nextcloud / server

lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php

Doc Comments +1 added lines, -1 removed lines

@@ -105,7 +105,7 @@
 	 * @param IUserSession $userSession
 	 * @param bool $isAdminUser
 	 * @param ContentSecurityPolicyManager $contentSecurityPolicyManager
-	 * @param CSRFTokenManager $csrfTokenManager
+	 * @param CsrfTokenManager $csrfTokenManager
 	 * @param ContentSecurityPolicyNonceManager $cspNonceManager
 	 * @param Throttler $throttler
 	 * @param Limiter $limiter

Indentation +215 added lines, -215 removed lines

@@ -65,243 +65,243 @@
  * check fails
  */
 class SecurityMiddleware extends Middleware {
-	/** @var INavigationManager */
-	private $navigationManager;
-	/** @var IRequest */
-	private $request;
-	/** @var ControllerMethodReflector */
-	private $reflector;
-	/** @var string */
-	private $appName;
-	/** @var IURLGenerator */
-	private $urlGenerator;
-	/** @var ILogger */
-	private $logger;
-	/** @var ISession */
-	private $session;
-	/** @var IUserSession */
-	private $userSession;
-	/** @var bool */
-	private $isAdminUser;
-	/** @var ContentSecurityPolicyManager */
-	private $contentSecurityPolicyManager;
-	/** @var CsrfTokenManager */
-	private $csrfTokenManager;
-	/** @var ContentSecurityPolicyNonceManager */
-	private $cspNonceManager;
-	/** @var Throttler */
-	private $throttler;
-	/** @var Limiter */
-	private $limiter;
+    /** @var INavigationManager */
+    private $navigationManager;
+    /** @var IRequest */
+    private $request;
+    /** @var ControllerMethodReflector */
+    private $reflector;
+    /** @var string */
+    private $appName;
+    /** @var IURLGenerator */
+    private $urlGenerator;
+    /** @var ILogger */
+    private $logger;
+    /** @var ISession */
+    private $session;
+    /** @var IUserSession */
+    private $userSession;
+    /** @var bool */
+    private $isAdminUser;
+    /** @var ContentSecurityPolicyManager */
+    private $contentSecurityPolicyManager;
+    /** @var CsrfTokenManager */
+    private $csrfTokenManager;
+    /** @var ContentSecurityPolicyNonceManager */
+    private $cspNonceManager;
+    /** @var Throttler */
+    private $throttler;
+    /** @var Limiter */
+    private $limiter;
 
-	/**
-	 * @param IRequest $request
-	 * @param ControllerMethodReflector $reflector
-	 * @param INavigationManager $navigationManager
-	 * @param IURLGenerator $urlGenerator
-	 * @param ILogger $logger
-	 * @param ISession $session
-	 * @param string $appName
-	 * @param IUserSession $userSession
-	 * @param bool $isAdminUser
-	 * @param ContentSecurityPolicyManager $contentSecurityPolicyManager
-	 * @param CSRFTokenManager $csrfTokenManager
-	 * @param ContentSecurityPolicyNonceManager $cspNonceManager
-	 * @param Throttler $throttler
-	 * @param Limiter $limiter
-	 */
-	public function __construct(IRequest $request,
-								ControllerMethodReflector $reflector,
-								INavigationManager $navigationManager,
-								IURLGenerator $urlGenerator,
-								ILogger $logger,
-								ISession $session,
-								$appName,
-								IUserSession $userSession,
-								$isAdminUser,
-								ContentSecurityPolicyManager $contentSecurityPolicyManager,
-								CsrfTokenManager $csrfTokenManager,
-								ContentSecurityPolicyNonceManager $cspNonceManager,
-								Throttler $throttler,
-								Limiter $limiter) {
-		$this->navigationManager = $navigationManager;
-		$this->request = $request;
-		$this->reflector = $reflector;
-		$this->appName = $appName;
-		$this->urlGenerator = $urlGenerator;
-		$this->logger = $logger;
-		$this->session = $session;
-		$this->userSession = $userSession;
-		$this->isAdminUser = $isAdminUser;
-		$this->contentSecurityPolicyManager = $contentSecurityPolicyManager;
-		$this->csrfTokenManager = $csrfTokenManager;
-		$this->cspNonceManager = $cspNonceManager;
-		$this->throttler = $throttler;
-		$this->limiter = $limiter;
-	}
+    /**
+     * @param IRequest $request
+     * @param ControllerMethodReflector $reflector
+     * @param INavigationManager $navigationManager
+     * @param IURLGenerator $urlGenerator
+     * @param ILogger $logger
+     * @param ISession $session
+     * @param string $appName
+     * @param IUserSession $userSession
+     * @param bool $isAdminUser
+     * @param ContentSecurityPolicyManager $contentSecurityPolicyManager
+     * @param CSRFTokenManager $csrfTokenManager
+     * @param ContentSecurityPolicyNonceManager $cspNonceManager
+     * @param Throttler $throttler
+     * @param Limiter $limiter
+     */
+    public function __construct(IRequest $request,
+                                ControllerMethodReflector $reflector,
+                                INavigationManager $navigationManager,
+                                IURLGenerator $urlGenerator,
+                                ILogger $logger,
+                                ISession $session,
+                                $appName,
+                                IUserSession $userSession,
+                                $isAdminUser,
+                                ContentSecurityPolicyManager $contentSecurityPolicyManager,
+                                CsrfTokenManager $csrfTokenManager,
+                                ContentSecurityPolicyNonceManager $cspNonceManager,
+                                Throttler $throttler,
+                                Limiter $limiter) {
+        $this->navigationManager = $navigationManager;
+        $this->request = $request;
+        $this->reflector = $reflector;
+        $this->appName = $appName;
+        $this->urlGenerator = $urlGenerator;
+        $this->logger = $logger;
+        $this->session = $session;
+        $this->userSession = $userSession;
+        $this->isAdminUser = $isAdminUser;
+        $this->contentSecurityPolicyManager = $contentSecurityPolicyManager;
+        $this->csrfTokenManager = $csrfTokenManager;
+        $this->cspNonceManager = $cspNonceManager;
+        $this->throttler = $throttler;
+        $this->limiter = $limiter;
+    }
 
-	/**
-	 * This runs all the security checks before a method call. The
-	 * security checks are determined by inspecting the controller method
-	 * annotations
-	 * @param Controller $controller the controller
-	 * @param string $methodName the name of the method
-	 * @throws SecurityException when a security check fails
-	 */
-	public function beforeController($controller, $methodName) {
+    /**
+     * This runs all the security checks before a method call. The
+     * security checks are determined by inspecting the controller method
+     * annotations
+     * @param Controller $controller the controller
+     * @param string $methodName the name of the method
+     * @throws SecurityException when a security check fails
+     */
+    public function beforeController($controller, $methodName) {
 
-		// this will set the current navigation entry of the app, use this only
-		// for normal HTML requests and not for AJAX requests
-		$this->navigationManager->setActiveEntry($this->appName);
+        // this will set the current navigation entry of the app, use this only
+        // for normal HTML requests and not for AJAX requests
+        $this->navigationManager->setActiveEntry($this->appName);
 
-		// security checks
-		$isPublicPage = $this->reflector->hasAnnotation('PublicPage');
-		if(!$isPublicPage) {
-			if(!$this->userSession->isLoggedIn()) {
-				throw new NotLoggedInException();
-			}
+        // security checks
+        $isPublicPage = $this->reflector->hasAnnotation('PublicPage');
+        if(!$isPublicPage) {
+            if(!$this->userSession->isLoggedIn()) {
+                throw new NotLoggedInException();
+            }
 
-			if(!$this->reflector->hasAnnotation('NoAdminRequired')) {
-				if(!$this->isAdminUser) {
-					throw new NotAdminException();
-				}
-			}
-		}
+            if(!$this->reflector->hasAnnotation('NoAdminRequired')) {
+                if(!$this->isAdminUser) {
+                    throw new NotAdminException();
+                }
+            }
+        }
 
-		if ($this->reflector->hasAnnotation('PasswordConfirmationRequired')) {
-			$lastConfirm = (int) $this->session->get('last-password-confirm');
-			if ($lastConfirm < (time() - (30 * 60 + 15))) { // allow 15 seconds delay
-				throw new NotConfirmedException();
-			}
-		}
+        if ($this->reflector->hasAnnotation('PasswordConfirmationRequired')) {
+            $lastConfirm = (int) $this->session->get('last-password-confirm');
+            if ($lastConfirm < (time() - (30 * 60 + 15))) { // allow 15 seconds delay
+                throw new NotConfirmedException();
+            }
+        }
 
-		// Check for strict cookie requirement
-		if($this->reflector->hasAnnotation('StrictCookieRequired') || !$this->reflector->hasAnnotation('NoCSRFRequired')) {
-			if(!$this->request->passesStrictCookieCheck()) {
-				throw new StrictCookieMissingException();
-			}
-		}
-		// CSRF check - also registers the CSRF token since the session may be closed later
-		Util::callRegister();
-		if(!$this->reflector->hasAnnotation('NoCSRFRequired')) {
-			/*
+        // Check for strict cookie requirement
+        if($this->reflector->hasAnnotation('StrictCookieRequired') || !$this->reflector->hasAnnotation('NoCSRFRequired')) {
+            if(!$this->request->passesStrictCookieCheck()) {
+                throw new StrictCookieMissingException();
+            }
+        }
+        // CSRF check - also registers the CSRF token since the session may be closed later
+        Util::callRegister();
+        if(!$this->reflector->hasAnnotation('NoCSRFRequired')) {
+            /*
 			 * Only allow the CSRF check to fail on OCS Requests. This kind of
 			 * hacks around that we have no full token auth in place yet and we
 			 * do want to offer CSRF checks for web requests.
 			 */
-			if(!$this->request->passesCSRFCheck() && !(
-					$controller instanceof OCSController &&
-					$this->request->getHeader('OCS-APIREQUEST') === 'true')) {
-				throw new CrossSiteRequestForgeryException();
-			}
-		}
+            if(!$this->request->passesCSRFCheck() && !(
+                    $controller instanceof OCSController &&
+                    $this->request->getHeader('OCS-APIREQUEST') === 'true')) {
+                throw new CrossSiteRequestForgeryException();
+            }
+        }
 
-		$anonLimit = $this->reflector->getAnnotationParameter('AnonRateThrottle', 'limit');
-		$anonPeriod = $this->reflector->getAnnotationParameter('AnonRateThrottle', 'period');
-		$userLimit = $this->reflector->getAnnotationParameter('UserRateThrottle', 'limit');
-		$userPeriod = $this->reflector->getAnnotationParameter('UserRateThrottle', 'period');
-		$rateLimitIdentifier = get_class($controller) . '::' . $methodName;
-		if($userLimit !== '' && $userPeriod !== '' && $this->userSession->isLoggedIn()) {
-			$this->limiter->registerUserRequest(
-				$rateLimitIdentifier,
-				$userLimit,
-				$userPeriod,
-				$this->userSession->getUser()
-			);
-		} elseif ($anonLimit !== '' && $anonPeriod !== '') {
-			$this->limiter->registerAnonRequest(
-				$rateLimitIdentifier,
-				$anonLimit,
-				$anonPeriod,
-				$this->request->getRemoteAddress()
-			);
-		}
+        $anonLimit = $this->reflector->getAnnotationParameter('AnonRateThrottle', 'limit');
+        $anonPeriod = $this->reflector->getAnnotationParameter('AnonRateThrottle', 'period');
+        $userLimit = $this->reflector->getAnnotationParameter('UserRateThrottle', 'limit');
+        $userPeriod = $this->reflector->getAnnotationParameter('UserRateThrottle', 'period');
+        $rateLimitIdentifier = get_class($controller) . '::' . $methodName;
+        if($userLimit !== '' && $userPeriod !== '' && $this->userSession->isLoggedIn()) {
+            $this->limiter->registerUserRequest(
+                $rateLimitIdentifier,
+                $userLimit,
+                $userPeriod,
+                $this->userSession->getUser()
+            );
+        } elseif ($anonLimit !== '' && $anonPeriod !== '') {
+            $this->limiter->registerAnonRequest(
+                $rateLimitIdentifier,
+                $anonLimit,
+                $anonPeriod,
+                $this->request->getRemoteAddress()
+            );
+        }
 
-		if($this->reflector->hasAnnotation('BruteForceProtection')) {
-			$action = $this->reflector->getAnnotationParameter('BruteForceProtection', 'action');
-			$this->throttler->sleepDelay($this->request->getRemoteAddress(), $action);
-			$this->throttler->registerAttempt($action, $this->request->getRemoteAddress());
-		}
+        if($this->reflector->hasAnnotation('BruteForceProtection')) {
+            $action = $this->reflector->getAnnotationParameter('BruteForceProtection', 'action');
+            $this->throttler->sleepDelay($this->request->getRemoteAddress(), $action);
+            $this->throttler->registerAttempt($action, $this->request->getRemoteAddress());
+        }
 
-		/**
-		 * FIXME: Use DI once available
-		 * Checks if app is enabled (also includes a check whether user is allowed to access the resource)
-		 * The getAppPath() check is here since components such as settings also use the AppFramework and
-		 * therefore won't pass this check.
-		 */
-		if(\OC_App::getAppPath($this->appName) !== false && !\OC_App::isEnabled($this->appName)) {
-			throw new AppNotEnabledException();
-		}
-	}
+        /**
+         * FIXME: Use DI once available
+         * Checks if app is enabled (also includes a check whether user is allowed to access the resource)
+         * The getAppPath() check is here since components such as settings also use the AppFramework and
+         * therefore won't pass this check.
+         */
+        if(\OC_App::getAppPath($this->appName) !== false && !\OC_App::isEnabled($this->appName)) {
+            throw new AppNotEnabledException();
+        }
+    }
 
-	/**
-	 * Performs the default CSP modifications that may be injected by other
-	 * applications
-	 *
-	 * @param Controller $controller
-	 * @param string $methodName
-	 * @param Response $response
-	 * @return Response
-	 */
-	public function afterController($controller, $methodName, Response $response) {
-		$policy = !is_null($response->getContentSecurityPolicy()) ? $response->getContentSecurityPolicy() : new ContentSecurityPolicy();
+    /**
+     * Performs the default CSP modifications that may be injected by other
+     * applications
+     *
+     * @param Controller $controller
+     * @param string $methodName
+     * @param Response $response
+     * @return Response
+     */
+    public function afterController($controller, $methodName, Response $response) {
+        $policy = !is_null($response->getContentSecurityPolicy()) ? $response->getContentSecurityPolicy() : new ContentSecurityPolicy();
 
-		if (get_class($policy) === EmptyContentSecurityPolicy::class) {
-			return $response;
-		}
+        if (get_class($policy) === EmptyContentSecurityPolicy::class) {
+            return $response;
+        }
 
-		$defaultPolicy = $this->contentSecurityPolicyManager->getDefaultPolicy();
-		$defaultPolicy = $this->contentSecurityPolicyManager->mergePolicies($defaultPolicy, $policy);
+        $defaultPolicy = $this->contentSecurityPolicyManager->getDefaultPolicy();
+        $defaultPolicy = $this->contentSecurityPolicyManager->mergePolicies($defaultPolicy, $policy);
 
-		if($this->cspNonceManager->browserSupportsCspV3()) {
-			$defaultPolicy->useJsNonce($this->csrfTokenManager->getToken()->getEncryptedValue());
-		}
+        if($this->cspNonceManager->browserSupportsCspV3()) {
+            $defaultPolicy->useJsNonce($this->csrfTokenManager->getToken()->getEncryptedValue());
+        }
 
-		$response->setContentSecurityPolicy($defaultPolicy);
+        $response->setContentSecurityPolicy($defaultPolicy);
 
-		return $response;
-	}
+        return $response;
+    }
 
-	/**
-	 * If an SecurityException is being caught, ajax requests return a JSON error
-	 * response and non ajax requests redirect to the index
-	 * @param Controller $controller the controller that is being called
-	 * @param string $methodName the name of the method that will be called on
-	 *                           the controller
-	 * @param \Exception $exception the thrown exception
-	 * @throws \Exception the passed in exception if it can't handle it
-	 * @return Response a Response object or null in case that the exception could not be handled
-	 */
-	public function afterException($controller, $methodName, \Exception $exception) {
-		if($exception instanceof SecurityException) {
-			if($exception instanceof StrictCookieMissingException) {
-				return new RedirectResponse(\OC::$WEBROOT);
- 			}
-			if (stripos($this->request->getHeader('Accept'),'html') === false) {
-				$response = new JSONResponse(
-					array('message' => $exception->getMessage()),
-					$exception->getCode()
-				);
-			} else {
-				if($exception instanceof NotLoggedInException) {
-					$url = $this->urlGenerator->linkToRoute(
-						'core.login.showLoginForm',
-						[
-							'redirect_url' => $this->request->server['REQUEST_URI'],
-						]
-					);
-					$response = new RedirectResponse($url);
-				} else {
-					$response = new TemplateResponse('core', '403', ['file' => $exception->getMessage()], 'guest');
-					$response->setStatus($exception->getCode());
-				}
-			}
+    /**
+     * If an SecurityException is being caught, ajax requests return a JSON error
+     * response and non ajax requests redirect to the index
+     * @param Controller $controller the controller that is being called
+     * @param string $methodName the name of the method that will be called on
+     *                           the controller
+     * @param \Exception $exception the thrown exception
+     * @throws \Exception the passed in exception if it can't handle it
+     * @return Response a Response object or null in case that the exception could not be handled
+     */
+    public function afterException($controller, $methodName, \Exception $exception) {
+        if($exception instanceof SecurityException) {
+            if($exception instanceof StrictCookieMissingException) {
+                return new RedirectResponse(\OC::$WEBROOT);
+                }
+            if (stripos($this->request->getHeader('Accept'),'html') === false) {
+                $response = new JSONResponse(
+                    array('message' => $exception->getMessage()),
+                    $exception->getCode()
+                );
+            } else {
+                if($exception instanceof NotLoggedInException) {
+                    $url = $this->urlGenerator->linkToRoute(
+                        'core.login.showLoginForm',
+                        [
+                            'redirect_url' => $this->request->server['REQUEST_URI'],
+                        ]
+                    );
+                    $response = new RedirectResponse($url);
+                } else {
+                    $response = new TemplateResponse('core', '403', ['file' => $exception->getMessage()], 'guest');
+                    $response->setStatus($exception->getCode());
+                }
+            }
 
-			$this->logger->debug($exception->getMessage());
-			return $response;
-		}
+            $this->logger->debug($exception->getMessage());
+            return $response;
+        }
 
-		throw $exception;
-	}
+        throw $exception;
+    }
 
 }

Spacing +17 added lines, -17 removed lines

@@ -156,13 +156,13 @@ 
 
 		// security checks
 		$isPublicPage = $this->reflector->hasAnnotation('PublicPage');
-		if(!$isPublicPage) {
-			if(!$this->userSession->isLoggedIn()) {
+		if (!$isPublicPage) {
+			if (!$this->userSession->isLoggedIn()) {
 				throw new NotLoggedInException();
 			}
 
-			if(!$this->reflector->hasAnnotation('NoAdminRequired')) {
-				if(!$this->isAdminUser) {
+			if (!$this->reflector->hasAnnotation('NoAdminRequired')) {
+				if (!$this->isAdminUser) {
 					throw new NotAdminException();
 				}
 			}
@@ -176,20 +176,20 @@ 
 		}
 
 		// Check for strict cookie requirement
-		if($this->reflector->hasAnnotation('StrictCookieRequired') || !$this->reflector->hasAnnotation('NoCSRFRequired')) {
-			if(!$this->request->passesStrictCookieCheck()) {
+		if ($this->reflector->hasAnnotation('StrictCookieRequired') || !$this->reflector->hasAnnotation('NoCSRFRequired')) {
+			if (!$this->request->passesStrictCookieCheck()) {
 				throw new StrictCookieMissingException();
 			}
 		}
 		// CSRF check - also registers the CSRF token since the session may be closed later
 		Util::callRegister();
-		if(!$this->reflector->hasAnnotation('NoCSRFRequired')) {
+		if (!$this->reflector->hasAnnotation('NoCSRFRequired')) {
 			/*
 			 * Only allow the CSRF check to fail on OCS Requests. This kind of
 			 * hacks around that we have no full token auth in place yet and we
 			 * do want to offer CSRF checks for web requests.
 			 */
-			if(!$this->request->passesCSRFCheck() && !(
+			if (!$this->request->passesCSRFCheck() && !(
 					$controller instanceof OCSController &&
 					$this->request->getHeader('OCS-APIREQUEST') === 'true')) {
 				throw new CrossSiteRequestForgeryException();
@@ -200,8 +200,8 @@ 
 		$anonPeriod = $this->reflector->getAnnotationParameter('AnonRateThrottle', 'period');
 		$userLimit = $this->reflector->getAnnotationParameter('UserRateThrottle', 'limit');
 		$userPeriod = $this->reflector->getAnnotationParameter('UserRateThrottle', 'period');
-		$rateLimitIdentifier = get_class($controller) . '::' . $methodName;
-		if($userLimit !== '' && $userPeriod !== '' && $this->userSession->isLoggedIn()) {
+		$rateLimitIdentifier = get_class($controller).'::'.$methodName;
+		if ($userLimit !== '' && $userPeriod !== '' && $this->userSession->isLoggedIn()) {
 			$this->limiter->registerUserRequest(
 				$rateLimitIdentifier,
 				$userLimit,
@@ -217,7 +217,7 @@ 
 			);
 		}
 
-		if($this->reflector->hasAnnotation('BruteForceProtection')) {
+		if ($this->reflector->hasAnnotation('BruteForceProtection')) {
 			$action = $this->reflector->getAnnotationParameter('BruteForceProtection', 'action');
 			$this->throttler->sleepDelay($this->request->getRemoteAddress(), $action);
 			$this->throttler->registerAttempt($action, $this->request->getRemoteAddress());
@@ -229,7 +229,7 @@ 
 		 * The getAppPath() check is here since components such as settings also use the AppFramework and
 		 * therefore won't pass this check.
 		 */
-		if(\OC_App::getAppPath($this->appName) !== false && !\OC_App::isEnabled($this->appName)) {
+		if (\OC_App::getAppPath($this->appName) !== false && !\OC_App::isEnabled($this->appName)) {
 			throw new AppNotEnabledException();
 		}
 	}
@@ -253,7 +253,7 @@ 
 		$defaultPolicy = $this->contentSecurityPolicyManager->getDefaultPolicy();
 		$defaultPolicy = $this->contentSecurityPolicyManager->mergePolicies($defaultPolicy, $policy);
 
-		if($this->cspNonceManager->browserSupportsCspV3()) {
+		if ($this->cspNonceManager->browserSupportsCspV3()) {
 			$defaultPolicy->useJsNonce($this->csrfTokenManager->getToken()->getEncryptedValue());
 		}
 
@@ -273,17 +273,17 @@ 
 	 * @return Response a Response object or null in case that the exception could not be handled
 	 */
 	public function afterException($controller, $methodName, \Exception $exception) {
-		if($exception instanceof SecurityException) {
-			if($exception instanceof StrictCookieMissingException) {
+		if ($exception instanceof SecurityException) {
+			if ($exception instanceof StrictCookieMissingException) {
 				return new RedirectResponse(\OC::$WEBROOT);
  			}
-			if (stripos($this->request->getHeader('Accept'),'html') === false) {
+			if (stripos($this->request->getHeader('Accept'), 'html') === false) {
 				$response = new JSONResponse(
 					array('message' => $exception->getMessage()),
 					$exception->getCode()
 				);
 			} else {
-				if($exception instanceof NotLoggedInException) {
+				if ($exception instanceof NotLoggedInException) {
 					$url = $this->urlGenerator->linkToRoute(
 						'core.login.showLoginForm',
 						[

lib/private/AppFramework/Utility/ControllerMethodReflector.php

Doc Comments +1 added lines, -1 removed lines

@@ -37,7 +37,7 @@
 	private $parameters = [];
 
 	/**
-	 * @param object $object an object or classname
+	 * @param \OCP\AppFramework\Controller $object an object or classname
 	 * @param string $method the method which we want to inspect
 	 */
 	public function reflect($object, $method){

Indentation +87 added lines, -87 removed lines

@@ -32,102 +32,102 @@
  * Reads and parses annotations from doc comments
  */
 class ControllerMethodReflector implements IControllerMethodReflector {
-	public $annotations = [];
-	private $types = [];
-	private $parameters = [];
+    public $annotations = [];
+    private $types = [];
+    private $parameters = [];
 
-	/**
-	 * @param object $object an object or classname
-	 * @param string $method the method which we want to inspect
-	 */
-	public function reflect($object, $method){
-		$reflection = new \ReflectionMethod($object, $method);
-		$docs = $reflection->getDocComment();
+    /**
+     * @param object $object an object or classname
+     * @param string $method the method which we want to inspect
+     */
+    public function reflect($object, $method){
+        $reflection = new \ReflectionMethod($object, $method);
+        $docs = $reflection->getDocComment();
 
-		// extract everything prefixed by @ and first letter uppercase
-		preg_match_all('/^\h+\*\h+@(?P<annotation>[A-Z]\w+)((?P<parameter>.*))?$/m', $docs, $matches);
-		foreach($matches['annotation'] as $key => $annontation) {
-			$annotationValue = $matches['parameter'][$key];
-			if(isset($annotationValue[0]) && $annotationValue[0] === '(' && $annotationValue[strlen($annotationValue) - 1] === ')') {
-				$cutString = substr($annotationValue, 1, -1);
-				$cutString = str_replace(' ', '', $cutString);
-				$splittedArray = explode(',', $cutString);
-				foreach($splittedArray as $annotationValues) {
-					list($key, $value) = explode('=', $annotationValues);
-					$this->annotations[$annontation][$key] = $value;
-				}
-				continue;
-			}
+        // extract everything prefixed by @ and first letter uppercase
+        preg_match_all('/^\h+\*\h+@(?P<annotation>[A-Z]\w+)((?P<parameter>.*))?$/m', $docs, $matches);
+        foreach($matches['annotation'] as $key => $annontation) {
+            $annotationValue = $matches['parameter'][$key];
+            if(isset($annotationValue[0]) && $annotationValue[0] === '(' && $annotationValue[strlen($annotationValue) - 1] === ')') {
+                $cutString = substr($annotationValue, 1, -1);
+                $cutString = str_replace(' ', '', $cutString);
+                $splittedArray = explode(',', $cutString);
+                foreach($splittedArray as $annotationValues) {
+                    list($key, $value) = explode('=', $annotationValues);
+                    $this->annotations[$annontation][$key] = $value;
+                }
+                continue;
+            }
 
-			$this->annotations[$annontation] = [$annotationValue];
-		}
+            $this->annotations[$annontation] = [$annotationValue];
+        }
 
-		// extract type parameter information
-		preg_match_all('/@param\h+(?P<type>\w+)\h+\$(?P<var>\w+)/', $docs, $matches);
-		$this->types = array_combine($matches['var'], $matches['type']);
+        // extract type parameter information
+        preg_match_all('/@param\h+(?P<type>\w+)\h+\$(?P<var>\w+)/', $docs, $matches);
+        $this->types = array_combine($matches['var'], $matches['type']);
 
-		foreach ($reflection->getParameters() as $param) {
-			// extract type information from PHP 7 scalar types and prefer them
-			// over phpdoc annotations
-			if (method_exists($param, 'getType')) {
-				$type = $param->getType();
-				if ($type !== null) {
-					$this->types[$param->getName()] = (string) $type;
-				}
-			}
+        foreach ($reflection->getParameters() as $param) {
+            // extract type information from PHP 7 scalar types and prefer them
+            // over phpdoc annotations
+            if (method_exists($param, 'getType')) {
+                $type = $param->getType();
+                if ($type !== null) {
+                    $this->types[$param->getName()] = (string) $type;
+                }
+            }
 
-			if($param->isOptional()) {
-				$default = $param->getDefaultValue();
-			} else {
-				$default = null;
-			}
-			$this->parameters[$param->name] = $default;
-		}
-	}
+            if($param->isOptional()) {
+                $default = $param->getDefaultValue();
+            } else {
+                $default = null;
+            }
+            $this->parameters[$param->name] = $default;
+        }
+    }
 
-	/**
-	 * Inspects the PHPDoc parameters for types
-	 * @param string $parameter the parameter whose type comments should be
-	 * parsed
-	 * @return string|null type in the type parameters (@param int $something)
-	 * would return int or null if not existing
-	 */
-	public function getType($parameter) {
-		if(array_key_exists($parameter, $this->types)) {
-			return $this->types[$parameter];
-		} else {
-			return null;
-		}
-	}
+    /**
+     * Inspects the PHPDoc parameters for types
+     * @param string $parameter the parameter whose type comments should be
+     * parsed
+     * @return string|null type in the type parameters (@param int $something)
+     * would return int or null if not existing
+     */
+    public function getType($parameter) {
+        if(array_key_exists($parameter, $this->types)) {
+            return $this->types[$parameter];
+        } else {
+            return null;
+        }
+    }
 
-	/**
-	 * @return array the arguments of the method with key => default value
-	 */
-	public function getParameters() {
-		return $this->parameters;
-	}
+    /**
+     * @return array the arguments of the method with key => default value
+     */
+    public function getParameters() {
+        return $this->parameters;
+    }
 
-	/**
-	 * Check if a method contains an annotation
-	 * @param string $name the name of the annotation
-	 * @return bool true if the annotation is found
-	 */
-	public function hasAnnotation($name) {
-		return array_key_exists($name, $this->annotations);
-	}
+    /**
+     * Check if a method contains an annotation
+     * @param string $name the name of the annotation
+     * @return bool true if the annotation is found
+     */
+    public function hasAnnotation($name) {
+        return array_key_exists($name, $this->annotations);
+    }
 
-	/**
-	 * Get optional annotation parameter by key
-	 *
-	 * @param string $name the name of the annotation
-	 * @param string $key the string of the annotation
-	 * @return string
-	 */
-	public function getAnnotationParameter($name, $key) {
-		if(isset($this->annotations[$name][$key])) {
-			return $this->annotations[$name][$key];
-		}
+    /**
+     * Get optional annotation parameter by key
+     *
+     * @param string $name the name of the annotation
+     * @param string $key the string of the annotation
+     * @return string
+     */
+    public function getAnnotationParameter($name, $key) {
+        if(isset($this->annotations[$name][$key])) {
+            return $this->annotations[$name][$key];
+        }
 
-		return '';
-	}
+        return '';
+    }
 }

Spacing +7 added lines, -7 removed lines

@@ -40,19 +40,19 @@ 
 	 * @param object $object an object or classname
 	 * @param string $method the method which we want to inspect
 	 */
-	public function reflect($object, $method){
+	public function reflect($object, $method) {
 		$reflection = new \ReflectionMethod($object, $method);
 		$docs = $reflection->getDocComment();
 
 		// extract everything prefixed by @ and first letter uppercase
 		preg_match_all('/^\h+\*\h+@(?P<annotation>[A-Z]\w+)((?P<parameter>.*))?$/m', $docs, $matches);
-		foreach($matches['annotation'] as $key => $annontation) {
+		foreach ($matches['annotation'] as $key => $annontation) {
 			$annotationValue = $matches['parameter'][$key];
-			if(isset($annotationValue[0]) && $annotationValue[0] === '(' && $annotationValue[strlen($annotationValue) - 1] === ')') {
+			if (isset($annotationValue[0]) && $annotationValue[0] === '(' && $annotationValue[strlen($annotationValue) - 1] === ')') {
 				$cutString = substr($annotationValue, 1, -1);
 				$cutString = str_replace(' ', '', $cutString);
 				$splittedArray = explode(',', $cutString);
-				foreach($splittedArray as $annotationValues) {
+				foreach ($splittedArray as $annotationValues) {
 					list($key, $value) = explode('=', $annotationValues);
 					$this->annotations[$annontation][$key] = $value;
 				}
@@ -76,7 +76,7 @@ 
 				}
 			}
 
-			if($param->isOptional()) {
+			if ($param->isOptional()) {
 				$default = $param->getDefaultValue();
 			} else {
 				$default = null;
@@ -93,7 +93,7 @@ 
 	 * would return int or null if not existing
 	 */
 	public function getType($parameter) {
-		if(array_key_exists($parameter, $this->types)) {
+		if (array_key_exists($parameter, $this->types)) {
 			return $this->types[$parameter];
 		} else {
 			return null;
@@ -124,7 +124,7 @@ 
 	 * @return string
 	 */
 	public function getAnnotationParameter($name, $key) {
-		if(isset($this->annotations[$name][$key])) {
+		if (isset($this->annotations[$name][$key])) {
 			return $this->annotations[$name][$key];
 		}
 

core/Controller/LostController.php

Indentation +237 added lines, -237 removed lines

@@ -55,268 +55,268 @@
  */
 class LostController extends Controller {
 
-	/** @var IURLGenerator */
-	protected $urlGenerator;
-	/** @var IUserManager */
-	protected $userManager;
-	/** @var Defaults */
-	protected $defaults;
-	/** @var IL10N */
-	protected $l10n;
-	/** @var string */
-	protected $from;
-	/** @var IManager */
-	protected $encryptionManager;
-	/** @var IConfig */
-	protected $config;
-	/** @var ISecureRandom */
-	protected $secureRandom;
-	/** @var IMailer */
-	protected $mailer;
-	/** @var ITimeFactory */
-	protected $timeFactory;
-	/** @var ICrypto */
-	protected $crypto;
+    /** @var IURLGenerator */
+    protected $urlGenerator;
+    /** @var IUserManager */
+    protected $userManager;
+    /** @var Defaults */
+    protected $defaults;
+    /** @var IL10N */
+    protected $l10n;
+    /** @var string */
+    protected $from;
+    /** @var IManager */
+    protected $encryptionManager;
+    /** @var IConfig */
+    protected $config;
+    /** @var ISecureRandom */
+    protected $secureRandom;
+    /** @var IMailer */
+    protected $mailer;
+    /** @var ITimeFactory */
+    protected $timeFactory;
+    /** @var ICrypto */
+    protected $crypto;
 
-	/**
-	 * @param string $appName
-	 * @param IRequest $request
-	 * @param IURLGenerator $urlGenerator
-	 * @param IUserManager $userManager
-	 * @param Defaults $defaults
-	 * @param IL10N $l10n
-	 * @param IConfig $config
-	 * @param ISecureRandom $secureRandom
-	 * @param string $defaultMailAddress
-	 * @param IManager $encryptionManager
-	 * @param IMailer $mailer
-	 * @param ITimeFactory $timeFactory
-	 * @param ICrypto $crypto
-	 */
-	public function __construct($appName,
-								IRequest $request,
-								IURLGenerator $urlGenerator,
-								IUserManager $userManager,
-								Defaults $defaults,
-								IL10N $l10n,
-								IConfig $config,
-								ISecureRandom $secureRandom,
-								$defaultMailAddress,
-								IManager $encryptionManager,
-								IMailer $mailer,
-								ITimeFactory $timeFactory,
-								ICrypto $crypto) {
-		parent::__construct($appName, $request);
-		$this->urlGenerator = $urlGenerator;
-		$this->userManager = $userManager;
-		$this->defaults = $defaults;
-		$this->l10n = $l10n;
-		$this->secureRandom = $secureRandom;
-		$this->from = $defaultMailAddress;
-		$this->encryptionManager = $encryptionManager;
-		$this->config = $config;
-		$this->mailer = $mailer;
-		$this->timeFactory = $timeFactory;
-		$this->crypto = $crypto;
-	}
+    /**
+     * @param string $appName
+     * @param IRequest $request
+     * @param IURLGenerator $urlGenerator
+     * @param IUserManager $userManager
+     * @param Defaults $defaults
+     * @param IL10N $l10n
+     * @param IConfig $config
+     * @param ISecureRandom $secureRandom
+     * @param string $defaultMailAddress
+     * @param IManager $encryptionManager
+     * @param IMailer $mailer
+     * @param ITimeFactory $timeFactory
+     * @param ICrypto $crypto
+     */
+    public function __construct($appName,
+                                IRequest $request,
+                                IURLGenerator $urlGenerator,
+                                IUserManager $userManager,
+                                Defaults $defaults,
+                                IL10N $l10n,
+                                IConfig $config,
+                                ISecureRandom $secureRandom,
+                                $defaultMailAddress,
+                                IManager $encryptionManager,
+                                IMailer $mailer,
+                                ITimeFactory $timeFactory,
+                                ICrypto $crypto) {
+        parent::__construct($appName, $request);
+        $this->urlGenerator = $urlGenerator;
+        $this->userManager = $userManager;
+        $this->defaults = $defaults;
+        $this->l10n = $l10n;
+        $this->secureRandom = $secureRandom;
+        $this->from = $defaultMailAddress;
+        $this->encryptionManager = $encryptionManager;
+        $this->config = $config;
+        $this->mailer = $mailer;
+        $this->timeFactory = $timeFactory;
+        $this->crypto = $crypto;
+    }
 
-	/**
-	 * Someone wants to reset their password:
-	 *
-	 * @PublicPage
-	 * @NoCSRFRequired
-	 *
-	 * @param string $token
-	 * @param string $userId
-	 * @return TemplateResponse
-	 */
-	public function resetform($token, $userId) {
-		try {
-			$this->checkPasswordResetToken($token, $userId);
-		} catch (\Exception $e) {
-			return new TemplateResponse(
-				'core', 'error', [
-					"errors" => array(array("error" => $e->getMessage()))
-				],
-				'guest'
-			);
-		}
+    /**
+     * Someone wants to reset their password:
+     *
+     * @PublicPage
+     * @NoCSRFRequired
+     *
+     * @param string $token
+     * @param string $userId
+     * @return TemplateResponse
+     */
+    public function resetform($token, $userId) {
+        try {
+            $this->checkPasswordResetToken($token, $userId);
+        } catch (\Exception $e) {
+            return new TemplateResponse(
+                'core', 'error', [
+                    "errors" => array(array("error" => $e->getMessage()))
+                ],
+                'guest'
+            );
+        }
 
-		return new TemplateResponse(
-			'core',
-			'lostpassword/resetpassword',
-			array(
-				'link' => $this->urlGenerator->linkToRouteAbsolute('core.lost.setPassword', array('userId' => $userId, 'token' => $token)),
-			),
-			'guest'
-		);
-	}
+        return new TemplateResponse(
+            'core',
+            'lostpassword/resetpassword',
+            array(
+                'link' => $this->urlGenerator->linkToRouteAbsolute('core.lost.setPassword', array('userId' => $userId, 'token' => $token)),
+            ),
+            'guest'
+        );
+    }
 
-	/**
-	 * @param string $token
-	 * @param string $userId
-	 * @throws \Exception
-	 */
-	protected function checkPasswordResetToken($token, $userId) {
-		$user = $this->userManager->get($userId);
-		if($user === null) {
-			throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid'));
-		}
+    /**
+     * @param string $token
+     * @param string $userId
+     * @throws \Exception
+     */
+    protected function checkPasswordResetToken($token, $userId) {
+        $user = $this->userManager->get($userId);
+        if($user === null) {
+            throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid'));
+        }
 
-		try {
-			$encryptedToken = $this->config->getUserValue($userId, 'core', 'lostpassword', null);
-			$mailAddress = !is_null($user->getEMailAddress()) ? $user->getEMailAddress() : '';
-			$decryptedToken = $this->crypto->decrypt($encryptedToken, $mailAddress.$this->config->getSystemValue('secret'));
-		} catch (\Exception $e) {
-			throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid'));
-		}
+        try {
+            $encryptedToken = $this->config->getUserValue($userId, 'core', 'lostpassword', null);
+            $mailAddress = !is_null($user->getEMailAddress()) ? $user->getEMailAddress() : '';
+            $decryptedToken = $this->crypto->decrypt($encryptedToken, $mailAddress.$this->config->getSystemValue('secret'));
+        } catch (\Exception $e) {
+            throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid'));
+        }
 
-		$splittedToken = explode(':', $decryptedToken);
-		if(count($splittedToken) !== 2) {
-			throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid'));
-		}
+        $splittedToken = explode(':', $decryptedToken);
+        if(count($splittedToken) !== 2) {
+            throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid'));
+        }
 
-		if ($splittedToken[0] < ($this->timeFactory->getTime() - 60*60*12) ||
-			$user->getLastLogin() > $splittedToken[0]) {
-			throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is expired'));
-		}
+        if ($splittedToken[0] < ($this->timeFactory->getTime() - 60*60*12) ||
+            $user->getLastLogin() > $splittedToken[0]) {
+            throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is expired'));
+        }
 
-		if (!hash_equals($splittedToken[1], $token)) {
-			throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid'));
-		}
-	}
+        if (!hash_equals($splittedToken[1], $token)) {
+            throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid'));
+        }
+    }
 
-	/**
-	 * @param $message
-	 * @param array $additional
-	 * @return array
-	 */
-	private function error($message, array $additional=array()) {
-		return array_merge(array('status' => 'error', 'msg' => $message), $additional);
-	}
+    /**
+     * @param $message
+     * @param array $additional
+     * @return array
+     */
+    private function error($message, array $additional=array()) {
+        return array_merge(array('status' => 'error', 'msg' => $message), $additional);
+    }
 
-	/**
-	 * @return array
-	 */
-	private function success() {
-		return array('status'=>'success');
-	}
+    /**
+     * @return array
+     */
+    private function success() {
+        return array('status'=>'success');
+    }
 
-	/**
-	 * @PublicPage
-	 * @BruteForceProtection(action=passwordResetEmail)
-	 *
-	 * @param string $user
-	 * @return array
-	 */
-	public function email($user){
-		// FIXME: use HTTP error codes
-		try {
-			$this->sendEmail($user);
-		} catch (\Exception $e){
-			return $this->error($e->getMessage());
-		}
+    /**
+     * @PublicPage
+     * @BruteForceProtection(action=passwordResetEmail)
+     *
+     * @param string $user
+     * @return array
+     */
+    public function email($user){
+        // FIXME: use HTTP error codes
+        try {
+            $this->sendEmail($user);
+        } catch (\Exception $e){
+            return $this->error($e->getMessage());
+        }
 
-		return $this->success();
-	}
+        return $this->success();
+    }
 
-	/**
-	 * @PublicPage
-	 * @param string $token
-	 * @param string $userId
-	 * @param string $password
-	 * @param boolean $proceed
-	 * @return array
-	 */
-	public function setPassword($token, $userId, $password, $proceed) {
-		if ($this->encryptionManager->isEnabled() && !$proceed) {
-			return $this->error('', array('encryption' => true));
-		}
+    /**
+     * @PublicPage
+     * @param string $token
+     * @param string $userId
+     * @param string $password
+     * @param boolean $proceed
+     * @return array
+     */
+    public function setPassword($token, $userId, $password, $proceed) {
+        if ($this->encryptionManager->isEnabled() && !$proceed) {
+            return $this->error('', array('encryption' => true));
+        }
 
-		try {
-			$this->checkPasswordResetToken($token, $userId);
-			$user = $this->userManager->get($userId);
+        try {
+            $this->checkPasswordResetToken($token, $userId);
+            $user = $this->userManager->get($userId);
 
-			\OC_Hook::emit('\OC\Core\LostPassword\Controller\LostController', 'pre_passwordReset', array('uid' => $userId, 'password' => $password));
+            \OC_Hook::emit('\OC\Core\LostPassword\Controller\LostController', 'pre_passwordReset', array('uid' => $userId, 'password' => $password));
 
-			if (!$user->setPassword($password)) {
-				throw new \Exception();
-			}
+            if (!$user->setPassword($password)) {
+                throw new \Exception();
+            }
 
-			\OC_Hook::emit('\OC\Core\LostPassword\Controller\LostController', 'post_passwordReset', array('uid' => $userId, 'password' => $password));
+            \OC_Hook::emit('\OC\Core\LostPassword\Controller\LostController', 'post_passwordReset', array('uid' => $userId, 'password' => $password));
 
-			$this->config->deleteUserValue($userId, 'core', 'lostpassword');
-			@\OC_User::unsetMagicInCookie();
-		} catch (\Exception $e){
-			return $this->error($e->getMessage());
-		}
+            $this->config->deleteUserValue($userId, 'core', 'lostpassword');
+            @\OC_User::unsetMagicInCookie();
+        } catch (\Exception $e){
+            return $this->error($e->getMessage());
+        }
 
-		return $this->success();
-	}
+        return $this->success();
+    }
 
-	/**
-	 * @param string $input
-	 * @throws \Exception
-	 */
-	protected function sendEmail($input) {
-		$user = $this->findUserByIdOrMail($input);
-		$email = $user->getEMailAddress();
+    /**
+     * @param string $input
+     * @throws \Exception
+     */
+    protected function sendEmail($input) {
+        $user = $this->findUserByIdOrMail($input);
+        $email = $user->getEMailAddress();
 
-		if (empty($email)) {
-			throw new \Exception(
-				$this->l10n->t('Could not send reset email because there is no email address for this username. Please contact your administrator.')
-			);
-		}
+        if (empty($email)) {
+            throw new \Exception(
+                $this->l10n->t('Could not send reset email because there is no email address for this username. Please contact your administrator.')
+            );
+        }
 
-		// Generate the token. It is stored encrypted in the database with the
-		// secret being the users' email address appended with the system secret.
-		// This makes the token automatically invalidate once the user changes
-		// their email address.
-		$token = $this->secureRandom->generate(
-			21,
-			ISecureRandom::CHAR_DIGITS.
-			ISecureRandom::CHAR_LOWER.
-			ISecureRandom::CHAR_UPPER
-		);
-		$tokenValue = $this->timeFactory->getTime() .':'. $token;
-		$encryptedValue = $this->crypto->encrypt($tokenValue, $email . $this->config->getSystemValue('secret'));
-		$this->config->setUserValue($user->getUID(), 'core', 'lostpassword', $encryptedValue);
+        // Generate the token. It is stored encrypted in the database with the
+        // secret being the users' email address appended with the system secret.
+        // This makes the token automatically invalidate once the user changes
+        // their email address.
+        $token = $this->secureRandom->generate(
+            21,
+            ISecureRandom::CHAR_DIGITS.
+            ISecureRandom::CHAR_LOWER.
+            ISecureRandom::CHAR_UPPER
+        );
+        $tokenValue = $this->timeFactory->getTime() .':'. $token;
+        $encryptedValue = $this->crypto->encrypt($tokenValue, $email . $this->config->getSystemValue('secret'));
+        $this->config->setUserValue($user->getUID(), 'core', 'lostpassword', $encryptedValue);
 
-		$link = $this->urlGenerator->linkToRouteAbsolute('core.lost.resetform', array('userId' => $user->getUID(), 'token' => $token));
+        $link = $this->urlGenerator->linkToRouteAbsolute('core.lost.resetform', array('userId' => $user->getUID(), 'token' => $token));
 
-		$tmpl = new \OC_Template('core', 'lostpassword/email');
-		$tmpl->assign('link', $link);
-		$msg = $tmpl->fetchPage();
+        $tmpl = new \OC_Template('core', 'lostpassword/email');
+        $tmpl->assign('link', $link);
+        $msg = $tmpl->fetchPage();
 
-		try {
-			$message = $this->mailer->createMessage();
-			$message->setTo([$email => $user->getUID()]);
-			$message->setSubject($this->l10n->t('%s password reset', [$this->defaults->getName()]));
-			$message->setPlainBody($msg);
-			$message->setFrom([$this->from => $this->defaults->getName()]);
-			$this->mailer->send($message);
-		} catch (\Exception $e) {
-			throw new \Exception($this->l10n->t(
-				'Couldn\'t send reset email. Please contact your administrator.'
-			));
-		}
-	}
+        try {
+            $message = $this->mailer->createMessage();
+            $message->setTo([$email => $user->getUID()]);
+            $message->setSubject($this->l10n->t('%s password reset', [$this->defaults->getName()]));
+            $message->setPlainBody($msg);
+            $message->setFrom([$this->from => $this->defaults->getName()]);
+            $this->mailer->send($message);
+        } catch (\Exception $e) {
+            throw new \Exception($this->l10n->t(
+                'Couldn\'t send reset email. Please contact your administrator.'
+            ));
+        }
+    }
 
-	/**
-	 * @param string $input
-	 * @return IUser
-	 * @throws \Exception
-	 */
-	protected function findUserByIdOrMail($input) {
-		$user = $this->userManager->get($input);
-		if ($user instanceof IUser) {
-			return $user;
-		}
-		$users = $this->userManager->getByEmail($input);
-		if (count($users) === 1) {
-			return $users[0];
-		}
+    /**
+     * @param string $input
+     * @return IUser
+     * @throws \Exception
+     */
+    protected function findUserByIdOrMail($input) {
+        $user = $this->userManager->get($input);
+        if ($user instanceof IUser) {
+            return $user;
+        }
+        $users = $this->userManager->getByEmail($input);
+        if (count($users) === 1) {
+            return $users[0];
+        }
 
-		throw new \InvalidArgumentException($this->l10n->t('Couldn\'t send reset email. Please make sure your username is correct.'));
-	}
+        throw new \InvalidArgumentException($this->l10n->t('Couldn\'t send reset email. Please make sure your username is correct.'));
+    }
 }

core/Controller/LoginController.php

Indentation +242 added lines, -242 removed lines

@@ -49,274 +49,274 @@
 use OC\Hooks\PublicEmitter;
 
 class LoginController extends Controller {
-	/** @var IUserManager */
-	private $userManager;
-	/** @var IConfig */
-	private $config;
-	/** @var ISession */
-	private $session;
-	/** @var IUserSession|Session */
-	private $userSession;
-	/** @var IURLGenerator */
-	private $urlGenerator;
-	/** @var Manager */
-	private $twoFactorManager;
-	/** @var Throttler */
-	private $throttler;
+    /** @var IUserManager */
+    private $userManager;
+    /** @var IConfig */
+    private $config;
+    /** @var ISession */
+    private $session;
+    /** @var IUserSession|Session */
+    private $userSession;
+    /** @var IURLGenerator */
+    private $urlGenerator;
+    /** @var Manager */
+    private $twoFactorManager;
+    /** @var Throttler */
+    private $throttler;
 
-	/**
-	 * @param string $appName
-	 * @param IRequest $request
-	 * @param IUserManager $userManager
-	 * @param IConfig $config
-	 * @param ISession $session
-	 * @param IUserSession $userSession
-	 * @param IURLGenerator $urlGenerator
-	 * @param Manager $twoFactorManager
-	 * @param Throttler $throttler
-	 */
-	public function __construct($appName,
-						 IRequest $request,
-						 IUserManager $userManager,
-						 IConfig $config,
-						 ISession $session,
-						 IUserSession $userSession,
-						 IURLGenerator $urlGenerator,
-						 Manager $twoFactorManager,
-						 Throttler $throttler) {
-		parent::__construct($appName, $request);
-		$this->userManager = $userManager;
-		$this->config = $config;
-		$this->session = $session;
-		$this->userSession = $userSession;
-		$this->urlGenerator = $urlGenerator;
-		$this->twoFactorManager = $twoFactorManager;
-		$this->throttler = $throttler;
-	}
+    /**
+     * @param string $appName
+     * @param IRequest $request
+     * @param IUserManager $userManager
+     * @param IConfig $config
+     * @param ISession $session
+     * @param IUserSession $userSession
+     * @param IURLGenerator $urlGenerator
+     * @param Manager $twoFactorManager
+     * @param Throttler $throttler
+     */
+    public function __construct($appName,
+                            IRequest $request,
+                            IUserManager $userManager,
+                            IConfig $config,
+                            ISession $session,
+                            IUserSession $userSession,
+                            IURLGenerator $urlGenerator,
+                            Manager $twoFactorManager,
+                            Throttler $throttler) {
+        parent::__construct($appName, $request);
+        $this->userManager = $userManager;
+        $this->config = $config;
+        $this->session = $session;
+        $this->userSession = $userSession;
+        $this->urlGenerator = $urlGenerator;
+        $this->twoFactorManager = $twoFactorManager;
+        $this->throttler = $throttler;
+    }
 
-	/**
-	 * @NoAdminRequired
-	 * @UseSession
-	 *
-	 * @return RedirectResponse
-	 */
-	public function logout() {
-		$loginToken = $this->request->getCookie('nc_token');
-		if (!is_null($loginToken)) {
-			$this->config->deleteUserValue($this->userSession->getUser()->getUID(), 'login_token', $loginToken);
-		}
-		$this->userSession->logout();
+    /**
+     * @NoAdminRequired
+     * @UseSession
+     *
+     * @return RedirectResponse
+     */
+    public function logout() {
+        $loginToken = $this->request->getCookie('nc_token');
+        if (!is_null($loginToken)) {
+            $this->config->deleteUserValue($this->userSession->getUser()->getUID(), 'login_token', $loginToken);
+        }
+        $this->userSession->logout();
 
-		return new RedirectResponse($this->urlGenerator->linkToRouteAbsolute('core.login.showLoginForm'));
-	}
+        return new RedirectResponse($this->urlGenerator->linkToRouteAbsolute('core.login.showLoginForm'));
+    }
 
-	/**
-	 * @PublicPage
-	 * @NoCSRFRequired
-	 * @UseSession
-	 *
-	 * @param string $user
-	 * @param string $redirect_url
-	 * @param string $remember_login
-	 *
-	 * @return TemplateResponse|RedirectResponse
-	 */
-	public function showLoginForm($user, $redirect_url, $remember_login) {
-		if ($this->userSession->isLoggedIn()) {
-			return new RedirectResponse(OC_Util::getDefaultPageUrl());
-		}
+    /**
+     * @PublicPage
+     * @NoCSRFRequired
+     * @UseSession
+     *
+     * @param string $user
+     * @param string $redirect_url
+     * @param string $remember_login
+     *
+     * @return TemplateResponse|RedirectResponse
+     */
+    public function showLoginForm($user, $redirect_url, $remember_login) {
+        if ($this->userSession->isLoggedIn()) {
+            return new RedirectResponse(OC_Util::getDefaultPageUrl());
+        }
 
-		$parameters = array();
-		$loginMessages = $this->session->get('loginMessages');
-		$errors = [];
-		$messages = [];
-		if (is_array($loginMessages)) {
-			list($errors, $messages) = $loginMessages;
-		}
-		$this->session->remove('loginMessages');
-		foreach ($errors as $value) {
-			$parameters[$value] = true;
-		}
+        $parameters = array();
+        $loginMessages = $this->session->get('loginMessages');
+        $errors = [];
+        $messages = [];
+        if (is_array($loginMessages)) {
+            list($errors, $messages) = $loginMessages;
+        }
+        $this->session->remove('loginMessages');
+        foreach ($errors as $value) {
+            $parameters[$value] = true;
+        }
 
-		$parameters['messages'] = $messages;
-		if (!is_null($user) && $user !== '') {
-			$parameters['loginName'] = $user;
-			$parameters['user_autofocus'] = false;
-		} else {
-			$parameters['loginName'] = '';
-			$parameters['user_autofocus'] = true;
-		}
-		if (!empty($redirect_url)) {
-			$parameters['redirect_url'] = $redirect_url;
-		}
+        $parameters['messages'] = $messages;
+        if (!is_null($user) && $user !== '') {
+            $parameters['loginName'] = $user;
+            $parameters['user_autofocus'] = false;
+        } else {
+            $parameters['loginName'] = '';
+            $parameters['user_autofocus'] = true;
+        }
+        if (!empty($redirect_url)) {
+            $parameters['redirect_url'] = $redirect_url;
+        }
 
-		$parameters['canResetPassword'] = true;
-		$parameters['resetPasswordLink'] = $this->config->getSystemValue('lost_password_link', '');
-		if (!$parameters['resetPasswordLink']) {
-			if (!is_null($user) && $user !== '') {
-				$userObj = $this->userManager->get($user);
-				if ($userObj instanceof IUser) {
-					$parameters['canResetPassword'] = $userObj->canChangePassword();
-				}
-			}
-		}
+        $parameters['canResetPassword'] = true;
+        $parameters['resetPasswordLink'] = $this->config->getSystemValue('lost_password_link', '');
+        if (!$parameters['resetPasswordLink']) {
+            if (!is_null($user) && $user !== '') {
+                $userObj = $this->userManager->get($user);
+                if ($userObj instanceof IUser) {
+                    $parameters['canResetPassword'] = $userObj->canChangePassword();
+                }
+            }
+        }
 
-		$parameters['alt_login'] = OC_App::getAlternativeLogIns();
-		$parameters['rememberLoginState'] = !empty($remember_login) ? $remember_login : 0;
+        $parameters['alt_login'] = OC_App::getAlternativeLogIns();
+        $parameters['rememberLoginState'] = !empty($remember_login) ? $remember_login : 0;
 
-		if (!is_null($user) && $user !== '') {
-			$parameters['loginName'] = $user;
-			$parameters['user_autofocus'] = false;
-		} else {
-			$parameters['loginName'] = '';
-			$parameters['user_autofocus'] = true;
-		}
+        if (!is_null($user) && $user !== '') {
+            $parameters['loginName'] = $user;
+            $parameters['user_autofocus'] = false;
+        } else {
+            $parameters['loginName'] = '';
+            $parameters['user_autofocus'] = true;
+        }
 
-		return new TemplateResponse(
-			$this->appName, 'login', $parameters, 'guest'
-		);
-	}
+        return new TemplateResponse(
+            $this->appName, 'login', $parameters, 'guest'
+        );
+    }
 
-	/**
-	 * @param string $redirectUrl
-	 * @return RedirectResponse
-	 */
-	private function generateRedirect($redirectUrl) {
-		if (!is_null($redirectUrl) && $this->userSession->isLoggedIn()) {
-			$location = $this->urlGenerator->getAbsoluteURL(urldecode($redirectUrl));
-			// Deny the redirect if the URL contains a @
-			// This prevents unvalidated redirects like ?redirect_url=:user@domain.com
-			if (strpos($location, '@') === false) {
-				return new RedirectResponse($location);
-			}
-		}
-		return new RedirectResponse(OC_Util::getDefaultPageUrl());
-	}
+    /**
+     * @param string $redirectUrl
+     * @return RedirectResponse
+     */
+    private function generateRedirect($redirectUrl) {
+        if (!is_null($redirectUrl) && $this->userSession->isLoggedIn()) {
+            $location = $this->urlGenerator->getAbsoluteURL(urldecode($redirectUrl));
+            // Deny the redirect if the URL contains a @
+            // This prevents unvalidated redirects like ?redirect_url=:user@domain.com
+            if (strpos($location, '@') === false) {
+                return new RedirectResponse($location);
+            }
+        }
+        return new RedirectResponse(OC_Util::getDefaultPageUrl());
+    }
 
-	/**
-	 * @PublicPage
-	 * @UseSession
-	 * @NoCSRFRequired
-	 *
-	 * @param string $user
-	 * @param string $password
-	 * @param string $redirect_url
-	 * @param boolean $remember_login
-	 * @param string $timezone
-	 * @param string $timezone_offset
-	 * @return RedirectResponse
-	 */
-	public function tryLogin($user, $password, $redirect_url, $remember_login = false, $timezone = '', $timezone_offset = '') {
-		$currentDelay = $this->throttler->getDelay($this->request->getRemoteAddress(), 'login');
-		$this->throttler->sleepDelay($this->request->getRemoteAddress(), 'login');
+    /**
+     * @PublicPage
+     * @UseSession
+     * @NoCSRFRequired
+     *
+     * @param string $user
+     * @param string $password
+     * @param string $redirect_url
+     * @param boolean $remember_login
+     * @param string $timezone
+     * @param string $timezone_offset
+     * @return RedirectResponse
+     */
+    public function tryLogin($user, $password, $redirect_url, $remember_login = false, $timezone = '', $timezone_offset = '') {
+        $currentDelay = $this->throttler->getDelay($this->request->getRemoteAddress(), 'login');
+        $this->throttler->sleepDelay($this->request->getRemoteAddress(), 'login');
 
-		// If the user is already logged in and the CSRF check does not pass then
-		// simply redirect the user to the correct page as required. This is the
-		// case when an user has already logged-in, in another tab.
-		if(!$this->request->passesCSRFCheck()) {
-			return $this->generateRedirect($redirect_url);
-		}
+        // If the user is already logged in and the CSRF check does not pass then
+        // simply redirect the user to the correct page as required. This is the
+        // case when an user has already logged-in, in another tab.
+        if(!$this->request->passesCSRFCheck()) {
+            return $this->generateRedirect($redirect_url);
+        }
 
-		if ($this->userManager instanceof PublicEmitter) {
-			$this->userManager->emit('\OC\User', 'preLogin', array($user, $password));
-		}
+        if ($this->userManager instanceof PublicEmitter) {
+            $this->userManager->emit('\OC\User', 'preLogin', array($user, $password));
+        }
 
-		$originalUser = $user;
-		// TODO: Add all the insane error handling
-		/* @var $loginResult IUser */
-		$loginResult = $this->userManager->checkPassword($user, $password);
-		if ($loginResult === false) {
-			$users = $this->userManager->getByEmail($user);
-			// we only allow login by email if unique
-			if (count($users) === 1) {
-				$user = $users[0]->getUID();
-				$loginResult = $this->userManager->checkPassword($user, $password);
-			}
-		}
-		if ($loginResult === false) {
-			$this->throttler->registerAttempt('login', $this->request->getRemoteAddress(), ['user' => $originalUser]);
-			if($currentDelay === 0) {
-				$this->throttler->sleepDelay($this->request->getRemoteAddress(), 'login');
-			}
-			$this->session->set('loginMessages', [
-				['invalidpassword'], []
-			]);
-			// Read current user and append if possible - we need to return the unmodified user otherwise we will leak the login name
-			$args = !is_null($user) ? ['user' => $originalUser] : [];
-			return new RedirectResponse($this->urlGenerator->linkToRoute('core.login.showLoginForm', $args));
-		}
-		// TODO: remove password checks from above and let the user session handle failures
-		// requires https://github.com/owncloud/core/pull/24616
-		$this->userSession->login($user, $password);
-		$this->userSession->createSessionToken($this->request, $loginResult->getUID(), $user, $password, (int)$remember_login);
+        $originalUser = $user;
+        // TODO: Add all the insane error handling
+        /* @var $loginResult IUser */
+        $loginResult = $this->userManager->checkPassword($user, $password);
+        if ($loginResult === false) {
+            $users = $this->userManager->getByEmail($user);
+            // we only allow login by email if unique
+            if (count($users) === 1) {
+                $user = $users[0]->getUID();
+                $loginResult = $this->userManager->checkPassword($user, $password);
+            }
+        }
+        if ($loginResult === false) {
+            $this->throttler->registerAttempt('login', $this->request->getRemoteAddress(), ['user' => $originalUser]);
+            if($currentDelay === 0) {
+                $this->throttler->sleepDelay($this->request->getRemoteAddress(), 'login');
+            }
+            $this->session->set('loginMessages', [
+                ['invalidpassword'], []
+            ]);
+            // Read current user and append if possible - we need to return the unmodified user otherwise we will leak the login name
+            $args = !is_null($user) ? ['user' => $originalUser] : [];
+            return new RedirectResponse($this->urlGenerator->linkToRoute('core.login.showLoginForm', $args));
+        }
+        // TODO: remove password checks from above and let the user session handle failures
+        // requires https://github.com/owncloud/core/pull/24616
+        $this->userSession->login($user, $password);
+        $this->userSession->createSessionToken($this->request, $loginResult->getUID(), $user, $password, (int)$remember_login);
 
-		// User has successfully logged in, now remove the password reset link, when it is available
-		$this->config->deleteUserValue($loginResult->getUID(), 'core', 'lostpassword');
+        // User has successfully logged in, now remove the password reset link, when it is available
+        $this->config->deleteUserValue($loginResult->getUID(), 'core', 'lostpassword');
 
-		$this->session->set('last-password-confirm', $loginResult->getLastLogin());
+        $this->session->set('last-password-confirm', $loginResult->getLastLogin());
 
-		if ($timezone_offset !== '') {
-			$this->config->setUserValue($loginResult->getUID(), 'core', 'timezone', $timezone);
-			$this->session->set('timezone', $timezone_offset);
-		}
+        if ($timezone_offset !== '') {
+            $this->config->setUserValue($loginResult->getUID(), 'core', 'timezone', $timezone);
+            $this->session->set('timezone', $timezone_offset);
+        }
 
-		if ($this->twoFactorManager->isTwoFactorAuthenticated($loginResult)) {
-			$this->twoFactorManager->prepareTwoFactorLogin($loginResult, $remember_login);
+        if ($this->twoFactorManager->isTwoFactorAuthenticated($loginResult)) {
+            $this->twoFactorManager->prepareTwoFactorLogin($loginResult, $remember_login);
 
-			$providers = $this->twoFactorManager->getProviders($loginResult);
-			if (count($providers) === 1) {
-				// Single provider, hence we can redirect to that provider's challenge page directly
-				/* @var $provider IProvider */
-				$provider = array_pop($providers);
-				$url = 'core.TwoFactorChallenge.showChallenge';
-				$urlParams = [
-					'challengeProviderId' => $provider->getId(),
-				];
-			} else {
-				$url = 'core.TwoFactorChallenge.selectChallenge';
-				$urlParams = [];
-			}
+            $providers = $this->twoFactorManager->getProviders($loginResult);
+            if (count($providers) === 1) {
+                // Single provider, hence we can redirect to that provider's challenge page directly
+                /* @var $provider IProvider */
+                $provider = array_pop($providers);
+                $url = 'core.TwoFactorChallenge.showChallenge';
+                $urlParams = [
+                    'challengeProviderId' => $provider->getId(),
+                ];
+            } else {
+                $url = 'core.TwoFactorChallenge.selectChallenge';
+                $urlParams = [];
+            }
 
-			if (!is_null($redirect_url)) {
-				$urlParams['redirect_url'] = $redirect_url;
-			}
+            if (!is_null($redirect_url)) {
+                $urlParams['redirect_url'] = $redirect_url;
+            }
 
-			return new RedirectResponse($this->urlGenerator->linkToRoute($url, $urlParams));
-		}
+            return new RedirectResponse($this->urlGenerator->linkToRoute($url, $urlParams));
+        }
 
-		if ($remember_login) {
-			$this->userSession->createRememberMeToken($loginResult);
-		}
+        if ($remember_login) {
+            $this->userSession->createRememberMeToken($loginResult);
+        }
 
-		return $this->generateRedirect($redirect_url);
-	}
+        return $this->generateRedirect($redirect_url);
+    }
 
-	/**
-	 * @NoAdminRequired
-	 * @UseSession
-	 *
-	 * @license GNU AGPL version 3 or any later version
-	 *
-	 * @param string $password
-	 * @return DataResponse
-	 */
-	public function confirmPassword($password) {
-		$currentDelay = $this->throttler->getDelay($this->request->getRemoteAddress(), 'sudo');
-		$this->throttler->sleepDelay($this->request->getRemoteAddress(), 'sudo');
+    /**
+     * @NoAdminRequired
+     * @UseSession
+     *
+     * @license GNU AGPL version 3 or any later version
+     *
+     * @param string $password
+     * @return DataResponse
+     */
+    public function confirmPassword($password) {
+        $currentDelay = $this->throttler->getDelay($this->request->getRemoteAddress(), 'sudo');
+        $this->throttler->sleepDelay($this->request->getRemoteAddress(), 'sudo');
 
-		$loginName = $this->userSession->getLoginName();
-		$loginResult = $this->userManager->checkPassword($loginName, $password);
-		if ($loginResult === false) {
-			$this->throttler->registerAttempt('sudo', $this->request->getRemoteAddress(), ['user' => $loginName]);
-			if ($currentDelay === 0) {
-				$this->throttler->sleepDelay($this->request->getRemoteAddress(), 'sudo');
-			}
+        $loginName = $this->userSession->getLoginName();
+        $loginResult = $this->userManager->checkPassword($loginName, $password);
+        if ($loginResult === false) {
+            $this->throttler->registerAttempt('sudo', $this->request->getRemoteAddress(), ['user' => $loginName]);
+            if ($currentDelay === 0) {
+                $this->throttler->sleepDelay($this->request->getRemoteAddress(), 'sudo');
+            }
 
-			return new DataResponse([], Http::STATUS_FORBIDDEN);
-		}
+            return new DataResponse([], Http::STATUS_FORBIDDEN);
+        }
 
-		$confirmTimestamp = time();
-		$this->session->set('last-password-confirm', $confirmTimestamp);
-		return new DataResponse(['lastLogin' => $confirmTimestamp], Http::STATUS_OK);
-	}
+        $confirmTimestamp = time();
+        $this->session->set('last-password-confirm', $confirmTimestamp);
+        return new DataResponse(['lastLogin' => $confirmTimestamp], Http::STATUS_OK);
+    }
 }

apps/testing/appinfo/routes.php

Indentation +31 added lines, -31 removed lines

@@ -28,50 +28,50 @@
 use OCP\AppFramework\App;
 
 $config = new Config(
-	\OC::$server->getConfig(),
-	\OC::$server->getRequest()
+    \OC::$server->getConfig(),
+    \OC::$server->getRequest()
 );
 
 $app = new App('testing');
 $app->registerRoutes(
-	$this,
-	[
-		'routes' => [
-			[
-				'name' => 'RateLimitTest#userAndAnonProtected',
-				'url' => '/userAndAnonProtected',
-				'verb' => 'GET',
-			],
-			[
-				'name' => 'RateLimitTest#onlyAnonProtected',
-				'url' => '/anonProtected',
-				'verb' => 'GET',
-			],
-		]
-	]
+    $this,
+    [
+        'routes' => [
+            [
+                'name' => 'RateLimitTest#userAndAnonProtected',
+                'url' => '/userAndAnonProtected',
+                'verb' => 'GET',
+            ],
+            [
+                'name' => 'RateLimitTest#onlyAnonProtected',
+                'url' => '/anonProtected',
+                'verb' => 'GET',
+            ],
+        ]
+    ]
 );
 
 API::register(
-	'post',
-	'/apps/testing/api/v1/app/{appid}/{configkey}',
-	[$config, 'setAppValue'],
-	'testing',
-	API::ADMIN_AUTH
+    'post',
+    '/apps/testing/api/v1/app/{appid}/{configkey}',
+    [$config, 'setAppValue'],
+    'testing',
+    API::ADMIN_AUTH
 );
 
 API::register(
-	'delete',
-	'/apps/testing/api/v1/app/{appid}/{configkey}',
-	[$config, 'deleteAppValue'],
-	'testing',
-	API::ADMIN_AUTH
+    'delete',
+    '/apps/testing/api/v1/app/{appid}/{configkey}',
+    [$config, 'deleteAppValue'],
+    'testing',
+    API::ADMIN_AUTH
 );
 
 $locking = new Provisioning(
-	\OC::$server->getLockingProvider(),
-	\OC::$server->getDatabaseConnection(),
-	\OC::$server->getConfig(),
-	\OC::$server->getRequest()
+    \OC::$server->getLockingProvider(),
+    \OC::$server->getDatabaseConnection(),
+    \OC::$server->getConfig(),
+    \OC::$server->getRequest()
 );
 API::register('get', '/apps/testing/api/v1/lockprovisioning', [$locking, 'isLockingEnabled'], 'files_lockprovisioning', API::ADMIN_AUTH);
 API::register('get', '/apps/testing/api/v1/lockprovisioning/{type}/{user}', [$locking, 'isLocked'], 'files_lockprovisioning', API::ADMIN_AUTH);

apps/testing/lib/Controller/RateLimitTestController.php

Indentation +23 added lines, -23 removed lines

@@ -25,28 +25,28 @@
 use OCP\AppFramework\Http\JSONResponse;
 
 class RateLimitTestController extends Controller {
-	/**
-	 * @PublicPage
-	 * @NoCSRFRequired
-	 *
-	 * @UserRateThrottle(limit=5, period=100)
-	 * @AnonRateThrottle(limit=1, period=100)
-	 *
-	 * @return JSONResponse
-	 */
-	public function userAndAnonProtected() {
-		return new JSONResponse();
-	}
+    /**
+     * @PublicPage
+     * @NoCSRFRequired
+     *
+     * @UserRateThrottle(limit=5, period=100)
+     * @AnonRateThrottle(limit=1, period=100)
+     *
+     * @return JSONResponse
+     */
+    public function userAndAnonProtected() {
+        return new JSONResponse();
+    }
 
-	/**
-	 * @PublicPage
-	 * @NoCSRFRequired
-	 *
-	 * @AnonRateThrottle(limit=1, period=10)
-	 *
-	 * @return JSONResponse
-	 */
-	public function onlyAnonProtected() {
-		return new JSONResponse();
-	}
+    /**
+     * @PublicPage
+     * @NoCSRFRequired
+     *
+     * @AnonRateThrottle(limit=1, period=10)
+     *
+     * @return JSONResponse
+     */
+    public function onlyAnonProtected() {
+        return new JSONResponse();
+    }
 }

apps/files_sharing/lib/Controller/ShareController.php

Indentation +548 added lines, -548 removed lines

@@ -64,556 +64,556 @@
  */
 class ShareController extends Controller {
 
-	/** @var IConfig */
-	protected $config;
-	/** @var IURLGenerator */
-	protected $urlGenerator;
-	/** @var IUserManager */
-	protected $userManager;
-	/** @var ILogger */
-	protected $logger;
-	/** @var \OCP\Activity\IManager */
-	protected $activityManager;
-	/** @var \OCP\Share\IManager */
-	protected $shareManager;
-	/** @var ISession */
-	protected $session;
-	/** @var IPreview */
-	protected $previewManager;
-	/** @var IRootFolder */
-	protected $rootFolder;
-	/** @var FederatedShareProvider */
-	protected $federatedShareProvider;
-	/** @var EventDispatcherInterface */
-	protected $eventDispatcher;
-	/** @var IL10N */
-	protected $l10n;
-	/** @var Defaults */
-	protected $defaults;
-
-	/**
-	 * @param string $appName
-	 * @param IRequest $request
-	 * @param IConfig $config
-	 * @param IURLGenerator $urlGenerator
-	 * @param IUserManager $userManager
-	 * @param ILogger $logger
-	 * @param \OCP\Activity\IManager $activityManager
-	 * @param \OCP\Share\IManager $shareManager
-	 * @param ISession $session
-	 * @param IPreview $previewManager
-	 * @param IRootFolder $rootFolder
-	 * @param FederatedShareProvider $federatedShareProvider
-	 * @param EventDispatcherInterface $eventDispatcher
-	 * @param IL10N $l10n
-	 * @param Defaults $defaults
-	 */
-	public function __construct($appName,
-								IRequest $request,
-								IConfig $config,
-								IURLGenerator $urlGenerator,
-								IUserManager $userManager,
-								ILogger $logger,
-								\OCP\Activity\IManager $activityManager,
-								\OCP\Share\IManager $shareManager,
-								ISession $session,
-								IPreview $previewManager,
-								IRootFolder $rootFolder,
-								FederatedShareProvider $federatedShareProvider,
-								EventDispatcherInterface $eventDispatcher,
-								IL10N $l10n,
-								Defaults $defaults) {
-		parent::__construct($appName, $request);
-
-		$this->config = $config;
-		$this->urlGenerator = $urlGenerator;
-		$this->userManager = $userManager;
-		$this->logger = $logger;
-		$this->activityManager = $activityManager;
-		$this->shareManager = $shareManager;
-		$this->session = $session;
-		$this->previewManager = $previewManager;
-		$this->rootFolder = $rootFolder;
-		$this->federatedShareProvider = $federatedShareProvider;
-		$this->eventDispatcher = $eventDispatcher;
-		$this->l10n = $l10n;
-		$this->defaults = $defaults;
-	}
-
-	/**
-	 * @PublicPage
-	 * @NoCSRFRequired
-	 *
-	 * @param string $token
-	 * @return TemplateResponse|RedirectResponse
-	 */
-	public function showAuthenticate($token) {
-		$share = $this->shareManager->getShareByToken($token);
-
-		if($this->linkShareAuth($share)) {
-			return new RedirectResponse($this->urlGenerator->linkToRoute('files_sharing.sharecontroller.showShare', array('token' => $token)));
-		}
-
-		return new TemplateResponse($this->appName, 'authenticate', array(), 'guest');
-	}
-
-	/**
-	 * @PublicPage
-	 * @UseSession
-	 * @BruteForceProtection(action=publicLinkAuth)
-	 *
-	 * Authenticates against password-protected shares
-	 * @param string $token
-	 * @param string $password
-	 * @return RedirectResponse|TemplateResponse|NotFoundResponse
-	 */
-	public function authenticate($token, $password = '') {
-
-		// Check whether share exists
-		try {
-			$share = $this->shareManager->getShareByToken($token);
-		} catch (ShareNotFound $e) {
-			return new NotFoundResponse();
-		}
-
-		$authenticate = $this->linkShareAuth($share, $password);
-
-		if($authenticate === true) {
-			return new RedirectResponse($this->urlGenerator->linkToRoute('files_sharing.sharecontroller.showShare', array('token' => $token)));
-		}
-
-		return new TemplateResponse($this->appName, 'authenticate', array('wrongpw' => true), 'guest');
-	}
-
-	/**
-	 * Authenticate a link item with the given password.
-	 * Or use the session if no password is provided.
-	 *
-	 * This is a modified version of Helper::authenticate
-	 * TODO: Try to merge back eventually with Helper::authenticate
-	 *
-	 * @param \OCP\Share\IShare $share
-	 * @param string|null $password
-	 * @return bool
-	 */
-	private function linkShareAuth(\OCP\Share\IShare $share, $password = null) {
-		if ($password !== null) {
-			if ($this->shareManager->checkPassword($share, $password)) {
-				$this->session->set('public_link_authenticated', (string)$share->getId());
-			} else {
-				$this->emitAccessShareHook($share, 403, 'Wrong password');
-				return false;
-			}
-		} else {
-			// not authenticated ?
-			if ( ! $this->session->exists('public_link_authenticated')
-				|| $this->session->get('public_link_authenticated') !== (string)$share->getId()) {
-				return false;
-			}
-		}
-		return true;
-	}
-
-	/**
-	 * throws hooks when a share is attempted to be accessed
-	 *
-	 * @param \OCP\Share\IShare|string $share the Share instance if available,
-	 * otherwise token
-	 * @param int $errorCode
-	 * @param string $errorMessage
-	 * @throws \OC\HintException
-	 * @throws \OC\ServerNotAvailableException
-	 */
-	protected function emitAccessShareHook($share, $errorCode = 200, $errorMessage = '') {
-		$itemType = $itemSource = $uidOwner = '';
-		$token = $share;
-		$exception = null;
-		if($share instanceof \OCP\Share\IShare) {
-			try {
-				$token = $share->getToken();
-				$uidOwner = $share->getSharedBy();
-				$itemType = $share->getNodeType();
-				$itemSource = $share->getNodeId();
-			} catch (\Exception $e) {
-				// we log what we know and pass on the exception afterwards
-				$exception = $e;
-			}
-		}
-		\OC_Hook::emit('OCP\Share', 'share_link_access', [
-			'itemType' => $itemType,
-			'itemSource' => $itemSource,
-			'uidOwner' => $uidOwner,
-			'token' => $token,
-			'errorCode' => $errorCode,
-			'errorMessage' => $errorMessage,
-		]);
-		if(!is_null($exception)) {
-			throw $exception;
-		}
-	}
-
-	/**
-	 * Validate the permissions of the share
-	 *
-	 * @param Share\IShare $share
-	 * @return bool
-	 */
-	private function validateShare(\OCP\Share\IShare $share) {
-		return $share->getNode()->isReadable() && $share->getNode()->isShareable();
-	}
-
-	/**
-	 * @PublicPage
-	 * @NoCSRFRequired
-	 *
-	 * @param string $token
-	 * @param string $path
-	 * @return TemplateResponse|RedirectResponse|NotFoundResponse
-	 * @throws NotFoundException
-	 * @throws \Exception
-	 */
-	public function showShare($token, $path = '') {
-		\OC_User::setIncognitoMode(true);
-
-		// Check whether share exists
-		try {
-			$share = $this->shareManager->getShareByToken($token);
-		} catch (ShareNotFound $e) {
-			$this->emitAccessShareHook($token, 404, 'Share not found');
-			return new NotFoundResponse();
-		}
-
-		// Share is password protected - check whether the user is permitted to access the share
-		if ($share->getPassword() !== null && !$this->linkShareAuth($share)) {
-			return new RedirectResponse($this->urlGenerator->linkToRoute('files_sharing.sharecontroller.authenticate',
-				array('token' => $token)));
-		}
-
-		if (!$this->validateShare($share)) {
-			throw new NotFoundException();
-		}
-		// We can't get the path of a file share
-		try {
-			if ($share->getNode() instanceof \OCP\Files\File && $path !== '') {
-				$this->emitAccessShareHook($share, 404, 'Share not found');
-				throw new NotFoundException();
-			}
-		} catch (\Exception $e) {
-			$this->emitAccessShareHook($share, 404, 'Share not found');
-			throw $e;
-		}
-
-		$shareTmpl = [];
-		$shareTmpl['displayName'] = $this->userManager->get($share->getShareOwner())->getDisplayName();
-		$shareTmpl['owner'] = $share->getShareOwner();
-		$shareTmpl['filename'] = $share->getNode()->getName();
-		$shareTmpl['directory_path'] = $share->getTarget();
-		$shareTmpl['mimetype'] = $share->getNode()->getMimetype();
-		$shareTmpl['previewSupported'] = $this->previewManager->isMimeSupported($share->getNode()->getMimetype());
-		$shareTmpl['dirToken'] = $token;
-		$shareTmpl['sharingToken'] = $token;
-		$shareTmpl['server2serversharing'] = $this->federatedShareProvider->isOutgoingServer2serverShareEnabled();
-		$shareTmpl['protected'] = $share->getPassword() !== null ? 'true' : 'false';
-		$shareTmpl['dir'] = '';
-		$shareTmpl['nonHumanFileSize'] = $share->getNode()->getSize();
-		$shareTmpl['fileSize'] = \OCP\Util::humanFileSize($share->getNode()->getSize());
-
-		// Show file list
-		$hideFileList = false;
-		if ($share->getNode() instanceof \OCP\Files\Folder) {
-			/** @var \OCP\Files\Folder $rootFolder */
-			$rootFolder = $share->getNode();
-
-			try {
-				$folderNode = $rootFolder->get($path);
-			} catch (\OCP\Files\NotFoundException $e) {
-				$this->emitAccessShareHook($share, 404, 'Share not found');
-				throw new NotFoundException();
-			}
-
-			$shareTmpl['dir'] = $rootFolder->getRelativePath($folderNode->getPath());
-
-			/*
+    /** @var IConfig */
+    protected $config;
+    /** @var IURLGenerator */
+    protected $urlGenerator;
+    /** @var IUserManager */
+    protected $userManager;
+    /** @var ILogger */
+    protected $logger;
+    /** @var \OCP\Activity\IManager */
+    protected $activityManager;
+    /** @var \OCP\Share\IManager */
+    protected $shareManager;
+    /** @var ISession */
+    protected $session;
+    /** @var IPreview */
+    protected $previewManager;
+    /** @var IRootFolder */
+    protected $rootFolder;
+    /** @var FederatedShareProvider */
+    protected $federatedShareProvider;
+    /** @var EventDispatcherInterface */
+    protected $eventDispatcher;
+    /** @var IL10N */
+    protected $l10n;
+    /** @var Defaults */
+    protected $defaults;
+
+    /**
+     * @param string $appName
+     * @param IRequest $request
+     * @param IConfig $config
+     * @param IURLGenerator $urlGenerator
+     * @param IUserManager $userManager
+     * @param ILogger $logger
+     * @param \OCP\Activity\IManager $activityManager
+     * @param \OCP\Share\IManager $shareManager
+     * @param ISession $session
+     * @param IPreview $previewManager
+     * @param IRootFolder $rootFolder
+     * @param FederatedShareProvider $federatedShareProvider
+     * @param EventDispatcherInterface $eventDispatcher
+     * @param IL10N $l10n
+     * @param Defaults $defaults
+     */
+    public function __construct($appName,
+                                IRequest $request,
+                                IConfig $config,
+                                IURLGenerator $urlGenerator,
+                                IUserManager $userManager,
+                                ILogger $logger,
+                                \OCP\Activity\IManager $activityManager,
+                                \OCP\Share\IManager $shareManager,
+                                ISession $session,
+                                IPreview $previewManager,
+                                IRootFolder $rootFolder,
+                                FederatedShareProvider $federatedShareProvider,
+                                EventDispatcherInterface $eventDispatcher,
+                                IL10N $l10n,
+                                Defaults $defaults) {
+        parent::__construct($appName, $request);
+
+        $this->config = $config;
+        $this->urlGenerator = $urlGenerator;
+        $this->userManager = $userManager;
+        $this->logger = $logger;
+        $this->activityManager = $activityManager;
+        $this->shareManager = $shareManager;
+        $this->session = $session;
+        $this->previewManager = $previewManager;
+        $this->rootFolder = $rootFolder;
+        $this->federatedShareProvider = $federatedShareProvider;
+        $this->eventDispatcher = $eventDispatcher;
+        $this->l10n = $l10n;
+        $this->defaults = $defaults;
+    }
+
+    /**
+     * @PublicPage
+     * @NoCSRFRequired
+     *
+     * @param string $token
+     * @return TemplateResponse|RedirectResponse
+     */
+    public function showAuthenticate($token) {
+        $share = $this->shareManager->getShareByToken($token);
+
+        if($this->linkShareAuth($share)) {
+            return new RedirectResponse($this->urlGenerator->linkToRoute('files_sharing.sharecontroller.showShare', array('token' => $token)));
+        }
+
+        return new TemplateResponse($this->appName, 'authenticate', array(), 'guest');
+    }
+
+    /**
+     * @PublicPage
+     * @UseSession
+     * @BruteForceProtection(action=publicLinkAuth)
+     *
+     * Authenticates against password-protected shares
+     * @param string $token
+     * @param string $password
+     * @return RedirectResponse|TemplateResponse|NotFoundResponse
+     */
+    public function authenticate($token, $password = '') {
+
+        // Check whether share exists
+        try {
+            $share = $this->shareManager->getShareByToken($token);
+        } catch (ShareNotFound $e) {
+            return new NotFoundResponse();
+        }
+
+        $authenticate = $this->linkShareAuth($share, $password);
+
+        if($authenticate === true) {
+            return new RedirectResponse($this->urlGenerator->linkToRoute('files_sharing.sharecontroller.showShare', array('token' => $token)));
+        }
+
+        return new TemplateResponse($this->appName, 'authenticate', array('wrongpw' => true), 'guest');
+    }
+
+    /**
+     * Authenticate a link item with the given password.
+     * Or use the session if no password is provided.
+     *
+     * This is a modified version of Helper::authenticate
+     * TODO: Try to merge back eventually with Helper::authenticate
+     *
+     * @param \OCP\Share\IShare $share
+     * @param string|null $password
+     * @return bool
+     */
+    private function linkShareAuth(\OCP\Share\IShare $share, $password = null) {
+        if ($password !== null) {
+            if ($this->shareManager->checkPassword($share, $password)) {
+                $this->session->set('public_link_authenticated', (string)$share->getId());
+            } else {
+                $this->emitAccessShareHook($share, 403, 'Wrong password');
+                return false;
+            }
+        } else {
+            // not authenticated ?
+            if ( ! $this->session->exists('public_link_authenticated')
+                || $this->session->get('public_link_authenticated') !== (string)$share->getId()) {
+                return false;
+            }
+        }
+        return true;
+    }
+
+    /**
+     * throws hooks when a share is attempted to be accessed
+     *
+     * @param \OCP\Share\IShare|string $share the Share instance if available,
+     * otherwise token
+     * @param int $errorCode
+     * @param string $errorMessage
+     * @throws \OC\HintException
+     * @throws \OC\ServerNotAvailableException
+     */
+    protected function emitAccessShareHook($share, $errorCode = 200, $errorMessage = '') {
+        $itemType = $itemSource = $uidOwner = '';
+        $token = $share;
+        $exception = null;
+        if($share instanceof \OCP\Share\IShare) {
+            try {
+                $token = $share->getToken();
+                $uidOwner = $share->getSharedBy();
+                $itemType = $share->getNodeType();
+                $itemSource = $share->getNodeId();
+            } catch (\Exception $e) {
+                // we log what we know and pass on the exception afterwards
+                $exception = $e;
+            }
+        }
+        \OC_Hook::emit('OCP\Share', 'share_link_access', [
+            'itemType' => $itemType,
+            'itemSource' => $itemSource,
+            'uidOwner' => $uidOwner,
+            'token' => $token,
+            'errorCode' => $errorCode,
+            'errorMessage' => $errorMessage,
+        ]);
+        if(!is_null($exception)) {
+            throw $exception;
+        }
+    }
+
+    /**
+     * Validate the permissions of the share
+     *
+     * @param Share\IShare $share
+     * @return bool
+     */
+    private function validateShare(\OCP\Share\IShare $share) {
+        return $share->getNode()->isReadable() && $share->getNode()->isShareable();
+    }
+
+    /**
+     * @PublicPage
+     * @NoCSRFRequired
+     *
+     * @param string $token
+     * @param string $path
+     * @return TemplateResponse|RedirectResponse|NotFoundResponse
+     * @throws NotFoundException
+     * @throws \Exception
+     */
+    public function showShare($token, $path = '') {
+        \OC_User::setIncognitoMode(true);
+
+        // Check whether share exists
+        try {
+            $share = $this->shareManager->getShareByToken($token);
+        } catch (ShareNotFound $e) {
+            $this->emitAccessShareHook($token, 404, 'Share not found');
+            return new NotFoundResponse();
+        }
+
+        // Share is password protected - check whether the user is permitted to access the share
+        if ($share->getPassword() !== null && !$this->linkShareAuth($share)) {
+            return new RedirectResponse($this->urlGenerator->linkToRoute('files_sharing.sharecontroller.authenticate',
+                array('token' => $token)));
+        }
+
+        if (!$this->validateShare($share)) {
+            throw new NotFoundException();
+        }
+        // We can't get the path of a file share
+        try {
+            if ($share->getNode() instanceof \OCP\Files\File && $path !== '') {
+                $this->emitAccessShareHook($share, 404, 'Share not found');
+                throw new NotFoundException();
+            }
+        } catch (\Exception $e) {
+            $this->emitAccessShareHook($share, 404, 'Share not found');
+            throw $e;
+        }
+
+        $shareTmpl = [];
+        $shareTmpl['displayName'] = $this->userManager->get($share->getShareOwner())->getDisplayName();
+        $shareTmpl['owner'] = $share->getShareOwner();
+        $shareTmpl['filename'] = $share->getNode()->getName();
+        $shareTmpl['directory_path'] = $share->getTarget();
+        $shareTmpl['mimetype'] = $share->getNode()->getMimetype();
+        $shareTmpl['previewSupported'] = $this->previewManager->isMimeSupported($share->getNode()->getMimetype());
+        $shareTmpl['dirToken'] = $token;
+        $shareTmpl['sharingToken'] = $token;
+        $shareTmpl['server2serversharing'] = $this->federatedShareProvider->isOutgoingServer2serverShareEnabled();
+        $shareTmpl['protected'] = $share->getPassword() !== null ? 'true' : 'false';
+        $shareTmpl['dir'] = '';
+        $shareTmpl['nonHumanFileSize'] = $share->getNode()->getSize();
+        $shareTmpl['fileSize'] = \OCP\Util::humanFileSize($share->getNode()->getSize());
+
+        // Show file list
+        $hideFileList = false;
+        if ($share->getNode() instanceof \OCP\Files\Folder) {
+            /** @var \OCP\Files\Folder $rootFolder */
+            $rootFolder = $share->getNode();
+
+            try {
+                $folderNode = $rootFolder->get($path);
+            } catch (\OCP\Files\NotFoundException $e) {
+                $this->emitAccessShareHook($share, 404, 'Share not found');
+                throw new NotFoundException();
+            }
+
+            $shareTmpl['dir'] = $rootFolder->getRelativePath($folderNode->getPath());
+
+            /*
 			 * The OC_Util methods require a view. This just uses the node API
 			 */
-			$freeSpace = $share->getNode()->getStorage()->free_space($share->getNode()->getInternalPath());
-			if ($freeSpace < \OCP\Files\FileInfo::SPACE_UNLIMITED) {
-				$freeSpace = max($freeSpace, 0);
-			} else {
-				$freeSpace = (INF > 0) ? INF: PHP_INT_MAX; // work around https://bugs.php.net/bug.php?id=69188
-			}
-
-			$hideFileList = $share->getPermissions() & \OCP\Constants::PERMISSION_READ ? false : true;
-			$maxUploadFilesize = $freeSpace;
-
-			$folder = new Template('files', 'list', '');
-			$folder->assign('dir', $rootFolder->getRelativePath($folderNode->getPath()));
-			$folder->assign('dirToken', $token);
-			$folder->assign('permissions', \OCP\Constants::PERMISSION_READ);
-			$folder->assign('isPublic', true);
-			$folder->assign('hideFileList', $hideFileList);
-			$folder->assign('publicUploadEnabled', 'no');
-			$folder->assign('uploadMaxFilesize', $maxUploadFilesize);
-			$folder->assign('uploadMaxHumanFilesize', \OCP\Util::humanFileSize($maxUploadFilesize));
-			$folder->assign('freeSpace', $freeSpace);
-			$folder->assign('usedSpacePercent', 0);
-			$folder->assign('trash', false);
-			$shareTmpl['folder'] = $folder->fetchPage();
-		}
-
-		$shareTmpl['hideFileList'] = $hideFileList;
-		$shareTmpl['shareOwner'] = $this->userManager->get($share->getShareOwner())->getDisplayName();
-		$shareTmpl['downloadURL'] = $this->urlGenerator->linkToRouteAbsolute('files_sharing.sharecontroller.downloadShare', ['token' => $token]);
-		$shareTmpl['shareUrl'] = $this->urlGenerator->linkToRouteAbsolute('files_sharing.sharecontroller.showShare', ['token' => $token]);
-		$shareTmpl['maxSizeAnimateGif'] = $this->config->getSystemValue('max_filesize_animated_gifs_public_sharing', 10);
-		$shareTmpl['previewEnabled'] = $this->config->getSystemValue('enable_previews', true);
-		$shareTmpl['previewMaxX'] = $this->config->getSystemValue('preview_max_x', 1024);
-		$shareTmpl['previewMaxY'] = $this->config->getSystemValue('preview_max_y', 1024);
-		$shareTmpl['disclaimer'] = $this->config->getAppValue('core', 'shareapi_public_link_disclaimertext', null);
-		if ($shareTmpl['previewSupported']) {
-			$shareTmpl['previewImage'] = $this->urlGenerator->linkToRouteAbsolute( 'files_sharing.PublicPreview.getPreview',
-				['x' => 200, 'y' => 200, 'file' => $shareTmpl['directory_path'], 't' => $shareTmpl['dirToken']]);
-		} else {
-			$shareTmpl['previewImage'] = $this->urlGenerator->getAbsoluteURL($this->urlGenerator->imagePath('core', 'favicon-fb.png'));
-		}
-
-		// Load files we need
-		\OCP\Util::addScript('files', 'file-upload');
-		\OCP\Util::addStyle('files_sharing', 'publicView');
-		\OCP\Util::addScript('files_sharing', 'public');
-		\OCP\Util::addScript('files', 'fileactions');
-		\OCP\Util::addScript('files', 'fileactionsmenu');
-		\OCP\Util::addScript('files', 'jquery.fileupload');
-		\OCP\Util::addScript('files_sharing', 'files_drop');
-
-		if (isset($shareTmpl['folder'])) {
-			// JS required for folders
-			\OCP\Util::addStyle('files', 'merged');
-			\OCP\Util::addScript('files', 'filesummary');
-			\OCP\Util::addScript('files', 'breadcrumb');
-			\OCP\Util::addScript('files', 'fileinfomodel');
-			\OCP\Util::addScript('files', 'newfilemenu');
-			\OCP\Util::addScript('files', 'files');
-			\OCP\Util::addScript('files', 'filelist');
-			\OCP\Util::addScript('files', 'keyboardshortcuts');
-		}
-
-		// OpenGraph Support: http://ogp.me/
-		\OCP\Util::addHeader('meta', ['property' => "og:title", 'content' => $this->defaults->getName() . ' - ' . $this->defaults->getSlogan()]);
-		\OCP\Util::addHeader('meta', ['property' => "og:description", 'content' => $this->l10n->t('%s is publicly shared', [$shareTmpl['filename']])]);
-		\OCP\Util::addHeader('meta', ['property' => "og:site_name", 'content' => $this->defaults->getName()]);
-		\OCP\Util::addHeader('meta', ['property' => "og:url", 'content' => $shareTmpl['shareUrl']]);
-		\OCP\Util::addHeader('meta', ['property' => "og:type", 'content' => "object"]);
-		\OCP\Util::addHeader('meta', ['property' => "og:image", 'content' => $shareTmpl['previewImage']]);
-
-		$this->eventDispatcher->dispatch('OCA\Files_Sharing::loadAdditionalScripts');
-
-		$csp = new \OCP\AppFramework\Http\ContentSecurityPolicy();
-		$csp->addAllowedFrameDomain('\'self\'');
-		$response = new TemplateResponse($this->appName, 'public', $shareTmpl, 'base');
-		$response->setContentSecurityPolicy($csp);
-
-		$this->emitAccessShareHook($share);
-
-		return $response;
-	}
-
-	/**
-	 * @PublicPage
-	 * @NoCSRFRequired
-	 *
-	 * @param string $token
-	 * @param string $files
-	 * @param string $path
-	 * @param string $downloadStartSecret
-	 * @return void|\OCP\AppFramework\Http\Response
-	 * @throws NotFoundException
-	 */
-	public function downloadShare($token, $files = null, $path = '', $downloadStartSecret = '') {
-		\OC_User::setIncognitoMode(true);
-
-		$share = $this->shareManager->getShareByToken($token);
-
-		if(!($share->getPermissions() & \OCP\Constants::PERMISSION_READ)) {
-			return new \OCP\AppFramework\Http\DataResponse('Share is read-only');
-		}
-
-		// Share is password protected - check whether the user is permitted to access the share
-		if ($share->getPassword() !== null && !$this->linkShareAuth($share)) {
-			return new RedirectResponse($this->urlGenerator->linkToRoute('files_sharing.sharecontroller.authenticate',
-				['token' => $token]));
-		}
-
-		$files_list = null;
-		if (!is_null($files)) { // download selected files
-			$files_list = json_decode($files);
-			// in case we get only a single file
-			if ($files_list === null) {
-				$files_list = [$files];
-			}
-		}
-
-		$userFolder = $this->rootFolder->getUserFolder($share->getShareOwner());
-		$originalSharePath = $userFolder->getRelativePath($share->getNode()->getPath());
-
-		if (!$this->validateShare($share)) {
-			throw new NotFoundException();
-		}
-
-		// Single file share
-		if ($share->getNode() instanceof \OCP\Files\File) {
-			// Single file download
-			$this->singleFileDownloaded($share, $share->getNode());
-		}
-		// Directory share
-		else {
-			/** @var \OCP\Files\Folder $node */
-			$node = $share->getNode();
-
-			// Try to get the path
-			if ($path !== '') {
-				try {
-					$node = $node->get($path);
-				} catch (NotFoundException $e) {
-					$this->emitAccessShareHook($share, 404, 'Share not found');
-					return new NotFoundResponse();
-				}
-			}
-
-			$originalSharePath = $userFolder->getRelativePath($node->getPath());
-
-			if ($node instanceof \OCP\Files\File) {
-				// Single file download
-				$this->singleFileDownloaded($share, $share->getNode());
-			} else if (!empty($files_list)) {
-				$this->fileListDownloaded($share, $files_list, $node);
-			} else {
-				// The folder is downloaded
-				$this->singleFileDownloaded($share, $share->getNode());
-			}
-		}
-
-		/* FIXME: We should do this all nicely in OCP */
-		OC_Util::tearDownFS();
-		OC_Util::setupFS($share->getShareOwner());
-
-		/**
-		 * this sets a cookie to be able to recognize the start of the download
-		 * the content must not be longer than 32 characters and must only contain
-		 * alphanumeric characters
-		 */
-		if (!empty($downloadStartSecret)
-			&& !isset($downloadStartSecret[32])
-			&& preg_match('!^[a-zA-Z0-9]+$!', $downloadStartSecret) === 1) {
-
-			// FIXME: set on the response once we use an actual app framework response
-			setcookie('ocDownloadStarted', $downloadStartSecret, time() + 20, '/');
-		}
-
-		$this->emitAccessShareHook($share);
-
-		$server_params = array( 'head' => $this->request->getMethod() == 'HEAD' );
-
-		/**
-		 * Http range requests support
-		 */
-		if (isset($_SERVER['HTTP_RANGE'])) {
-			$server_params['range'] = $this->request->getHeader('Range');
-		}
-
-		// download selected files
-		if (!is_null($files) && $files !== '') {
-			// FIXME: The exit is required here because otherwise the AppFramework is trying to add headers as well
-			// after dispatching the request which results in a "Cannot modify header information" notice.
-			OC_Files::get($originalSharePath, $files_list, $server_params);
-			exit();
-		} else {
-			// FIXME: The exit is required here because otherwise the AppFramework is trying to add headers as well
-			// after dispatching the request which results in a "Cannot modify header information" notice.
-			OC_Files::get(dirname($originalSharePath), basename($originalSharePath), $server_params);
-			exit();
-		}
-	}
-
-	/**
-	 * create activity for every downloaded file
-	 *
-	 * @param Share\IShare $share
-	 * @param array $files_list
-	 * @param \OCP\Files\Folder $node
-	 */
-	protected function fileListDownloaded(Share\IShare $share, array $files_list, \OCP\Files\Folder $node) {
-		foreach ($files_list as $file) {
-			$subNode = $node->get($file);
-			$this->singleFileDownloaded($share, $subNode);
-		}
-
-	}
-
-	/**
-	 * create activity if a single file was downloaded from a link share
-	 *
-	 * @param Share\IShare $share
-	 */
-	protected function singleFileDownloaded(Share\IShare $share, \OCP\Files\Node $node) {
-
-		$fileId = $node->getId();
-
-		$userFolder = $this->rootFolder->getUserFolder($share->getSharedBy());
-		$userNodeList = $userFolder->getById($fileId);
-		$userNode = $userNodeList[0];
-		$ownerFolder = $this->rootFolder->getUserFolder($share->getShareOwner());
-		$userPath = $userFolder->getRelativePath($userNode->getPath());
-		$ownerPath = $ownerFolder->getRelativePath($node->getPath());
-
-		$parameters = [$userPath];
-
-		if ($share->getShareType() === \OCP\Share::SHARE_TYPE_EMAIL) {
-			if ($node instanceof \OCP\Files\File) {
-				$subject = Downloads::SUBJECT_SHARED_FILE_BY_EMAIL_DOWNLOADED;
-			} else {
-				$subject = Downloads::SUBJECT_SHARED_FOLDER_BY_EMAIL_DOWNLOADED;
-			}
-			$parameters[] = $share->getSharedWith();
-		} else {
-			if ($node instanceof \OCP\Files\File) {
-				$subject = Downloads::SUBJECT_PUBLIC_SHARED_FILE_DOWNLOADED;
-			} else {
-				$subject = Downloads::SUBJECT_PUBLIC_SHARED_FOLDER_DOWNLOADED;
-			}
-		}
-
-		$this->publishActivity($subject, $parameters, $share->getSharedBy(), $fileId, $userPath);
-
-		if ($share->getShareOwner() !== $share->getSharedBy()) {
-			$parameters[0] = $ownerPath;
-			$this->publishActivity($subject, $parameters, $share->getShareOwner(), $fileId, $ownerPath);
-		}
-	}
-
-	/**
-	 * publish activity
-	 *
-	 * @param string $subject
-	 * @param array $parameters
-	 * @param string $affectedUser
-	 * @param int $fileId
-	 * @param string $filePath
-	 */
-	protected function publishActivity($subject,
-										array $parameters,
-										$affectedUser,
-										$fileId,
-										$filePath) {
-
-		$event = $this->activityManager->generateEvent();
-		$event->setApp('files_sharing')
-			->setType('public_links')
-			->setSubject($subject, $parameters)
-			->setAffectedUser($affectedUser)
-			->setObject('files', $fileId, $filePath);
-		$this->activityManager->publish($event);
-	}
+            $freeSpace = $share->getNode()->getStorage()->free_space($share->getNode()->getInternalPath());
+            if ($freeSpace < \OCP\Files\FileInfo::SPACE_UNLIMITED) {
+                $freeSpace = max($freeSpace, 0);
+            } else {
+                $freeSpace = (INF > 0) ? INF: PHP_INT_MAX; // work around https://bugs.php.net/bug.php?id=69188
+            }
+
+            $hideFileList = $share->getPermissions() & \OCP\Constants::PERMISSION_READ ? false : true;
+            $maxUploadFilesize = $freeSpace;
+
+            $folder = new Template('files', 'list', '');
+            $folder->assign('dir', $rootFolder->getRelativePath($folderNode->getPath()));
+            $folder->assign('dirToken', $token);
+            $folder->assign('permissions', \OCP\Constants::PERMISSION_READ);
+            $folder->assign('isPublic', true);
+            $folder->assign('hideFileList', $hideFileList);
+            $folder->assign('publicUploadEnabled', 'no');
+            $folder->assign('uploadMaxFilesize', $maxUploadFilesize);
+            $folder->assign('uploadMaxHumanFilesize', \OCP\Util::humanFileSize($maxUploadFilesize));
+            $folder->assign('freeSpace', $freeSpace);
+            $folder->assign('usedSpacePercent', 0);
+            $folder->assign('trash', false);
+            $shareTmpl['folder'] = $folder->fetchPage();
+        }
+
+        $shareTmpl['hideFileList'] = $hideFileList;
+        $shareTmpl['shareOwner'] = $this->userManager->get($share->getShareOwner())->getDisplayName();
+        $shareTmpl['downloadURL'] = $this->urlGenerator->linkToRouteAbsolute('files_sharing.sharecontroller.downloadShare', ['token' => $token]);
+        $shareTmpl['shareUrl'] = $this->urlGenerator->linkToRouteAbsolute('files_sharing.sharecontroller.showShare', ['token' => $token]);
+        $shareTmpl['maxSizeAnimateGif'] = $this->config->getSystemValue('max_filesize_animated_gifs_public_sharing', 10);
+        $shareTmpl['previewEnabled'] = $this->config->getSystemValue('enable_previews', true);
+        $shareTmpl['previewMaxX'] = $this->config->getSystemValue('preview_max_x', 1024);
+        $shareTmpl['previewMaxY'] = $this->config->getSystemValue('preview_max_y', 1024);
+        $shareTmpl['disclaimer'] = $this->config->getAppValue('core', 'shareapi_public_link_disclaimertext', null);
+        if ($shareTmpl['previewSupported']) {
+            $shareTmpl['previewImage'] = $this->urlGenerator->linkToRouteAbsolute( 'files_sharing.PublicPreview.getPreview',
+                ['x' => 200, 'y' => 200, 'file' => $shareTmpl['directory_path'], 't' => $shareTmpl['dirToken']]);
+        } else {
+            $shareTmpl['previewImage'] = $this->urlGenerator->getAbsoluteURL($this->urlGenerator->imagePath('core', 'favicon-fb.png'));
+        }
+
+        // Load files we need
+        \OCP\Util::addScript('files', 'file-upload');
+        \OCP\Util::addStyle('files_sharing', 'publicView');
+        \OCP\Util::addScript('files_sharing', 'public');
+        \OCP\Util::addScript('files', 'fileactions');
+        \OCP\Util::addScript('files', 'fileactionsmenu');
+        \OCP\Util::addScript('files', 'jquery.fileupload');
+        \OCP\Util::addScript('files_sharing', 'files_drop');
+
+        if (isset($shareTmpl['folder'])) {
+            // JS required for folders
+            \OCP\Util::addStyle('files', 'merged');
+            \OCP\Util::addScript('files', 'filesummary');
+            \OCP\Util::addScript('files', 'breadcrumb');
+            \OCP\Util::addScript('files', 'fileinfomodel');
+            \OCP\Util::addScript('files', 'newfilemenu');
+            \OCP\Util::addScript('files', 'files');
+            \OCP\Util::addScript('files', 'filelist');
+            \OCP\Util::addScript('files', 'keyboardshortcuts');
+        }
+
+        // OpenGraph Support: http://ogp.me/
+        \OCP\Util::addHeader('meta', ['property' => "og:title", 'content' => $this->defaults->getName() . ' - ' . $this->defaults->getSlogan()]);
+        \OCP\Util::addHeader('meta', ['property' => "og:description", 'content' => $this->l10n->t('%s is publicly shared', [$shareTmpl['filename']])]);
+        \OCP\Util::addHeader('meta', ['property' => "og:site_name", 'content' => $this->defaults->getName()]);
+        \OCP\Util::addHeader('meta', ['property' => "og:url", 'content' => $shareTmpl['shareUrl']]);
+        \OCP\Util::addHeader('meta', ['property' => "og:type", 'content' => "object"]);
+        \OCP\Util::addHeader('meta', ['property' => "og:image", 'content' => $shareTmpl['previewImage']]);
+
+        $this->eventDispatcher->dispatch('OCA\Files_Sharing::loadAdditionalScripts');
+
+        $csp = new \OCP\AppFramework\Http\ContentSecurityPolicy();
+        $csp->addAllowedFrameDomain('\'self\'');
+        $response = new TemplateResponse($this->appName, 'public', $shareTmpl, 'base');
+        $response->setContentSecurityPolicy($csp);
+
+        $this->emitAccessShareHook($share);
+
+        return $response;
+    }
+
+    /**
+     * @PublicPage
+     * @NoCSRFRequired
+     *
+     * @param string $token
+     * @param string $files
+     * @param string $path
+     * @param string $downloadStartSecret
+     * @return void|\OCP\AppFramework\Http\Response
+     * @throws NotFoundException
+     */
+    public function downloadShare($token, $files = null, $path = '', $downloadStartSecret = '') {
+        \OC_User::setIncognitoMode(true);
+
+        $share = $this->shareManager->getShareByToken($token);
+
+        if(!($share->getPermissions() & \OCP\Constants::PERMISSION_READ)) {
+            return new \OCP\AppFramework\Http\DataResponse('Share is read-only');
+        }
+
+        // Share is password protected - check whether the user is permitted to access the share
+        if ($share->getPassword() !== null && !$this->linkShareAuth($share)) {
+            return new RedirectResponse($this->urlGenerator->linkToRoute('files_sharing.sharecontroller.authenticate',
+                ['token' => $token]));
+        }
+
+        $files_list = null;
+        if (!is_null($files)) { // download selected files
+            $files_list = json_decode($files);
+            // in case we get only a single file
+            if ($files_list === null) {
+                $files_list = [$files];
+            }
+        }
+
+        $userFolder = $this->rootFolder->getUserFolder($share->getShareOwner());
+        $originalSharePath = $userFolder->getRelativePath($share->getNode()->getPath());
+
+        if (!$this->validateShare($share)) {
+            throw new NotFoundException();
+        }
+
+        // Single file share
+        if ($share->getNode() instanceof \OCP\Files\File) {
+            // Single file download
+            $this->singleFileDownloaded($share, $share->getNode());
+        }
+        // Directory share
+        else {
+            /** @var \OCP\Files\Folder $node */
+            $node = $share->getNode();
+
+            // Try to get the path
+            if ($path !== '') {
+                try {
+                    $node = $node->get($path);
+                } catch (NotFoundException $e) {
+                    $this->emitAccessShareHook($share, 404, 'Share not found');
+                    return new NotFoundResponse();
+                }
+            }
+
+            $originalSharePath = $userFolder->getRelativePath($node->getPath());
+
+            if ($node instanceof \OCP\Files\File) {
+                // Single file download
+                $this->singleFileDownloaded($share, $share->getNode());
+            } else if (!empty($files_list)) {
+                $this->fileListDownloaded($share, $files_list, $node);
+            } else {
+                // The folder is downloaded
+                $this->singleFileDownloaded($share, $share->getNode());
+            }
+        }
+
+        /* FIXME: We should do this all nicely in OCP */
+        OC_Util::tearDownFS();
+        OC_Util::setupFS($share->getShareOwner());
+
+        /**
+         * this sets a cookie to be able to recognize the start of the download
+         * the content must not be longer than 32 characters and must only contain
+         * alphanumeric characters
+         */
+        if (!empty($downloadStartSecret)
+            && !isset($downloadStartSecret[32])
+            && preg_match('!^[a-zA-Z0-9]+$!', $downloadStartSecret) === 1) {
+
+            // FIXME: set on the response once we use an actual app framework response
+            setcookie('ocDownloadStarted', $downloadStartSecret, time() + 20, '/');
+        }
+
+        $this->emitAccessShareHook($share);
+
+        $server_params = array( 'head' => $this->request->getMethod() == 'HEAD' );
+
+        /**
+         * Http range requests support
+         */
+        if (isset($_SERVER['HTTP_RANGE'])) {
+            $server_params['range'] = $this->request->getHeader('Range');
+        }
+
+        // download selected files
+        if (!is_null($files) && $files !== '') {
+            // FIXME: The exit is required here because otherwise the AppFramework is trying to add headers as well
+            // after dispatching the request which results in a "Cannot modify header information" notice.
+            OC_Files::get($originalSharePath, $files_list, $server_params);
+            exit();
+        } else {
+            // FIXME: The exit is required here because otherwise the AppFramework is trying to add headers as well
+            // after dispatching the request which results in a "Cannot modify header information" notice.
+            OC_Files::get(dirname($originalSharePath), basename($originalSharePath), $server_params);
+            exit();
+        }
+    }
+
+    /**
+     * create activity for every downloaded file
+     *
+     * @param Share\IShare $share
+     * @param array $files_list
+     * @param \OCP\Files\Folder $node
+     */
+    protected function fileListDownloaded(Share\IShare $share, array $files_list, \OCP\Files\Folder $node) {
+        foreach ($files_list as $file) {
+            $subNode = $node->get($file);
+            $this->singleFileDownloaded($share, $subNode);
+        }
+
+    }
+
+    /**
+     * create activity if a single file was downloaded from a link share
+     *
+     * @param Share\IShare $share
+     */
+    protected function singleFileDownloaded(Share\IShare $share, \OCP\Files\Node $node) {
+
+        $fileId = $node->getId();
+
+        $userFolder = $this->rootFolder->getUserFolder($share->getSharedBy());
+        $userNodeList = $userFolder->getById($fileId);
+        $userNode = $userNodeList[0];
+        $ownerFolder = $this->rootFolder->getUserFolder($share->getShareOwner());
+        $userPath = $userFolder->getRelativePath($userNode->getPath());
+        $ownerPath = $ownerFolder->getRelativePath($node->getPath());
+
+        $parameters = [$userPath];
+
+        if ($share->getShareType() === \OCP\Share::SHARE_TYPE_EMAIL) {
+            if ($node instanceof \OCP\Files\File) {
+                $subject = Downloads::SUBJECT_SHARED_FILE_BY_EMAIL_DOWNLOADED;
+            } else {
+                $subject = Downloads::SUBJECT_SHARED_FOLDER_BY_EMAIL_DOWNLOADED;
+            }
+            $parameters[] = $share->getSharedWith();
+        } else {
+            if ($node instanceof \OCP\Files\File) {
+                $subject = Downloads::SUBJECT_PUBLIC_SHARED_FILE_DOWNLOADED;
+            } else {
+                $subject = Downloads::SUBJECT_PUBLIC_SHARED_FOLDER_DOWNLOADED;
+            }
+        }
+
+        $this->publishActivity($subject, $parameters, $share->getSharedBy(), $fileId, $userPath);
+
+        if ($share->getShareOwner() !== $share->getSharedBy()) {
+            $parameters[0] = $ownerPath;
+            $this->publishActivity($subject, $parameters, $share->getShareOwner(), $fileId, $ownerPath);
+        }
+    }
+
+    /**
+     * publish activity
+     *
+     * @param string $subject
+     * @param array $parameters
+     * @param string $affectedUser
+     * @param int $fileId
+     * @param string $filePath
+     */
+    protected function publishActivity($subject,
+                                        array $parameters,
+                                        $affectedUser,
+                                        $fileId,
+                                        $filePath) {
+
+        $event = $this->activityManager->generateEvent();
+        $event->setApp('files_sharing')
+            ->setType('public_links')
+            ->setSubject($subject, $parameters)
+            ->setAffectedUser($affectedUser)
+            ->setObject('files', $fileId, $filePath);
+        $this->activityManager->publish($event);
+    }
 
 
 }

apps/federatedfilesharing/lib/Controller/MountPublicLinkController.php

Indentation +278 added lines, -278 removed lines

@@ -54,283 +54,283 @@
  */
 class MountPublicLinkController extends Controller {
 
-	/** @var FederatedShareProvider */
-	private $federatedShareProvider;
-
-	/** @var AddressHandler */
-	private $addressHandler;
-
-	/** @var IManager  */
-	private $shareManager;
-
-	/** @var  ISession */
-	private $session;
-
-	/** @var IL10N */
-	private $l;
-
-	/** @var IUserSession */
-	private $userSession;
-
-	/** @var IClientService */
-	private $clientService;
-
-	/** @var ICloudIdManager  */
-	private $cloudIdManager;
-
-	/**
-	 * MountPublicLinkController constructor.
-	 *
-	 * @param string $appName
-	 * @param IRequest $request
-	 * @param FederatedShareProvider $federatedShareProvider
-	 * @param IManager $shareManager
-	 * @param AddressHandler $addressHandler
-	 * @param ISession $session
-	 * @param IL10N $l
-	 * @param IUserSession $userSession
-	 * @param IClientService $clientService
-	 * @param ICloudIdManager $cloudIdManager
-	 */
-	public function __construct($appName,
-								IRequest $request,
-								FederatedShareProvider $federatedShareProvider,
-								IManager $shareManager,
-								AddressHandler $addressHandler,
-								ISession $session,
-								IL10N $l,
-								IUserSession $userSession,
-								IClientService $clientService,
-								ICloudIdManager $cloudIdManager
-	) {
-		parent::__construct($appName, $request);
-
-		$this->federatedShareProvider = $federatedShareProvider;
-		$this->shareManager = $shareManager;
-		$this->addressHandler = $addressHandler;
-		$this->session = $session;
-		$this->l = $l;
-		$this->userSession = $userSession;
-		$this->clientService = $clientService;
-		$this->cloudIdManager = $cloudIdManager;
-	}
-
-	/**
-	 * send federated share to a user of a public link
-	 *
-	 * @NoCSRFRequired
-	 * @PublicPage
-	 * @BruteForceProtection(action=publicLink2FederatedShare)
-	 *
-	 * @param string $shareWith
-	 * @param string $token
-	 * @param string $password
-	 * @return JSONResponse
-	 */
-	public function createFederatedShare($shareWith, $token, $password = '') {
-
-		if (!$this->federatedShareProvider->isOutgoingServer2serverShareEnabled()) {
-			return new JSONResponse(
-				['message' => 'This server doesn\'t support outgoing federated shares'],
-				Http::STATUS_BAD_REQUEST
-			);
-		}
-
-		try {
-			list(, $server) = $this->addressHandler->splitUserRemote($shareWith);
-			$share = $this->shareManager->getShareByToken($token);
-		} catch (HintException $e) {
-			return new JSONResponse(['message' => $e->getHint()], Http::STATUS_BAD_REQUEST);
-		}
-
-		// make sure that user is authenticated in case of a password protected link
-		$storedPassword = $share->getPassword();
-		$authenticated = $this->session->get('public_link_authenticated') === $share->getId() ||
-			$this->shareManager->checkPassword($share, $password);
-		if (!empty($storedPassword) && !$authenticated ) {
-			return new JSONResponse(
-				['message' => 'No permission to access the share'],
-				Http::STATUS_BAD_REQUEST
-			);
-		}
-
-		$share->setSharedWith($shareWith);
-
-		try {
-			$this->federatedShareProvider->create($share);
-		} catch (\Exception $e) {
-			return new JSONResponse(['message' => $e->getMessage()], Http::STATUS_BAD_REQUEST);
-		}
-
-		return new JSONResponse(['remoteUrl' => $server]);
-	}
-
-	/**
-	 * ask other server to get a federated share
-	 *
-	 * @NoAdminRequired
-	 *
-	 * @param string $token
-	 * @param string $remote
-	 * @param string $password
-	 * @param string $owner (only for legacy reasons, can be removed with legacyMountPublicLink())
-	 * @param string $ownerDisplayName (only for legacy reasons, can be removed with legacyMountPublicLink())
-	 * @param string $name (only for legacy reasons, can be removed with legacyMountPublicLink())
-	 * @return JSONResponse
-	 */
-	public function askForFederatedShare($token, $remote, $password = '', $owner = '', $ownerDisplayName = '', $name = '') {
-		// check if server admin allows to mount public links from other servers
-		if ($this->federatedShareProvider->isIncomingServer2serverShareEnabled() === false) {
-			return new JSONResponse(['message' => $this->l->t('Server to server sharing is not enabled on this server')], Http::STATUS_BAD_REQUEST);
-		}
-
-		$cloudId = $this->cloudIdManager->getCloudId($this->userSession->getUser()->getUID(), $this->addressHandler->generateRemoteURL());
-
-		$httpClient = $this->clientService->newClient();
-
-		try {
-			$response = $httpClient->post($remote . '/index.php/apps/federatedfilesharing/createFederatedShare',
-				[
-					'body' =>
-						[
-							'token' => $token,
-							'shareWith' => rtrim($cloudId->getId(), '/'),
-							'password' => $password
-						],
-					'connect_timeout' => 10,
-				]
-			);
-		} catch (\Exception $e) {
-			if (empty($password)) {
-				$message = $this->l->t("Couldn't establish a federated share.");
-			} else {
-				$message = $this->l->t("Couldn't establish a federated share, maybe the password was wrong.");
-			}
-			return new JSONResponse(['message' => $message], Http::STATUS_BAD_REQUEST);
-		}
-
-		$body = $response->getBody();
-		$result = json_decode($body, true);
-
-		if (is_array($result) && isset($result['remoteUrl'])) {
-			return new JSONResponse(['message' => $this->l->t('Federated Share request was successful, you will receive a invitation. Check your notifications.')]);
-		}
-
-		// if we doesn't get the expected response we assume that we try to add
-		// a federated share from a Nextcloud <= 9 server
-		return $this->legacyMountPublicLink($token, $remote, $password, $name, $owner, $ownerDisplayName);
-	}
-
-	/**
-	 * Allow Nextcloud to mount a public link directly
-	 *
-	 * This code was copied from the apps/files_sharing/ajax/external.php with
-	 * minimal changes, just to guarantee backward compatibility
-	 *
-	 * ToDo: Remove this method once Nextcloud 9 reaches end of life
-	 *
-	 * @param string $token
-	 * @param string $remote
-	 * @param string $password
-	 * @param string $name
-	 * @param string $owner
-	 * @param string $ownerDisplayName
-	 * @return JSONResponse
-	 */
-	private function legacyMountPublicLink($token, $remote, $password, $name, $owner, $ownerDisplayName) {
-
-		// Check for invalid name
-		if (!Util::isValidFileName($name)) {
-			return new JSONResponse(['message' => $this->l->t('The mountpoint name contains invalid characters.')], Http::STATUS_BAD_REQUEST);
-		}
-		$currentUser = $this->userSession->getUser()->getUID();
-		$currentServer = $this->addressHandler->generateRemoteURL();
-		if (Helper::isSameUserOnSameServer($owner, $remote, $currentUser, $currentServer)) {
-			return new JSONResponse(['message' => $this->l->t('Not allowed to create a federated share with the owner.')], Http::STATUS_BAD_REQUEST);
-		}
-		$externalManager = new Manager(
-			\OC::$server->getDatabaseConnection(),
-			Filesystem::getMountManager(),
-			Filesystem::getLoader(),
-			\OC::$server->getHTTPClientService(),
-			\OC::$server->getNotificationManager(),
-			\OC::$server->query(\OCP\OCS\IDiscoveryService::class),
-			\OC::$server->getUserSession()->getUser()->getUID()
-		);
-
-		// check for ssl cert
-
-		if (strpos($remote, 'https') === 0) {
-			try {
-				$client = $this->clientService->newClient();
-				$client->get($remote, [
-					'timeout' => 10,
-					'connect_timeout' => 10,
-				])->getBody();
-			} catch (\Exception $e) {
-				return new JSONResponse(['message' => $this->l->t('Invalid or untrusted SSL certificate')], Http::STATUS_BAD_REQUEST);
-			}
-		}
-		$mount = $externalManager->addShare($remote, $token, $password, $name, $ownerDisplayName, true);
-		/**
-		 * @var \OCA\Files_Sharing\External\Storage $storage
-		 */
-		$storage = $mount->getStorage();
-		try {
-			// check if storage exists
-			$storage->checkStorageAvailability();
-		} catch (StorageInvalidException $e) {
-			// note: checkStorageAvailability will already remove the invalid share
-			Util::writeLog(
-				'federatedfilesharing',
-				'Invalid remote storage: ' . get_class($e) . ': ' . $e->getMessage(),
-				Util::DEBUG
-			);
-			return new JSONResponse(['message' => $this->l->t('Could not authenticate to remote share, password might be wrong')], Http::STATUS_BAD_REQUEST);
-		} catch (\Exception $e) {
-			Util::writeLog(
-				'federatedfilesharing',
-				'Invalid remote storage: ' . get_class($e) . ': ' . $e->getMessage(),
-				Util::DEBUG
-			);
-			$externalManager->removeShare($mount->getMountPoint());
-			return new JSONResponse(['message' => $this->l->t('Storage not valid')], Http::STATUS_BAD_REQUEST);
-		}
-		$result = $storage->file_exists('');
-		if ($result) {
-			try {
-				$storage->getScanner()->scanAll();
-				return new JSONResponse(
-					[
-						'message' => $this->l->t('Federated Share successfully added'),
-						'legacyMount' => '1'
-					]
-				);
-			} catch (StorageInvalidException $e) {
-				Util::writeLog(
-					'federatedfilesharing',
-					'Invalid remote storage: ' . get_class($e) . ': ' . $e->getMessage(),
-					Util::DEBUG
-				);
-				return new JSONResponse(['message' => $this->l->t('Storage not valid')], Http::STATUS_BAD_REQUEST);
-			} catch (\Exception $e) {
-				Util::writeLog(
-					'federatedfilesharing',
-					'Invalid remote storage: ' . get_class($e) . ': ' . $e->getMessage(),
-					Util::DEBUG
-				);
-				return new JSONResponse(['message' => $this->l->t('Couldn\'t add remote share')], Http::STATUS_BAD_REQUEST);
-			}
-		} else {
-			$externalManager->removeShare($mount->getMountPoint());
-			Util::writeLog(
-				'federatedfilesharing',
-				'Couldn\'t add remote share',
-				Util::DEBUG
-			);
-			return new JSONResponse(['message' => $this->l->t('Couldn\'t add remote share')], Http::STATUS_BAD_REQUEST);
-		}
-
-	}
+    /** @var FederatedShareProvider */
+    private $federatedShareProvider;
+
+    /** @var AddressHandler */
+    private $addressHandler;
+
+    /** @var IManager  */
+    private $shareManager;
+
+    /** @var  ISession */
+    private $session;
+
+    /** @var IL10N */
+    private $l;
+
+    /** @var IUserSession */
+    private $userSession;
+
+    /** @var IClientService */
+    private $clientService;
+
+    /** @var ICloudIdManager  */
+    private $cloudIdManager;
+
+    /**
+     * MountPublicLinkController constructor.
+     *
+     * @param string $appName
+     * @param IRequest $request
+     * @param FederatedShareProvider $federatedShareProvider
+     * @param IManager $shareManager
+     * @param AddressHandler $addressHandler
+     * @param ISession $session
+     * @param IL10N $l
+     * @param IUserSession $userSession
+     * @param IClientService $clientService
+     * @param ICloudIdManager $cloudIdManager
+     */
+    public function __construct($appName,
+                                IRequest $request,
+                                FederatedShareProvider $federatedShareProvider,
+                                IManager $shareManager,
+                                AddressHandler $addressHandler,
+                                ISession $session,
+                                IL10N $l,
+                                IUserSession $userSession,
+                                IClientService $clientService,
+                                ICloudIdManager $cloudIdManager
+    ) {
+        parent::__construct($appName, $request);
+
+        $this->federatedShareProvider = $federatedShareProvider;
+        $this->shareManager = $shareManager;
+        $this->addressHandler = $addressHandler;
+        $this->session = $session;
+        $this->l = $l;
+        $this->userSession = $userSession;
+        $this->clientService = $clientService;
+        $this->cloudIdManager = $cloudIdManager;
+    }
+
+    /**
+     * send federated share to a user of a public link
+     *
+     * @NoCSRFRequired
+     * @PublicPage
+     * @BruteForceProtection(action=publicLink2FederatedShare)
+     *
+     * @param string $shareWith
+     * @param string $token
+     * @param string $password
+     * @return JSONResponse
+     */
+    public function createFederatedShare($shareWith, $token, $password = '') {
+
+        if (!$this->federatedShareProvider->isOutgoingServer2serverShareEnabled()) {
+            return new JSONResponse(
+                ['message' => 'This server doesn\'t support outgoing federated shares'],
+                Http::STATUS_BAD_REQUEST
+            );
+        }
+
+        try {
+            list(, $server) = $this->addressHandler->splitUserRemote($shareWith);
+            $share = $this->shareManager->getShareByToken($token);
+        } catch (HintException $e) {
+            return new JSONResponse(['message' => $e->getHint()], Http::STATUS_BAD_REQUEST);
+        }
+
+        // make sure that user is authenticated in case of a password protected link
+        $storedPassword = $share->getPassword();
+        $authenticated = $this->session->get('public_link_authenticated') === $share->getId() ||
+            $this->shareManager->checkPassword($share, $password);
+        if (!empty($storedPassword) && !$authenticated ) {
+            return new JSONResponse(
+                ['message' => 'No permission to access the share'],
+                Http::STATUS_BAD_REQUEST
+            );
+        }
+
+        $share->setSharedWith($shareWith);
+
+        try {
+            $this->federatedShareProvider->create($share);
+        } catch (\Exception $e) {
+            return new JSONResponse(['message' => $e->getMessage()], Http::STATUS_BAD_REQUEST);
+        }
+
+        return new JSONResponse(['remoteUrl' => $server]);
+    }
+
+    /**
+     * ask other server to get a federated share
+     *
+     * @NoAdminRequired
+     *
+     * @param string $token
+     * @param string $remote
+     * @param string $password
+     * @param string $owner (only for legacy reasons, can be removed with legacyMountPublicLink())
+     * @param string $ownerDisplayName (only for legacy reasons, can be removed with legacyMountPublicLink())
+     * @param string $name (only for legacy reasons, can be removed with legacyMountPublicLink())
+     * @return JSONResponse
+     */
+    public function askForFederatedShare($token, $remote, $password = '', $owner = '', $ownerDisplayName = '', $name = '') {
+        // check if server admin allows to mount public links from other servers
+        if ($this->federatedShareProvider->isIncomingServer2serverShareEnabled() === false) {
+            return new JSONResponse(['message' => $this->l->t('Server to server sharing is not enabled on this server')], Http::STATUS_BAD_REQUEST);
+        }
+
+        $cloudId = $this->cloudIdManager->getCloudId($this->userSession->getUser()->getUID(), $this->addressHandler->generateRemoteURL());
+
+        $httpClient = $this->clientService->newClient();
+
+        try {
+            $response = $httpClient->post($remote . '/index.php/apps/federatedfilesharing/createFederatedShare',
+                [
+                    'body' =>
+                        [
+                            'token' => $token,
+                            'shareWith' => rtrim($cloudId->getId(), '/'),
+                            'password' => $password
+                        ],
+                    'connect_timeout' => 10,
+                ]
+            );
+        } catch (\Exception $e) {
+            if (empty($password)) {
+                $message = $this->l->t("Couldn't establish a federated share.");
+            } else {
+                $message = $this->l->t("Couldn't establish a federated share, maybe the password was wrong.");
+            }
+            return new JSONResponse(['message' => $message], Http::STATUS_BAD_REQUEST);
+        }
+
+        $body = $response->getBody();
+        $result = json_decode($body, true);
+
+        if (is_array($result) && isset($result['remoteUrl'])) {
+            return new JSONResponse(['message' => $this->l->t('Federated Share request was successful, you will receive a invitation. Check your notifications.')]);
+        }
+
+        // if we doesn't get the expected response we assume that we try to add
+        // a federated share from a Nextcloud <= 9 server
+        return $this->legacyMountPublicLink($token, $remote, $password, $name, $owner, $ownerDisplayName);
+    }
+
+    /**
+     * Allow Nextcloud to mount a public link directly
+     *
+     * This code was copied from the apps/files_sharing/ajax/external.php with
+     * minimal changes, just to guarantee backward compatibility
+     *
+     * ToDo: Remove this method once Nextcloud 9 reaches end of life
+     *
+     * @param string $token
+     * @param string $remote
+     * @param string $password
+     * @param string $name
+     * @param string $owner
+     * @param string $ownerDisplayName
+     * @return JSONResponse
+     */
+    private function legacyMountPublicLink($token, $remote, $password, $name, $owner, $ownerDisplayName) {
+
+        // Check for invalid name
+        if (!Util::isValidFileName($name)) {
+            return new JSONResponse(['message' => $this->l->t('The mountpoint name contains invalid characters.')], Http::STATUS_BAD_REQUEST);
+        }
+        $currentUser = $this->userSession->getUser()->getUID();
+        $currentServer = $this->addressHandler->generateRemoteURL();
+        if (Helper::isSameUserOnSameServer($owner, $remote, $currentUser, $currentServer)) {
+            return new JSONResponse(['message' => $this->l->t('Not allowed to create a federated share with the owner.')], Http::STATUS_BAD_REQUEST);
+        }
+        $externalManager = new Manager(
+            \OC::$server->getDatabaseConnection(),
+            Filesystem::getMountManager(),
+            Filesystem::getLoader(),
+            \OC::$server->getHTTPClientService(),
+            \OC::$server->getNotificationManager(),
+            \OC::$server->query(\OCP\OCS\IDiscoveryService::class),
+            \OC::$server->getUserSession()->getUser()->getUID()
+        );
+
+        // check for ssl cert
+
+        if (strpos($remote, 'https') === 0) {
+            try {
+                $client = $this->clientService->newClient();
+                $client->get($remote, [
+                    'timeout' => 10,
+                    'connect_timeout' => 10,
+                ])->getBody();
+            } catch (\Exception $e) {
+                return new JSONResponse(['message' => $this->l->t('Invalid or untrusted SSL certificate')], Http::STATUS_BAD_REQUEST);
+            }
+        }
+        $mount = $externalManager->addShare($remote, $token, $password, $name, $ownerDisplayName, true);
+        /**
+         * @var \OCA\Files_Sharing\External\Storage $storage
+         */
+        $storage = $mount->getStorage();
+        try {
+            // check if storage exists
+            $storage->checkStorageAvailability();
+        } catch (StorageInvalidException $e) {
+            // note: checkStorageAvailability will already remove the invalid share
+            Util::writeLog(
+                'federatedfilesharing',
+                'Invalid remote storage: ' . get_class($e) . ': ' . $e->getMessage(),
+                Util::DEBUG
+            );
+            return new JSONResponse(['message' => $this->l->t('Could not authenticate to remote share, password might be wrong')], Http::STATUS_BAD_REQUEST);
+        } catch (\Exception $e) {
+            Util::writeLog(
+                'federatedfilesharing',
+                'Invalid remote storage: ' . get_class($e) . ': ' . $e->getMessage(),
+                Util::DEBUG
+            );
+            $externalManager->removeShare($mount->getMountPoint());
+            return new JSONResponse(['message' => $this->l->t('Storage not valid')], Http::STATUS_BAD_REQUEST);
+        }
+        $result = $storage->file_exists('');
+        if ($result) {
+            try {
+                $storage->getScanner()->scanAll();
+                return new JSONResponse(
+                    [
+                        'message' => $this->l->t('Federated Share successfully added'),
+                        'legacyMount' => '1'
+                    ]
+                );
+            } catch (StorageInvalidException $e) {
+                Util::writeLog(
+                    'federatedfilesharing',
+                    'Invalid remote storage: ' . get_class($e) . ': ' . $e->getMessage(),
+                    Util::DEBUG
+                );
+                return new JSONResponse(['message' => $this->l->t('Storage not valid')], Http::STATUS_BAD_REQUEST);
+            } catch (\Exception $e) {
+                Util::writeLog(
+                    'federatedfilesharing',
+                    'Invalid remote storage: ' . get_class($e) . ': ' . $e->getMessage(),
+                    Util::DEBUG
+                );
+                return new JSONResponse(['message' => $this->l->t('Couldn\'t add remote share')], Http::STATUS_BAD_REQUEST);
+            }
+        } else {
+            $externalManager->removeShare($mount->getMountPoint());
+            Util::writeLog(
+                'federatedfilesharing',
+                'Couldn\'t add remote share',
+                Util::DEBUG
+            );
+            return new JSONResponse(['message' => $this->l->t('Couldn\'t add remote share')], Http::STATUS_BAD_REQUEST);
+        }
+
+    }
 
 }

lib/private/Security/RateLimiting/Backend/IBackend.php

Indentation +17 added lines, -17 removed lines

@@ -29,22 +29,22 @@
  * @package OC\Security\RateLimiting\Backend
  */
 interface IBackend {
-	/**
-	 * Gets the amount of attempts within the last specified seconds
-	 *
-	 * @param string $methodIdentifier
-	 * @param string $userIdentifier
-	 * @param int $seconds
-	 * @return int
-	 */
-	public function getAttempts($methodIdentifier, $userIdentifier, $seconds);
+    /**
+     * Gets the amount of attempts within the last specified seconds
+     *
+     * @param string $methodIdentifier
+     * @param string $userIdentifier
+     * @param int $seconds
+     * @return int
+     */
+    public function getAttempts($methodIdentifier, $userIdentifier, $seconds);
 
-	/**
-	 * Registers an attempt
-	 *
-	 * @param string $methodIdentifier
-	 * @param string $userIdentifier
-	 * @param int $timestamp
-	 */
-	public function registerAttempt($methodIdentifier, $userIdentifier, $timestamp);
+    /**
+     * Registers an attempt
+     *
+     * @param string $methodIdentifier
+     * @param string $userIdentifier
+     * @param int $timestamp
+     */
+    public function registerAttempt($methodIdentifier, $userIdentifier, $timestamp);
 }