Bump reva to v2.19.5

For https://github.com/cs3org/reva/pull/4634
2025-12-31 01:10:20 -06:00 · 2024-04-16 17:20:29 +02:00
parent 6df5f45c0e
commit 042ec41edd
10 changed files with 40 additions and 24 deletions
--- a/go.mod
+++ b/go.mod
@@ -13,7 +13,7 @@ require (
 	github.com/cenkalti/backoff v2.2.1+incompatible
 	github.com/coreos/go-oidc/v3 v3.9.0
 	github.com/cs3org/go-cs3apis v0.0.0-20231023073225-7748710e0781
-	github.com/cs3org/reva/v2 v2.19.4
+	github.com/cs3org/reva/v2 v2.19.5
 	github.com/dhowden/tag v0.0.0-20230630033851-978a0926ee25
 	github.com/disintegration/imaging v1.6.2
 	github.com/dutchcoders/go-clamd v0.0.0-20170520113014-b970184f4d9e
--- a/go.sum
+++ b/go.sum
@@ -1019,8 +1019,8 @@ github.com/crewjam/saml v0.4.14 h1:g9FBNx62osKusnFzs3QTN5L9CVA/Egfgm+stJShzw/c=
 github.com/crewjam/saml v0.4.14/go.mod h1:UVSZCf18jJkk6GpWNVqcyQJMD5HsRugBPf4I1nl2mME=
 github.com/cs3org/go-cs3apis v0.0.0-20231023073225-7748710e0781 h1:BUdwkIlf8IS2FasrrPg8gGPHQPOrQ18MS1Oew2tmGtY=
 github.com/cs3org/go-cs3apis v0.0.0-20231023073225-7748710e0781/go.mod h1:UXha4TguuB52H14EMoSsCqDj7k8a/t7g4gVP+bgY5LY=
-github.com/cs3org/reva/v2 v2.19.4 h1:gOcV6cgV+es624ckLUkXWL9mbHZpPXEgsa83/YA6WYA=
-github.com/cs3org/reva/v2 v2.19.4/go.mod h1:GRUrOp5HbFVwZTgR9bVrMZ/MvVy+Jhxw1PdMmhhKP9E=
+github.com/cs3org/reva/v2 v2.19.5 h1:Qh38wpPovnb0jPpgGR6L6HfbQ8vwObcrB8yUCRJldSw=
+github.com/cs3org/reva/v2 v2.19.5/go.mod h1:GRUrOp5HbFVwZTgR9bVrMZ/MvVy+Jhxw1PdMmhhKP9E=
 github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV+0YP4qX0UQ7r2MoYZ+AvYDp12OF5yg4q8rGnyNh4=
 github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg=
 github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=
--- a/vendor/github.com/cs3org/reva/v2/internal/grpc/interceptors/auth/scope.go
+++ b/vendor/github.com/cs3org/reva/v2/internal/grpc/interceptors/auth/scope.go
@@ -264,7 +264,15 @@ func checkIfNestedResource(ctx context.Context, ref *provider.Reference, parent
 	if statResponse.Status.Code != rpc.Code_CODE_OK {
 		return false, statuspkg.NewErrorFromCode(statResponse.Status.Code, "auth interceptor")
 	}
-	parentPath := statResponse.Info.Path
+
+	pathResp, err := client.GetPath(ctx, &provider.GetPathRequest{ResourceId: statResponse.GetInfo().GetId()})
+	if err != nil {
+		return false, err
+	}
+	if pathResp.Status.Code != rpc.Code_CODE_OK {
+		return false, statuspkg.NewErrorFromCode(pathResp.Status.Code, "auth interceptor")
+	}
+	parentPath := pathResp.Path

 	childPath := ref.GetPath()
 	if childPath != "" && childPath != "." && strings.HasPrefix(childPath, parentPath) {
@@ -308,7 +316,7 @@ func checkIfNestedResource(ctx context.Context, ref *provider.Reference, parent
 	if childStat.Status.Code != rpc.Code_CODE_OK {
 		return false, statuspkg.NewErrorFromCode(childStat.Status.Code, "auth interceptor")
 	}
-	pathResp, err := client.GetPath(ctx, &provider.GetPathRequest{ResourceId: childStat.GetInfo().GetId()})
+	pathResp, err = client.GetPath(ctx, &provider.GetPathRequest{ResourceId: childStat.GetInfo().GetId()})
 	if err != nil {
 		return false, err
 	}
--- a/vendor/github.com/cs3org/reva/v2/internal/grpc/services/publicshareprovider/publicshareprovider.go
+++ b/vendor/github.com/cs3org/reva/v2/internal/grpc/services/publicshareprovider/publicshareprovider.go
@@ -554,12 +554,24 @@ func (s *service) UpdatePublicShare(ctx context.Context, req *link.UpdatePublicS
 	}
 	updatePassword := req.GetUpdate().GetType() == link.UpdatePublicShareRequest_Update_TYPE_PASSWORD
 	setPassword := grant.GetPassword()
+
+	// we update permissions with an empty password and password is not set on the public share
+	emptyPasswordInPermissionUpdate := len(setPassword) == 0 && updatePermissions && !ps.PasswordProtected
+
+	// password is updated, we use the current permissions to check if the user can opt out
 	if updatePassword && !isInternalLink && enforcePassword(canOptOut, ps.GetPermissions().GetPermissions(), s.conf) && len(setPassword) == 0 {
 		return &link.UpdatePublicShareResponse{
 			Status: status.NewInvalidArg(ctx, "password protection is enforced"),
 		}, nil
 	}

+	// permissions are updated, we use the new permissions to check if the user can opt out
+	if emptyPasswordInPermissionUpdate && !isInternalLink && enforcePassword(canOptOut, grant.GetPermissions().GetPermissions(), s.conf) && len(setPassword) == 0 {
+		return &link.UpdatePublicShareResponse{
+			Status: status.NewInvalidArg(ctx, "password protection is enforced"),
+		}, nil
+	}
+
 	// validate password policy
 	if updatePassword && len(setPassword) > 0 {
 		if err := s.passwordValidator.Validate(setPassword); err != nil {
--- a/vendor/github.com/cs3org/reva/v2/internal/http/services/archiver/manager/archiver.go
+++ b/vendor/github.com/cs3org/reva/v2/internal/http/services/archiver/manager/archiver.go
@@ -29,6 +29,7 @@ import (
 	provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
 	"github.com/cs3org/reva/v2/pkg/storage/utils/downloader"
 	"github.com/cs3org/reva/v2/pkg/storage/utils/walker"
+	"github.com/cs3org/reva/v2/pkg/utils"
 )

 // Config is the config for the Archiver
@@ -77,7 +78,7 @@ func (a *Archiver) CreateTar(ctx context.Context, dst io.Writer) (func(), error)
 			}

 			// when archiving a space we can omit the spaceroot
-			if isSpaceRoot(info) {
+			if utils.IsSpaceRoot(info) {
 				return nil
 			}

@@ -152,7 +153,7 @@ func (a *Archiver) CreateZip(ctx context.Context, dst io.Writer) (func(), error)
 			}

 			// when archiving a space we can omit the spaceroot
-			if isSpaceRoot(info) {
+			if utils.IsSpaceRoot(info) {
 				return nil
 			}

@@ -205,9 +206,3 @@ func (a *Archiver) CreateZip(ctx context.Context, dst io.Writer) (func(), error)
 	}
 	return closer, nil
 }
-
-func isSpaceRoot(info *provider.ResourceInfo) bool {
-	f := info.GetId()
-	s := info.GetSpace().GetRoot()
-	return f.GetOpaqueId() == s.GetOpaqueId() && f.GetSpaceId() == s.GetSpaceId()
-}
--- a/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav/copy.go
+++ b/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav/copy.go
@@ -610,7 +610,7 @@ func (s *svc) prepareCopy(ctx context.Context, w http.ResponseWriter, r *http.Re
 		errors.HandleErrorStatus(log, w, srcStatRes.Status)
 		return nil
 	}
-	if isSpaceRoot(srcStatRes.GetInfo()) {
+	if utils.IsSpaceRoot(srcStatRes.GetInfo()) {
 		log.Error().Msg("the source is disallowed")
 		w.WriteHeader(http.StatusBadRequest)
 		return nil
@@ -632,7 +632,7 @@ func (s *svc) prepareCopy(ctx context.Context, w http.ResponseWriter, r *http.Re
 	if dstStatRes.Status.Code == rpc.Code_CODE_OK {
 		successCode = http.StatusNoContent // 204 if target already existed, see https://tools.ietf.org/html/rfc4918#section-9.8.5

-		if isSpaceRoot(dstStatRes.GetInfo()) {
+		if utils.IsSpaceRoot(dstStatRes.GetInfo()) {
 			log.Error().Msg("overwriting is not allowed")
 			w.WriteHeader(http.StatusBadRequest)
 			return nil
--- a/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav/move.go
+++ b/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav/move.go
@@ -196,7 +196,7 @@ func (s *svc) handleMove(ctx context.Context, w http.ResponseWriter, r *http.Req
 		errors.HandleErrorStatus(&log, w, srcStatRes.Status)
 		return
 	}
-	if isSpaceRoot(srcStatRes.GetInfo()) {
+	if utils.IsSpaceRoot(srcStatRes.GetInfo()) {
 		log.Error().Msg("the source is disallowed")
 		w.WriteHeader(http.StatusBadRequest)
 		return
@@ -219,7 +219,7 @@ func (s *svc) handleMove(ctx context.Context, w http.ResponseWriter, r *http.Req
 	if dstStatRes.Status.Code == rpc.Code_CODE_OK {
 		successCode = http.StatusNoContent // 204 if target already existed, see https://tools.ietf.org/html/rfc4918#section-9.9.4

-		if isSpaceRoot(dstStatRes.GetInfo()) {
+		if utils.IsSpaceRoot(dstStatRes.GetInfo()) {
 			log.Error().Msg("overwriting is not allowed")
 			w.WriteHeader(http.StatusBadRequest)
 			return
--- a/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav/ocdav.go
+++ b/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav/ocdav.go
@@ -418,9 +418,3 @@ func (s *svc) referenceIsChildOf(ctx context.Context, selector pool.Selectable[g
 	pp := path.Join(parentPathRes.Path, parent.Path) + "/"
 	return strings.HasPrefix(cp, pp), nil
 }
-
-func isSpaceRoot(info *provider.ResourceInfo) bool {
-	f := info.GetId()
-	s := info.GetSpace().GetRoot()
-	return f.GetOpaqueId() == s.GetOpaqueId() && f.GetSpaceId() == s.GetSpaceId()
-}
--- a/vendor/github.com/cs3org/reva/v2/pkg/utils/grpc.go
+++ b/vendor/github.com/cs3org/reva/v2/pkg/utils/grpc.go
@@ -201,6 +201,13 @@ func IsStatusCodeError(err error, code rpc.Code) bool {
 	return sce.code == code
 }

+// IsSpaceRoot checks if the given resource info is referring to a space root
+func IsSpaceRoot(ri *storageprovider.ResourceInfo) bool {
+	f := ri.GetId()
+	s := ri.GetSpace().GetRoot()
+	return f.GetOpaqueId() == s.GetOpaqueId() && f.GetSpaceId() == s.GetSpaceId()
+}
+
 func checkStatusCode(reason string, code rpc.Code) error {
 	if code == rpc.Code_CODE_OK {
 		return nil
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -359,7 +359,7 @@ github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1
 github.com/cs3org/go-cs3apis/cs3/storage/registry/v1beta1
 github.com/cs3org/go-cs3apis/cs3/tx/v1beta1
 github.com/cs3org/go-cs3apis/cs3/types/v1beta1
-# github.com/cs3org/reva/v2 v2.19.4
+# github.com/cs3org/reva/v2 v2.19.5
 ## explicit; go 1.21
 github.com/cs3org/reva/v2/cmd/revad/internal/grace
 github.com/cs3org/reva/v2/cmd/revad/runtime