Merge pull request #8608 from kobergj/BumpReva

[full-ci] Bump Reva

changelog/unreleased/bump-reva.md

@@ -0,0 +1,5 @@
+Enhancement: Bump Reva
+
+bumps reva version
+
+https://github.com/owncloud/ocis/pull/8606

go.mod

@@ -14,7 +14,7 @@ require (
 	github.com/cenkalti/backoff v2.2.1+incompatible
 	github.com/coreos/go-oidc/v3 v3.9.0
 	github.com/cs3org/go-cs3apis v0.0.0-20231023073225-7748710e0781
-	github.com/cs3org/reva/v2 v2.19.2-0.20240308081122-3b519e2f9a15
+	github.com/cs3org/reva/v2 v2.19.2-0.20240308123626-fc2867f59d92
 	github.com/dhowden/tag v0.0.0-20230630033851-978a0926ee25
 	github.com/disintegration/imaging v1.6.2
 	github.com/dutchcoders/go-clamd v0.0.0-20170520113014-b970184f4d9e

go.sum

@@ -1019,8 +1019,8 @@ github.com/crewjam/saml v0.4.14 h1:g9FBNx62osKusnFzs3QTN5L9CVA/Egfgm+stJShzw/c=
 github.com/crewjam/saml v0.4.14/go.mod h1:UVSZCf18jJkk6GpWNVqcyQJMD5HsRugBPf4I1nl2mME=
 github.com/cs3org/go-cs3apis v0.0.0-20231023073225-7748710e0781 h1:BUdwkIlf8IS2FasrrPg8gGPHQPOrQ18MS1Oew2tmGtY=
 github.com/cs3org/go-cs3apis v0.0.0-20231023073225-7748710e0781/go.mod h1:UXha4TguuB52H14EMoSsCqDj7k8a/t7g4gVP+bgY5LY=
-github.com/cs3org/reva/v2 v2.19.2-0.20240308081122-3b519e2f9a15 h1:++sksh5HfGlP5FMXww2UWFkSQ+8Y+GJuCdLbDQ09c1k=
-github.com/cs3org/reva/v2 v2.19.2-0.20240308081122-3b519e2f9a15/go.mod h1:GRUrOp5HbFVwZTgR9bVrMZ/MvVy+Jhxw1PdMmhhKP9E=
+github.com/cs3org/reva/v2 v2.19.2-0.20240308123626-fc2867f59d92 h1:+dM3XWjA+P6/jfKkjCIrLGhfvg64KL0UZ7bTR7wYAEk=
+github.com/cs3org/reva/v2 v2.19.2-0.20240308123626-fc2867f59d92/go.mod h1:GRUrOp5HbFVwZTgR9bVrMZ/MvVy+Jhxw1PdMmhhKP9E=
 github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV+0YP4qX0UQ7r2MoYZ+AvYDp12OF5yg4q8rGnyNh4=
 github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg=
 github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=

services/thumbnails/pkg/service/grpc/v0/service.go

@@ -220,7 +220,14 @@ func (g Thumbnail) handleWebdavSource(ctx context.Context, req *thumbnailssvc.Ge
 	if src.WebdavAuthorization != "" {
 		ctx = imgsource.ContextSetAuthorization(ctx, src.WebdavAuthorization)
 	}
-	imgURL.RawQuery = ""
+
+	// add signature and expiration to webdav url
+	signature, expiration := imgURL.Query().Get("signature"), imgURL.Query().Get("expiration")
+	params := url.Values{}
+	params.Add("signature", signature)
+	params.Add("expiration", expiration)
+	imgURL.RawQuery = params.Encode()
+
 	r, err := g.webdavSource.Get(ctx, imgURL.String())
 	if err != nil {
 		return "", merrors.InternalServerError(g.serviceID, "could not get image from source: %s", err.Error())

vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav/dav.go

@@ -255,7 +255,7 @@ func (h *DavHandler) Handler(s *svc) http.Handler {
 				sig := q.Get("signature")
 				expiration := q.Get("expiration")
 				// We restrict the pre-signed urls to downloads.
-				if sig != "" && expiration != "" && r.Method != http.MethodGet {
+				if sig != "" && expiration != "" && !(r.Method == http.MethodGet || r.Method == http.MethodHead) {
 					w.WriteHeader(http.StatusUnauthorized)
 					return
 				}

vendor/modules.txt

@@ -359,7 +359,7 @@ github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1
 github.com/cs3org/go-cs3apis/cs3/storage/registry/v1beta1
 github.com/cs3org/go-cs3apis/cs3/tx/v1beta1
 github.com/cs3org/go-cs3apis/cs3/types/v1beta1
-# github.com/cs3org/reva/v2 v2.19.2-0.20240308081122-3b519e2f9a15
+# github.com/cs3org/reva/v2 v2.19.2-0.20240308123626-fc2867f59d92
 ## explicit; go 1.21
 github.com/cs3org/reva/v2/cmd/revad/internal/grace
 github.com/cs3org/reva/v2/cmd/revad/runtime