+     * @param int $id
+     * @return \OCP\Files\File|\OCP\Files\Folder
+     * @throws InvalidShare
+     */
+    private function getNode($userId, $id) {
+        try {
+            $userFolder = $this->rootFolder->getUserFolder($userId);
+        } catch (NotFoundException $e) {
+            throw new InvalidShare();
+        }
+
+        $nodes = $userFolder->getById($id);
+
+        if (empty($nodes)) {
+            throw new InvalidShare();
+        }
+
+        return $nodes[0];
+    }
+
+    /**
+     * A user is deleted from the system
+     * So clean up the relevant shares.
+     *
+     * @param string $uid
+     * @param int $shareType
+     */
+    public function userDeleted($uid, $shareType) {
+        //TODO: probabaly a good idea to send unshare info to remote servers
+
+        $qb = $this->dbConnection->getQueryBuilder();
+
+        $qb->delete('share')
+            ->where($qb->expr()->eq('share_type', $qb->createNamedParameter(\OCP\Share::SHARE_TYPE_REMOTE)))
+            ->andWhere($qb->expr()->eq('uid_owner', $qb->createNamedParameter($uid)))
+            ->execute();
+    }
+
+    /**
+     * This provider does not handle groups
+     *
+     * @param string $gid
+     */
+    public function groupDeleted($gid) {
+        // We don't handle groups here
+        return;
+    }
+
+    /**
+     * This provider does not handle groups
+     *
+     * @param string $uid
+     * @param string $gid
+     */
+    public function userDeletedFromGroup($uid, $gid) {
+        // We don't handle groups here
+        return;
+    }
+
+    /**
+     * check if users from other Nextcloud instances are allowed to mount public links share by this instance
+     *
+     * @return bool
+     */
+    public function isOutgoingServer2serverShareEnabled() {
+        if ($this->gsConfig->onlyInternalFederation()) {
+            return false;
+        }
+        $result = $this->config->getAppValue('files_sharing', 'outgoing_server2server_share_enabled', 'yes');
+        return ($result === 'yes');
+    }
+
+    /**
+     * check if users are allowed to mount public links from other Nextclouds
+     *
+     * @return bool
+     */
+    public function isIncomingServer2serverShareEnabled() {
+        if ($this->gsConfig->onlyInternalFederation()) {
+            return false;
+        }
+        $result = $this->config->getAppValue('files_sharing', 'incoming_server2server_share_enabled', 'yes');
+        return ($result === 'yes');
+    }
+
+    /**
+     * Check if querying sharees on the lookup server is enabled
+     *
+     * @return bool
+     */
+    public function isLookupServerQueriesEnabled() {
+        // in a global scale setup we should always query the lookup server
+        if ($this->gsConfig->isGlobalScaleEnabled()) {
+            return true;
+        }
+        $result = $this->config->getAppValue('files_sharing', 'lookupServerEnabled', 'no');
+        return ($result === 'yes');
+    }
+
+
+    /**
+     * Check if it is allowed to publish user specific data to the lookup server
+     *
+     * @return bool
+     */
+    public function isLookupServerUploadEnabled() {
+        // in a global scale setup the admin is responsible to keep the lookup server up-to-date
+        if ($this->gsConfig->isGlobalScaleEnabled()) {
+            return false;
+        }
+        $result = $this->config->getAppValue('files_sharing', 'lookupServerUploadEnabled', 'yes');
+        return ($result === 'yes');
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function getAccessList($nodes, $currentAccess) {
+        $ids = [];
+        foreach ($nodes as $node) {
+            $ids[] = $node->getId();
+        }
+
+        $qb = $this->dbConnection->getQueryBuilder();
+        $qb->select('share_with', 'token', 'file_source')
+            ->from('share')
+            ->where($qb->expr()->eq('share_type', $qb->createNamedParameter(\OCP\Share::SHARE_TYPE_REMOTE)))
+            ->andWhere($qb->expr()->in('file_source', $qb->createNamedParameter($ids, IQueryBuilder::PARAM_INT_ARRAY)))
+            ->andWhere($qb->expr()->orX(
+                $qb->expr()->eq('item_type', $qb->createNamedParameter('file')),
+                $qb->expr()->eq('item_type', $qb->createNamedParameter('folder'))
+            ));
+        $cursor = $qb->execute();
+
+        if ($currentAccess === false) {
+            $remote = $cursor->fetch() !== false;
+            $cursor->closeCursor();
+
+            return ['remote' => $remote];
+        }
+
+        $remote = [];
+        while ($row = $cursor->fetch()) {
+            $remote[$row['share_with']] = [
+                'node_id' => $row['file_source'],
+                'token' => $row['token'],
+            ];
+        }
+        $cursor->closeCursor();
+
+        return ['remote' => $remote];
+    }
 }