/**
* Check if sharing is enabled before the controllers is executed
*
* Inspects the controller method annotations and if PublicPage is found
* it makes sure that sharing is enabled in the configuration settings
*
* The check is not performed on "guest" pages which don't require sharing
* to be enabled
*
* @inheritDoc
*/
public function beforeController($controller, $methodName)
{
$sharingEnabled = $this->isSharingEnabled();
$isPublicPage = $this->reflector->hasAnnotation('PublicPage');
$isGuest = $this->reflector->hasAnnotation('Guest');
if ($isPublicPage && !$isGuest && !$sharingEnabled) {
$this->logAndThrow("'Sharing is disabled'", Http::STATUS_SERVICE_UNAVAILABLE);
}
}
/**
* Checks if sharing is enabled before the controllers is executed
*
* Inspects the controller method annotations and if PublicPage is found
* it makes sure that sharing is enabled in the configuration settings
*
* The check is not performed on "guest" pages which don't require sharing
* to be enabled
*
* @inheritDoc
*/
public function beforeController($controller, $methodName)
{
if ($this->reflector->hasAnnotation('Guest')) {
return;
}
$sharingEnabled = $this->isSharingEnabled();
$isPublicPage = $this->reflector->hasAnnotation('PublicPage');
if ($isPublicPage && !$sharingEnabled) {
throw new CheckException("'Sharing is disabled'", Http::STATUS_SERVICE_UNAVAILABLE);
}
}
/**
* Checks that we have a valid token linked to a valid resource and that the
* user is authorised to access it
*
* Inspects the controller method annotations and if PublicPage is found
* it checks that we have a token and an optional password giving access to a valid resource.
* Once that's done, the environment is setup so that our services can find the resources they
* need.
*
* The checks are not performed on "guest" pages and the environment is not setup. Typical
* guest pages are anonymous error ages
*
* @inheritDoc
*/
public function beforeController($controller, $methodName)
{
if ($this->reflector->hasAnnotation('Guest')) {
return;
}
$isPublicPage = $this->reflector->hasAnnotation('PublicPage');
if ($isPublicPage) {
$this->validateAndSetTokenBasedEnv();
} else {
$this->environment->setStandardEnv();
}
}
/**
* Checks for externalshares controller
* @return bool
*/
private function externalSharesChecks()
{
if (!$this->reflector->hasAnnotation('NoIncomingFederatedSharingRequired') && $this->config->getAppValue('files_sharing', 'incoming_server2server_share_enabled', 'yes') !== 'yes') {
return false;
}
if (!$this->reflector->hasAnnotation('NoOutgoingFederatedSharingRequired') && $this->config->getAppValue('files_sharing', 'outgoing_server2server_share_enabled', 'yes') !== 'yes') {
return false;
}
return true;
}
/**
* @dataProvider externalSharesChecksDataProvider
*/
public function testBeforeControllerWithExternalShareControllerWithSharingEnabled($annotations, $config, $noException)
{
$this->appManager->expects($this->once())->method('isEnabledForUser')->with('files_sharing')->will($this->returnValue(true));
$this->reflector->expects($this->atLeastOnce())->method('hasAnnotation')->will($this->returnValueMap($annotations));
$this->config->method('getAppValue')->will($this->returnValueMap($config));
$controller = $this->getMockBuilder('\\OCA\\Files_Sharing\\Controllers\\ExternalSharesController')->disableOriginalConstructor()->getMock();
$exceptionThrown = false;
try {
$this->sharingCheckMiddleware->beforeController($controller, 'myMethod');
} catch (\OCA\Files_Sharing\Exceptions\S2SException $exception) {
$exceptionThrown = true;
}
$this->assertNotEquals($noException, $exceptionThrown);
}
/**
* @param Controller $controller
* @param string $methodName
*/
public function beforeController($controller, $methodName)
{
if ($this->reflector->hasAnnotation('PublicPage')) {
// Don't block public pages
return;
}
if ($controller instanceof \OC\Core\Controller\LoginController && $methodName === 'logout') {
// Don't block the logout page, to allow canceling the 2FA
return;
}
if ($this->userSession->isLoggedIn()) {
$user = $this->userSession->getUser();
if ($this->twoFactorManager->isTwoFactorAuthenticated($user)) {
$this->checkTwoFactor($controller, $methodName);
} else {
if ($controller instanceof TwoFactorChallengeController) {
// Allow access to the two-factor controllers only if two-factor authentication
// is in progress.
throw new UserAlreadyLoggedInException();
}
}
}
// TODO: dont check/enforce 2FA if a auth token is used
}
/**
* @@Guest
*/
public function testBeforeControllerWithGuestNotation()
{
$this->reflector->reflect(__CLASS__, __FUNCTION__);
$this->middleware->beforeController(__CLASS__, __FUNCTION__);
}
/**
* @PublicPage
*
* Sharing needs to be enabled on public pages
*
* @expectedException \OCA\Gallery\Middleware\CheckException
*/
public function testBeforeControllerWithSharingDisabled()
{
$this->mockSharingConfigTo('no');
$this->reflector->reflect(__CLASS__, __FUNCTION__);
$this->middleware->beforeController(__CLASS__, __FUNCTION__);
}
