nextcloud /
server
@@ -39,24 +39,24 @@ discard block |
||
| 39 | 39 | |
| 40 | 40 | // Backends |
| 41 | 41 | $authBackend = new OCA\DAV\Connector\PublicAuth( |
| 42 | - \OC::$server->getRequest(), |
|
| 43 | - \OC::$server->getShareManager(), |
|
| 44 | - \OC::$server->getSession(), |
|
| 45 | - \OC::$server->getBruteForceThrottler() |
|
| 42 | + \OC::$server->getRequest(), |
|
| 43 | + \OC::$server->getShareManager(), |
|
| 44 | + \OC::$server->getSession(), |
|
| 45 | + \OC::$server->getBruteForceThrottler() |
|
| 46 | 46 | ); |
| 47 | 47 | $authPlugin = new \Sabre\DAV\Auth\Plugin($authBackend); |
| 48 | 48 | |
| 49 | 49 | $serverFactory = new OCA\DAV\Connector\Sabre\ServerFactory( |
| 50 | - \OC::$server->getConfig(), |
|
| 51 | - \OC::$server->getLogger(), |
|
| 52 | - \OC::$server->getDatabaseConnection(), |
|
| 53 | - \OC::$server->getUserSession(), |
|
| 54 | - \OC::$server->getMountManager(), |
|
| 55 | - \OC::$server->getTagManager(), |
|
| 56 | - \OC::$server->getRequest(), |
|
| 57 | - \OC::$server->getPreviewManager(), |
|
| 58 | - \OC::$server->getEventDispatcher(), |
|
| 59 | - \OC::$server->getL10N('dav') |
|
| 50 | + \OC::$server->getConfig(), |
|
| 51 | + \OC::$server->getLogger(), |
|
| 52 | + \OC::$server->getDatabaseConnection(), |
|
| 53 | + \OC::$server->getUserSession(), |
|
| 54 | + \OC::$server->getMountManager(), |
|
| 55 | + \OC::$server->getTagManager(), |
|
| 56 | + \OC::$server->getRequest(), |
|
| 57 | + \OC::$server->getPreviewManager(), |
|
| 58 | + \OC::$server->getEventDispatcher(), |
|
| 59 | + \OC::$server->getL10N('dav') |
|
| 60 | 60 | ); |
| 61 | 61 | |
| 62 | 62 | $requestUri = \OC::$server->getRequest()->getRequestUri(); |
@@ -65,45 +65,45 @@ discard block |
||
| 65 | 65 | $filesDropPlugin = new \OCA\DAV\Files\Sharing\FilesDropPlugin(); |
| 66 | 66 | |
| 67 | 67 | $server = $serverFactory->createServer($baseuri, $requestUri, $authPlugin, function (\Sabre\DAV\Server $server) use ($authBackend, $linkCheckPlugin, $filesDropPlugin) { |
| 68 | - $isAjax = (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] === 'XMLHttpRequest'); |
|
| 69 | - /** @var \OCA\FederatedFileSharing\FederatedShareProvider $shareProvider */ |
|
| 70 | - $federatedShareProvider = \OC::$server->query(\OCA\FederatedFileSharing\FederatedShareProvider::class); |
|
| 71 | - if ($federatedShareProvider->isOutgoingServer2serverShareEnabled() === false && !$isAjax) { |
|
| 72 | - // this is what is thrown when trying to access a non-existing share |
|
| 73 | - throw new \Sabre\DAV\Exception\NotAuthenticated(); |
|
| 74 | - } |
|
| 68 | + $isAjax = (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] === 'XMLHttpRequest'); |
|
| 69 | + /** @var \OCA\FederatedFileSharing\FederatedShareProvider $shareProvider */ |
|
| 70 | + $federatedShareProvider = \OC::$server->query(\OCA\FederatedFileSharing\FederatedShareProvider::class); |
|
| 71 | + if ($federatedShareProvider->isOutgoingServer2serverShareEnabled() === false && !$isAjax) { |
|
| 72 | + // this is what is thrown when trying to access a non-existing share |
|
| 73 | + throw new \Sabre\DAV\Exception\NotAuthenticated(); |
|
| 74 | + } |
|
| 75 | 75 | |
| 76 | - $share = $authBackend->getShare(); |
|
| 77 | - $owner = $share->getShareOwner(); |
|
| 78 | - $isReadable = $share->getPermissions() & \OCP\Constants::PERMISSION_READ; |
|
| 79 | - $fileId = $share->getNodeId(); |
|
| 76 | + $share = $authBackend->getShare(); |
|
| 77 | + $owner = $share->getShareOwner(); |
|
| 78 | + $isReadable = $share->getPermissions() & \OCP\Constants::PERMISSION_READ; |
|
| 79 | + $fileId = $share->getNodeId(); |
|
| 80 | 80 | |
| 81 | - // FIXME: should not add storage wrappers outside of preSetup, need to find a better way |
|
| 82 | - $previousLog = \OC\Files\Filesystem::logWarningWhenAddingStorageWrapper(false); |
|
| 83 | - \OC\Files\Filesystem::addStorageWrapper('sharePermissions', function ($mountPoint, $storage) use ($share) { |
|
| 84 | - return new \OC\Files\Storage\Wrapper\PermissionsMask(['storage' => $storage, 'mask' => $share->getPermissions() | \OCP\Constants::PERMISSION_SHARE]); |
|
| 85 | - }); |
|
| 86 | - \OC\Files\Filesystem::addStorageWrapper('shareOwner', function ($mountPoint, $storage) use ($share) { |
|
| 87 | - return new \OCA\DAV\Storage\PublicOwnerWrapper(['storage' => $storage, 'owner' => $share->getShareOwner()]); |
|
| 88 | - }); |
|
| 89 | - \OC\Files\Filesystem::logWarningWhenAddingStorageWrapper($previousLog); |
|
| 81 | + // FIXME: should not add storage wrappers outside of preSetup, need to find a better way |
|
| 82 | + $previousLog = \OC\Files\Filesystem::logWarningWhenAddingStorageWrapper(false); |
|
| 83 | + \OC\Files\Filesystem::addStorageWrapper('sharePermissions', function ($mountPoint, $storage) use ($share) { |
|
| 84 | + return new \OC\Files\Storage\Wrapper\PermissionsMask(['storage' => $storage, 'mask' => $share->getPermissions() | \OCP\Constants::PERMISSION_SHARE]); |
|
| 85 | + }); |
|
| 86 | + \OC\Files\Filesystem::addStorageWrapper('shareOwner', function ($mountPoint, $storage) use ($share) { |
|
| 87 | + return new \OCA\DAV\Storage\PublicOwnerWrapper(['storage' => $storage, 'owner' => $share->getShareOwner()]); |
|
| 88 | + }); |
|
| 89 | + \OC\Files\Filesystem::logWarningWhenAddingStorageWrapper($previousLog); |
|
| 90 | 90 | |
| 91 | - OC_Util::tearDownFS(); |
|
| 92 | - OC_Util::setupFS($owner); |
|
| 93 | - $ownerView = new \OC\Files\View('/'. $owner . '/files'); |
|
| 94 | - $path = $ownerView->getPath($fileId); |
|
| 95 | - $fileInfo = $ownerView->getFileInfo($path); |
|
| 96 | - $linkCheckPlugin->setFileInfo($fileInfo); |
|
| 91 | + OC_Util::tearDownFS(); |
|
| 92 | + OC_Util::setupFS($owner); |
|
| 93 | + $ownerView = new \OC\Files\View('/'. $owner . '/files'); |
|
| 94 | + $path = $ownerView->getPath($fileId); |
|
| 95 | + $fileInfo = $ownerView->getFileInfo($path); |
|
| 96 | + $linkCheckPlugin->setFileInfo($fileInfo); |
|
| 97 | 97 | |
| 98 | - // If not readble (files_drop) enable the filesdrop plugin |
|
| 99 | - if (!$isReadable) { |
|
| 100 | - $filesDropPlugin->enable(); |
|
| 101 | - } |
|
| 98 | + // If not readble (files_drop) enable the filesdrop plugin |
|
| 99 | + if (!$isReadable) { |
|
| 100 | + $filesDropPlugin->enable(); |
|
| 101 | + } |
|
| 102 | 102 | |
| 103 | - $view = new \OC\Files\View($ownerView->getAbsolutePath($path)); |
|
| 104 | - $filesDropPlugin->setView($view); |
|
| 103 | + $view = new \OC\Files\View($ownerView->getAbsolutePath($path)); |
|
| 104 | + $filesDropPlugin->setView($view); |
|
| 105 | 105 | |
| 106 | - return $view; |
|
| 106 | + return $view; |
|
| 107 | 107 | }); |
| 108 | 108 | |
| 109 | 109 | $server->addPlugin($linkCheckPlugin); |
@@ -43,105 +43,105 @@ |
||
| 43 | 43 | * @package OCA\DAV\Connector |
| 44 | 44 | */ |
| 45 | 45 | class PublicAuth extends AbstractBasic { |
| 46 | - private const BRUTEFORCE_ACTION = 'public_webdav_auth'; |
|
| 47 | - |
|
| 48 | - /** @var \OCP\Share\IShare */ |
|
| 49 | - private $share; |
|
| 50 | - |
|
| 51 | - /** @var IManager */ |
|
| 52 | - private $shareManager; |
|
| 53 | - |
|
| 54 | - /** @var ISession */ |
|
| 55 | - private $session; |
|
| 56 | - |
|
| 57 | - /** @var IRequest */ |
|
| 58 | - private $request; |
|
| 59 | - |
|
| 60 | - /** @var Throttler */ |
|
| 61 | - private $throttler; |
|
| 62 | - |
|
| 63 | - /** |
|
| 64 | - * @param IRequest $request |
|
| 65 | - * @param IManager $shareManager |
|
| 66 | - * @param ISession $session |
|
| 67 | - * @param Throttler $throttler |
|
| 68 | - */ |
|
| 69 | - public function __construct(IRequest $request, |
|
| 70 | - IManager $shareManager, |
|
| 71 | - ISession $session, |
|
| 72 | - Throttler $throttler) { |
|
| 73 | - $this->request = $request; |
|
| 74 | - $this->shareManager = $shareManager; |
|
| 75 | - $this->session = $session; |
|
| 76 | - $this->throttler = $throttler; |
|
| 77 | - |
|
| 78 | - // setup realm |
|
| 79 | - $defaults = new \OCP\Defaults(); |
|
| 80 | - $this->realm = $defaults->getName(); |
|
| 81 | - } |
|
| 82 | - |
|
| 83 | - /** |
|
| 84 | - * Validates a username and password |
|
| 85 | - * |
|
| 86 | - * This method should return true or false depending on if login |
|
| 87 | - * succeeded. |
|
| 88 | - * |
|
| 89 | - * @param string $username |
|
| 90 | - * @param string $password |
|
| 91 | - * |
|
| 92 | - * @return bool |
|
| 93 | - * @throws \Sabre\DAV\Exception\NotAuthenticated |
|
| 94 | - */ |
|
| 95 | - protected function validateUserPass($username, $password) { |
|
| 96 | - $this->throttler->sleepDelayOrThrowOnMax($this->request->getRemoteAddress(), self::BRUTEFORCE_ACTION); |
|
| 97 | - |
|
| 98 | - try { |
|
| 99 | - $share = $this->shareManager->getShareByToken($username); |
|
| 100 | - } catch (ShareNotFound $e) { |
|
| 101 | - $this->throttler->registerAttempt(self::BRUTEFORCE_ACTION, $this->request->getRemoteAddress()); |
|
| 102 | - return false; |
|
| 103 | - } |
|
| 104 | - |
|
| 105 | - $this->share = $share; |
|
| 106 | - |
|
| 107 | - \OC_User::setIncognitoMode(true); |
|
| 108 | - |
|
| 109 | - // check if the share is password protected |
|
| 110 | - if ($share->getPassword() !== null) { |
|
| 111 | - if ($share->getShareType() === IShare::TYPE_LINK |
|
| 112 | - || $share->getShareType() === IShare::TYPE_EMAIL |
|
| 113 | - || $share->getShareType() === IShare::TYPE_CIRCLE) { |
|
| 114 | - if ($this->shareManager->checkPassword($share, $password)) { |
|
| 115 | - return true; |
|
| 116 | - } elseif ($this->session->exists('public_link_authenticated') |
|
| 117 | - && $this->session->get('public_link_authenticated') === (string)$share->getId()) { |
|
| 118 | - return true; |
|
| 119 | - } else { |
|
| 120 | - if (in_array('XMLHttpRequest', explode(',', $this->request->getHeader('X-Requested-With')))) { |
|
| 121 | - // do not re-authenticate over ajax, use dummy auth name to prevent browser popup |
|
| 122 | - http_response_code(401); |
|
| 123 | - header('WWW-Authenticate: DummyBasic realm="' . $this->realm . '"'); |
|
| 124 | - throw new \Sabre\DAV\Exception\NotAuthenticated('Cannot authenticate over ajax calls'); |
|
| 125 | - } |
|
| 126 | - |
|
| 127 | - $this->throttler->registerAttempt(self::BRUTEFORCE_ACTION, $this->request->getRemoteAddress()); |
|
| 128 | - return false; |
|
| 129 | - } |
|
| 130 | - } elseif ($share->getShareType() === IShare::TYPE_REMOTE) { |
|
| 131 | - return true; |
|
| 132 | - } else { |
|
| 133 | - $this->throttler->registerAttempt(self::BRUTEFORCE_ACTION, $this->request->getRemoteAddress()); |
|
| 134 | - return false; |
|
| 135 | - } |
|
| 136 | - } else { |
|
| 137 | - return true; |
|
| 138 | - } |
|
| 139 | - } |
|
| 140 | - |
|
| 141 | - /** |
|
| 142 | - * @return \OCP\Share\IShare |
|
| 143 | - */ |
|
| 144 | - public function getShare() { |
|
| 145 | - return $this->share; |
|
| 146 | - } |
|
| 46 | + private const BRUTEFORCE_ACTION = 'public_webdav_auth'; |
|
| 47 | + |
|
| 48 | + /** @var \OCP\Share\IShare */ |
|
| 49 | + private $share; |
|
| 50 | + |
|
| 51 | + /** @var IManager */ |
|
| 52 | + private $shareManager; |
|
| 53 | + |
|
| 54 | + /** @var ISession */ |
|
| 55 | + private $session; |
|
| 56 | + |
|
| 57 | + /** @var IRequest */ |
|
| 58 | + private $request; |
|
| 59 | + |
|
| 60 | + /** @var Throttler */ |
|
| 61 | + private $throttler; |
|
| 62 | + |
|
| 63 | + /** |
|
| 64 | + * @param IRequest $request |
|
| 65 | + * @param IManager $shareManager |
|
| 66 | + * @param ISession $session |
|
| 67 | + * @param Throttler $throttler |
|
| 68 | + */ |
|
| 69 | + public function __construct(IRequest $request, |
|
| 70 | + IManager $shareManager, |
|
| 71 | + ISession $session, |
|
| 72 | + Throttler $throttler) { |
|
| 73 | + $this->request = $request; |
|
| 74 | + $this->shareManager = $shareManager; |
|
| 75 | + $this->session = $session; |
|
| 76 | + $this->throttler = $throttler; |
|
| 77 | + |
|
| 78 | + // setup realm |
|
| 79 | + $defaults = new \OCP\Defaults(); |
|
| 80 | + $this->realm = $defaults->getName(); |
|
| 81 | + } |
|
| 82 | + |
|
| 83 | + /** |
|
| 84 | + * Validates a username and password |
|
| 85 | + * |
|
| 86 | + * This method should return true or false depending on if login |
|
| 87 | + * succeeded. |
|
| 88 | + * |
|
| 89 | + * @param string $username |
|
| 90 | + * @param string $password |
|
| 91 | + * |
|
| 92 | + * @return bool |
|
| 93 | + * @throws \Sabre\DAV\Exception\NotAuthenticated |
|
| 94 | + */ |
|
| 95 | + protected function validateUserPass($username, $password) { |
|
| 96 | + $this->throttler->sleepDelayOrThrowOnMax($this->request->getRemoteAddress(), self::BRUTEFORCE_ACTION); |
|
| 97 | + |
|
| 98 | + try { |
|
| 99 | + $share = $this->shareManager->getShareByToken($username); |
|
| 100 | + } catch (ShareNotFound $e) { |
|
| 101 | + $this->throttler->registerAttempt(self::BRUTEFORCE_ACTION, $this->request->getRemoteAddress()); |
|
| 102 | + return false; |
|
| 103 | + } |
|
| 104 | + |
|
| 105 | + $this->share = $share; |
|
| 106 | + |
|
| 107 | + \OC_User::setIncognitoMode(true); |
|
| 108 | + |
|
| 109 | + // check if the share is password protected |
|
| 110 | + if ($share->getPassword() !== null) { |
|
| 111 | + if ($share->getShareType() === IShare::TYPE_LINK |
|
| 112 | + || $share->getShareType() === IShare::TYPE_EMAIL |
|
| 113 | + || $share->getShareType() === IShare::TYPE_CIRCLE) { |
|
| 114 | + if ($this->shareManager->checkPassword($share, $password)) { |
|
| 115 | + return true; |
|
| 116 | + } elseif ($this->session->exists('public_link_authenticated') |
|
| 117 | + && $this->session->get('public_link_authenticated') === (string)$share->getId()) { |
|
| 118 | + return true; |
|
| 119 | + } else { |
|
| 120 | + if (in_array('XMLHttpRequest', explode(',', $this->request->getHeader('X-Requested-With')))) { |
|
| 121 | + // do not re-authenticate over ajax, use dummy auth name to prevent browser popup |
|
| 122 | + http_response_code(401); |
|
| 123 | + header('WWW-Authenticate: DummyBasic realm="' . $this->realm . '"'); |
|
| 124 | + throw new \Sabre\DAV\Exception\NotAuthenticated('Cannot authenticate over ajax calls'); |
|
| 125 | + } |
|
| 126 | + |
|
| 127 | + $this->throttler->registerAttempt(self::BRUTEFORCE_ACTION, $this->request->getRemoteAddress()); |
|
| 128 | + return false; |
|
| 129 | + } |
|
| 130 | + } elseif ($share->getShareType() === IShare::TYPE_REMOTE) { |
|
| 131 | + return true; |
|
| 132 | + } else { |
|
| 133 | + $this->throttler->registerAttempt(self::BRUTEFORCE_ACTION, $this->request->getRemoteAddress()); |
|
| 134 | + return false; |
|
| 135 | + } |
|
| 136 | + } else { |
|
| 137 | + return true; |
|
| 138 | + } |
|
| 139 | + } |
|
| 140 | + |
|
| 141 | + /** |
|
| 142 | + * @return \OCP\Share\IShare |
|
| 143 | + */ |
|
| 144 | + public function getShare() { |
|
| 145 | + return $this->share; |
|
| 146 | + } |
|
| 147 | 147 | } |
@@ -114,13 +114,13 @@ |
||
| 114 | 114 | if ($this->shareManager->checkPassword($share, $password)) { |
| 115 | 115 | return true; |
| 116 | 116 | } elseif ($this->session->exists('public_link_authenticated') |
| 117 | - && $this->session->get('public_link_authenticated') === (string)$share->getId()) { |
|
| 117 | + && $this->session->get('public_link_authenticated') === (string) $share->getId()) { |
|
| 118 | 118 | return true; |
| 119 | 119 | } else { |
| 120 | 120 | if (in_array('XMLHttpRequest', explode(',', $this->request->getHeader('X-Requested-With')))) { |
| 121 | 121 | // do not re-authenticate over ajax, use dummy auth name to prevent browser popup |
| 122 | 122 | http_response_code(401); |
| 123 | - header('WWW-Authenticate: DummyBasic realm="' . $this->realm . '"'); |
|
| 123 | + header('WWW-Authenticate: DummyBasic realm="'.$this->realm.'"'); |
|
| 124 | 124 | throw new \Sabre\DAV\Exception\NotAuthenticated('Cannot authenticate over ajax calls'); |
| 125 | 125 | } |
| 126 | 126 | |
