handle password protected links. Closes #97

11 years ago · 726ebbcb30
parent 0a35852e67
commit 726ebbcb30
3 changed files with 87 additions and 24 deletions
--- a/lib/file.php
+++ b/lib/file.php
@ -28,8 +28,10 @@ class File {
 	protected $owner;
 	protected $path;
 	protected $sharing;
-	
-	public function __construct($fileId){
+	protected $passwordProtected = false;
+
+
+	public function __construct($fileId, $shareOps = null){
 		if (!$fileId){
 			throw new \Exception('No valid file has been passed');
 		}
@ -38,7 +40,11 @@ class File {
 		
 		//if you know how to get sharing info by fileId via API, 
 		//please send me a link to video tutorial :/
-		$this->sharing = $this->getSharingOps();
+		if (!is_null($shareOps)){
+			$this->sharing = $shareOps;
+		} else {
+			$this->sharing = $this->getSharingOps();
+		}
 	}
 	
 	public static function getByShareToken($token){
@ -51,7 +57,13 @@ class File {
 			throw new \Exception('This file was probably unshared');
 		}
 		
-		$file = new File($rootLinkItem['file_source']);
+		if (!isset($rootLinkItem['path']) && isset($rootLinkItem['file_target'])){
+			$rootLinkItem['path'] = 'files/' . $rootLinkItem['file_target'];
+		}
+		$file = new File($rootLinkItem['file_source'], array($rootLinkItem));
+		if (isset($linkItem['share_with']) && !empty($linkItem['share_with'])){
+			$file->setPasswordProtected(true);
+		}
 		
 		return $file;
 	}
@ -79,6 +91,35 @@ class File {
 		}
 		return false;
 	}
+	
+	public function isPasswordProtected(){
+		return $this->passwordProtected;
+	}
+	
+	public function checkPassword($password){
+		$shareId  = $this->getShareId();
+		if (!$this->isPasswordProtected()
+			|| (\OC::$session->exists('public_link_authenticated')
+				&& \OC::$session->get('public_link_authenticated') === $shareId)	
+			){
+				return true;
+		}
+		
+		// Check Password
+		$forcePortable = (CRYPT_BLOWFISH != 1);
+		$hasher = new \PasswordHash(8, $forcePortable);
+		if ($hasher->CheckPassword($password.\OC_Config::getValue('passwordsalt', ''),
+									 $this->getPassword())) {
+			// Save item id in session for future request
+			\OC::$session->set('public_link_authenticated', $shareId);
+			return true;
+		}
+		return false;
+	}
+	
+	public function setPasswordProtected($value){
+		$this->passwordProtected = $value;
+	}

 	/**
 	 * 
@ -148,6 +189,14 @@ class File {

 		return array ($owner, @$fileInfo[1]);
 	}
+	
+	protected function getPassword(){
+		return $this->sharing[0]['share_with'];
+	}
+	
+	protected function getShareId(){
+		return $this->sharing[0]['id'];
+	}

 	protected function getSharingOps(){
 		
--- a/public.php
+++ b/public.php
@ -17,28 +17,32 @@ namespace OCA\Documents;

 \OCP\Util::addStyle( 'documents', 'style' );

+if (\OC_Appconfig::getValue('core', 'shareapi_allow_links', 'yes') !== 'yes') {
+	header('HTTP/1.0 404 Not Found');
+	$tmpl = new OCP\Template('', '404', 'guest');
+	$tmpl->printPage();
+	exit();
+}
+
 if (isset($_GET['t'])) {
 	$token = $_GET['t'];
-	$linkItem = \OCP\Share::getShareByToken($token);
-	if (is_array($linkItem) && isset($linkItem['uid_owner'])) {
-		// seems to be a valid share
-		$type = $linkItem['item_type'];
-		$fileSource = $linkItem['file_source'];
-		$shareOwner = $linkItem['uid_owner'];
-		$path = null;
-		$rootLinkItem = \OCP\Share::resolveReShare($linkItem);
-		$fileOwner = $rootLinkItem['uid_owner'];
+	$tmpl = new \OCP\Template('documents', 'public', 'guest');
+	try {
+		$file = File::getByShareToken($token);
+		if ($file->isPasswordProtected() && !$file->checkPassword(@$_POST['password'])){
+			if (isset($_POST['password'])){
+				$tmpl->assign('wrongpw', true);
+			}
+			$tmpl->assign('hasPassword', true);
+		} else {
+			\OCP\Util::addStyle( 'documents', '3rdparty/webodf/dojo-app');
+			\OCP\Util::addStyle( 'documents', '3rdparty/webodf/editor' );
+			\OCP\Util::addScript('documents', 'documents');
+			$tmpl->assign('document', $token);
+		}
+	} catch (\Exception $e){
+		$tmpl->assign('notFound', true);
 	}
+	$tmpl->printPage();
 }

-$tmpl = new \OCP\Template('documents', 'public', 'guest');
-if (isset($fileOwner)) {
-	\OCP\Util::addStyle( 'documents', '3rdparty/webodf/dojo-app');
-	\OCP\Util::addStyle( 'documents', '3rdparty/webodf/editor' );
-	\OCP\Util::addScript('documents', 'documents');
-	$tmpl->assign('document', $token);
-} else {
-	$tmpl->assign('notFound', true);
-}
-
-$tmpl->printPage();
--- a/templates/public.php
+++ b/templates/public.php
@ -2,6 +2,16 @@
 	<div id="notification" style="display: none;"></div>
 </div>
 <div id="documents-content">
+	<?php if (isset($_['hasPassword'])): ?>
+		<?php if (isset($_['wrongpw'])): ?>
+			<div class="push"></div>
+			<div class="warning"><?php p($l->t('Wrong password. Please retry.')) ?></div>
+		<?php endif; ?>
+		<form method="post">
+			<input type="text" name="password" placeholder="<?php p($l->t('Password')) ?>" />
+			<input type="submit" name="submit" value="<?php p($l->t('OK')) ?>" />
+		</form>
+	<?php endif; ?>
 	<?php if (isset($_['document'])): ?>
 		<form>
 			<input type="text" name="memberName" placeholder="<?php p($l->t('Please enter your nickname')) ?>" />