Skip to content

Commit

Permalink
Check if required headers are set
Browse files Browse the repository at this point in the history 
Signed-off-by: Louis Chemineau <[email protected]>
  • Loading branch information
@artonge
artonge committed Jul 5, 2023
1 parent 91417b7 commit 1fba40e
Show file tree
Hide file tree
Showing 2 changed files with 36 additions and 0 deletions.
12 changes: 12 additions & 0 deletions lib/Controller/LockingController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,6 +96,14 @@ public function lockFolder(int $id, ?string $shareToken = null): DataResponse {
$e2eToken = $this->request->getParam('e2e-token', '');
$e2eCounter = (int)$this->request->getHeader('X-NC-E2EE-COUNTER');

if ($e2eToken === '') {
throw new OCSBadRequestException($this->l10n->t('e2e-token is empty'));
}

if ($e2eCounter === '') {
throw new OCSBadRequestException($this->l10n->t('X-NC-E2EE-COUNTER'));
}

$ownerId = $this->getOwnerId($shareToken);

try {
Expand Down Expand Up @@ -140,6 +148,10 @@ public function unlockFolder(int $id, ?string $shareToken = null): DataResponse
$abort = $this->request->getParam('abort') === 'true';
$token = $this->request->getHeader('e2e-token');

if ($token === '') {
throw new OCSBadRequestException($this->l10n->t('e2e-token is empty'));
}

$ownerId = $this->getOwnerId($shareToken);

try {
Expand Down
24 changes: 24 additions & 0 deletions lib/Controller/MetaDataController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -111,6 +111,14 @@ public function setMetaData(int $id, string $metaData): DataResponse {
$e2eToken = $this->request->getHeader('e2e-token');
$signature = $this->request->getHeader('X-NC-E2EE-SIGNATURE');

if ($e2eToken === '') {
throw new OCSBadRequestException($this->l10n->t('e2e-token is empty'));
}

if ($signature === '') {
throw new OCSBadRequestException($this->l10n->t('X-NC-E2EE-SIGNATURE is empty'));
}

if ($this->lockManager->isLocked($id, $e2eToken)) {
throw new OCSForbiddenException($this->l10n->t('You are not allowed to edit the file, make sure to first lock it, and then send the right token'));
}
Expand Down Expand Up @@ -142,6 +150,14 @@ public function updateMetaData(int $id, string $metaData): DataResponse {
$e2eToken = $this->request->getHeader('e2e-token');
$signature = $this->request->getHeader('X-NC-E2EE-SIGNATURE');

if ($e2eToken === '') {
throw new OCSBadRequestException($this->l10n->t('e2e-token is empty'));
}

if ($signature === '') {
throw new OCSBadRequestException($this->l10n->t('X-NC-E2EE-SIGNATURE is empty'));
}

if ($this->lockManager->isLocked($id, $e2eToken)) {
throw new OCSForbiddenException($this->l10n->t('You are not allowed to edit the file, make sure to first lock it, and then send the right token'));
}
Expand Down Expand Up @@ -175,6 +191,10 @@ public function updateMetaData(int $id, string $metaData): DataResponse {
public function deleteMetaData(int $id): DataResponse {
$e2eToken = $this->request->getHeader('e2e-token');

if ($e2eToken === '') {
throw new OCSBadRequestException($this->l10n->t('e2e-token is empty'));
}

if ($this->lockManager->isLocked($id, $e2eToken)) {
throw new OCSForbiddenException($this->l10n->t('You are not allowed to edit the file, make sure to first lock it, and then send the right token'));
}
Expand Down Expand Up @@ -207,6 +227,10 @@ public function addMetadataFileDrop(int $id, string $fileDrop, ?string $shareTok
$e2eToken = $this->request->getHeader('e2e-token');
$ownerId = $this->getOwnerId($shareToken);

if ($e2eToken === '') {
throw new OCSBadRequestException($this->l10n->t('e2e-token is empty'));
}

if ($this->lockManager->isLocked($id, $e2eToken, $ownerId)) {
throw new OCSForbiddenException($this->l10n->t('You are not allowed to edit the file, make sure to first lock it, and then send the right token'));
}
Expand Down

0 comments on commit 1fba40e

Please sign in to comment.