From f297929952fa70488e53e41fd4533d596c5ff2d5 Mon Sep 17 00:00:00 2001
From: Anna Larch <anna@nextcloud.com>
Date: Fri, 6 Mar 2026 09:53:09 +0100
Subject: [PATCH 1/2] fix: only write activites for actualy public uploads

Currently, any file activity without a proper session is interpreted to be a public upload.
Now, the share token is compared and the activity is only written when the share token belongs to a public folder

Signed-off-by: Anna Larch <anna@nextcloud.com>
---
 lib/CurrentUser.php      | 20 ++++++++++++++++++++
 lib/FilesHooks.php       |  2 +-
 tests/FilesHooksTest.php | 38 ++++++++++++++++++++++++++++++++------
 3 files changed, 53 insertions(+), 7 deletions(-)

diff --git a/lib/CurrentUser.php b/lib/CurrentUser.php
index 47bd9333a..8f5f59aa9 100644
--- a/lib/CurrentUser.php
+++ b/lib/CurrentUser.php
@@ -102,11 +102,31 @@ public function getCloudId() {
 		return $this->cloudId;
 	}
 
+	/**
+	 * Check if the current request is via a public share link
+	 */
+	public function isPublicShareToken(): bool {
+		/** @psalm-suppress NoInterfaceProperties */
+		if (!empty($this->request->server['PHP_AUTH_USER'])) {
+			$token = $this->request->server['PHP_AUTH_USER'];
+			try {
+				$share = $this->shareManager->getShareByToken($token);
+				return $share->getShareType() === IShare::TYPE_LINK
+					|| $share->getShareType() === IShare::TYPE_EMAIL;
+			} catch (ShareNotFound $e) {
+				// No share found for this token
+			}
+		}
+
+		return false;
+	}
+
 	/**
 	 * Get the cloud ID from the sharing token
 	 * @return string|null
 	 */
 	protected function getCloudIDFromToken() {
+		/** @psalm-suppress NoInterfaceProperties */
 		if (!empty($this->request->server['PHP_AUTH_USER'])) {
 			$token = $this->request->server['PHP_AUTH_USER'];
 			/**
diff --git a/lib/FilesHooks.php b/lib/FilesHooks.php
index cbf2a8457..4bc669fd0 100644
--- a/lib/FilesHooks.php
+++ b/lib/FilesHooks.php
@@ -82,7 +82,7 @@ public function fileCreate($path) {
 			return;
 		}
 
-		if ($this->currentUser->getUserIdentifier() !== '') {
+		if ($this->currentUser->getUserIdentifier() !== '' || !$this->currentUser->isPublicShareToken()) {
 			$this->addNotificationsForFileAction($path, Files::TYPE_SHARE_CREATED, 'created_self', 'created_by');
 		} else {
 			$this->addNotificationsForFileAction($path, Files_Sharing::TYPE_PUBLIC_UPLOAD, '', 'created_public');
diff --git a/tests/FilesHooksTest.php b/tests/FilesHooksTest.php
index 90b4dece7..f5e52f1ce 100644
--- a/tests/FilesHooksTest.php
+++ b/tests/FilesHooksTest.php
@@ -167,16 +167,42 @@ protected function getUserMock(string $uid): IUser {
 
 	public static function dataFileCreate(): array {
 		return [
-			['user', 'created_self', 'created_by', Files::TYPE_SHARE_CREATED],
-			['', '', 'created_public', Files_Sharing::TYPE_PUBLIC_UPLOAD],
+			['user', false, 'created_self', 'created_by', Files::TYPE_SHARE_CREATED],
+			['', true, '', 'created_public', Files_Sharing::TYPE_PUBLIC_UPLOAD],
+			['', false, 'created_self', 'created_by', Files::TYPE_SHARE_CREATED],
 		];
 	}
 
 	#[DataProvider('dataFileCreate')]
-	public function testFileCreate(string $currentUser, string $selfSubject, string $othersSubject, string $type): void {
-		$filesHooks = $this->getFilesHooks([
-			'addNotificationsForFileAction',
-		], $currentUser);
+	public function testFileCreate(string $currentUser, bool $isPublicShare, string $selfSubject, string $othersSubject, string $type): void {
+		$currentUserMock = $this->createMock(CurrentUser::class);
+		$currentUserMock->method('getUID')->willReturn($currentUser);
+		$currentUserMock->method('getUserIdentifier')->willReturn($currentUser);
+		$currentUserMock->method('isPublicShareToken')->willReturn($isPublicShare);
+
+		$logger = $this->createMock(LoggerInterface::class);
+
+		$filesHooks = $this->getMockBuilder(FilesHooks::class)
+			->setConstructorArgs([
+				$this->activityManager,
+				$this->data,
+				$this->settings,
+				$this->groupManager,
+				$this->view,
+				$this->rootFolder,
+				$this->shareHelper,
+				Server::get(IDBConnection::class),
+				$this->urlGenerator,
+				$logger,
+				$currentUserMock,
+				$this->userMountCache,
+				$this->config,
+				$this->notificationGenerator,
+				$this->tagManager,
+				$this->teamManager,
+			])
+			->onlyMethods(['addNotificationsForFileAction'])
+			->getMock();
 
 		$filesHooks->expects($this->once())
 			->method('addNotificationsForFileAction')

From b5ed1f9b148aca170923541f5c82f61ca3281a6a Mon Sep 17 00:00:00 2001
From: Anna Larch <anna@nextcloud.com>
Date: Fri, 6 Mar 2026 11:07:55 +0100
Subject: [PATCH 2/2] chore: update psalm baseline

Signed-off-by: Anna Larch <anna@nextcloud.com>
---
 tests/psalm-baseline.xml | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/tests/psalm-baseline.xml b/tests/psalm-baseline.xml
index ca7473aee..083130c8b 100644
--- a/tests/psalm-baseline.xml
+++ b/tests/psalm-baseline.xml
@@ -1,15 +1,10 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="6.12.1@e71404b0465be25cf7f8a631b298c01c5ddd864f">
+<files psalm-version="6.15.1@28dc127af1b5aecd52314f6f645bafc10d0e11f9">
   <file src="lib/BackgroundJob/RemoteActivity.php">
     <UndefinedClass>
       <code><![CDATA[ClientException]]></code>
     </UndefinedClass>
   </file>
-  <file src="lib/CurrentUser.php">
-    <NoInterfaceProperties>
-      <code><![CDATA[$this->request->server]]></code>
-    </NoInterfaceProperties>
-  </file>
   <file src="lib/Data.php">
     <UndefinedDocblockClass>
       <code><![CDATA[$favoriteFilter->filterFavorites($query);]]></code>