fix: only write activites for actualy public uploads

Currently, any file activity without a proper session is interpreted to be a public upload.
Now, the share token is compared and the activity is only written when the share token belongs to a public folder

Signed-off-by: Anna Larch <anna@nextcloud.com>

Author: miaulalala

lib/CurrentUser.php

@@ -102,11 +102,31 @@ public function getCloudId() {
 		return $this->cloudId;
 	}
 
+	/**
+	 * Check if the current request is via a public share link
+	 */
+	public function isPublicShareToken(): bool {
+		/** @psalm-suppress NoInterfaceProperties */
+		if (!empty($this->request->server['PHP_AUTH_USER'])) {
+			$token = $this->request->server['PHP_AUTH_USER'];
+			try {
+				$share = $this->shareManager->getShareByToken($token);
+				return $share->getShareType() === IShare::TYPE_LINK
+					|| $share->getShareType() === IShare::TYPE_EMAIL;
+			} catch (ShareNotFound $e) {
+				// No share found for this token
+			}
+		}
+
+		return false;
+	}
+
 	/**
 	 * Get the cloud ID from the sharing token
 	 * @return string|null
 	 */
 	protected function getCloudIDFromToken() {
+		/** @psalm-suppress NoInterfaceProperties */
 		if (!empty($this->request->server['PHP_AUTH_USER'])) {
 			$token = $this->request->server['PHP_AUTH_USER'];
 			/**

lib/FilesHooks.php

@@ -82,7 +82,7 @@ public function fileCreate($path) {
 			return;
 		}
 
-		if ($this->currentUser->getUserIdentifier() !== '') {
+		if ($this->currentUser->getUserIdentifier() !== '' || !$this->currentUser->isPublicShareToken()) {
 			$this->addNotificationsForFileAction($path, Files::TYPE_SHARE_CREATED, 'created_self', 'created_by');
 		} else {
 			$this->addNotificationsForFileAction($path, Files_Sharing::TYPE_PUBLIC_UPLOAD, '', 'created_public');

tests/FilesHooksTest.php

@@ -167,16 +167,42 @@ protected function getUserMock(string $uid): IUser {
 
 	public static function dataFileCreate(): array {
 		return [
-			['user', 'created_self', 'created_by', Files::TYPE_SHARE_CREATED],
-			['', '', 'created_public', Files_Sharing::TYPE_PUBLIC_UPLOAD],
+			['user', false, 'created_self', 'created_by', Files::TYPE_SHARE_CREATED],
+			['', true, '', 'created_public', Files_Sharing::TYPE_PUBLIC_UPLOAD],
+			['', false, 'created_self', 'created_by', Files::TYPE_SHARE_CREATED],
 		];
 	}
 
 	#[DataProvider('dataFileCreate')]
-	public function testFileCreate(string $currentUser, string $selfSubject, string $othersSubject, string $type): void {
-		$filesHooks = $this->getFilesHooks([
-			'addNotificationsForFileAction',
-		], $currentUser);
+	public function testFileCreate(string $currentUser, bool $isPublicShare, string $selfSubject, string $othersSubject, string $type): void {
+		$currentUserMock = $this->createMock(CurrentUser::class);
+		$currentUserMock->method('getUID')->willReturn($currentUser);
+		$currentUserMock->method('getUserIdentifier')->willReturn($currentUser);
+		$currentUserMock->method('isPublicShareToken')->willReturn($isPublicShare);
+
+		$logger = $this->createMock(LoggerInterface::class);
+
+		$filesHooks = $this->getMockBuilder(FilesHooks::class)
+			->setConstructorArgs([
+				$this->activityManager,
+				$this->data,
+				$this->settings,
+				$this->groupManager,
+				$this->view,
+				$this->rootFolder,
+				$this->shareHelper,
+				Server::get(IDBConnection::class),
+				$this->urlGenerator,
+				$logger,
+				$currentUserMock,
+				$this->userMountCache,
+				$this->config,
+				$this->notificationGenerator,
+				$this->tagManager,
+				$this->teamManager,
+			])
+			->onlyMethods(['addNotificationsForFileAction'])
+			->getMock();
 
 		$filesHooks->expects($this->once())
 			->method('addNotificationsForFileAction')