Inspection of "Merge pull request #26681 from nextcloud/techdebt/..." - nextcloud/server - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( bb40e6...385330 )

by Julius

created 2021-07-01 06:35 UTC

Status

Indentation +400 added lines, -400 removed lines patch added patch discarded remove patch

@@ -50,404 +50,404 @@
 block discarded – undo
 
 class RequestHandlerController extends OCSController {
 
-	/** @var FederatedShareProvider */
-	private $federatedShareProvider;
-
-	/** @var IDBConnection */
-	private $connection;
-
-	/** @var Share\IManager */
-	private $shareManager;
-
-	/** @var Notifications */
-	private $notifications;
-
-	/** @var AddressHandler */
-	private $addressHandler;
-
-	/** @var  IUserManager */
-	private $userManager;
-
-	/** @var string */
-	private $shareTable = 'share';
-
-	/** @var ICloudIdManager */
-	private $cloudIdManager;
-
-	/** @var LoggerInterface */
-	private $logger;
-
-	/** @var ICloudFederationFactory */
-	private $cloudFederationFactory;
-
-	/** @var ICloudFederationProviderManager */
-	private $cloudFederationProviderManager;
-
-	public function __construct(string $appName,
-								IRequest $request,
-								FederatedShareProvider $federatedShareProvider,
-								IDBConnection $connection,
-								Share\IManager $shareManager,
-								Notifications $notifications,
-								AddressHandler $addressHandler,
-								IUserManager $userManager,
-								ICloudIdManager $cloudIdManager,
-								LoggerInterface $logger,
-								ICloudFederationFactory $cloudFederationFactory,
-								ICloudFederationProviderManager $cloudFederationProviderManager
-	) {
-		parent::__construct($appName, $request);
-
-		$this->federatedShareProvider = $federatedShareProvider;
-		$this->connection = $connection;
-		$this->shareManager = $shareManager;
-		$this->notifications = $notifications;
-		$this->addressHandler = $addressHandler;
-		$this->userManager = $userManager;
-		$this->cloudIdManager = $cloudIdManager;
-		$this->logger = $logger;
-		$this->cloudFederationFactory = $cloudFederationFactory;
-		$this->cloudFederationProviderManager = $cloudFederationProviderManager;
-	}
-
-	/**
-	 * @NoCSRFRequired
-	 * @PublicPage
-	 *
-	 * create a new share
-	 *
-	 * @return Http\DataResponse
-	 * @throws OCSException
-	 */
-	public function createShare() {
-		$remote = isset($_POST['remote']) ? $_POST['remote'] : null;
-		$token = isset($_POST['token']) ? $_POST['token'] : null;
-		$name = isset($_POST['name']) ? $_POST['name'] : null;
-		$owner = isset($_POST['owner']) ? $_POST['owner'] : null;
-		$sharedBy = isset($_POST['sharedBy']) ? $_POST['sharedBy'] : null;
-		$shareWith = isset($_POST['shareWith']) ? $_POST['shareWith'] : null;
-		$remoteId = isset($_POST['remoteId']) ? (int)$_POST['remoteId'] : null;
-		$sharedByFederatedId = isset($_POST['sharedByFederatedId']) ? $_POST['sharedByFederatedId'] : null;
-		$ownerFederatedId = isset($_POST['ownerFederatedId']) ? $_POST['ownerFederatedId'] : null;
-
-		if ($ownerFederatedId === null) {
-			$ownerFederatedId = $this->cloudIdManager->getCloudId($owner, $this->cleanupRemote($remote))->getId();
-		}
-		// if the owner of the share and the initiator are the same user
-		// we also complete the federated share ID for the initiator
-		if ($sharedByFederatedId === null && $owner === $sharedBy) {
-			$sharedByFederatedId = $ownerFederatedId;
-		}
-
-		$share = $this->cloudFederationFactory->getCloudFederationShare(
-			$shareWith,
-			$name,
-			'',
-			$remoteId,
-			$ownerFederatedId,
-			$owner,
-			$sharedByFederatedId,
-			$sharedBy,
-			$token,
-			'user',
-			'file'
-		);
-
-		try {
-			$provider = $this->cloudFederationProviderManager->getCloudFederationProvider('file');
-			$provider->shareReceived($share);
-		} catch (ProviderDoesNotExistsException $e) {
-			throw new OCSException('Server does not support federated cloud sharing', 503);
-		} catch (ProviderCouldNotAddShareException $e) {
-			throw new OCSException($e->getMessage(), 400);
-		} catch (\Exception $e) {
-			throw new OCSException('internal server error, was not able to add share from ' . $remote, 500);
-		}
-
-		return new Http\DataResponse();
-	}
-
-	/**
-	 * @NoCSRFRequired
-	 * @PublicPage
-	 *
-	 * create re-share on behalf of another user
-	 *
-	 * @param int $id
-	 * @return Http\DataResponse
-	 * @throws OCSBadRequestException
-	 * @throws OCSException
-	 * @throws OCSForbiddenException
-	 */
-	public function reShare($id) {
-		$token = $this->request->getParam('token', null);
-		$shareWith = $this->request->getParam('shareWith', null);
-		$permission = (int)$this->request->getParam('permission', null);
-		$remoteId = (int)$this->request->getParam('remoteId', null);
-
-		if ($id === null ||
-			$token === null ||
-			$shareWith === null ||
-			$permission === null ||
-			$remoteId === null
-		) {
-			throw new OCSBadRequestException();
-		}
-
-		$notification = [
-			'sharedSecret' => $token,
-			'shareWith' => $shareWith,
-			'senderId' => $remoteId,
-			'message' => 'Recipient of a share ask the owner to reshare the file'
-		];
-
-		try {
-			$provider = $this->cloudFederationProviderManager->getCloudFederationProvider('file');
-			[$newToken, $localId] = $provider->notificationReceived('REQUEST_RESHARE', $id, $notification);
-			return new Http\DataResponse([
-				'token' => $newToken,
-				'remoteId' => $localId
-			]);
-		} catch (ProviderDoesNotExistsException $e) {
-			throw new OCSException('Server does not support federated cloud sharing', 503);
-		} catch (ShareNotFound $e) {
-			$this->logger->debug('Share not found: ' . $e->getMessage(), ['exception' => $e]);
-		} catch (\Exception $e) {
-			$this->logger->debug('internal server error, can not process notification: ' . $e->getMessage(), ['exception' => $e]);
-		}
-
-		throw new OCSBadRequestException();
-	}
-
-
-	/**
-	 * @NoCSRFRequired
-	 * @PublicPage
-	 *
-	 * accept server-to-server share
-	 *
-	 * @param int $id
-	 * @return Http\DataResponse
-	 * @throws OCSException
-	 * @throws ShareNotFound
-	 * @throws \OCP\HintException
-	 */
-	public function acceptShare($id) {
-		$token = isset($_POST['token']) ? $_POST['token'] : null;
-
-		$notification = [
-			'sharedSecret' => $token,
-			'message' => 'Recipient accept the share'
-		];
-
-		try {
-			$provider = $this->cloudFederationProviderManager->getCloudFederationProvider('file');
-			$provider->notificationReceived('SHARE_ACCEPTED', $id, $notification);
-		} catch (ProviderDoesNotExistsException $e) {
-			throw new OCSException('Server does not support federated cloud sharing', 503);
-		} catch (ShareNotFound $e) {
-			$this->logger->debug('Share not found: ' . $e->getMessage(), ['exception' => $e]);
-		} catch (\Exception $e) {
-			$this->logger->debug('internal server error, can not process notification: ' . $e->getMessage(), ['exception' => $e]);
-		}
-
-		return new Http\DataResponse();
-	}
-
-	/**
-	 * @NoCSRFRequired
-	 * @PublicPage
-	 *
-	 * decline server-to-server share
-	 *
-	 * @param int $id
-	 * @return Http\DataResponse
-	 * @throws OCSException
-	 */
-	public function declineShare($id) {
-		$token = isset($_POST['token']) ? $_POST['token'] : null;
-
-		$notification = [
-			'sharedSecret' => $token,
-			'message' => 'Recipient declined the share'
-		];
-
-		try {
-			$provider = $this->cloudFederationProviderManager->getCloudFederationProvider('file');
-			$provider->notificationReceived('SHARE_DECLINED', $id, $notification);
-		} catch (ProviderDoesNotExistsException $e) {
-			throw new OCSException('Server does not support federated cloud sharing', 503);
-		} catch (ShareNotFound $e) {
-			$this->logger->debug('Share not found: ' . $e->getMessage(), ['exception' => $e]);
-		} catch (\Exception $e) {
-			$this->logger->debug('internal server error, can not process notification: ' . $e->getMessage(), ['exception' => $e]);
-		}
-
-		return new Http\DataResponse();
-	}
-
-	/**
-	 * @NoCSRFRequired
-	 * @PublicPage
-	 *
-	 * remove server-to-server share if it was unshared by the owner
-	 *
-	 * @param int $id
-	 * @return Http\DataResponse
-	 * @throws OCSException
-	 */
-	public function unshare($id) {
-		if (!$this->isS2SEnabled()) {
-			throw new OCSException('Server does not support federated cloud sharing', 503);
-		}
-
-		$token = isset($_POST['token']) ? $_POST['token'] : null;
-
-		try {
-			$provider = $this->cloudFederationProviderManager->getCloudFederationProvider('file');
-			$notification = ['sharedSecret' => $token];
-			$provider->notificationReceived('SHARE_UNSHARED', $id, $notification);
-		} catch (\Exception $e) {
-			$this->logger->debug('processing unshare notification failed: ' . $e->getMessage(), ['exception' => $e]);
-		}
-
-		return new Http\DataResponse();
-	}
-
-	private function cleanupRemote($remote) {
-		$remote = substr($remote, strpos($remote, '://') + 3);
-
-		return rtrim($remote, '/');
-	}
-
-
-	/**
-	 * @NoCSRFRequired
-	 * @PublicPage
-	 *
-	 * federated share was revoked, either by the owner or the re-sharer
-	 *
-	 * @param int $id
-	 * @return Http\DataResponse
-	 * @throws OCSBadRequestException
-	 */
-	public function revoke($id) {
-		$token = $this->request->getParam('token');
-
-		try {
-			$provider = $this->cloudFederationProviderManager->getCloudFederationProvider('file');
-			$notification = ['sharedSecret' => $token];
-			$provider->notificationReceived('RESHARE_UNDO', $id, $notification);
-			return new Http\DataResponse();
-		} catch (\Exception $e) {
-			throw new OCSBadRequestException();
-		}
-	}
-
-	/**
-	 * check if server-to-server sharing is enabled
-	 *
-	 * @param bool $incoming
-	 * @return bool
-	 */
-	private function isS2SEnabled($incoming = false) {
-		$result = \OCP\App::isEnabled('files_sharing');
-
-		if ($incoming) {
-			$result = $result && $this->federatedShareProvider->isIncomingServer2serverShareEnabled();
-		} else {
-			$result = $result && $this->federatedShareProvider->isOutgoingServer2serverShareEnabled();
-		}
-
-		return $result;
-	}
-
-	/**
-	 * @NoCSRFRequired
-	 * @PublicPage
-	 *
-	 * update share information to keep federated re-shares in sync
-	 *
-	 * @param int $id
-	 * @return Http\DataResponse
-	 * @throws OCSBadRequestException
-	 */
-	public function updatePermissions($id) {
-		$token = $this->request->getParam('token', null);
-		$ncPermissions = $this->request->getParam('permissions', null);
-
-		try {
-			$provider = $this->cloudFederationProviderManager->getCloudFederationProvider('file');
-			$ocmPermissions = $this->ncPermissions2ocmPermissions((int)$ncPermissions);
-			$notification = ['sharedSecret' => $token, 'permission' => $ocmPermissions];
-			$provider->notificationReceived('RESHARE_CHANGE_PERMISSION', $id, $notification);
-		} catch (\Exception $e) {
-			$this->logger->debug($e->getMessage(), ['exception' => $e]);
-			throw new OCSBadRequestException();
-		}
-
-		return new Http\DataResponse();
-	}
-
-	/**
-	 * translate Nextcloud permissions to OCM Permissions
-	 *
-	 * @param $ncPermissions
-	 * @return array
-	 */
-	protected function ncPermissions2ocmPermissions($ncPermissions) {
-		$ocmPermissions = [];
-
-		if ($ncPermissions & Constants::PERMISSION_SHARE) {
-			$ocmPermissions[] = 'share';
-		}
-
-		if ($ncPermissions & Constants::PERMISSION_READ) {
-			$ocmPermissions[] = 'read';
-		}
-
-		if (($ncPermissions & Constants::PERMISSION_CREATE) ||
-			($ncPermissions & Constants::PERMISSION_UPDATE)) {
-			$ocmPermissions[] = 'write';
-		}
-
-		return $ocmPermissions;
-	}
-
-	/**
-	 * @NoCSRFRequired
-	 * @PublicPage
-	 *
-	 * change the owner of a server-to-server share
-	 *
-	 * @param int $id
-	 * @return Http\DataResponse
-	 * @throws \InvalidArgumentException
-	 * @throws OCSException
-	 */
-	public function move($id) {
-		if (!$this->isS2SEnabled()) {
-			throw new OCSException('Server does not support federated cloud sharing', 503);
-		}
-
-		$token = $this->request->getParam('token');
-		$remote = $this->request->getParam('remote');
-		$newRemoteId = $this->request->getParam('remote_id', $id);
-		$cloudId = $this->cloudIdManager->resolveCloudId($remote);
-
-		$qb = $this->connection->getQueryBuilder();
-		$query = $qb->update('share_external')
-			->set('remote', $qb->createNamedParameter($cloudId->getRemote()))
-			->set('owner', $qb->createNamedParameter($cloudId->getUser()))
-			->set('remote_id', $qb->createNamedParameter($newRemoteId))
-			->where($qb->expr()->eq('remote_id', $qb->createNamedParameter($id)))
-			->andWhere($qb->expr()->eq('share_token', $qb->createNamedParameter($token)));
-		$affected = $query->executeStatement();
-
-		if ($affected > 0) {
-			return new Http\DataResponse(['remote' => $cloudId->getRemote(), 'owner' => $cloudId->getUser()]);
-		} else {
-			throw new OCSBadRequestException('Share not found or token invalid');
-		}
-	}
+    /** @var FederatedShareProvider */
+    private $federatedShareProvider;
+
+    /** @var IDBConnection */
+    private $connection;
+
+    /** @var Share\IManager */
+    private $shareManager;
+
+    /** @var Notifications */
+    private $notifications;
+
+    /** @var AddressHandler */
+    private $addressHandler;
+
+    /** @var  IUserManager */
+    private $userManager;
+
+    /** @var string */
+    private $shareTable = 'share';
+
+    /** @var ICloudIdManager */
+    private $cloudIdManager;
+
+    /** @var LoggerInterface */
+    private $logger;
+
+    /** @var ICloudFederationFactory */
+    private $cloudFederationFactory;
+
+    /** @var ICloudFederationProviderManager */
+    private $cloudFederationProviderManager;
+
+    public function __construct(string $appName,
+                                IRequest $request,
+                                FederatedShareProvider $federatedShareProvider,
+                                IDBConnection $connection,
+                                Share\IManager $shareManager,
+                                Notifications $notifications,
+                                AddressHandler $addressHandler,
+                                IUserManager $userManager,
+                                ICloudIdManager $cloudIdManager,
+                                LoggerInterface $logger,
+                                ICloudFederationFactory $cloudFederationFactory,
+                                ICloudFederationProviderManager $cloudFederationProviderManager
+    ) {
+        parent::__construct($appName, $request);
+
+        $this->federatedShareProvider = $federatedShareProvider;
+        $this->connection = $connection;
+        $this->shareManager = $shareManager;
+        $this->notifications = $notifications;
+        $this->addressHandler = $addressHandler;
+        $this->userManager = $userManager;
+        $this->cloudIdManager = $cloudIdManager;
+        $this->logger = $logger;
+        $this->cloudFederationFactory = $cloudFederationFactory;
+        $this->cloudFederationProviderManager = $cloudFederationProviderManager;
+    }
+
+    /**
+     * @NoCSRFRequired
+     * @PublicPage
+     *
+     * create a new share
+     *
+     * @return Http\DataResponse
+     * @throws OCSException
+     */
+    public function createShare() {
+        $remote = isset($_POST['remote']) ? $_POST['remote'] : null;
+        $token = isset($_POST['token']) ? $_POST['token'] : null;
+        $name = isset($_POST['name']) ? $_POST['name'] : null;
+        $owner = isset($_POST['owner']) ? $_POST['owner'] : null;
+        $sharedBy = isset($_POST['sharedBy']) ? $_POST['sharedBy'] : null;
+        $shareWith = isset($_POST['shareWith']) ? $_POST['shareWith'] : null;
+        $remoteId = isset($_POST['remoteId']) ? (int)$_POST['remoteId'] : null;
+        $sharedByFederatedId = isset($_POST['sharedByFederatedId']) ? $_POST['sharedByFederatedId'] : null;
+        $ownerFederatedId = isset($_POST['ownerFederatedId']) ? $_POST['ownerFederatedId'] : null;
+
+        if ($ownerFederatedId === null) {
+            $ownerFederatedId = $this->cloudIdManager->getCloudId($owner, $this->cleanupRemote($remote))->getId();
+        }
+        // if the owner of the share and the initiator are the same user
+        // we also complete the federated share ID for the initiator
+        if ($sharedByFederatedId === null && $owner === $sharedBy) {
+            $sharedByFederatedId = $ownerFederatedId;
+        }
+
+        $share = $this->cloudFederationFactory->getCloudFederationShare(
+            $shareWith,
+            $name,
+            '',
+            $remoteId,
+            $ownerFederatedId,
+            $owner,
+            $sharedByFederatedId,
+            $sharedBy,
+            $token,
+            'user',
+            'file'
+        );
+
+        try {
+            $provider = $this->cloudFederationProviderManager->getCloudFederationProvider('file');
+            $provider->shareReceived($share);
+        } catch (ProviderDoesNotExistsException $e) {
+            throw new OCSException('Server does not support federated cloud sharing', 503);
+        } catch (ProviderCouldNotAddShareException $e) {
+            throw new OCSException($e->getMessage(), 400);
+        } catch (\Exception $e) {
+            throw new OCSException('internal server error, was not able to add share from ' . $remote, 500);
+        }
+
+        return new Http\DataResponse();
+    }
+
+    /**
+     * @NoCSRFRequired
+     * @PublicPage
+     *
+     * create re-share on behalf of another user
+     *
+     * @param int $id
+     * @return Http\DataResponse
+     * @throws OCSBadRequestException
+     * @throws OCSException
+     * @throws OCSForbiddenException
+     */
+    public function reShare($id) {
+        $token = $this->request->getParam('token', null);
+        $shareWith = $this->request->getParam('shareWith', null);
+        $permission = (int)$this->request->getParam('permission', null);
+        $remoteId = (int)$this->request->getParam('remoteId', null);
+
+        if ($id === null ||
+            $token === null ||
+            $shareWith === null ||
+            $permission === null ||
+            $remoteId === null
+        ) {
+            throw new OCSBadRequestException();
+        }
+
+        $notification = [
+            'sharedSecret' => $token,
+            'shareWith' => $shareWith,
+            'senderId' => $remoteId,
+            'message' => 'Recipient of a share ask the owner to reshare the file'
+        ];
+
+        try {
+            $provider = $this->cloudFederationProviderManager->getCloudFederationProvider('file');
+            [$newToken, $localId] = $provider->notificationReceived('REQUEST_RESHARE', $id, $notification);
+            return new Http\DataResponse([
+                'token' => $newToken,
+                'remoteId' => $localId
+            ]);
+        } catch (ProviderDoesNotExistsException $e) {
+            throw new OCSException('Server does not support federated cloud sharing', 503);
+        } catch (ShareNotFound $e) {
+            $this->logger->debug('Share not found: ' . $e->getMessage(), ['exception' => $e]);
+        } catch (\Exception $e) {
+            $this->logger->debug('internal server error, can not process notification: ' . $e->getMessage(), ['exception' => $e]);
+        }
+
+        throw new OCSBadRequestException();
+    }
+
+
+    /**
+     * @NoCSRFRequired
+     * @PublicPage
+     *
+     * accept server-to-server share
+     *
+     * @param int $id
+     * @return Http\DataResponse
+     * @throws OCSException
+     * @throws ShareNotFound
+     * @throws \OCP\HintException
+     */
+    public function acceptShare($id) {
+        $token = isset($_POST['token']) ? $_POST['token'] : null;
+
+        $notification = [
+            'sharedSecret' => $token,
+            'message' => 'Recipient accept the share'
+        ];
+
+        try {
+            $provider = $this->cloudFederationProviderManager->getCloudFederationProvider('file');
+            $provider->notificationReceived('SHARE_ACCEPTED', $id, $notification);
+        } catch (ProviderDoesNotExistsException $e) {
+            throw new OCSException('Server does not support federated cloud sharing', 503);
+        } catch (ShareNotFound $e) {
+            $this->logger->debug('Share not found: ' . $e->getMessage(), ['exception' => $e]);
+        } catch (\Exception $e) {
+            $this->logger->debug('internal server error, can not process notification: ' . $e->getMessage(), ['exception' => $e]);
+        }
+
+        return new Http\DataResponse();
+    }
+
+    /**
+     * @NoCSRFRequired
+     * @PublicPage
+     *
+     * decline server-to-server share
+     *
+     * @param int $id
+     * @return Http\DataResponse
+     * @throws OCSException
+     */
+    public function declineShare($id) {
+        $token = isset($_POST['token']) ? $_POST['token'] : null;
+
+        $notification = [
+            'sharedSecret' => $token,
+            'message' => 'Recipient declined the share'
+        ];
+
+        try {
+            $provider = $this->cloudFederationProviderManager->getCloudFederationProvider('file');
+            $provider->notificationReceived('SHARE_DECLINED', $id, $notification);
+        } catch (ProviderDoesNotExistsException $e) {
+            throw new OCSException('Server does not support federated cloud sharing', 503);
+        } catch (ShareNotFound $e) {
+            $this->logger->debug('Share not found: ' . $e->getMessage(), ['exception' => $e]);
+        } catch (\Exception $e) {
+            $this->logger->debug('internal server error, can not process notification: ' . $e->getMessage(), ['exception' => $e]);
+        }
+
+        return new Http\DataResponse();
+    }
+
+    /**
+     * @NoCSRFRequired
+     * @PublicPage
+     *
+     * remove server-to-server share if it was unshared by the owner
+     *
+     * @param int $id
+     * @return Http\DataResponse
+     * @throws OCSException
+     */
+    public function unshare($id) {
+        if (!$this->isS2SEnabled()) {
+            throw new OCSException('Server does not support federated cloud sharing', 503);
+        }
+
+        $token = isset($_POST['token']) ? $_POST['token'] : null;
+
+        try {
+            $provider = $this->cloudFederationProviderManager->getCloudFederationProvider('file');
+            $notification = ['sharedSecret' => $token];
+            $provider->notificationReceived('SHARE_UNSHARED', $id, $notification);
+        } catch (\Exception $e) {
+            $this->logger->debug('processing unshare notification failed: ' . $e->getMessage(), ['exception' => $e]);
+        }
+
+        return new Http\DataResponse();
+    }
+
+    private function cleanupRemote($remote) {
+        $remote = substr($remote, strpos($remote, '://') + 3);
+
+        return rtrim($remote, '/');
+    }
+
+
+    /**
+     * @NoCSRFRequired
+     * @PublicPage
+     *
+     * federated share was revoked, either by the owner or the re-sharer
+     *
+     * @param int $id
+     * @return Http\DataResponse
+     * @throws OCSBadRequestException
+     */
+    public function revoke($id) {
+        $token = $this->request->getParam('token');
+
+        try {
+            $provider = $this->cloudFederationProviderManager->getCloudFederationProvider('file');
+            $notification = ['sharedSecret' => $token];
+            $provider->notificationReceived('RESHARE_UNDO', $id, $notification);
+            return new Http\DataResponse();
+        } catch (\Exception $e) {
+            throw new OCSBadRequestException();
+        }
+    }
+
+    /**
+     * check if server-to-server sharing is enabled
+     *
+     * @param bool $incoming
+     * @return bool
+     */
+    private function isS2SEnabled($incoming = false) {
+        $result = \OCP\App::isEnabled('files_sharing');
+
+        if ($incoming) {
+            $result = $result && $this->federatedShareProvider->isIncomingServer2serverShareEnabled();
+        } else {
+            $result = $result && $this->federatedShareProvider->isOutgoingServer2serverShareEnabled();
+        }
+
+        return $result;
+    }
+
+    /**
+     * @NoCSRFRequired
+     * @PublicPage
+     *
+     * update share information to keep federated re-shares in sync
+     *
+     * @param int $id
+     * @return Http\DataResponse
+     * @throws OCSBadRequestException
+     */
+    public function updatePermissions($id) {
+        $token = $this->request->getParam('token', null);
+        $ncPermissions = $this->request->getParam('permissions', null);
+
+        try {
+            $provider = $this->cloudFederationProviderManager->getCloudFederationProvider('file');
+            $ocmPermissions = $this->ncPermissions2ocmPermissions((int)$ncPermissions);
+            $notification = ['sharedSecret' => $token, 'permission' => $ocmPermissions];
+            $provider->notificationReceived('RESHARE_CHANGE_PERMISSION', $id, $notification);
+        } catch (\Exception $e) {
+            $this->logger->debug($e->getMessage(), ['exception' => $e]);
+            throw new OCSBadRequestException();
+        }
+
+        return new Http\DataResponse();
+    }
+
+    /**
+     * translate Nextcloud permissions to OCM Permissions
+     *
+     * @param $ncPermissions
+     * @return array
+     */
+    protected function ncPermissions2ocmPermissions($ncPermissions) {
+        $ocmPermissions = [];
+
+        if ($ncPermissions & Constants::PERMISSION_SHARE) {
+            $ocmPermissions[] = 'share';
+        }
+
+        if ($ncPermissions & Constants::PERMISSION_READ) {
+            $ocmPermissions[] = 'read';
+        }
+
+        if (($ncPermissions & Constants::PERMISSION_CREATE) ||
+            ($ncPermissions & Constants::PERMISSION_UPDATE)) {
+            $ocmPermissions[] = 'write';
+        }
+
+        return $ocmPermissions;
+    }
+
+    /**
+     * @NoCSRFRequired
+     * @PublicPage
+     *
+     * change the owner of a server-to-server share
+     *
+     * @param int $id
+     * @return Http\DataResponse
+     * @throws \InvalidArgumentException
+     * @throws OCSException
+     */
+    public function move($id) {
+        if (!$this->isS2SEnabled()) {
+            throw new OCSException('Server does not support federated cloud sharing', 503);
+        }
+
+        $token = $this->request->getParam('token');
+        $remote = $this->request->getParam('remote');
+        $newRemoteId = $this->request->getParam('remote_id', $id);
+        $cloudId = $this->cloudIdManager->resolveCloudId($remote);
+
+        $qb = $this->connection->getQueryBuilder();
+        $query = $qb->update('share_external')
+            ->set('remote', $qb->createNamedParameter($cloudId->getRemote()))
+            ->set('owner', $qb->createNamedParameter($cloudId->getUser()))
+            ->set('remote_id', $qb->createNamedParameter($newRemoteId))
+            ->where($qb->expr()->eq('remote_id', $qb->createNamedParameter($id)))
+            ->andWhere($qb->expr()->eq('share_token', $qb->createNamedParameter($token)));
+        $affected = $query->executeStatement();
+
+        if ($affected > 0) {
+            return new Http\DataResponse(['remote' => $cloudId->getRemote(), 'owner' => $cloudId->getUser()]);
+        } else {
+            throw new OCSBadRequestException('Share not found or token invalid');
+        }
+    }
 }

Please login to merge, or discard this patch.

apps/federatedfilesharing/lib/Notifications.php 1 patch

Indentation +429 added lines, -429 removed lines patch added patch discarded remove patch

@@ -38,433 +38,433 @@
 block discarded – undo
 use OCP\OCS\IDiscoveryService;
 
 class Notifications {
-	public const RESPONSE_FORMAT = 'json'; // default response format for ocs calls
-
-	/** @var AddressHandler */
-	private $addressHandler;
-
-	/** @var IClientService */
-	private $httpClientService;
-
-	/** @var IDiscoveryService */
-	private $discoveryService;
-
-	/** @var IJobList  */
-	private $jobList;
-
-	/** @var ICloudFederationProviderManager */
-	private $federationProviderManager;
-
-	/** @var ICloudFederationFactory */
-	private $cloudFederationFactory;
-
-	/** @var IEventDispatcher */
-	private $eventDispatcher;
-
-	/** @var ILogger */
-	private $logger;
-
-	public function __construct(
-		AddressHandler $addressHandler,
-		IClientService $httpClientService,
-		IDiscoveryService $discoveryService,
-		ILogger $logger,
-		IJobList $jobList,
-		ICloudFederationProviderManager $federationProviderManager,
-		ICloudFederationFactory $cloudFederationFactory,
-		IEventDispatcher $eventDispatcher
-	) {
-		$this->addressHandler = $addressHandler;
-		$this->httpClientService = $httpClientService;
-		$this->discoveryService = $discoveryService;
-		$this->jobList = $jobList;
-		$this->logger = $logger;
-		$this->federationProviderManager = $federationProviderManager;
-		$this->cloudFederationFactory = $cloudFederationFactory;
-		$this->eventDispatcher = $eventDispatcher;
-	}
-
-	/**
-	 * send server-to-server share to remote server
-	 *
-	 * @param string $token
-	 * @param string $shareWith
-	 * @param string $name
-	 * @param string $remoteId
-	 * @param string $owner
-	 * @param string $ownerFederatedId
-	 * @param string $sharedBy
-	 * @param string $sharedByFederatedId
-	 * @param int $shareType (can be a remote user or group share)
-	 * @return bool
-	 * @throws \OCP\HintException
-	 * @throws \OC\ServerNotAvailableException
-	 */
-	public function sendRemoteShare($token, $shareWith, $name, $remoteId, $owner, $ownerFederatedId, $sharedBy, $sharedByFederatedId, $shareType) {
-		[$user, $remote] = $this->addressHandler->splitUserRemote($shareWith);
-
-		if ($user && $remote) {
-			$local = $this->addressHandler->generateRemoteURL();
-
-			$fields = [
-				'shareWith' => $user,
-				'token' => $token,
-				'name' => $name,
-				'remoteId' => $remoteId,
-				'owner' => $owner,
-				'ownerFederatedId' => $ownerFederatedId,
-				'sharedBy' => $sharedBy,
-				'sharedByFederatedId' => $sharedByFederatedId,
-				'remote' => $local,
-				'shareType' => $shareType
-			];
-
-			$result = $this->tryHttpPostToShareEndpoint($remote, '', $fields);
-			$status = json_decode($result['result'], true);
-
-			$ocsStatus = isset($status['ocs']);
-			$ocsSuccess = $ocsStatus && ($status['ocs']['meta']['statuscode'] === 100 || $status['ocs']['meta']['statuscode'] === 200);
-
-			if ($result['success'] && (!$ocsStatus || $ocsSuccess)) {
-				$event = new FederatedShareAddedEvent($remote);
-				$this->eventDispatcher->dispatchTyped($event);
-				return true;
-			} else {
-				$this->logger->info(
-					"failed sharing $name with $shareWith",
-					['app' => 'federatedfilesharing']
-				);
-			}
-		} else {
-			$this->logger->info(
-				"could not share $name, invalid contact $shareWith",
-				['app' => 'federatedfilesharing']
-			);
-		}
-
-		return false;
-	}
-
-	/**
-	 * ask owner to re-share the file with the given user
-	 *
-	 * @param string $token
-	 * @param string $id remote Id
-	 * @param string $shareId internal share Id
-	 * @param string $remote remote address of the owner
-	 * @param string $shareWith
-	 * @param int $permission
-	 * @param string $filename
-	 * @return array|false
-	 * @throws \OCP\HintException
-	 * @throws \OC\ServerNotAvailableException
-	 */
-	public function requestReShare($token, $id, $shareId, $remote, $shareWith, $permission, $filename) {
-		$fields = [
-			'shareWith' => $shareWith,
-			'token' => $token,
-			'permission' => $permission,
-			'remoteId' => $shareId,
-		];
-
-		$ocmFields = $fields;
-		$ocmFields['remoteId'] = (string)$id;
-		$ocmFields['localId'] = $shareId;
-		$ocmFields['name'] = $filename;
-
-		$ocmResult = $this->tryOCMEndPoint($remote, $ocmFields, 'reshare');
-		if (is_array($ocmResult) && isset($ocmResult['token']) && isset($ocmResult['providerId'])) {
-			return [$ocmResult['token'], $ocmResult['providerId']];
-		}
-
-		$result = $this->tryLegacyEndPoint(rtrim($remote, '/'), '/' . $id . '/reshare', $fields);
-		$status = json_decode($result['result'], true);
-
-		$httpRequestSuccessful = $result['success'];
-		$ocsCallSuccessful = $status['ocs']['meta']['statuscode'] === 100 || $status['ocs']['meta']['statuscode'] === 200;
-		$validToken = isset($status['ocs']['data']['token']) && is_string($status['ocs']['data']['token']);
-		$validRemoteId = isset($status['ocs']['data']['remoteId']);
-
-		if ($httpRequestSuccessful && $ocsCallSuccessful && $validToken && $validRemoteId) {
-			return [
-				$status['ocs']['data']['token'],
-				$status['ocs']['data']['remoteId']
-			];
-		} elseif (!$validToken) {
-			$this->logger->info(
-				"invalid or missing token requesting re-share for $filename to $remote",
-				['app' => 'federatedfilesharing']
-			);
-		} elseif (!$validRemoteId) {
-			$this->logger->info(
-				"missing remote id requesting re-share for $filename to $remote",
-				['app' => 'federatedfilesharing']
-			);
-		} else {
-			$this->logger->info(
-				"failed requesting re-share for $filename to $remote",
-				['app' => 'federatedfilesharing']
-			);
-		}
-
-		return false;
-	}
-
-	/**
-	 * send server-to-server unshare to remote server
-	 *
-	 * @param string $remote url
-	 * @param string $id share id
-	 * @param string $token
-	 * @return bool
-	 */
-	public function sendRemoteUnShare($remote, $id, $token) {
-		$this->sendUpdateToRemote($remote, $id, $token, 'unshare');
-	}
-
-	/**
-	 * send server-to-server unshare to remote server
-	 *
-	 * @param string $remote url
-	 * @param string $id share id
-	 * @param string $token
-	 * @return bool
-	 */
-	public function sendRevokeShare($remote, $id, $token) {
-		$this->sendUpdateToRemote($remote, $id, $token, 'reshare_undo');
-	}
-
-	/**
-	 * send notification to remote server if the permissions was changed
-	 *
-	 * @param string $remote
-	 * @param string $remoteId
-	 * @param string $token
-	 * @param int $permissions
-	 * @return bool
-	 */
-	public function sendPermissionChange($remote, $remoteId, $token, $permissions) {
-		$this->sendUpdateToRemote($remote, $remoteId, $token, 'permissions', ['permissions' => $permissions]);
-	}
-
-	/**
-	 * forward accept reShare to remote server
-	 *
-	 * @param string $remote
-	 * @param string $remoteId
-	 * @param string $token
-	 */
-	public function sendAcceptShare($remote, $remoteId, $token) {
-		$this->sendUpdateToRemote($remote, $remoteId, $token, 'accept');
-	}
-
-	/**
-	 * forward decline reShare to remote server
-	 *
-	 * @param string $remote
-	 * @param string $remoteId
-	 * @param string $token
-	 */
-	public function sendDeclineShare($remote, $remoteId, $token) {
-		$this->sendUpdateToRemote($remote, $remoteId, $token, 'decline');
-	}
-
-	/**
-	 * inform remote server whether server-to-server share was accepted/declined
-	 *
-	 * @param string $remote
-	 * @param string $token
-	 * @param string $remoteId Share id on the remote host
-	 * @param string $action possible actions: accept, decline, unshare, revoke, permissions
-	 * @param array $data
-	 * @param int $try
-	 * @return boolean
-	 */
-	public function sendUpdateToRemote($remote, $remoteId, $token, $action, $data = [], $try = 0) {
-		$fields = [
-			'token' => $token,
-			'remoteId' => $remoteId
-		];
-		foreach ($data as $key => $value) {
-			$fields[$key] = $value;
-		}
-
-		$result = $this->tryHttpPostToShareEndpoint(rtrim($remote, '/'), '/' . $remoteId . '/' . $action, $fields, $action);
-		$status = json_decode($result['result'], true);
-
-		if ($result['success'] &&
-			($status['ocs']['meta']['statuscode'] === 100 ||
-				$status['ocs']['meta']['statuscode'] === 200
-			)
-		) {
-			return true;
-		} elseif ($try === 0) {
-			// only add new job on first try
-			$this->jobList->add('OCA\FederatedFileSharing\BackgroundJob\RetryJob',
-				[
-					'remote' => $remote,
-					'remoteId' => $remoteId,
-					'token' => $token,
-					'action' => $action,
-					'data' => json_encode($data),
-					'try' => $try,
-					'lastRun' => $this->getTimestamp()
-				]
-			);
-		}
-
-		return false;
-	}
-
-
-	/**
-	 * return current timestamp
-	 *
-	 * @return int
-	 */
-	protected function getTimestamp() {
-		return time();
-	}
-
-	/**
-	 * try http post with the given protocol, if no protocol is given we pick
-	 * the secure one (https)
-	 *
-	 * @param string $remoteDomain
-	 * @param string $urlSuffix
-	 * @param array $fields post parameters
-	 * @param string $action define the action (possible values: share, reshare, accept, decline, unshare, revoke, permissions)
-	 * @return array
-	 * @throws \Exception
-	 */
-	protected function tryHttpPostToShareEndpoint($remoteDomain, $urlSuffix, array $fields, $action = "share") {
-		if ($this->addressHandler->urlContainProtocol($remoteDomain) === false) {
-			$remoteDomain = 'https://' . $remoteDomain;
-		}
-
-		$result = [
-			'success' => false,
-			'result' => '',
-		];
-
-		// if possible we use the new OCM API
-		$ocmResult = $this->tryOCMEndPoint($remoteDomain, $fields, $action);
-		if (is_array($ocmResult)) {
-			$result['success'] = true;
-			$result['result'] = json_encode([
-				'ocs' => ['meta' => ['statuscode' => 200]]]);
-			return $result;
-		}
-
-		return $this->tryLegacyEndPoint($remoteDomain, $urlSuffix, $fields);
-	}
-
-	/**
-	 * try old federated sharing API if the OCM api doesn't work
-	 *
-	 * @param $remoteDomain
-	 * @param $urlSuffix
-	 * @param array $fields
-	 * @return mixed
-	 * @throws \Exception
-	 */
-	protected function tryLegacyEndPoint($remoteDomain, $urlSuffix, array $fields) {
-		$result = [
-			'success' => false,
-			'result' => '',
-		];
-
-		// Fall back to old API
-		$client = $this->httpClientService->newClient();
-		$federationEndpoints = $this->discoveryService->discover($remoteDomain, 'FEDERATED_SHARING');
-		$endpoint = isset($federationEndpoints['share']) ? $federationEndpoints['share'] : '/ocs/v2.php/cloud/shares';
-		try {
-			$response = $client->post($remoteDomain . $endpoint . $urlSuffix . '?format=' . self::RESPONSE_FORMAT, [
-				'body' => $fields,
-				'timeout' => 10,
-				'connect_timeout' => 10,
-			]);
-			$result['result'] = $response->getBody();
-			$result['success'] = true;
-		} catch (\Exception $e) {
-			// if flat re-sharing is not supported by the remote server
-			// we re-throw the exception and fall back to the old behaviour.
-			// (flat re-shares has been introduced in Nextcloud 9.1)
-			if ($e->getCode() === Http::STATUS_INTERNAL_SERVER_ERROR) {
-				throw $e;
-			}
-		}
-
-		return $result;
-	}
-
-	/**
-	 * send action regarding federated sharing to the remote server using the OCM API
-	 *
-	 * @param $remoteDomain
-	 * @param $fields
-	 * @param $action
-	 *
-	 * @return array|false
-	 */
-	protected function tryOCMEndPoint($remoteDomain, $fields, $action) {
-		switch ($action) {
-			case 'share':
-				$share = $this->cloudFederationFactory->getCloudFederationShare(
-					$fields['shareWith'] . '@' . $remoteDomain,
-					$fields['name'],
-					'',
-					$fields['remoteId'],
-					$fields['ownerFederatedId'],
-					$fields['owner'],
-					$fields['sharedByFederatedId'],
-					$fields['sharedBy'],
-					$fields['token'],
-					$fields['shareType'],
-					'file'
-				);
-				return $this->federationProviderManager->sendShare($share);
-			case 'reshare':
-				// ask owner to reshare a file
-				$notification = $this->cloudFederationFactory->getCloudFederationNotification();
-				$notification->setMessage('REQUEST_RESHARE',
-					'file',
-					$fields['remoteId'],
-					[
-						'sharedSecret' => $fields['token'],
-						'shareWith' => $fields['shareWith'],
-						'senderId' => $fields['localId'],
-						'shareType' => $fields['shareType'],
-						'message' => 'Ask owner to reshare the file'
-					]
-				);
-				return $this->federationProviderManager->sendNotification($remoteDomain, $notification);
-			case 'unshare':
-				//owner unshares the file from the recipient again
-				$notification = $this->cloudFederationFactory->getCloudFederationNotification();
-				$notification->setMessage('SHARE_UNSHARED',
-					'file',
-					$fields['remoteId'],
-					[
-						'sharedSecret' => $fields['token'],
-						'messgage' => 'file is no longer shared with you'
-					]
-				);
-				return $this->federationProviderManager->sendNotification($remoteDomain, $notification);
-			case 'reshare_undo':
-				// if a reshare was unshared we send the information to the initiator/owner
-				$notification = $this->cloudFederationFactory->getCloudFederationNotification();
-				$notification->setMessage('RESHARE_UNDO',
-					'file',
-					$fields['remoteId'],
-					[
-						'sharedSecret' => $fields['token'],
-						'message' => 'reshare was revoked'
-					]
-				);
-				return $this->federationProviderManager->sendNotification($remoteDomain, $notification);
-		}
-
-		return false;
-	}
+    public const RESPONSE_FORMAT = 'json'; // default response format for ocs calls
+
+    /** @var AddressHandler */
+    private $addressHandler;
+
+    /** @var IClientService */
+    private $httpClientService;
+
+    /** @var IDiscoveryService */
+    private $discoveryService;
+
+    /** @var IJobList  */
+    private $jobList;
+
+    /** @var ICloudFederationProviderManager */
+    private $federationProviderManager;
+
+    /** @var ICloudFederationFactory */
+    private $cloudFederationFactory;
+
+    /** @var IEventDispatcher */
+    private $eventDispatcher;
+
+    /** @var ILogger */
+    private $logger;
+
+    public function __construct(
+        AddressHandler $addressHandler,
+        IClientService $httpClientService,
+        IDiscoveryService $discoveryService,
+        ILogger $logger,
+        IJobList $jobList,
+        ICloudFederationProviderManager $federationProviderManager,
+        ICloudFederationFactory $cloudFederationFactory,
+        IEventDispatcher $eventDispatcher
+    ) {
+        $this->addressHandler = $addressHandler;
+        $this->httpClientService = $httpClientService;
+        $this->discoveryService = $discoveryService;
+        $this->jobList = $jobList;
+        $this->logger = $logger;
+        $this->federationProviderManager = $federationProviderManager;
+        $this->cloudFederationFactory = $cloudFederationFactory;
+        $this->eventDispatcher = $eventDispatcher;
+    }
+
+    /**
+     * send server-to-server share to remote server
+     *
+     * @param string $token
+     * @param string $shareWith
+     * @param string $name
+     * @param string $remoteId
+     * @param string $owner
+     * @param string $ownerFederatedId
+     * @param string $sharedBy
+     * @param string $sharedByFederatedId
+     * @param int $shareType (can be a remote user or group share)
+     * @return bool
+     * @throws \OCP\HintException
+     * @throws \OC\ServerNotAvailableException
+     */
+    public function sendRemoteShare($token, $shareWith, $name, $remoteId, $owner, $ownerFederatedId, $sharedBy, $sharedByFederatedId, $shareType) {
+        [$user, $remote] = $this->addressHandler->splitUserRemote($shareWith);
+
+        if ($user && $remote) {
+            $local = $this->addressHandler->generateRemoteURL();
+
+            $fields = [
+                'shareWith' => $user,
+                'token' => $token,
+                'name' => $name,
+                'remoteId' => $remoteId,
+                'owner' => $owner,
+                'ownerFederatedId' => $ownerFederatedId,
+                'sharedBy' => $sharedBy,
+                'sharedByFederatedId' => $sharedByFederatedId,
+                'remote' => $local,
+                'shareType' => $shareType
+            ];
+
+            $result = $this->tryHttpPostToShareEndpoint($remote, '', $fields);
+            $status = json_decode($result['result'], true);
+
+            $ocsStatus = isset($status['ocs']);
+            $ocsSuccess = $ocsStatus && ($status['ocs']['meta']['statuscode'] === 100 || $status['ocs']['meta']['statuscode'] === 200);
+
+            if ($result['success'] && (!$ocsStatus || $ocsSuccess)) {
+                $event = new FederatedShareAddedEvent($remote);
+                $this->eventDispatcher->dispatchTyped($event);
+                return true;
+            } else {
+                $this->logger->info(
+                    "failed sharing $name with $shareWith",
+                    ['app' => 'federatedfilesharing']
+                );
+            }
+        } else {
+            $this->logger->info(
+                "could not share $name, invalid contact $shareWith",
+                ['app' => 'federatedfilesharing']
+            );
+        }
+
+        return false;
+    }
+
+    /**
+     * ask owner to re-share the file with the given user
+     *
+     * @param string $token
+     * @param string $id remote Id
+     * @param string $shareId internal share Id
+     * @param string $remote remote address of the owner
+     * @param string $shareWith
+     * @param int $permission
+     * @param string $filename
+     * @return array|false
+     * @throws \OCP\HintException
+     * @throws \OC\ServerNotAvailableException
+     */
+    public function requestReShare($token, $id, $shareId, $remote, $shareWith, $permission, $filename) {
+        $fields = [
+            'shareWith' => $shareWith,
+            'token' => $token,
+            'permission' => $permission,
+            'remoteId' => $shareId,
+        ];
+
+        $ocmFields = $fields;
+        $ocmFields['remoteId'] = (string)$id;
+        $ocmFields['localId'] = $shareId;
+        $ocmFields['name'] = $filename;
+
+        $ocmResult = $this->tryOCMEndPoint($remote, $ocmFields, 'reshare');
+        if (is_array($ocmResult) && isset($ocmResult['token']) && isset($ocmResult['providerId'])) {
+            return [$ocmResult['token'], $ocmResult['providerId']];
+        }
+
+        $result = $this->tryLegacyEndPoint(rtrim($remote, '/'), '/' . $id . '/reshare', $fields);
+        $status = json_decode($result['result'], true);
+
+        $httpRequestSuccessful = $result['success'];
+        $ocsCallSuccessful = $status['ocs']['meta']['statuscode'] === 100 || $status['ocs']['meta']['statuscode'] === 200;
+        $validToken = isset($status['ocs']['data']['token']) && is_string($status['ocs']['data']['token']);
+        $validRemoteId = isset($status['ocs']['data']['remoteId']);
+
+        if ($httpRequestSuccessful && $ocsCallSuccessful && $validToken && $validRemoteId) {
+            return [
+                $status['ocs']['data']['token'],
+                $status['ocs']['data']['remoteId']
+            ];
+        } elseif (!$validToken) {
+            $this->logger->info(
+                "invalid or missing token requesting re-share for $filename to $remote",
+                ['app' => 'federatedfilesharing']
+            );
+        } elseif (!$validRemoteId) {
+            $this->logger->info(
+                "missing remote id requesting re-share for $filename to $remote",
+                ['app' => 'federatedfilesharing']
+            );
+        } else {
+            $this->logger->info(
+                "failed requesting re-share for $filename to $remote",
+                ['app' => 'federatedfilesharing']
+            );
+        }
+
+        return false;
+    }
+
+    /**
+     * send server-to-server unshare to remote server
+     *
+     * @param string $remote url
+     * @param string $id share id
+     * @param string $token
+     * @return bool
+     */
+    public function sendRemoteUnShare($remote, $id, $token) {
+        $this->sendUpdateToRemote($remote, $id, $token, 'unshare');
+    }
+
+    /**
+     * send server-to-server unshare to remote server
+     *
+     * @param string $remote url
+     * @param string $id share id
+     * @param string $token
+     * @return bool
+     */
+    public function sendRevokeShare($remote, $id, $token) {
+        $this->sendUpdateToRemote($remote, $id, $token, 'reshare_undo');
+    }
+
+    /**
+     * send notification to remote server if the permissions was changed
+     *
+     * @param string $remote
+     * @param string $remoteId
+     * @param string $token
+     * @param int $permissions
+     * @return bool
+     */
+    public function sendPermissionChange($remote, $remoteId, $token, $permissions) {
+        $this->sendUpdateToRemote($remote, $remoteId, $token, 'permissions', ['permissions' => $permissions]);
+    }
+
+    /**
+     * forward accept reShare to remote server
+     *
+     * @param string $remote
+     * @param string $remoteId
+     * @param string $token
+     */
+    public function sendAcceptShare($remote, $remoteId, $token) {
+        $this->sendUpdateToRemote($remote, $remoteId, $token, 'accept');
+    }
+
+    /**
+     * forward decline reShare to remote server
+     *
+     * @param string $remote
+     * @param string $remoteId
+     * @param string $token
+     */
+    public function sendDeclineShare($remote, $remoteId, $token) {
+        $this->sendUpdateToRemote($remote, $remoteId, $token, 'decline');
+    }
+
+    /**
+     * inform remote server whether server-to-server share was accepted/declined
+     *
+     * @param string $remote
+     * @param string $token
+     * @param string $remoteId Share id on the remote host
+     * @param string $action possible actions: accept, decline, unshare, revoke, permissions
+     * @param array $data
+     * @param int $try
+     * @return boolean
+     */
+    public function sendUpdateToRemote($remote, $remoteId, $token, $action, $data = [], $try = 0) {
+        $fields = [
+            'token' => $token,
+            'remoteId' => $remoteId
+        ];
+        foreach ($data as $key => $value) {
+            $fields[$key] = $value;
+        }
+
+        $result = $this->tryHttpPostToShareEndpoint(rtrim($remote, '/'), '/' . $remoteId . '/' . $action, $fields, $action);
+        $status = json_decode($result['result'], true);
+
+        if ($result['success'] &&
+            ($status['ocs']['meta']['statuscode'] === 100 ||
+                $status['ocs']['meta']['statuscode'] === 200
+            )
+        ) {
+            return true;
+        } elseif ($try === 0) {
+            // only add new job on first try
+            $this->jobList->add('OCA\FederatedFileSharing\BackgroundJob\RetryJob',
+                [
+                    'remote' => $remote,
+                    'remoteId' => $remoteId,
+                    'token' => $token,
+                    'action' => $action,
+                    'data' => json_encode($data),
+                    'try' => $try,
+                    'lastRun' => $this->getTimestamp()
+                ]
+            );
+        }
+
+        return false;
+    }
+
+
+    /**
+     * return current timestamp
+     *
+     * @return int
+     */
+    protected function getTimestamp() {
+        return time();
+    }
+
+    /**
+     * try http post with the given protocol, if no protocol is given we pick
+     * the secure one (https)
+     *
+     * @param string $remoteDomain
+     * @param string $urlSuffix
+     * @param array $fields post parameters
+     * @param string $action define the action (possible values: share, reshare, accept, decline, unshare, revoke, permissions)
+     * @return array
+     * @throws \Exception
+     */
+    protected function tryHttpPostToShareEndpoint($remoteDomain, $urlSuffix, array $fields, $action = "share") {
+        if ($this->addressHandler->urlContainProtocol($remoteDomain) === false) {
+            $remoteDomain = 'https://' . $remoteDomain;
+        }
+
+        $result = [
+            'success' => false,
+            'result' => '',
+        ];
+
+        // if possible we use the new OCM API
+        $ocmResult = $this->tryOCMEndPoint($remoteDomain, $fields, $action);
+        if (is_array($ocmResult)) {
+            $result['success'] = true;
+            $result['result'] = json_encode([
+                'ocs' => ['meta' => ['statuscode' => 200]]]);
+            return $result;
+        }
+
+        return $this->tryLegacyEndPoint($remoteDomain, $urlSuffix, $fields);
+    }
+
+    /**
+     * try old federated sharing API if the OCM api doesn't work
+     *
+     * @param $remoteDomain
+     * @param $urlSuffix
+     * @param array $fields
+     * @return mixed
+     * @throws \Exception
+     */
+    protected function tryLegacyEndPoint($remoteDomain, $urlSuffix, array $fields) {
+        $result = [
+            'success' => false,
+            'result' => '',
+        ];
+
+        // Fall back to old API
+        $client = $this->httpClientService->newClient();
+        $federationEndpoints = $this->discoveryService->discover($remoteDomain, 'FEDERATED_SHARING');
+        $endpoint = isset($federationEndpoints['share']) ? $federationEndpoints['share'] : '/ocs/v2.php/cloud/shares';
+        try {
+            $response = $client->post($remoteDomain . $endpoint . $urlSuffix . '?format=' . self::RESPONSE_FORMAT, [
+                'body' => $fields,
+                'timeout' => 10,
+                'connect_timeout' => 10,
+            ]);
+            $result['result'] = $response->getBody();
+            $result['success'] = true;
+        } catch (\Exception $e) {
+            // if flat re-sharing is not supported by the remote server
+            // we re-throw the exception and fall back to the old behaviour.
+            // (flat re-shares has been introduced in Nextcloud 9.1)
+            if ($e->getCode() === Http::STATUS_INTERNAL_SERVER_ERROR) {
+                throw $e;
+            }
+        }
+
+        return $result;
+    }
+
+    /**
+     * send action regarding federated sharing to the remote server using the OCM API
+     *
+     * @param $remoteDomain
+     * @param $fields
+     * @param $action
+     *
+     * @return array|false
+     */
+    protected function tryOCMEndPoint($remoteDomain, $fields, $action) {
+        switch ($action) {
+            case 'share':
+                $share = $this->cloudFederationFactory->getCloudFederationShare(
+                    $fields['shareWith'] . '@' . $remoteDomain,
+                    $fields['name'],
+                    '',
+                    $fields['remoteId'],
+                    $fields['ownerFederatedId'],
+                    $fields['owner'],
+                    $fields['sharedByFederatedId'],
+                    $fields['sharedBy'],
+                    $fields['token'],
+                    $fields['shareType'],
+                    'file'
+                );
+                return $this->federationProviderManager->sendShare($share);
+            case 'reshare':
+                // ask owner to reshare a file
+                $notification = $this->cloudFederationFactory->getCloudFederationNotification();
+                $notification->setMessage('REQUEST_RESHARE',
+                    'file',
+                    $fields['remoteId'],
+                    [
+                        'sharedSecret' => $fields['token'],
+                        'shareWith' => $fields['shareWith'],
+                        'senderId' => $fields['localId'],
+                        'shareType' => $fields['shareType'],
+                        'message' => 'Ask owner to reshare the file'
+                    ]
+                );
+                return $this->federationProviderManager->sendNotification($remoteDomain, $notification);
+            case 'unshare':
+                //owner unshares the file from the recipient again
+                $notification = $this->cloudFederationFactory->getCloudFederationNotification();
+                $notification->setMessage('SHARE_UNSHARED',
+                    'file',
+                    $fields['remoteId'],
+                    [
+                        'sharedSecret' => $fields['token'],
+                        'messgage' => 'file is no longer shared with you'
+                    ]
+                );
+                return $this->federationProviderManager->sendNotification($remoteDomain, $notification);
+            case 'reshare_undo':
+                // if a reshare was unshared we send the information to the initiator/owner
+                $notification = $this->cloudFederationFactory->getCloudFederationNotification();
+                $notification->setMessage('RESHARE_UNDO',
+                    'file',
+                    $fields['remoteId'],
+                    [
+                        'sharedSecret' => $fields['token'],
+                        'message' => 'reshare was revoked'
+                    ]
+                );
+                return $this->federationProviderManager->sendNotification($remoteDomain, $notification);
+        }
+
+        return false;
+    }
 }

Please login to merge, or discard this patch.

apps/federatedfilesharing/lib/FederatedShareProvider.php 1 patch

Indentation +1076 added lines, -1076 removed lines patch added patch discarded remove patch

@@ -63,1090 +63,1090 @@
 block discarded – undo
  * @package OCA\FederatedFileSharing
  */
 class FederatedShareProvider implements IShareProvider {
-	public const SHARE_TYPE_REMOTE = 6;
-
-	/** @var IDBConnection */
-	private $dbConnection;
-
-	/** @var AddressHandler */
-	private $addressHandler;
-
-	/** @var Notifications */
-	private $notifications;
-
-	/** @var TokenHandler */
-	private $tokenHandler;
-
-	/** @var IL10N */
-	private $l;
-
-	/** @var ILogger */
-	private $logger;
-
-	/** @var IRootFolder */
-	private $rootFolder;
-
-	/** @var IConfig */
-	private $config;
-
-	/** @var string */
-	private $externalShareTable = 'share_external';
-
-	/** @var IUserManager */
-	private $userManager;
-
-	/** @var ICloudIdManager */
-	private $cloudIdManager;
-
-	/** @var \OCP\GlobalScale\IConfig */
-	private $gsConfig;
-
-	/** @var ICloudFederationProviderManager */
-	private $cloudFederationProviderManager;
-
-	/** @var array list of supported share types */
-	private $supportedShareType = [IShare::TYPE_REMOTE_GROUP, IShare::TYPE_REMOTE, IShare::TYPE_CIRCLE];
-
-	/**
-	 * DefaultShareProvider constructor.
-	 *
-	 * @param IDBConnection $connection
-	 * @param AddressHandler $addressHandler
-	 * @param Notifications $notifications
-	 * @param TokenHandler $tokenHandler
-	 * @param IL10N $l10n
-	 * @param ILogger $logger
-	 * @param IRootFolder $rootFolder
-	 * @param IConfig $config
-	 * @param IUserManager $userManager
-	 * @param ICloudIdManager $cloudIdManager
-	 * @param \OCP\GlobalScale\IConfig $globalScaleConfig
-	 * @param ICloudFederationProviderManager $cloudFederationProviderManager
-	 */
-	public function __construct(
-			IDBConnection $connection,
-			AddressHandler $addressHandler,
-			Notifications $notifications,
-			TokenHandler $tokenHandler,
-			IL10N $l10n,
-			ILogger $logger,
-			IRootFolder $rootFolder,
-			IConfig $config,
-			IUserManager $userManager,
-			ICloudIdManager $cloudIdManager,
-			\OCP\GlobalScale\IConfig $globalScaleConfig,
-			ICloudFederationProviderManager $cloudFederationProviderManager
-	) {
-		$this->dbConnection = $connection;
-		$this->addressHandler = $addressHandler;
-		$this->notifications = $notifications;
-		$this->tokenHandler = $tokenHandler;
-		$this->l = $l10n;
-		$this->logger = $logger;
-		$this->rootFolder = $rootFolder;
-		$this->config = $config;
-		$this->userManager = $userManager;
-		$this->cloudIdManager = $cloudIdManager;
-		$this->gsConfig = $globalScaleConfig;
-		$this->cloudFederationProviderManager = $cloudFederationProviderManager;
-	}
-
-	/**
-	 * Return the identifier of this provider.
-	 *
-	 * @return string Containing only [a-zA-Z0-9]
-	 */
-	public function identifier() {
-		return 'ocFederatedSharing';
-	}
-
-	/**
-	 * Share a path
-	 *
-	 * @param IShare $share
-	 * @return IShare The share object
-	 * @throws ShareNotFound
-	 * @throws \Exception
-	 */
-	public function create(IShare $share) {
-		$shareWith = $share->getSharedWith();
-		$itemSource = $share->getNodeId();
-		$itemType = $share->getNodeType();
-		$permissions = $share->getPermissions();
-		$sharedBy = $share->getSharedBy();
-		$shareType = $share->getShareType();
-		$expirationDate = $share->getExpirationDate();
-
-		if ($shareType === IShare::TYPE_REMOTE_GROUP &&
-			!$this->isOutgoingServer2serverGroupShareEnabled()
-		) {
-			$message = 'It is not allowed to send federated group shares from this server.';
-			$message_t = $this->l->t('It is not allowed to send federated group shares from this server.');
-			$this->logger->debug($message, ['app' => 'Federated File Sharing']);
-			throw new \Exception($message_t);
-		}
-
-		/*
+    public const SHARE_TYPE_REMOTE = 6;
+
+    /** @var IDBConnection */
+    private $dbConnection;
+
+    /** @var AddressHandler */
+    private $addressHandler;
+
+    /** @var Notifications */
+    private $notifications;
+
+    /** @var TokenHandler */
+    private $tokenHandler;
+
+    /** @var IL10N */
+    private $l;
+
+    /** @var ILogger */
+    private $logger;
+
+    /** @var IRootFolder */
+    private $rootFolder;
+
+    /** @var IConfig */
+    private $config;
+
+    /** @var string */
+    private $externalShareTable = 'share_external';
+
+    /** @var IUserManager */
+    private $userManager;
+
+    /** @var ICloudIdManager */
+    private $cloudIdManager;
+
+    /** @var \OCP\GlobalScale\IConfig */
+    private $gsConfig;
+
+    /** @var ICloudFederationProviderManager */
+    private $cloudFederationProviderManager;
+
+    /** @var array list of supported share types */
+    private $supportedShareType = [IShare::TYPE_REMOTE_GROUP, IShare::TYPE_REMOTE, IShare::TYPE_CIRCLE];
+
+    /**
+     * DefaultShareProvider constructor.
+     *
+     * @param IDBConnection $connection
+     * @param AddressHandler $addressHandler
+     * @param Notifications $notifications
+     * @param TokenHandler $tokenHandler
+     * @param IL10N $l10n
+     * @param ILogger $logger
+     * @param IRootFolder $rootFolder
+     * @param IConfig $config
+     * @param IUserManager $userManager
+     * @param ICloudIdManager $cloudIdManager
+     * @param \OCP\GlobalScale\IConfig $globalScaleConfig
+     * @param ICloudFederationProviderManager $cloudFederationProviderManager
+     */
+    public function __construct(
+            IDBConnection $connection,
+            AddressHandler $addressHandler,
+            Notifications $notifications,
+            TokenHandler $tokenHandler,
+            IL10N $l10n,
+            ILogger $logger,
+            IRootFolder $rootFolder,
+            IConfig $config,
+            IUserManager $userManager,
+            ICloudIdManager $cloudIdManager,
+            \OCP\GlobalScale\IConfig $globalScaleConfig,
+            ICloudFederationProviderManager $cloudFederationProviderManager
+    ) {
+        $this->dbConnection = $connection;
+        $this->addressHandler = $addressHandler;
+        $this->notifications = $notifications;
+        $this->tokenHandler = $tokenHandler;
+        $this->l = $l10n;
+        $this->logger = $logger;
+        $this->rootFolder = $rootFolder;
+        $this->config = $config;
+        $this->userManager = $userManager;
+        $this->cloudIdManager = $cloudIdManager;
+        $this->gsConfig = $globalScaleConfig;
+        $this->cloudFederationProviderManager = $cloudFederationProviderManager;
+    }
+
+    /**
+     * Return the identifier of this provider.
+     *
+     * @return string Containing only [a-zA-Z0-9]
+     */
+    public function identifier() {
+        return 'ocFederatedSharing';
+    }
+
+    /**
+     * Share a path
+     *
+     * @param IShare $share
+     * @return IShare The share object
+     * @throws ShareNotFound
+     * @throws \Exception
+     */
+    public function create(IShare $share) {
+        $shareWith = $share->getSharedWith();
+        $itemSource = $share->getNodeId();
+        $itemType = $share->getNodeType();
+        $permissions = $share->getPermissions();
+        $sharedBy = $share->getSharedBy();
+        $shareType = $share->getShareType();
+        $expirationDate = $share->getExpirationDate();
+
+        if ($shareType === IShare::TYPE_REMOTE_GROUP &&
+            !$this->isOutgoingServer2serverGroupShareEnabled()
+        ) {
+            $message = 'It is not allowed to send federated group shares from this server.';
+            $message_t = $this->l->t('It is not allowed to send federated group shares from this server.');
+            $this->logger->debug($message, ['app' => 'Federated File Sharing']);
+            throw new \Exception($message_t);
+        }
+
+        /*
 		 * Check if file is not already shared with the remote user
 		 */
-		$alreadyShared = $this->getSharedWith($shareWith, IShare::TYPE_REMOTE, $share->getNode(), 1, 0);
-		$alreadySharedGroup = $this->getSharedWith($shareWith, IShare::TYPE_REMOTE_GROUP, $share->getNode(), 1, 0);
-		if (!empty($alreadyShared) || !empty($alreadySharedGroup)) {
-			$message = 'Sharing %1$s failed, because this item is already shared with %2$s';
-			$message_t = $this->l->t('Sharing %1$s failed, because this item is already shared with user %2$s', [$share->getNode()->getName(), $shareWith]);
-			$this->logger->debug(sprintf($message, $share->getNode()->getName(), $shareWith), ['app' => 'Federated File Sharing']);
-			throw new \Exception($message_t);
-		}
-
-
-		// don't allow federated shares if source and target server are the same
-		$cloudId = $this->cloudIdManager->resolveCloudId($shareWith);
-		$currentServer = $this->addressHandler->generateRemoteURL();
-		$currentUser = $sharedBy;
-		if ($this->addressHandler->compareAddresses($cloudId->getUser(), $cloudId->getRemote(), $currentUser, $currentServer)) {
-			$message = 'Not allowed to create a federated share with the same user.';
-			$message_t = $this->l->t('Not allowed to create a federated share with the same user');
-			$this->logger->debug($message, ['app' => 'Federated File Sharing']);
-			throw new \Exception($message_t);
-		}
-
-		// Federated shares always have read permissions
-		if (($share->getPermissions() & Constants::PERMISSION_READ) === 0) {
-			$message = 'Federated shares require read permissions';
-			$message_t = $this->l->t('Federated shares require read permissions');
-			$this->logger->debug($message, ['app' => 'Federated File Sharing']);
-			throw new \Exception($message_t);
-		}
-
-		$share->setSharedWith($cloudId->getId());
-
-		try {
-			$remoteShare = $this->getShareFromExternalShareTable($share);
-		} catch (ShareNotFound $e) {
-			$remoteShare = null;
-		}
-
-		if ($remoteShare) {
-			try {
-				$ownerCloudId = $this->cloudIdManager->getCloudId($remoteShare['owner'], $remoteShare['remote']);
-				$shareId = $this->addShareToDB($itemSource, $itemType, $shareWith, $sharedBy, $ownerCloudId->getId(), $permissions, 'tmp_token_' . time(), $shareType, $expirationDate);
-				$share->setId($shareId);
-				[$token, $remoteId] = $this->askOwnerToReShare($shareWith, $share, $shareId);
-				// remote share was create successfully if we get a valid token as return
-				$send = is_string($token) && $token !== '';
-			} catch (\Exception $e) {
-				// fall back to old re-share behavior if the remote server
-				// doesn't support flat re-shares (was introduced with Nextcloud 9.1)
-				$this->removeShareFromTable($share);
-				$shareId = $this->createFederatedShare($share);
-			}
-			if ($send) {
-				$this->updateSuccessfulReshare($shareId, $token);
-				$this->storeRemoteId($shareId, $remoteId);
-			} else {
-				$this->removeShareFromTable($share);
-				$message_t = $this->l->t('File is already shared with %s', [$shareWith]);
-				throw new \Exception($message_t);
-			}
-		} else {
-			$shareId = $this->createFederatedShare($share);
-		}
-
-		$data = $this->getRawShare($shareId);
-		return $this->createShareObject($data);
-	}
-
-	/**
-	 * create federated share and inform the recipient
-	 *
-	 * @param IShare $share
-	 * @return int
-	 * @throws ShareNotFound
-	 * @throws \Exception
-	 */
-	protected function createFederatedShare(IShare $share) {
-		$token = $this->tokenHandler->generateToken();
-		$shareId = $this->addShareToDB(
-			$share->getNodeId(),
-			$share->getNodeType(),
-			$share->getSharedWith(),
-			$share->getSharedBy(),
-			$share->getShareOwner(),
-			$share->getPermissions(),
-			$token,
-			$share->getShareType(),
-			$share->getExpirationDate()
-		);
-
-		$failure = false;
-
-		try {
-			$sharedByFederatedId = $share->getSharedBy();
-			if ($this->userManager->userExists($sharedByFederatedId)) {
-				$cloudId = $this->cloudIdManager->getCloudId($sharedByFederatedId, $this->addressHandler->generateRemoteURL());
-				$sharedByFederatedId = $cloudId->getId();
-			}
-			$ownerCloudId = $this->cloudIdManager->getCloudId($share->getShareOwner(), $this->addressHandler->generateRemoteURL());
-			$send = $this->notifications->sendRemoteShare(
-				$token,
-				$share->getSharedWith(),
-				$share->getNode()->getName(),
-				$shareId,
-				$share->getShareOwner(),
-				$ownerCloudId->getId(),
-				$share->getSharedBy(),
-				$sharedByFederatedId,
-				$share->getShareType()
-			);
-
-			if ($send === false) {
-				$failure = true;
-			}
-		} catch (\Exception $e) {
-			$this->logger->logException($e, [
-				'message' => 'Failed to notify remote server of federated share, removing share.',
-				'level' => ILogger::ERROR,
-				'app' => 'federatedfilesharing',
-			]);
-			$failure = true;
-		}
-
-		if ($failure) {
-			$this->removeShareFromTableById($shareId);
-			$message_t = $this->l->t('Sharing %1$s failed, could not find %2$s, maybe the server is currently unreachable or uses a self-signed certificate.',
-				[$share->getNode()->getName(), $share->getSharedWith()]);
-			throw new \Exception($message_t);
-		}
-
-		return $shareId;
-	}
-
-	/**
-	 * @param string $shareWith
-	 * @param IShare $share
-	 * @param string $shareId internal share Id
-	 * @return array
-	 * @throws \Exception
-	 */
-	protected function askOwnerToReShare($shareWith, IShare $share, $shareId) {
-		$remoteShare = $this->getShareFromExternalShareTable($share);
-		$token = $remoteShare['share_token'];
-		$remoteId = $remoteShare['remote_id'];
-		$remote = $remoteShare['remote'];
-
-		[$token, $remoteId] = $this->notifications->requestReShare(
-			$token,
-			$remoteId,
-			$shareId,
-			$remote,
-			$shareWith,
-			$share->getPermissions(),
-			$share->getNode()->getName()
-		);
-
-		return [$token, $remoteId];
-	}
-
-	/**
-	 * get federated share from the share_external table but exclude mounted link shares
-	 *
-	 * @param IShare $share
-	 * @return array
-	 * @throws ShareNotFound
-	 */
-	protected function getShareFromExternalShareTable(IShare $share) {
-		$query = $this->dbConnection->getQueryBuilder();
-		$query->select('*')->from($this->externalShareTable)
-			->where($query->expr()->eq('user', $query->createNamedParameter($share->getShareOwner())))
-			->andWhere($query->expr()->eq('mountpoint', $query->createNamedParameter($share->getTarget())));
-		$qResult = $query->execute();
-		$result = $qResult->fetchAll();
-		$qResult->closeCursor();
-
-		if (isset($result[0]) && (int)$result[0]['remote_id'] > 0) {
-			return $result[0];
-		}
-
-		throw new ShareNotFound('share not found in share_external table');
-	}
-
-	/**
-	 * add share to the database and return the ID
-	 *
-	 * @param int $itemSource
-	 * @param string $itemType
-	 * @param string $shareWith
-	 * @param string $sharedBy
-	 * @param string $uidOwner
-	 * @param int $permissions
-	 * @param string $token
-	 * @param int $shareType
-	 * @param \DateTime $expirationDate
-	 * @return int
-	 */
-	private function addShareToDB($itemSource, $itemType, $shareWith, $sharedBy, $uidOwner, $permissions, $token, $shareType, $expirationDate) {
-		$qb = $this->dbConnection->getQueryBuilder();
-		$qb->insert('share')
-			->setValue('share_type', $qb->createNamedParameter($shareType))
-			->setValue('item_type', $qb->createNamedParameter($itemType))
-			->setValue('item_source', $qb->createNamedParameter($itemSource))
-			->setValue('file_source', $qb->createNamedParameter($itemSource))
-			->setValue('share_with', $qb->createNamedParameter($shareWith))
-			->setValue('uid_owner', $qb->createNamedParameter($uidOwner))
-			->setValue('uid_initiator', $qb->createNamedParameter($sharedBy))
-			->setValue('permissions', $qb->createNamedParameter($permissions))
-			->setValue('expiration', $qb->createNamedParameter($expirationDate, IQueryBuilder::PARAM_DATE))
-			->setValue('token', $qb->createNamedParameter($token))
-			->setValue('stime', $qb->createNamedParameter(time()));
-
-		/*
+        $alreadyShared = $this->getSharedWith($shareWith, IShare::TYPE_REMOTE, $share->getNode(), 1, 0);
+        $alreadySharedGroup = $this->getSharedWith($shareWith, IShare::TYPE_REMOTE_GROUP, $share->getNode(), 1, 0);
+        if (!empty($alreadyShared) || !empty($alreadySharedGroup)) {
+            $message = 'Sharing %1$s failed, because this item is already shared with %2$s';
+            $message_t = $this->l->t('Sharing %1$s failed, because this item is already shared with user %2$s', [$share->getNode()->getName(), $shareWith]);
+            $this->logger->debug(sprintf($message, $share->getNode()->getName(), $shareWith), ['app' => 'Federated File Sharing']);
+            throw new \Exception($message_t);
+        }
+
+
+        // don't allow federated shares if source and target server are the same
+        $cloudId = $this->cloudIdManager->resolveCloudId($shareWith);
+        $currentServer = $this->addressHandler->generateRemoteURL();
+        $currentUser = $sharedBy;
+        if ($this->addressHandler->compareAddresses($cloudId->getUser(), $cloudId->getRemote(), $currentUser, $currentServer)) {
+            $message = 'Not allowed to create a federated share with the same user.';
+            $message_t = $this->l->t('Not allowed to create a federated share with the same user');
+            $this->logger->debug($message, ['app' => 'Federated File Sharing']);
+            throw new \Exception($message_t);
+        }
+
+        // Federated shares always have read permissions
+        if (($share->getPermissions() & Constants::PERMISSION_READ) === 0) {
+            $message = 'Federated shares require read permissions';
+            $message_t = $this->l->t('Federated shares require read permissions');
+            $this->logger->debug($message, ['app' => 'Federated File Sharing']);
+            throw new \Exception($message_t);
+        }
+
+        $share->setSharedWith($cloudId->getId());
+
+        try {
+            $remoteShare = $this->getShareFromExternalShareTable($share);
+        } catch (ShareNotFound $e) {
+            $remoteShare = null;
+        }
+
+        if ($remoteShare) {
+            try {
+                $ownerCloudId = $this->cloudIdManager->getCloudId($remoteShare['owner'], $remoteShare['remote']);
+                $shareId = $this->addShareToDB($itemSource, $itemType, $shareWith, $sharedBy, $ownerCloudId->getId(), $permissions, 'tmp_token_' . time(), $shareType, $expirationDate);
+                $share->setId($shareId);
+                [$token, $remoteId] = $this->askOwnerToReShare($shareWith, $share, $shareId);
+                // remote share was create successfully if we get a valid token as return
+                $send = is_string($token) && $token !== '';
+            } catch (\Exception $e) {
+                // fall back to old re-share behavior if the remote server
+                // doesn't support flat re-shares (was introduced with Nextcloud 9.1)
+                $this->removeShareFromTable($share);
+                $shareId = $this->createFederatedShare($share);
+            }
+            if ($send) {
+                $this->updateSuccessfulReshare($shareId, $token);
+                $this->storeRemoteId($shareId, $remoteId);
+            } else {
+                $this->removeShareFromTable($share);
+                $message_t = $this->l->t('File is already shared with %s', [$shareWith]);
+                throw new \Exception($message_t);
+            }
+        } else {
+            $shareId = $this->createFederatedShare($share);
+        }
+
+        $data = $this->getRawShare($shareId);
+        return $this->createShareObject($data);
+    }
+
+    /**
+     * create federated share and inform the recipient
+     *
+     * @param IShare $share
+     * @return int
+     * @throws ShareNotFound
+     * @throws \Exception
+     */
+    protected function createFederatedShare(IShare $share) {
+        $token = $this->tokenHandler->generateToken();
+        $shareId = $this->addShareToDB(
+            $share->getNodeId(),
+            $share->getNodeType(),
+            $share->getSharedWith(),
+            $share->getSharedBy(),
+            $share->getShareOwner(),
+            $share->getPermissions(),
+            $token,
+            $share->getShareType(),
+            $share->getExpirationDate()
+        );
+
+        $failure = false;
+
+        try {
+            $sharedByFederatedId = $share->getSharedBy();
+            if ($this->userManager->userExists($sharedByFederatedId)) {
+                $cloudId = $this->cloudIdManager->getCloudId($sharedByFederatedId, $this->addressHandler->generateRemoteURL());
+                $sharedByFederatedId = $cloudId->getId();
+            }
+            $ownerCloudId = $this->cloudIdManager->getCloudId($share->getShareOwner(), $this->addressHandler->generateRemoteURL());
+            $send = $this->notifications->sendRemoteShare(
+                $token,
+                $share->getSharedWith(),
+                $share->getNode()->getName(),
+                $shareId,
+                $share->getShareOwner(),
+                $ownerCloudId->getId(),
+                $share->getSharedBy(),
+                $sharedByFederatedId,
+                $share->getShareType()
+            );
+
+            if ($send === false) {
+                $failure = true;
+            }
+        } catch (\Exception $e) {
+            $this->logger->logException($e, [
+                'message' => 'Failed to notify remote server of federated share, removing share.',
+                'level' => ILogger::ERROR,
+                'app' => 'federatedfilesharing',
+            ]);
+            $failure = true;
+        }
+
+        if ($failure) {
+            $this->removeShareFromTableById($shareId);
+            $message_t = $this->l->t('Sharing %1$s failed, could not find %2$s, maybe the server is currently unreachable or uses a self-signed certificate.',
+                [$share->getNode()->getName(), $share->getSharedWith()]);
+            throw new \Exception($message_t);
+        }
+
+        return $shareId;
+    }
+
+    /**
+     * @param string $shareWith
+     * @param IShare $share
+     * @param string $shareId internal share Id
+     * @return array
+     * @throws \Exception
+     */
+    protected function askOwnerToReShare($shareWith, IShare $share, $shareId) {
+        $remoteShare = $this->getShareFromExternalShareTable($share);
+        $token = $remoteShare['share_token'];
+        $remoteId = $remoteShare['remote_id'];
+        $remote = $remoteShare['remote'];
+
+        [$token, $remoteId] = $this->notifications->requestReShare(
+            $token,
+            $remoteId,
+            $shareId,
+            $remote,
+            $shareWith,
+            $share->getPermissions(),
+            $share->getNode()->getName()
+        );
+
+        return [$token, $remoteId];
+    }
+
+    /**
+     * get federated share from the share_external table but exclude mounted link shares
+     *
+     * @param IShare $share
+     * @return array
+     * @throws ShareNotFound
+     */
+    protected function getShareFromExternalShareTable(IShare $share) {
+        $query = $this->dbConnection->getQueryBuilder();
+        $query->select('*')->from($this->externalShareTable)
+            ->where($query->expr()->eq('user', $query->createNamedParameter($share->getShareOwner())))
+            ->andWhere($query->expr()->eq('mountpoint', $query->createNamedParameter($share->getTarget())));
+        $qResult = $query->execute();
+        $result = $qResult->fetchAll();
+        $qResult->closeCursor();
+
+        if (isset($result[0]) && (int)$result[0]['remote_id'] > 0) {
+            return $result[0];
+        }
+
+        throw new ShareNotFound('share not found in share_external table');
+    }
+
+    /**
+     * add share to the database and return the ID
+     *
+     * @param int $itemSource
+     * @param string $itemType
+     * @param string $shareWith
+     * @param string $sharedBy
+     * @param string $uidOwner
+     * @param int $permissions
+     * @param string $token
+     * @param int $shareType
+     * @param \DateTime $expirationDate
+     * @return int
+     */
+    private function addShareToDB($itemSource, $itemType, $shareWith, $sharedBy, $uidOwner, $permissions, $token, $shareType, $expirationDate) {
+        $qb = $this->dbConnection->getQueryBuilder();
+        $qb->insert('share')
+            ->setValue('share_type', $qb->createNamedParameter($shareType))
+            ->setValue('item_type', $qb->createNamedParameter($itemType))
+            ->setValue('item_source', $qb->createNamedParameter($itemSource))
+            ->setValue('file_source', $qb->createNamedParameter($itemSource))
+            ->setValue('share_with', $qb->createNamedParameter($shareWith))
+            ->setValue('uid_owner', $qb->createNamedParameter($uidOwner))
+            ->setValue('uid_initiator', $qb->createNamedParameter($sharedBy))
+            ->setValue('permissions', $qb->createNamedParameter($permissions))
+            ->setValue('expiration', $qb->createNamedParameter($expirationDate, IQueryBuilder::PARAM_DATE))
+            ->setValue('token', $qb->createNamedParameter($token))
+            ->setValue('stime', $qb->createNamedParameter(time()));
+
+        /*
 		 * Added to fix https://github.com/owncloud/core/issues/22215
 		 * Can be removed once we get rid of ajax/share.php
 		 */
-		$qb->setValue('file_target', $qb->createNamedParameter(''));
-
-		$qb->execute();
-		return $qb->getLastInsertId();
-	}
-
-	/**
-	 * Update a share
-	 *
-	 * @param IShare $share
-	 * @return IShare The share object
-	 */
-	public function update(IShare $share) {
-		/*
+        $qb->setValue('file_target', $qb->createNamedParameter(''));
+
+        $qb->execute();
+        return $qb->getLastInsertId();
+    }
+
+    /**
+     * Update a share
+     *
+     * @param IShare $share
+     * @return IShare The share object
+     */
+    public function update(IShare $share) {
+        /*
 		 * We allow updating the permissions of federated shares
 		 */
-		$qb = $this->dbConnection->getQueryBuilder();
-		$qb->update('share')
-				->where($qb->expr()->eq('id', $qb->createNamedParameter($share->getId())))
-				->set('permissions', $qb->createNamedParameter($share->getPermissions()))
-				->set('uid_owner', $qb->createNamedParameter($share->getShareOwner()))
-				->set('uid_initiator', $qb->createNamedParameter($share->getSharedBy()))
-				->set('expiration', $qb->createNamedParameter($share->getExpirationDate(), IQueryBuilder::PARAM_DATE))
-				->execute();
-
-		// send the updated permission to the owner/initiator, if they are not the same
-		if ($share->getShareOwner() !== $share->getSharedBy()) {
-			$this->sendPermissionUpdate($share);
-		}
-
-		return $share;
-	}
-
-	/**
-	 * send the updated permission to the owner/initiator, if they are not the same
-	 *
-	 * @param IShare $share
-	 * @throws ShareNotFound
-	 * @throws \OCP\HintException
-	 */
-	protected function sendPermissionUpdate(IShare $share) {
-		$remoteId = $this->getRemoteId($share);
-		// if the local user is the owner we send the permission change to the initiator
-		if ($this->userManager->userExists($share->getShareOwner())) {
-			[, $remote] = $this->addressHandler->splitUserRemote($share->getSharedBy());
-		} else { // ... if not we send the permission change to the owner
-			[, $remote] = $this->addressHandler->splitUserRemote($share->getShareOwner());
-		}
-		$this->notifications->sendPermissionChange($remote, $remoteId, $share->getToken(), $share->getPermissions());
-	}
-
-
-	/**
-	 * update successful reShare with the correct token
-	 *
-	 * @param int $shareId
-	 * @param string $token
-	 */
-	protected function updateSuccessfulReShare($shareId, $token) {
-		$query = $this->dbConnection->getQueryBuilder();
-		$query->update('share')
-			->where($query->expr()->eq('id', $query->createNamedParameter($shareId)))
-			->set('token', $query->createNamedParameter($token))
-			->execute();
-	}
-
-	/**
-	 * store remote ID in federated reShare table
-	 *
-	 * @param $shareId
-	 * @param $remoteId
-	 */
-	public function storeRemoteId(int $shareId, string $remoteId): void {
-		$query = $this->dbConnection->getQueryBuilder();
-		$query->insert('federated_reshares')
-			->values(
-				[
-					'share_id' => $query->createNamedParameter($shareId),
-					'remote_id' => $query->createNamedParameter($remoteId),
-				]
-			);
-		$query->execute();
-	}
-
-	/**
-	 * get share ID on remote server for federated re-shares
-	 *
-	 * @param IShare $share
-	 * @return string
-	 * @throws ShareNotFound
-	 */
-	public function getRemoteId(IShare $share): string {
-		$query = $this->dbConnection->getQueryBuilder();
-		$query->select('remote_id')->from('federated_reshares')
-			->where($query->expr()->eq('share_id', $query->createNamedParameter((int)$share->getId())));
-		$result = $query->execute();
-		$data = $result->fetch();
-		$result->closeCursor();
-
-		if (!is_array($data) || !isset($data['remote_id'])) {
-			throw new ShareNotFound();
-		}
-
-		return (string)$data['remote_id'];
-	}
-
-	/**
-	 * @inheritdoc
-	 */
-	public function move(IShare $share, $recipient) {
-		/*
+        $qb = $this->dbConnection->getQueryBuilder();
+        $qb->update('share')
+                ->where($qb->expr()->eq('id', $qb->createNamedParameter($share->getId())))
+                ->set('permissions', $qb->createNamedParameter($share->getPermissions()))
+                ->set('uid_owner', $qb->createNamedParameter($share->getShareOwner()))
+                ->set('uid_initiator', $qb->createNamedParameter($share->getSharedBy()))
+                ->set('expiration', $qb->createNamedParameter($share->getExpirationDate(), IQueryBuilder::PARAM_DATE))
+                ->execute();
+
+        // send the updated permission to the owner/initiator, if they are not the same
+        if ($share->getShareOwner() !== $share->getSharedBy()) {
+            $this->sendPermissionUpdate($share);
+        }
+
+        return $share;
+    }
+
+    /**
+     * send the updated permission to the owner/initiator, if they are not the same
+     *
+     * @param IShare $share
+     * @throws ShareNotFound
+     * @throws \OCP\HintException
+     */
+    protected function sendPermissionUpdate(IShare $share) {
+        $remoteId = $this->getRemoteId($share);
+        // if the local user is the owner we send the permission change to the initiator
+        if ($this->userManager->userExists($share->getShareOwner())) {
+            [, $remote] = $this->addressHandler->splitUserRemote($share->getSharedBy());
+        } else { // ... if not we send the permission change to the owner
+            [, $remote] = $this->addressHandler->splitUserRemote($share->getShareOwner());
+        }
+        $this->notifications->sendPermissionChange($remote, $remoteId, $share->getToken(), $share->getPermissions());
+    }
+
+
+    /**
+     * update successful reShare with the correct token
+     *
+     * @param int $shareId
+     * @param string $token
+     */
+    protected function updateSuccessfulReShare($shareId, $token) {
+        $query = $this->dbConnection->getQueryBuilder();
+        $query->update('share')
+            ->where($query->expr()->eq('id', $query->createNamedParameter($shareId)))
+            ->set('token', $query->createNamedParameter($token))
+            ->execute();
+    }
+
+    /**
+     * store remote ID in federated reShare table
+     *
+     * @param $shareId
+     * @param $remoteId
+     */
+    public function storeRemoteId(int $shareId, string $remoteId): void {
+        $query = $this->dbConnection->getQueryBuilder();
+        $query->insert('federated_reshares')
+            ->values(
+                [
+                    'share_id' => $query->createNamedParameter($shareId),
+                    'remote_id' => $query->createNamedParameter($remoteId),
+                ]
+            );
+        $query->execute();
+    }
+
+    /**
+     * get share ID on remote server for federated re-shares
+     *
+     * @param IShare $share
+     * @return string
+     * @throws ShareNotFound
+     */
+    public function getRemoteId(IShare $share): string {
+        $query = $this->dbConnection->getQueryBuilder();
+        $query->select('remote_id')->from('federated_reshares')
+            ->where($query->expr()->eq('share_id', $query->createNamedParameter((int)$share->getId())));
+        $result = $query->execute();
+        $data = $result->fetch();
+        $result->closeCursor();
+
+        if (!is_array($data) || !isset($data['remote_id'])) {
+            throw new ShareNotFound();
+        }
+
+        return (string)$data['remote_id'];
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function move(IShare $share, $recipient) {
+        /*
 		 * This function does nothing yet as it is just for outgoing
 		 * federated shares.
 		 */
-		return $share;
-	}
-
-	/**
-	 * Get all children of this share
-	 *
-	 * @param IShare $parent
-	 * @return IShare[]
-	 */
-	public function getChildren(IShare $parent) {
-		$children = [];
-
-		$qb = $this->dbConnection->getQueryBuilder();
-		$qb->select('*')
-			->from('share')
-			->where($qb->expr()->eq('parent', $qb->createNamedParameter($parent->getId())))
-			->andWhere($qb->expr()->in('share_type', $qb->createNamedParameter($this->supportedShareType, IQueryBuilder::PARAM_INT_ARRAY)))
-			->orderBy('id');
-
-		$cursor = $qb->execute();
-		while ($data = $cursor->fetch()) {
-			$children[] = $this->createShareObject($data);
-		}
-		$cursor->closeCursor();
-
-		return $children;
-	}
-
-	/**
-	 * Delete a share (owner unShares the file)
-	 *
-	 * @param IShare $share
-	 * @throws ShareNotFound
-	 * @throws \OCP\HintException
-	 */
-	public function delete(IShare $share) {
-		[, $remote] = $this->addressHandler->splitUserRemote($share->getSharedWith());
-
-		// if the local user is the owner we can send the unShare request directly...
-		if ($this->userManager->userExists($share->getShareOwner())) {
-			$this->notifications->sendRemoteUnShare($remote, $share->getId(), $share->getToken());
-			$this->revokeShare($share, true);
-		} else { // ... if not we need to correct ID for the unShare request
-			$remoteId = $this->getRemoteId($share);
-			$this->notifications->sendRemoteUnShare($remote, $remoteId, $share->getToken());
-			$this->revokeShare($share, false);
-		}
-
-		// only remove the share when all messages are send to not lose information
-		// about the share to early
-		$this->removeShareFromTable($share);
-	}
-
-	/**
-	 * in case of a re-share we need to send the other use (initiator or owner)
-	 * a message that the file was unshared
-	 *
-	 * @param IShare $share
-	 * @param bool $isOwner the user can either be the owner or the user who re-sahred it
-	 * @throws ShareNotFound
-	 * @throws \OCP\HintException
-	 */
-	protected function revokeShare($share, $isOwner) {
-		if ($this->userManager->userExists($share->getShareOwner()) && $this->userManager->userExists($share->getSharedBy())) {
-			// If both the owner and the initiator of the share are local users we don't have to notify anybody else
-			return;
-		}
-
-		// also send a unShare request to the initiator, if this is a different user than the owner
-		if ($share->getShareOwner() !== $share->getSharedBy()) {
-			if ($isOwner) {
-				[, $remote] = $this->addressHandler->splitUserRemote($share->getSharedBy());
-			} else {
-				[, $remote] = $this->addressHandler->splitUserRemote($share->getShareOwner());
-			}
-			$remoteId = $this->getRemoteId($share);
-			$this->notifications->sendRevokeShare($remote, $remoteId, $share->getToken());
-		}
-	}
-
-	/**
-	 * remove share from table
-	 *
-	 * @param IShare $share
-	 */
-	public function removeShareFromTable(IShare $share) {
-		$this->removeShareFromTableById($share->getId());
-	}
-
-	/**
-	 * remove share from table
-	 *
-	 * @param string $shareId
-	 */
-	private function removeShareFromTableById($shareId) {
-		$qb = $this->dbConnection->getQueryBuilder();
-		$qb->delete('share')
-			->where($qb->expr()->eq('id', $qb->createNamedParameter($shareId)))
-			->andWhere($qb->expr()->neq('share_type', $qb->createNamedParameter(IShare::TYPE_CIRCLE)));
-		$qb->execute();
-
-		$qb->delete('federated_reshares')
-			->where($qb->expr()->eq('share_id', $qb->createNamedParameter($shareId)));
-		$qb->execute();
-	}
-
-	/**
-	 * @inheritdoc
-	 */
-	public function deleteFromSelf(IShare $share, $recipient) {
-		// nothing to do here. Technically deleteFromSelf in the context of federated
-		// shares is a umount of an external storage. This is handled here
-		// apps/files_sharing/lib/external/manager.php
-		// TODO move this code over to this app
-	}
-
-	public function restore(IShare $share, string $recipient): IShare {
-		throw new GenericShareException('not implemented');
-	}
-
-
-	public function getSharesInFolder($userId, Folder $node, $reshares) {
-		$qb = $this->dbConnection->getQueryBuilder();
-		$qb->select('*')
-			->from('share', 's')
-			->andWhere($qb->expr()->orX(
-				$qb->expr()->eq('item_type', $qb->createNamedParameter('file')),
-				$qb->expr()->eq('item_type', $qb->createNamedParameter('folder'))
-			))
-			->andWhere(
-				$qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_REMOTE))
-			);
-
-		/**
-		 * Reshares for this user are shares where they are the owner.
-		 */
-		if ($reshares === false) {
-			$qb->andWhere($qb->expr()->eq('uid_initiator', $qb->createNamedParameter($userId)));
-		} else {
-			$qb->andWhere(
-				$qb->expr()->orX(
-					$qb->expr()->eq('uid_owner', $qb->createNamedParameter($userId)),
-					$qb->expr()->eq('uid_initiator', $qb->createNamedParameter($userId))
-				)
-			);
-		}
-
-		$qb->innerJoin('s', 'filecache' ,'f', $qb->expr()->eq('s.file_source', 'f.fileid'));
-		$qb->andWhere($qb->expr()->eq('f.parent', $qb->createNamedParameter($node->getId())));
-
-		$qb->orderBy('id');
-
-		$cursor = $qb->execute();
-		$shares = [];
-		while ($data = $cursor->fetch()) {
-			$shares[$data['fileid']][] = $this->createShareObject($data);
-		}
-		$cursor->closeCursor();
-
-		return $shares;
-	}
-
-	/**
-	 * @inheritdoc
-	 */
-	public function getSharesBy($userId, $shareType, $node, $reshares, $limit, $offset) {
-		$qb = $this->dbConnection->getQueryBuilder();
-		$qb->select('*')
-			->from('share');
-
-		$qb->andWhere($qb->expr()->eq('share_type', $qb->createNamedParameter($shareType)));
-
-		/**
-		 * Reshares for this user are shares where they are the owner.
-		 */
-		if ($reshares === false) {
-			//Special case for old shares created via the web UI
-			$or1 = $qb->expr()->andX(
-				$qb->expr()->eq('uid_owner', $qb->createNamedParameter($userId)),
-				$qb->expr()->isNull('uid_initiator')
-			);
-
-			$qb->andWhere(
-				$qb->expr()->orX(
-					$qb->expr()->eq('uid_initiator', $qb->createNamedParameter($userId)),
-					$or1
-				)
-			);
-		} else {
-			$qb->andWhere(
-				$qb->expr()->orX(
-					$qb->expr()->eq('uid_owner', $qb->createNamedParameter($userId)),
-					$qb->expr()->eq('uid_initiator', $qb->createNamedParameter($userId))
-				)
-			);
-		}
-
-		if ($node !== null) {
-			$qb->andWhere($qb->expr()->eq('file_source', $qb->createNamedParameter($node->getId())));
-		}
-
-		if ($limit !== -1) {
-			$qb->setMaxResults($limit);
-		}
-
-		$qb->setFirstResult($offset);
-		$qb->orderBy('id');
-
-		$cursor = $qb->execute();
-		$shares = [];
-		while ($data = $cursor->fetch()) {
-			$shares[] = $this->createShareObject($data);
-		}
-		$cursor->closeCursor();
-
-		return $shares;
-	}
-
-	/**
-	 * @inheritdoc
-	 */
-	public function getShareById($id, $recipientId = null) {
-		$qb = $this->dbConnection->getQueryBuilder();
-
-		$qb->select('*')
-			->from('share')
-			->where($qb->expr()->eq('id', $qb->createNamedParameter($id)))
-			->andWhere($qb->expr()->in('share_type', $qb->createNamedParameter($this->supportedShareType, IQueryBuilder::PARAM_INT_ARRAY)));
-
-		$cursor = $qb->execute();
-		$data = $cursor->fetch();
-		$cursor->closeCursor();
-
-		if ($data === false) {
-			throw new ShareNotFound('Can not find share with ID: ' . $id);
-		}
-
-		try {
-			$share = $this->createShareObject($data);
-		} catch (InvalidShare $e) {
-			throw new ShareNotFound();
-		}
-
-		return $share;
-	}
-
-	/**
-	 * Get shares for a given path
-	 *
-	 * @param \OCP\Files\Node $path
-	 * @return IShare[]
-	 */
-	public function getSharesByPath(Node $path) {
-		$qb = $this->dbConnection->getQueryBuilder();
-
-		// get federated user shares
-		$cursor = $qb->select('*')
-			->from('share')
-			->andWhere($qb->expr()->eq('file_source', $qb->createNamedParameter($path->getId())))
-			->andWhere($qb->expr()->in('share_type', $qb->createNamedParameter($this->supportedShareType, IQueryBuilder::PARAM_INT_ARRAY)))
-			->execute();
-
-		$shares = [];
-		while ($data = $cursor->fetch()) {
-			$shares[] = $this->createShareObject($data);
-		}
-		$cursor->closeCursor();
-
-		return $shares;
-	}
-
-	/**
-	 * @inheritdoc
-	 */
-	public function getSharedWith($userId, $shareType, $node, $limit, $offset) {
-		/** @var IShare[] $shares */
-		$shares = [];
-
-		//Get shares directly with this user
-		$qb = $this->dbConnection->getQueryBuilder();
-		$qb->select('*')
-			->from('share');
-
-		// Order by id
-		$qb->orderBy('id');
-
-		// Set limit and offset
-		if ($limit !== -1) {
-			$qb->setMaxResults($limit);
-		}
-		$qb->setFirstResult($offset);
-
-		$qb->where($qb->expr()->in('share_type', $qb->createNamedParameter($this->supportedShareType, IQueryBuilder::PARAM_INT_ARRAY)));
-		$qb->andWhere($qb->expr()->eq('share_with', $qb->createNamedParameter($userId)));
-
-		// Filter by node if provided
-		if ($node !== null) {
-			$qb->andWhere($qb->expr()->eq('file_source', $qb->createNamedParameter($node->getId())));
-		}
-
-		$cursor = $qb->execute();
-
-		while ($data = $cursor->fetch()) {
-			$shares[] = $this->createShareObject($data);
-		}
-		$cursor->closeCursor();
-
-
-		return $shares;
-	}
-
-	/**
-	 * Get a share by token
-	 *
-	 * @param string $token
-	 * @return IShare
-	 * @throws ShareNotFound
-	 */
-	public function getShareByToken($token) {
-		$qb = $this->dbConnection->getQueryBuilder();
-
-		$cursor = $qb->select('*')
-			->from('share')
-			->where($qb->expr()->in('share_type', $qb->createNamedParameter($this->supportedShareType, IQueryBuilder::PARAM_INT_ARRAY)))
-			->andWhere($qb->expr()->eq('token', $qb->createNamedParameter($token)))
-			->execute();
-
-		$data = $cursor->fetch();
-
-		if ($data === false) {
-			throw new ShareNotFound('Share not found', $this->l->t('Could not find share'));
-		}
-
-		try {
-			$share = $this->createShareObject($data);
-		} catch (InvalidShare $e) {
-			throw new ShareNotFound('Share not found', $this->l->t('Could not find share'));
-		}
-
-		return $share;
-	}
-
-	/**
-	 * get database row of a give share
-	 *
-	 * @param $id
-	 * @return array
-	 * @throws ShareNotFound
-	 */
-	private function getRawShare($id) {
-
-		// Now fetch the inserted share and create a complete share object
-		$qb = $this->dbConnection->getQueryBuilder();
-		$qb->select('*')
-			->from('share')
-			->where($qb->expr()->eq('id', $qb->createNamedParameter($id)));
-
-		$cursor = $qb->execute();
-		$data = $cursor->fetch();
-		$cursor->closeCursor();
-
-		if ($data === false) {
-			throw new ShareNotFound;
-		}
-
-		return $data;
-	}
-
-	/**
-	 * Create a share object from an database row
-	 *
-	 * @param array $data
-	 * @return IShare
-	 * @throws InvalidShare
-	 * @throws ShareNotFound
-	 */
-	private function createShareObject($data) {
-		$share = new Share($this->rootFolder, $this->userManager);
-		$share->setId((int)$data['id'])
-			->setShareType((int)$data['share_type'])
-			->setPermissions((int)$data['permissions'])
-			->setTarget($data['file_target'])
-			->setMailSend((bool)$data['mail_send'])
-			->setToken($data['token']);
-
-		$shareTime = new \DateTime();
-		$shareTime->setTimestamp((int)$data['stime']);
-		$share->setShareTime($shareTime);
-		$share->setSharedWith($data['share_with']);
-
-		if ($data['uid_initiator'] !== null) {
-			$share->setShareOwner($data['uid_owner']);
-			$share->setSharedBy($data['uid_initiator']);
-		} else {
-			//OLD SHARE
-			$share->setSharedBy($data['uid_owner']);
-			$path = $this->getNode($share->getSharedBy(), (int)$data['file_source']);
-
-			$owner = $path->getOwner();
-			$share->setShareOwner($owner->getUID());
-		}
-
-		$share->setNodeId((int)$data['file_source']);
-		$share->setNodeType($data['item_type']);
-
-		$share->setProviderId($this->identifier());
-
-		if ($data['expiration'] !== null) {
-			$expiration = \DateTime::createFromFormat('Y-m-d H:i:s', $data['expiration']);
-			$share->setExpirationDate($expiration);
-		}
-
-		return $share;
-	}
-
-	/**
-	 * Get the node with file $id for $user
-	 *
-	 * @param string $userId
-	 * @param int $id
-	 * @return \OCP\Files\File|\OCP\Files\Folder
-	 * @throws InvalidShare
-	 */
-	private function getNode($userId, $id) {
-		try {
-			$userFolder = $this->rootFolder->getUserFolder($userId);
-		} catch (NotFoundException $e) {
-			throw new InvalidShare();
-		}
-
-		$nodes = $userFolder->getById($id);
-
-		if (empty($nodes)) {
-			throw new InvalidShare();
-		}
-
-		return $nodes[0];
-	}
-
-	/**
-	 * A user is deleted from the system
-	 * So clean up the relevant shares.
-	 *
-	 * @param string $uid
-	 * @param int $shareType
-	 */
-	public function userDeleted($uid, $shareType) {
-		//TODO: probabaly a good idea to send unshare info to remote servers
-
-		$qb = $this->dbConnection->getQueryBuilder();
-
-		$qb->delete('share')
-			->where($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_REMOTE)))
-			->andWhere($qb->expr()->eq('uid_owner', $qb->createNamedParameter($uid)))
-			->execute();
-	}
-
-	/**
-	 * This provider does not handle groups
-	 *
-	 * @param string $gid
-	 */
-	public function groupDeleted($gid) {
-		// We don't handle groups here
-	}
-
-	/**
-	 * This provider does not handle groups
-	 *
-	 * @param string $uid
-	 * @param string $gid
-	 */
-	public function userDeletedFromGroup($uid, $gid) {
-		// We don't handle groups here
-	}
-
-	/**
-	 * check if users from other Nextcloud instances are allowed to mount public links share by this instance
-	 *
-	 * @return bool
-	 */
-	public function isOutgoingServer2serverShareEnabled() {
-		if ($this->gsConfig->onlyInternalFederation()) {
-			return false;
-		}
-		$result = $this->config->getAppValue('files_sharing', 'outgoing_server2server_share_enabled', 'yes');
-		return ($result === 'yes');
-	}
-
-	/**
-	 * check if users are allowed to mount public links from other Nextclouds
-	 *
-	 * @return bool
-	 */
-	public function isIncomingServer2serverShareEnabled() {
-		if ($this->gsConfig->onlyInternalFederation()) {
-			return false;
-		}
-		$result = $this->config->getAppValue('files_sharing', 'incoming_server2server_share_enabled', 'yes');
-		return ($result === 'yes');
-	}
-
-
-	/**
-	 * check if users from other Nextcloud instances are allowed to send federated group shares
-	 *
-	 * @return bool
-	 */
-	public function isOutgoingServer2serverGroupShareEnabled() {
-		if ($this->gsConfig->onlyInternalFederation()) {
-			return false;
-		}
-		$result = $this->config->getAppValue('files_sharing', 'outgoing_server2server_group_share_enabled', 'no');
-		return ($result === 'yes');
-	}
-
-	/**
-	 * check if users are allowed to receive federated group shares
-	 *
-	 * @return bool
-	 */
-	public function isIncomingServer2serverGroupShareEnabled() {
-		if ($this->gsConfig->onlyInternalFederation()) {
-			return false;
-		}
-		$result = $this->config->getAppValue('files_sharing', 'incoming_server2server_group_share_enabled', 'no');
-		return ($result === 'yes');
-	}
-
-	/**
-	 * check if federated group sharing is supported, therefore the OCM API need to be enabled
-	 *
-	 * @return bool
-	 */
-	public function isFederatedGroupSharingSupported() {
-		return $this->cloudFederationProviderManager->isReady();
-	}
-
-	/**
-	 * Check if querying sharees on the lookup server is enabled
-	 *
-	 * @return bool
-	 */
-	public function isLookupServerQueriesEnabled() {
-		// in a global scale setup we should always query the lookup server
-		if ($this->gsConfig->isGlobalScaleEnabled()) {
-			return true;
-		}
-		$result = $this->config->getAppValue('files_sharing', 'lookupServerEnabled', 'yes');
-		return ($result === 'yes');
-	}
-
-
-	/**
-	 * Check if it is allowed to publish user specific data to the lookup server
-	 *
-	 * @return bool
-	 */
-	public function isLookupServerUploadEnabled() {
-		// in a global scale setup the admin is responsible to keep the lookup server up-to-date
-		if ($this->gsConfig->isGlobalScaleEnabled()) {
-			return false;
-		}
-		$result = $this->config->getAppValue('files_sharing', 'lookupServerUploadEnabled', 'yes');
-		return ($result === 'yes');
-	}
-
-	/**
-	 * @inheritdoc
-	 */
-	public function getAccessList($nodes, $currentAccess) {
-		$ids = [];
-		foreach ($nodes as $node) {
-			$ids[] = $node->getId();
-		}
-
-		$qb = $this->dbConnection->getQueryBuilder();
-		$qb->select('share_with', 'token', 'file_source')
-			->from('share')
-			->where($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_REMOTE)))
-			->andWhere($qb->expr()->in('file_source', $qb->createNamedParameter($ids, IQueryBuilder::PARAM_INT_ARRAY)))
-			->andWhere($qb->expr()->orX(
-				$qb->expr()->eq('item_type', $qb->createNamedParameter('file')),
-				$qb->expr()->eq('item_type', $qb->createNamedParameter('folder'))
-			));
-		$cursor = $qb->execute();
-
-		if ($currentAccess === false) {
-			$remote = $cursor->fetch() !== false;
-			$cursor->closeCursor();
-
-			return ['remote' => $remote];
-		}
-
-		$remote = [];
-		while ($row = $cursor->fetch()) {
-			$remote[$row['share_with']] = [
-				'node_id' => $row['file_source'],
-				'token' => $row['token'],
-			];
-		}
-		$cursor->closeCursor();
-
-		return ['remote' => $remote];
-	}
-
-	public function getAllShares(): iterable {
-		$qb = $this->dbConnection->getQueryBuilder();
-
-		$qb->select('*')
-			->from('share')
-			->where(
-				$qb->expr()->orX(
-					$qb->expr()->eq('share_type', $qb->createNamedParameter(\OCP\Share\IShare::TYPE_REMOTE)),
-					$qb->expr()->eq('share_type', $qb->createNamedParameter(\OCP\Share\IShare::TYPE_REMOTE_GROUP))
-				)
-			);
-
-		$cursor = $qb->execute();
-		while ($data = $cursor->fetch()) {
-			try {
-				$share = $this->createShareObject($data);
-			} catch (InvalidShare $e) {
-				continue;
-			} catch (ShareNotFound $e) {
-				continue;
-			}
-
-			yield $share;
-		}
-		$cursor->closeCursor();
-	}
+        return $share;
+    }
+
+    /**
+     * Get all children of this share
+     *
+     * @param IShare $parent
+     * @return IShare[]
+     */
+    public function getChildren(IShare $parent) {
+        $children = [];
+
+        $qb = $this->dbConnection->getQueryBuilder();
+        $qb->select('*')
+            ->from('share')
+            ->where($qb->expr()->eq('parent', $qb->createNamedParameter($parent->getId())))
+            ->andWhere($qb->expr()->in('share_type', $qb->createNamedParameter($this->supportedShareType, IQueryBuilder::PARAM_INT_ARRAY)))
+            ->orderBy('id');
+
+        $cursor = $qb->execute();
+        while ($data = $cursor->fetch()) {
+            $children[] = $this->createShareObject($data);
+        }
+        $cursor->closeCursor();
+
+        return $children;
+    }
+
+    /**
+     * Delete a share (owner unShares the file)
+     *
+     * @param IShare $share
+     * @throws ShareNotFound
+     * @throws \OCP\HintException
+     */
+    public function delete(IShare $share) {
+        [, $remote] = $this->addressHandler->splitUserRemote($share->getSharedWith());
+
+        // if the local user is the owner we can send the unShare request directly...
+        if ($this->userManager->userExists($share->getShareOwner())) {
+            $this->notifications->sendRemoteUnShare($remote, $share->getId(), $share->getToken());
+            $this->revokeShare($share, true);
+        } else { // ... if not we need to correct ID for the unShare request
+            $remoteId = $this->getRemoteId($share);
+            $this->notifications->sendRemoteUnShare($remote, $remoteId, $share->getToken());
+            $this->revokeShare($share, false);
+        }
+
+        // only remove the share when all messages are send to not lose information
+        // about the share to early
+        $this->removeShareFromTable($share);
+    }
+
+    /**
+     * in case of a re-share we need to send the other use (initiator or owner)
+     * a message that the file was unshared
+     *
+     * @param IShare $share
+     * @param bool $isOwner the user can either be the owner or the user who re-sahred it
+     * @throws ShareNotFound
+     * @throws \OCP\HintException
+     */
+    protected function revokeShare($share, $isOwner) {
+        if ($this->userManager->userExists($share->getShareOwner()) && $this->userManager->userExists($share->getSharedBy())) {
+            // If both the owner and the initiator of the share are local users we don't have to notify anybody else
+            return;
+        }
+
+        // also send a unShare request to the initiator, if this is a different user than the owner
+        if ($share->getShareOwner() !== $share->getSharedBy()) {
+            if ($isOwner) {
+                [, $remote] = $this->addressHandler->splitUserRemote($share->getSharedBy());
+            } else {
+                [, $remote] = $this->addressHandler->splitUserRemote($share->getShareOwner());
+            }
+            $remoteId = $this->getRemoteId($share);
+            $this->notifications->sendRevokeShare($remote, $remoteId, $share->getToken());
+        }
+    }
+
+    /**
+     * remove share from table
+     *
+     * @param IShare $share
+     */
+    public function removeShareFromTable(IShare $share) {
+        $this->removeShareFromTableById($share->getId());
+    }
+
+    /**
+     * remove share from table
+     *
+     * @param string $shareId
+     */
+    private function removeShareFromTableById($shareId) {
+        $qb = $this->dbConnection->getQueryBuilder();
+        $qb->delete('share')
+            ->where($qb->expr()->eq('id', $qb->createNamedParameter($shareId)))
+            ->andWhere($qb->expr()->neq('share_type', $qb->createNamedParameter(IShare::TYPE_CIRCLE)));
+        $qb->execute();
+
+        $qb->delete('federated_reshares')
+            ->where($qb->expr()->eq('share_id', $qb->createNamedParameter($shareId)));
+        $qb->execute();
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function deleteFromSelf(IShare $share, $recipient) {
+        // nothing to do here. Technically deleteFromSelf in the context of federated
+        // shares is a umount of an external storage. This is handled here
+        // apps/files_sharing/lib/external/manager.php
+        // TODO move this code over to this app
+    }
+
+    public function restore(IShare $share, string $recipient): IShare {
+        throw new GenericShareException('not implemented');
+    }
+
+
+    public function getSharesInFolder($userId, Folder $node, $reshares) {
+        $qb = $this->dbConnection->getQueryBuilder();
+        $qb->select('*')
+            ->from('share', 's')
+            ->andWhere($qb->expr()->orX(
+                $qb->expr()->eq('item_type', $qb->createNamedParameter('file')),
+                $qb->expr()->eq('item_type', $qb->createNamedParameter('folder'))
+            ))
+            ->andWhere(
+                $qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_REMOTE))
+            );
+
+        /**
+         * Reshares for this user are shares where they are the owner.
+         */
+        if ($reshares === false) {
+            $qb->andWhere($qb->expr()->eq('uid_initiator', $qb->createNamedParameter($userId)));
+        } else {
+            $qb->andWhere(
+                $qb->expr()->orX(
+                    $qb->expr()->eq('uid_owner', $qb->createNamedParameter($userId)),
+                    $qb->expr()->eq('uid_initiator', $qb->createNamedParameter($userId))
+                )
+            );
+        }
+
+        $qb->innerJoin('s', 'filecache' ,'f', $qb->expr()->eq('s.file_source', 'f.fileid'));
+        $qb->andWhere($qb->expr()->eq('f.parent', $qb->createNamedParameter($node->getId())));
+
+        $qb->orderBy('id');
+
+        $cursor = $qb->execute();
+        $shares = [];
+        while ($data = $cursor->fetch()) {
+            $shares[$data['fileid']][] = $this->createShareObject($data);
+        }
+        $cursor->closeCursor();
+
+        return $shares;
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function getSharesBy($userId, $shareType, $node, $reshares, $limit, $offset) {
+        $qb = $this->dbConnection->getQueryBuilder();
+        $qb->select('*')
+            ->from('share');
+
+        $qb->andWhere($qb->expr()->eq('share_type', $qb->createNamedParameter($shareType)));
+
+        /**
+         * Reshares for this user are shares where they are the owner.
+         */
+        if ($reshares === false) {
+            //Special case for old shares created via the web UI
+            $or1 = $qb->expr()->andX(
+                $qb->expr()->eq('uid_owner', $qb->createNamedParameter($userId)),
+                $qb->expr()->isNull('uid_initiator')
+            );
+
+            $qb->andWhere(
+                $qb->expr()->orX(
+                    $qb->expr()->eq('uid_initiator', $qb->createNamedParameter($userId)),
+                    $or1
+                )
+            );
+        } else {
+            $qb->andWhere(
+                $qb->expr()->orX(
+                    $qb->expr()->eq('uid_owner', $qb->createNamedParameter($userId)),
+                    $qb->expr()->eq('uid_initiator', $qb->createNamedParameter($userId))
+                )
+            );
+        }
+
+        if ($node !== null) {
+            $qb->andWhere($qb->expr()->eq('file_source', $qb->createNamedParameter($node->getId())));
+        }
+
+        if ($limit !== -1) {
+            $qb->setMaxResults($limit);
+        }
+
+        $qb->setFirstResult($offset);
+        $qb->orderBy('id');
+
+        $cursor = $qb->execute();
+        $shares = [];
+        while ($data = $cursor->fetch()) {
+            $shares[] = $this->createShareObject($data);
+        }
+        $cursor->closeCursor();
+
+        return $shares;
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function getShareById($id, $recipientId = null) {
+        $qb = $this->dbConnection->getQueryBuilder();
+
+        $qb->select('*')
+            ->from('share')
+            ->where($qb->expr()->eq('id', $qb->createNamedParameter($id)))
+            ->andWhere($qb->expr()->in('share_type', $qb->createNamedParameter($this->supportedShareType, IQueryBuilder::PARAM_INT_ARRAY)));
+
+        $cursor = $qb->execute();
+        $data = $cursor->fetch();
+        $cursor->closeCursor();
+
+        if ($data === false) {
+            throw new ShareNotFound('Can not find share with ID: ' . $id);
+        }
+
+        try {
+            $share = $this->createShareObject($data);
+        } catch (InvalidShare $e) {
+            throw new ShareNotFound();
+        }
+
+        return $share;
+    }
+
+    /**
+     * Get shares for a given path
+     *
+     * @param \OCP\Files\Node $path
+     * @return IShare[]
+     */
+    public function getSharesByPath(Node $path) {
+        $qb = $this->dbConnection->getQueryBuilder();
+
+        // get federated user shares
+        $cursor = $qb->select('*')
+            ->from('share')
+            ->andWhere($qb->expr()->eq('file_source', $qb->createNamedParameter($path->getId())))
+            ->andWhere($qb->expr()->in('share_type', $qb->createNamedParameter($this->supportedShareType, IQueryBuilder::PARAM_INT_ARRAY)))
+            ->execute();
+
+        $shares = [];
+        while ($data = $cursor->fetch()) {
+            $shares[] = $this->createShareObject($data);
+        }
+        $cursor->closeCursor();
+
+        return $shares;
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function getSharedWith($userId, $shareType, $node, $limit, $offset) {
+        /** @var IShare[] $shares */
+        $shares = [];
+
+        //Get shares directly with this user
+        $qb = $this->dbConnection->getQueryBuilder();
+        $qb->select('*')
+            ->from('share');
+
+        // Order by id
+        $qb->orderBy('id');
+
+        // Set limit and offset
+        if ($limit !== -1) {
+            $qb->setMaxResults($limit);
+        }
+        $qb->setFirstResult($offset);
+
+        $qb->where($qb->expr()->in('share_type', $qb->createNamedParameter($this->supportedShareType, IQueryBuilder::PARAM_INT_ARRAY)));
+        $qb->andWhere($qb->expr()->eq('share_with', $qb->createNamedParameter($userId)));
+
+        // Filter by node if provided
+        if ($node !== null) {
+            $qb->andWhere($qb->expr()->eq('file_source', $qb->createNamedParameter($node->getId())));
+        }
+
+        $cursor = $qb->execute();
+
+        while ($data = $cursor->fetch()) {
+            $shares[] = $this->createShareObject($data);
+        }
+        $cursor->closeCursor();
+
+
+        return $shares;
+    }
+
+    /**
+     * Get a share by token
+     *
+     * @param string $token
+     * @return IShare
+     * @throws ShareNotFound
+     */
+    public function getShareByToken($token) {
+        $qb = $this->dbConnection->getQueryBuilder();
+
+        $cursor = $qb->select('*')
+            ->from('share')
+            ->where($qb->expr()->in('share_type', $qb->createNamedParameter($this->supportedShareType, IQueryBuilder::PARAM_INT_ARRAY)))
+            ->andWhere($qb->expr()->eq('token', $qb->createNamedParameter($token)))
+            ->execute();
+
+        $data = $cursor->fetch();
+
+        if ($data === false) {
+            throw new ShareNotFound('Share not found', $this->l->t('Could not find share'));
+        }
+
+        try {
+            $share = $this->createShareObject($data);
+        } catch (InvalidShare $e) {
+            throw new ShareNotFound('Share not found', $this->l->t('Could not find share'));
+        }
+
+        return $share;
+    }
+
+    /**
+     * get database row of a give share
+     *
+     * @param $id
+     * @return array
+     * @throws ShareNotFound
+     */
+    private function getRawShare($id) {
+
+        // Now fetch the inserted share and create a complete share object
+        $qb = $this->dbConnection->getQueryBuilder();
+        $qb->select('*')
+            ->from('share')
+            ->where($qb->expr()->eq('id', $qb->createNamedParameter($id)));
+
+        $cursor = $qb->execute();
+        $data = $cursor->fetch();
+        $cursor->closeCursor();
+
+        if ($data === false) {
+            throw new ShareNotFound;
+        }
+
+        return $data;
+    }
+
+    /**
+     * Create a share object from an database row
+     *
+     * @param array $data
+     * @return IShare
+     * @throws InvalidShare
+     * @throws ShareNotFound
+     */
+    private function createShareObject($data) {
+        $share = new Share($this->rootFolder, $this->userManager);
+        $share->setId((int)$data['id'])
+            ->setShareType((int)$data['share_type'])
+            ->setPermissions((int)$data['permissions'])
+            ->setTarget($data['file_target'])
+            ->setMailSend((bool)$data['mail_send'])
+            ->setToken($data['token']);
+
+        $shareTime = new \DateTime();
+        $shareTime->setTimestamp((int)$data['stime']);
+        $share->setShareTime($shareTime);
+        $share->setSharedWith($data['share_with']);
+
+        if ($data['uid_initiator'] !== null) {
+            $share->setShareOwner($data['uid_owner']);
+            $share->setSharedBy($data['uid_initiator']);
+        } else {
+            //OLD SHARE
+            $share->setSharedBy($data['uid_owner']);
+            $path = $this->getNode($share->getSharedBy(), (int)$data['file_source']);
+
+            $owner = $path->getOwner();
+            $share->setShareOwner($owner->getUID());
+        }
+
+        $share->setNodeId((int)$data['file_source']);
+        $share->setNodeType($data['item_type']);
+
+        $share->setProviderId($this->identifier());
+
+        if ($data['expiration'] !== null) {
+            $expiration = \DateTime::createFromFormat('Y-m-d H:i:s', $data['expiration']);
+            $share->setExpirationDate($expiration);
+        }
+
+        return $share;
+    }
+
+    /**
+     * Get the node with file $id for $user
+     *
+     * @param string $userId
+     * @param int $id
+     * @return \OCP\Files\File|\OCP\Files\Folder
+     * @throws InvalidShare
+     */
+    private function getNode($userId, $id) {
+        try {
+            $userFolder = $this->rootFolder->getUserFolder($userId);
+        } catch (NotFoundException $e) {
+            throw new InvalidShare();
+        }
+
+        $nodes = $userFolder->getById($id);
+
+        if (empty($nodes)) {
+            throw new InvalidShare();
+        }
+
+        return $nodes[0];
+    }
+
+    /**
+     * A user is deleted from the system
+     * So clean up the relevant shares.
+     *
+     * @param string $uid
+     * @param int $shareType
+     */
+    public function userDeleted($uid, $shareType) {
+        //TODO: probabaly a good idea to send unshare info to remote servers
+
+        $qb = $this->dbConnection->getQueryBuilder();
+
+        $qb->delete('share')
+            ->where($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_REMOTE)))
+            ->andWhere($qb->expr()->eq('uid_owner', $qb->createNamedParameter($uid)))
+            ->execute();
+    }
+
+    /**
+     * This provider does not handle groups
+     *
+     * @param string $gid
+     */
+    public function groupDeleted($gid) {
+        // We don't handle groups here
+    }
+
+    /**
+     * This provider does not handle groups
+     *
+     * @param string $uid
+     * @param string $gid
+     */
+    public function userDeletedFromGroup($uid, $gid) {
+        // We don't handle groups here
+    }
+
+    /**
+     * check if users from other Nextcloud instances are allowed to mount public links share by this instance
+     *
+     * @return bool
+     */
+    public function isOutgoingServer2serverShareEnabled() {
+        if ($this->gsConfig->onlyInternalFederation()) {
+            return false;
+        }
+        $result = $this->config->getAppValue('files_sharing', 'outgoing_server2server_share_enabled', 'yes');
+        return ($result === 'yes');
+    }
+
+    /**
+     * check if users are allowed to mount public links from other Nextclouds
+     *
+     * @return bool
+     */
+    public function isIncomingServer2serverShareEnabled() {
+        if ($this->gsConfig->onlyInternalFederation()) {
+            return false;
+        }
+        $result = $this->config->getAppValue('files_sharing', 'incoming_server2server_share_enabled', 'yes');
+        return ($result === 'yes');
+    }
+
+
+    /**
+     * check if users from other Nextcloud instances are allowed to send federated group shares
+     *
+     * @return bool
+     */
+    public function isOutgoingServer2serverGroupShareEnabled() {
+        if ($this->gsConfig->onlyInternalFederation()) {
+            return false;
+        }
+        $result = $this->config->getAppValue('files_sharing', 'outgoing_server2server_group_share_enabled', 'no');
+        return ($result === 'yes');
+    }
+
+    /**
+     * check if users are allowed to receive federated group shares
+     *
+     * @return bool
+     */
+    public function isIncomingServer2serverGroupShareEnabled() {
+        if ($this->gsConfig->onlyInternalFederation()) {
+            return false;
+        }
+        $result = $this->config->getAppValue('files_sharing', 'incoming_server2server_group_share_enabled', 'no');
+        return ($result === 'yes');
+    }
+
+    /**
+     * check if federated group sharing is supported, therefore the OCM API need to be enabled
+     *
+     * @return bool
+     */
+    public function isFederatedGroupSharingSupported() {
+        return $this->cloudFederationProviderManager->isReady();
+    }
+
+    /**
+     * Check if querying sharees on the lookup server is enabled
+     *
+     * @return bool
+     */
+    public function isLookupServerQueriesEnabled() {
+        // in a global scale setup we should always query the lookup server
+        if ($this->gsConfig->isGlobalScaleEnabled()) {
+            return true;
+        }
+        $result = $this->config->getAppValue('files_sharing', 'lookupServerEnabled', 'yes');
+        return ($result === 'yes');
+    }
+
+
+    /**
+     * Check if it is allowed to publish user specific data to the lookup server
+     *
+     * @return bool
+     */
+    public function isLookupServerUploadEnabled() {
+        // in a global scale setup the admin is responsible to keep the lookup server up-to-date
+        if ($this->gsConfig->isGlobalScaleEnabled()) {
+            return false;
+        }
+        $result = $this->config->getAppValue('files_sharing', 'lookupServerUploadEnabled', 'yes');
+        return ($result === 'yes');
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function getAccessList($nodes, $currentAccess) {
+        $ids = [];
+        foreach ($nodes as $node) {
+            $ids[] = $node->getId();
+        }
+
+        $qb = $this->dbConnection->getQueryBuilder();
+        $qb->select('share_with', 'token', 'file_source')
+            ->from('share')
+            ->where($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_REMOTE)))
+            ->andWhere($qb->expr()->in('file_source', $qb->createNamedParameter($ids, IQueryBuilder::PARAM_INT_ARRAY)))
+            ->andWhere($qb->expr()->orX(
+                $qb->expr()->eq('item_type', $qb->createNamedParameter('file')),
+                $qb->expr()->eq('item_type', $qb->createNamedParameter('folder'))
+            ));
+        $cursor = $qb->execute();
+
+        if ($currentAccess === false) {
+            $remote = $cursor->fetch() !== false;
+            $cursor->closeCursor();
+
+            return ['remote' => $remote];
+        }
+
+        $remote = [];
+        while ($row = $cursor->fetch()) {
+            $remote[$row['share_with']] = [
+                'node_id' => $row['file_source'],
+                'token' => $row['token'],
+            ];
+        }
+        $cursor->closeCursor();
+
+        return ['remote' => $remote];
+    }
+
+    public function getAllShares(): iterable {
+        $qb = $this->dbConnection->getQueryBuilder();
+
+        $qb->select('*')
+            ->from('share')
+            ->where(
+                $qb->expr()->orX(
+                    $qb->expr()->eq('share_type', $qb->createNamedParameter(\OCP\Share\IShare::TYPE_REMOTE)),
+                    $qb->expr()->eq('share_type', $qb->createNamedParameter(\OCP\Share\IShare::TYPE_REMOTE_GROUP))
+                )
+            );
+
+        $cursor = $qb->execute();
+        while ($data = $cursor->fetch()) {
+            try {
+                $share = $this->createShareObject($data);
+            } catch (InvalidShare $e) {
+                continue;
+            } catch (ShareNotFound $e) {
+                continue;
+            }
+
+            yield $share;
+        }
+        $cursor->closeCursor();
+    }
 }

Please login to merge, or discard this patch.

apps/federatedfilesharing/lib/OCM/CloudFederationProviderFiles.php 1 patch

Indentation +769 added lines, -769 removed lines patch added patch discarded remove patch

@@ -62,773 +62,773 @@
 block discarded – undo
 
 class CloudFederationProviderFiles implements ICloudFederationProvider {
 
-	/** @var IAppManager */
-	private $appManager;
-
-	/** @var FederatedShareProvider */
-	private $federatedShareProvider;
-
-	/** @var AddressHandler */
-	private $addressHandler;
-
-	/** @var ILogger */
-	private $logger;
-
-	/** @var IUserManager */
-	private $userManager;
-
-	/** @var IManager */
-	private $shareManager;
-
-	/** @var ICloudIdManager */
-	private $cloudIdManager;
-
-	/** @var IActivityManager */
-	private $activityManager;
-
-	/** @var INotificationManager */
-	private $notificationManager;
-
-	/** @var IURLGenerator */
-	private $urlGenerator;
-
-	/** @var ICloudFederationFactory */
-	private $cloudFederationFactory;
-
-	/** @var ICloudFederationProviderManager */
-	private $cloudFederationProviderManager;
-
-	/** @var IDBConnection */
-	private $connection;
-
-	/** @var IGroupManager */
-	private $groupManager;
-
-	/** @var IConfig */
-	private $config;
-
-	/**
-	 * CloudFederationProvider constructor.
-	 *
-	 * @param IAppManager $appManager
-	 * @param FederatedShareProvider $federatedShareProvider
-	 * @param AddressHandler $addressHandler
-	 * @param ILogger $logger
-	 * @param IUserManager $userManager
-	 * @param IManager $shareManager
-	 * @param ICloudIdManager $cloudIdManager
-	 * @param IActivityManager $activityManager
-	 * @param INotificationManager $notificationManager
-	 * @param IURLGenerator $urlGenerator
-	 * @param ICloudFederationFactory $cloudFederationFactory
-	 * @param ICloudFederationProviderManager $cloudFederationProviderManager
-	 * @param IDBConnection $connection
-	 * @param IGroupManager $groupManager
-	 */
-	public function __construct(IAppManager $appManager,
-								FederatedShareProvider $federatedShareProvider,
-								AddressHandler $addressHandler,
-								ILogger $logger,
-								IUserManager $userManager,
-								IManager $shareManager,
-								ICloudIdManager $cloudIdManager,
-								IActivityManager $activityManager,
-								INotificationManager $notificationManager,
-								IURLGenerator $urlGenerator,
-								ICloudFederationFactory $cloudFederationFactory,
-								ICloudFederationProviderManager $cloudFederationProviderManager,
-								IDBConnection $connection,
-								IGroupManager $groupManager,
-								IConfig $config
-	) {
-		$this->appManager = $appManager;
-		$this->federatedShareProvider = $federatedShareProvider;
-		$this->addressHandler = $addressHandler;
-		$this->logger = $logger;
-		$this->userManager = $userManager;
-		$this->shareManager = $shareManager;
-		$this->cloudIdManager = $cloudIdManager;
-		$this->activityManager = $activityManager;
-		$this->notificationManager = $notificationManager;
-		$this->urlGenerator = $urlGenerator;
-		$this->cloudFederationFactory = $cloudFederationFactory;
-		$this->cloudFederationProviderManager = $cloudFederationProviderManager;
-		$this->connection = $connection;
-		$this->groupManager = $groupManager;
-		$this->config = $config;
-	}
-
-
-
-	/**
-	 * @return string
-	 */
-	public function getShareType() {
-		return 'file';
-	}
-
-	/**
-	 * share received from another server
-	 *
-	 * @param ICloudFederationShare $share
-	 * @return string provider specific unique ID of the share
-	 *
-	 * @throws ProviderCouldNotAddShareException
-	 * @throws \OCP\AppFramework\QueryException
-	 * @throws HintException
-	 * @since 14.0.0
-	 */
-	public function shareReceived(ICloudFederationShare $share) {
-		if (!$this->isS2SEnabled(true)) {
-			throw new ProviderCouldNotAddShareException('Server does not support federated cloud sharing', '', Http::STATUS_SERVICE_UNAVAILABLE);
-		}
-
-		$protocol = $share->getProtocol();
-		if ($protocol['name'] !== 'webdav') {
-			throw new ProviderCouldNotAddShareException('Unsupported protocol for data exchange.', '', Http::STATUS_NOT_IMPLEMENTED);
-		}
-
-		[$ownerUid, $remote] = $this->addressHandler->splitUserRemote($share->getOwner());
-		// for backward compatibility make sure that the remote url stored in the
-		// database ends with a trailing slash
-		if (substr($remote, -1) !== '/') {
-			$remote = $remote . '/';
-		}
-
-		$token = $share->getShareSecret();
-		$name = $share->getResourceName();
-		$owner = $share->getOwnerDisplayName();
-		$sharedBy = $share->getSharedByDisplayName();
-		$shareWith = $share->getShareWith();
-		$remoteId = $share->getProviderId();
-		$sharedByFederatedId = $share->getSharedBy();
-		$ownerFederatedId = $share->getOwner();
-		$shareType = $this->mapShareTypeToNextcloud($share->getShareType());
-
-		// if no explicit information about the person who created the share was send
-		// we assume that the share comes from the owner
-		if ($sharedByFederatedId === null) {
-			$sharedBy = $owner;
-			$sharedByFederatedId = $ownerFederatedId;
-		}
-
-		if ($remote && $token && $name && $owner && $remoteId && $shareWith) {
-			if (!Util::isValidFileName($name)) {
-				throw new ProviderCouldNotAddShareException('The mountpoint name contains invalid characters.', '', Http::STATUS_BAD_REQUEST);
-			}
-
-			// FIXME this should be a method in the user management instead
-			if ($shareType === IShare::TYPE_USER) {
-				$this->logger->debug('shareWith before, ' . $shareWith, ['app' => 'files_sharing']);
-				Util::emitHook(
-					'\OCA\Files_Sharing\API\Server2Server',
-					'preLoginNameUsedAsUserName',
-					['uid' => &$shareWith]
-				);
-				$this->logger->debug('shareWith after, ' . $shareWith, ['app' => 'files_sharing']);
-
-				if (!$this->userManager->userExists($shareWith)) {
-					throw new ProviderCouldNotAddShareException('User does not exists', '',Http::STATUS_BAD_REQUEST);
-				}
-
-				\OC_Util::setupFS($shareWith);
-			}
-
-			if ($shareType === IShare::TYPE_GROUP && !$this->groupManager->groupExists($shareWith)) {
-				throw new ProviderCouldNotAddShareException('Group does not exists', '',Http::STATUS_BAD_REQUEST);
-			}
-
-			$externalManager = new \OCA\Files_Sharing\External\Manager(
-				\OC::$server->getDatabaseConnection(),
-				Filesystem::getMountManager(),
-				Filesystem::getLoader(),
-				\OC::$server->getHTTPClientService(),
-				\OC::$server->getNotificationManager(),
-				\OC::$server->query(\OCP\OCS\IDiscoveryService::class),
-				\OC::$server->getCloudFederationProviderManager(),
-				\OC::$server->getCloudFederationFactory(),
-				\OC::$server->getGroupManager(),
-				\OC::$server->getUserManager(),
-				$shareWith,
-				\OC::$server->query(IEventDispatcher::class)
-			);
-
-			try {
-				$externalManager->addShare($remote, $token, '', $name, $owner, $shareType,false, $shareWith, $remoteId);
-				$shareId = \OC::$server->getDatabaseConnection()->lastInsertId('*PREFIX*share_external');
-
-				if ($shareType === IShare::TYPE_USER) {
-					$event = $this->activityManager->generateEvent();
-					$event->setApp('files_sharing')
-						->setType('remote_share')
-						->setSubject(RemoteShares::SUBJECT_REMOTE_SHARE_RECEIVED, [$ownerFederatedId, trim($name, '/')])
-						->setAffectedUser($shareWith)
-						->setObject('remote_share', $shareId, $name);
-					\OC::$server->getActivityManager()->publish($event);
-					$this->notifyAboutNewShare($shareWith, $shareId, $ownerFederatedId, $sharedByFederatedId, $name);
-				} else {
-					$groupMembers = $this->groupManager->get($shareWith)->getUsers();
-					foreach ($groupMembers as $user) {
-						$event = $this->activityManager->generateEvent();
-						$event->setApp('files_sharing')
-							->setType('remote_share')
-							->setSubject(RemoteShares::SUBJECT_REMOTE_SHARE_RECEIVED, [$ownerFederatedId, trim($name, '/')])
-							->setAffectedUser($user->getUID())
-							->setObject('remote_share', $shareId, $name);
-						\OC::$server->getActivityManager()->publish($event);
-						$this->notifyAboutNewShare($user->getUID(), $shareId, $ownerFederatedId, $sharedByFederatedId, $name);
-					}
-				}
-				return $shareId;
-			} catch (\Exception $e) {
-				$this->logger->logException($e, [
-					'message' => 'Server can not add remote share.',
-					'level' => ILogger::ERROR,
-					'app' => 'files_sharing'
-				]);
-				throw new ProviderCouldNotAddShareException('internal server error, was not able to add share from ' . $remote, '', HTTP::STATUS_INTERNAL_SERVER_ERROR);
-			}
-		}
-
-		throw new ProviderCouldNotAddShareException('server can not add remote share, missing parameter', '', HTTP::STATUS_BAD_REQUEST);
-	}
-
-	/**
-	 * notification received from another server
-	 *
-	 * @param string $notificationType (e.g. SHARE_ACCEPTED)
-	 * @param string $providerId id of the share
-	 * @param array $notification payload of the notification
-	 * @return array data send back to the sender
-	 *
-	 * @throws ActionNotSupportedException
-	 * @throws AuthenticationFailedException
-	 * @throws BadRequestException
-	 * @throws HintException
-	 * @since 14.0.0
-	 */
-	public function notificationReceived($notificationType, $providerId, array $notification) {
-		switch ($notificationType) {
-			case 'SHARE_ACCEPTED':
-				return $this->shareAccepted($providerId, $notification);
-			case 'SHARE_DECLINED':
-				return $this->shareDeclined($providerId, $notification);
-			case 'SHARE_UNSHARED':
-				return $this->unshare($providerId, $notification);
-			case 'REQUEST_RESHARE':
-				return $this->reshareRequested($providerId, $notification);
-			case 'RESHARE_UNDO':
-				return $this->undoReshare($providerId, $notification);
-			case 'RESHARE_CHANGE_PERMISSION':
-				return $this->updateResharePermissions($providerId, $notification);
-		}
-
-
-		throw new BadRequestException([$notificationType]);
-	}
-
-	/**
-	 * map OCM share type (strings) to Nextcloud internal share types (integer)
-	 *
-	 * @param string $shareType
-	 * @return int
-	 */
-	private function mapShareTypeToNextcloud($shareType) {
-		$result = IShare::TYPE_USER;
-		if ($shareType === 'group') {
-			$result = IShare::TYPE_GROUP;
-		}
-
-		return $result;
-	}
-
-	private function notifyAboutNewShare($shareWith, $shareId, $ownerFederatedId, $sharedByFederatedId, $name): void {
-		$notification = $this->notificationManager->createNotification();
-		$notification->setApp('files_sharing')
-			->setUser($shareWith)
-			->setDateTime(new \DateTime())
-			->setObject('remote_share', $shareId)
-			->setSubject('remote_share', [$ownerFederatedId, $sharedByFederatedId, trim($name, '/')]);
-
-		$declineAction = $notification->createAction();
-		$declineAction->setLabel('decline')
-			->setLink($this->urlGenerator->getAbsoluteURL($this->urlGenerator->linkTo('', 'ocs/v2.php/apps/files_sharing/api/v1/remote_shares/pending/' . $shareId)), 'DELETE');
-		$notification->addAction($declineAction);
-
-		$acceptAction = $notification->createAction();
-		$acceptAction->setLabel('accept')
-			->setLink($this->urlGenerator->getAbsoluteURL($this->urlGenerator->linkTo('', 'ocs/v2.php/apps/files_sharing/api/v1/remote_shares/pending/' . $shareId)), 'POST');
-		$notification->addAction($acceptAction);
-
-		$this->notificationManager->notify($notification);
-	}
-
-	/**
-	 * process notification that the recipient accepted a share
-	 *
-	 * @param string $id
-	 * @param array $notification
-	 * @return array
-	 * @throws ActionNotSupportedException
-	 * @throws AuthenticationFailedException
-	 * @throws BadRequestException
-	 * @throws HintException
-	 */
-	private function shareAccepted($id, array $notification) {
-		if (!$this->isS2SEnabled()) {
-			throw new ActionNotSupportedException('Server does not support federated cloud sharing');
-		}
-
-		if (!isset($notification['sharedSecret'])) {
-			throw new BadRequestException(['sharedSecret']);
-		}
-
-		$token = $notification['sharedSecret'];
-
-		$share = $this->federatedShareProvider->getShareById($id);
-
-		$this->verifyShare($share, $token);
-		$this->executeAcceptShare($share);
-		if ($share->getShareOwner() !== $share->getSharedBy()) {
-			[, $remote] = $this->addressHandler->splitUserRemote($share->getSharedBy());
-			$remoteId = $this->federatedShareProvider->getRemoteId($share);
-			$notification = $this->cloudFederationFactory->getCloudFederationNotification();
-			$notification->setMessage(
-				'SHARE_ACCEPTED',
-				'file',
-				$remoteId,
-				[
-					'sharedSecret' => $token,
-					'message' => 'Recipient accepted the re-share'
-				]
-
-			);
-			$this->cloudFederationProviderManager->sendNotification($remote, $notification);
-		}
-
-		return [];
-	}
-
-	/**
-	 * @param IShare $share
-	 * @throws ShareNotFound
-	 */
-	protected function executeAcceptShare(IShare $share) {
-		try {
-			$fileId = (int)$share->getNode()->getId();
-			[$file, $link] = $this->getFile($this->getCorrectUid($share), $fileId);
-		} catch (\Exception $e) {
-			throw new ShareNotFound();
-		}
-
-		$event = $this->activityManager->generateEvent();
-		$event->setApp('files_sharing')
-			->setType('remote_share')
-			->setAffectedUser($this->getCorrectUid($share))
-			->setSubject(RemoteShares::SUBJECT_REMOTE_SHARE_ACCEPTED, [$share->getSharedWith(), [$fileId => $file]])
-			->setObject('files', $fileId, $file)
-			->setLink($link);
-		$this->activityManager->publish($event);
-	}
-
-	/**
-	 * process notification that the recipient declined a share
-	 *
-	 * @param string $id
-	 * @param array $notification
-	 * @return array
-	 * @throws ActionNotSupportedException
-	 * @throws AuthenticationFailedException
-	 * @throws BadRequestException
-	 * @throws ShareNotFound
-	 * @throws HintException
-	 *
-	 */
-	protected function shareDeclined($id, array $notification) {
-		if (!$this->isS2SEnabled()) {
-			throw new ActionNotSupportedException('Server does not support federated cloud sharing');
-		}
-
-		if (!isset($notification['sharedSecret'])) {
-			throw new BadRequestException(['sharedSecret']);
-		}
-
-		$token = $notification['sharedSecret'];
-
-		$share = $this->federatedShareProvider->getShareById($id);
-
-		$this->verifyShare($share, $token);
-
-		if ($share->getShareOwner() !== $share->getSharedBy()) {
-			[, $remote] = $this->addressHandler->splitUserRemote($share->getSharedBy());
-			$remoteId = $this->federatedShareProvider->getRemoteId($share);
-			$notification = $this->cloudFederationFactory->getCloudFederationNotification();
-			$notification->setMessage(
-				'SHARE_DECLINED',
-				'file',
-				$remoteId,
-				[
-					'sharedSecret' => $token,
-					'message' => 'Recipient declined the re-share'
-				]
-
-			);
-			$this->cloudFederationProviderManager->sendNotification($remote, $notification);
-		}
-
-		$this->executeDeclineShare($share);
-
-		return [];
-	}
-
-	/**
-	 * delete declined share and create a activity
-	 *
-	 * @param IShare $share
-	 * @throws ShareNotFound
-	 */
-	protected function executeDeclineShare(IShare $share) {
-		$this->federatedShareProvider->removeShareFromTable($share);
-
-		try {
-			$fileId = (int)$share->getNode()->getId();
-			[$file, $link] = $this->getFile($this->getCorrectUid($share), $fileId);
-		} catch (\Exception $e) {
-			throw new ShareNotFound();
-		}
-
-		$event = $this->activityManager->generateEvent();
-		$event->setApp('files_sharing')
-			->setType('remote_share')
-			->setAffectedUser($this->getCorrectUid($share))
-			->setSubject(RemoteShares::SUBJECT_REMOTE_SHARE_DECLINED, [$share->getSharedWith(), [$fileId => $file]])
-			->setObject('files', $fileId, $file)
-			->setLink($link);
-		$this->activityManager->publish($event);
-	}
-
-	/**
-	 * received the notification that the owner unshared a file from you
-	 *
-	 * @param string $id
-	 * @param array $notification
-	 * @return array
-	 * @throws AuthenticationFailedException
-	 * @throws BadRequestException
-	 */
-	private function undoReshare($id, array $notification) {
-		if (!isset($notification['sharedSecret'])) {
-			throw new BadRequestException(['sharedSecret']);
-		}
-		$token = $notification['sharedSecret'];
-
-		$share = $this->federatedShareProvider->getShareById($id);
-
-		$this->verifyShare($share, $token);
-		$this->federatedShareProvider->removeShareFromTable($share);
-		return [];
-	}
-
-	/**
-	 * unshare file from self
-	 *
-	 * @param string $id
-	 * @param array $notification
-	 * @return array
-	 * @throws ActionNotSupportedException
-	 * @throws BadRequestException
-	 */
-	private function unshare($id, array $notification) {
-		if (!$this->isS2SEnabled(true)) {
-			throw new ActionNotSupportedException("incoming shares disabled!");
-		}
-
-		if (!isset($notification['sharedSecret'])) {
-			throw new BadRequestException(['sharedSecret']);
-		}
-		$token = $notification['sharedSecret'];
-
-		$qb = $this->connection->getQueryBuilder();
-		$qb->select('*')
-			->from('share_external')
-			->where(
-				$qb->expr()->andX(
-					$qb->expr()->eq('remote_id', $qb->createNamedParameter($id)),
-					$qb->expr()->eq('share_token', $qb->createNamedParameter($token))
-				)
-			);
-
-		$result = $qb->execute();
-		$share = $result->fetch();
-		$result->closeCursor();
-
-		if ($token && $id && !empty($share)) {
-			$remote = $this->cleanupRemote($share['remote']);
-
-			$owner = $this->cloudIdManager->getCloudId($share['owner'], $remote);
-			$mountpoint = $share['mountpoint'];
-			$user = $share['user'];
-
-			$qb = $this->connection->getQueryBuilder();
-			$qb->delete('share_external')
-				->where(
-					$qb->expr()->andX(
-						$qb->expr()->eq('remote_id', $qb->createNamedParameter($id)),
-						$qb->expr()->eq('share_token', $qb->createNamedParameter($token))
-					)
-				);
-
-			$qb->execute();
-
-			// delete all child in case of a group share
-			$qb = $this->connection->getQueryBuilder();
-			$qb->delete('share_external')
-				->where($qb->expr()->eq('parent', $qb->createNamedParameter((int)$share['id'])));
-			$qb->execute();
-
-			if ((int)$share['share_type'] === IShare::TYPE_USER) {
-				if ($share['accepted']) {
-					$path = trim($mountpoint, '/');
-				} else {
-					$path = trim($share['name'], '/');
-				}
-				$notification = $this->notificationManager->createNotification();
-				$notification->setApp('files_sharing')
-					->setUser($share['user'])
-					->setObject('remote_share', (int)$share['id']);
-				$this->notificationManager->markProcessed($notification);
-
-				$event = $this->activityManager->generateEvent();
-				$event->setApp('files_sharing')
-					->setType('remote_share')
-					->setSubject(RemoteShares::SUBJECT_REMOTE_SHARE_UNSHARED, [$owner->getId(), $path])
-					->setAffectedUser($user)
-					->setObject('remote_share', (int)$share['id'], $path);
-				\OC::$server->getActivityManager()->publish($event);
-			}
-		}
-
-		return [];
-	}
-
-	private function cleanupRemote($remote) {
-		$remote = substr($remote, strpos($remote, '://') + 3);
-
-		return rtrim($remote, '/');
-	}
-
-	/**
-	 * recipient of a share request to re-share the file with another user
-	 *
-	 * @param string $id
-	 * @param array $notification
-	 * @return array
-	 * @throws AuthenticationFailedException
-	 * @throws BadRequestException
-	 * @throws ProviderCouldNotAddShareException
-	 * @throws ShareNotFound
-	 */
-	protected function reshareRequested($id, array $notification) {
-		if (!isset($notification['sharedSecret'])) {
-			throw new BadRequestException(['sharedSecret']);
-		}
-		$token = $notification['sharedSecret'];
-
-		if (!isset($notification['shareWith'])) {
-			throw new BadRequestException(['shareWith']);
-		}
-		$shareWith = $notification['shareWith'];
-
-		if (!isset($notification['senderId'])) {
-			throw new BadRequestException(['senderId']);
-		}
-		$senderId = $notification['senderId'];
-
-		$share = $this->federatedShareProvider->getShareById($id);
-
-		// We have to respect the default share permissions
-		$permissions = $share->getPermissions() & (int)$this->config->getAppValue('core', 'shareapi_default_permissions', (string)Constants::PERMISSION_ALL);
-		$share->setPermissions($permissions);
-
-		// don't allow to share a file back to the owner
-		try {
-			[$user, $remote] = $this->addressHandler->splitUserRemote($shareWith);
-			$owner = $share->getShareOwner();
-			$currentServer = $this->addressHandler->generateRemoteURL();
-			if ($this->addressHandler->compareAddresses($user, $remote, $owner, $currentServer)) {
-				throw new ProviderCouldNotAddShareException('Resharing back to the owner is not allowed: ' . $id);
-			}
-		} catch (\Exception $e) {
-			throw new ProviderCouldNotAddShareException($e->getMessage());
-		}
-
-		$this->verifyShare($share, $token);
-
-		// check if re-sharing is allowed
-		if ($share->getPermissions() & Constants::PERMISSION_SHARE) {
-			// the recipient of the initial share is now the initiator for the re-share
-			$share->setSharedBy($share->getSharedWith());
-			$share->setSharedWith($shareWith);
-			$result = $this->federatedShareProvider->create($share);
-			$this->federatedShareProvider->storeRemoteId((int)$result->getId(), $senderId);
-			return ['token' => $result->getToken(), 'providerId' => $result->getId()];
-		} else {
-			throw new ProviderCouldNotAddShareException('resharing not allowed for share: ' . $id);
-		}
-	}
-
-	/**
-	 * update permission of a re-share so that the share dialog shows the right
-	 * permission if the owner or the sender changes the permission
-	 *
-	 * @param string $id
-	 * @param array $notification
-	 * @return array
-	 * @throws AuthenticationFailedException
-	 * @throws BadRequestException
-	 */
-	protected function updateResharePermissions($id, array $notification) {
-		throw new HintException('Updating reshares not allowed');
-	}
-
-	/**
-	 * translate OCM Permissions to Nextcloud permissions
-	 *
-	 * @param array $ocmPermissions
-	 * @return int
-	 * @throws BadRequestException
-	 */
-	protected function ocmPermissions2ncPermissions(array $ocmPermissions) {
-		$ncPermissions = 0;
-		foreach ($ocmPermissions as $permission) {
-			switch (strtolower($permission)) {
-				case 'read':
-					$ncPermissions += Constants::PERMISSION_READ;
-					break;
-				case 'write':
-					$ncPermissions += Constants::PERMISSION_CREATE + Constants::PERMISSION_UPDATE;
-					break;
-				case 'share':
-					$ncPermissions += Constants::PERMISSION_SHARE;
-					break;
-				default:
-					throw new BadRequestException(['permission']);
-			}
-		}
-
-		return $ncPermissions;
-	}
-
-	/**
-	 * update permissions in database
-	 *
-	 * @param IShare $share
-	 * @param int $permissions
-	 */
-	protected function updatePermissionsInDatabase(IShare $share, $permissions) {
-		$query = $this->connection->getQueryBuilder();
-		$query->update('share')
-			->where($query->expr()->eq('id', $query->createNamedParameter($share->getId())))
-			->set('permissions', $query->createNamedParameter($permissions))
-			->execute();
-	}
-
-
-	/**
-	 * get file
-	 *
-	 * @param string $user
-	 * @param int $fileSource
-	 * @return array with internal path of the file and a absolute link to it
-	 */
-	private function getFile($user, $fileSource) {
-		\OC_Util::setupFS($user);
-
-		try {
-			$file = Filesystem::getPath($fileSource);
-		} catch (NotFoundException $e) {
-			$file = null;
-		}
-		$args = Filesystem::is_dir($file) ? ['dir' => $file] : ['dir' => dirname($file), 'scrollto' => $file];
-		$link = Util::linkToAbsolute('files', 'index.php', $args);
-
-		return [$file, $link];
-	}
-
-	/**
-	 * check if we are the initiator or the owner of a re-share and return the correct UID
-	 *
-	 * @param IShare $share
-	 * @return string
-	 */
-	protected function getCorrectUid(IShare $share) {
-		if ($this->userManager->userExists($share->getShareOwner())) {
-			return $share->getShareOwner();
-		}
-
-		return $share->getSharedBy();
-	}
-
-
-
-	/**
-	 * check if we got the right share
-	 *
-	 * @param IShare $share
-	 * @param string $token
-	 * @return bool
-	 * @throws AuthenticationFailedException
-	 */
-	protected function verifyShare(IShare $share, $token) {
-		if (
-			$share->getShareType() === IShare::TYPE_REMOTE &&
-			$share->getToken() === $token
-		) {
-			return true;
-		}
-
-		if ($share->getShareType() === IShare::TYPE_CIRCLE) {
-			try {
-				$knownShare = $this->shareManager->getShareByToken($token);
-				if ($knownShare->getId() === $share->getId()) {
-					return true;
-				}
-			} catch (ShareNotFound $e) {
-			}
-		}
-
-		throw new AuthenticationFailedException();
-	}
-
-
-
-	/**
-	 * check if server-to-server sharing is enabled
-	 *
-	 * @param bool $incoming
-	 * @return bool
-	 */
-	private function isS2SEnabled($incoming = false) {
-		$result = $this->appManager->isEnabledForUser('files_sharing');
-
-		if ($incoming) {
-			$result = $result && $this->federatedShareProvider->isIncomingServer2serverShareEnabled();
-		} else {
-			$result = $result && $this->federatedShareProvider->isOutgoingServer2serverShareEnabled();
-		}
-
-		return $result;
-	}
-
-
-	/**
-	 * get the supported share types, e.g. "user", "group", etc.
-	 *
-	 * @return array
-	 *
-	 * @since 14.0.0
-	 */
-	public function getSupportedShareTypes() {
-		return ['user', 'group'];
-	}
+    /** @var IAppManager */
+    private $appManager;
+
+    /** @var FederatedShareProvider */
+    private $federatedShareProvider;
+
+    /** @var AddressHandler */
+    private $addressHandler;
+
+    /** @var ILogger */
+    private $logger;
+
+    /** @var IUserManager */
+    private $userManager;
+
+    /** @var IManager */
+    private $shareManager;
+
+    /** @var ICloudIdManager */
+    private $cloudIdManager;
+
+    /** @var IActivityManager */
+    private $activityManager;
+
+    /** @var INotificationManager */
+    private $notificationManager;
+
+    /** @var IURLGenerator */
+    private $urlGenerator;
+
+    /** @var ICloudFederationFactory */
+    private $cloudFederationFactory;
+
+    /** @var ICloudFederationProviderManager */
+    private $cloudFederationProviderManager;
+
+    /** @var IDBConnection */
+    private $connection;
+
+    /** @var IGroupManager */
+    private $groupManager;
+
+    /** @var IConfig */
+    private $config;
+
+    /**
+     * CloudFederationProvider constructor.
+     *
+     * @param IAppManager $appManager
+     * @param FederatedShareProvider $federatedShareProvider
+     * @param AddressHandler $addressHandler
+     * @param ILogger $logger
+     * @param IUserManager $userManager
+     * @param IManager $shareManager
+     * @param ICloudIdManager $cloudIdManager
+     * @param IActivityManager $activityManager
+     * @param INotificationManager $notificationManager
+     * @param IURLGenerator $urlGenerator
+     * @param ICloudFederationFactory $cloudFederationFactory
+     * @param ICloudFederationProviderManager $cloudFederationProviderManager
+     * @param IDBConnection $connection
+     * @param IGroupManager $groupManager
+     */
+    public function __construct(IAppManager $appManager,
+                                FederatedShareProvider $federatedShareProvider,
+                                AddressHandler $addressHandler,
+                                ILogger $logger,
+                                IUserManager $userManager,
+                                IManager $shareManager,
+                                ICloudIdManager $cloudIdManager,
+                                IActivityManager $activityManager,
+                                INotificationManager $notificationManager,
+                                IURLGenerator $urlGenerator,
+                                ICloudFederationFactory $cloudFederationFactory,
+                                ICloudFederationProviderManager $cloudFederationProviderManager,
+                                IDBConnection $connection,
+                                IGroupManager $groupManager,
+                                IConfig $config
+    ) {
+        $this->appManager = $appManager;
+        $this->federatedShareProvider = $federatedShareProvider;
+        $this->addressHandler = $addressHandler;
+        $this->logger = $logger;
+        $this->userManager = $userManager;
+        $this->shareManager = $shareManager;
+        $this->cloudIdManager = $cloudIdManager;
+        $this->activityManager = $activityManager;
+        $this->notificationManager = $notificationManager;
+        $this->urlGenerator = $urlGenerator;
+        $this->cloudFederationFactory = $cloudFederationFactory;
+        $this->cloudFederationProviderManager = $cloudFederationProviderManager;
+        $this->connection = $connection;
+        $this->groupManager = $groupManager;
+        $this->config = $config;
+    }
+
+
+
+    /**
+     * @return string
+     */
+    public function getShareType() {
+        return 'file';
+    }
+
+    /**
+     * share received from another server
+     *
+     * @param ICloudFederationShare $share
+     * @return string provider specific unique ID of the share
+     *
+     * @throws ProviderCouldNotAddShareException
+     * @throws \OCP\AppFramework\QueryException
+     * @throws HintException
+     * @since 14.0.0
+     */
+    public function shareReceived(ICloudFederationShare $share) {
+        if (!$this->isS2SEnabled(true)) {
+            throw new ProviderCouldNotAddShareException('Server does not support federated cloud sharing', '', Http::STATUS_SERVICE_UNAVAILABLE);
+        }
+
+        $protocol = $share->getProtocol();
+        if ($protocol['name'] !== 'webdav') {
+            throw new ProviderCouldNotAddShareException('Unsupported protocol for data exchange.', '', Http::STATUS_NOT_IMPLEMENTED);
+        }
+
+        [$ownerUid, $remote] = $this->addressHandler->splitUserRemote($share->getOwner());
+        // for backward compatibility make sure that the remote url stored in the
+        // database ends with a trailing slash
+        if (substr($remote, -1) !== '/') {
+            $remote = $remote . '/';
+        }
+
+        $token = $share->getShareSecret();
+        $name = $share->getResourceName();
+        $owner = $share->getOwnerDisplayName();
+        $sharedBy = $share->getSharedByDisplayName();
+        $shareWith = $share->getShareWith();
+        $remoteId = $share->getProviderId();
+        $sharedByFederatedId = $share->getSharedBy();
+        $ownerFederatedId = $share->getOwner();
+        $shareType = $this->mapShareTypeToNextcloud($share->getShareType());
+
+        // if no explicit information about the person who created the share was send
+        // we assume that the share comes from the owner
+        if ($sharedByFederatedId === null) {
+            $sharedBy = $owner;
+            $sharedByFederatedId = $ownerFederatedId;
+        }
+
+        if ($remote && $token && $name && $owner && $remoteId && $shareWith) {
+            if (!Util::isValidFileName($name)) {
+                throw new ProviderCouldNotAddShareException('The mountpoint name contains invalid characters.', '', Http::STATUS_BAD_REQUEST);
+            }
+
+            // FIXME this should be a method in the user management instead
+            if ($shareType === IShare::TYPE_USER) {
+                $this->logger->debug('shareWith before, ' . $shareWith, ['app' => 'files_sharing']);
+                Util::emitHook(
+                    '\OCA\Files_Sharing\API\Server2Server',
+                    'preLoginNameUsedAsUserName',
+                    ['uid' => &$shareWith]
+                );
+                $this->logger->debug('shareWith after, ' . $shareWith, ['app' => 'files_sharing']);
+
+                if (!$this->userManager->userExists($shareWith)) {
+                    throw new ProviderCouldNotAddShareException('User does not exists', '',Http::STATUS_BAD_REQUEST);
+                }
+
+                \OC_Util::setupFS($shareWith);
+            }
+
+            if ($shareType === IShare::TYPE_GROUP && !$this->groupManager->groupExists($shareWith)) {
+                throw new ProviderCouldNotAddShareException('Group does not exists', '',Http::STATUS_BAD_REQUEST);
+            }
+
+            $externalManager = new \OCA\Files_Sharing\External\Manager(
+                \OC::$server->getDatabaseConnection(),
+                Filesystem::getMountManager(),
+                Filesystem::getLoader(),
+                \OC::$server->getHTTPClientService(),
+                \OC::$server->getNotificationManager(),
+                \OC::$server->query(\OCP\OCS\IDiscoveryService::class),
+                \OC::$server->getCloudFederationProviderManager(),
+                \OC::$server->getCloudFederationFactory(),
+                \OC::$server->getGroupManager(),
+                \OC::$server->getUserManager(),
+                $shareWith,
+                \OC::$server->query(IEventDispatcher::class)
+            );
+
+            try {
+                $externalManager->addShare($remote, $token, '', $name, $owner, $shareType,false, $shareWith, $remoteId);
+                $shareId = \OC::$server->getDatabaseConnection()->lastInsertId('*PREFIX*share_external');
+
+                if ($shareType === IShare::TYPE_USER) {
+                    $event = $this->activityManager->generateEvent();
+                    $event->setApp('files_sharing')
+                        ->setType('remote_share')
+                        ->setSubject(RemoteShares::SUBJECT_REMOTE_SHARE_RECEIVED, [$ownerFederatedId, trim($name, '/')])
+                        ->setAffectedUser($shareWith)
+                        ->setObject('remote_share', $shareId, $name);
+                    \OC::$server->getActivityManager()->publish($event);
+                    $this->notifyAboutNewShare($shareWith, $shareId, $ownerFederatedId, $sharedByFederatedId, $name);
+                } else {
+                    $groupMembers = $this->groupManager->get($shareWith)->getUsers();
+                    foreach ($groupMembers as $user) {
+                        $event = $this->activityManager->generateEvent();
+                        $event->setApp('files_sharing')
+                            ->setType('remote_share')
+                            ->setSubject(RemoteShares::SUBJECT_REMOTE_SHARE_RECEIVED, [$ownerFederatedId, trim($name, '/')])
+                            ->setAffectedUser($user->getUID())
+                            ->setObject('remote_share', $shareId, $name);
+                        \OC::$server->getActivityManager()->publish($event);
+                        $this->notifyAboutNewShare($user->getUID(), $shareId, $ownerFederatedId, $sharedByFederatedId, $name);
+                    }
+                }
+                return $shareId;
+            } catch (\Exception $e) {
+                $this->logger->logException($e, [
+                    'message' => 'Server can not add remote share.',
+                    'level' => ILogger::ERROR,
+                    'app' => 'files_sharing'
+                ]);
+                throw new ProviderCouldNotAddShareException('internal server error, was not able to add share from ' . $remote, '', HTTP::STATUS_INTERNAL_SERVER_ERROR);
+            }
+        }
+
+        throw new ProviderCouldNotAddShareException('server can not add remote share, missing parameter', '', HTTP::STATUS_BAD_REQUEST);
+    }
+
+    /**
+     * notification received from another server
+     *
+     * @param string $notificationType (e.g. SHARE_ACCEPTED)
+     * @param string $providerId id of the share
+     * @param array $notification payload of the notification
+     * @return array data send back to the sender
+     *
+     * @throws ActionNotSupportedException
+     * @throws AuthenticationFailedException
+     * @throws BadRequestException
+     * @throws HintException
+     * @since 14.0.0
+     */
+    public function notificationReceived($notificationType, $providerId, array $notification) {
+        switch ($notificationType) {
+            case 'SHARE_ACCEPTED':
+                return $this->shareAccepted($providerId, $notification);
+            case 'SHARE_DECLINED':
+                return $this->shareDeclined($providerId, $notification);
+            case 'SHARE_UNSHARED':
+                return $this->unshare($providerId, $notification);
+            case 'REQUEST_RESHARE':
+                return $this->reshareRequested($providerId, $notification);
+            case 'RESHARE_UNDO':
+                return $this->undoReshare($providerId, $notification);
+            case 'RESHARE_CHANGE_PERMISSION':
+                return $this->updateResharePermissions($providerId, $notification);
+        }
+
+
+        throw new BadRequestException([$notificationType]);
+    }
+
+    /**
+     * map OCM share type (strings) to Nextcloud internal share types (integer)
+     *
+     * @param string $shareType
+     * @return int
+     */
+    private function mapShareTypeToNextcloud($shareType) {
+        $result = IShare::TYPE_USER;
+        if ($shareType === 'group') {
+            $result = IShare::TYPE_GROUP;
+        }
+
+        return $result;
+    }
+
+    private function notifyAboutNewShare($shareWith, $shareId, $ownerFederatedId, $sharedByFederatedId, $name): void {
+        $notification = $this->notificationManager->createNotification();
+        $notification->setApp('files_sharing')
+            ->setUser($shareWith)
+            ->setDateTime(new \DateTime())
+            ->setObject('remote_share', $shareId)
+            ->setSubject('remote_share', [$ownerFederatedId, $sharedByFederatedId, trim($name, '/')]);
+
+        $declineAction = $notification->createAction();
+        $declineAction->setLabel('decline')
+            ->setLink($this->urlGenerator->getAbsoluteURL($this->urlGenerator->linkTo('', 'ocs/v2.php/apps/files_sharing/api/v1/remote_shares/pending/' . $shareId)), 'DELETE');
+        $notification->addAction($declineAction);
+
+        $acceptAction = $notification->createAction();
+        $acceptAction->setLabel('accept')
+            ->setLink($this->urlGenerator->getAbsoluteURL($this->urlGenerator->linkTo('', 'ocs/v2.php/apps/files_sharing/api/v1/remote_shares/pending/' . $shareId)), 'POST');
+        $notification->addAction($acceptAction);
+
+        $this->notificationManager->notify($notification);
+    }
+
+    /**
+     * process notification that the recipient accepted a share
+     *
+     * @param string $id
+     * @param array $notification
+     * @return array
+     * @throws ActionNotSupportedException
+     * @throws AuthenticationFailedException
+     * @throws BadRequestException
+     * @throws HintException
+     */
+    private function shareAccepted($id, array $notification) {
+        if (!$this->isS2SEnabled()) {
+            throw new ActionNotSupportedException('Server does not support federated cloud sharing');
+        }
+
+        if (!isset($notification['sharedSecret'])) {
+            throw new BadRequestException(['sharedSecret']);
+        }
+
+        $token = $notification['sharedSecret'];
+
+        $share = $this->federatedShareProvider->getShareById($id);
+
+        $this->verifyShare($share, $token);
+        $this->executeAcceptShare($share);
+        if ($share->getShareOwner() !== $share->getSharedBy()) {
+            [, $remote] = $this->addressHandler->splitUserRemote($share->getSharedBy());
+            $remoteId = $this->federatedShareProvider->getRemoteId($share);
+            $notification = $this->cloudFederationFactory->getCloudFederationNotification();
+            $notification->setMessage(
+                'SHARE_ACCEPTED',
+                'file',
+                $remoteId,
+                [
+                    'sharedSecret' => $token,
+                    'message' => 'Recipient accepted the re-share'
+                ]
+
+            );
+            $this->cloudFederationProviderManager->sendNotification($remote, $notification);
+        }
+
+        return [];
+    }
+
+    /**
+     * @param IShare $share
+     * @throws ShareNotFound
+     */
+    protected function executeAcceptShare(IShare $share) {
+        try {
+            $fileId = (int)$share->getNode()->getId();
+            [$file, $link] = $this->getFile($this->getCorrectUid($share), $fileId);
+        } catch (\Exception $e) {
+            throw new ShareNotFound();
+        }
+
+        $event = $this->activityManager->generateEvent();
+        $event->setApp('files_sharing')
+            ->setType('remote_share')
+            ->setAffectedUser($this->getCorrectUid($share))
+            ->setSubject(RemoteShares::SUBJECT_REMOTE_SHARE_ACCEPTED, [$share->getSharedWith(), [$fileId => $file]])
+            ->setObject('files', $fileId, $file)
+            ->setLink($link);
+        $this->activityManager->publish($event);
+    }
+
+    /**
+     * process notification that the recipient declined a share
+     *
+     * @param string $id
+     * @param array $notification
+     * @return array
+     * @throws ActionNotSupportedException
+     * @throws AuthenticationFailedException
+     * @throws BadRequestException
+     * @throws ShareNotFound
+     * @throws HintException
+     *
+     */
+    protected function shareDeclined($id, array $notification) {
+        if (!$this->isS2SEnabled()) {
+            throw new ActionNotSupportedException('Server does not support federated cloud sharing');
+        }
+
+        if (!isset($notification['sharedSecret'])) {
+            throw new BadRequestException(['sharedSecret']);
+        }
+
+        $token = $notification['sharedSecret'];
+
+        $share = $this->federatedShareProvider->getShareById($id);
+
+        $this->verifyShare($share, $token);
+
+        if ($share->getShareOwner() !== $share->getSharedBy()) {
+            [, $remote] = $this->addressHandler->splitUserRemote($share->getSharedBy());
+            $remoteId = $this->federatedShareProvider->getRemoteId($share);
+            $notification = $this->cloudFederationFactory->getCloudFederationNotification();
+            $notification->setMessage(
+                'SHARE_DECLINED',
+                'file',
+                $remoteId,
+                [
+                    'sharedSecret' => $token,
+                    'message' => 'Recipient declined the re-share'
+                ]
+
+            );
+            $this->cloudFederationProviderManager->sendNotification($remote, $notification);
+        }
+
+        $this->executeDeclineShare($share);
+
+        return [];
+    }
+
+    /**
+     * delete declined share and create a activity
+     *
+     * @param IShare $share
+     * @throws ShareNotFound
+     */
+    protected function executeDeclineShare(IShare $share) {
+        $this->federatedShareProvider->removeShareFromTable($share);
+
+        try {
+            $fileId = (int)$share->getNode()->getId();
+            [$file, $link] = $this->getFile($this->getCorrectUid($share), $fileId);
+        } catch (\Exception $e) {
+            throw new ShareNotFound();
+        }
+
+        $event = $this->activityManager->generateEvent();
+        $event->setApp('files_sharing')
+            ->setType('remote_share')
+            ->setAffectedUser($this->getCorrectUid($share))
+            ->setSubject(RemoteShares::SUBJECT_REMOTE_SHARE_DECLINED, [$share->getSharedWith(), [$fileId => $file]])
+            ->setObject('files', $fileId, $file)
+            ->setLink($link);
+        $this->activityManager->publish($event);
+    }
+
+    /**
+     * received the notification that the owner unshared a file from you
+     *
+     * @param string $id
+     * @param array $notification
+     * @return array
+     * @throws AuthenticationFailedException
+     * @throws BadRequestException
+     */
+    private function undoReshare($id, array $notification) {
+        if (!isset($notification['sharedSecret'])) {
+            throw new BadRequestException(['sharedSecret']);
+        }
+        $token = $notification['sharedSecret'];
+
+        $share = $this->federatedShareProvider->getShareById($id);
+
+        $this->verifyShare($share, $token);
+        $this->federatedShareProvider->removeShareFromTable($share);
+        return [];
+    }
+
+    /**
+     * unshare file from self
+     *
+     * @param string $id
+     * @param array $notification
+     * @return array
+     * @throws ActionNotSupportedException
+     * @throws BadRequestException
+     */
+    private function unshare($id, array $notification) {
+        if (!$this->isS2SEnabled(true)) {
+            throw new ActionNotSupportedException("incoming shares disabled!");
+        }
+
+        if (!isset($notification['sharedSecret'])) {
+            throw new BadRequestException(['sharedSecret']);
+        }
+        $token = $notification['sharedSecret'];
+
+        $qb = $this->connection->getQueryBuilder();
+        $qb->select('*')
+            ->from('share_external')
+            ->where(
+                $qb->expr()->andX(
+                    $qb->expr()->eq('remote_id', $qb->createNamedParameter($id)),
+                    $qb->expr()->eq('share_token', $qb->createNamedParameter($token))
+                )
+            );
+
+        $result = $qb->execute();
+        $share = $result->fetch();
+        $result->closeCursor();
+
+        if ($token && $id && !empty($share)) {
+            $remote = $this->cleanupRemote($share['remote']);
+
+            $owner = $this->cloudIdManager->getCloudId($share['owner'], $remote);
+            $mountpoint = $share['mountpoint'];
+            $user = $share['user'];
+
+            $qb = $this->connection->getQueryBuilder();
+            $qb->delete('share_external')
+                ->where(
+                    $qb->expr()->andX(
+                        $qb->expr()->eq('remote_id', $qb->createNamedParameter($id)),
+                        $qb->expr()->eq('share_token', $qb->createNamedParameter($token))
+                    )
+                );
+
+            $qb->execute();
+
+            // delete all child in case of a group share
+            $qb = $this->connection->getQueryBuilder();
+            $qb->delete('share_external')
+                ->where($qb->expr()->eq('parent', $qb->createNamedParameter((int)$share['id'])));
+            $qb->execute();
+
+            if ((int)$share['share_type'] === IShare::TYPE_USER) {
+                if ($share['accepted']) {
+                    $path = trim($mountpoint, '/');
+                } else {
+                    $path = trim($share['name'], '/');
+                }
+                $notification = $this->notificationManager->createNotification();
+                $notification->setApp('files_sharing')
+                    ->setUser($share['user'])
+                    ->setObject('remote_share', (int)$share['id']);
+                $this->notificationManager->markProcessed($notification);
+
+                $event = $this->activityManager->generateEvent();
+                $event->setApp('files_sharing')
+                    ->setType('remote_share')
+                    ->setSubject(RemoteShares::SUBJECT_REMOTE_SHARE_UNSHARED, [$owner->getId(), $path])
+                    ->setAffectedUser($user)
+                    ->setObject('remote_share', (int)$share['id'], $path);
+                \OC::$server->getActivityManager()->publish($event);
+            }
+        }
+
+        return [];
+    }
+
+    private function cleanupRemote($remote) {
+        $remote = substr($remote, strpos($remote, '://') + 3);
+
+        return rtrim($remote, '/');
+    }
+
+    /**
+     * recipient of a share request to re-share the file with another user
+     *
+     * @param string $id
+     * @param array $notification
+     * @return array
+     * @throws AuthenticationFailedException
+     * @throws BadRequestException
+     * @throws ProviderCouldNotAddShareException
+     * @throws ShareNotFound
+     */
+    protected function reshareRequested($id, array $notification) {
+        if (!isset($notification['sharedSecret'])) {
+            throw new BadRequestException(['sharedSecret']);
+        }
+        $token = $notification['sharedSecret'];
+
+        if (!isset($notification['shareWith'])) {
+            throw new BadRequestException(['shareWith']);
+        }
+        $shareWith = $notification['shareWith'];
+
+        if (!isset($notification['senderId'])) {
+            throw new BadRequestException(['senderId']);
+        }
+        $senderId = $notification['senderId'];
+
+        $share = $this->federatedShareProvider->getShareById($id);
+
+        // We have to respect the default share permissions
+        $permissions = $share->getPermissions() & (int)$this->config->getAppValue('core', 'shareapi_default_permissions', (string)Constants::PERMISSION_ALL);
+        $share->setPermissions($permissions);
+
+        // don't allow to share a file back to the owner
+        try {
+            [$user, $remote] = $this->addressHandler->splitUserRemote($shareWith);
+            $owner = $share->getShareOwner();
+            $currentServer = $this->addressHandler->generateRemoteURL();
+            if ($this->addressHandler->compareAddresses($user, $remote, $owner, $currentServer)) {
+                throw new ProviderCouldNotAddShareException('Resharing back to the owner is not allowed: ' . $id);
+            }
+        } catch (\Exception $e) {
+            throw new ProviderCouldNotAddShareException($e->getMessage());
+        }
+
+        $this->verifyShare($share, $token);
+
+        // check if re-sharing is allowed
+        if ($share->getPermissions() & Constants::PERMISSION_SHARE) {
+            // the recipient of the initial share is now the initiator for the re-share
+            $share->setSharedBy($share->getSharedWith());
+            $share->setSharedWith($shareWith);
+            $result = $this->federatedShareProvider->create($share);
+            $this->federatedShareProvider->storeRemoteId((int)$result->getId(), $senderId);
+            return ['token' => $result->getToken(), 'providerId' => $result->getId()];
+        } else {
+            throw new ProviderCouldNotAddShareException('resharing not allowed for share: ' . $id);
+        }
+    }
+
+    /**
+     * update permission of a re-share so that the share dialog shows the right
+     * permission if the owner or the sender changes the permission
+     *
+     * @param string $id
+     * @param array $notification
+     * @return array
+     * @throws AuthenticationFailedException
+     * @throws BadRequestException
+     */
+    protected function updateResharePermissions($id, array $notification) {
+        throw new HintException('Updating reshares not allowed');
+    }
+
+    /**
+     * translate OCM Permissions to Nextcloud permissions
+     *
+     * @param array $ocmPermissions
+     * @return int
+     * @throws BadRequestException
+     */
+    protected function ocmPermissions2ncPermissions(array $ocmPermissions) {
+        $ncPermissions = 0;
+        foreach ($ocmPermissions as $permission) {
+            switch (strtolower($permission)) {
+                case 'read':
+                    $ncPermissions += Constants::PERMISSION_READ;
+                    break;
+                case 'write':
+                    $ncPermissions += Constants::PERMISSION_CREATE + Constants::PERMISSION_UPDATE;
+                    break;
+                case 'share':
+                    $ncPermissions += Constants::PERMISSION_SHARE;
+                    break;
+                default:
+                    throw new BadRequestException(['permission']);
+            }
+        }
+
+        return $ncPermissions;
+    }
+
+    /**
+     * update permissions in database
+     *
+     * @param IShare $share
+     * @param int $permissions
+     */
+    protected function updatePermissionsInDatabase(IShare $share, $permissions) {
+        $query = $this->connection->getQueryBuilder();
+        $query->update('share')
+            ->where($query->expr()->eq('id', $query->createNamedParameter($share->getId())))
+            ->set('permissions', $query->createNamedParameter($permissions))
+            ->execute();
+    }
+
+
+    /**
+     * get file
+     *
+     * @param string $user
+     * @param int $fileSource
+     * @return array with internal path of the file and a absolute link to it
+     */
+    private function getFile($user, $fileSource) {
+        \OC_Util::setupFS($user);
+
+        try {
+            $file = Filesystem::getPath($fileSource);
+        } catch (NotFoundException $e) {
+            $file = null;
+        }
+        $args = Filesystem::is_dir($file) ? ['dir' => $file] : ['dir' => dirname($file), 'scrollto' => $file];
+        $link = Util::linkToAbsolute('files', 'index.php', $args);
+
+        return [$file, $link];
+    }
+
+    /**
+     * check if we are the initiator or the owner of a re-share and return the correct UID
+     *
+     * @param IShare $share
+     * @return string
+     */
+    protected function getCorrectUid(IShare $share) {
+        if ($this->userManager->userExists($share->getShareOwner())) {
+            return $share->getShareOwner();
+        }
+
+        return $share->getSharedBy();
+    }
+
+
+
+    /**
+     * check if we got the right share
+     *
+     * @param IShare $share
+     * @param string $token
+     * @return bool
+     * @throws AuthenticationFailedException
+     */
+    protected function verifyShare(IShare $share, $token) {
+        if (
+            $share->getShareType() === IShare::TYPE_REMOTE &&
+            $share->getToken() === $token
+        ) {
+            return true;
+        }
+
+        if ($share->getShareType() === IShare::TYPE_CIRCLE) {
+            try {
+                $knownShare = $this->shareManager->getShareByToken($token);
+                if ($knownShare->getId() === $share->getId()) {
+                    return true;
+                }
+            } catch (ShareNotFound $e) {
+            }
+        }
+
+        throw new AuthenticationFailedException();
+    }
+
+
+
+    /**
+     * check if server-to-server sharing is enabled
+     *
+     * @param bool $incoming
+     * @return bool
+     */
+    private function isS2SEnabled($incoming = false) {
+        $result = $this->appManager->isEnabledForUser('files_sharing');
+
+        if ($incoming) {
+            $result = $result && $this->federatedShareProvider->isIncomingServer2serverShareEnabled();
+        } else {
+            $result = $result && $this->federatedShareProvider->isOutgoingServer2serverShareEnabled();
+        }
+
+        return $result;
+    }
+
+
+    /**
+     * get the supported share types, e.g. "user", "group", etc.
+     *
+     * @return array
+     *
+     * @since 14.0.0
+     */
+    public function getSupportedShareTypes() {
+        return ['user', 'group'];
+    }
 }

Please login to merge, or discard this patch.

nextcloud / server

Push — master ( bb40e6...385330 )

Status

Category

Indentation +400 added lines, -400 removed lines patch added patch discarded remove patch

Indentation +429 added lines, -429 removed lines patch added patch discarded remove patch

Indentation +1076 added lines, -1076 removed lines patch added patch discarded remove patch

Indentation +769 added lines, -769 removed lines patch added patch discarded remove patch