Skip to content

Disable link shares of disabled users #17077

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
rullzer merged 1 commit into from
Feb 7, 2020
+146 −6
Merged

Disable link shares of disabled users #17077

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 12 additions & 0 deletions apps/files_sharing/lib/Controller/ShareController.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -271,6 +271,18 @@ protected function emitAccessShareHook($share, $errorCode = 200, $errorMessage =
* @return bool
*/
private function validateShare(\OCP\Share\IShare $share) {
// If the owner is disabled no access to the linke is granted
$owner = $this->userManager->get($share->getShareOwner());
if ($owner === null || !$owner->isEnabled()) {
return false;
}

// If the initiator of the share is disabled no access is granted
$initiator = $this->userManager->get($share->getSharedBy());
if ($initiator === null || !$initiator->isEnabled()) {
return false;
}

return $share->getNode()->isReadable() && $share->getNode()->isShareable();
}

Expand Down
140 changes: 134 additions & 6 deletions apps/files_sharing/tests/Controller/ShareControllerTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@
use OCP\AppFramework\Http\Template\PublicTemplateResponse;
use OCP\AppFramework\Http\Template\SimpleMenuAction;
use OCP\Constants;
use OCP\Files\File;
use OCP\Files\NotFoundException;
use OCP\Files\Storage;
use OCP\IConfig;
Expand Down Expand Up @@ -201,11 +202,17 @@ public function testShowShare() {

$this->shareController->setToken('token');

$owner = $this->getMockBuilder(IUser::class)->getMock();
$owner = $this->createMock(IUser::class);
$owner->method('getDisplayName')->willReturn('ownerDisplay');
$owner->method('getUID')->willReturn('ownerUID');
$owner->method('isEnabled')->willReturn(true);

$file = $this->getMockBuilder('OCP\Files\File')->getMock();
$initiator = $this->createMock(IUser::class);
$initiator->method('getDisplayName')->willReturn('initiatorDisplay');
$initiator->method('getUID')->willReturn('initiatorUID');
$initiator->method('isEnabled')->willReturn(true);

$file = $this->createMock(File::class);
$file->method('getName')->willReturn('file1.txt');
$file->method('getMimetype')->willReturn('text/plain');
$file->method('getSize')->willReturn(33);
Expand All @@ -216,6 +223,7 @@ public function testShowShare() {
$share->setId(42);
$share->setPassword('password')
->setShareOwner('ownerUID')
->setSharedBy('initiatorUID')
->setNode($file)
->setNote($note)
->setTarget('/file1.txt');
Expand Down Expand Up @@ -253,7 +261,15 @@ public function testShowShare() {
->with('core', 'shareapi_public_link_disclaimertext', null)
->willReturn('My disclaimer text');

$this->userManager->method('get')->with('ownerUID')->willReturn($owner);
$this->userManager->method('get')->willReturnCallback(function(string $uid) use ($owner, $initiator) {
if ($uid === 'ownerUID') {
return $owner;
}
if ($uid === 'initiatorUID') {
return $initiator;
}
return null;
});

$this->eventDispatcher->expects($this->once())
->method('dispatch')
Expand Down Expand Up @@ -325,6 +341,12 @@ public function testShowShareHideDownload() {
$owner = $this->getMockBuilder(IUser::class)->getMock();
$owner->method('getDisplayName')->willReturn('ownerDisplay');
$owner->method('getUID')->willReturn('ownerUID');
$owner->method('isEnabled')->willReturn(true);

$initiator = $this->createMock(IUser::class);
$initiator->method('getDisplayName')->willReturn('initiatorDisplay');
$initiator->method('getUID')->willReturn('initiatorUID');
$initiator->method('isEnabled')->willReturn(true);

$file = $this->getMockBuilder('OCP\Files\File')->getMock();
$file->method('getName')->willReturn('file1.txt');
Expand All @@ -337,6 +359,7 @@ public function testShowShareHideDownload() {
$share->setId(42);
$share->setPassword('password')
->setShareOwner('ownerUID')
->setSharedBy('initiatorUID')
->setNode($file)
->setNote($note)
->setTarget('/file1.txt')
Expand Down Expand Up @@ -378,7 +401,15 @@ public function testShowShareHideDownload() {
->with('core', 'shareapi_public_link_disclaimertext', null)
->willReturn('My disclaimer text');

$this->userManager->method('get')->with('ownerUID')->willReturn($owner);
$this->userManager->method('get')->willReturnCallback(function(string $uid) use ($owner, $initiator) {
if ($uid === 'ownerUID') {
return $owner;
}
if ($uid === 'initiatorUID') {
return $initiator;
}
return null;
});

$this->eventDispatcher->expects($this->once())
->method('dispatch')
Expand Down Expand Up @@ -451,6 +482,12 @@ public function testShareFileDrop() {
$owner = $this->getMockBuilder(IUser::class)->getMock();
$owner->method('getDisplayName')->willReturn('ownerDisplay');
$owner->method('getUID')->willReturn('ownerUID');
$owner->method('isEnabled')->willReturn(true);

$initiator = $this->createMock(IUser::class);
$initiator->method('getDisplayName')->willReturn('initiatorDisplay');
$initiator->method('getUID')->willReturn('initiatorUID');
$initiator->method('isEnabled')->willReturn(true);

/* @var MockObject|Storage $storage */
$storage = $this->getMockBuilder(Storage::class)
Expand All @@ -472,6 +509,7 @@ public function testShareFileDrop() {
$share->setId(42);
$share->setPermissions(Constants::PERMISSION_CREATE)
->setShareOwner('ownerUID')
->setSharedBy('initiatorUID')
->setNode($folder)
->setTarget('/fileDrop');

Expand All @@ -481,7 +519,15 @@ public function testShareFileDrop() {
->with('token')
->willReturn($share);

$this->userManager->method('get')->with('ownerUID')->willReturn($owner);
$this->userManager->method('get')->willReturnCallback(function(string $uid) use ($owner, $initiator) {
if ($uid === 'ownerUID') {
return $owner;
}
if ($uid === 'initiatorUID') {
return $initiator;
}
return null;
});

$this->l10n->expects($this->any())
->method('t')
Expand Down Expand Up @@ -535,7 +581,7 @@ public function testShareFileDrop() {
self::assertEquals($expectedResponse, $response);
}


public function testShowShareInvalid() {
$this->expectException(\OCP\Files\NotFoundException::class);

Expand Down Expand Up @@ -604,4 +650,86 @@ public function testDownloadShareWithCreateOnlyShare() {
$expectedResponse = new DataResponse('Share is read-only');
$this->assertEquals($expectedResponse, $response);
}

public function testDisabledOwner() {
$this->shareController->setToken('token');

$owner = $this->getMockBuilder(IUser::class)->getMock();
$owner->method('isEnabled')->willReturn(false);

$initiator = $this->createMock(IUser::class);
$initiator->method('isEnabled')->willReturn(false);

/* @var MockObject|Folder $folder */
$folder = $this->createMock(Folder::class);

$share = \OC::$server->getShareManager()->newShare();
$share->setId(42);
$share->setPermissions(Constants::PERMISSION_CREATE)
->setShareOwner('ownerUID')
->setSharedBy('initiatorUID')
->setNode($folder)
->setTarget('/share');

$this->shareManager
->expects($this->once())
->method('getShareByToken')
->with('token')
->willReturn($share);

$this->userManager->method('get')->willReturnCallback(function(string $uid) use ($owner, $initiator) {
if ($uid === 'ownerUID') {
return $owner;
}
if ($uid === 'initiatorUID') {
return $initiator;
}
return null;
});

$this->expectException(NotFoundException::class);

$this->shareController->showShare();
}

public function testDisabledInitiator() {
$this->shareController->setToken('token');

$owner = $this->getMockBuilder(IUser::class)->getMock();
$owner->method('isEnabled')->willReturn(false);

$initiator = $this->createMock(IUser::class);
$initiator->method('isEnabled')->willReturn(true);

/* @var MockObject|Folder $folder */
$folder = $this->createMock(Folder::class);

$share = \OC::$server->getShareManager()->newShare();
$share->setId(42);
$share->setPermissions(Constants::PERMISSION_CREATE)
->setShareOwner('ownerUID')
->setSharedBy('initiatorUID')
->setNode($folder)
->setTarget('/share');

$this->shareManager
->expects($this->once())
->method('getShareByToken')
->with('token')
->willReturn($share);

$this->userManager->method('get')->willReturnCallback(function(string $uid) use ($owner, $initiator) {
if ($uid === 'ownerUID') {
return $owner;
}
if ($uid === 'initiatorUID') {
return $initiator;
}
return null;
});

$this->expectException(NotFoundException::class);

$this->shareController->showShare();
}
}