Merge pull request #13288 from owncloud/enc_fix_public_download
[encryption] fix download of public shared files
This commit is contained in:
commit
64ee942e7d
3 changed files with 14 additions and 25 deletions
|
@ -47,16 +47,15 @@ class Proxy extends \OC_FileProxy {
|
|||
* check if path is excluded from encryption
|
||||
*
|
||||
* @param string $path relative to data/
|
||||
* @param string $uid user
|
||||
* @return boolean
|
||||
*/
|
||||
protected function isExcludedPath($path, $uid) {
|
||||
protected function isExcludedPath($path) {
|
||||
|
||||
$view = new \OC\Files\View();
|
||||
|
||||
$path = \OC\Files\Filesystem::normalizePath($path);
|
||||
$normalizedPath = \OC\Files\Filesystem::normalizePath($path);
|
||||
|
||||
$parts = explode('/', $path);
|
||||
$parts = explode('/', $normalizedPath);
|
||||
|
||||
// we only encrypt/decrypt files in the files and files_versions folder
|
||||
if (sizeof($parts) < 3) {
|
||||
|
@ -69,18 +68,18 @@ class Proxy extends \OC_FileProxy {
|
|||
return true;
|
||||
}
|
||||
if(
|
||||
strpos($path, '/' . $uid . '/files/') !== 0 &&
|
||||
!($parts[2] === 'files' && \OCP\User::userExists($parts[1])) &&
|
||||
!($parts[2] === 'files_versions' && \OCP\User::userExists($parts[1]))) {
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
if (!$view->file_exists($path)) {
|
||||
$path = dirname($path);
|
||||
if (!$view->file_exists($normalizedPath)) {
|
||||
$normalizedPath = dirname($normalizedPath);
|
||||
}
|
||||
|
||||
// we don't encrypt server-to-server shares
|
||||
list($storage, ) = \OC\Files\Filesystem::resolvePath($path);
|
||||
list($storage, ) = \OC\Files\Filesystem::resolvePath($normalizedPath);
|
||||
/**
|
||||
* @var \OCP\Files\Storage $storage
|
||||
*/
|
||||
|
@ -102,17 +101,16 @@ class Proxy extends \OC_FileProxy {
|
|||
*/
|
||||
private function shouldEncrypt($path, $mode = 'w') {
|
||||
|
||||
$userId = Helper::getUser($path);
|
||||
|
||||
// don't call the crypt stream wrapper, if...
|
||||
if (
|
||||
Crypt::mode() !== 'server' // we are not in server-side-encryption mode
|
||||
|| $this->isExcludedPath($path, $userId) // if path is excluded from encryption
|
||||
|| $this->isExcludedPath($path) // if path is excluded from encryption
|
||||
|| substr($path, 0, 8) === 'crypt://' // we are already in crypt mode
|
||||
) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$userId = Helper::getUser($path);
|
||||
$view = new \OC\Files\View('');
|
||||
$util = new Util($view, $userId);
|
||||
|
||||
|
|
|
@ -136,7 +136,8 @@ class Stream {
|
|||
switch ($fileType) {
|
||||
case Util::FILE_TYPE_FILE:
|
||||
$this->relPath = Helper::stripUserFilesPath($this->rawPath);
|
||||
$this->userId = \OC::$server->getUserSession()->getUser()->getUID();
|
||||
$user = \OC::$server->getUserSession()->getUser();
|
||||
$this->userId = $user ? $user->getUID() : Helper::getUserFromPath($this->rawPath);
|
||||
break;
|
||||
case Util::FILE_TYPE_VERSION:
|
||||
$this->relPath = Helper::getPathFromVersion($this->rawPath);
|
||||
|
@ -145,7 +146,8 @@ class Stream {
|
|||
case Util::FILE_TYPE_CACHE:
|
||||
$this->relPath = Helper::getPathFromCachedFile($this->rawPath);
|
||||
Helper::mkdirr($this->rawPath, new \OC\Files\View('/'));
|
||||
$this->userId = \OC::$server->getUserSession()->getUser()->getUID();
|
||||
$user = \OC::$server->getUserSession()->getUser();
|
||||
$this->userId = $user ? $user->getUID() : Helper::getUserFromPath($this->rawPath);
|
||||
break;
|
||||
default:
|
||||
\OCP\Util::writeLog('Encryption library', 'failed to open file "' . $this->rawPath . '" expecting a path to "files", "files_versions" or "cache"', \OCP\Util::ERROR);
|
||||
|
|
|
@ -126,9 +126,7 @@ class Proxy extends TestCase {
|
|||
$this->view->mkdir(dirname($path));
|
||||
$this->view->file_put_contents($path, "test");
|
||||
|
||||
$testClass = new DummyProxy();
|
||||
|
||||
$result = $testClass->isExcludedPathTesting($path, $this->userId);
|
||||
$result = \Test_Helper::invokePrivate(new \OCA\Files_Encryption\Proxy(), 'isExcludedPath', array($path));
|
||||
$this->assertSame($expected, $result);
|
||||
|
||||
$this->view->deleteAll(dirname($path));
|
||||
|
@ -149,12 +147,3 @@ class Proxy extends TestCase {
|
|||
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Dummy class to make protected methods available for testing
|
||||
*/
|
||||
class DummyProxy extends \OCA\Files_Encryption\Proxy {
|
||||
public function isExcludedPathTesting($path, $uid) {
|
||||
return $this->isExcludedPath($path, $uid);
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue