Add token type for WOPI tokens

Signed-off-by: Julius Härtl <jus@bitgrid.net>

5 files changed, 87 insertions, 16 deletions

diff --git a/lib/Controller/DocumentController.php b/lib/Controller/DocumentController.php
index 7f40a601..0f6b969a 100644
--- a/lib/Controller/DocumentController.php
+++ b/lib/Controller/DocumentController.php
@@ -455,7 +455,7 @@ class DocumentController extends Controller {
 				if ($remoteWopi === null) {
 					throw new \Exception('Invalid remote file details for ' . $remoteServerToken);
 				}
-				$this->tokenManager->updateToRemoteToken($wopi, $shareToken, $remoteServer, $remoteServerToken, $remoteWopi);
+				$this->tokenManager->updateToFederationToken($wopi, $shareToken, $remoteServer, $remoteServerToken, $remoteWopi);
 
 				$permissions = $share->getPermissions();
 				if (!$remoteWopi['canwrite']) {
diff --git a/lib/Db/Wopi.php b/lib/Db/Wopi.php
index 724580b5..06763687 100644
--- a/lib/Db/Wopi.php
+++ b/lib/Db/Wopi.php
@@ -51,8 +51,35 @@ use OCP\AppFramework\Db\Entity;
  * @method int getTemplateDestination()
  * @method void setTemplateId(int $fileId)
  * @method int getTemplateId()
+ * @method void setShare(string $token)
  */
 class Wopi extends Entity {
+
+	/**
+	 * WOPI token to open a file as a user on the current instance
+	 */
+	const TOKEN_TYPE_USER = 0;
+
+	/**
+	 * WOPI token to open a file as a guest on the current instance
+	 */
+	const TOKEN_TYPE_GUEST = 1;
+
+	/**
+	 * WOPI token to open a file as a user from a federated instane
+	 */
+	const TOKEN_TYPE_REMOTE_USER = 2;
+
+	/**
+	 * WOPI token to open a file as a guest from a federated instane
+	 */
+	const TOKEN_TYPE_REMOTE_GUEST = 3;
+
+	/*
+	 * Temporary token that is used to share the opener details to a federated instance
+	 */
+	const TOKEN_TYPE_FEDERATION = 4;
+
 	/** @var string */
 	protected $ownerUid;
 
@@ -92,9 +119,6 @@ class Wopi extends Entity {
 	/** @var bool */
 	protected $direct;
 
-	/** @var bool */
-	protected $isRemoteToken;
-
 	/** @var string */
 	protected $remoteServer;
 
@@ -104,6 +128,9 @@ class Wopi extends Entity {
 	/** @var string */
 	protected $share;
 
+	/** @var int */
+	protected $tokenType = 0;
+
 	public function __construct() {
 		$this->addType('owner_uid', 'string');
 		$this->addType('editor_uid', 'string');
@@ -118,6 +145,7 @@ class Wopi extends Entity {
 		$this->addType('templateId', 'int');
 		$this->addType('hide_download', 'bool');
 		$this->addType('direct', 'bool');
+		$this->addType('tokenType', 'int');
 	}
 
 	public function isTemplateToken() {
@@ -129,7 +157,7 @@ class Wopi extends Entity {
 	}
 
 	public function isGuest() {
-		return $this->getGuestDisplayname() !== null;
+		return $this->getTokenType() === Wopi::TOKEN_TYPE_GUEST || Wopi::TOKEN_TYPE_REMOTE_GUEST;
 	}
 
 	public function getUserForFileAccess() {
diff --git a/lib/Db/WopiMapper.php b/lib/Db/WopiMapper.php
index dbd2f67d..056c6078 100644
--- a/lib/Db/WopiMapper.php
+++ b/lib/Db/WopiMapper.php
@@ -64,7 +64,7 @@ class WopiMapper extends Mapper {
 	 * @param int $templateDestination
 	 * @return Wopi
 	 */
-	public function generateFileToken($fileId, $owner, $editor, $version, $updatable, $serverHost, $guestDisplayname, $templateDestination = 0, $hideDownload = false, $direct = false, $isRemoteToken = false, $templateId = 0, $share = null) {
+	public function generateFileToken($fileId, $owner, $editor, $version, $updatable, $serverHost, $guestDisplayname, $templateDestination = 0, $hideDownload = false, $direct = false, $templateId = 0, $share = null, $tokenType = Wopi::TOKEN_TYPE_USER) {
 		$token = $this->random->generate(32, ISecureRandom::CHAR_LOWER . ISecureRandom::CHAR_UPPER . ISecureRandom::CHAR_DIGITS);
 
 		$wopi = Wopi::fromParams([
@@ -80,11 +80,11 @@ class WopiMapper extends Mapper {
 			'templateDestination' => $templateDestination,
 			'hideDownload' => $hideDownload,
 			'direct' => $direct,
-			'isRemoteToken' => $isRemoteToken,
 			'templateId' => $templateId,
 			'remoteServer' => '',
 			'remoteServerToken' => '',
-			'share' => $share
+			'share' => $share,
+			'tokenType' => $tokenType
 		]);
 
 		/** @var Wopi $wopi */
diff --git a/lib/Migration/Version30717Date20210310164901.php b/lib/Migration/Version30717Date20210310164901.php
new file mode 100644
index 00000000..21bb289b
--- /dev/null
+++ b/lib/Migration/Version30717Date20210310164901.php
@@ -0,0 +1,34 @@
+<?php
+
+declare(strict_types=1);
+
+namespace OCA\Richdocuments\Migration;
+
+use Closure;
+use OCP\DB\ISchemaWrapper;
+use OCP\Migration\IOutput;
+use OCP\Migration\SimpleMigrationStep;
+
+class Version30717Date20210310164901 extends SimpleMigrationStep {
+
+	public function changeSchema(IOutput $output, Closure $schemaClosure, array $options): ?ISchemaWrapper {
+		/** @var ISchemaWrapper $schema */
+		$schema = $schemaClosure();
+
+		$table = $schema->getTable('richdocuments_wopi');
+
+		if (!$table->hasColumn('token_type')) {
+			$table->addColumn('token_type', 'integer', [
+				'notnull' => false,
+				'length' => 4,
+				'default' => 0,
+			]);
+		}
+		if ($table->hasColumn('is_remote_token')) {
+			$table->dropColumn('is_remote_token');
+		}
+
+		return $schema;
+	}
+
+}
diff --git a/lib/TokenManager.php b/lib/TokenManager.php
index fe273263..5da5c92c 100644
--- a/lib/TokenManager.php
+++ b/lib/TokenManager.php
@@ -106,7 +106,7 @@ class TokenManager {
 	 * @return array
 	 * @throws \Exception
 	 */
-	public function getToken($fileId, $shareToken = null, $editoruid = null, $direct = false, $isRemoteToken = false) {
+	public function getToken($fileId, $shareToken = null, $editoruid = null, $direct = false) {
 		list($fileId, , $version) = Helper::parseFileId($fileId);
 		$owneruid = null;
 		$hideDownload = false;
@@ -209,7 +209,7 @@ class TokenManager {
 			}
 		}
 
-		$wopi = $this->wopiMapper->generateFileToken($fileId, $owneruid, $editoruid, $version, $updatable, $serverHost, $guest_name, 0, $hideDownload, $direct, $isRemoteToken, 0, $shareToken);
+		$wopi = $this->wopiMapper->generateFileToken($fileId, $owneruid, $editoruid, $version, $updatable, $serverHost, $guest_name, 0, $hideDownload, $direct, 0, $shareToken);
 
 		try {
 
@@ -223,8 +223,17 @@ class TokenManager {
 		}
 	}
 
-	public function updateToRemoteToken(Wopi $wopi, $shareToken, $remoteServer, $remoteServerToken, $remoteWopi) {
-		$uid = $remoteWopi['editorUid'] . '@' . $remoteServer;
+	/**
+	 * @param Wopi $wopi
+	 * @param $shareToken
+	 * @param $remoteServer
+	 * @param $remoteServerToken
+	 * @param $remoteWopi
+	 * @return Wopi
+	 */
+	public function updateToFederationToken(Wopi $wopi, $shareToken, $remoteServer, $remoteServerToken, $remoteWopi) {
+		// $wopi->setTokenType(Wopi::TOKEN_TYPE_REMOTE_*);
+		$uid = $remoteWopi['editorUid'] ? ($remoteWopi['editorUid'] . '@' . $remoteServer) : null;
 		$wopi->setEditorUid($shareToken);
 		$wopi->setCanwrite($wopi->getCanwrite() && $remoteWopi['canwrite']);
 		$wopi->setRemoteServer($remoteServer);
@@ -283,10 +292,10 @@ class TokenManager {
 	 * @return Wopi
 	 */
 	public function getRemoteToken(Node $node) {
-		list($urlSrc, $token, $wopi) = $this->getToken($node->getId(), null, null, false, true);
+		list($urlSrc, $token, $wopi) = $this->getToken($node->getId(), null, null, false);
 		$wopi->setIsRemoteToken(true);
 		$wopi->setRemoteServer($node->getStorage()->getRemote());
-
+		$wopi->setTokenType(Wopi::TOKEN_TYPE_REMOTE_USER);
 		$this->wopiMapper->update($wopi);
 		return $wopi;
 	}
@@ -296,10 +305,10 @@ class TokenManager {
 	 * @return Wopi
 	 */
 	public function getRemoteTokenFromDirect(Node $node, $editorUid) {
-		list($urlSrc, $token, $wopi) = $this->getToken($node->getId(), null, $editorUid, true, true);
+		list($urlSrc, $token, $wopi) = $this->getToken($node->getId(), null, $editorUid, true);
 		$wopi->setIsRemoteToken(true);
 		$wopi->setRemoteServer($node->getStorage()->getRemote());
-
+		$wopi->setTokenType(Wopi::TOKEN_TYPE_REMOTE_USER);
 		$this->wopiMapper->update($wopi);
 		return $wopi;
 	}