Skip to content

Commit

Permalink
Correctly validate lock state
Browse files Browse the repository at this point in the history 
Signed-off-by: Louis Chemineau <louis@chmn.me>
  • Loading branch information
@artonge
artonge committed Jan 16, 2024
1 parent 8ff567b commit 33d0c1d
Show file tree
Hide file tree
Showing 4 changed files with 13 additions and 9 deletions.
2 changes: 1 addition & 1 deletion lib/Connector/Sabre/LockPlugin.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -162,7 +162,7 @@ protected function verifyTokenOnWriteAccess(INode $node, ?string $token): void {
throw new Forbidden('Write access to end-to-end encrypted folder requires token - no token sent');
}

if ($this->lockManager->isLocked($node->getId(), $token)) {
if ($this->lockManager->isLocked($node->getId(), $token, null, true)) {
throw new FileLocked('Write access to end-to-end encrypted folder requires token - resource not locked or wrong token sent', Http::STATUS_FORBIDDEN);
}
}
Expand Down
8 changes: 4 additions & 4 deletions lib/Controller/MetaDataController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -120,7 +120,7 @@ public function setMetaData(int $id, string $metaData): DataResponse {
throw new OCSPreconditionFailedException($this->l10n->t('X-NC-E2EE-SIGNATURE is empty'));
}

if ($this->lockManager->isLocked($id, $e2eToken)) {
if ($this->lockManager->isLocked($id, $e2eToken, null, true)) {
throw new OCSForbiddenException($this->l10n->t('You are not allowed to edit the file, make sure to first lock it, and then send the right token'));
}

Expand Down Expand Up @@ -159,7 +159,7 @@ public function updateMetaData(int $id, string $metaData): DataResponse {
throw new OCSPreconditionFailedException($this->l10n->t('X-NC-E2EE-SIGNATURE is empty'));
}

if ($this->lockManager->isLocked($id, $e2eToken)) {
if ($this->lockManager->isLocked($id, $e2eToken, null, true)) {
throw new OCSForbiddenException($this->l10n->t('You are not allowed to edit the file, make sure to first lock it, and then send the right token'));
}

Expand Down Expand Up @@ -196,7 +196,7 @@ public function deleteMetaData(int $id): DataResponse {
throw new OCSPreconditionFailedException($this->l10n->t('e2e-token is empty'));
}

if ($this->lockManager->isLocked($id, $e2eToken)) {
if ($this->lockManager->isLocked($id, $e2eToken, null, true)) {
throw new OCSForbiddenException($this->l10n->t('You are not allowed to edit the file, make sure to first lock it, and then send the right token'));
}

Expand Down Expand Up @@ -232,7 +232,7 @@ public function addMetadataFileDrop(int $id, string $filedrop, ?string $shareTok
throw new OCSPreconditionFailedException($this->l10n->t('e2e-token is empty'));
}

if ($this->lockManager->isLocked($id, $e2eToken, $ownerId)) {
if ($this->lockManager->isLocked($id, $e2eToken, $ownerId, true)) {
throw new OCSForbiddenException($this->l10n->t('You are not allowed to edit the file, make sure to first lock it, and then send the right token'));
}

Expand Down
4 changes: 2 additions & 2 deletions lib/Controller/V1/MetaDataController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -136,7 +136,7 @@ public function updateMetaData(int $id, string $metaData): DataResponse {
}
// End

if ($this->lockManager->isLocked($id, $e2eToken)) {
if ($this->lockManager->isLocked($id, $e2eToken, null, true)) {
throw new OCSForbiddenException($this->l10n->t('You are not allowed to edit the file, make sure to first lock it, and then send the right token'));
}

Expand Down Expand Up @@ -195,7 +195,7 @@ public function addMetadataFileDrop(int $id, string $fileDrop, ?string $shareTok
$e2eToken = $this->request->getParam('e2e-token');
$ownerId = $this->getOwnerId($shareToken);

if ($this->lockManager->isLocked($id, $e2eToken, $ownerId)) {
if ($this->lockManager->isLocked($id, $e2eToken, $ownerId, true)) {
throw new OCSForbiddenException($this->l10n->t('You are not allowed to edit the file, make sure to first lock it, and then send the right token'));
}

Expand Down
8 changes: 6 additions & 2 deletions lib/LockManager.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -125,7 +125,7 @@ public function unlockFile(int $id, string $token): void {
* @throws NotFoundException
* @throws \OCP\Files\NotPermittedException
*/
public function isLocked(int $id, string $token, ?string $ownerId = null): bool {
public function isLocked(int $id, string $token, ?string $ownerId = null, bool $requireLock = false): bool {
if ($ownerId === null) {
$user = $this->userSession->getUser();
if ($user === null) {
Expand All @@ -134,6 +134,8 @@ public function isLocked(int $id, string $token, ?string $ownerId = null): bool
$ownerId = $user->getUid();
}

$lockedByGivenToken = false;

$userRoot = $this->rootFolder->getUserFolder($ownerId);
$nodes = $userRoot->getById($id);
foreach ($nodes as $node) {
Expand All @@ -149,14 +151,16 @@ public function isLocked(int $id, string $token, ?string $ownerId = null): bool
// If it's locked with a different token, return true
if ($lock->getToken() !== $token) {
return true;
} else {
$lockedByGivenToken = true;
}

// If it's locked with the expected token, check the parent node
$node = $node->getParent();
}
}

return false;
return $requireLock && !$lockedByGivenToken;
}


Expand Down

0 comments on commit 33d0c1d

Please sign in to comment.