[Pkg-owncloud-commits] [owncloud] 93/107: don't allow to create a federated share if source and target server are the same
David Prévot
taffit at moszumanska.debian.org
Thu Dec 17 19:40:40 UTC 2015
This is an automated email from the git hooks/post-receive script.
taffit pushed a commit to branch stable8
in repository owncloud.
commit 171062fed37ada28c257371af2ebfc8647250652
Author: Björn Schießle <bjoern at schiessle.org>
Date: Wed Dec 9 12:00:00 2015 +0100
don't allow to create a federated share if source and target server are the same
---
apps/files_sharing/ajax/external.php | 8 ++++++++
lib/private/share/helper.php | 34 +++++++++++++++++++++++++++++++++
lib/private/share/share.php | 13 +++++++++++--
tests/lib/share/helper.php | 37 ++++++++++++++++++++++++++++++++++++
4 files changed, 90 insertions(+), 2 deletions(-)
diff --git a/apps/files_sharing/ajax/external.php b/apps/files_sharing/ajax/external.php
index c80f0e0..34ce0e6 100644
--- a/apps/files_sharing/ajax/external.php
+++ b/apps/files_sharing/ajax/external.php
@@ -49,6 +49,14 @@ if(!\OCP\Util::isValidFileName($name)) {
exit();
}
+$currentUser = \OC::$server->getUserSession()->getUser()->getUID();
+$currentServer = \OC::$server->getURLGenerator()->getAbsoluteURL('/');
+if (\OC\Share\Helper::isSameUserOnSameServer($owner, $remote, $currentUser, $currentServer )) {
+ \OCP\JSON::error(array('data' => array('message' => $l->t('Not allowed to create a federated share with the same user server'))));
+ exit();
+}
+
+
$externalManager = new \OCA\Files_Sharing\External\Manager(
\OC::$server->getDatabaseConnection(),
\OC\Files\Filesystem::getMountManager(),
diff --git a/lib/private/share/helper.php b/lib/private/share/helper.php
index 26bbca8..0441647 100644
--- a/lib/private/share/helper.php
+++ b/lib/private/share/helper.php
@@ -289,4 +289,38 @@ class Helper extends \OC\Share\Constants {
$hint = $l->t('Invalid Federated Cloud ID');
throw new HintException('Invalid Fededrated Cloud ID', $hint);
}
+
+ /**
+ * check if two federated cloud IDs refer to the same user
+ *
+ * @param string $user1
+ * @param string $server1
+ * @param string $user2
+ * @param string $server2
+ * @return bool true if both users and servers are the same
+ */
+ public static function isSameUserOnSameServer($user1, $server1, $user2, $server2) {
+ $normalizedServer1 = strtolower(\OC\Share\Share::removeProtocolFromUrl($server1));
+ $normalizedServer2 = strtolower(\OC\Share\Share::removeProtocolFromUrl($server2));
+
+ if (rtrim($normalizedServer1, '/') === rtrim($normalizedServer2, '/')) {
+ // FIXME this should be a method in the user management instead
+ \OCP\Util::emitHook(
+ '\OCA\Files_Sharing\API\Server2Server',
+ 'preLoginNameUsedAsUserName',
+ array('uid' => &$user1)
+ );
+ \OCP\Util::emitHook(
+ '\OCA\Files_Sharing\API\Server2Server',
+ 'preLoginNameUsedAsUserName',
+ array('uid' => &$user2)
+ );
+
+ if ($user1 === $user2) {
+ return true;
+ }
+ }
+
+ return false;
+ }
}
diff --git a/lib/private/share/share.php b/lib/private/share/share.php
index 70c3b1f..3e44b02 100644
--- a/lib/private/share/share.php
+++ b/lib/private/share/share.php
@@ -849,11 +849,20 @@ class Share extends Constants {
throw new \Exception($message_t);
}
+ // don't allow federated shares if source and target server are the same
+ list($user, $remote) = Helper::splitUserRemote($shareWith);
+ $currentServer = self::removeProtocolFromUrl(\OC::$server->getURLGenerator()->getAbsoluteURL('/'));
+ $currentUser = \OC::$server->getUserSession()->getUser()->getUID();
+ if (Helper::isSameUserOnSameServer($user, $remote, $currentUser, $currentServer)) {
+ $message = 'Not allowed to create a federated share with the same user.';
+ $message_t = $l->t('Not allowed to create a federated share with the same user');
+ \OCP\Util::writeLog('OCP\Share', $message, \OCP\Util::DEBUG);
+ throw new \Exception($message_t);
+ }
$token = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(self::TOKEN_LENGTH, \OCP\Security\ISecureRandom::CHAR_LOWER . \OCP\Security\ISecureRandom::CHAR_UPPER .
\OCP\Security\ISecureRandom::CHAR_DIGITS);
- list($user, $remote) = Helper::splitUserRemote($shareWith);
$shareWith = $user . '@' . $remote;
$shareId = self::put($itemType, $itemSource, $shareType, $shareWith, $uidOwner, $permissions, null, $token, $itemSourceName);
@@ -2524,7 +2533,7 @@ class Share extends Constants {
* @param string $url
* @return string
*/
- private static function removeProtocolFromUrl($url) {
+ public static function removeProtocolFromUrl($url) {
if (strpos($url, 'https://') === 0) {
return substr($url, strlen('https://'));
} else if (strpos($url, 'http://') === 0) {
diff --git a/tests/lib/share/helper.php b/tests/lib/share/helper.php
index e37a3db..eaa29c8 100644
--- a/tests/lib/share/helper.php
+++ b/tests/lib/share/helper.php
@@ -19,6 +19,10 @@
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
*/
+/**
+ * @group DB
+ * Class Test_Share_Helper
+ */
class Test_Share_Helper extends \Test\TestCase {
public function expireDateProvider() {
@@ -121,4 +125,37 @@ class Test_Share_Helper extends \Test\TestCase {
public function testSplitUserRemoteError($id) {
\OC\Share\Helper::splitUserRemote($id);
}
+
+ /**
+ * @dataProvider dataTestCompareServerAddresses
+ *
+ * @param string $server1
+ * @param string $server2
+ * @param bool $expected
+ */
+ public function testIsSameUserOnSameServer($user1, $server1, $user2, $server2, $expected) {
+ $this->assertSame($expected,
+ \OC\Share\Helper::isSameUserOnSameServer($user1, $server1, $user2, $server2)
+ );
+ }
+
+ public function dataTestCompareServerAddresses() {
+ return [
+ ['user1', 'http://server1', 'user1', 'http://server1', true],
+ ['user1', 'https://server1', 'user1', 'http://server1', true],
+ ['user1', 'http://serVer1', 'user1', 'http://server1', true],
+ ['user1', 'http://server1/', 'user1', 'http://server1', true],
+ ['user1', 'server1', 'user1', 'http://server1', true],
+ ['user1', 'http://server1', 'user1', 'http://server2', false],
+ ['user1', 'https://server1', 'user1', 'http://server2', false],
+ ['user1', 'http://serVer1', 'user1', 'http://serer2', false],
+ ['user1', 'http://server1/', 'user1', 'http://server2', false],
+ ['user1', 'server1', 'user1', 'http://server2', false],
+ ['user1', 'http://server1', 'user2', 'http://server1', false],
+ ['user1', 'https://server1', 'user2', 'http://server1', false],
+ ['user1', 'http://serVer1', 'user2', 'http://server1', false],
+ ['user1', 'http://server1/', 'user2', 'http://server1', false],
+ ['user1', 'server1', 'user2', 'http://server1', false],
+ ];
+ }
}
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/owncloud.git
More information about the Pkg-owncloud-commits
mailing list