DontSellMe/richdocuments
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

handle password protected links. Closes #97

Browse Source
This commit is contained in:
Victor Dubiniuk 2013-11-10 12:50:06 +03:00
parent 0a35852e67
commit 726ebbcb30
3 changed files with 87 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
lib/file.php
View File

@ -28,8 +28,10 @@ class File {
protected $owner; protected $owner;
protected $path; protected $path;
protected $sharing; protected $sharing;
protected $passwordProtected = false;
public function __construct($fileId){
public function __construct($fileId, $shareOps = null){
if (!$fileId){ if (!$fileId){
throw new \Exception('No valid file has been passed'); throw new \Exception('No valid file has been passed');
} }
@ -38,7 +40,11 @@ class File {
//if you know how to get sharing info by fileId via API, //if you know how to get sharing info by fileId via API,
//please send me a link to video tutorial :/ //please send me a link to video tutorial :/
$this->sharing = $this->getSharingOps(); if (!is_null($shareOps)){
$this->sharing = $shareOps;
} else {
$this->sharing = $this->getSharingOps();
}
} }
public static function getByShareToken($token){ public static function getByShareToken($token){
@ -51,7 +57,13 @@ class File {
throw new \Exception('This file was probably unshared'); throw new \Exception('This file was probably unshared');
} }
$file = new File($rootLinkItem['file_source']); if (!isset($rootLinkItem['path']) && isset($rootLinkItem['file_target'])){
$rootLinkItem['path'] = 'files/' . $rootLinkItem['file_target'];
}
$file = new File($rootLinkItem['file_source'], array($rootLinkItem));
if (isset($linkItem['share_with']) && !empty($linkItem['share_with'])){
$file->setPasswordProtected(true);
}
return $file; return $file;
} }
@ -79,6 +91,35 @@ class File {
} }
return false; return false;
} }
public function isPasswordProtected(){
return $this->passwordProtected;
}
public function checkPassword($password){
$shareId = $this->getShareId();
if (!$this->isPasswordProtected()
|| (\OC::$session->exists('public_link_authenticated')
&& \OC::$session->get('public_link_authenticated') === $shareId)
){
return true;
}
// Check Password
$forcePortable = (CRYPT_BLOWFISH != 1);
$hasher = new \PasswordHash(8, $forcePortable);
if ($hasher->CheckPassword($password.\OC_Config::getValue('passwordsalt', ''),
$this->getPassword())) {
// Save item id in session for future request
\OC::$session->set('public_link_authenticated', $shareId);
return true;
}
return false;
}
public function setPasswordProtected($value){
$this->passwordProtected = $value;
}
/** /**
* *
@ -148,6 +189,14 @@ class File {
return array ($owner, @$fileInfo[1]); return array ($owner, @$fileInfo[1]);
} }
protected function getPassword(){
return $this->sharing[0]['share_with'];
}
protected function getShareId(){
return $this->sharing[0]['id'];
}
protected function getSharingOps(){ protected function getSharingOps(){

44
public.php
View File

@ -17,28 +17,32 @@ namespace OCA\Documents;
\OCP\Util::addStyle( 'documents', 'style' ); \OCP\Util::addStyle( 'documents', 'style' );
if (\OC_Appconfig::getValue('core', 'shareapi_allow_links', 'yes') !== 'yes') {
header('HTTP/1.0 404 Not Found');
$tmpl = new OCP\Template('', '404', 'guest');
$tmpl->printPage();
exit();
}
if (isset($_GET['t'])) { if (isset($_GET['t'])) {
$token = $_GET['t']; $token = $_GET['t'];
$linkItem = \OCP\Share::getShareByToken($token); $tmpl = new \OCP\Template('documents', 'public', 'guest');
if (is_array($linkItem) && isset($linkItem['uid_owner'])) { try {
// seems to be a valid share $file = File::getByShareToken($token);
$type = $linkItem['item_type']; if ($file->isPasswordProtected() && !$file->checkPassword(@$_POST['password'])){
$fileSource = $linkItem['file_source']; if (isset($_POST['password'])){
$shareOwner = $linkItem['uid_owner']; $tmpl->assign('wrongpw', true);
$path = null; }
$rootLinkItem = \OCP\Share::resolveReShare($linkItem); $tmpl->assign('hasPassword', true);
$fileOwner = $rootLinkItem['uid_owner']; } else {
\OCP\Util::addStyle( 'documents', '3rdparty/webodf/dojo-app');
\OCP\Util::addStyle( 'documents', '3rdparty/webodf/editor' );
\OCP\Util::addScript('documents', 'documents');
$tmpl->assign('document', $token);
}
} catch (\Exception $e){
$tmpl->assign('notFound', true);
} }
$tmpl->printPage();
} }
$tmpl = new \OCP\Template('documents', 'public', 'guest');
if (isset($fileOwner)) {
\OCP\Util::addStyle( 'documents', '3rdparty/webodf/dojo-app');
\OCP\Util::addStyle( 'documents', '3rdparty/webodf/editor' );
\OCP\Util::addScript('documents', 'documents');
$tmpl->assign('document', $token);
} else {
$tmpl->assign('notFound', true);
}
$tmpl->printPage();

10
templates/public.php
View File

@ -2,6 +2,16 @@
<div id="notification" style="display: none;"></div> <div id="notification" style="display: none;"></div>
</div> </div>
<div id="documents-content"> <div id="documents-content">
<?php if (isset($_['hasPassword'])): ?>
<?php if (isset($_['wrongpw'])): ?>
<div class="push"></div>
<div class="warning"><?php p($l->t('Wrong password. Please retry.')) ?></div>
<?php endif; ?>
<form method="post">
<input type="text" name="password" placeholder="<?php p($l->t('Password')) ?>" />
<input type="submit" name="submit" value="<?php p($l->t('OK')) ?>" />
</form>
<?php endif; ?>
<?php if (isset($_['document'])): ?> <?php if (isset($_['document'])): ?>
<form> <form>
<input type="text" name="memberName" placeholder="<?php p($l->t('Please enter your nickname')) ?>" /> <input type="text" name="memberName" placeholder="<?php p($l->t('Please enter your nickname')) ?>" />