1
0

PublicShareController.php 2.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119
  1. <?php
  2. declare(strict_types=1);
  3. /**
  4. * SPDX-FileCopyrightText: 2018 Nextcloud GmbH and Nextcloud contributors
  5. * SPDX-License-Identifier: AGPL-3.0-or-later
  6. */
  7. namespace OCP\AppFramework;
  8. use OCP\IRequest;
  9. use OCP\ISession;
  10. /**
  11. * Base controller for public shares
  12. *
  13. * It will verify if the user is properly authenticated to the share. If not a 404
  14. * is thrown by the PublicShareMiddleware.
  15. *
  16. * Use this for example for a controller that is not to be called via a webbrowser
  17. * directly. For example a PublicPreviewController. As this is not meant to be
  18. * called by a user directly.
  19. *
  20. * To show an auth page extend the AuthPublicShareController
  21. *
  22. * @since 14.0.0
  23. */
  24. abstract class PublicShareController extends Controller {
  25. /** @var ISession */
  26. protected $session;
  27. /** @var string */
  28. private $token;
  29. /**
  30. * @since 14.0.0
  31. */
  32. public function __construct(string $appName,
  33. IRequest $request,
  34. ISession $session) {
  35. parent::__construct($appName, $request);
  36. $this->session = $session;
  37. }
  38. /**
  39. * Middleware set the token for the request
  40. *
  41. * @since 14.0.0
  42. */
  43. final public function setToken(string $token) {
  44. $this->token = $token;
  45. }
  46. /**
  47. * Get the token for this request
  48. *
  49. * @since 14.0.0
  50. */
  51. final public function getToken(): string {
  52. return $this->token;
  53. }
  54. /**
  55. * Get a hash of the password for this share
  56. *
  57. * To ensure access is blocked when the password to a share is changed we store
  58. * a hash of the password for this token.
  59. *
  60. * @since 14.0.0
  61. */
  62. abstract protected function getPasswordHash(): ?string;
  63. /**
  64. * Is the provided token a valid token
  65. *
  66. * This function is already called from the middleware directly after setting the token.
  67. *
  68. * @since 14.0.0
  69. */
  70. abstract public function isValidToken(): bool;
  71. /**
  72. * Is a share with this token password protected
  73. *
  74. * @since 14.0.0
  75. */
  76. abstract protected function isPasswordProtected(): bool;
  77. /**
  78. * Check if a share is authenticated or not
  79. *
  80. * @since 14.0.0
  81. */
  82. public function isAuthenticated(): bool {
  83. // Always authenticated against non password protected shares
  84. if (!$this->isPasswordProtected()) {
  85. return true;
  86. }
  87. // If we are authenticated properly
  88. if ($this->session->get('public_link_authenticated_token') === $this->getToken() &&
  89. $this->session->get('public_link_authenticated_password_hash') === $this->getPasswordHash()) {
  90. return true;
  91. }
  92. // Fail by default if nothing matches
  93. return false;
  94. }
  95. /**
  96. * Function called if the share is not found.
  97. *
  98. * You can use this to do some logging for example
  99. *
  100. * @since 14.0.0
  101. */
  102. public function shareNotFound() {
  103. }
  104. }