mirror of
https://github.com/haiwen/seahub.git
synced 2025-07-16 16:21:48 +00:00
Merge pull request #946 from haiwen/view-file
add password check when view file via dir share
This commit is contained in:
xiez
commit
ad658ac746
@ -4,7 +4,11 @@
|
||||
{% block main_panel %}
|
||||
<div class="wide-panel">
|
||||
<p class="access-notice">{% trans "Please input the password if you want to browse the shared file/directory. And the password will be kept on the server for only 1 hour." %}</p>
|
||||
{% if path %}
|
||||
<form action="{% url view_name token %}?p={{ path }}" method="post" id="share-passwd-form">{% csrf_token %}
|
||||
{% else %}
|
||||
<form action="{% url view_name token %}" method="post" id="share-passwd-form">{% csrf_token %}
|
||||
{% endif %}
|
||||
<label>{% trans "Password: " %}</label>
|
||||
<input type="password" name="password" autofocus />
|
||||
<input type="submit" value="{% trans "Submit" %}" />
|
||||
|
||||
@ -868,6 +868,27 @@ def view_raw_shared_file(request, token, obj_id, file_name):
|
||||
if fileshare is None:
|
||||
raise Http404
|
||||
|
||||
if fileshare.is_encrypted():
|
||||
if not check_share_link_access(request, token):
|
||||
if fileshare.is_file_share_link():
|
||||
d = {'token': token, 'view_name': 'view_shared_file', }
|
||||
else:
|
||||
d = {'token': token, 'view_name': 'view_shared_dir', }
|
||||
|
||||
if request.method == 'POST':
|
||||
post_values = request.POST.copy()
|
||||
post_values['enc_password'] = fileshare.password
|
||||
form = SharedLinkPasswordForm(post_values)
|
||||
d['form'] = form
|
||||
if form.is_valid():
|
||||
set_share_link_access(request, token)
|
||||
else:
|
||||
return render_to_response('share_access_validation.html', d,
|
||||
context_instance=RequestContext(request))
|
||||
else:
|
||||
return render_to_response('share_access_validation.html', d,
|
||||
context_instance=RequestContext(request))
|
||||
|
||||
repo_id = fileshare.repo_id
|
||||
repo = get_repo(repo_id)
|
||||
if not repo:
|
||||
@ -904,6 +925,31 @@ def view_file_via_shared_dir(request, token):
|
||||
if fileshare is None:
|
||||
raise Http404
|
||||
|
||||
|
||||
req_path = request.GET.get('p', '').rstrip('/')
|
||||
if not req_path:
|
||||
return HttpResponseRedirect(reverse('view_shared_dir', args=[token]))
|
||||
|
||||
if fileshare.is_encrypted():
|
||||
if not check_share_link_access(request, token):
|
||||
d = {'token': token,
|
||||
'view_name': 'view_file_via_shared_dir',
|
||||
'path': req_path,
|
||||
}
|
||||
if request.method == 'POST':
|
||||
post_values = request.POST.copy()
|
||||
post_values['enc_password'] = fileshare.password
|
||||
form = SharedLinkPasswordForm(post_values)
|
||||
d['form'] = form
|
||||
if form.is_valid():
|
||||
set_share_link_access(request, token)
|
||||
else:
|
||||
return render_to_response('share_access_validation.html', d,
|
||||
context_instance=RequestContext(request))
|
||||
else:
|
||||
return render_to_response('share_access_validation.html', d,
|
||||
context_instance=RequestContext(request))
|
||||
|
||||
if request.GET.get('dl', '') == '1':
|
||||
# download shared file
|
||||
return _download_file_from_share_link(request, fileshare)
|
||||
@ -916,10 +962,6 @@ def view_file_via_shared_dir(request, token):
|
||||
|
||||
# Get file path from frontend, and construct request file path
|
||||
# with fileshare.path to real path, used to fetch file content by RPC.
|
||||
req_path = request.GET.get('p', '').rstrip('/')
|
||||
if not req_path:
|
||||
raise Http404
|
||||
|
||||
real_path = posixpath.join(fileshare.path, req_path.lstrip('/'))
|
||||
|
||||
# generate dir navigator
|
||||
|
||||
@ -1,3 +1,4 @@
|
||||
import os
|
||||
from django.core.urlresolvers import reverse
|
||||
from django.test import TestCase
|
||||
|
||||
@ -49,6 +50,8 @@ class EncryptSharedDirTest(TestCase, Fixtures):
|
||||
self.fs = FileShare.objects.create_dir_link(**share_file_info)
|
||||
|
||||
self.sub_dir = self.folder
|
||||
self.sub_file = self.file
|
||||
self.filename= os.path.basename(self.file)
|
||||
|
||||
def tearDown(self):
|
||||
self.remove_repo()
|
||||
@ -100,3 +103,41 @@ class EncryptSharedDirTest(TestCase, Fixtures):
|
||||
self.assertEqual(200, resp.status_code)
|
||||
self.assertTemplateNotUsed(resp, 'share_access_validation.html')
|
||||
self.assertTemplateUsed(resp, 'view_shared_dir.html')
|
||||
|
||||
def test_view_file_via_shared_dir(self):
|
||||
resp = self.client.post(
|
||||
reverse('view_file_via_shared_dir', args=[self.fs.token]) + '?p=' + self.sub_file, {
|
||||
'password': '12345678'
|
||||
}
|
||||
)
|
||||
|
||||
self.assertEqual(200, resp.status_code)
|
||||
self.assertTemplateNotUsed(resp, 'share_access_validation.html')
|
||||
self.assertTemplateUsed(resp, 'shared_file_view.html')
|
||||
self.assertContains(resp, '%s</h2>' % self.filename)
|
||||
|
||||
resp = self.client.get(
|
||||
reverse('view_file_via_shared_dir', args=[self.fs.token]) + '?p=' + self.sub_file
|
||||
)
|
||||
self.assertEqual(200, resp.status_code)
|
||||
self.assertTemplateNotUsed(resp, 'share_access_validation.html')
|
||||
self.assertTemplateUsed(resp, 'shared_file_view.html')
|
||||
self.assertContains(resp, '%s</h2>' % self.filename)
|
||||
|
||||
def test_view_file_via_shared_dir_without_password(self):
|
||||
resp = self.client.get(
|
||||
reverse('view_file_via_shared_dir', args=[self.fs.token]) + '?p=' + self.sub_file
|
||||
)
|
||||
self.assertEqual(200, resp.status_code)
|
||||
self.assertTemplateUsed(resp, 'share_access_validation.html')
|
||||
|
||||
def test_view_file_via_shared_dir_with_wrong_password(self):
|
||||
resp = self.client.post(
|
||||
reverse('view_file_via_shared_dir', args=[self.fs.token]), {
|
||||
'password': '1234567'
|
||||
}
|
||||
)
|
||||
|
||||
self.assertEqual(200, resp.status_code)
|
||||
self.assertTemplateUsed(resp, 'share_access_validation.html')
|
||||
self.assertContains(resp, 'Please enter a correct password')
|
||||
|
||||
Loading…
Reference in New Issue
Block a user