diff options
| author | Julius Härtl <jus@bitgrid.net> | 2021-03-04 10:21:54 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-03-04 10:21:54 +0300 |
| commit | 2ca896a05c1d3e637e6b94992c86756a98f01acd (patch) | |
| tree | b0ff9efbb55b04f4fa14a24c181fd374359e6380 /lib | |
| parent | 8f0937eae2ab1fe616cd7d1b3d3512fb1fe3ed65 (diff) | |
| parent | ffd467b82f3be6a7e782498639f40fb0556bc922 (diff) | |
Merge pull request #1396 from mpk-software/bugfix/avoid-per-user-encryption-issue
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/Controller/WopiController.php | 51 |
1 files changed, 39 insertions, 12 deletions
diff --git a/lib/Controller/WopiController.php b/lib/Controller/WopiController.php index 0fbc5ef3..1449844e 100644 --- a/lib/Controller/WopiController.php +++ b/lib/Controller/WopiController.php @@ -22,17 +22,20 @@ namespace OCA\Richdocuments\Controller; use OC\Files\View; -use OCA\Richdocuments\Db\Wopi; use OCA\Richdocuments\AppConfig; +use OCA\Richdocuments\Db\Wopi; use OCA\Richdocuments\Db\WopiMapper; +use OCA\Richdocuments\Helper; use OCA\Richdocuments\Service\UserScopeService; use OCA\Richdocuments\TemplateManager; use OCA\Richdocuments\TokenManager; -use OCA\Richdocuments\Helper; use OCP\AppFramework\Controller; use OCP\AppFramework\Db\DoesNotExistException; use OCP\AppFramework\Http; use OCP\AppFramework\Http\JSONResponse; +use OCP\AppFramework\Http\StreamResponse; +use OCP\AppFramework\QueryException; +use OCP\Encryption\IManager as IEncryptionManager; use OCP\Files\File; use OCP\Files\Folder; use OCP\Files\GenericFileException; @@ -45,11 +48,10 @@ use OCP\IConfig; use OCP\ILogger; use OCP\IRequest; use OCP\IURLGenerator; -use OCP\AppFramework\Http\StreamResponse; use OCP\IUserManager; use OCP\Lock\LockedException; use OCP\Share\Exceptions\ShareNotFound; -use OCP\Share\IManager; +use OCP\Share\IManager as IShareManager; class WopiController extends Controller { /** @var IRootFolder */ @@ -70,10 +72,12 @@ class WopiController extends Controller { private $logger; /** @var TemplateManager */ private $templateManager; - /** @var IManager */ + /** @var IShareManager */ private $shareManager; /** @var UserScopeService */ private $userScopeService; + /** @var IEncryptionManager */ + private $encryptionManager; // Signifies LOOL that document has been changed externally in this storage const LOOL_STATUS_DOC_CHANGED = 1010; @@ -84,11 +88,15 @@ class WopiController extends Controller { * @param IRootFolder $rootFolder * @param IURLGenerator $urlGenerator * @param IConfig $config + * @param AppConfig $appConfig * @param TokenManager $tokenManager * @param IUserManager $userManager * @param WopiMapper $wopiMapper * @param ILogger $logger * @param TemplateManager $templateManager + * @param IShareManager $shareManager + * @param UserScopeService $userScopeService + * @param IEncryptionManager $encryptionManager */ public function __construct( $appName, @@ -102,8 +110,9 @@ class WopiController extends Controller { WopiMapper $wopiMapper, ILogger $logger, TemplateManager $templateManager, - IManager $shareManager, - UserScopeService $userScopeService + IShareManager $shareManager, + UserScopeService $userScopeService, + IEncryptionManager $encryptionManager ) { parent::__construct($appName, $request); $this->rootFolder = $rootFolder; @@ -117,6 +126,7 @@ class WopiController extends Controller { $this->templateManager = $templateManager; $this->shareManager = $shareManager; $this->userScopeService = $userScopeService; + $this->encryptionManager = $encryptionManager; } /** @@ -172,7 +182,7 @@ class WopiController extends Controller { 'UserExtraInfo' => [ ], 'UserCanWrite' => (bool)$wopi->getCanwrite(), - 'UserCanNotWriteRelative' => \OC::$server->getEncryptionManager()->isEnabled() || $isPublic, + 'UserCanNotWriteRelative' => $this->encryptionManager->isEnabled() || $isPublic, 'PostMessageOrigin' => $wopi->getServerHost(), 'LastModifiedTime' => Helper::toISO8601($file->getMTime()), 'SupportsRename' => !$isVersion, @@ -396,16 +406,21 @@ class WopiController extends Controller { $access_token) { list($fileId, ,) = Helper::parseFileId($fileId); $isPutRelative = ($this->request->getHeader('X-WOPI-Override') === 'PUT_RELATIVE'); - $isRenameFile = ($this->request->getHeader('X-WOPI-Override') === 'RENAME_FILE'); $wopi = $this->wopiMapper->getWopiForToken($access_token); if (!$wopi->getCanwrite()) { return new JSONResponse([], Http::STATUS_FORBIDDEN); } - // Set the user to register the change under his name - $this->userScopeService->setUserScope($wopi->getUserForFileAccess()); - $this->userScopeService->setFilesystemScope($isPutRelative ? $wopi->getEditorUid() : $wopi->getUserForFileAccess()); + if (!$this->encryptionManager->isEnabled() || $this->isMasterKeyEnabled()) { + // Set the user to register the change under his name + $this->userScopeService->setUserScope($wopi->getUserForFileAccess()); + $this->userScopeService->setFilesystemScope($isPutRelative ? $wopi->getEditorUid() : $wopi->getUserForFileAccess()); + } else { + // Per-user encryption is enabled so that collabora isn't able to store the file by using the + // user's private key. Because of that we have to use the incognito mode for writing the file. + \OC_User::setIncognitoMode(true); + } try { if ($isPutRelative) { @@ -714,4 +729,16 @@ class WopiController extends Controller { } } + /** + * Check if the encryption module uses a master key. + */ + private function isMasterKeyEnabled(): bool { + try { + $util = \OC::$server->query(\OCA\Encryption\Util::class); + return $util->isMasterKeyEnabled(); + } catch (QueryException $e) { + // No encryption module enabled + return false; + } + } } |