mirror of
https://github.com/nextcloud/server.git
synced 2026-07-16 13:23:11 -04:00
Merge pull request #35360 from nextcloud/bugfix/noid/direct-editing-revert-scope
This commit is contained in:
commit
d078380aa3
3 changed files with 25 additions and 1 deletions
|
|
@ -54,6 +54,7 @@ class DirectEditingViewController extends Controller {
|
|||
/**
|
||||
* @PublicPage
|
||||
* @NoCSRFRequired
|
||||
* @UseSession
|
||||
*
|
||||
* @param string $token
|
||||
* @return Response
|
||||
|
|
|
|||
|
|
@ -59,6 +59,8 @@ class Manager implements IManager {
|
|||
private $editors = [];
|
||||
/** @var IDBConnection */
|
||||
private $connection;
|
||||
/** @var IUserSession */
|
||||
private $userSession;
|
||||
/** @var ISecureRandom */
|
||||
private $random;
|
||||
/** @var string|null */
|
||||
|
|
@ -80,6 +82,7 @@ class Manager implements IManager {
|
|||
) {
|
||||
$this->random = $random;
|
||||
$this->connection = $connection;
|
||||
$this->userSession = $userSession;
|
||||
$this->userId = $userSession->getUser() ? $userSession->getUser()->getUID() : null;
|
||||
$this->rootFolder = $rootFolder;
|
||||
$this->l10n = $l10nFactory->get('lib');
|
||||
|
|
@ -185,7 +188,13 @@ class Manager implements IManager {
|
|||
$this->invalidateToken($token);
|
||||
return new NotFoundResponse();
|
||||
}
|
||||
return $editor->open($tokenObject);
|
||||
|
||||
try {
|
||||
$this->invokeTokenScope($tokenObject->getUser());
|
||||
return $editor->open($tokenObject);
|
||||
} finally {
|
||||
$this->revertTokenScope();
|
||||
}
|
||||
}
|
||||
|
||||
public function editSecure(File $file, string $editorId): TemplateResponse {
|
||||
|
|
@ -250,6 +259,11 @@ class Manager implements IManager {
|
|||
\OC_User::setUserId($userId);
|
||||
}
|
||||
|
||||
public function revertTokenScope(): void {
|
||||
$this->userSession->setUser(null);
|
||||
\OC_User::setIncognitoMode(false);
|
||||
}
|
||||
|
||||
public function createToken($editorId, File $file, string $filePath, IShare $share = null): string {
|
||||
$token = $this->random->generate(64, ISecureRandom::CHAR_HUMAN_READABLE);
|
||||
$query = $this->connection->getQueryBuilder();
|
||||
|
|
|
|||
|
|
@ -15,6 +15,7 @@ use OCP\Files\Folder;
|
|||
use OCP\Files\IRootFolder;
|
||||
use OCP\IDBConnection;
|
||||
use OCP\IL10N;
|
||||
use OCP\IUser;
|
||||
use OCP\IUserSession;
|
||||
use OCP\L10N\IFactory;
|
||||
use OCP\Security\ISecureRandom;
|
||||
|
|
@ -137,6 +138,14 @@ class ManagerTest extends TestCase {
|
|||
->method('getUserFolder')
|
||||
->willReturn($this->userFolder);
|
||||
|
||||
$user = $this->createMock(IUser::class);
|
||||
$user->expects(self::any())
|
||||
->method('getUID')
|
||||
->willReturn('admin');
|
||||
$this->userSession->expects(self::any())
|
||||
->method('getUser')
|
||||
->willReturn($user);
|
||||
|
||||
$this->manager = new Manager(
|
||||
$this->random, $this->connection, $this->userSession, $this->rootFolder, $l10nFactory, $this->encryptionManager
|
||||
);
|
||||
|
|
|
|||
Loading…
Reference in a new issue