diff options
author | Julius Härtl <jus@bitgrid.net> | 2021-08-12 18:08:52 +0300 |
---|---|---|
committer | Julius Härtl <jus@bitgrid.net> | 2021-08-12 18:08:52 +0300 |
commit | b45d41b4a7634b987f72331c2155066153bb51a4 (patch) | |
tree | b443513e383963c246e9a64ce30dac00fc597b63 /lib | |
parent | 20064f1722c091f07a460be8ebb22725a433d835 (diff) |
Allow guests to request a direct token for share links
Signed-off-by: Julius Härtl <jus@bitgrid.net>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/Controller/OCSController.php | 19 |
1 files changed, 16 insertions, 3 deletions
diff --git a/lib/Controller/OCSController.php b/lib/Controller/OCSController.php index dfe8a16f..d1eb7181 100644 --- a/lib/Controller/OCSController.php +++ b/lib/Controller/OCSController.php @@ -131,6 +131,8 @@ class OCSController extends \OCP\AppFramework\OCSController { * Generate a direct editing link for a file in a public share to open with the current user * * @NoAdminRequired + * @BruteForceProtection(action=richdocumentsCreatePublic) + * @PublicPage * @throws OCSForbiddenException */ public function createPublic( @@ -165,13 +167,24 @@ class OCSController extends \OCP\AppFramework\OCSController { ]); } - $share = $this->shareManager->getShareByToken($shareToken); + try { + $share = $this->shareManager->getShareByToken($shareToken); + } catch (ShareNotFound $ex) { + $response = new DataResponse([], HTTP::STATUS_NOT_FOUND); + $response->throttle(); + return $response; + } + if ($share->getPassword() && !$this->shareManager->checkPassword($share, $password)) { - throw new OCSForbiddenException(); + $response = new DataResponse([], HTTP::STATUS_FORBIDDEN); + $response->throttle(); + return $response; } if (($share->getPermissions() & Constants::PERMISSION_READ) === 0) { - throw new OCSForbiddenException(); + $response = new DataResponse([], HTTP::STATUS_FORBIDDEN); + $response->throttle(); + return $response; } $node = $share->getNode(); |