From 6055c1476ce79274c280a1fc0df580719cdb4355 Mon Sep 17 00:00:00 2001 From: Ralf Haferkamp Date: Thu, 20 Mar 2025 15:17:13 +0100 Subject: [PATCH] bump reva to fix app token delete in UI --- go.mod | 2 +- go.sum | 4 ++-- .../reva/v2/pkg/appauth/manager/jsoncs3/jsoncs3.go | 9 +++++++++ vendor/modules.txt | 2 +- 4 files changed, 13 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index 36ae667139..6aca2ced0d 100644 --- a/go.mod +++ b/go.mod @@ -63,7 +63,7 @@ require ( github.com/onsi/ginkgo/v2 v2.23.1 github.com/onsi/gomega v1.36.2 github.com/open-policy-agent/opa v1.2.0 - github.com/opencloud-eu/reva/v2 v2.28.1-0.20250320105919-be91238e6b11 + github.com/opencloud-eu/reva/v2 v2.28.1-0.20250320135948-a946c0d6d289 github.com/orcaman/concurrent-map v1.0.0 github.com/owncloud/libre-graph-api-go v1.0.5-0.20240829135935-80dc00d6f5ea github.com/pkg/errors v0.9.1 diff --git a/go.sum b/go.sum index 60e8a67477..278bfb2255 100644 --- a/go.sum +++ b/go.sum @@ -861,8 +861,8 @@ github.com/onsi/gomega v1.36.2 h1:koNYke6TVk6ZmnyHrCXba/T/MoLBXFjeC1PtvYgw0A8= github.com/onsi/gomega v1.36.2/go.mod h1:DdwyADRjrc825LhMEkD76cHR5+pUnjhUN8GlHlRPHzY= github.com/open-policy-agent/opa v1.2.0 h1:88NDVCM0of1eO6Z4AFeL3utTEtMuwloFmWWU7dRV1z0= github.com/open-policy-agent/opa v1.2.0/go.mod h1:30euUmOvuBoebRCcJ7DMF42bRBOPznvt0ACUMYDUGVY= -github.com/opencloud-eu/reva/v2 v2.28.1-0.20250320105919-be91238e6b11 h1:MjfgrhEs73BezOXQZUgEtNTZsmXDVixFpGzZljR5lrk= -github.com/opencloud-eu/reva/v2 v2.28.1-0.20250320105919-be91238e6b11/go.mod h1:iK0tNdLgqK0zBi0l7Q4uWSn9GPUbYtNxz3YAMfYvYNg= +github.com/opencloud-eu/reva/v2 v2.28.1-0.20250320135948-a946c0d6d289 h1:gg37XG4j3Y7yWLrD+B+2uNQ72g4YasdvpzOKJnuQH1Y= +github.com/opencloud-eu/reva/v2 v2.28.1-0.20250320135948-a946c0d6d289/go.mod h1:iK0tNdLgqK0zBi0l7Q4uWSn9GPUbYtNxz3YAMfYvYNg= github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs= github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc= diff --git a/vendor/github.com/opencloud-eu/reva/v2/pkg/appauth/manager/jsoncs3/jsoncs3.go b/vendor/github.com/opencloud-eu/reva/v2/pkg/appauth/manager/jsoncs3/jsoncs3.go index 2cbe9450b7..9ffc0de7cf 100644 --- a/vendor/github.com/opencloud-eu/reva/v2/pkg/appauth/manager/jsoncs3/jsoncs3.go +++ b/vendor/github.com/opencloud-eu/reva/v2/pkg/appauth/manager/jsoncs3/jsoncs3.go @@ -226,6 +226,15 @@ func (m *manager) InvalidateAppPassword(ctx context.Context, secret string) erro updater := func(a map[string]*apppb.AppPassword) (map[string]*apppb.AppPassword, error) { for key, pw := range a { + // Allow deleting a token using the password hash. This is needed because of + // some shortcomings of the CS3 APIs. On the API level tokens don't have IDs + // ListAppPasswords only returns the hashed password. So allowing to delete + // using the hashed password as the key is the only way to delete tokens for + // which the user does not remember the password. + if secret == pw.Password { + delete(a, key) + return a, nil + } ok, err := argon2id.ComparePasswordAndHash(secret, pw.Password) switch { case err != nil: diff --git a/vendor/modules.txt b/vendor/modules.txt index 4480d4486f..cb06c3a90f 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1191,7 +1191,7 @@ github.com/open-policy-agent/opa/v1/types github.com/open-policy-agent/opa/v1/util github.com/open-policy-agent/opa/v1/util/decoding github.com/open-policy-agent/opa/v1/version -# github.com/opencloud-eu/reva/v2 v2.28.1-0.20250320105919-be91238e6b11 +# github.com/opencloud-eu/reva/v2 v2.28.1-0.20250320135948-a946c0d6d289 ## explicit; go 1.24.1 github.com/opencloud-eu/reva/v2/cmd/revad/internal/grace github.com/opencloud-eu/reva/v2/cmd/revad/runtime