diff --git a/seahub/share/models.py b/seahub/share/models.py index 76d6b357dc..5ce2c890c5 100644 --- a/seahub/share/models.py +++ b/seahub/share/models.py @@ -19,21 +19,22 @@ class AnonymousShare(models.Model): anonymous_email = LowerCaseCharField(max_length=255) token = models.CharField(max_length=25, unique=True) -def _get_cache_key(request, prefix): +def _get_cache_key(request, prefix, token): """Return cache key of certain ``prefix``. If user is logged in, use - username, otherwise use combination of request ip and user agent. + username and token, otherwise use combination of request ip and user agent + and token. Arguments: - `prefix`: """ if request.user.is_authenticated(): - key = normalize_cache_key(request.user.username, 'SharedLink_') + key = normalize_cache_key(request.user.username, 'SharedLink_', token) else: ip = get_remote_ip(request) # Memcached key length limit is 250 chars, and user agent somethings may # be long which will cause error. agent = request.META.get('HTTP_USER_AGENT', '')[:150] - key = normalize_cache_key(ip + agent, 'SharedLink_') + key = normalize_cache_key(ip + agent, 'SharedLink_', token) return key @@ -41,13 +42,13 @@ def set_share_link_access(request, token): """Remember which share download/upload links user can access without providing password. """ - key = _get_cache_key(request, 'SharedLink_') + key = _get_cache_key(request, 'SharedLink_', token) cache.set(key, True, SHARE_ACCESS_PASSWD_TIMEOUT) def check_share_link_access(request, token): """Check whether user can access share link without providing password. """ - key = _get_cache_key(request, 'SharedLink_') + key = _get_cache_key(request, 'SharedLink_', token) return cache.get(key, False) class FileShareManager(models.Manager): diff --git a/seahub/utils/__init__.py b/seahub/utils/__init__.py index b9daa6176b..ad69bd515f 100644 --- a/seahub/utils/__init__.py +++ b/seahub/utils/__init__.py @@ -195,11 +195,12 @@ def gen_token(max_length=5): return uuid.uuid4().hex[:max_length] -def normalize_cache_key(value, prefix=None): - """Returns a cache key consisten of ``value`` and ``prefix``. Cache key +def normalize_cache_key(value, prefix=None, token=None): + """Returns a cache key consisten of ``value`` and ``prefix`` and ``token``. Cache key must not include control characters or whitespace. """ key = value if prefix is None else prefix + value + key = key if token is None else key + '_' + token return urlquote(key) def get_repo_last_modify(repo): diff --git a/seahub/views/repo.py b/seahub/views/repo.py index 2ceaf3529b..f9877eb9bd 100644 --- a/seahub/views/repo.py +++ b/seahub/views/repo.py @@ -449,22 +449,21 @@ def view_shared_upload_link(request, token): if uploadlink is None: raise Http404 - if uploadlink.is_encrypted(): - if not check_share_link_access(request, token): - d = {'token': token, 'view_name': 'view_shared_upload_link', } - if request.method == 'POST': - post_values = request.POST.copy() - post_values['enc_password'] = uploadlink.password - form = SharedLinkPasswordForm(post_values) - d['form'] = form - if form.is_valid(): - set_share_link_access(request, token) - else: - return render_to_response('share_access_validation.html', d, - context_instance=RequestContext(request)) + if uploadlink.is_encrypted() and not check_share_link_access(request, token): + d = {'token': token, 'view_name': 'view_shared_upload_link', } + if request.method == 'POST': + post_values = request.POST.copy() + post_values['enc_password'] = uploadlink.password + form = SharedLinkPasswordForm(post_values) + d['form'] = form + if form.is_valid(): + set_share_link_access(request, token) else: return render_to_response('share_access_validation.html', d, context_instance=RequestContext(request)) + else: + return render_to_response('share_access_validation.html', d, + context_instance=RequestContext(request)) username = uploadlink.username repo_id = uploadlink.repo_id