Skip to content

Commit f297929

Browse files
committed
fix: only write activites for actualy public uploads
Currently, any file activity without a proper session is interpreted to be a public upload. Now, the share token is compared and the activity is only written when the share token belongs to a public folder Signed-off-by: Anna Larch <anna@nextcloud.com>
1 parent 17fff4e commit f297929

File tree

3 files changed

+53
-7
lines changed

3 files changed

+53
-7
lines changed

lib/CurrentUser.php

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -102,11 +102,31 @@ public function getCloudId() {
102102
return $this->cloudId;
103103
}
104104

105+
/**
106+
* Check if the current request is via a public share link
107+
*/
108+
public function isPublicShareToken(): bool {
109+
/** @psalm-suppress NoInterfaceProperties */
110+
if (!empty($this->request->server['PHP_AUTH_USER'])) {
111+
$token = $this->request->server['PHP_AUTH_USER'];
112+
try {
113+
$share = $this->shareManager->getShareByToken($token);
114+
return $share->getShareType() === IShare::TYPE_LINK
115+
|| $share->getShareType() === IShare::TYPE_EMAIL;
116+
} catch (ShareNotFound $e) {
117+
// No share found for this token
118+
}
119+
}
120+
121+
return false;
122+
}
123+
105124
/**
106125
* Get the cloud ID from the sharing token
107126
* @return string|null
108127
*/
109128
protected function getCloudIDFromToken() {
129+
/** @psalm-suppress NoInterfaceProperties */
110130
if (!empty($this->request->server['PHP_AUTH_USER'])) {
111131
$token = $this->request->server['PHP_AUTH_USER'];
112132
/**

lib/FilesHooks.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -82,7 +82,7 @@ public function fileCreate($path) {
8282
return;
8383
}
8484

85-
if ($this->currentUser->getUserIdentifier() !== '') {
85+
if ($this->currentUser->getUserIdentifier() !== '' || !$this->currentUser->isPublicShareToken()) {
8686
$this->addNotificationsForFileAction($path, Files::TYPE_SHARE_CREATED, 'created_self', 'created_by');
8787
} else {
8888
$this->addNotificationsForFileAction($path, Files_Sharing::TYPE_PUBLIC_UPLOAD, '', 'created_public');

tests/FilesHooksTest.php

Lines changed: 32 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -167,16 +167,42 @@ protected function getUserMock(string $uid): IUser {
167167

168168
public static function dataFileCreate(): array {
169169
return [
170-
['user', 'created_self', 'created_by', Files::TYPE_SHARE_CREATED],
171-
['', '', 'created_public', Files_Sharing::TYPE_PUBLIC_UPLOAD],
170+
['user', false, 'created_self', 'created_by', Files::TYPE_SHARE_CREATED],
171+
['', true, '', 'created_public', Files_Sharing::TYPE_PUBLIC_UPLOAD],
172+
['', false, 'created_self', 'created_by', Files::TYPE_SHARE_CREATED],
172173
];
173174
}
174175

175176
#[DataProvider('dataFileCreate')]
176-
public function testFileCreate(string $currentUser, string $selfSubject, string $othersSubject, string $type): void {
177-
$filesHooks = $this->getFilesHooks([
178-
'addNotificationsForFileAction',
179-
], $currentUser);
177+
public function testFileCreate(string $currentUser, bool $isPublicShare, string $selfSubject, string $othersSubject, string $type): void {
178+
$currentUserMock = $this->createMock(CurrentUser::class);
179+
$currentUserMock->method('getUID')->willReturn($currentUser);
180+
$currentUserMock->method('getUserIdentifier')->willReturn($currentUser);
181+
$currentUserMock->method('isPublicShareToken')->willReturn($isPublicShare);
182+
183+
$logger = $this->createMock(LoggerInterface::class);
184+
185+
$filesHooks = $this->getMockBuilder(FilesHooks::class)
186+
->setConstructorArgs([
187+
$this->activityManager,
188+
$this->data,
189+
$this->settings,
190+
$this->groupManager,
191+
$this->view,
192+
$this->rootFolder,
193+
$this->shareHelper,
194+
Server::get(IDBConnection::class),
195+
$this->urlGenerator,
196+
$logger,
197+
$currentUserMock,
198+
$this->userMountCache,
199+
$this->config,
200+
$this->notificationGenerator,
201+
$this->tagManager,
202+
$this->teamManager,
203+
])
204+
->onlyMethods(['addNotificationsForFileAction'])
205+
->getMock();
180206

181207
$filesHooks->expects($this->once())
182208
->method('addNotificationsForFileAction')

0 commit comments

Comments
 (0)