Skip to content

Commit 2aff11c

Browse files
rullzerrullzer
committed
Actually validate the expire date on share
* Added more intergration tests
1 parent fc64ea6 commit 2aff11c

File tree

3 files changed

+110
-5
lines changed

3 files changed

+110
-5
lines changed

apps/files_sharing/api/local.php

Lines changed: 8 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -292,7 +292,7 @@ public static function createShare($params) {
292292
try {
293293
$expirationDate = isset($_POST['expireDate']) ? self::parseDate($_POST['expireDate']) : null;
294294
} catch (\Exception $e) {
295-
return new \OC_OCS_Result(null, 404, 'Invalid Date');
295+
return new \OC_OCS_Result(null, 404, 'Invalid Date. Format must be YYYY-MM-DD.');
296296
}
297297

298298
break;
@@ -315,7 +315,11 @@ public static function createShare($params) {
315315
$expirationDate
316316
);
317317
} catch (HintException $e) {
318-
return new \OC_OCS_Result(null, 400, $e->getHint());
318+
if ($e->getCode() === 0) {
319+
return new \OC_OCS_Result(null, 400, $e->getHint());
320+
} else {
321+
return new \OC_OCS_Result(null, $e->getCode(), $e->getHint());
322+
}
319323
} catch (\Exception $e) {
320324
return new \OC_OCS_Result(null, 403, $e->getMessage());
321325
}
@@ -559,13 +563,13 @@ public static function deleteShare($params) {
559563
*/
560564
private static function parseDate($expireDate) {
561565
if (preg_match('/^\d{4}-\d{2}-\d{2}$/', $expireDate) === 0) {
562-
throw new \Exception();
566+
throw new \Exception('Invalid date. Format must be YYYY-MM-DD');
563567
}
564568

565569
$date = new \DateTime($expireDate);
566570

567571
if ($date === false) {
568-
throw new \Exception();
572+
throw new \Exception('Invalid date. Format must be YYYY-MM-DD');
569573
}
570574

571575
return $date;

apps/files_sharing/tests/api.php

Lines changed: 87 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1518,7 +1518,7 @@ public function testPublicLinkExpireDate($date, $valid) {
15181518
if ($valid === false) {
15191519
$this->assertFalse($result->succeeded());
15201520
$this->assertEquals(404, $result->getStatusCode());
1521-
$this->assertEquals('Invalid Date', $result->getMeta()['message']);
1521+
$this->assertEquals('Invalid Date. Format must be YYYY-MM-DD.', $result->getMeta()['message']);
15221522
return;
15231523
}
15241524

@@ -1543,4 +1543,90 @@ public function testPublicLinkExpireDate($date, $valid) {
15431543
$fileinfo = $this->view->getFileInfo($this->folder);
15441544
\OCP\Share::unshare('folder', $fileinfo['fileid'], \OCP\Share::SHARE_TYPE_LINK, null);
15451545
}
1546+
1547+
public function testCreatePublicLinkExpireDateValid() {
1548+
$config = \OC::$server->getConfig();
1549+
1550+
// enforce expire date, by default 7 days after the file was shared
1551+
$config->setAppValue('core', 'shareapi_default_expire_date', 'yes');
1552+
$config->setAppValue('core', 'shareapi_enforce_expire_date', 'yes');
1553+
1554+
$date = new \DateTime();
1555+
$date->add(new \DateInterval('P5D'));
1556+
1557+
$_POST['path'] = $this->folder;
1558+
$_POST['shareType'] = \OCP\Share::SHARE_TYPE_LINK;
1559+
$_POST['expireDate'] = $date->format('Y-m-d');
1560+
1561+
$result = \OCA\Files_Sharing\API\Local::createShare([]);
1562+
1563+
$this->assertTrue($result->succeeded());
1564+
1565+
$data = $result->getData();
1566+
$this->assertTrue(is_string($data['token']));
1567+
1568+
// check for correct link
1569+
$url = \OC::$server->getURLGenerator()->getAbsoluteURL('/index.php/s/' . $data['token']);
1570+
$this->assertEquals($url, $data['url']);
1571+
1572+
1573+
$share = $this->getShareFromId($data['id']);
1574+
$items = \OCP\Share::getItemShared('file', $share['item_source']);
1575+
$this->assertTrue(!empty($items));
1576+
1577+
$item = reset($items);
1578+
$this->assertTrue(is_array($item));
1579+
$this->assertEquals($date->format('Y-m-d'), substr($item['expiration'], 0, 10));
1580+
1581+
$fileinfo = $this->view->getFileInfo($this->folder);
1582+
\OCP\Share::unshare('folder', $fileinfo['fileid'], \OCP\Share::SHARE_TYPE_LINK, null);
1583+
1584+
$config->setAppValue('core', 'shareapi_default_expire_date', 'no');
1585+
$config->setAppValue('core', 'shareapi_enforce_expire_date', 'no');
1586+
}
1587+
1588+
public function testCreatePublicLinkExpireDateInvalidFuture() {
1589+
$config = \OC::$server->getConfig();
1590+
1591+
// enforce expire date, by default 7 days after the file was shared
1592+
$config->setAppValue('core', 'shareapi_default_expire_date', 'yes');
1593+
$config->setAppValue('core', 'shareapi_enforce_expire_date', 'yes');
1594+
1595+
$date = new \DateTime();
1596+
$date->add(new \DateInterval('P8D'));
1597+
1598+
$_POST['path'] = $this->folder;
1599+
$_POST['shareType'] = \OCP\Share::SHARE_TYPE_LINK;
1600+
$_POST['expireDate'] = $date->format('Y-m-d');
1601+
1602+
$result = \OCA\Files_Sharing\API\Local::createShare([]);
1603+
1604+
$this->assertFalse($result->succeeded());
1605+
$this->assertEquals(404, $result->getStatusCode());
1606+
$this->assertEquals('Cannot set expiration date. Shares cannot expire later than 7 after they have been shared', $result->getMeta()['message']);
1607+
1608+
$config->setAppValue('core', 'shareapi_default_expire_date', 'no');
1609+
$config->setAppValue('core', 'shareapi_enforce_expire_date', 'no');
1610+
}
1611+
1612+
public function testCreatePublicLinkExpireDateInvalidPast() {
1613+
$config = \OC::$server->getConfig();
1614+
1615+
$date = new \DateTime();
1616+
$date->sub(new \DateInterval('P8D'));
1617+
1618+
$_POST['path'] = $this->folder;
1619+
$_POST['shareType'] = \OCP\Share::SHARE_TYPE_LINK;
1620+
$_POST['expireDate'] = $date->format('Y-m-d');
1621+
1622+
$result = \OCA\Files_Sharing\API\Local::createShare([]);
1623+
1624+
$this->assertFalse($result->succeeded());
1625+
$this->assertEquals(404, $result->getStatusCode());
1626+
$this->assertEquals('Cannot set expiration date. Expiration date is in the past', $result->getMeta()['message']);
1627+
1628+
$config->setAppValue('core', 'shareapi_default_expire_date', 'no');
1629+
$config->setAppValue('core', 'shareapi_enforce_expire_date', 'no');
1630+
}
1631+
15461632
}

lib/private/share/share.php

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -649,6 +649,21 @@ public static function shareItem($itemType, $itemSource, $shareType, $shareWith,
649649
$permissions = (int)$permissions & ~\OCP\Constants::PERMISSION_DELETE;
650650
}
651651

652+
//Validate expirationDate
653+
if ($expirationDate !== null) {
654+
try {
655+
/*
656+
* Reuse the validateExpireDate.
657+
* We have to pass time() since the second arg is the time
658+
* the file was shared, since it is not shared yet we just use
659+
* the current time.
660+
*/
661+
$expirationDate = self::validateExpireDate($expirationDate->format('Y-m-d'), time(), $itemType, $itemSource);
662+
} catch (\Exception $e) {
663+
throw new \OC\HintException($e->getMessage(), $e->getMessage(), 404);
664+
}
665+
}
666+
652667
// Verify share type and sharing conditions are met
653668
if ($shareType === self::SHARE_TYPE_USER) {
654669
if ($shareWith == $uidOwner) {

0 commit comments

Comments
 (0)