handle password protected links. Closes #97
This commit is contained in:
Victor Dubiniuk
parent
0a35852e67
commit
726ebbcb30
53
lib/file.php
53
lib/file.php
@ -28,8 +28,10 @@ class File {
|
||||
protected $owner;
|
||||
protected $path;
|
||||
protected $sharing;
|
||||
protected $passwordProtected = false;
|
||||
|
||||
public function __construct($fileId){
|
||||
|
||||
public function __construct($fileId, $shareOps = null){
|
||||
if (!$fileId){
|
||||
throw new \Exception('No valid file has been passed');
|
||||
}
|
||||
@ -38,8 +40,12 @@ class File {
|
||||
|
||||
//if you know how to get sharing info by fileId via API,
|
||||
//please send me a link to video tutorial :/
|
||||
if (!is_null($shareOps)){
|
||||
$this->sharing = $shareOps;
|
||||
} else {
|
||||
$this->sharing = $this->getSharingOps();
|
||||
}
|
||||
}
|
||||
|
||||
public static function getByShareToken($token){
|
||||
$linkItem = \OCP\Share::getShareByToken($token);
|
||||
@ -51,7 +57,13 @@ class File {
|
||||
throw new \Exception('This file was probably unshared');
|
||||
}
|
||||
|
||||
$file = new File($rootLinkItem['file_source']);
|
||||
if (!isset($rootLinkItem['path']) && isset($rootLinkItem['file_target'])){
|
||||
$rootLinkItem['path'] = 'files/' . $rootLinkItem['file_target'];
|
||||
}
|
||||
$file = new File($rootLinkItem['file_source'], array($rootLinkItem));
|
||||
if (isset($linkItem['share_with']) && !empty($linkItem['share_with'])){
|
||||
$file->setPasswordProtected(true);
|
||||
}
|
||||
|
||||
return $file;
|
||||
}
|
||||
@ -80,6 +92,35 @@ class File {
|
||||
return false;
|
||||
}
|
||||
|
||||
public function isPasswordProtected(){
|
||||
return $this->passwordProtected;
|
||||
}
|
||||
|
||||
public function checkPassword($password){
|
||||
$shareId = $this->getShareId();
|
||||
if (!$this->isPasswordProtected()
|
||||
|| (\OC::$session->exists('public_link_authenticated')
|
||||
&& \OC::$session->get('public_link_authenticated') === $shareId)
|
||||
){
|
||||
return true;
|
||||
}
|
||||
|
||||
// Check Password
|
||||
$forcePortable = (CRYPT_BLOWFISH != 1);
|
||||
$hasher = new \PasswordHash(8, $forcePortable);
|
||||
if ($hasher->CheckPassword($password.\OC_Config::getValue('passwordsalt', ''),
|
||||
$this->getPassword())) {
|
||||
// Save item id in session for future request
|
||||
\OC::$session->set('public_link_authenticated', $shareId);
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
public function setPasswordProtected($value){
|
||||
$this->passwordProtected = $value;
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* @return string owner of the current file item
|
||||
@ -149,6 +190,14 @@ class File {
|
||||
return array ($owner, @$fileInfo[1]);
|
||||
}
|
||||
|
||||
protected function getPassword(){
|
||||
return $this->sharing[0]['share_with'];
|
||||
}
|
||||
|
||||
protected function getShareId(){
|
||||
return $this->sharing[0]['id'];
|
||||
}
|
||||
|
||||
protected function getSharingOps(){
|
||||
|
||||
$where = 'AND `file_source`=?';
|
||||
|
||||
36
public.php
36
public.php
@ -17,28 +17,32 @@ namespace OCA\Documents;
|
||||
|
||||
\OCP\Util::addStyle( 'documents', 'style' );
|
||||
|
||||
if (isset($_GET['t'])) {
|
||||
$token = $_GET['t'];
|
||||
$linkItem = \OCP\Share::getShareByToken($token);
|
||||
if (is_array($linkItem) && isset($linkItem['uid_owner'])) {
|
||||
// seems to be a valid share
|
||||
$type = $linkItem['item_type'];
|
||||
$fileSource = $linkItem['file_source'];
|
||||
$shareOwner = $linkItem['uid_owner'];
|
||||
$path = null;
|
||||
$rootLinkItem = \OCP\Share::resolveReShare($linkItem);
|
||||
$fileOwner = $rootLinkItem['uid_owner'];
|
||||
}
|
||||
if (\OC_Appconfig::getValue('core', 'shareapi_allow_links', 'yes') !== 'yes') {
|
||||
header('HTTP/1.0 404 Not Found');
|
||||
$tmpl = new OCP\Template('', '404', 'guest');
|
||||
$tmpl->printPage();
|
||||
exit();
|
||||
}
|
||||
|
||||
$tmpl = new \OCP\Template('documents', 'public', 'guest');
|
||||
if (isset($fileOwner)) {
|
||||
if (isset($_GET['t'])) {
|
||||
$token = $_GET['t'];
|
||||
$tmpl = new \OCP\Template('documents', 'public', 'guest');
|
||||
try {
|
||||
$file = File::getByShareToken($token);
|
||||
if ($file->isPasswordProtected() && !$file->checkPassword(@$_POST['password'])){
|
||||
if (isset($_POST['password'])){
|
||||
$tmpl->assign('wrongpw', true);
|
||||
}
|
||||
$tmpl->assign('hasPassword', true);
|
||||
} else {
|
||||
\OCP\Util::addStyle( 'documents', '3rdparty/webodf/dojo-app');
|
||||
\OCP\Util::addStyle( 'documents', '3rdparty/webodf/editor' );
|
||||
\OCP\Util::addScript('documents', 'documents');
|
||||
$tmpl->assign('document', $token);
|
||||
} else {
|
||||
}
|
||||
} catch (\Exception $e){
|
||||
$tmpl->assign('notFound', true);
|
||||
}
|
||||
$tmpl->printPage();
|
||||
}
|
||||
|
||||
$tmpl->printPage();
|
||||
|
||||
@ -2,6 +2,16 @@
|
||||
<div id="notification" style="display: none;"></div>
|
||||
</div>
|
||||
<div id="documents-content">
|
||||
<?php if (isset($_['hasPassword'])): ?>
|
||||
<?php if (isset($_['wrongpw'])): ?>
|
||||
<div class="push"></div>
|
||||
<div class="warning"><?php p($l->t('Wrong password. Please retry.')) ?></div>
|
||||
<?php endif; ?>
|
||||
<form method="post">
|
||||
<input type="text" name="password" placeholder="<?php p($l->t('Password')) ?>" />
|
||||
<input type="submit" name="submit" value="<?php p($l->t('OK')) ?>" />
|
||||
</form>
|
||||
<?php endif; ?>
|
||||
<?php if (isset($_['document'])): ?>
|
||||
<form>
|
||||
<input type="text" name="memberName" placeholder="<?php p($l->t('Please enter your nickname')) ?>" />
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user