From 31d56c98aa1e1fad7b8060e519af53d394950764 Mon Sep 17 00:00:00 2001
From: ernolf <raphael.gradenwitz@googlemail.com>
Date: Tue, 20 Aug 2024 12:33:28 +0200
Subject: [PATCH] fix(share): Ensure unique share tokens

- check for token collisions and retry up to three times.
- throw after 3 attempts without finding a unique token.

Signed-off-by: ernolf <raphael.gradenwitz@googlemail.com>
---
 lib/private/Share20/Manager.php | 22 +++++++++++++++++-----
 1 file changed, 17 insertions(+), 5 deletions(-)

diff --git a/lib/private/Share20/Manager.php b/lib/private/Share20/Manager.php
index c339d62da14f6..dfca218d54278 100644
--- a/lib/private/Share20/Manager.php
+++ b/lib/private/Share20/Manager.php
@@ -776,13 +776,25 @@ public function createShare(IShare $share) {
 				$this->linkCreateChecks($share);
 				$this->setLinkParent($share);
 
-				// For now ignore a set token.
-				$share->setToken(
-					$this->secureRandom->generate(
+				for ($i = 0; $i <= 3; $i++) {
+					$token = $this->secureRandom->generate(
 						\OC\Share\Constants::TOKEN_LENGTH,
 						\OCP\Security\ISecureRandom::CHAR_HUMAN_READABLE
-					)
-				);
+					);
+
+					try {
+						$this->getShareByToken($token);
+					} catch (\OCP\Share\Exceptions\ShareNotFound $e) {
+						// Set the unique token
+						$share->setToken($token);
+						break;
+					}
+
+					// Abort after 3 failed attempts
+					if ($i >= 3) {
+						throw new \Exception('Unable to generate a unique share token after 3 attempts.');
+					}
+				}
 
 				// Verify the expiration date
 				$share = $this->validateExpirationDateLink($share);