Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[For 10.4] On the public preview route the share password needs to be verified a… #36571

Merged
merged 2 commits into from
Dec 13, 2019
Merged

[For 10.4] On the public preview route the share password needs to be verified a… #36571

merged 2 commits into from
Dec 13, 2019

Conversation

DeepDiver1975
Copy link
Member

…gain to not grant unauthorized access

Description

The public preview route did not check the share link password

How Has This Been Tested?

  1. test that it still works
  • create public share of an image link with password
  • open link in private browser
  • enter password
  • see image preview
  1. proof that preview route is protected
  • curl 'http://${INSTANCE}/index.php/apps/files_sharing/ajax/publicpreview.php?x=1043&y=546&a=true&file=${IMAGE_NAME}&t=${SHARE_TOKEN}&scalingup=0'
  • response shall be 404/Not Found

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Database schema changes (next release will require increase of minor version instead of patch)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Technical debt
  • Tests only (no source changes)

Checklist:

  • Code changes
  • Unit tests added
  • Acceptance tests added
  • Documentation ticket raised:
  • Changelog item, see TEMPLATE

@DeepDiver1975 DeepDiver1975 self-assigned this Dec 11, 2019
@DeepDiver1975 DeepDiver1975 force-pushed the bugfix/verify-password-on-public-preview branch from e3ab726 to cd0d8c2 Compare December 11, 2019 07:42
micbar
micbar reviewed Dec 11, 2019
View reviewed changes
Copy link
Contributor

@micbar micbar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See Comments. Rest LGTM

@micbar
Copy link
Contributor

micbar commented Dec 11, 2019

@phil-davis This would be a good candidate for an acceptance test.

@micbar micbar added this to the development milestone Dec 11, 2019
@phil-davis
Copy link
Contributor

@haribhandari07 please assign someone to make acceptance tests.
It seems that we do not have any current test scenarios covering this.

@DeepDiver1975 DeepDiver1975 force-pushed the bugfix/verify-password-on-public-preview branch from cd0d8c2 to 1cd3125 Compare December 11, 2019 08:18
@codecov
Copy link

codecov bot commented Dec 11, 2019
edited
Loading

Codecov Report

Merging #36571 into master will decrease coverage by <.01%.
The diff coverage is 0%.

Impacted file tree graph

@@             Coverage Diff              @@
##             master   #36571      +/-   ##
============================================
- Coverage     64.66%   64.65%   -0.01%     
  Complexity    19049    19049              
============================================
  Files          1269     1269              
  Lines         74498    74503       +5     
  Branches       1311     1311              
============================================
  Hits          48171    48171              
- Misses        25941    25946       +5     
  Partials        386      386
Flag Coverage Δ Complexity Δ
#javascript 54.02% <ø> (ø) 0 <ø> (ø) ⬇️
#phpunit 65.83% <0%> (-0.01%) 19049 <0> (ø)
Impacted Files Coverage Δ Complexity Δ
apps/files_sharing/ajax/publicpreview.php 0% <0%> (ø) 0 <0> (ø) ⬇️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update a3ab953...d47fa25. Read the comment docs.

phil-davis
phil-davis reviewed Dec 11, 2019
View reviewed changes
Copy link
Contributor

@phil-davis phil-davis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tests look good

@phil-davis phil-davis changed the title On the public preview route the share password needs to be verified a… [For 10.4] On the public preview route the share password needs to be verified a… Dec 11, 2019
@cdamken
Copy link
Contributor

cdamken commented Dec 13, 2019

Tested on Damken-Cloud, The patch works!

@micbar micbar merged commit f0b8d09 into master Dec 13, 2019
@delete-merged-branch delete-merged-branch bot deleted the bugfix/verify-password-on-public-preview branch December 13, 2019 13:16
@phil-davis phil-davis mentioned this pull request Dec 14, 2019
Merged
11 tasks
@davitol davitol mentioned this pull request Jan 9, 2020
Closed
39 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@phil-davis phil-davis phil-davis left review comments

@jvillafanez jvillafanez Awaiting requested review from jvillafanez

@VicDeo VicDeo Awaiting requested review from VicDeo

@micbar micbar Awaiting requested review from micbar

Assignees

@DeepDiver1975 DeepDiver1975

@dpakach dpakach

Labels
3 - To Review dev:acceptance-tests QA:p1 QA:team
Projects
None yet
Milestone
development
Development

Successfully merging this pull request may close these issues.
5 participants
@DeepDiver1975 @micbar @phil-davis @cdamken @dpakach