From 20026faac2f5e900d58d430ab631cb9845f64ff1 Mon Sep 17 00:00:00 2001 From: David Christofas Date: Wed, 21 Sep 2022 17:11:26 +0200 Subject: [PATCH] fix wopi access to publicly shared files --- changelog/unreleased/wopi-public-share.md | 6 ++++++ go.mod | 2 +- go.sum | 4 ++-- services/proxy/pkg/middleware/public_share_auth.go | 11 ++++++++++- 4 files changed, 19 insertions(+), 4 deletions(-) create mode 100644 changelog/unreleased/wopi-public-share.md diff --git a/changelog/unreleased/wopi-public-share.md b/changelog/unreleased/wopi-public-share.md new file mode 100644 index 000000000..bacb94009 --- /dev/null +++ b/changelog/unreleased/wopi-public-share.md @@ -0,0 +1,6 @@ +Bugfix: Fix wopi access to public shares + +I've added a request check to the public share authenticator middleware to allow wopi to access public shares. + +https://github.com/owncloud/ocis/pull/4631 +https://github.com/owncloud/ocis/issues/4382 diff --git a/go.mod b/go.mod index 2a6592b6d..1c44ec513 100644 --- a/go.mod +++ b/go.mod @@ -12,7 +12,7 @@ require ( github.com/blevesearch/bleve_index_api v1.0.3 github.com/coreos/go-oidc/v3 v3.4.0 github.com/cs3org/go-cs3apis v0.0.0-20220818202316-e92afdddac6d - github.com/cs3org/reva/v2 v2.10.1-0.20220921105358-a098879574c0 + github.com/cs3org/reva/v2 v2.10.1-0.20220921203558-038b633f66ad github.com/disintegration/imaging v1.6.2 github.com/ggwhite/go-masker v1.0.9 github.com/go-chi/chi/v5 v5.0.7 diff --git a/go.sum b/go.sum index 2dd7086e9..52c574b64 100644 --- a/go.sum +++ b/go.sum @@ -292,8 +292,8 @@ github.com/crewjam/saml v0.4.6 h1:XCUFPkQSJLvzyl4cW9OvpWUbRf0gE7VUpU8ZnilbeM4= github.com/crewjam/saml v0.4.6/go.mod h1:ZBOXnNPFzB3CgOkRm7Nd6IVdkG+l/wF+0ZXLqD96t1A= github.com/cs3org/go-cs3apis v0.0.0-20220818202316-e92afdddac6d h1:toyZ7IsXlUdEPZ/IG8fg7hbM8HcLPY0bkX4FKBmgLVI= github.com/cs3org/go-cs3apis v0.0.0-20220818202316-e92afdddac6d/go.mod h1:UXha4TguuB52H14EMoSsCqDj7k8a/t7g4gVP+bgY5LY= -github.com/cs3org/reva/v2 v2.10.1-0.20220921105358-a098879574c0 h1:imOxcw4kha2WlNGOyBN7FbiAL4zQSlrdeqaNh5ZbeJ4= -github.com/cs3org/reva/v2 v2.10.1-0.20220921105358-a098879574c0/go.mod h1:+BYVpRV8g1hL8wF3+3BunL9BKPsXVyJYmH8COxq/V7Y= +github.com/cs3org/reva/v2 v2.10.1-0.20220921203558-038b633f66ad h1:ug56A+3gPrzBaR1hyKj93vJ+CSZjMx80I8WBourC3a0= +github.com/cs3org/reva/v2 v2.10.1-0.20220921203558-038b633f66ad/go.mod h1:+BYVpRV8g1hL8wF3+3BunL9BKPsXVyJYmH8COxq/V7Y= github.com/cubewise-code/go-mime v0.0.0-20200519001935-8c5762b177d8 h1:Z9lwXumT5ACSmJ7WGnFl+OMLLjpz5uR2fyz7dC255FI= github.com/cubewise-code/go-mime v0.0.0-20200519001935-8c5762b177d8/go.mod h1:4abs/jPXcmJzYoYGF91JF9Uq9s/KL5n1jvFDix8KcqY= github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV+0YP4qX0UQ7r2MoYZ+AvYDp12OF5yg4q8rGnyNh4= diff --git a/services/proxy/pkg/middleware/public_share_auth.go b/services/proxy/pkg/middleware/public_share_auth.go index bb53ecfa2..0f7d8004c 100644 --- a/services/proxy/pkg/middleware/public_share_auth.go +++ b/services/proxy/pkg/middleware/public_share_auth.go @@ -38,9 +38,18 @@ func isPublicShareArchive(r *http.Request) bool { return false } +// The app open requests can be made in public share contexts. For that the PublicShareAuthenticator needs to +// augment the request context. +// The app open requests can also be made in authenticated context. In these cases the PublicShareAuthenticator +// needs to ignore the request. +func isPublicShareAppOpen(r *http.Request) bool { + return strings.HasPrefix(r.URL.Path, "/app/open") && + (r.URL.Query().Get(headerShareToken) != "" || r.Header.Get(headerShareToken) != "") +} + // Authenticate implements the authenticator interface to authenticate requests via public share auth. func (a PublicShareAuthenticator) Authenticate(r *http.Request) (*http.Request, bool) { - if !isPublicPath(r.URL.Path) && !isPublicShareArchive(r) { + if !isPublicPath(r.URL.Path) && !isPublicShareArchive(r) && !isPublicShareAppOpen(r) { return nil, false }