From 9d050e237ab27c35f5ecfb89a4b7079f8c157408 Mon Sep 17 00:00:00 2001 From: Michael Barz Date: Wed, 17 May 2023 12:02:34 +0200 Subject: [PATCH 1/2] update reva --- changelog/unreleased/bump-reva.md | 16 +++- go.mod | 2 +- go.sum | 6 +- .../internal/grpc/interceptors/auth/scope.go | 84 +++++++++++-------- .../handlers/apps/sharing/shares/shares.go | 13 +++ vendor/modules.txt | 2 +- 6 files changed, 80 insertions(+), 43 deletions(-) diff --git a/changelog/unreleased/bump-reva.md b/changelog/unreleased/bump-reva.md index 0f991662c9..780a5550c9 100644 --- a/changelog/unreleased/bump-reva.md +++ b/changelog/unreleased/bump-reva.md @@ -1,4 +1,18 @@ -Enhancement: Update Reva +Enhancement: Update Reva to 2.13.3 +Changelog for reva 2.13.3 (2023-05-17) +======================================= + +* Bugfix [cs3org/reva#3890](https://github.com/cs3org/reva/pull/3890): Bring back public link sharing of project space roots +* Bugfix [cs3org/reva#3888](https://github.com/cs3org/reva/pull/3888): We fixed a bug that unnecessarily fetched all members of a group +* Bugfix [cs3org/reva#3886](https://github.com/cs3org/reva/pull/3886): Decomposedfs no longer deadlocks when cache is disabled +* Bugfix [cs3org/reva#3892](https://github.com/cs3org/reva/pull/3892): Fix public links +* Bugfix [cs3org/reva#3876](https://github.com/cs3org/reva/pull/3876): Remove go-micro/store/redis specific workaround +* Bugfix [cs3org/reva#3889](https://github.com/cs3org/reva/pull/3889): Update space root mtime when changing space metadata +* Bugfix [cs3org/reva#3836](https://github.com/cs3org/reva/pull/3836): Fix spaceID in the decomposedFS +* Bugfix [cs3org/reva#3867](https://github.com/cs3org/reva/pull/3867): Restore last version after positive result +* Bugfix [cs3org/reva#3849](https://github.com/cs3org/reva/pull/3849): Prevent sharing space roots and personal spaces +* Enhancement [cs3org/reva#3865](https://github.com/cs3org/reva/pull/3865): Remove unneccessary code from gateway +* Enhancement [cs3org/reva#3895](https://github.com/cs3org/reva/pull/3895): Add missing expiry date to shares https://github.com/owncloud/ocis/pull/6305 diff --git a/go.mod b/go.mod index 89947f6827..44f06943ad 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/coreos/go-oidc v2.2.1+incompatible github.com/coreos/go-oidc/v3 v3.4.0 github.com/cs3org/go-cs3apis v0.0.0-20221012090518-ef2996678965 - github.com/cs3org/reva/v2 v2.13.3-0.20230516144046-7cf837940387 + github.com/cs3org/reva/v2 v2.13.3 github.com/disintegration/imaging v1.6.2 github.com/dutchcoders/go-clamd v0.0.0-20170520113014-b970184f4d9e github.com/egirna/icap-client v0.1.1 diff --git a/go.sum b/go.sum index 745f5392c1..462aa78bc8 100644 --- a/go.sum +++ b/go.sum @@ -627,10 +627,8 @@ github.com/crewjam/httperr v0.2.0 h1:b2BfXR8U3AlIHwNeFFvZ+BV1LFvKLlzMjzaTnZMybNo github.com/crewjam/httperr v0.2.0/go.mod h1:Jlz+Sg/XqBQhyMjdDiC+GNNRzZTD7x39Gu3pglZ5oH4= github.com/crewjam/saml v0.4.13 h1:TYHggH/hwP7eArqiXSJUvtOPNzQDyQ7vwmwEqlFWhMc= github.com/crewjam/saml v0.4.13/go.mod h1:igEejV+fihTIlHXYP8zOec3V5A8y3lws5bQBFsTm4gA= -github.com/cs3org/reva/v2 v2.13.3-0.20230515105000-30125f104ba1 h1:M3+4wZvZolLs90wCjkJYslakQ3JAp/zs16mOwxvieJQ= -github.com/cs3org/reva/v2 v2.13.3-0.20230515105000-30125f104ba1/go.mod h1:MoymB39kU/myG7LFkaCwqtoXQHct+/8uoZAvJEmNi+I= -github.com/cs3org/reva/v2 v2.13.3-0.20230516144046-7cf837940387 h1:yCjVQ6x1VtYljREeNYGoK3F4X8MG50qFf+Dd4nMtCo4= -github.com/cs3org/reva/v2 v2.13.3-0.20230516144046-7cf837940387/go.mod h1:MoymB39kU/myG7LFkaCwqtoXQHct+/8uoZAvJEmNi+I= +github.com/cs3org/reva/v2 v2.13.3 h1:XP17/bl2EtwYcoX755hcg43EIagP1CAw/+loVFvHHM4= +github.com/cs3org/reva/v2 v2.13.3/go.mod h1:MoymB39kU/myG7LFkaCwqtoXQHct+/8uoZAvJEmNi+I= github.com/cubewise-code/go-mime v0.0.0-20200519001935-8c5762b177d8 h1:Z9lwXumT5ACSmJ7WGnFl+OMLLjpz5uR2fyz7dC255FI= github.com/cubewise-code/go-mime v0.0.0-20200519001935-8c5762b177d8/go.mod h1:4abs/jPXcmJzYoYGF91JF9Uq9s/KL5n1jvFDix8KcqY= github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV+0YP4qX0UQ7r2MoYZ+AvYDp12OF5yg4q8rGnyNh4= diff --git a/vendor/github.com/cs3org/reva/v2/internal/grpc/interceptors/auth/scope.go b/vendor/github.com/cs3org/reva/v2/internal/grpc/interceptors/auth/scope.go index 431d7da4d9..44c2e6d5b2 100644 --- a/vendor/github.com/cs3org/reva/v2/internal/grpc/interceptors/auth/scope.go +++ b/vendor/github.com/cs3org/reva/v2/internal/grpc/interceptors/auth/scope.go @@ -247,44 +247,56 @@ func checkIfNestedResource(ctx context.Context, ref *provider.Reference, parent parentPath := statResponse.Info.Path childPath := ref.GetPath() - if childPath == "" || childPath == "." { - // We mint a token as the owner of the public share and try to stat the reference - // TODO(ishank011): We need to find a better alternative to this - - var user *userpb.User - if statResponse.GetInfo().GetOwner().GetType() == userpb.UserType_USER_TYPE_SPACE_OWNER { - // fake a space owner user - user = &userpb.User{ - Id: statResponse.GetInfo().GetOwner(), - } - } else { - userResp, err := client.GetUser(ctx, &userpb.GetUserRequest{UserId: statResponse.Info.Owner, SkipFetchingUserGroups: true}) - if err != nil || userResp.Status.Code != rpc.Code_CODE_OK { - return false, err - } - user = userResp.User - } - - scope, err := scope.AddOwnerScope(map[string]*authpb.Scope{}) - if err != nil { - return false, err - } - token, err := mgr.MintToken(ctx, user, scope) - if err != nil { - return false, err - } - ctx = metadata.AppendToOutgoingContext(context.Background(), ctxpkg.TokenHeader, token) - - childStat, err := client.Stat(ctx, &provider.StatRequest{Ref: ref}) - if err != nil { - return false, err - } - if childStat.Status.Code != rpc.Code_CODE_OK { - return false, statuspkg.NewErrorFromCode(childStat.Status.Code, "auth interceptor") - } - childPath = statResponse.Info.Path + if childPath != "" && childPath != "." && strings.HasPrefix(childPath, parentPath) { + // if the request is relative from the root, we can return directly + return true, nil } + // The request is not relative to the root. We need to find out if the requested resource is child of the `parent` (coming from token scope) + // We mint a token as the owner of the public share and try to stat the reference + // TODO(ishank011): We need to find a better alternative to this + // NOTE: did somebody say service accounts? ... + + var user *userpb.User + if statResponse.GetInfo().GetOwner().GetType() == userpb.UserType_USER_TYPE_SPACE_OWNER { + // fake a space owner user + user = &userpb.User{ + Id: statResponse.GetInfo().GetOwner(), + } + } else { + userResp, err := client.GetUser(ctx, &userpb.GetUserRequest{UserId: statResponse.Info.Owner, SkipFetchingUserGroups: true}) + if err != nil || userResp.Status.Code != rpc.Code_CODE_OK { + return false, err + } + user = userResp.User + } + + scope, err := scope.AddOwnerScope(map[string]*authpb.Scope{}) + if err != nil { + return false, err + } + token, err := mgr.MintToken(ctx, user, scope) + if err != nil { + return false, err + } + ctx = metadata.AppendToOutgoingContext(context.Background(), ctxpkg.TokenHeader, token) + + childStat, err := client.Stat(ctx, &provider.StatRequest{Ref: ref}) + if err != nil { + return false, err + } + if childStat.Status.Code != rpc.Code_CODE_OK { + return false, statuspkg.NewErrorFromCode(childStat.Status.Code, "auth interceptor") + } + pathResp, err := client.GetPath(ctx, &provider.GetPathRequest{ResourceId: childStat.GetInfo().GetId()}) + if err != nil { + return false, err + } + if pathResp.Status.Code != rpc.Code_CODE_OK { + return false, statuspkg.NewErrorFromCode(pathResp.Status.Code, "auth interceptor") + } + childPath = pathResp.Path + return strings.HasPrefix(childPath, parentPath), nil } diff --git a/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocs/handlers/apps/sharing/shares/shares.go b/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocs/handlers/apps/sharing/shares/shares.go index fea5f61478..54babc0f21 100644 --- a/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocs/handlers/apps/sharing/shares/shares.go +++ b/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocs/handlers/apps/sharing/shares/shares.go @@ -1411,6 +1411,19 @@ func (h *Handler) createCs3Share(ctx context.Context, w http.ResponseWriter, r * } } + expiry := r.PostFormValue("expireDate") + if expiry != "" { + ts, err := time.Parse("2006-01-02T15:04:05-0700", expiry) + if err != nil { + return nil, &ocsError{ + Code: response.MetaBadRequest.StatusCode, + Message: "could not parse expiry timestamp on this item", + Error: err, + } + } + req.Grant.Expiration = utils.TimeToTS(ts) + } + createShareResponse, err := client.CreateShare(ctx, req) if err != nil { return nil, &ocsError{ diff --git a/vendor/modules.txt b/vendor/modules.txt index b4c64fe9c4..ca132f4f5e 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -349,7 +349,7 @@ github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1 github.com/cs3org/go-cs3apis/cs3/storage/registry/v1beta1 github.com/cs3org/go-cs3apis/cs3/tx/v1beta1 github.com/cs3org/go-cs3apis/cs3/types/v1beta1 -# github.com/cs3org/reva/v2 v2.13.3-0.20230516144046-7cf837940387 +# github.com/cs3org/reva/v2 v2.13.3 ## explicit; go 1.19 github.com/cs3org/reva/v2/cmd/revad/internal/grace github.com/cs3org/reva/v2/cmd/revad/runtime From 6a052b9d241913c19e1f74ba0ea7dd4c2dff8d02 Mon Sep 17 00:00:00 2001 From: Michael Barz Date: Wed, 17 May 2023 14:02:15 +0200 Subject: [PATCH 2/2] update expected failures --- .../acceptance/expected-failures-localAPI-on-OCIS-storage.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md b/tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md index fbe33d2a94..de4e3d535a 100644 --- a/tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md +++ b/tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md @@ -116,10 +116,6 @@ The expected failures in this file are from features in the owncloud/ocis repo. - [apiGraph/getUser.feature:617](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/getUser.feature#L617) - [apiGraph/getUser.feature:618](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/getUser.feature#L618) -#### [Sharing to a group with an expiration date does not work #5442](https://github.com/owncloud/ocis/issues/5442) - -- [apiSpacesShares/shareSubItemOfSpace.feature:105](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiSpacesShares/shareSubItemOfSpace.feature#L105) - #### [Normal user can get expanded members information of a group](https://github.com/owncloud/ocis/issues/5604) - [apiGraph/getGroup.feature:382](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/getGroup.feature#L382)