From 807a5dc0ca7b529461a8e6c848dbf7db9acdd364 Mon Sep 17 00:00:00 2001 From: Felix Schwarz Date: Wed, 5 Feb 2025 16:40:29 +0100 Subject: [PATCH] - OCCapabilities: allow MDM/branding control over default values for block_password_removal in case block_password_removal is not provided by the server - OCConnection: add option connection.block-password-removal-default and associated metadata to the class --- .../Connection/Capabilities/OCCapabilities.m | 14 ++++++++++---- ownCloudSDK/Connection/OCConnection.h | 1 + ownCloudSDK/Connection/OCConnection.m | 15 +++++++++++++-- 3 files changed, 24 insertions(+), 6 deletions(-) diff --git a/ownCloudSDK/Connection/Capabilities/OCCapabilities.m b/ownCloudSDK/Connection/Capabilities/OCCapabilities.m index dfca6003..ac52c465 100644 --- a/ownCloudSDK/Connection/Capabilities/OCCapabilities.m +++ b/ownCloudSDK/Connection/Capabilities/OCCapabilities.m @@ -19,6 +19,7 @@ #import "OCCapabilities.h" #import "OCMacros.h" #import "OCConnection.h" +#import "NSObject+OCClassSettings.h" #define WithDefault(val,def) (((val)==nil)?(def):(val)) @@ -664,24 +665,29 @@ - (OCCapabilityBool)publicSharingPasswordEnforcedForUploadOnly return (OCTypedCast(_capabilities[@"files_sharing"][@"public"][@"password"][@"enforced_for"][@"upload_only"], NSNumber)); } +- (OCCapabilityBool)_blockPasswordRemovalDefault +{ + return ([OCConnection classSettingForOCClassSettingsKey:OCConnectionBlockPasswordRemovalDefault]); +} + - (OCCapabilityBool)publicSharingPasswordBlockRemovalForReadOnly { - return (WithDefault(OCTypedCast(_capabilities[@"files_sharing"][@"public"][@"password"][@"block_password_removal"][@"read_only"], NSNumber), @NO)); + return (WithDefault(OCTypedCast(_capabilities[@"files_sharing"][@"public"][@"password"][@"block_password_removal"][@"read_only"], NSNumber), self._blockPasswordRemovalDefault)); } - (OCCapabilityBool)publicSharingPasswordBlockRemovalForReadWrite { - return (WithDefault(OCTypedCast(_capabilities[@"files_sharing"][@"public"][@"password"][@"block_password_removal"][@"read_write"], NSNumber), @NO)); + return (WithDefault(OCTypedCast(_capabilities[@"files_sharing"][@"public"][@"password"][@"block_password_removal"][@"read_write"], NSNumber), self._blockPasswordRemovalDefault)); } - (OCCapabilityBool)publicSharingPasswordBlockRemovalForReadWriteDelete { - return (WithDefault(OCTypedCast(_capabilities[@"files_sharing"][@"public"][@"password"][@"block_password_removal"][@"read_write_delete"], NSNumber), @NO)); + return (WithDefault(OCTypedCast(_capabilities[@"files_sharing"][@"public"][@"password"][@"block_password_removal"][@"read_write_delete"], NSNumber), self._blockPasswordRemovalDefault)); } - (OCCapabilityBool)publicSharingPasswordBlockRemovalForUploadOnly { - return (WithDefault(OCTypedCast(_capabilities[@"files_sharing"][@"public"][@"password"][@"block_password_removal"][@"upload_only"], NSNumber), @NO)); + return (WithDefault(OCTypedCast(_capabilities[@"files_sharing"][@"public"][@"password"][@"block_password_removal"][@"upload_only"], NSNumber), self._blockPasswordRemovalDefault)); } - (OCCapabilityBool)publicSharingExpireDateAddDefaultDate diff --git a/ownCloudSDK/Connection/OCConnection.h b/ownCloudSDK/Connection/OCConnection.h index 4c67b6db..9a53c478 100644 --- a/ownCloudSDK/Connection/OCConnection.h +++ b/ownCloudSDK/Connection/OCConnection.h @@ -474,6 +474,7 @@ extern OCClassSettingsKey OCConnectionPlainHTTPPolicy; //!< Either "warn" (for O extern OCClassSettingsKey OCConnectionAlwaysRequestPrivateLink; //!< Controls whether private links are requested with regular PROPFINDs. extern OCClassSettingsKey OCConnectionTransparentTemporaryRedirect; //!< Allows (TRUE) transparent handling of 307 redirects at the HTTP pipeline level. extern OCClassSettingsKey OCConnectionValidatorFlags; //!< Allows fine-tuning the behavior of the connection validator. +extern OCClassSettingsKey OCConnectionBlockPasswordRemovalDefault; //!< Controls the value of the `block_password_removal`-based capabilities if the server provides no value for it. This controls whether passwords can be removed from an existing link even though passwords need to be enforced on creation as per capabilities. extern OCConnectionOptionKey OCConnectionOptionRequestObserverKey; extern OCConnectionOptionKey OCConnectionOptionLastModificationDateKey; //!< Last modification date for uploads diff --git a/ownCloudSDK/Connection/OCConnection.m b/ownCloudSDK/Connection/OCConnection.m index b99c3f4a..91bfd337 100644 --- a/ownCloudSDK/Connection/OCConnection.m +++ b/ownCloudSDK/Connection/OCConnection.m @@ -111,7 +111,8 @@ + (OCClassSettingsIdentifier)classSettingsIdentifier OCConnectionPlainHTTPPolicy, OCConnectionAlwaysRequestPrivateLink, OCConnectionTransparentTemporaryRedirect, - OCConnectionValidatorFlags + OCConnectionValidatorFlags, + OCConnectionBlockPasswordRemovalDefault ]); } @@ -154,7 +155,8 @@ + (OCClassSettingsIdentifier)classSettingsIdentifier OCConnectionAllowCellular : @(YES), OCConnectionPlainHTTPPolicy : @"warn", OCConnectionAlwaysRequestPrivateLink : @(NO), - OCConnectionTransparentTemporaryRedirect : @(NO) + OCConnectionTransparentTemporaryRedirect : @(NO), + OCConnectionBlockPasswordRemovalDefault : @(YES) }); } @@ -349,6 +351,14 @@ + (OCClassSettingsMetadataCollection)classSettingsMetadata OCClassSettingsMetadataKeyCategory : @"Security", OCClassSettingsMetadataKeyFlags : @(OCClassSettingsFlagDenyUserPreferences) }, + + OCConnectionBlockPasswordRemovalDefault : @{ + OCClassSettingsMetadataKeyType : OCClassSettingsMetadataTypeBoolean, + OCClassSettingsMetadataKeyDescription : @"If a server does not provide `block_password_removal` information as part of its capabilities, this option provides the fallback value controlling whether passwords can (value: false) or can not (value: true) be removed from an existing link even if capabilities otherwise indicate passwords need to be enforced for links.", + OCClassSettingsMetadataKeyStatus : OCClassSettingsKeyStatusAdvanced, + OCClassSettingsMetadataKeyCategory : @"Security", + OCClassSettingsMetadataKeyFlags : @(OCClassSettingsFlagDenyUserPreferences) + } }); } @@ -3400,6 +3410,7 @@ - (NSError *)sendSynchronousRequest:(OCHTTPRequest *)request OCClassSettingsKey OCConnectionAlwaysRequestPrivateLink = @"always-request-private-link"; OCClassSettingsKey OCConnectionTransparentTemporaryRedirect = @"transparent-temporary-redirect"; OCClassSettingsKey OCConnectionValidatorFlags = @"validator-flags"; +OCClassSettingsKey OCConnectionBlockPasswordRemovalDefault = @"block-password-removal-default"; OCConnectionOptionKey OCConnectionOptionRequestObserverKey = @"request-observer"; OCConnectionOptionKey OCConnectionOptionLastModificationDateKey = @"last-modification-date";