Skip to content

Commit

Permalink
fix(federatedfilesharing): get share by token fallback
Browse files Browse the repository at this point in the history
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
  • Loading branch information
skjnldsv committed Dec 26, 2024
1 parent 1cae35b commit 9798e6d
Show file tree
Hide file tree
Showing 2 changed files with 64 additions and 5 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -767,7 +767,13 @@ public function getFederationIdFromSharedSecret(
try {
$share = $provider->getShareByToken($sharedSecret);
} catch (ShareNotFound) {
return '';
// Maybe we're dealing with a share federated from another server
$share = $this->externalShareManager->getShareByToken($sharedSecret);
if ($share === false) {
return '';
}

return $share['user'] . '@' . $share['remote'];
}

// if uid_owner is a local account, the request comes from the recipient
Expand Down
61 changes: 57 additions & 4 deletions apps/files_sharing/lib/External/Manager.php
Original file line number Diff line number Diff line change
Expand Up @@ -177,6 +177,23 @@ private function fetchShare($id) {
return $share;
}

/**
* get share by token
*
* @param string $token
* @return mixed share of false
*/
private function fetchShareByToken($token) {
$getShare = $this->connection->prepare('
SELECT `id`, `remote`, `remote_id`, `share_token`, `name`, `owner`, `user`, `mountpoint`, `accepted`, `parent`, `share_type`, `password`, `mountpoint_hash`
FROM `*PREFIX*share_external`
WHERE `share_token` = ?');
$result = $getShare->execute([$token]);
$share = $result->fetch();
$result->closeCursor();
return $share;
}

private function fetchUserShare($parentId, $uid) {
$getShare = $this->connection->prepare('
SELECT `id`, `remote`, `remote_id`, `share_token`, `name`, `owner`, `user`, `mountpoint`, `accepted`, `parent`, `share_type`, `password`, `mountpoint_hash`
Expand All @@ -199,22 +216,58 @@ private function fetchUserShare($parentId, $uid) {
*/
public function getShare($id) {
$share = $this->fetchShare($id);
$validShare = is_array($share) && isset($share['share_type']) && isset($share['user']);

// check if the user is allowed to access it
if ($validShare && (int)$share['share_type'] === IShare::TYPE_USER && $share['user'] === $this->uid) {
if ($this->canAccessShare($share)) {
return $share;
}

return false;
}

/**
* Get share by token
*
* @param string $token
* @return array|false
*/
public function getShareByToken(string $token): array|false {
$share = $this->fetchShareByToken($token);

// check if the user is allowed to access it
if ($this->canAccessShare($share)) {
return $share;
} elseif ($validShare && (int)$share['share_type'] === IShare::TYPE_GROUP) {
}

return false;
}

private function canAccessShare(array $share): bool {
$validShare = isset($share['share_type']) && isset($share['user']);

if (!$validShare) {
return false;
}

// If the share is a user share, check if the user is the recipient
if ((int)$share['share_type'] === IShare::TYPE_USER
&& $share['user'] === $this->uid) {
return true;
}

// If the share is a group share, check if the user is in the group
if ((int)$share['share_type'] === IShare::TYPE_GROUP) {
$parentId = (int)$share['parent'];
if ($parentId !== -1) {
// we just retrieved a sub-share, switch to the parent entry for verification
$groupShare = $this->fetchShare($parentId);
} else {
$groupShare = $share;
}

$user = $this->userManager->get($this->uid);
if ($this->groupManager->get($groupShare['user'])->inGroup($user)) {
return $share;
return true;
}
}

Expand Down

0 comments on commit 9798e6d

Please sign in to comment.