nextcloud/lib/public/AppFramework/PublicShareController.php

<?php

declare(strict_types=1);
/**
 * SPDX-FileCopyrightText: 2018 Nextcloud GmbH and Nextcloud contributors
 * SPDX-License-Identifier: AGPL-3.0-or-later
 */
namespace OCP\AppFramework;

use OCP\IRequest;
use OCP\ISession;

/**
 * Base controller for public shares
 *
 * It will verify if the user is properly authenticated to the share. If not a 404
 * is thrown by the PublicShareMiddleware.
 *
 * Use this for example for a controller that is not to be called via a webbrowser
 * directly. For example a PublicPreviewController. As this is not meant to be
 * called by a user directly.
 *
 * To show an auth page extend the AuthPublicShareController
 *
 * @since 14.0.0
 */
abstract class PublicShareController extends Controller {
	/** @var ISession */
	protected $session;

	/** @var string */
	private $token;

	/**
	 * @since 14.0.0
	 */
	public function __construct(string $appName,
		IRequest $request,
		ISession $session) {
		parent::__construct($appName, $request);

		$this->session = $session;
	}

	/**
	 * Middleware set the token for the request
	 *
	 * @since 14.0.0
	 */
	final public function setToken(string $token) {
		$this->token = $token;
	}

	/**
	 * Get the token for this request
	 *
	 * @since 14.0.0
	 */
	final public function getToken(): string {
		return $this->token;
	}

	/**
	 * Get a hash of the password for this share
	 *
	 * To ensure access is blocked when the password to a share is changed we store
	 * a hash of the password for this token.
	 *
	 * @since 14.0.0
	 */
	abstract protected function getPasswordHash(): ?string;

	/**
	 * Is the provided token a valid token
	 *
	 * This function is already called from the middleware directly after setting the token.
	 *
	 * @since 14.0.0
	 */
	abstract public function isValidToken(): bool;

	/**
	 * Is a share with this token password protected
	 *
	 * @since 14.0.0
	 */
	abstract protected function isPasswordProtected(): bool;

	/**
	 * Check if a share is authenticated or not
	 *
	 * @since 14.0.0
	 */
	public function isAuthenticated(): bool {
		// Always authenticated against non password protected shares
		if (!$this->isPasswordProtected()) {
			return true;
		}

		// If we are authenticated properly
		if ($this->session->get('public_link_authenticated_token') === $this->getToken() &&
			$this->session->get('public_link_authenticated_password_hash') === $this->getPasswordHash()) {
			return true;
		}

		// Fail by default if nothing matches
		return false;
	}

	/**
	 * Function called if the share is not found.
	 *
	 * You can use this to do some logging for example
	 *
	 * @since 14.0.0
	 */
	public function shareNotFound() {
	}
}
Add the new PublicShareController and PublicShareMiddleware Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-05-18 06:28:52 -04:00			`<?php`
Update php licenses Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com> 2021-06-04 15:52:51 -04:00
			`declare(strict_types=1);`
Add the new PublicShareController and PublicShareMiddleware Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-05-18 06:28:52 -04:00			`/**`
chore: Add SPDX header Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de> 2024-05-23 03:26:56 -04:00			`* SPDX-FileCopyrightText: 2018 Nextcloud GmbH and Nextcloud contributors`
			`* SPDX-License-Identifier: AGPL-3.0-or-later`
Add the new PublicShareController and PublicShareMiddleware Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-05-18 06:28:52 -04:00			`*/`
			`namespace OCP\AppFramework;`

			`use OCP\IRequest;`
			`use OCP\ISession;`

			`/**`
			`* Base controller for public shares`
			`*`
			`* It will verify if the user is properly authenticated to the share. If not a 404`
			`* is thrown by the PublicShareMiddleware.`
			`*`
			`* Use this for example for a controller that is not to be called via a webbrowser`
			`* directly. For example a PublicPreviewController. As this is not meant to be`
Fix typos in lib/public subdirectory Found via `codespell -q 3 -S l10n -L jus ./lib/public` Signed-off-by: luz paz <luzpaz@github.com> Update lib/public/Accounts/IAccount.php Signed-off-by: luz paz <luzpaz@github.com> Signed-off-by: Simon L <szaimen@e.mail.de> Co-Authored-By: Côme Chilliet <91878298+come-nc@users.noreply.github.com> 2023-05-10 05:56:34 -04:00			`* called by a user directly.`
Add the new PublicShareController and PublicShareMiddleware Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-05-18 06:28:52 -04:00			`*`
			`* To show an auth page extend the AuthPublicShareController`
			`*`
			`* @since 14.0.0`
			`*/`
			`abstract class PublicShareController extends Controller {`
			`/** @var ISession */`
			`protected $session;`

			`/** @var string */`
			`private $token;`

			`/**`
			`* @since 14.0.0`
			`*/`
			`public function __construct(string $appName,`
			`IRequest $request,`
			`ISession $session) {`
			`parent::__construct($appName, $request);`

			`$this->session = $session;`
			`}`

			`/**`
			`* Middleware set the token for the request`
			`*`
			`* @since 14.0.0`
			`*/`
			`final public function setToken(string $token) {`
			`$this->token = $token;`
			`}`

			`/**`
			`* Get the token for this request`
			`*`
			`* @since 14.0.0`
			`*/`
Add PublicShareControllerTests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-06-14 05:31:32 -04:00			`final public function getToken(): string {`
Add the new PublicShareController and PublicShareMiddleware Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-05-18 06:28:52 -04:00			`return $this->token;`
			`}`

			`/**`
			`* Get a hash of the password for this share`
			`*`
			`* To ensure access is blocked when the password to a share is changed we store`
			`* a hash of the password for this token.`
			`*`
			`* @since 14.0.0`
			`*/`
fix: public dav and files_sharing testing fixes Signed-off-by: John Molakvoæ <skjnldsv@protonmail.com> 2022-10-28 09:05:07 -04:00			`abstract protected function getPasswordHash(): ?string;`
Add the new PublicShareController and PublicShareMiddleware Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-05-18 06:28:52 -04:00
			`/**`
			`* Is the provided token a valid token`
			`*`
			`* This function is already called from the middleware directly after setting the token.`
			`*`
			`* @since 14.0.0`
			`*/`
			`abstract public function isValidToken(): bool;`

			`/**`
			`* Is a share with this token password protected`
			`*`
			`* @since 14.0.0`
			`*/`
			`abstract protected function isPasswordProtected(): bool;`

			`/**`
			`* Check if a share is authenticated or not`
			`*`
			`* @since 14.0.0`
			`*/`
Allow overwriting isAuthenticated * Some implementations might check for different things * IT will not change how the current ones work Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2021-03-08 09:05:28 -05:00			`public function isAuthenticated(): bool {`
Add the new PublicShareController and PublicShareMiddleware Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-05-18 06:28:52 -04:00			`// Always authenticated against non password protected shares`
			`if (!$this->isPasswordProtected()) {`
			`return true;`
			`}`

			`// If we are authenticated properly`
			`if ($this->session->get('public_link_authenticated_token') === $this->getToken() &&`
			`$this->session->get('public_link_authenticated_password_hash') === $this->getPasswordHash()) {`
			`return true;`
			`}`

			`// Fail by default if nothing matches`
			`return false;`
			`}`

			`/**`
			`* Function called if the share is not found.`
			`*`
			`* You can use this to do some logging for example`
			`*`
			`* @since 14.0.0`
			`*/`
			`public function shareNotFound() {`
			`}`
			`}`