Merge remote-tracking branch 'remote/develop' into develop

bLoginow · bLoginow · commit f1af8ff78e67 · 2016-10-13T20:36:12.000+02:00
diff --git a/core/src/core/src/pydio/Core/Http/Dav/AuthBackendDigest.php b/core/src/core/src/pydio/Core/Http/Dav/AuthBackendDigest.php
@@ -118,14 +118,14 @@ public function authenticate(Sabre\DAV\Server $server, $realm)
             try{
                 $loggedUser = AuthService::logUser($this->currentUser, null, true);
             }catch (LoginException $l){
-                throw new Sabre\DAV\Exception\NotAuthenticated();
+                $this->breakNotAuthenticatedAndRequireLogin($server, $realm, $errmsg);
             }
             $this->updateCurrentUserRights($loggedUser);
         } else {
-          if ($success === false) {
-            Logger::warning(__CLASS__, "Login failed", array("user" => $this->currentUser, "error" => "Invalid WebDAV user or password"));
-          }
-          throw new Sabre\DAV\Exception\NotAuthenticated($errmsg);
+            if ($success === false) {
+                Logger::warning(__CLASS__, "Login failed", array("user" => $this->currentUser, "error" => "Invalid WebDAV user or password"));
+            }
+            $this->breakNotAuthenticatedAndRequireLogin($server, $realm, $errmsg);
         }
 
         if($this->context->hasRepository()){
@@ -159,6 +159,24 @@ public function authenticate(Sabre\DAV\Server $server, $realm)
         return true;
     }
 
+    /**
+     * @param Sabre\DAV\Server $server
+     * @param $errmsg
+     */
+    function breakNotAuthenticatedAndRequireLogin(Sabre\DAV\Server $server, $realm, $errmsg){
+        $digest = new Sabre\HTTP\DigestAuth();
+
+        // Hooking up request and response objects
+        $digest->setHTTPRequest($server->httpRequest);
+        $digest->setHTTPResponse($server->httpResponse);
+
+        $digest->setRealm($realm);
+        $digest->init();
+        $digest->requireLogin();
+        throw new Sabre\DAV\Exception\NotAuthenticated($errmsg);
+
+    }
+
     /**
      * @param \Pydio\Core\Model\UserInterface $user
      * @return bool
diff --git a/core/src/core/src/pydio/Core/Http/Dav/DAVServer.php b/core/src/core/src/pydio/Core/Http/Dav/DAVServer.php
@@ -101,7 +101,7 @@ public static function handleRoute($baseURI, $davRoute){
         }
         $server->httpResponse = new DAVResponse();
 
-        if((AuthBackendBasic::detectBasicHeader() || ConfService::getGlobalConf("WEBDAV_FORCE_BASIC"))){
+        if(AuthBackendBasic::detectBasicHeader() || ConfService::getGlobalConf("WEBDAV_FORCE_BASIC")){
             $authBackend = new AuthBackendBasic(self::$context);
         } else {
             $authBackend = new AuthBackendDigest(self::$context);
diff --git a/core/src/core/src/pydio/Core/Http/Middleware/AuthMiddleware.php b/core/src/core/src/pydio/Core/Http/Middleware/AuthMiddleware.php
@@ -32,6 +32,7 @@
 use Pydio\Core\Model\ContextInterface;
 use Pydio\Core\PluginFramework\PluginsService;
 
+use Pydio\Core\Services\AuthService;
 use Pydio\Core\Services\ConfService;
 use Zend\Diactoros\Response\EmptyResponse;
 
@@ -68,7 +69,8 @@ public static function handleRequest(\Psr\Http\Message\ServerRequestInterface $r
 
         } catch (NoActiveWorkspaceException $ex){
 
-            throw new AuthRequiredException();
+            AuthService::disconnect();
+            throw new AuthRequiredException("", $ex->getMessage());
 
         } catch(ActionNotFoundException $a){
 
diff --git a/core/src/core/src/pydio/Core/Services/AuthService.php b/core/src/core/src/pydio/Core/Services/AuthService.php
@@ -164,6 +164,7 @@ public static function disconnect()
         CookiesHelper::clearRememberCookie($user);
         Logger::info(__CLASS__, "Log Out", "");
         SessionService::delete(SessionService::USER_KEY);
+        SessionService::invalidateLoadedRepositories();
         if (ConfService::getContextConf(Context::contextWithObjects($user, null), "SESSION_SET_CREDENTIALS", "auth")) {
             MemorySafe::clearCredentials();
         }
diff --git a/core/src/core/src/pydio/Core/Services/RolesService.php b/core/src/core/src/pydio/Core/Services/RolesService.php
@@ -146,6 +146,10 @@ public static function updateRole($roleObject, $userObject = null)
     {
         ConfService::getConfStorageImpl()->updateRole($roleObject, $userObject);
         CacheService::saveWithTimestamp(AJXP_CACHE_SERVICE_NS_SHARED, "pydio:role:".$roleObject->getId(), $roleObject);
+        $profiles = $roleObject->listAutoApplies();
+        foreach($profiles as $profile){
+            CacheService::saveWithTimestamp(AJXP_CACHE_SERVICE_NS_SHARED, "pydio:profile:".$profile, time());
+        }
         ConfService::getInstance()->invalidateLoadedRepositories();
         $roleId = $roleObject->getId();
         if(strpos($roleId, "AJXP_GRP_/") === 0){
diff --git a/core/src/core/src/pydio/Core/Services/UsersService.php b/core/src/core/src/pydio/Core/Services/UsersService.php
@@ -85,8 +85,10 @@ public static function getUserById($userId, $checkExists = true){
         // Try to get from cache
         $test = CacheService::fetch(AJXP_CACHE_SERVICE_NS_SHARED, "pydio:user:" . $userId);
         if($test !== false && $test instanceof UserInterface){
-            // Second check : if roles were updated in cache
+            // Second check : if roles were updated in cache, or maybe profile with auto-apply feature
             $roleCacheIds = array_map(function($k){ return "pydio:role:".$k; }, $test->getRolesKeys());
+            $profile = $test->getProfile();
+            if(!empty($profile)) $roleCacheIds[] = "pydio:profile:".$profile;
             $test = CacheService::fetchWithTimestamps(AJXP_CACHE_SERVICE_NS_SHARED, "pydio:user:".$userId, $roleCacheIds);
             if($test !== false){
                 if($test->getPersonalRole() === null){
@@ -180,6 +182,17 @@ public static function getRepositoriesForUser($user, $includeShared = true, $det
 
     }
 
+    /**
+     * @param string $userId
+     * @param RepositoryInterface[] $repoList
+     */
+    private function setInCache($userId, $repoList){
+
+        $this->repositoriesCache[$userId] = $repoList;
+        SessionService::updateLoadedRepositories($repoList);
+
+    }
+
     /**
      * @param $userId
      * @return mixed|null|\Pydio\Core\Model\RepositoryInterface[]
@@ -203,17 +216,6 @@ private function getFromCaches($userId){
 
     }
 
-    /**
-     * @param string $userId
-     * @param RepositoryInterface[] $repoList
-     */
-    private function setInCache($userId, $repoList){
-
-        $this->repositoriesCache[$userId] = $repoList;
-        SessionService::updateLoadedRepositories($repoList);
-
-    }
-
     public static function invalidateCache(){
 
         self::instance()->repositoriesCache = [];
diff --git a/core/src/plugins/access.ajxp_conf/ajxp_confActions.xml b/core/src/plugins/access.ajxp_conf/ajxp_confActions.xml
@@ -42,7 +42,7 @@
             </processing>
         </action>
         <action name="edit" fileDefault="true">
-            <gui text="ajxp_conf.93" title="301" iconClass="icon-edit" src="edit.png" accessKey="edit_access_key" hasAccessKey="true">
+            <gui text="ajxp_conf.93" title="301" iconClass="mdi mdi-pencil" src="edit.png" accessKey="edit_access_key" hasAccessKey="true">
                 <context selection="true" dir="" recycle="hidden"
                          actionBar="true" contextMenu="true" infoPanel="true"
                          actionBarGroup="get" inZip="false">
diff --git a/core/src/plugins/access.ajxp_conf/src/UsersManager.php b/core/src/plugins/access.ajxp_conf/src/UsersManager.php
@@ -864,6 +864,7 @@ public function listNodes(ServerRequestInterface $requestInterface, $rootPath, $
             $topMeta = $this->serializeGroupMetadata("/", $messages["ajxp_conf.151"]);
             $topMeta["icon_class"] = "icon-home";
             $rootGroupNode = new AJXP_Node($fullBasePath ."/", $topMeta);
+            $rootGroupNode->setLeaf(true);
             $nodesList->addBranch($rootGroupNode);
 
         }
diff --git a/core/src/plugins/action.scheduler/manifest.xml b/core/src/plugins/action.scheduler/manifest.xml
@@ -230,7 +230,7 @@
                 </processing>
             </action>
             <action name="scheduler_editTask">
-                <gui text="action.scheduler.10" title="action.scheduler.11" iconClass="icon-edit" src="scheduler/ICON_SIZE/task.png" hasAccessKey="false">
+                <gui text="action.scheduler.10" title="action.scheduler.11" iconClass="mdi mdi-pencil" src="scheduler/ICON_SIZE/task.png" hasAccessKey="false">
                     <context selection="true" dir="" recycle="hidden" allowedMimes="scheduler_zone"
                              actionBar="true" contextMenu="true" infoPanel="true"
                              actionBarGroup="get"/>
diff --git a/core/src/plugins/action.share/manifest.xml b/core/src/plugins/action.share/manifest.xml
@@ -2,7 +2,7 @@
 <ajxp_plugin name="share" label="CONF_MESSAGE[Sharing Features]" description="CONF_MESSAGE[Share Center actions and hooks]"  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="file:../core.ajaxplorer/ajxp_registry.xsd">
     <server_settings>
         <global_param name="DISABLE_ALL_SHARING" group="CONF_MESSAGE[Authorizations]" description="CONF_MESSAGE[Disable all sharing on files or folders]" label="CONF_MESSAGE[Disable all sharing]" type="boolean" default="false" expose="false"/>
-        <global_param name="DISABLE_RESHARING" group="CONF_MESSAGE[Authorizations]" description="CONF_MESSAGE[Disallow all sharing for shared workspaces]" label="CONF_MESSAGE[Disable resharing]" type="boolean" default="false" expose="false"/>
+        <global_param name="DISABLE_RESHARING" group="CONF_MESSAGE[Authorizations]" description="CONF_MESSAGE[Disallow all sharing for shared workspaces]" label="CONF_MESSAGE[Disable resharing]" type="boolean" default="true" expose="false"/>
         <global_param name="ENABLE_FILE_PUBLIC_LINK" group="CONF_MESSAGE[Authorizations]" description="CONF_MESSAGE[Allow users to generate public links on files]" label="CONF_MESSAGE[Files: enable public links]" type="boolean" default="true" expose="true"/>
         <global_param name="ENABLE_FILE_INTERNAL_SHARING" group="CONF_MESSAGE[Authorizations]" description="CONF_MESSAGE[Enable internal file sharing (sharing with users existing or temporary users)]" label="CONF_MESSAGE[Files: enable internal sharing]" type="boolean" mandatory="true" default="true" expose="true"/>
         <global_param name="ENABLE_FOLDER_PUBLIC_LINK" group="CONF_MESSAGE[Authorizations]" description="CONF_MESSAGE[Allow users to generate public links on folders]" label="CONF_MESSAGE[Folders: enable public links]" type="boolean" default="true" expose="true"/>
diff --git a/core/src/plugins/authfront.session_login/SessionLoginFrontend.php b/core/src/plugins/authfront.session_login/SessionLoginFrontend.php
@@ -218,7 +218,7 @@ public function switchAction(\Psr\Http\Message\ServerRequestInterface &$requestI
 
                 AuthService::disconnect();
                 $loggingResult = 2;
-                session_destroy();
+                @session_destroy();
                 $x = new \Pydio\Core\Http\Response\SerializableResponseStream();
                 $x->addChunk(new \Pydio\Core\Http\Message\LoggingResult($loggingResult));
                 $responseInterface = $responseInterface->withBody($x);
diff --git a/core/src/plugins/core.conf/AbstractConfDriver.php b/core/src/plugins/core.conf/AbstractConfDriver.php
@@ -777,13 +777,21 @@ public function switchAction(ServerRequestInterface $requestInterface, ResponseI
                 if ($action == "user_create_user" && isSet($httpVars["NEW_new_user_id"])) {
                     $updating = false;
                     OptionsHelper::parseStandardFormParameters($ctx, $httpVars, $data, "NEW_");
-                    $original_id = InputFilter::decodeSecureMagic($data["new_user_id"]);
-                    $data["new_user_id"] = InputFilter::decodeSecureMagic($data["new_user_id"], InputFilter::SANITIZE_EMAILCHARS);
-                    if($original_id != $data["new_user_id"]){
-                        throw new \Exception(str_replace("%s", $data["new_user_id"], $mess["ajxp_conf.127"]));
+                    $originalId = InputFilter::decodeSecureMagic($data["new_user_id"]);
+                    $newUserId = InputFilter::decodeSecureMagic($data["new_user_id"], InputFilter::SANITIZE_EMAILCHARS);
+                    if($originalId != $newUserId){
+                        throw new PydioException(str_replace("%s", $newUserId, $mess["ajxp_conf.127"]));
                     }
-                    if (UsersService::userExists($data["new_user_id"], "w")) {
-                        throw new \Exception($mess["ajxp_conf.43"]);
+                    $prefix = '';
+                    $sharePlugin = PluginsService::getInstance($ctx)->getPluginById("action.share");
+                    if($sharePlugin !== null){
+                        $prefix = $sharePlugin->getContextualOption($ctx, "SHARED_USERS_TMP_PREFIX");
+                    }
+                    if(!empty($prefix) && strpos($newUserId, $prefix) !== 0){
+                        $newUserId = $prefix . $newUserId;
+                    }
+                    if (UsersService::userExists($newUserId, "w")) {
+                        throw new PydioException($mess["ajxp_conf.43"]);
                     }
                     $limit = $loggedUser->getMergedRole()->filterParameterValue("core.conf", "USER_SHARED_USERS_LIMIT", AJXP_REPO_SCOPE_ALL, "");
                     if (!empty($limit) && intval($limit) > 0) {
@@ -792,8 +800,7 @@ public function switchAction(ServerRequestInterface $requestInterface, ResponseI
                             throw new \Exception($mess['483']);
                         }
                     }
-
-                    $userObject = UsersService::createUser($data["new_user_id"], $data["new_password"]);
+                    $userObject = UsersService::createUser($newUserId, $data["new_password"]);
                     $userObject->setParent($loggedUser->getId());
                     $userObject->save('superuser');
                     $userObject->getPersonalRole()->clearAcls();
@@ -853,7 +860,7 @@ public function switchAction(ServerRequestInterface $requestInterface, ResponseI
                     UsersService::updateUser($userObject);
                 }
 
-                if ($action == "user_create_user") {
+                if ($action == "user_create_user" && isSet($newUserId)) {
 
                     Controller::applyHook($updating?"user.after_update":"user.after_create", [$ctx, $userObject]);
                     if (isset($data["send_email"]) && $data["send_email"] == true && !empty($data["email"])) {
@@ -863,13 +870,11 @@ public function switchAction(ServerRequestInterface $requestInterface, ResponseI
                             $link = ApplicationState::detectServerURL();
                             $apptitle = ConfService::getGlobalConf("APPLICATION_TITLE");
                             $subject = str_replace("%s", $apptitle, $mess["507"]);
-                            $body = str_replace(["%s", "%link", "%user", "%pass"], [$apptitle, $link, $data["new_user_id"], $data["new_password"]], $mess["508"]);
+                            $body = str_replace(["%s", "%link", "%user", "%pass"], [$apptitle, $link, $newUserId, $data["new_password"]], $mess["508"]);
                             $mailer->sendMail($ctx, [$data["email"]], $subject, $body);
                         }
                     }
-
-                    $responseInterface = $responseInterface->withHeader("Content-type", "text/plain");
-                    $responseInterface->getBody()->write("SUCCESS");
+                    $responseInterface = new JsonResponse(["result" => "SUCCESS", "createdUserId" => $newUserId]);
 
                 } else {
 
diff --git a/core/src/plugins/core.conf/standard_conf_actions.xml b/core/src/plugins/core.conf/standard_conf_actions.xml
diff --git a/core/src/plugins/gui.ajax/res/js/es6/http/PydioUsersApi.es6 b/core/src/plugins/gui.ajax/res/js/es6/http/PydioUsersApi.es6
diff --git a/core/src/plugins/gui.ajax/res/js/ui/prototype/class.AjxpUsersCompleter.js b/core/src/plugins/gui.ajax/res/js/ui/prototype/class.AjxpUsersCompleter.js
diff --git a/core/src/plugins/gui.ajax/res/js/ui/reactjs/jsx/UsersCompleter.js b/core/src/plugins/gui.ajax/res/js/ui/reactjs/jsx/UsersCompleter.js
diff --git a/core/src/plugins/gui.ajax/res/themes/orbit/css/fonts/mdi-subset.css b/core/src/plugins/gui.ajax/res/themes/orbit/css/fonts/mdi-subset.css

Original file line number	Diff line number	Diff line change
`@@ -101,7 +101,7 @@ public static function handleRoute($baseURI, $davRoute){`
`101`	`101`	`}`
`102`	`102`	`$server->httpResponse = new DAVResponse();`
`103`	`103`
`104`		`- if((AuthBackendBasic::detectBasicHeader() \|\| ConfService::getGlobalConf("WEBDAV_FORCE_BASIC"))){`
	`104`	`+ if(AuthBackendBasic::detectBasicHeader() \|\| ConfService::getGlobalConf("WEBDAV_FORCE_BASIC")){`
`105`	`105`	`$authBackend = new AuthBackendBasic(self::$context);`
`106`	`106`	`} else {`
`107`	`107`	`$authBackend = new AuthBackendDigest(self::$context);`
Original file line number	Diff line number	Diff line change
`@@ -164,6 +164,7 @@ public static function disconnect()`
`164`	`164`	`CookiesHelper::clearRememberCookie($user);`
`165`	`165`	`Logger::info(__CLASS__, "Log Out", "");`
`166`	`166`	`SessionService::delete(SessionService::USER_KEY);`
	`167`	`+ SessionService::invalidateLoadedRepositories();`
`167`	`168`	`if (ConfService::getContextConf(Context::contextWithObjects($user, null), "SESSION_SET_CREDENTIALS", "auth")) {`
`168`	`169`	`MemorySafe::clearCredentials();`
`169`	`170`	`}`
Original file line number	Diff line number	Diff line change
`@@ -864,6 +864,7 @@ public function listNodes(ServerRequestInterface $requestInterface, $rootPath, $`
`864`	`864`	`$topMeta = $this->serializeGroupMetadata("/", $messages["ajxp_conf.151"]);`
`865`	`865`	`$topMeta["icon_class"] = "icon-home";`
`866`	`866`	`$rootGroupNode = new AJXP_Node($fullBasePath ."/", $topMeta);`
	`867`	`+ $rootGroupNode->setLeaf(true);`
`867`	`868`	`$nodesList->addBranch($rootGroupNode);`
`868`	`869`
`869`	`870`	`}`