ShareByMailProvider.php 34 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169
  1. <?php
  2. /**
  3. * @copyright Copyright (c) 2016 Bjoern Schiessle <bjoern@schiessle.org>
  4. *
  5. * @license GNU AGPL version 3 or any later version
  6. *
  7. * This program is free software: you can redistribute it and/or modify
  8. * it under the terms of the GNU Affero General Public License as
  9. * published by the Free Software Foundation, either version 3 of the
  10. * License, or (at your option) any later version.
  11. *
  12. * This program is distributed in the hope that it will be useful,
  13. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15. * GNU Affero General Public License for more details.
  16. *
  17. * You should have received a copy of the GNU Affero General Public License
  18. * along with this program. If not, see <http://www.gnu.org/licenses/>.
  19. *
  20. */
  21. namespace OCA\ShareByMail;
  22. use OC\CapabilitiesManager;
  23. use OC\HintException;
  24. use OC\Share20\Exception\InvalidShare;
  25. use OC\User\NoUserException;
  26. use OCA\ShareByMail\Settings\SettingsManager;
  27. use OCP\Activity\IManager;
  28. use OCP\DB\QueryBuilder\IQueryBuilder;
  29. use OCP\Defaults;
  30. use OCP\Files\Folder;
  31. use OCP\Files\IRootFolder;
  32. use OCP\Files\Node;
  33. use OCP\IDBConnection;
  34. use OCP\IL10N;
  35. use OCP\ILogger;
  36. use OCP\IURLGenerator;
  37. use OCP\IUser;
  38. use OCP\IUserManager;
  39. use OCP\Mail\IMailer;
  40. use OCP\Security\IHasher;
  41. use OCP\Security\ISecureRandom;
  42. use OC\Share20\Share;
  43. use OCP\Share\Exceptions\GenericShareException;
  44. use OCP\Share\Exceptions\ShareNotFound;
  45. use OCP\Share\IShare;
  46. use OCP\Share\IShareProvider;
  47. /**
  48. * Class ShareByMail
  49. *
  50. * @package OCA\ShareByMail
  51. */
  52. class ShareByMailProvider implements IShareProvider {
  53. /** @var IDBConnection */
  54. private $dbConnection;
  55. /** @var ILogger */
  56. private $logger;
  57. /** @var ISecureRandom */
  58. private $secureRandom;
  59. /** @var IUserManager */
  60. private $userManager;
  61. /** @var IRootFolder */
  62. private $rootFolder;
  63. /** @var IL10N */
  64. private $l;
  65. /** @var IMailer */
  66. private $mailer;
  67. /** @var IURLGenerator */
  68. private $urlGenerator;
  69. /** @var IManager */
  70. private $activityManager;
  71. /** @var SettingsManager */
  72. private $settingsManager;
  73. /** @var Defaults */
  74. private $defaults;
  75. /** @var IHasher */
  76. private $hasher;
  77. /** @var CapabilitiesManager */
  78. private $capabilitiesManager;
  79. /**
  80. * Return the identifier of this provider.
  81. *
  82. * @return string Containing only [a-zA-Z0-9]
  83. */
  84. public function identifier() {
  85. return 'ocMailShare';
  86. }
  87. /**
  88. * DefaultShareProvider constructor.
  89. *
  90. * @param IDBConnection $connection
  91. * @param ISecureRandom $secureRandom
  92. * @param IUserManager $userManager
  93. * @param IRootFolder $rootFolder
  94. * @param IL10N $l
  95. * @param ILogger $logger
  96. * @param IMailer $mailer
  97. * @param IURLGenerator $urlGenerator
  98. * @param IManager $activityManager
  99. * @param SettingsManager $settingsManager
  100. * @param Defaults $defaults
  101. * @param IHasher $hasher
  102. * @param CapabilitiesManager $capabilitiesManager
  103. */
  104. public function __construct(
  105. IDBConnection $connection,
  106. ISecureRandom $secureRandom,
  107. IUserManager $userManager,
  108. IRootFolder $rootFolder,
  109. IL10N $l,
  110. ILogger $logger,
  111. IMailer $mailer,
  112. IURLGenerator $urlGenerator,
  113. IManager $activityManager,
  114. SettingsManager $settingsManager,
  115. Defaults $defaults,
  116. IHasher $hasher,
  117. CapabilitiesManager $capabilitiesManager
  118. ) {
  119. $this->dbConnection = $connection;
  120. $this->secureRandom = $secureRandom;
  121. $this->userManager = $userManager;
  122. $this->rootFolder = $rootFolder;
  123. $this->l = $l;
  124. $this->logger = $logger;
  125. $this->mailer = $mailer;
  126. $this->urlGenerator = $urlGenerator;
  127. $this->activityManager = $activityManager;
  128. $this->settingsManager = $settingsManager;
  129. $this->defaults = $defaults;
  130. $this->hasher = $hasher;
  131. $this->capabilitiesManager = $capabilitiesManager;
  132. }
  133. /**
  134. * Share a path
  135. *
  136. * @param IShare $share
  137. * @return IShare The share object
  138. * @throws ShareNotFound
  139. * @throws \Exception
  140. */
  141. public function create(IShare $share) {
  142. $shareWith = $share->getSharedWith();
  143. /*
  144. * Check if file is not already shared with the remote user
  145. */
  146. $alreadyShared = $this->getSharedWith($shareWith, \OCP\Share::SHARE_TYPE_EMAIL, $share->getNode(), 1, 0);
  147. if (!empty($alreadyShared)) {
  148. $message = 'Sharing %1$s failed, this item is already shared with %2$s';
  149. $message_t = $this->l->t('Sharing %1$s failed, this item is already shared with %2$s', array($share->getNode()->getName(), $shareWith));
  150. $this->logger->debug(sprintf($message, $share->getNode()->getName(), $shareWith), ['app' => 'Federated File Sharing']);
  151. throw new \Exception($message_t);
  152. }
  153. // if the admin enforces a password for all mail shares we create a
  154. // random password and send it to the recipient
  155. $password = '';
  156. $passwordEnforced = $this->settingsManager->enforcePasswordProtection();
  157. if ($passwordEnforced) {
  158. $password = $this->autoGeneratePassword($share);
  159. }
  160. $shareId = $this->createMailShare($share);
  161. $send = $this->sendPassword($share, $password);
  162. if ($passwordEnforced && $send === false) {
  163. $this->sendPasswordToOwner($share, $password);
  164. }
  165. $this->createShareActivity($share);
  166. $data = $this->getRawShare($shareId);
  167. return $this->createShareObject($data);
  168. }
  169. /**
  170. * auto generate password in case of password enforcement on mail shares
  171. *
  172. * @param IShare $share
  173. * @return string
  174. * @throws \Exception
  175. */
  176. protected function autoGeneratePassword($share) {
  177. $initiatorUser = $this->userManager->get($share->getSharedBy());
  178. $initiatorEMailAddress = ($initiatorUser instanceof IUser) ? $initiatorUser->getEMailAddress() : null;
  179. $allowPasswordByMail = $this->settingsManager->sendPasswordByMail();
  180. if ($initiatorEMailAddress === null && !$allowPasswordByMail) {
  181. throw new \Exception(
  182. $this->l->t("We can't send you the auto-generated password. Please set a valid email address in your personal settings and try again.")
  183. );
  184. }
  185. $passwordPolicy = $this->getPasswordPolicy();
  186. $passwordCharset = ISecureRandom::CHAR_LOWER . ISecureRandom::CHAR_UPPER . ISecureRandom::CHAR_DIGITS;
  187. $passwordLength = 8;
  188. if (!empty($passwordPolicy)) {
  189. $passwordLength = (int)$passwordPolicy['minLength'] > 0 ? (int)$passwordPolicy['minLength'] : $passwordLength;
  190. $passwordCharset .= $passwordPolicy['enforceSpecialCharacters'] ? ISecureRandom::CHAR_SYMBOLS : '';
  191. }
  192. $password = $this->secureRandom->generate($passwordLength, $passwordCharset);
  193. $share->setPassword($this->hasher->hash($password));
  194. return $password;
  195. }
  196. /**
  197. * get password policy
  198. *
  199. * @return array
  200. */
  201. protected function getPasswordPolicy() {
  202. $capabilities = $this->capabilitiesManager->getCapabilities();
  203. if (isset($capabilities['password_policy'])) {
  204. return $capabilities['password_policy'];
  205. }
  206. return [];
  207. }
  208. /**
  209. * create activity if a file/folder was shared by mail
  210. *
  211. * @param IShare $share
  212. * @param string $type
  213. */
  214. protected function createShareActivity(IShare $share, string $type = 'share') {
  215. $userFolder = $this->rootFolder->getUserFolder($share->getSharedBy());
  216. $this->publishActivity(
  217. $type === 'share' ? Activity::SUBJECT_SHARED_EMAIL_SELF : Activity::SUBJECT_UNSHARED_EMAIL_SELF,
  218. [$userFolder->getRelativePath($share->getNode()->getPath()), $share->getSharedWith()],
  219. $share->getSharedBy(),
  220. $share->getNode()->getId(),
  221. (string) $userFolder->getRelativePath($share->getNode()->getPath())
  222. );
  223. if ($share->getShareOwner() !== $share->getSharedBy()) {
  224. $ownerFolder = $this->rootFolder->getUserFolder($share->getShareOwner());
  225. $fileId = $share->getNode()->getId();
  226. $nodes = $ownerFolder->getById($fileId);
  227. $ownerPath = $nodes[0]->getPath();
  228. $this->publishActivity(
  229. $type === 'share' ? Activity::SUBJECT_SHARED_EMAIL_BY : Activity::SUBJECT_UNSHARED_EMAIL_BY,
  230. [$ownerFolder->getRelativePath($ownerPath), $share->getSharedWith(), $share->getSharedBy()],
  231. $share->getShareOwner(),
  232. $fileId,
  233. (string) $ownerFolder->getRelativePath($ownerPath)
  234. );
  235. }
  236. }
  237. /**
  238. * create activity if a file/folder was shared by mail
  239. *
  240. * @param IShare $share
  241. * @param string $sharedWith
  242. * @param bool $sendToSelf
  243. */
  244. protected function createPasswordSendActivity(IShare $share, $sharedWith, $sendToSelf) {
  245. $userFolder = $this->rootFolder->getUserFolder($share->getSharedBy());
  246. if ($sendToSelf) {
  247. $this->publishActivity(
  248. Activity::SUBJECT_SHARED_EMAIL_PASSWORD_SEND_SELF,
  249. [$userFolder->getRelativePath($share->getNode()->getPath())],
  250. $share->getSharedBy(),
  251. $share->getNode()->getId(),
  252. (string) $userFolder->getRelativePath($share->getNode()->getPath())
  253. );
  254. } else {
  255. $this->publishActivity(
  256. Activity::SUBJECT_SHARED_EMAIL_PASSWORD_SEND,
  257. [$userFolder->getRelativePath($share->getNode()->getPath()), $sharedWith],
  258. $share->getSharedBy(),
  259. $share->getNode()->getId(),
  260. (string) $userFolder->getRelativePath($share->getNode()->getPath())
  261. );
  262. }
  263. }
  264. /**
  265. * publish activity if a file/folder was shared by mail
  266. *
  267. * @param string $subject
  268. * @param array $parameters
  269. * @param string $affectedUser
  270. * @param int $fileId
  271. * @param string $filePath
  272. */
  273. protected function publishActivity(string $subject, array $parameters, string $affectedUser, int $fileId, string $filePath) {
  274. $event = $this->activityManager->generateEvent();
  275. $event->setApp('sharebymail')
  276. ->setType('shared')
  277. ->setSubject($subject, $parameters)
  278. ->setAffectedUser($affectedUser)
  279. ->setObject('files', $fileId, $filePath);
  280. $this->activityManager->publish($event);
  281. }
  282. /**
  283. * @param IShare $share
  284. * @return int
  285. * @throws \Exception
  286. */
  287. protected function createMailShare(IShare $share) {
  288. $share->setToken($this->generateToken());
  289. $shareId = $this->addShareToDB(
  290. $share->getNodeId(),
  291. $share->getNodeType(),
  292. $share->getSharedWith(),
  293. $share->getSharedBy(),
  294. $share->getShareOwner(),
  295. $share->getPermissions(),
  296. $share->getToken(),
  297. $share->getPassword(),
  298. $share->getSendPasswordByTalk()
  299. );
  300. try {
  301. $link = $this->urlGenerator->linkToRouteAbsolute('files_sharing.sharecontroller.showShare',
  302. ['token' => $share->getToken()]);
  303. $this->sendMailNotification(
  304. $share->getNode()->getName(),
  305. $link,
  306. $share->getSharedBy(),
  307. $share->getSharedWith(),
  308. $share->getExpirationDate()
  309. );
  310. } catch (HintException $hintException) {
  311. $this->logger->logException($hintException, [
  312. 'message' => 'Failed to send share by mail.',
  313. 'level' => ILogger::ERROR,
  314. 'app' => 'sharebymail',
  315. ]);
  316. $this->removeShareFromTable($shareId);
  317. throw $hintException;
  318. } catch (\Exception $e) {
  319. $this->logger->logException($e, [
  320. 'message' => 'Failed to send share by mail.',
  321. 'level' => ILogger::ERROR,
  322. 'app' => 'sharebymail',
  323. ]);
  324. $this->removeShareFromTable($shareId);
  325. throw new HintException('Failed to send share by mail',
  326. $this->l->t('Failed to send share by email'));
  327. }
  328. return $shareId;
  329. }
  330. /**
  331. * @param string $filename
  332. * @param string $link
  333. * @param string $initiator
  334. * @param string $shareWith
  335. * @param \DateTime|null $expiration
  336. * @throws \Exception If mail couldn't be sent
  337. */
  338. protected function sendMailNotification($filename,
  339. $link,
  340. $initiator,
  341. $shareWith,
  342. \DateTime $expiration = null) {
  343. $initiatorUser = $this->userManager->get($initiator);
  344. $initiatorDisplayName = ($initiatorUser instanceof IUser) ? $initiatorUser->getDisplayName() : $initiator;
  345. $message = $this->mailer->createMessage();
  346. $emailTemplate = $this->mailer->createEMailTemplate('sharebymail.RecipientNotification', [
  347. 'filename' => $filename,
  348. 'link' => $link,
  349. 'initiator' => $initiatorDisplayName,
  350. 'expiration' => $expiration,
  351. 'shareWith' => $shareWith,
  352. ]);
  353. $emailTemplate->setSubject($this->l->t('%1$s shared »%2$s« with you', array($initiatorDisplayName, $filename)));
  354. $emailTemplate->addHeader();
  355. $emailTemplate->addHeading($this->l->t('%1$s shared »%2$s« with you', [$initiatorDisplayName, $filename]), false);
  356. $text = $this->l->t('%1$s shared »%2$s« with you.', [$initiatorDisplayName, $filename]);
  357. $emailTemplate->addBodyText(
  358. htmlspecialchars($text . ' ' . $this->l->t('Click the button below to open it.')),
  359. $text
  360. );
  361. $emailTemplate->addBodyButton(
  362. $this->l->t('Open »%s«', [$filename]),
  363. $link
  364. );
  365. $message->setTo([$shareWith]);
  366. // The "From" contains the sharers name
  367. $instanceName = $this->defaults->getName();
  368. $senderName = $this->l->t(
  369. '%1$s via %2$s',
  370. [
  371. $initiatorDisplayName,
  372. $instanceName
  373. ]
  374. );
  375. $message->setFrom([\OCP\Util::getDefaultEmailAddress($instanceName) => $senderName]);
  376. // The "Reply-To" is set to the sharer if an mail address is configured
  377. // also the default footer contains a "Do not reply" which needs to be adjusted.
  378. $initiatorEmail = $initiatorUser->getEMailAddress();
  379. if($initiatorEmail !== null) {
  380. $message->setReplyTo([$initiatorEmail => $initiatorDisplayName]);
  381. $emailTemplate->addFooter($instanceName . ($this->defaults->getSlogan() !== '' ? ' - ' . $this->defaults->getSlogan() : ''));
  382. } else {
  383. $emailTemplate->addFooter();
  384. }
  385. $message->useTemplate($emailTemplate);
  386. $this->mailer->send($message);
  387. }
  388. /**
  389. * send password to recipient of a mail share
  390. *
  391. * @param IShare $share
  392. * @param string $password
  393. * @return bool
  394. */
  395. protected function sendPassword(IShare $share, $password) {
  396. $filename = $share->getNode()->getName();
  397. $initiator = $share->getSharedBy();
  398. $shareWith = $share->getSharedWith();
  399. if ($password === '' || $this->settingsManager->sendPasswordByMail() === false || $share->getSendPasswordByTalk()) {
  400. return false;
  401. }
  402. $initiatorUser = $this->userManager->get($initiator);
  403. $initiatorDisplayName = ($initiatorUser instanceof IUser) ? $initiatorUser->getDisplayName() : $initiator;
  404. $initiatorEmailAddress = ($initiatorUser instanceof IUser) ? $initiatorUser->getEMailAddress() : null;
  405. $plainBodyPart = $this->l->t("%1\$s shared »%2\$s« with you.\nYou should have already received a separate mail with a link to access it.\n", [$initiatorDisplayName, $filename]);
  406. $htmlBodyPart = $this->l->t('%1$s shared »%2$s« with you. You should have already received a separate mail with a link to access it.', [$initiatorDisplayName, $filename]);
  407. $message = $this->mailer->createMessage();
  408. $emailTemplate = $this->mailer->createEMailTemplate('sharebymail.RecipientPasswordNotification', [
  409. 'filename' => $filename,
  410. 'password' => $password,
  411. 'initiator' => $initiatorDisplayName,
  412. 'initiatorEmail' => $initiatorEmailAddress,
  413. 'shareWith' => $shareWith,
  414. ]);
  415. $emailTemplate->setSubject($this->l->t('Password to access »%1$s« shared to you by %2$s', [$filename, $initiatorDisplayName]));
  416. $emailTemplate->addHeader();
  417. $emailTemplate->addHeading($this->l->t('Password to access »%s«', [$filename]), false);
  418. $emailTemplate->addBodyText(htmlspecialchars($htmlBodyPart), $plainBodyPart);
  419. $emailTemplate->addBodyText($this->l->t('It is protected with the following password:'));
  420. $emailTemplate->addBodyText($password);
  421. // The "From" contains the sharers name
  422. $instanceName = $this->defaults->getName();
  423. $senderName = $this->l->t(
  424. '%1$s via %2$s',
  425. [
  426. $initiatorDisplayName,
  427. $instanceName
  428. ]
  429. );
  430. $message->setFrom([\OCP\Util::getDefaultEmailAddress($instanceName) => $senderName]);
  431. if ($initiatorEmailAddress !== null) {
  432. $message->setReplyTo([$initiatorEmailAddress => $initiatorDisplayName]);
  433. $emailTemplate->addFooter($instanceName . ' - ' . $this->defaults->getSlogan());
  434. } else {
  435. $emailTemplate->addFooter();
  436. }
  437. $message->setTo([$shareWith]);
  438. $message->useTemplate($emailTemplate);
  439. $this->mailer->send($message);
  440. $this->createPasswordSendActivity($share, $shareWith, false);
  441. return true;
  442. }
  443. protected function sendNote(IShare $share) {
  444. $recipient = $share->getSharedWith();
  445. $filename = $share->getNode()->getName();
  446. $initiator = $share->getSharedBy();
  447. $note = $share->getNote();
  448. $initiatorUser = $this->userManager->get($initiator);
  449. $initiatorDisplayName = ($initiatorUser instanceof IUser) ? $initiatorUser->getDisplayName() : $initiator;
  450. $initiatorEmailAddress = ($initiatorUser instanceof IUser) ? $initiatorUser->getEMailAddress() : null;
  451. $plainHeading = $this->l->t('%1$s shared »%2$s« with you and wants to add:', [$initiatorDisplayName, $filename]);
  452. $htmlHeading = $this->l->t('%1$s shared »%2$s« with you and wants to add', [$initiatorDisplayName, $filename]);
  453. $message = $this->mailer->createMessage();
  454. $emailTemplate = $this->mailer->createEMailTemplate('shareByMail.sendNote');
  455. $emailTemplate->setSubject($this->l->t('»%s« added a note to a file shared with you', [$initiatorDisplayName]));
  456. $emailTemplate->addHeader();
  457. $emailTemplate->addHeading(htmlspecialchars($htmlHeading), $plainHeading);
  458. $emailTemplate->addBodyText(htmlspecialchars($note), $note);
  459. $link = $this->urlGenerator->linkToRouteAbsolute('files_sharing.sharecontroller.showShare',
  460. ['token' => $share->getToken()]);
  461. $emailTemplate->addBodyButton(
  462. $this->l->t('Open »%s«', [$filename]),
  463. $link
  464. );
  465. // The "From" contains the sharers name
  466. $instanceName = $this->defaults->getName();
  467. $senderName = $this->l->t(
  468. '%1$s via %2$s',
  469. [
  470. $initiatorDisplayName,
  471. $instanceName
  472. ]
  473. );
  474. $message->setFrom([\OCP\Util::getDefaultEmailAddress($instanceName) => $senderName]);
  475. if ($initiatorEmailAddress !== null) {
  476. $message->setReplyTo([$initiatorEmailAddress => $initiatorDisplayName]);
  477. $emailTemplate->addFooter($instanceName . ' - ' . $this->defaults->getSlogan());
  478. } else {
  479. $emailTemplate->addFooter();
  480. }
  481. $message->setTo([$recipient]);
  482. $message->useTemplate($emailTemplate);
  483. $this->mailer->send($message);
  484. }
  485. /**
  486. * send auto generated password to the owner. This happens if the admin enforces
  487. * a password for mail shares and forbid to send the password by mail to the recipient
  488. *
  489. * @param IShare $share
  490. * @param string $password
  491. * @return bool
  492. * @throws \Exception
  493. */
  494. protected function sendPasswordToOwner(IShare $share, $password) {
  495. $filename = $share->getNode()->getName();
  496. $initiator = $this->userManager->get($share->getSharedBy());
  497. $initiatorEMailAddress = ($initiator instanceof IUser) ? $initiator->getEMailAddress() : null;
  498. $initiatorDisplayName = ($initiator instanceof IUser) ? $initiator->getDisplayName() : $share->getSharedBy();
  499. $shareWith = $share->getSharedWith();
  500. if ($initiatorEMailAddress === null) {
  501. throw new \Exception(
  502. $this->l->t("We can't send you the auto-generated password. Please set a valid email address in your personal settings and try again.")
  503. );
  504. }
  505. $bodyPart = $this->l->t('You just shared »%1$s« with %2$s. The share was already sent to the recipient. Due to the security policies defined by the administrator of %3$s each share needs to be protected by password and it is not allowed to send the password directly to the recipient. Therefore you need to forward the password manually to the recipient.', [$filename, $shareWith, $this->defaults->getName()]);
  506. $message = $this->mailer->createMessage();
  507. $emailTemplate = $this->mailer->createEMailTemplate('sharebymail.OwnerPasswordNotification', [
  508. 'filename' => $filename,
  509. 'password' => $password,
  510. 'initiator' => $initiatorDisplayName,
  511. 'initiatorEmail' => $initiatorEMailAddress,
  512. 'shareWith' => $shareWith,
  513. ]);
  514. $emailTemplate->setSubject($this->l->t('Password to access »%1$s« shared by you with %2$s', [$filename, $shareWith]));
  515. $emailTemplate->addHeader();
  516. $emailTemplate->addHeading($this->l->t('Password to access »%s«', [$filename]), false);
  517. $emailTemplate->addBodyText($bodyPart);
  518. $emailTemplate->addBodyText($this->l->t('This is the password:'));
  519. $emailTemplate->addBodyText($password);
  520. $emailTemplate->addBodyText($this->l->t('You can choose a different password at any time in the share dialog.'));
  521. $emailTemplate->addFooter();
  522. if ($initiatorEMailAddress) {
  523. $message->setFrom([$initiatorEMailAddress => $initiatorDisplayName]);
  524. }
  525. $message->setTo([$initiatorEMailAddress => $initiatorDisplayName]);
  526. $message->useTemplate($emailTemplate);
  527. $this->mailer->send($message);
  528. $this->createPasswordSendActivity($share, $shareWith, true);
  529. return true;
  530. }
  531. /**
  532. * generate share token
  533. *
  534. * @return string
  535. */
  536. protected function generateToken($size = 15) {
  537. $token = $this->secureRandom->generate($size, ISecureRandom::CHAR_HUMAN_READABLE);
  538. return $token;
  539. }
  540. /**
  541. * Get all children of this share
  542. *
  543. * @param IShare $parent
  544. * @return IShare[]
  545. */
  546. public function getChildren(IShare $parent) {
  547. $children = [];
  548. $qb = $this->dbConnection->getQueryBuilder();
  549. $qb->select('*')
  550. ->from('share')
  551. ->where($qb->expr()->eq('parent', $qb->createNamedParameter($parent->getId())))
  552. ->andWhere($qb->expr()->eq('share_type', $qb->createNamedParameter(\OCP\Share::SHARE_TYPE_EMAIL)))
  553. ->orderBy('id');
  554. $cursor = $qb->execute();
  555. while($data = $cursor->fetch()) {
  556. $children[] = $this->createShareObject($data);
  557. }
  558. $cursor->closeCursor();
  559. return $children;
  560. }
  561. /**
  562. * add share to the database and return the ID
  563. *
  564. * @param int $itemSource
  565. * @param string $itemType
  566. * @param string $shareWith
  567. * @param string $sharedBy
  568. * @param string $uidOwner
  569. * @param int $permissions
  570. * @param string $token
  571. * @param string $password
  572. * @param bool $sendPasswordByTalk
  573. * @return int
  574. */
  575. protected function addShareToDB($itemSource, $itemType, $shareWith, $sharedBy, $uidOwner, $permissions, $token, $password, $sendPasswordByTalk) {
  576. $qb = $this->dbConnection->getQueryBuilder();
  577. $qb->insert('share')
  578. ->setValue('share_type', $qb->createNamedParameter(\OCP\Share::SHARE_TYPE_EMAIL))
  579. ->setValue('item_type', $qb->createNamedParameter($itemType))
  580. ->setValue('item_source', $qb->createNamedParameter($itemSource))
  581. ->setValue('file_source', $qb->createNamedParameter($itemSource))
  582. ->setValue('share_with', $qb->createNamedParameter($shareWith))
  583. ->setValue('uid_owner', $qb->createNamedParameter($uidOwner))
  584. ->setValue('uid_initiator', $qb->createNamedParameter($sharedBy))
  585. ->setValue('permissions', $qb->createNamedParameter($permissions))
  586. ->setValue('token', $qb->createNamedParameter($token))
  587. ->setValue('password', $qb->createNamedParameter($password))
  588. ->setValue('password_by_talk', $qb->createNamedParameter($sendPasswordByTalk, IQueryBuilder::PARAM_BOOL))
  589. ->setValue('stime', $qb->createNamedParameter(time()));
  590. /*
  591. * Added to fix https://github.com/owncloud/core/issues/22215
  592. * Can be removed once we get rid of ajax/share.php
  593. */
  594. $qb->setValue('file_target', $qb->createNamedParameter(''));
  595. $qb->execute();
  596. $id = $qb->getLastInsertId();
  597. return (int)$id;
  598. }
  599. /**
  600. * Update a share
  601. *
  602. * @param IShare $share
  603. * @param string|null $plainTextPassword
  604. * @return IShare The share object
  605. */
  606. public function update(IShare $share, $plainTextPassword = null) {
  607. $originalShare = $this->getShareById($share->getId());
  608. // a real password was given
  609. $validPassword = $plainTextPassword !== null && $plainTextPassword !== '';
  610. if($validPassword && ($originalShare->getPassword() !== $share->getPassword() ||
  611. ($originalShare->getSendPasswordByTalk() && !$share->getSendPasswordByTalk()))) {
  612. $this->sendPassword($share, $plainTextPassword);
  613. }
  614. /*
  615. * We allow updating the permissions and password of mail shares
  616. */
  617. $qb = $this->dbConnection->getQueryBuilder();
  618. $qb->update('share')
  619. ->where($qb->expr()->eq('id', $qb->createNamedParameter($share->getId())))
  620. ->set('permissions', $qb->createNamedParameter($share->getPermissions()))
  621. ->set('uid_owner', $qb->createNamedParameter($share->getShareOwner()))
  622. ->set('uid_initiator', $qb->createNamedParameter($share->getSharedBy()))
  623. ->set('password', $qb->createNamedParameter($share->getPassword()))
  624. ->set('password_by_talk', $qb->createNamedParameter($share->getSendPasswordByTalk(), IQueryBuilder::PARAM_BOOL))
  625. ->set('expiration', $qb->createNamedParameter($share->getExpirationDate(), IQueryBuilder::PARAM_DATE))
  626. ->set('note', $qb->createNamedParameter($share->getNote()))
  627. ->execute();
  628. if ($originalShare->getNote() !== $share->getNote() && $share->getNote() !== '') {
  629. $this->sendNote($share);
  630. }
  631. return $share;
  632. }
  633. /**
  634. * @inheritdoc
  635. */
  636. public function move(IShare $share, $recipient) {
  637. /**
  638. * nothing to do here, mail shares are only outgoing shares
  639. */
  640. return $share;
  641. }
  642. /**
  643. * Delete a share (owner unShares the file)
  644. *
  645. * @param IShare $share
  646. */
  647. public function delete(IShare $share) {
  648. try {
  649. $this->createShareActivity($share, 'unshare');
  650. } catch (\Exception $e) {
  651. }
  652. $this->removeShareFromTable($share->getId());
  653. }
  654. /**
  655. * @inheritdoc
  656. */
  657. public function deleteFromSelf(IShare $share, $recipient) {
  658. // nothing to do here, mail shares are only outgoing shares
  659. }
  660. public function restore(IShare $share, string $recipient): IShare {
  661. throw new GenericShareException('not implemented');
  662. }
  663. /**
  664. * @inheritdoc
  665. */
  666. public function getSharesBy($userId, $shareType, $node, $reshares, $limit, $offset) {
  667. $qb = $this->dbConnection->getQueryBuilder();
  668. $qb->select('*')
  669. ->from('share');
  670. $qb->andWhere($qb->expr()->eq('share_type', $qb->createNamedParameter(\OCP\Share::SHARE_TYPE_EMAIL)));
  671. /**
  672. * Reshares for this user are shares where they are the owner.
  673. */
  674. if ($reshares === false) {
  675. //Special case for old shares created via the web UI
  676. $or1 = $qb->expr()->andX(
  677. $qb->expr()->eq('uid_owner', $qb->createNamedParameter($userId)),
  678. $qb->expr()->isNull('uid_initiator')
  679. );
  680. $qb->andWhere(
  681. $qb->expr()->orX(
  682. $qb->expr()->eq('uid_initiator', $qb->createNamedParameter($userId)),
  683. $or1
  684. )
  685. );
  686. } else {
  687. $qb->andWhere(
  688. $qb->expr()->orX(
  689. $qb->expr()->eq('uid_owner', $qb->createNamedParameter($userId)),
  690. $qb->expr()->eq('uid_initiator', $qb->createNamedParameter($userId))
  691. )
  692. );
  693. }
  694. if ($node !== null) {
  695. $qb->andWhere($qb->expr()->eq('file_source', $qb->createNamedParameter($node->getId())));
  696. }
  697. if ($limit !== -1) {
  698. $qb->setMaxResults($limit);
  699. }
  700. $qb->setFirstResult($offset);
  701. $qb->orderBy('id');
  702. $cursor = $qb->execute();
  703. $shares = [];
  704. while($data = $cursor->fetch()) {
  705. $shares[] = $this->createShareObject($data);
  706. }
  707. $cursor->closeCursor();
  708. return $shares;
  709. }
  710. /**
  711. * @inheritdoc
  712. */
  713. public function getShareById($id, $recipientId = null) {
  714. $qb = $this->dbConnection->getQueryBuilder();
  715. $qb->select('*')
  716. ->from('share')
  717. ->where($qb->expr()->eq('id', $qb->createNamedParameter($id)))
  718. ->andWhere($qb->expr()->eq('share_type', $qb->createNamedParameter(\OCP\Share::SHARE_TYPE_EMAIL)));
  719. $cursor = $qb->execute();
  720. $data = $cursor->fetch();
  721. $cursor->closeCursor();
  722. if ($data === false) {
  723. throw new ShareNotFound();
  724. }
  725. try {
  726. $share = $this->createShareObject($data);
  727. } catch (InvalidShare $e) {
  728. throw new ShareNotFound();
  729. }
  730. return $share;
  731. }
  732. /**
  733. * Get shares for a given path
  734. *
  735. * @param \OCP\Files\Node $path
  736. * @return IShare[]
  737. */
  738. public function getSharesByPath(Node $path) {
  739. $qb = $this->dbConnection->getQueryBuilder();
  740. $cursor = $qb->select('*')
  741. ->from('share')
  742. ->andWhere($qb->expr()->eq('file_source', $qb->createNamedParameter($path->getId())))
  743. ->andWhere($qb->expr()->eq('share_type', $qb->createNamedParameter(\OCP\Share::SHARE_TYPE_EMAIL)))
  744. ->execute();
  745. $shares = [];
  746. while($data = $cursor->fetch()) {
  747. $shares[] = $this->createShareObject($data);
  748. }
  749. $cursor->closeCursor();
  750. return $shares;
  751. }
  752. /**
  753. * @inheritdoc
  754. */
  755. public function getSharedWith($userId, $shareType, $node, $limit, $offset) {
  756. /** @var IShare[] $shares */
  757. $shares = [];
  758. //Get shares directly with this user
  759. $qb = $this->dbConnection->getQueryBuilder();
  760. $qb->select('*')
  761. ->from('share');
  762. // Order by id
  763. $qb->orderBy('id');
  764. // Set limit and offset
  765. if ($limit !== -1) {
  766. $qb->setMaxResults($limit);
  767. }
  768. $qb->setFirstResult($offset);
  769. $qb->where($qb->expr()->eq('share_type', $qb->createNamedParameter(\OCP\Share::SHARE_TYPE_EMAIL)));
  770. $qb->andWhere($qb->expr()->eq('share_with', $qb->createNamedParameter($userId)));
  771. // Filter by node if provided
  772. if ($node !== null) {
  773. $qb->andWhere($qb->expr()->eq('file_source', $qb->createNamedParameter($node->getId())));
  774. }
  775. $cursor = $qb->execute();
  776. while($data = $cursor->fetch()) {
  777. $shares[] = $this->createShareObject($data);
  778. }
  779. $cursor->closeCursor();
  780. return $shares;
  781. }
  782. /**
  783. * Get a share by token
  784. *
  785. * @param string $token
  786. * @return IShare
  787. * @throws ShareNotFound
  788. */
  789. public function getShareByToken($token) {
  790. $qb = $this->dbConnection->getQueryBuilder();
  791. $cursor = $qb->select('*')
  792. ->from('share')
  793. ->where($qb->expr()->eq('share_type', $qb->createNamedParameter(\OCP\Share::SHARE_TYPE_EMAIL)))
  794. ->andWhere($qb->expr()->eq('token', $qb->createNamedParameter($token)))
  795. ->execute();
  796. $data = $cursor->fetch();
  797. if ($data === false) {
  798. throw new ShareNotFound('Share not found', $this->l->t('Could not find share'));
  799. }
  800. try {
  801. $share = $this->createShareObject($data);
  802. } catch (InvalidShare $e) {
  803. throw new ShareNotFound('Share not found', $this->l->t('Could not find share'));
  804. }
  805. return $share;
  806. }
  807. /**
  808. * remove share from table
  809. *
  810. * @param string $shareId
  811. */
  812. protected function removeShareFromTable($shareId) {
  813. $qb = $this->dbConnection->getQueryBuilder();
  814. $qb->delete('share')
  815. ->where($qb->expr()->eq('id', $qb->createNamedParameter($shareId)));
  816. $qb->execute();
  817. }
  818. /**
  819. * Create a share object from an database row
  820. *
  821. * @param array $data
  822. * @return IShare
  823. * @throws InvalidShare
  824. * @throws ShareNotFound
  825. */
  826. protected function createShareObject($data) {
  827. $share = new Share($this->rootFolder, $this->userManager);
  828. $share->setId((int)$data['id'])
  829. ->setShareType((int)$data['share_type'])
  830. ->setPermissions((int)$data['permissions'])
  831. ->setTarget($data['file_target'])
  832. ->setMailSend((bool)$data['mail_send'])
  833. ->setNote($data['note'])
  834. ->setToken($data['token']);
  835. $shareTime = new \DateTime();
  836. $shareTime->setTimestamp((int)$data['stime']);
  837. $share->setShareTime($shareTime);
  838. $share->setSharedWith($data['share_with']);
  839. $share->setPassword($data['password']);
  840. $share->setSendPasswordByTalk((bool)$data['password_by_talk']);
  841. if ($data['uid_initiator'] !== null) {
  842. $share->setShareOwner($data['uid_owner']);
  843. $share->setSharedBy($data['uid_initiator']);
  844. } else {
  845. //OLD SHARE
  846. $share->setSharedBy($data['uid_owner']);
  847. $path = $this->getNode($share->getSharedBy(), (int)$data['file_source']);
  848. $owner = $path->getOwner();
  849. $share->setShareOwner($owner->getUID());
  850. }
  851. if ($data['expiration'] !== null) {
  852. $expiration = \DateTime::createFromFormat('Y-m-d H:i:s', $data['expiration']);
  853. if ($expiration !== false) {
  854. $share->setExpirationDate($expiration);
  855. }
  856. }
  857. $share->setNodeId((int)$data['file_source']);
  858. $share->setNodeType($data['item_type']);
  859. $share->setProviderId($this->identifier());
  860. return $share;
  861. }
  862. /**
  863. * Get the node with file $id for $user
  864. *
  865. * @param string $userId
  866. * @param int $id
  867. * @return \OCP\Files\File|\OCP\Files\Folder
  868. * @throws InvalidShare
  869. */
  870. private function getNode($userId, $id) {
  871. try {
  872. $userFolder = $this->rootFolder->getUserFolder($userId);
  873. } catch (NoUserException $e) {
  874. throw new InvalidShare();
  875. }
  876. $nodes = $userFolder->getById($id);
  877. if (empty($nodes)) {
  878. throw new InvalidShare();
  879. }
  880. return $nodes[0];
  881. }
  882. /**
  883. * A user is deleted from the system
  884. * So clean up the relevant shares.
  885. *
  886. * @param string $uid
  887. * @param int $shareType
  888. */
  889. public function userDeleted($uid, $shareType) {
  890. $qb = $this->dbConnection->getQueryBuilder();
  891. $qb->delete('share')
  892. ->where($qb->expr()->eq('share_type', $qb->createNamedParameter(\OCP\Share::SHARE_TYPE_EMAIL)))
  893. ->andWhere($qb->expr()->eq('uid_owner', $qb->createNamedParameter($uid)))
  894. ->execute();
  895. }
  896. /**
  897. * This provider does not support group shares
  898. *
  899. * @param string $gid
  900. */
  901. public function groupDeleted($gid) {
  902. }
  903. /**
  904. * This provider does not support group shares
  905. *
  906. * @param string $uid
  907. * @param string $gid
  908. */
  909. public function userDeletedFromGroup($uid, $gid) {
  910. }
  911. /**
  912. * get database row of a give share
  913. *
  914. * @param $id
  915. * @return array
  916. * @throws ShareNotFound
  917. */
  918. protected function getRawShare($id) {
  919. // Now fetch the inserted share and create a complete share object
  920. $qb = $this->dbConnection->getQueryBuilder();
  921. $qb->select('*')
  922. ->from('share')
  923. ->where($qb->expr()->eq('id', $qb->createNamedParameter($id)));
  924. $cursor = $qb->execute();
  925. $data = $cursor->fetch();
  926. $cursor->closeCursor();
  927. if ($data === false) {
  928. throw new ShareNotFound;
  929. }
  930. return $data;
  931. }
  932. public function getSharesInFolder($userId, Folder $node, $reshares) {
  933. $qb = $this->dbConnection->getQueryBuilder();
  934. $qb->select('*')
  935. ->from('share', 's')
  936. ->andWhere($qb->expr()->orX(
  937. $qb->expr()->eq('item_type', $qb->createNamedParameter('file')),
  938. $qb->expr()->eq('item_type', $qb->createNamedParameter('folder'))
  939. ))
  940. ->andWhere(
  941. $qb->expr()->eq('share_type', $qb->createNamedParameter(\OCP\Share::SHARE_TYPE_EMAIL))
  942. );
  943. /**
  944. * Reshares for this user are shares where they are the owner.
  945. */
  946. if ($reshares === false) {
  947. $qb->andWhere($qb->expr()->eq('uid_initiator', $qb->createNamedParameter($userId)));
  948. } else {
  949. $qb->andWhere(
  950. $qb->expr()->orX(
  951. $qb->expr()->eq('uid_owner', $qb->createNamedParameter($userId)),
  952. $qb->expr()->eq('uid_initiator', $qb->createNamedParameter($userId))
  953. )
  954. );
  955. }
  956. $qb->innerJoin('s', 'filecache' ,'f', $qb->expr()->eq('s.file_source', 'f.fileid'));
  957. $qb->andWhere($qb->expr()->eq('f.parent', $qb->createNamedParameter($node->getId())));
  958. $qb->orderBy('id');
  959. $cursor = $qb->execute();
  960. $shares = [];
  961. while ($data = $cursor->fetch()) {
  962. $shares[$data['fileid']][] = $this->createShareObject($data);
  963. }
  964. $cursor->closeCursor();
  965. return $shares;
  966. }
  967. /**
  968. * @inheritdoc
  969. */
  970. public function getAccessList($nodes, $currentAccess) {
  971. $ids = [];
  972. foreach ($nodes as $node) {
  973. $ids[] = $node->getId();
  974. }
  975. $qb = $this->dbConnection->getQueryBuilder();
  976. $qb->select('share_with')
  977. ->from('share')
  978. ->where($qb->expr()->eq('share_type', $qb->createNamedParameter(\OCP\Share::SHARE_TYPE_EMAIL)))
  979. ->andWhere($qb->expr()->in('file_source', $qb->createNamedParameter($ids, IQueryBuilder::PARAM_INT_ARRAY)))
  980. ->andWhere($qb->expr()->orX(
  981. $qb->expr()->eq('item_type', $qb->createNamedParameter('file')),
  982. $qb->expr()->eq('item_type', $qb->createNamedParameter('folder'))
  983. ))
  984. ->setMaxResults(1);
  985. $cursor = $qb->execute();
  986. $mail = $cursor->fetch() !== false;
  987. $cursor->closeCursor();
  988. return ['public' => $mail];
  989. }
  990. }