From fb0380820ce0a2e34cd0ed33ef353aa182440e95 Mon Sep 17 00:00:00 2001
From: David Christofas <dchristofas@owncloud.com>
Date: Fri, 1 Oct 2021 16:41:36 +0200
Subject: [PATCH] enable archiver for public shares

---
 graph/pkg/middleware/auth.go              | 2 +-
 ocis-pkg/middleware/account.go            | 2 +-
 proxy/pkg/middleware/public_share_auth.go | 4 +---
 3 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/graph/pkg/middleware/auth.go b/graph/pkg/middleware/auth.go
index dca9fafa9..ed4a2ecf6 100644
--- a/graph/pkg/middleware/auth.go
+++ b/graph/pkg/middleware/auth.go
@@ -61,7 +61,7 @@ func Auth(opts ...account.Option) func(http.Handler) http.Handler {
 				errorcode.InvalidAuthenticationToken.Render(w, r, http.StatusUnauthorized, "invalid token")
 				return
 			}
-			if ok, err := scope.VerifyScope(tokenScope, r); err != nil || !ok {
+			if ok, err := scope.VerifyScope(ctx, tokenScope, r); err != nil || !ok {
 				opt.Logger.Error().Err(err).Msg("verifying scope failed")
 				errorcode.InvalidAuthenticationToken.Render(w, r, http.StatusUnauthorized, "verifying scope failed")
 				return
diff --git a/ocis-pkg/middleware/account.go b/ocis-pkg/middleware/account.go
index 9d7c26d4e..562a9ce45 100644
--- a/ocis-pkg/middleware/account.go
+++ b/ocis-pkg/middleware/account.go
@@ -60,7 +60,7 @@ func ExtractAccountUUID(opts ...account.Option) func(http.Handler) http.Handler
 				opt.Logger.Error().Err(err)
 				return
 			}
-			if ok, err := scope.VerifyScope(tokenScope, r); err != nil || !ok {
+			if ok, err := scope.VerifyScope(r.Context(), tokenScope, r); err != nil || !ok {
 				opt.Logger.Error().Err(err).Msg("verifying scope failed")
 				return
 			}
diff --git a/proxy/pkg/middleware/public_share_auth.go b/proxy/pkg/middleware/public_share_auth.go
index 80c470eba..32e0fc004 100644
--- a/proxy/pkg/middleware/public_share_auth.go
+++ b/proxy/pkg/middleware/public_share_auth.go
@@ -2,7 +2,6 @@ package middleware
 
 import (
 	"net/http"
-	"strings"
 
 	gateway "github.com/cs3org/go-cs3apis/cs3/gateway/v1beta1"
 )
@@ -10,7 +9,6 @@ import (
 const (
 	headerRevaAccessToken   = "x-access-token"
 	headerShareToken        = "public-token"
-	appProviderPathPrefix   = "/app/open"
 	basicAuthPasswordPrefix = "basic|"
 	authenticationType      = "publicshares"
 )
@@ -24,7 +22,7 @@ func PublicShareAuth(opts ...Option) func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 			// Currently we only want to authenticate app open request coming from public shares.
 			shareToken := r.Header.Get(headerShareToken)
-			if shareToken == "" || !strings.HasPrefix(appProviderPathPrefix, r.URL.Path) {
+			if shareToken == "" {
 				// Don't authenticate
 				next.ServeHTTP(w, r)
 				return