Merge pull request #35360 from nextcloud/bugfix/noid/direct-editing-revert-scope

This commit is contained in:
Julius Härtl 2023-02-17 11:08:44 +01:00 committed by GitHub
commit d078380aa3
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 25 additions and 1 deletions

View file

@ -54,6 +54,7 @@ class DirectEditingViewController extends Controller {
/**
* @PublicPage
* @NoCSRFRequired
* @UseSession
*
* @param string $token
* @return Response

View file

@ -59,6 +59,8 @@ class Manager implements IManager {
private $editors = [];
/** @var IDBConnection */
private $connection;
/** @var IUserSession */
private $userSession;
/** @var ISecureRandom */
private $random;
/** @var string|null */
@ -80,6 +82,7 @@ class Manager implements IManager {
) {
$this->random = $random;
$this->connection = $connection;
$this->userSession = $userSession;
$this->userId = $userSession->getUser() ? $userSession->getUser()->getUID() : null;
$this->rootFolder = $rootFolder;
$this->l10n = $l10nFactory->get('lib');
@ -185,7 +188,13 @@ class Manager implements IManager {
$this->invalidateToken($token);
return new NotFoundResponse();
}
return $editor->open($tokenObject);
try {
$this->invokeTokenScope($tokenObject->getUser());
return $editor->open($tokenObject);
} finally {
$this->revertTokenScope();
}
}
public function editSecure(File $file, string $editorId): TemplateResponse {
@ -250,6 +259,11 @@ class Manager implements IManager {
\OC_User::setUserId($userId);
}
public function revertTokenScope(): void {
$this->userSession->setUser(null);
\OC_User::setIncognitoMode(false);
}
public function createToken($editorId, File $file, string $filePath, IShare $share = null): string {
$token = $this->random->generate(64, ISecureRandom::CHAR_HUMAN_READABLE);
$query = $this->connection->getQueryBuilder();

View file

@ -15,6 +15,7 @@ use OCP\Files\Folder;
use OCP\Files\IRootFolder;
use OCP\IDBConnection;
use OCP\IL10N;
use OCP\IUser;
use OCP\IUserSession;
use OCP\L10N\IFactory;
use OCP\Security\ISecureRandom;
@ -137,6 +138,14 @@ class ManagerTest extends TestCase {
->method('getUserFolder')
->willReturn($this->userFolder);
$user = $this->createMock(IUser::class);
$user->expects(self::any())
->method('getUID')
->willReturn('admin');
$this->userSession->expects(self::any())
->method('getUser')
->willReturn($user);
$this->manager = new Manager(
$this->random, $this->connection, $this->userSession, $this->rootFolder, $l10nFactory, $this->encryptionManager
);