upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-05-28 04:32:30 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 25

fix(share): Ensure unique share tokens

Browse source 
- check for token collisions and retry up to three times.
- throw after 3 attempts without finding a unique token.

Signed-off-by: ernolf <raphael.gradenwitz@googlemail.com>
This commit is contained in:
ernolf 2024-08-20 12:33:28 +02:00 committed by Joas Schilling
parent cfb8f1289e
commit 0551919bce
No known key found for this signature in database
GPG key ID: F72FA5B49FFA96B0
1 changed files with 17 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
lib/private/Share20/Manager.php
View file

@ -665,13 +665,25 @@ class Manager implements IManager {
$this->linkCreateChecks($share);
$this->setLinkParent($share);
// For now ignore a set token.
$share->setToken(
$this->secureRandom->generate(
for ($i = 0; $i <= 3; $i++) {
$token = $this->secureRandom->generate(
\OC\Share\Constants::TOKEN_LENGTH,
\OCP\Security\ISecureRandom::CHAR_HUMAN_READABLE
)
);
);
try {
$this->getShareByToken($token);
} catch (\OCP\Share\Exceptions\ShareNotFound $e) {
// Set the unique token
$share->setToken($token);
break;
}
// Abort after 3 failed attempts
if ($i >= 3) {
throw new \Exception('Unable to generate a unique share token after 3 attempts.');
}
}
// Verify the expiration date
$share = $this->validateExpirationDateLink($share);