Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
35 changes: 24 additions & 11 deletions apps/dav/lib/Connector/Sabre/CorsPlugin.php
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,10 @@ class CorsPlugin extends ServerPlugin {
* @var string[]
*/
private $extraHeaders;
/**
* @var bool
*/
private $alreadyExecuted = false;

/**
* @param IUserSession $userSession
Expand Down Expand Up @@ -107,9 +111,13 @@ public function initialize(\Sabre\DAV\Server $server) {
}

$this->server->on('beforeMethod:*', [$this, 'setCorsHeaders']);
$this->server->on('exception', [$this, 'onException']);
$this->server->on('beforeMethod:OPTIONS', [$this, 'setOptionsRequestHeaders'], 5);
}

public function onException(\Throwable $ex) {
$this->setCorsHeaders($this->server->httpRequest, $this->server->httpResponse);
}
/**
* This method sets the cors headers for all requests
*
Expand All @@ -118,18 +126,23 @@ public function initialize(\Sabre\DAV\Server $server) {
* @return void
*/
public function setCorsHeaders(RequestInterface $request, ResponseInterface $response) {
if ($request->getHeader('origin') !== null) {
$requesterDomain = $request->getHeader('origin');
// unauthenticated request shall add cors headers as well
$userId = null;
if ($this->userSession->getUser() !== null) {
$userId = $this->userSession->getUser()->getUID();
}
if ($request->getHeader('origin') === null) {
return;
}
if ($this->alreadyExecuted) {
return;
}
$this->alreadyExecuted = true;
$requesterDomain = $request->getHeader('origin');
// unauthenticated request shall add cors headers as well
$userId = null;
if ($this->userSession->getUser() !== null) {
$userId = $this->userSession->getUser()->getUID();
}

$headers = \OC_Response::setCorsHeaders($userId, $requesterDomain, null, $this->getExtraHeaders($request));
foreach ($headers as $key => $value) {
$response->addHeader($key, \implode(',', $value));
}
$headers = \OC_Response::setCorsHeaders($userId, $requesterDomain, null, $this->getExtraHeaders($request));
foreach ($headers as $key => $value) {
$response->addHeader($key, \implode(',', $value));
}
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@
use OCA\FederatedFileSharing\FedShareManager;
use OCA\FederatedFileSharing\Middleware\OcmMiddleware;
use OCA\FederatedFileSharing\Ocm\Exception\BadRequestException;
use OCA\FederatedFileSharing\Ocm\Exception\ForbiddenException;
use OCA\FederatedFileSharing\Ocm\Exception\NotImplementedException;
use OCA\FederatedFileSharing\Ocm\Exception\OcmException;
use OCP\AppFramework\Http;
Expand Down Expand Up @@ -255,6 +256,18 @@ public function acceptShare($id) {
$token = $this->request->getParam('token', null);
$share = $this->ocmMiddleware->getValidShare($id, $token);
$this->fedShareManager->acceptShare($share);
} catch (BadRequestException $e) {
return new Result(
null,
Http::STATUS_GONE,
$e->getMessage()
);
} catch (ForbiddenException $e) {
return new Result(
null,
Http::STATUS_FORBIDDEN,
$e->getMessage()
);
} catch (NotImplementedException $e) {
return new Result(
null,
Expand All @@ -281,6 +294,18 @@ public function declineShare($id) {
$this->ocmMiddleware->assertOutgoingSharingEnabled();
$share = $this->ocmMiddleware->getValidShare($id, $token);
$this->fedShareManager->declineShare($share);
} catch (BadRequestException $e) {
return new Result(
null,
Http::STATUS_GONE,
$e->getMessage()
);
} catch (ForbiddenException $e) {
return new Result(
null,
Http::STATUS_FORBIDDEN,
$e->getMessage()
);
} catch (NotImplementedException $e) {
return new Result(
null,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -308,6 +308,42 @@ public function testAcceptSuccess() {
);
}

public function testAcceptFailedWhenInvalidShareId() {
$this->request->expects($this->any())
->method('getParam')
->willReturn(self::DEFAULT_TOKEN);

$this->ocmMiddleware->method('getValidShare')
->willThrowException(new BadRequestException());

$this->fedShareManager->expects($this->never())
->method('acceptShare');

$response = $this->requestHandlerController->acceptShare(2);
$this->assertEquals(
Http::STATUS_GONE,
$response->getStatusCode()
);
}

public function testAcceptFailedWhenShareIdHasInvalidSecret() {
$this->request->expects($this->any())
->method('getParam')
->willReturn(self::DEFAULT_TOKEN);

$this->ocmMiddleware->method('getValidShare')
->willThrowException(new ForbiddenException());

$this->fedShareManager->expects($this->never())
->method('acceptShare');

$response = $this->requestHandlerController->acceptShare(2);
$this->assertEquals(
Http::STATUS_FORBIDDEN,
$response->getStatusCode()
);
}

public function testDeclineFailedWhenSharingIsDisabled() {
$this->ocmMiddleware->method('assertOutgoingSharingEnabled')
->willThrowException(new NotImplementedException());
Expand Down Expand Up @@ -346,6 +382,42 @@ public function testDeclineSuccess() {
);
}

public function testDeclineFailedWhenInvalidShareId() {
$this->request->expects($this->any())
->method('getParam')
->willReturn(self::DEFAULT_TOKEN);

$this->ocmMiddleware->method('getValidShare')
->willThrowException(new BadRequestException());

$this->fedShareManager->expects($this->never())
->method('declineShare');

$response = $this->requestHandlerController->declineShare(2);
$this->assertEquals(
Http::STATUS_GONE,
$response->getStatusCode()
);
}

public function testDeclineFailedWhenShareIdHasInvalidSecret() {
$this->request->expects($this->any())
->method('getParam')
->willReturn(self::DEFAULT_TOKEN);

$this->ocmMiddleware->method('getValidShare')
->willThrowException(new ForbiddenException());

$this->fedShareManager->expects($this->never())
->method('declineShare');

$response = $this->requestHandlerController->declineShare(2);
$this->assertEquals(
Http::STATUS_FORBIDDEN,
$response->getStatusCode()
);
}

public function testUnshareFailedWhenSharingIsDisabled() {
$this->ocmMiddleware->method('assertOutgoingSharingEnabled')
->willThrowException(new NotImplementedException());
Expand Down
2 changes: 1 addition & 1 deletion apps/files_sharing/lib/AppInfo/Application.php
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@ public function __construct(array $urlParams = []) {
$server->getUserManager(),
$server->getRootFolder(),
$server->getURLGenerator(),
$server->getUserSession()->getUser(),
$server->getUserSession(),
$server->getL10N('files_sharing'),
$server->getConfig(),
$c->query(NotificationPublisher::class),
Expand Down
Loading