Merge pull request #6340 from owncloud/update-reva

[full-ci] update reva to 2.13.3

changelog/unreleased/bump-reva.md

@@ -1,4 +1,18 @@
-Enhancement: Update Reva
+Enhancement: Update Reva to 2.13.3
 
+Changelog for reva 2.13.3 (2023-05-17)
+=======================================
+
+*   Bugfix [cs3org/reva#3890](https://github.com/cs3org/reva/pull/3890): Bring back public link sharing of project space roots
+*   Bugfix [cs3org/reva#3888](https://github.com/cs3org/reva/pull/3888): We fixed a bug that unnecessarily fetched all members of a group
+*   Bugfix [cs3org/reva#3886](https://github.com/cs3org/reva/pull/3886): Decomposedfs no longer deadlocks when cache is disabled
+*   Bugfix [cs3org/reva#3892](https://github.com/cs3org/reva/pull/3892): Fix public links
+*   Bugfix [cs3org/reva#3876](https://github.com/cs3org/reva/pull/3876): Remove go-micro/store/redis specific workaround
+*   Bugfix [cs3org/reva#3889](https://github.com/cs3org/reva/pull/3889): Update space root mtime when changing space metadata
+*   Bugfix [cs3org/reva#3836](https://github.com/cs3org/reva/pull/3836): Fix spaceID in the decomposedFS
+*   Bugfix [cs3org/reva#3867](https://github.com/cs3org/reva/pull/3867): Restore last version after positive result
+*   Bugfix [cs3org/reva#3849](https://github.com/cs3org/reva/pull/3849): Prevent sharing space roots and personal spaces
+*   Enhancement [cs3org/reva#3865](https://github.com/cs3org/reva/pull/3865): Remove unneccessary code from gateway
+*   Enhancement [cs3org/reva#3895](https://github.com/cs3org/reva/pull/3895): Add missing expiry date to shares
 
 https://github.com/owncloud/ocis/pull/6305

go.mod

@@ -13,7 +13,7 @@ require (
 	github.com/coreos/go-oidc v2.2.1+incompatible
 	github.com/coreos/go-oidc/v3 v3.4.0
 	github.com/cs3org/go-cs3apis v0.0.0-20221012090518-ef2996678965
-	github.com/cs3org/reva/v2 v2.13.3-0.20230516144046-7cf837940387
+	github.com/cs3org/reva/v2 v2.13.3
 	github.com/disintegration/imaging v1.6.2
 	github.com/dutchcoders/go-clamd v0.0.0-20170520113014-b970184f4d9e
 	github.com/egirna/icap-client v0.1.1

go.sum

@@ -627,10 +627,8 @@ github.com/crewjam/httperr v0.2.0 h1:b2BfXR8U3AlIHwNeFFvZ+BV1LFvKLlzMjzaTnZMybNo
 github.com/crewjam/httperr v0.2.0/go.mod h1:Jlz+Sg/XqBQhyMjdDiC+GNNRzZTD7x39Gu3pglZ5oH4=
 github.com/crewjam/saml v0.4.13 h1:TYHggH/hwP7eArqiXSJUvtOPNzQDyQ7vwmwEqlFWhMc=
 github.com/crewjam/saml v0.4.13/go.mod h1:igEejV+fihTIlHXYP8zOec3V5A8y3lws5bQBFsTm4gA=
-github.com/cs3org/reva/v2 v2.13.3-0.20230515105000-30125f104ba1 h1:M3+4wZvZolLs90wCjkJYslakQ3JAp/zs16mOwxvieJQ=
-github.com/cs3org/reva/v2 v2.13.3-0.20230515105000-30125f104ba1/go.mod h1:MoymB39kU/myG7LFkaCwqtoXQHct+/8uoZAvJEmNi+I=
-github.com/cs3org/reva/v2 v2.13.3-0.20230516144046-7cf837940387 h1:yCjVQ6x1VtYljREeNYGoK3F4X8MG50qFf+Dd4nMtCo4=
-github.com/cs3org/reva/v2 v2.13.3-0.20230516144046-7cf837940387/go.mod h1:MoymB39kU/myG7LFkaCwqtoXQHct+/8uoZAvJEmNi+I=
+github.com/cs3org/reva/v2 v2.13.3 h1:XP17/bl2EtwYcoX755hcg43EIagP1CAw/+loVFvHHM4=
+github.com/cs3org/reva/v2 v2.13.3/go.mod h1:MoymB39kU/myG7LFkaCwqtoXQHct+/8uoZAvJEmNi+I=
 github.com/cubewise-code/go-mime v0.0.0-20200519001935-8c5762b177d8 h1:Z9lwXumT5ACSmJ7WGnFl+OMLLjpz5uR2fyz7dC255FI=
 github.com/cubewise-code/go-mime v0.0.0-20200519001935-8c5762b177d8/go.mod h1:4abs/jPXcmJzYoYGF91JF9Uq9s/KL5n1jvFDix8KcqY=
 github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV+0YP4qX0UQ7r2MoYZ+AvYDp12OF5yg4q8rGnyNh4=

tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md

@@ -116,10 +116,6 @@ The expected failures in this file are from features in the owncloud/ocis repo.
 - [apiGraph/getUser.feature:617](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/getUser.feature#L617)
 - [apiGraph/getUser.feature:618](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/getUser.feature#L618)
 
-#### [Sharing to a group with an expiration date does not work #5442](https://github.com/owncloud/ocis/issues/5442)
-
-- [apiSpacesShares/shareSubItemOfSpace.feature:105](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiSpacesShares/shareSubItemOfSpace.feature#L105)
-
 #### [Normal user can get expanded members information of a group](https://github.com/owncloud/ocis/issues/5604)
 
 - [apiGraph/getGroup.feature:382](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/getGroup.feature#L382)

vendor/github.com/cs3org/reva/v2/internal/grpc/interceptors/auth/scope.go

@@ -247,44 +247,56 @@ func checkIfNestedResource(ctx context.Context, ref *provider.Reference, parent
 	parentPath := statResponse.Info.Path
 
 	childPath := ref.GetPath()
-	if childPath == "" || childPath == "." {
-		// We mint a token as the owner of the public share and try to stat the reference
-		// TODO(ishank011): We need to find a better alternative to this
-
-		var user *userpb.User
-		if statResponse.GetInfo().GetOwner().GetType() == userpb.UserType_USER_TYPE_SPACE_OWNER {
-			// fake a space owner user
-			user = &userpb.User{
-				Id: statResponse.GetInfo().GetOwner(),
-			}
-		} else {
-			userResp, err := client.GetUser(ctx, &userpb.GetUserRequest{UserId: statResponse.Info.Owner, SkipFetchingUserGroups: true})
-			if err != nil || userResp.Status.Code != rpc.Code_CODE_OK {
-				return false, err
-			}
-			user = userResp.User
-		}
-
-		scope, err := scope.AddOwnerScope(map[string]*authpb.Scope{})
-		if err != nil {
-			return false, err
-		}
-		token, err := mgr.MintToken(ctx, user, scope)
-		if err != nil {
-			return false, err
-		}
-		ctx = metadata.AppendToOutgoingContext(context.Background(), ctxpkg.TokenHeader, token)
-
-		childStat, err := client.Stat(ctx, &provider.StatRequest{Ref: ref})
-		if err != nil {
-			return false, err
-		}
-		if childStat.Status.Code != rpc.Code_CODE_OK {
-			return false, statuspkg.NewErrorFromCode(childStat.Status.Code, "auth interceptor")
-		}
-		childPath = statResponse.Info.Path
+	if childPath != "" && childPath != "." && strings.HasPrefix(childPath, parentPath) {
+		// if the request is relative from the root, we can return directly
+		return true, nil
 	}
 
+	// The request is not relative to the root. We need to find out if the requested resource is child of the `parent` (coming from token scope)
+	// We mint a token as the owner of the public share and try to stat the reference
+	// TODO(ishank011): We need to find a better alternative to this
+	// NOTE: did somebody say service accounts? ...
+
+	var user *userpb.User
+	if statResponse.GetInfo().GetOwner().GetType() == userpb.UserType_USER_TYPE_SPACE_OWNER {
+		// fake a space owner user
+		user = &userpb.User{
+			Id: statResponse.GetInfo().GetOwner(),
+		}
+	} else {
+		userResp, err := client.GetUser(ctx, &userpb.GetUserRequest{UserId: statResponse.Info.Owner, SkipFetchingUserGroups: true})
+		if err != nil || userResp.Status.Code != rpc.Code_CODE_OK {
+			return false, err
+		}
+		user = userResp.User
+	}
+
+	scope, err := scope.AddOwnerScope(map[string]*authpb.Scope{})
+	if err != nil {
+		return false, err
+	}
+	token, err := mgr.MintToken(ctx, user, scope)
+	if err != nil {
+		return false, err
+	}
+	ctx = metadata.AppendToOutgoingContext(context.Background(), ctxpkg.TokenHeader, token)
+
+	childStat, err := client.Stat(ctx, &provider.StatRequest{Ref: ref})
+	if err != nil {
+		return false, err
+	}
+	if childStat.Status.Code != rpc.Code_CODE_OK {
+		return false, statuspkg.NewErrorFromCode(childStat.Status.Code, "auth interceptor")
+	}
+	pathResp, err := client.GetPath(ctx, &provider.GetPathRequest{ResourceId: childStat.GetInfo().GetId()})
+	if err != nil {
+		return false, err
+	}
+	if pathResp.Status.Code != rpc.Code_CODE_OK {
+		return false, statuspkg.NewErrorFromCode(pathResp.Status.Code, "auth interceptor")
+	}
+	childPath = pathResp.Path
+
 	return strings.HasPrefix(childPath, parentPath), nil
 
 }

vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocs/handlers/apps/sharing/shares/shares.go

@@ -1411,6 +1411,19 @@ func (h *Handler) createCs3Share(ctx context.Context, w http.ResponseWriter, r *
 		}
 	}
 
+	expiry := r.PostFormValue("expireDate")
+	if expiry != "" {
+		ts, err := time.Parse("2006-01-02T15:04:05-0700", expiry)
+		if err != nil {
+			return nil, &ocsError{
+				Code:    response.MetaBadRequest.StatusCode,
+				Message: "could not parse expiry timestamp on this item",
+				Error:   err,
+			}
+		}
+		req.Grant.Expiration = utils.TimeToTS(ts)
+	}
+
 	createShareResponse, err := client.CreateShare(ctx, req)
 	if err != nil {
 		return nil, &ocsError{

vendor/modules.txt

@@ -349,7 +349,7 @@ github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1
 github.com/cs3org/go-cs3apis/cs3/storage/registry/v1beta1
 github.com/cs3org/go-cs3apis/cs3/tx/v1beta1
 github.com/cs3org/go-cs3apis/cs3/types/v1beta1
-# github.com/cs3org/reva/v2 v2.13.3-0.20230516144046-7cf837940387
+# github.com/cs3org/reva/v2 v2.13.3
 ## explicit; go 1.19
 github.com/cs3org/reva/v2/cmd/revad/internal/grace
 github.com/cs3org/reva/v2/cmd/revad/runtime