Add API to set the guest name for an existing WOPI token

Signed-off-by: Julius Härtl <jus@bitgrid.net>

6 files changed, 75 insertions, 34 deletions

diff --git a/lib/Controller/DocumentController.php b/lib/Controller/DocumentController.php
index 664d17a3..bca32ffa 100644
--- a/lib/Controller/DocumentController.php
+++ b/lib/Controller/DocumentController.php
@@ -360,11 +360,9 @@ class DocumentController extends Controller {
 					'userId' => $this->uid,
 				];
 
-				if ($this->uid !== null || ($share->getPermissions() & \OCP\Constants::PERMISSION_UPDATE) === 0 || $this->helper->getGuestName() !== null) {
-					list($urlSrc, $token) = $this->tokenManager->getToken($item->getId(), $shareToken, $this->uid);
-					$params['token'] = $token;
-					$params['urlsrc'] = $urlSrc;
-				}
+				list($urlSrc, $token) = $this->tokenManager->getToken($item->getId(), $shareToken, $this->uid);
+				$params['token'] = $token;
+				$params['urlsrc'] = $urlSrc;
 
 				$response = new TemplateResponse('richdocuments', 'documents', $params, 'base');
 				$this->setupPolicy($response);
diff --git a/lib/Controller/OCSController.php b/lib/Controller/OCSController.php
index d1eb7181..52bcaa88 100644
--- a/lib/Controller/OCSController.php
+++ b/lib/Controller/OCSController.php
@@ -24,9 +24,12 @@
 namespace OCA\Richdocuments\Controller;
 
 use OCA\Richdocuments\Db\DirectMapper;
+use OCA\Richdocuments\Db\Wopi;
+use OCA\Richdocuments\Helper;
 use OCA\Richdocuments\Service\FederationService;
 use OCA\Richdocuments\TemplateManager;
 use OCA\Richdocuments\TokenManager;
+use OCP\AppFramework\Db\DoesNotExistException;
 use OCP\AppFramework\Http;
 use OCP\AppFramework\Http\DataResponse;
 use OCP\AppFramework\OCS\OCSBadRequestException;
@@ -150,16 +153,22 @@ class OCSController extends \OCP\AppFramework\OCSController {
 			$wopi = $this->tokenManager->newInitiatorToken($host, null, $shareToken, true, $this->userId);
 
 			$client = \OC::$server->getHTTPClientService()->newClient();
-			$response = $client->post(rtrim($host, '/') . '/ocs/v2.php/apps/richdocuments/api/v1/direct/share/initiator?format=json', [
-				'body' => [
-					'initiatorServer' => \OC::$server->getURLGenerator()->getAbsoluteURL(''),
-					'initiatorToken' => $wopi->getToken(),
-					'shareToken' => $shareToken,
-					'path' => $path,
-					'password' => $password
-				],
-				'timeout' => 30
-			]);
+			try {
+				$response = $client->post(rtrim($host, '/') . '/ocs/v2.php/apps/richdocuments/api/v1/direct/share/initiator?format=json', [
+					'body' => [
+						'initiatorServer' => \OC::$server->getURLGenerator()->getAbsoluteURL(''),
+						'initiatorToken' => $wopi->getToken(),
+						'shareToken' => $shareToken,
+						'path' => $path,
+						'password' => $password
+					],
+					'timeout' => 30
+				]);
+			} catch (\Exception $e) {
+				$response = new DataResponse([], HTTP::STATUS_FORBIDDEN);
+				$response->throttle();
+				return $response;
+			}
 			$url = \json_decode($response->getBody(), true)['ocs']['data']['url'];
 
 			return new DataResponse([
@@ -246,6 +255,24 @@ class OCSController extends \OCP\AppFramework\OCSController {
 	}
 
 	/**
+	 * Generate a direct editing link for a file in a public share to open with the current user
+	 *
+	 * @NoAdminRequired
+	 * @BruteForceProtection(action=richdocumentsCreatePublic)
+	 * @PublicPage
+	 */
+	public function updateGuestName(string $access_token, string $guestName): DataResponse {
+		try {
+			$this->tokenManager->updateGuestName($access_token, $guestName);
+			return new DataResponse([], Http::STATUS_OK);
+		} catch (DoesNotExistException $e) {
+			$response = new DataResponse([], Http::STATUS_FORBIDDEN);
+			$response->throttle();
+			return $response;
+		}
+	}
+
+	/**
 	 * @NoAdminRequired
 	 *
 	 * @param string $type The template type
diff --git a/lib/Controller/WopiController.php b/lib/Controller/WopiController.php
index 20cec6d9..d01db98f 100644
--- a/lib/Controller/WopiController.php
+++ b/lib/Controller/WopiController.php
@@ -271,7 +271,7 @@ class WopiController extends Controller {
 			return $response;
 		}
 
-		$response['UserFriendlyName'] = $initiator->getGuestDisplayname() . ' (Guest)';
+		$response['UserFriendlyName'] = $this->tokenManager->prepareGuestName($initiator->getGuestDisplayname());
 		if ($initiator->hasTemplateId()) {
 			$templateUrl = $wopi->getRemoteServer() . '/index.php/apps/richdocuments/wopi/template/' . $initiator->getTemplateId() . '?access_token=' . $initiator->getToken();
 			$response['TemplateSource'] = $templateUrl;
diff --git a/lib/Db/Wopi.php b/lib/Db/Wopi.php
index 11d7d4ed..31250603 100644
--- a/lib/Db/Wopi.php
+++ b/lib/Db/Wopi.php
@@ -51,7 +51,7 @@ use OCP\AppFramework\Db\Entity;
  * @method string getRemoteServerToken()
  * @method void setExpiry(int $expiry)
  * @method int getExpiry()
- * @method void setGuestDisplayname(string $token)
+ * @method void setGuestDisplayname(string $guestDisplayName)
  * @method string getGuestDisplayname()
  * @method void setTemplateDestination(int $fileId)
  * @method int getTemplateDestination()
diff --git a/lib/Helper.php b/lib/Helper.php
index aa48dc35..6b96d3a7 100644
--- a/lib/Helper.php
+++ b/lib/Helper.php
@@ -82,7 +82,7 @@ class Helper {
 		return $filename;
 	}
 
-	public function getGuestName() {
+	public function getGuestNameFromCookie() {
 		if ($this->userId !== null || !isset($_COOKIE['guestUser']) || $_COOKIE['guestUser'] === '') {
 			return null;
 		}
diff --git a/lib/TokenManager.php b/lib/TokenManager.php
index 8c563f73..1ad20db8 100644
--- a/lib/TokenManager.php
+++ b/lib/TokenManager.php
@@ -21,11 +21,14 @@
 
 namespace OCA\Richdocuments;
 
+use InvalidArgumentException;
 use OCA\Richdocuments\Db\Direct;
 use OCA\Richdocuments\Db\WopiMapper;
 use OCA\Richdocuments\Db\Wopi;
 use OCA\Richdocuments\Service\CapabilitiesService;
 use OCA\Richdocuments\WOPI\Parser;
+use OCP\AppFramework\Db\DoesNotExistException;
+use OCP\AppFramework\Http\DataResponse;
 use OCP\Constants;
 use OCP\Files\File;
 use OCP\Files\ForbiddenException;
@@ -192,22 +195,7 @@ class TokenManager {
 		fclose($fp);
 
 		$serverHost = $this->urlGenerator->getAbsoluteURL('/');
-
-		$guestName = null;
-		if ($this->userId === null) {
-			if ($guestName = $this->helper->getGuestName()) {
-				$guestName = $this->trans->t('%s (Guest)', Util::sanitizeHTML($guestName));
-				$cut = 56;
-				while (mb_strlen($guestName) >= 64) {
-					$guestName = $this->trans->t('%s (Guest)', Util::sanitizeHTML(
-						mb_substr($guestName, 0, $cut)
-					));
-					$cut -= 5;
-				}
-			} else {
-				$guestName = $this->trans->t('Anonymous guest');
-			}
-		}
+		$guestName = $this->userId === null ? $this->prepareGuestName($this->helper->getGuestNameFromCookie()) : null;
 		$wopi = $this->wopiMapper->generateFileToken($fileId, $owneruid, $editoruid, $version, $updatable, $serverHost, $guestName, 0, $hideDownload, $direct, 0, $shareToken);
 
 		return [
@@ -314,4 +302,32 @@ class TokenManager {
 		return $wopi;
 	}
 
+	public function prepareGuestName(string $guestName = null) {
+		if (empty($guestName)) {
+			return $this->trans->t('Anonymous guest');
+		}
+
+		$guestName = $this->trans->t('%s (Guest)', Util::sanitizeHTML($guestName));
+		$cut = 56;
+		while (mb_strlen($guestName) >= 64) {
+			$guestName = $this->trans->t('%s (Guest)', Util::sanitizeHTML(
+				mb_substr($guestName, 0, $cut)
+			));
+			$cut -= 5;
+		}
+
+		return $guestName;
+	}
+
+	/**
+	 * @param string $accessToken
+	 * @param string $guestName
+	 * @throws DoesNotExistException
+	 */
+	public function updateGuestName(string $accessToken, string $guestName) {
+		$wopi = $this->wopiMapper->getWopiForToken($accessToken);
+		$wopi->setGuestDisplayname($this->prepareGuestName($guestName));
+		$this->wopiMapper->update($wopi);
+	}
+
 }