From ac959b19ec62ae6def4d18690f0f4b96bdad3b75 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julius=20H=C3=A4rtl?= Date: Thu, 11 Mar 2021 16:42:32 +0100 Subject: Add token type for WOPI tokens MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Julius Härtl --- lib/Controller/DocumentController.php | 2 +- lib/Db/Wopi.php | 36 +++++++++++++++++++++--- lib/Db/WopiMapper.php | 6 ++-- lib/Migration/Version30717Date20210310164901.php | 34 ++++++++++++++++++++++ lib/TokenManager.php | 25 ++++++++++------ 5 files changed, 87 insertions(+), 16 deletions(-) create mode 100644 lib/Migration/Version30717Date20210310164901.php (limited to 'lib') diff --git a/lib/Controller/DocumentController.php b/lib/Controller/DocumentController.php index 7f40a601..0f6b969a 100644 --- a/lib/Controller/DocumentController.php +++ b/lib/Controller/DocumentController.php @@ -455,7 +455,7 @@ class DocumentController extends Controller { if ($remoteWopi === null) { throw new \Exception('Invalid remote file details for ' . $remoteServerToken); } - $this->tokenManager->updateToRemoteToken($wopi, $shareToken, $remoteServer, $remoteServerToken, $remoteWopi); + $this->tokenManager->updateToFederationToken($wopi, $shareToken, $remoteServer, $remoteServerToken, $remoteWopi); $permissions = $share->getPermissions(); if (!$remoteWopi['canwrite']) { diff --git a/lib/Db/Wopi.php b/lib/Db/Wopi.php index 724580b5..06763687 100644 --- a/lib/Db/Wopi.php +++ b/lib/Db/Wopi.php @@ -51,8 +51,35 @@ use OCP\AppFramework\Db\Entity; * @method int getTemplateDestination() * @method void setTemplateId(int $fileId) * @method int getTemplateId() + * @method void setShare(string $token) */ class Wopi extends Entity { + + /** + * WOPI token to open a file as a user on the current instance + */ + const TOKEN_TYPE_USER = 0; + + /** + * WOPI token to open a file as a guest on the current instance + */ + const TOKEN_TYPE_GUEST = 1; + + /** + * WOPI token to open a file as a user from a federated instane + */ + const TOKEN_TYPE_REMOTE_USER = 2; + + /** + * WOPI token to open a file as a guest from a federated instane + */ + const TOKEN_TYPE_REMOTE_GUEST = 3; + + /* + * Temporary token that is used to share the opener details to a federated instance + */ + const TOKEN_TYPE_FEDERATION = 4; + /** @var string */ protected $ownerUid; @@ -92,9 +119,6 @@ class Wopi extends Entity { /** @var bool */ protected $direct; - /** @var bool */ - protected $isRemoteToken; - /** @var string */ protected $remoteServer; @@ -104,6 +128,9 @@ class Wopi extends Entity { /** @var string */ protected $share; + /** @var int */ + protected $tokenType = 0; + public function __construct() { $this->addType('owner_uid', 'string'); $this->addType('editor_uid', 'string'); @@ -118,6 +145,7 @@ class Wopi extends Entity { $this->addType('templateId', 'int'); $this->addType('hide_download', 'bool'); $this->addType('direct', 'bool'); + $this->addType('tokenType', 'int'); } public function isTemplateToken() { @@ -129,7 +157,7 @@ class Wopi extends Entity { } public function isGuest() { - return $this->getGuestDisplayname() !== null; + return $this->getTokenType() === Wopi::TOKEN_TYPE_GUEST || Wopi::TOKEN_TYPE_REMOTE_GUEST; } public function getUserForFileAccess() { diff --git a/lib/Db/WopiMapper.php b/lib/Db/WopiMapper.php index dbd2f67d..056c6078 100644 --- a/lib/Db/WopiMapper.php +++ b/lib/Db/WopiMapper.php @@ -64,7 +64,7 @@ class WopiMapper extends Mapper { * @param int $templateDestination * @return Wopi */ - public function generateFileToken($fileId, $owner, $editor, $version, $updatable, $serverHost, $guestDisplayname, $templateDestination = 0, $hideDownload = false, $direct = false, $isRemoteToken = false, $templateId = 0, $share = null) { + public function generateFileToken($fileId, $owner, $editor, $version, $updatable, $serverHost, $guestDisplayname, $templateDestination = 0, $hideDownload = false, $direct = false, $templateId = 0, $share = null, $tokenType = Wopi::TOKEN_TYPE_USER) { $token = $this->random->generate(32, ISecureRandom::CHAR_LOWER . ISecureRandom::CHAR_UPPER . ISecureRandom::CHAR_DIGITS); $wopi = Wopi::fromParams([ @@ -80,11 +80,11 @@ class WopiMapper extends Mapper { 'templateDestination' => $templateDestination, 'hideDownload' => $hideDownload, 'direct' => $direct, - 'isRemoteToken' => $isRemoteToken, 'templateId' => $templateId, 'remoteServer' => '', 'remoteServerToken' => '', - 'share' => $share + 'share' => $share, + 'tokenType' => $tokenType ]); /** @var Wopi $wopi */ diff --git a/lib/Migration/Version30717Date20210310164901.php b/lib/Migration/Version30717Date20210310164901.php new file mode 100644 index 00000000..21bb289b --- /dev/null +++ b/lib/Migration/Version30717Date20210310164901.php @@ -0,0 +1,34 @@ +getTable('richdocuments_wopi'); + + if (!$table->hasColumn('token_type')) { + $table->addColumn('token_type', 'integer', [ + 'notnull' => false, + 'length' => 4, + 'default' => 0, + ]); + } + if ($table->hasColumn('is_remote_token')) { + $table->dropColumn('is_remote_token'); + } + + return $schema; + } + +} diff --git a/lib/TokenManager.php b/lib/TokenManager.php index fe273263..5da5c92c 100644 --- a/lib/TokenManager.php +++ b/lib/TokenManager.php @@ -106,7 +106,7 @@ class TokenManager { * @return array * @throws \Exception */ - public function getToken($fileId, $shareToken = null, $editoruid = null, $direct = false, $isRemoteToken = false) { + public function getToken($fileId, $shareToken = null, $editoruid = null, $direct = false) { list($fileId, , $version) = Helper::parseFileId($fileId); $owneruid = null; $hideDownload = false; @@ -209,7 +209,7 @@ class TokenManager { } } - $wopi = $this->wopiMapper->generateFileToken($fileId, $owneruid, $editoruid, $version, $updatable, $serverHost, $guest_name, 0, $hideDownload, $direct, $isRemoteToken, 0, $shareToken); + $wopi = $this->wopiMapper->generateFileToken($fileId, $owneruid, $editoruid, $version, $updatable, $serverHost, $guest_name, 0, $hideDownload, $direct, 0, $shareToken); try { @@ -223,8 +223,17 @@ class TokenManager { } } - public function updateToRemoteToken(Wopi $wopi, $shareToken, $remoteServer, $remoteServerToken, $remoteWopi) { - $uid = $remoteWopi['editorUid'] . '@' . $remoteServer; + /** + * @param Wopi $wopi + * @param $shareToken + * @param $remoteServer + * @param $remoteServerToken + * @param $remoteWopi + * @return Wopi + */ + public function updateToFederationToken(Wopi $wopi, $shareToken, $remoteServer, $remoteServerToken, $remoteWopi) { + // $wopi->setTokenType(Wopi::TOKEN_TYPE_REMOTE_*); + $uid = $remoteWopi['editorUid'] ? ($remoteWopi['editorUid'] . '@' . $remoteServer) : null; $wopi->setEditorUid($shareToken); $wopi->setCanwrite($wopi->getCanwrite() && $remoteWopi['canwrite']); $wopi->setRemoteServer($remoteServer); @@ -283,10 +292,10 @@ class TokenManager { * @return Wopi */ public function getRemoteToken(Node $node) { - list($urlSrc, $token, $wopi) = $this->getToken($node->getId(), null, null, false, true); + list($urlSrc, $token, $wopi) = $this->getToken($node->getId(), null, null, false); $wopi->setIsRemoteToken(true); $wopi->setRemoteServer($node->getStorage()->getRemote()); - + $wopi->setTokenType(Wopi::TOKEN_TYPE_REMOTE_USER); $this->wopiMapper->update($wopi); return $wopi; } @@ -296,10 +305,10 @@ class TokenManager { * @return Wopi */ public function getRemoteTokenFromDirect(Node $node, $editorUid) { - list($urlSrc, $token, $wopi) = $this->getToken($node->getId(), null, $editorUid, true, true); + list($urlSrc, $token, $wopi) = $this->getToken($node->getId(), null, $editorUid, true); $wopi->setIsRemoteToken(true); $wopi->setRemoteServer($node->getStorage()->getRemote()); - + $wopi->setTokenType(Wopi::TOKEN_TYPE_REMOTE_USER); $this->wopiMapper->update($wopi); return $wopi; } -- cgit v1.2.3