1
0
mirror of https://github.com/bpatrik/pigallery2.git synced 2024-12-23 01:27:14 +02:00

Fix sharing password. fixes #744

This commit is contained in:
Patrik J. Braun 2023-12-01 19:33:39 +01:00
parent 16bf756582
commit ba9b5292e1
14 changed files with 336 additions and 245 deletions

View File

@ -1,5 +1,5 @@
import {NextFunction, Request, Response} from 'express';
import {CreateSharingDTO, SharingDTO} from '../../common/entities/SharingDTO';
import {CreateSharingDTO, SharingDTO, SharingDTOKey} from '../../common/entities/SharingDTO';
import {ObjectManagers} from '../model/ObjectManagers';
import {ErrorCodes, ErrorDTO} from '../../common/entities/Error';
import {Config} from '../../common/config/private/Config';
@ -9,9 +9,9 @@ import {UserRoles} from '../../common/entities/UserDTO';
export class SharingMWs {
public static async getSharing(
req: Request,
res: Response,
next: NextFunction
req: Request,
res: Response,
next: NextFunction
): Promise<void> {
if (Config.Sharing.enabled === false) {
return next();
@ -20,36 +20,69 @@ export class SharingMWs {
try {
req.resultPipe =
await ObjectManagers.getInstance().SharingManager.findOne(sharingKey);
await ObjectManagers.getInstance().SharingManager.findOne(sharingKey);
return next();
} catch (err) {
return next(
new ErrorDTO(
ErrorCodes.GENERAL_ERROR,
'Error during retrieving sharing link',
err
)
new ErrorDTO(
ErrorCodes.GENERAL_ERROR,
'Error during retrieving sharing link',
err
)
);
}
}
public static async getSharingKey(
req: Request,
res: Response,
next: NextFunction
): Promise<void> {
if (Config.Sharing.enabled === false) {
return next();
}
const sharingKey = req.params[QueryParams.gallery.sharingKey_params];
try {
req.resultPipe =
{sharingKey: (await ObjectManagers.getInstance().SharingManager.findOne(sharingKey)).sharingKey} as SharingDTOKey;
return next();
} catch (err) {
return next(
new ErrorDTO(
ErrorCodes.GENERAL_ERROR,
'Error during retrieving sharing key',
err
)
);
}
}
public static async createSharing(
req: Request,
res: Response,
next: NextFunction
req: Request,
res: Response,
next: NextFunction
): Promise<void> {
if (Config.Sharing.enabled === false) {
return next();
}
if (
typeof req.body === 'undefined' ||
typeof req.body.createSharing === 'undefined'
typeof req.body === 'undefined' ||
typeof req.body.createSharing === 'undefined'
) {
return next(
new ErrorDTO(ErrorCodes.INPUT_ERROR, 'createSharing filed is missing')
new ErrorDTO(ErrorCodes.INPUT_ERROR, 'createSharing filed is missing')
);
}
const createSharing: CreateSharingDTO = req.body.createSharing;
if (Config.Sharing.passwordRequired && !createSharing.password) {
return next(
new ErrorDTO(ErrorCodes.INPUT_ERROR, 'Password is required.')
);
}
let sharingKey = SharingMWs.generateKey();
// create one not yet used
@ -71,45 +104,45 @@ export class SharingMWs {
password: createSharing.password,
creator: req.session['user'],
expires:
createSharing.valid >= 0 // if === -1 its forever
? Date.now() + createSharing.valid
: new Date(9999, 0, 1).getTime(), // never expire
createSharing.valid >= 0 // if === -1 its forever
? Date.now() + createSharing.valid
: new Date(9999, 0, 1).getTime(), // never expire
includeSubfolders: createSharing.includeSubfolders,
timeStamp: Date.now(),
};
try {
req.resultPipe =
await ObjectManagers.getInstance().SharingManager.createSharing(
sharing
);
await ObjectManagers.getInstance().SharingManager.createSharing(
sharing
);
return next();
} catch (err) {
console.warn(err);
return next(
new ErrorDTO(
ErrorCodes.GENERAL_ERROR,
'Error during creating sharing link',
err
)
new ErrorDTO(
ErrorCodes.GENERAL_ERROR,
'Error during creating sharing link',
err
)
);
}
}
public static async updateSharing(
req: Request,
res: Response,
next: NextFunction
req: Request,
res: Response,
next: NextFunction
): Promise<void> {
if (Config.Sharing.enabled === false) {
return next();
}
if (
typeof req.body === 'undefined' ||
typeof req.body.updateSharing === 'undefined'
typeof req.body === 'undefined' ||
typeof req.body.updateSharing === 'undefined'
) {
return next(
new ErrorDTO(ErrorCodes.INPUT_ERROR, 'updateSharing filed is missing')
new ErrorDTO(ErrorCodes.INPUT_ERROR, 'updateSharing filed is missing')
);
}
const updateSharing: CreateSharingDTO = req.body.updateSharing;
@ -119,14 +152,14 @@ export class SharingMWs {
path: directoryName,
sharingKey: '',
password:
updateSharing.password && updateSharing.password !== ''
? updateSharing.password
: null,
updateSharing.password && updateSharing.password !== ''
? updateSharing.password
: null,
creator: req.session['user'],
expires:
updateSharing.valid >= 0 // if === -1 its forever
? Date.now() + updateSharing.valid
: new Date(9999, 0, 1).getTime(), // never expire
updateSharing.valid >= 0 // if === -1 its forever
? Date.now() + updateSharing.valid
: new Date(9999, 0, 1).getTime(), // never expire
includeSubfolders: updateSharing.includeSubfolders,
timeStamp: Date.now(),
};
@ -134,36 +167,37 @@ export class SharingMWs {
try {
const forceUpdate = req.session['user'].role >= UserRoles.Admin;
req.resultPipe =
await ObjectManagers.getInstance().SharingManager.updateSharing(
sharing,
forceUpdate
);
await ObjectManagers.getInstance().SharingManager.updateSharing(
sharing,
forceUpdate
);
console.log(req.resultPipe);
return next();
} catch (err) {
return next(
new ErrorDTO(
ErrorCodes.GENERAL_ERROR,
'Error during updating sharing link',
err
)
new ErrorDTO(
ErrorCodes.GENERAL_ERROR,
'Error during updating sharing link',
err
)
);
}
}
public static async deleteSharing(
req: Request,
res: Response,
next: NextFunction
req: Request,
res: Response,
next: NextFunction
): Promise<void> {
if (Config.Sharing.enabled === false) {
return next();
}
if (
typeof req.params === 'undefined' ||
typeof req.params['sharingKey'] === 'undefined'
typeof req.params === 'undefined' ||
typeof req.params['sharingKey'] === 'undefined'
) {
return next(
new ErrorDTO(ErrorCodes.INPUT_ERROR, 'sharingKey is missing')
new ErrorDTO(ErrorCodes.INPUT_ERROR, 'sharingKey is missing')
);
}
const sharingKey: string = req.params['sharingKey'];
@ -177,49 +211,49 @@ export class SharingMWs {
}
}
req.resultPipe =
await ObjectManagers.getInstance().SharingManager.deleteSharing(
sharingKey
);
await ObjectManagers.getInstance().SharingManager.deleteSharing(
sharingKey
);
req.resultPipe = 'ok';
return next();
} catch (err) {
return next(
new ErrorDTO(
ErrorCodes.GENERAL_ERROR,
'Error during deleting sharing',
err
)
new ErrorDTO(
ErrorCodes.GENERAL_ERROR,
'Error during deleting sharing',
err
)
);
}
}
public static async listSharing(
req: Request,
res: Response,
next: NextFunction
req: Request,
res: Response,
next: NextFunction
): Promise<void> {
if (Config.Sharing.enabled === false) {
return next();
}
try {
req.resultPipe =
await ObjectManagers.getInstance().SharingManager.listAll();
await ObjectManagers.getInstance().SharingManager.listAll();
return next();
} catch (err) {
return next(
new ErrorDTO(
ErrorCodes.GENERAL_ERROR,
'Error during listing shares',
err
)
new ErrorDTO(
ErrorCodes.GENERAL_ERROR,
'Error during listing shares',
err
)
);
}
}
public static async listSharingForDir(
req: Request,
res: Response,
next: NextFunction
req: Request,
res: Response,
next: NextFunction
): Promise<void> {
if (Config.Sharing.enabled === false) {
return next();
@ -229,19 +263,19 @@ export class SharingMWs {
try {
if (req.session['user'].role >= UserRoles.Admin) {
req.resultPipe =
await ObjectManagers.getInstance().SharingManager.listAllForDir(dir);
await ObjectManagers.getInstance().SharingManager.listAllForDir(dir);
} else {
req.resultPipe =
await ObjectManagers.getInstance().SharingManager.listAllForDir(dir, req.session['user']);
await ObjectManagers.getInstance().SharingManager.listAllForDir(dir, req.session['user']);
}
return next();
} catch (err) {
return next(
new ErrorDTO(
ErrorCodes.GENERAL_ERROR,
'Error during listing shares',
err
)
new ErrorDTO(
ErrorCodes.GENERAL_ERROR,
'Error during listing shares',
err
)
);
}
}
@ -249,8 +283,8 @@ export class SharingMWs {
private static generateKey(): string {
function s4(): string {
return Math.floor((1 + Math.random()) * 0x10000)
.toString(16)
.substring(1);
.toString(16)
.substring(1);
}
return s4() + s4();

View File

@ -156,8 +156,8 @@ export class AuthenticationMWs {
if (
!sharing ||
sharing.expires < Date.now() ||
(Config.Sharing.passwordProtected === true &&
sharing.password &&
((Config.Sharing.passwordRequired === true ||
sharing.password) &&
!PasswordHelper.comparePassword(password, sharing.password))
) {
Logger.warn(LOG_TAG, 'Failed login with sharing:' + sharing.sharingKey + ', bad password');
@ -265,8 +265,9 @@ export class AuthenticationMWs {
return null;
}
// no 'free login' if passwords are required, or it is set
if (
Config.Sharing.passwordProtected === true &&
Config.Sharing.passwordRequired === true ||
sharing.password
) {
return null;

View File

@ -11,6 +11,7 @@ export class SharingRouter {
public static route(app: express.Express): void {
this.addShareLogin(app);
this.addGetSharing(app);
this.addGetSharingKey(app);
this.addCreateSharing(app);
this.addUpdateSharing(app);
this.addListSharing(app);
@ -20,79 +21,94 @@ export class SharingRouter {
private static addShareLogin(app: express.Express): void {
app.post(
Config.Server.apiPath + '/share/login',
AuthenticationMWs.inverseAuthenticate,
AuthenticationMWs.shareLogin,
ServerTimingMWs.addServerTiming,
RenderingMWs.renderSessionUser
Config.Server.apiPath + '/share/login',
AuthenticationMWs.inverseAuthenticate,
AuthenticationMWs.shareLogin,
ServerTimingMWs.addServerTiming,
RenderingMWs.renderSessionUser
);
}
/**
* Used to check the key validity
* @param app
* @private
*/
private static addGetSharingKey(app: express.Express): void {
app.get(
Config.Server.apiPath + '/share/:' + QueryParams.gallery.sharingKey_params + '/key',
// its a public path
SharingMWs.getSharingKey,
ServerTimingMWs.addServerTiming,
RenderingMWs.renderSharing
);
}
private static addGetSharing(app: express.Express): void {
app.get(
Config.Server.apiPath + '/share/:' + QueryParams.gallery.sharingKey_params,
AuthenticationMWs.authenticate,
AuthenticationMWs.authorise(UserRoles.LimitedGuest),
SharingMWs.getSharing,
ServerTimingMWs.addServerTiming,
RenderingMWs.renderSharing
Config.Server.apiPath + '/share/:' + QueryParams.gallery.sharingKey_params,
AuthenticationMWs.authenticate,
AuthenticationMWs.authorise(UserRoles.LimitedGuest),
SharingMWs.getSharing,
ServerTimingMWs.addServerTiming,
RenderingMWs.renderSharing
);
}
private static addCreateSharing(app: express.Express): void {
app.post(
[Config.Server.apiPath + '/share/:directory(*)', Config.Server.apiPath + '/share/', Config.Server.apiPath + '/share//'],
AuthenticationMWs.authenticate,
AuthenticationMWs.authorise(UserRoles.User),
SharingMWs.createSharing,
ServerTimingMWs.addServerTiming,
RenderingMWs.renderSharing
[Config.Server.apiPath + '/share/:directory(*)', Config.Server.apiPath + '/share/', Config.Server.apiPath + '/share//'],
AuthenticationMWs.authenticate,
AuthenticationMWs.authorise(UserRoles.User),
SharingMWs.createSharing,
ServerTimingMWs.addServerTiming,
RenderingMWs.renderSharing
);
}
private static addUpdateSharing(app: express.Express): void {
app.put(
[Config.Server.apiPath + '/share/:directory(*)', Config.Server.apiPath + '/share/', Config.Server.apiPath + '/share//'],
AuthenticationMWs.authenticate,
AuthenticationMWs.authorise(UserRoles.User),
SharingMWs.updateSharing,
ServerTimingMWs.addServerTiming,
RenderingMWs.renderSharing
[Config.Server.apiPath + '/share/:directory(*)', Config.Server.apiPath + '/share/', Config.Server.apiPath + '/share//'],
AuthenticationMWs.authenticate,
AuthenticationMWs.authorise(UserRoles.User),
SharingMWs.updateSharing,
ServerTimingMWs.addServerTiming,
RenderingMWs.renderSharing
);
}
private static addDeleteSharing(app: express.Express): void {
app.delete(
[Config.Server.apiPath + '/share/:' + QueryParams.gallery.sharingKey_params],
AuthenticationMWs.authenticate,
AuthenticationMWs.authorise(UserRoles.User),
SharingMWs.deleteSharing,
ServerTimingMWs.addServerTiming,
RenderingMWs.renderResult
[Config.Server.apiPath + '/share/:' + QueryParams.gallery.sharingKey_params],
AuthenticationMWs.authenticate,
AuthenticationMWs.authorise(UserRoles.User),
SharingMWs.deleteSharing,
ServerTimingMWs.addServerTiming,
RenderingMWs.renderResult
);
}
private static addListSharing(app: express.Express): void {
app.get(
[Config.Server.apiPath + '/share/listAll'],
AuthenticationMWs.authenticate,
AuthenticationMWs.authorise(UserRoles.Admin),
SharingMWs.listSharing,
ServerTimingMWs.addServerTiming,
RenderingMWs.renderSharingList
[Config.Server.apiPath + '/share/listAll'],
AuthenticationMWs.authenticate,
AuthenticationMWs.authorise(UserRoles.Admin),
SharingMWs.listSharing,
ServerTimingMWs.addServerTiming,
RenderingMWs.renderSharingList
);
}
private static addListSharingForDir(app: express.Express): void {
app.get(
[Config.Server.apiPath + '/share/list/:directory(*)',
Config.Server.apiPath + '/share/list//',
Config.Server.apiPath + '/share/list'],
AuthenticationMWs.authenticate,
AuthenticationMWs.authorise(UserRoles.User),
SharingMWs.listSharingForDir,
ServerTimingMWs.addServerTiming,
RenderingMWs.renderSharingList
[Config.Server.apiPath + '/share/list/:directory(*)',
Config.Server.apiPath + '/share/list//',
Config.Server.apiPath + '/share/list'],
AuthenticationMWs.authenticate,
AuthenticationMWs.authorise(UserRoles.User),
SharingMWs.listSharingForDir,
ServerTimingMWs.addServerTiming,
RenderingMWs.renderSharingList
);
}
}

View File

@ -273,12 +273,12 @@ export class ClientSharingConfig {
@ConfigProperty({
tags:
{
name: $localize`Password protected`,
name: $localize`Require password`,
priority: ConfigPriority.advanced
},
description: $localize`Enables password protected sharing links.`,
description: $localize`Requires password protected sharing links.`,
})
passwordProtected: boolean = true;
passwordRequired: boolean = false;
}
@SubConfigClass({tags: {client: true}, softReadonly: true})

View File

@ -1,6 +1,10 @@
import {UserDTO} from './UserDTO';
export interface SharingDTO {
export interface SharingDTOKey {
sharingKey: string;
}
export interface SharingDTO extends SharingDTOKey {
id: number;
path: string;
sharingKey: string;

View File

@ -65,16 +65,16 @@
<li class="nav-item dropdown">
<div class="btn-group" dropdown #dropdown="bs-dropdown" placement="bottom"
[autoClose]="false" container="body">
<button id="button-alignment" dropdownToggle
<button id="button-frame-menu" dropdownToggle
type="button" class="btn btn-tertiary dropdown-toggle"
aria-controls="dropdown-alignment">
aria-controls="dropdown-frame-menu">
<ng-icon class="align-text-top" size="1.2em" name="ionMenuOutline"></ng-icon>
<span *ngIf="isAdmin() && notificationService.numberOfNotifications>0"
class="navbar-badge badge text-bg-warning">{{notificationService.numberOfNotifications}}</span>
</button>
<ul id="dropdown-alignment" *dropdownMenu
<ul id="dropdown-frame-menu" *dropdownMenu
class="dropdown-menu dropdown-menu-right"
role="menu" aria-labelledby="button-alignment">
role="menu" aria-labelledby="button-frame-menu">
<li role="menuitem" class="d-xl-none">
<div style="white-space: nowrap;" class="dropdown-item">

View File

@ -52,18 +52,18 @@ export class GalleryComponent implements OnInit, OnDestroy {
};
constructor(
public contentLoader: ContentLoaderService,
public galleryService: ContentService,
private authService: AuthenticationService,
private router: Router,
private shareService: ShareService,
private route: ActivatedRoute,
private navigation: NavigationService,
private filterService: FilterService,
private sortingService: GallerySortingService,
private piTitleService: PiTitleService,
private gpxFilesFilterPipe: GPXFilesFilterPipe,
private mdFilesFilterPipe: MDFilesFilterPipe,
public contentLoader: ContentLoaderService,
public galleryService: ContentService,
private authService: AuthenticationService,
private router: Router,
private shareService: ShareService,
private route: ActivatedRoute,
private navigation: NavigationService,
private filterService: FilterService,
private sortingService: GallerySortingService,
private piTitleService: PiTitleService,
private gpxFilesFilterPipe: GPXFilesFilterPipe,
private mdFilesFilterPipe: MDFilesFilterPipe,
) {
this.mapEnabled = Config.Map.enabled;
PageHelper.showScrollY();
@ -79,17 +79,17 @@ export class GalleryComponent implements OnInit, OnDestroy {
}
// if the timer is longer than 10 years, just do not show it
if (
(this.shareService.sharingSubject.value.expires - Date.now()) /
1000 /
86400 /
365 >
10
(this.shareService.sharingSubject.value.expires - Date.now()) /
1000 /
86400 /
365 >
10
) {
return;
}
t = Math.floor(
(this.shareService.sharingSubject.value.expires - Date.now()) / 1000
(this.shareService.sharingSubject.value.expires - Date.now()) / 1000
);
this.countDown = {} as any;
this.countDown.day = Math.floor(t / 86400);
@ -118,31 +118,26 @@ export class GalleryComponent implements OnInit, OnDestroy {
async ngOnInit(): Promise<boolean> {
await this.shareService.wait();
if (
!this.authService.isAuthenticated() &&
(!this.shareService.isSharing() ||
(this.shareService.isSharing() &&
Config.Sharing.passwordProtected === true))
) {
if (!this.authService.isAuthenticated()) {
return this.navigation.toLogin();
}
this.showSearchBar = this.authService.canSearch();
this.showShare =
Config.Sharing.enabled &&
this.authService.isAuthorized(UserRoles.User);
Config.Sharing.enabled &&
this.authService.isAuthorized(UserRoles.User);
this.showRandomPhotoBuilder =
Config.RandomPhoto.enabled &&
this.authService.isAuthorized(UserRoles.User);
Config.RandomPhoto.enabled &&
this.authService.isAuthorized(UserRoles.User);
this.subscription.content = this.galleryService.sortedFilteredContent
.subscribe((dc: GroupedDirectoryContent) => {
this.onContentChange(dc);
});
.subscribe((dc: GroupedDirectoryContent) => {
this.onContentChange(dc);
});
this.subscription.route = this.route.params.subscribe(this.onRoute);
if (this.shareService.isSharing()) {
this.$counter = interval(1000);
this.subscription.timer = this.$counter.subscribe((x): void =>
this.updateTimer(x)
this.updateTimer(x)
);
}
}
@ -156,18 +151,18 @@ export class GalleryComponent implements OnInit, OnDestroy {
}
if (
params[QueryParams.gallery.sharingKey_params] &&
params[QueryParams.gallery.sharingKey_params] !== ''
params[QueryParams.gallery.sharingKey_params] &&
params[QueryParams.gallery.sharingKey_params] !== ''
) {
const sharing = await this.shareService.currentSharing
.pipe(take(1))
.toPromise();
.pipe(take(1))
.toPromise();
const qParams: { [key: string]: any } = {};
qParams[QueryParams.gallery.sharingKey_query] =
this.shareService.getSharingKey();
this.shareService.getSharingKey();
this.router
.navigate(['/gallery', sharing.path], {queryParams: qParams})
.catch(console.error);
.navigate(['/gallery', sharing.path], {queryParams: qParams})
.catch(console.error);
return;
}
@ -191,8 +186,8 @@ export class GalleryComponent implements OnInit, OnDestroy {
for (const mediaGroup of content.mediaGroups) {
if (
mediaGroup.media
.findIndex((m: PhotoDTO) => !!m.metadata?.positionData?.GPSData?.longitude) !== -1
mediaGroup.media
.findIndex((m: PhotoDTO) => !!m.metadata?.positionData?.GPSData?.longitude) !== -1
) {
this.isPhotoWithLocation = true;
break;

View File

@ -1,11 +1,11 @@
import {Injectable} from '@angular/core';
import {NetworkService} from '../../model/network/network.service';
import {CreateSharingDTO, SharingDTO,} from '../../../../common/entities/SharingDTO';
import {CreateSharingDTO, SharingDTO, SharingDTOKey,} from '../../../../common/entities/SharingDTO';
import {Router, RoutesRecognized} from '@angular/router';
import {BehaviorSubject} from 'rxjs';
import {distinctUntilChanged, filter} from 'rxjs/operators';
import {QueryParams} from '../../../../common/QueryParams';
import {UserDTO} from '../../../../common/entities/UserDTO';
import {UserDTO, UserRoles} from '../../../../common/entities/UserDTO';
import {Utils} from '../../../../common/Utils';
import {Config} from '../../../../common/config/public/Config';
@ -21,12 +21,15 @@ export class ShareService {
inited = false;
public ReadyPR: Promise<void>;
public sharingSubject: BehaviorSubject<SharingDTO> = new BehaviorSubject(
null
null
);
public sharingIsValid: BehaviorSubject<boolean> = new BehaviorSubject(
null
);
public currentSharing = this.sharingSubject
.asObservable()
.pipe(filter((s) => s !== null))
.pipe(distinctUntilChanged());
.asObservable()
.pipe(filter((s) => s !== null))
.pipe(distinctUntilChanged());
private resolve: () => void;
@ -41,18 +44,18 @@ export class ShareService {
this.router.events.subscribe(async (val) => {
if (val instanceof RoutesRecognized) {
this.param =
val.state.root.firstChild.params[
QueryParams.gallery.sharingKey_params
] || null;
val.state.root.firstChild.params[
QueryParams.gallery.sharingKey_params
] || null;
this.queryParam =
val.state.root.firstChild.queryParams[
QueryParams.gallery.sharingKey_query
] || null;
val.state.root.firstChild.queryParams[
QueryParams.gallery.sharingKey_query
] || null;
const changed = this.sharingKey !== (this.param || this.queryParam);
if (changed) {
this.sharingKey = this.param || this.queryParam || this.sharingKey;
await this.getSharing();
await this.checkSharing();
}
if (this.resolve) {
this.resolve();
@ -69,12 +72,17 @@ export class ShareService {
onNewUser = async (user: UserDTO) => {
if (user && !!user.usedSharingKey) {
// if this is a sharing user or a logged-in user, get sharing key
if (user?.usedSharingKey || user?.role > UserRoles.LimitedGuest) {
if (
user.usedSharingKey !== this.sharingKey ||
this.sharingSubject.value == null
(user?.usedSharingKey &&
user?.usedSharingKey !== this.sharingKey) ||
this.sharingSubject.value == null
) {
this.sharingKey = user.usedSharingKey;
this.sharingKey = user.usedSharingKey || this.getSharingKey();
if(!this.sharingKey){ //no key to fetch
return
}
await this.getSharing();
}
if (this.resolve) {
@ -93,24 +101,26 @@ export class ShareService {
}
public createSharing(
dir: string,
includeSubFolders: boolean,
valid: number
dir: string,
includeSubFolders: boolean,
password: string,
valid: number
): Promise<SharingDTO> {
return this.networkService.postJson('/share/' + dir, {
createSharing: {
includeSubfolders: includeSubFolders,
valid,
...(!!password && {password: password}) // only add password if present
} as CreateSharingDTO,
});
}
public updateSharing(
dir: string,
sharingId: number,
includeSubFolders: boolean,
password: string,
valid: number
dir: string,
sharingId: number,
includeSubFolders: boolean,
password: string,
valid: number
): Promise<SharingDTO> {
return this.networkService.putJson('/share/' + dir, {
updateSharing: {
@ -134,7 +144,7 @@ export class ShareService {
try {
this.sharingSubject.next(null);
const sharing = await this.networkService.getJson<SharingDTO>(
'/share/' + this.getSharingKey()
'/share/' + this.getSharingKey()
);
this.sharingSubject.next(sharing);
} catch (e) {
@ -143,8 +153,21 @@ export class ShareService {
}
}
private async checkSharing(): Promise<void> {
try {
this.sharingIsValid.next(null);
const sharing = await this.networkService.getJson<SharingDTOKey>(
'/share/' + this.getSharingKey() + '/key'
);
this.sharingIsValid.next(sharing.sharingKey === this.getSharingKey());
} catch (e) {
this.sharingIsValid.next(false);
console.error(e);
}
}
public async getSharingListForDir(
dir: string
dir: string
): Promise<SharingDTO[]> {
return this.networkService.getJson('/share/list/' + dir);
}

View File

@ -82,11 +82,11 @@
</div>
</div>
<div class="row" *ngIf="passwordProtection">
<div class="row">
<div class="col-4">
<label class="control-label" for="share-password">
<ng-container i18n>Password</ng-container><!--
-->*:
<ng-container i18n>Password</ng-container>
<ng-container *ngIf="passwordRequired">*</ng-container>
</label>
</div>
<div class="col-8">
@ -98,7 +98,7 @@
[(ngModel)]="input.password"
i18n-placeholder
placeholder="Password"
required>
[required]="passwordRequired">
</div>
</div>

View File

@ -36,7 +36,7 @@ export class GalleryShareComponent implements OnInit, OnDestroy {
currentDir = '';
sharing: SharingDTO = null;
contentSubscription: Subscription = null;
readonly passwordProtection = Config.Sharing.passwordProtected;
readonly passwordRequired = Config.Sharing.passwordRequired;
readonly ValidityTypes = ValidityTypes;
modalRef: BsModalRef;
@ -138,11 +138,16 @@ export class GalleryShareComponent implements OnInit, OnDestroy {
}
async get(): Promise<void> {
if(Config.Sharing.passwordRequired && !this.input.password){
this.url = $localize`Set password.`;
return;
}
this.urlValid = false;
this.url = $localize`loading..`;
this.sharing = await this.sharingService.createSharing(
this.currentDir,
this.input.includeSubfolders,
this.input.password,
this.calcValidity()
);
this.url = this.sharingService.getUrl(this.sharing);

View File

@ -7,10 +7,10 @@
</div>
<div class="row card align-self-center">
<div class="card-body">
<div *ngIf="(shareService.currentSharing | async) == shareService.UnknownSharingKey"
<div *ngIf="!(shareService.sharingIsValid | async)"
class="h3 text-center text-danger" i18n>Unknown sharing key.
</div>
<form *ngIf="(shareService.currentSharing | async) != shareService.UnknownSharingKey"
<form *ngIf="(shareService.sharingIsValid | async)"
name="form" id="form" class="form-horizontal" #LoginForm="ngForm" (submit)="onLogin()">
<div class="error-message" [hidden]="loginError==false" i18n>Wrong password</div>
@ -32,6 +32,7 @@
<div class="col-sm-12 controls d-grid gap-2">
<button class="btn btn-primary btn-lg"
id="button-share-login"
[disabled]="!LoginForm.form.valid || inProgress"
type="submit"
name="action" i18n>Enter

View File

@ -75,8 +75,15 @@ describe('PublicRouter', () => {
.get('/share/' + sharingKey);
};
it('should not get default user with passworded share share without password', async () => {
Config.Sharing.passwordProtected = true;
it('should not get default user with passworded share without required password', async () => {
Config.Sharing.passwordRequired = false;
const sharing = await RouteTestingHelper.createSharing(testUser, 'secret_pass');
const res = await fistLoad(server, sharing.sharingKey);
shouldHaveInjectedUser(res, null);
});
it('should not get default user with passworded share share with required password', async () => {
Config.Sharing.passwordRequired = true;
const sharing = await RouteTestingHelper.createSharing(testUser, 'secret_pass');
const res = await fistLoad(server, sharing.sharingKey);
shouldHaveInjectedUser(res, null);
@ -84,25 +91,13 @@ describe('PublicRouter', () => {
it('should get default user with no-password share', async () => {
Config.Sharing.passwordProtected = true;
Config.Sharing.passwordRequired = false;
const sharing = await RouteTestingHelper.createSharing(testUser);
const res = await fistLoad(server, sharing.sharingKey);
shouldHaveInjectedUser(res, RouteTestingHelper.getExpectedSharingUser(sharing));
});
it('should get default user for no-password share when password protection disabled', async () => {
Config.Sharing.passwordProtected = false;
const sharing = await RouteTestingHelper.createSharing(testUser);
const res = await fistLoad(server, sharing.sharingKey);
shouldHaveInjectedUser(res, RouteTestingHelper.getExpectedSharingUser(sharing));
});
it('should get default user for passworded share when password protection disabled', async () => {
Config.Sharing.passwordProtected = false;
const sharing = await RouteTestingHelper.createSharing(testUser, 'secret_pass');
const res = await fistLoad(server, sharing.sharingKey);
shouldHaveInjectedUser(res, RouteTestingHelper.getExpectedSharingUser(sharing));
});
});

View File

@ -74,15 +74,32 @@ describe('SharingRouter', () => {
beforeEach(setUp);
afterEach(tearDown);
it('should login with passworded share', async () => {
Config.Sharing.passwordProtected = true;
it('should login with passworded share when password required', async () => {
Config.Sharing.passwordRequired = true;
const sharing = await RouteTestingHelper.createSharing(testUser, 'secret_pass');
const res = await shareLogin(server, sharing.sharingKey, sharing.password);
shouldBeValidUser(res, RouteTestingHelper.getExpectedSharingUser(sharing));
});
it('should login with passworded share when password not required', async () => {
Config.Sharing.passwordRequired = false;
const sharing = await RouteTestingHelper.createSharing(testUser, 'secret_pass');
const res = await shareLogin(server, sharing.sharingKey, sharing.password);
shouldBeValidUser(res, RouteTestingHelper.getExpectedSharingUser(sharing));
});
it('should login without passworded share when password not required', async () => {
Config.Sharing.passwordRequired = false;
const sharing = await RouteTestingHelper.createSharing(testUser );
const res = await shareLogin(server, sharing.sharingKey, sharing.password);
shouldBeValidUser(res, RouteTestingHelper.getExpectedSharingUser(sharing));
});
it('should not login with passworded share without password', async () => {
Config.Sharing.passwordProtected = true;
Config.Sharing.passwordRequired = true;
const sharing = await RouteTestingHelper.createSharing(testUser, 'secret_pass');
const result = await shareLogin(server, sharing.sharingKey);
@ -92,22 +109,22 @@ describe('SharingRouter', () => {
should.equal(result.body.error.code, ErrorCodes.CREDENTIAL_NOT_FOUND);
});
it('should not login with passworded share but password protection disabled', async () => {
Config.Sharing.passwordProtected = false;
const sharing = await RouteTestingHelper.createSharing(testUser, 'secret_pass');
const res = await shareLogin(server, sharing.sharingKey);
shouldBeValidUser(res, RouteTestingHelper.getExpectedSharingUser(sharing));
});
it('should login with no-password share', async () => {
Config.Sharing.passwordProtected = true;
it('should not login to share without password when password required', async () => {
Config.Sharing.passwordRequired = false;
const sharing = await RouteTestingHelper.createSharing(testUser);
const res = await shareLogin(server, sharing.sharingKey, sharing.password);
shouldBeValidUser(res, RouteTestingHelper.getExpectedSharingUser(sharing));
Config.Sharing.passwordRequired = true;
const result = await shareLogin(server, sharing.sharingKey);
result.should.have.status(401);
result.body.should.be.a('object');
result.body.error.should.be.a('object');
should.equal(result.body.error.code, ErrorCodes.CREDENTIAL_NOT_FOUND);
});
});

View File

@ -125,9 +125,9 @@ describe('UserRouter', () => {
it('it should authenticate as user with sharing key', async () => {
Config.Users.authenticationRequired = true;
Config.Sharing.enabled = true;
Config.Sharing.passwordProtected = true;
Config.Sharing.passwordRequired = true;
const sharingKey = (await RouteTestingHelper.createSharing(testUser)).sharingKey;
const sharingKey = (await RouteTestingHelper.createSharing(testUser, 'pass')).sharingKey;
const loginRes = await login(server);
@ -146,7 +146,7 @@ describe('UserRouter', () => {
it('it should authenticate with sharing key', async () => {
Config.Users.authenticationRequired = true;
Config.Sharing.enabled = true;
Config.Sharing.passwordProtected = true;
Config.Sharing.passwordRequired = false;
const sharing = (await RouteTestingHelper.createSharing(testUser));
@ -161,7 +161,7 @@ describe('UserRouter', () => {
it('it should not authenticate with sharing key without password', async () => {
Config.Users.authenticationRequired = true;
Config.Sharing.enabled = true;
Config.Sharing.passwordProtected = true;
Config.Sharing.passwordRequired = true;
const sharing = (await RouteTestingHelper.createSharing(testUser, 'pass_secret'));