Makes sure password hasn't expired when verifying a share's password.

This also deletes the ResetExpiredPasswordsJob.php as it is not needed anymore. This commit is part of #31005 Signed-off-by: Cyrille Bollu <cyrpub@bollu.be>
nextcloud · Mar 6, 2022 · 9ef1c59 · 9ef1c59
1 parent 71ae5a0
commit 9ef1c59
Show file tree

Hide file tree

Showing 6 changed files with 41 additions and 109 deletions.
diff --git a/apps/files_sharing/appinfo/info.xml b/apps/files_sharing/appinfo/info.xml
@@ -30,7 +30,6 @@ Turning the feature off removes shared files and folders on the server for all s
 		<job>OCA\Files_Sharing\DeleteOrphanedSharesJob</job>
 		<job>OCA\Files_Sharing\ExpireSharesJob</job>
 		<job>OCA\Files_Sharing\BackgroundJob\FederatedSharesDiscoverJob</job>
-		<job>OCA\Files_Sharing\BackgroundJob\ResetExpiredPasswordsJob</job>
 	</background-jobs>
 
 	<repair-steps>

diff --git a/apps/files_sharing/lib/BackgroundJob/ResetExpiredPasswordsJob.php b/apps/files_sharing/lib/BackgroundJob/ResetExpiredPasswordsJob.php
diff --git a/apps/sharebymail/lib/ShareByMailProvider.php b/apps/sharebymail/lib/ShareByMailProvider.php
@@ -1033,6 +1033,7 @@ protected function createShareObject($data) {
 		$share->setShareTime($shareTime);
 		$share->setSharedWith($data['share_with']);
 		$share->setPassword($data['password']);
+		$share->setPasswordExpirationTime($data['password_expiration_time']);
 		$share->setLabel($data['label']);
 		$share->setSendPasswordByTalk((bool)$data['password_by_talk']);
 		$share->setHideDownload((bool)$data['hide_download']);

diff --git a/lib/private/Share20/Manager.php b/lib/private/Share20/Manager.php
@@ -1556,6 +1556,16 @@ public function checkPassword(IShare $share, $password) {
 			return false;
 		}
 
+		// Makes sure password hasn't expired
+		$expirationTime = $share->getPasswordExpirationTime();
+		if ($expirationTime !== null) {
+			$expirationDateTime = new \DateTime($expirationTime);
+			$now = new \DateTime();
+			if ($expirationDateTime < $now) {
+				return false;
+			}	
+		}
+
 		$newHash = '';
 		if (!$this->hasher->verify($password, $share->getPassword(), $newHash)) {
 			return false;

diff --git a/lib/private/Share20/Share.php b/lib/private/Share20/Share.php
@@ -73,6 +73,8 @@ class Share implements IShare {
 	private $expireDate;
 	/** @var string */
 	private $password;
+	/** @var string */
+	private $passwordExpirationTime;
 	/** @var bool */
 	private $sendPasswordByTalk = false;
 	/** @var string */
@@ -461,6 +463,21 @@ public function getPassword() {
 		return $this->password;
 	}
 
+	/**
+	 * @inheritdoc
+	 */
+	public function setPasswordExpirationTime($passwordExpirationTime) {
+		$this->passwordExpirationTime = $passwordExpirationTime;
+		return $this;
+	}
+
+	/**
+	 * @inheritdoc
+	 */
+	public function getPasswordExpirationTime() {
+		return $this->passwordExpirationTime;
+	}
+
 	/**
 	 * @inheritdoc
 	 */

diff --git a/lib/public/Share/IShare.php b/lib/public/Share/IShare.php
@@ -448,6 +448,19 @@ public function setPassword($password);
 	 */
 	public function getPassword();
 
+	/**
+	 * Set the password's expiration time of this share.
+	 *
+	 * @return \OCP\Share\IShare The modified object
+	 */
+	public function setPasswordExpirationTime($passwordExpirationTime);
+
+	/**
+	 * Get the password's expiration time of this share.
+	 *
+	 * @return string
+	 */
+	public function getPasswordExpirationTime();
 
 	/**
 	 * Set if the recipient can start a conversation with the owner to get the