Merge branch 'master' into reenable-parallel-deployment-in-ci

2026-03-13 12:48:56 -04:00 · 2022-05-06 08:48:37 +02:00
parent 0cfc365629 109ebaef8a
commit deff182729
15 changed files with 291 additions and 134 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,7 @@ The following sections list the changes for unreleased.

 ## Summary

+* Bugfix - Thumbnails for `/dav/xxx?preview=1` requests: [#3567](https://github.com/owncloud/ocis/pull/3567)
 * Bugfix - Idp: Check if CA certificate if present: [#3623](https://github.com/owncloud/ocis/issues/3623)
 * Bugfix - Return proper errors when ocs/cloud/users is using the cs3 backend: [#3483](https://github.com/owncloud/ocis/issues/3483)
 * Bugfix - URL encode the webdav url in the graph API: [#3597](https://github.com/owncloud/ocis/pull/3597)
@@ -30,6 +31,15 @@ The following sections list the changes for unreleased.

 ## Details

+* Bugfix - Thumbnails for `/dav/xxx?preview=1` requests: [#3567](https://github.com/owncloud/ocis/pull/3567)
+
+   We've added the thumbnail rendering for `/dav/xxx?preview=1`,
+   `/remote.php/webdav/{relative path}?preview=1` and `/webdav/{relative
+   path}?preview=1` requests, which was previously not supported because of missing routes. It
+   now returns the same thumbnails as for `/remote.php/dav/xxx?preview=1`.
+
+   https://github.com/owncloud/ocis/pull/3567
+
 * Bugfix - Idp: Check if CA certificate if present: [#3623](https://github.com/owncloud/ocis/issues/3623)

   Upon first start with the default configurtation the idm service creates a server
--- a/changelog/unreleased/fix-thumbnails-dav.md
+++ b/changelog/unreleased/fix-thumbnails-dav.md
@@ -0,0 +1,6 @@
+Bugfix: Thumbnails for `/dav/xxx?preview=1` requests
+
+We've added the thumbnail rendering for `/dav/xxx?preview=1`, `/remote.php/webdav/{relative path}?preview=1` and `/webdav/{relative path}?preview=1` requests, which was previously not supported because of missing routes. It now returns the same thumbnails as for
+`/remote.php/dav/xxx?preview=1`.
+
+https://github.com/owncloud/ocis/pull/3567
--- a/extensions/idp/assets/.keep
+++ b/extensions/idp/assets/.keep
--- a/extensions/idp/assets/identifier-registration.yaml
+++ b/extensions/idp/assets/identifier-registration.yaml
@@ -1,44 +0,0 @@
---
-# OpenID Connect client registry.
-clients:
-  - id: web
-    name: ownCloud web app
-    trusted: yes
-    redirect_uris:
-      - {{OCIS_URL}}/
-      - {{OCIS_URL}}/oidc-callback.html
-      - {{OCIS_URL}}/oidc-silent-redirect.html
-    origins:
-      - {{OCIS_URL}}
-
-  - id: ocis-explorer.js
-    name: oCIS Graph Explorer
-    trusted: yes
-    redirect_uris:
-      - {{OCIS_URL}}/graph-explorer/
-    origins:
-      - {{OCIS_URL}}
-      
-
-  - id: xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69
-    secret: UBntmLjC2yYCeHwsyj73Uwo9TAaecAetRwMw0xYcvNL9yRdLSUi0hUAHfvCHFeFh
-    name: ownCloud desktop app
-    application_type: native
-    redirect_uris:
-      - http://127.0.0.1
-      - http://localhost
-
-  - id: e4rAsNUSIUs0lF4nbv9FmCeUkTlV9GdgTLDH1b5uie7syb90SzEVrbN7HIpmWJeD
-    secret: dInFYGV33xKzhbRmpqQltYNdfLdJIfJ9L5ISoKhNoT9qZftpdWSP71VrpGR9pmoD
-    name: ownCloud Android app
-    application_type: native
-    redirect_uris:
-      - oc://android.owncloud.com
-
-  - id: mxd5OQDk6es5LzOzRvidJNfXLUZS2oN3oUFeXPP8LpPrhx3UroJFduGEYIBOxkY1
-    secret: KFeFWWEZO9TkisIQzR3fo7hfiMXlOpaqP8CFuTbSHzV1TUuGECglPxpiVKJfOXIx
-    name: ownCloud iOS app
-    application_type: native
-    redirect_uris:
-      - oc://ios.owncloud.com
-      - oc.ios://ios.owncloud.com
--- a/extensions/idp/pkg/config/config.go
+++ b/extensions/idp/pkg/config/config.go
@@ -18,9 +18,10 @@ type Config struct {

 	HTTP HTTP `yaml:"http"`

-	Asset Asset    `yaml:"asset"`
-	IDP   Settings `yaml:"idp"`
-	Ldap  Ldap     `yaml:"ldap"`
+	Asset   Asset    `yaml:"asset"`
+	IDP     Settings `yaml:"idp"`
+	Clients []Client `yaml:"clients"`
+	Ldap    Ldap     `yaml:"ldap"`

 	Context context.Context `yaml:"-"`
 }
@@ -51,6 +52,16 @@ type Asset struct {
 	Path string `yaml:"asset" env:"IDP_ASSET_PATH"`
 }

+type Client struct {
+	ID              string   `yaml:"id"`
+	Name            string   `yaml:"name"`
+	Trusted         bool     `yaml:"trusted"`
+	Secret          string   `yaml:"secret"`
+	RedirectURIs    []string `yaml:"redirect_uris"`
+	Origins         []string `yaml:"origins"`
+	ApplicationType string   `yaml:"application_type"`
+}
+
 type Settings struct {
 	// don't change the order of elements in this struct
 	// it needs to match github.com/libregraph/lico/bootstrap.Settings
@@ -80,8 +91,8 @@ type Settings struct {
 	Listen string

 	IdentifierClientDisabled          bool   `yaml:"identifier_client_disabled" env:"IDP_DISABLE_IDENTIFIER_WEBAPP"`
-	IdentifierClientPath              string `yaml:"identifier_client_path" env:"IDP_IDENTIFIER_CLIENT_PATH"`
-	IdentifierRegistrationConf        string `yaml:"identifier_registration_conf" env:"IDP_IDENTIFIER_REGISTRATION_CONF"`
+	IdentifierClientPath              string `yaml:"-"`
+	IdentifierRegistrationConf        string `yaml:"-"`
 	IdentifierScopesConf              string `yaml:"identifier_scopes_conf" env:"IDP_IDENTIFIER_SCOPES_CONF"`
 	IdentifierDefaultBannerLogo       string
 	IdentifierDefaultSignInPageText   string
--- a/extensions/idp/pkg/config/defaults/defaultconfig.go
+++ b/extensions/idp/pkg/config/defaults/defaultconfig.go
@@ -31,7 +31,6 @@ func DefaultConfig() *config.Config {
 		Service: config.Service{
 			Name: "idp",
 		},
-		Asset: config.Asset{},
 		IDP: config.Settings{
 			Iss:                               "https://localhost:9200",
 			IdentityManager:                   "ldap",
@@ -49,7 +48,7 @@ func DefaultConfig() *config.Config {
 			Listen:                            "",
 			IdentifierClientDisabled:          true,
 			IdentifierClientPath:              path.Join(defaults.BaseDataPath(), "idp"),
-			IdentifierRegistrationConf:        path.Join(defaults.BaseDataPath(), "idp", "identifier-registration.yaml"),
+			IdentifierRegistrationConf:        path.Join(defaults.BaseDataPath(), "idp", "tmp", "identifier-registration.yaml"),
 			IdentifierScopesConf:              "",
 			IdentifierDefaultBannerLogo:       "",
 			IdentifierDefaultSignInPageText:   "",
@@ -65,6 +64,61 @@ func DefaultConfig() *config.Config {
 			RefreshTokenDurationSeconds:       60 * 60 * 24 * 365 * 3, // 1 year
 			DyamicClientSecretDurationSeconds: 0,
 		},
+		Clients: []config.Client{
+			{
+				ID:      "web",
+				Name:    "ownCloud Web app",
+				Trusted: true,
+				RedirectURIs: []string{
+					"{{OCIS_URL}}/",
+					"{{OCIS_URL}}/oidc-callback.html",
+					"{{OCIS_URL}}/oidc-silent-redirect.html",
+				},
+				Origins: []string{
+					"{{OCIS_URL}}",
+				},
+			},
+			{
+				ID:      "ocis-explorer.js",
+				Name:    "oCIS Graph Explorer",
+				Trusted: true,
+				RedirectURIs: []string{
+					"{{OCIS_URL}}/graph-explorer/",
+				},
+				Origins: []string{
+					"{{OCIS_URL}}",
+				},
+			},
+			{
+				ID:              "xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69",
+				Secret:          "UBntmLjC2yYCeHwsyj73Uwo9TAaecAetRwMw0xYcvNL9yRdLSUi0hUAHfvCHFeFh",
+				Name:            "ownCloud desktop app",
+				ApplicationType: "native",
+				RedirectURIs: []string{
+					"http://127.0.0.1",
+					"http://localhost",
+				},
+			},
+			{
+				ID:              "e4rAsNUSIUs0lF4nbv9FmCeUkTlV9GdgTLDH1b5uie7syb90SzEVrbN7HIpmWJeD",
+				Secret:          "dInFYGV33xKzhbRmpqQltYNdfLdJIfJ9L5ISoKhNoT9qZftpdWSP71VrpGR9pmoD",
+				Name:            "ownCloud Android app",
+				ApplicationType: "native",
+				RedirectURIs: []string{
+					"oc://android.owncloud.com",
+				},
+			},
+			{
+				ID:              "mxd5OQDk6es5LzOzRvidJNfXLUZS2oN3oUFeXPP8LpPrhx3UroJFduGEYIBOxkY1",
+				Secret:          "KFeFWWEZO9TkisIQzR3fo7hfiMXlOpaqP8CFuTbSHzV1TUuGECglPxpiVKJfOXIx",
+				Name:            "ownCloud iOS app",
+				ApplicationType: "native",
+				RedirectURIs: []string{
+					"oc://ios.owncloud.com",
+					"oc.ios://ios.owncloud.com",
+				},
+			},
+		},
 		Ldap: config.Ldap{
 			URI:               "ldaps://localhost:9235",
 			TLSCACert:         path.Join(defaults.BaseDataPath(), "idm", "ldap.crt"),
--- a/extensions/idp/pkg/service/v0/service.go
+++ b/extensions/idp/pkg/service/v0/service.go
@@ -24,6 +24,7 @@ import (
 	"github.com/owncloud/ocis/v2/extensions/idp/pkg/middleware"
 	"github.com/owncloud/ocis/v2/ocis-pkg/ldap"
 	"github.com/owncloud/ocis/v2/ocis-pkg/log"
+	"gopkg.in/yaml.v2"
 	"stash.kopano.io/kgol/rndm"
 )

@@ -54,7 +55,11 @@ func NewService(opts ...Option) Service {
 		logger.Fatal().Err(err).Msg("could not initialize env vars")
 	}

-	if err := createConfigsIfNotExist(assetVFS, options.Config.IDP.IdentifierRegistrationConf, options.Config.IDP.Iss); err != nil {
+	if err := createTemporaryClientsConfig(
+		options.Config.IDP.IdentifierRegistrationConf,
+		options.Config.IDP.Iss,
+		options.Config.Clients,
+	); err != nil {
 		logger.Fatal().Err(err).Msg("could not create default config")
 	}

@@ -88,7 +93,11 @@ func NewService(opts ...Option) Service {
 	return svc
 }

-func createConfigsIfNotExist(assets http.FileSystem, filePath, ocisURL string) error {
+type temporaryClientConfig struct {
+	Clients []config.Client `yaml:"clients"`
+}
+
+func createTemporaryClientsConfig(filePath, ocisURL string, clients []config.Client) error {

 	folder := path.Dir(filePath)
 	if _, err := os.Stat(folder); os.IsNotExist(err) {
@@ -97,33 +106,36 @@ func createConfigsIfNotExist(assets http.FileSystem, filePath, ocisURL string) e
 		}
 	}

-	if _, err := os.Stat(filePath); os.IsNotExist(err) {
-		defaultConf, err := assets.Open("/identifier-registration.yaml")
-		if err != nil {
-			return err
+	for i, client := range clients {
+
+		for i, entry := range client.RedirectURIs {
+			client.RedirectURIs[i] = strings.ReplaceAll(entry, "{{OCIS_URL}}", strings.TrimRight(ocisURL, "/"))
 		}
-
-		defer defaultConf.Close()
-
-		confOnDisk, err := os.Create(filePath)
-		if err != nil {
-			return err
+		for i, entry := range client.Origins {
+			client.Origins[i] = strings.ReplaceAll(entry, "{{OCIS_URL}}", strings.TrimRight(ocisURL, "/"))
 		}
+		clients[i] = client
+	}

-		defer confOnDisk.Close()
+	c := temporaryClientConfig{
+		Clients: clients,
+	}

-		conf, err := ioutil.ReadAll(defaultConf)
-		if err != nil {
-			return err
-		}
+	conf, err := yaml.Marshal(c)
+	if err != nil {
+		return err
+	}

-		// replace placeholder {{OCIS_URL}} with https://localhost:9200 / correct host
-		conf = []byte(strings.ReplaceAll(string(conf), "{{OCIS_URL}}", strings.TrimRight(ocisURL, "/")))
+	confOnDisk, err := os.Create(filePath)
+	if err != nil {
+		return err
+	}

-		err = ioutil.WriteFile(filePath, conf, 0600)
-		if err != nil {
-			return err
-		}
+	defer confOnDisk.Close()
+
+	err = ioutil.WriteFile(filePath, conf, 0600)
+	if err != nil {
+		return err
 	}

 	return nil
--- a/extensions/proxy/pkg/config/config.go
+++ b/extensions/proxy/pkg/config/config.go
@@ -45,15 +45,15 @@ type Policy struct {

 // Route defines forwarding routes
 type Route struct {
-	Type RouteType `yaml:"type"`
+	Type RouteType `yaml:"type,omitempty"`
 	// Method optionally limits the route to this HTTP method
-	Method   string `yaml:"method"`
-	Endpoint string `yaml:"endpoint"`
+	Method   string `yaml:"method,omitempty"`
+	Endpoint string `yaml:"endpoint,omitempty"`
 	// Backend is a static URL to forward the request to
-	Backend string `yaml:"backend"`
+	Backend string `yaml:"backend,omitempty"`
 	// Service name to look up in the registry
-	Service     string `yaml:"service"`
-	ApacheVHost bool   `yaml:"apache_vhost"`
+	Service     string `yaml:"service,omitempty"`
+	ApacheVHost bool   `yaml:"apache_vhost,omitempty"`
 }

 // RouteType defines the type of a route
--- a/extensions/proxy/pkg/config/defaults/defaultconfig.go
+++ b/extensions/proxy/pkg/config/defaults/defaultconfig.go
@@ -106,6 +106,16 @@ func DefaultPolicies() []config.Policy {
 					Endpoint: "/remote.php/dav/",
 					Backend:  "http://localhost:9115", // TODO use registry?
 				},
+				{
+					Type:     config.QueryRoute,
+					Endpoint: "/dav/?preview=1",
+					Backend:  "http://localhost:9115",
+				},
+				{
+					Type:     config.QueryRoute,
+					Endpoint: "/webdav/?preview=1",
+					Backend:  "http://localhost:9115",
+				},
 				{
 					Endpoint: "/remote.php/",
 					Service:  "ocdav",
--- a/extensions/proxy/pkg/middleware/basic_auth.go
+++ b/extensions/proxy/pkg/middleware/basic_auth.go
@@ -115,9 +115,11 @@ func (m basicAuth) isPublicLink(req *http.Request) bool {
 	}

 	publicPaths := []string{
+		"/dav/public-files/",
 		"/remote.php/dav/public-files/",
 		"/remote.php/ocs/apps/files_sharing/api/v1/tokeninfo/unprotected",
 		"/ocs/v1.php/cloud/capabilities",
+		"/data",
 	}
 	isPublic := false

--- a/extensions/webdav/pkg/constants/constants.go
+++ b/extensions/webdav/pkg/constants/constants.go
@@ -0,0 +1,8 @@
+package constants
+
+type contextKey int
+
+const (
+	ContextKeyID contextKey = iota
+	ContextKeyPath
+)
--- a/extensions/webdav/pkg/dav/requests/thumbnail.go
+++ b/extensions/webdav/pkg/dav/requests/thumbnail.go
@@ -7,9 +7,10 @@ import (
 	"net/url"
 	"path/filepath"
 	"strconv"
-	"strings"

 	"github.com/go-chi/chi/v5"
+
+	"github.com/owncloud/ocis/v2/extensions/webdav/pkg/constants"
 )

 const (
@@ -39,12 +40,20 @@ type ThumbnailRequest struct {

 // ParseThumbnailRequest extracts all required parameters from a http request.
 func ParseThumbnailRequest(r *http.Request) (*ThumbnailRequest, error) {
-	fp, id, err := extractFilePath(r)
-	if err != nil {
-		return nil, err
-	}
-	q := r.URL.Query()
+	ctx := r.Context()

+	fp := ctx.Value(constants.ContextKeyPath).(string)
+	if fp == "" {
+		return nil, errors.New("invalid file path")
+	}
+
+	id := ""
+	v := ctx.Value(constants.ContextKeyID)
+	if v != nil {
+		id = v.(string)
+	}
+
+	q := r.URL.Query()
 	width, height, err := parseDimensions(q)
 	if err != nil {
 		return nil, err
@@ -61,32 +70,6 @@ func ParseThumbnailRequest(r *http.Request) (*ThumbnailRequest, error) {
 	}, nil
 }

-// the url looks as followed
-//
-// /remote.php/dav/files/<user>/<filepath>
-//
-// User and filepath are dynamic and filepath can contain slashes
-// So using the URLParam function is not possible.
-func extractFilePath(r *http.Request) (string, string, error) {
-	id := chi.URLParam(r, "id")
-	id, err := url.QueryUnescape(id)
-	if err != nil {
-		return "", "", errors.New("could not unescape user")
-	}
-	if id != "" {
-		parts := strings.SplitN(r.URL.Path, id, 2)
-		return parts[1], id, nil
-	}
-
-	// This is for public links
-	token := chi.URLParam(r, "token")
-	if token != "" {
-		parts := strings.SplitN(r.URL.Path, token, 2)
-		return parts[1], "", nil
-	}
-	return "", "", errors.New("could not extract file path")
-}
-
 func parseDimensions(q url.Values) (int64, int64, error) {
 	width, err := parseDimension(q.Get("x"), "width", DefaultWidth)
 	if err != nil {
--- a/extensions/webdav/pkg/service/v0/service.go
+++ b/extensions/webdav/pkg/service/v0/service.go
@@ -1,9 +1,11 @@
 package svc

 import (
+	"context"
 	"encoding/xml"
 	"io"
 	"net/http"
+	"net/url"
 	"path"
 	"path/filepath"
 	"strings"
@@ -13,16 +15,16 @@ import (
 	rpcv1beta1 "github.com/cs3org/go-cs3apis/cs3/rpc/v1beta1"
 	"github.com/cs3org/reva/v2/pkg/rgrpc/todo/pool"
 	"github.com/cs3org/reva/v2/pkg/storage/utils/templates"
+	"github.com/go-chi/chi/v5"
 	"github.com/go-chi/render"
 	merrors "go-micro.dev/v4/errors"
 	"google.golang.org/grpc/metadata"

+	"github.com/owncloud/ocis/v2/extensions/webdav/pkg/config"
+	"github.com/owncloud/ocis/v2/extensions/webdav/pkg/constants"
+	"github.com/owncloud/ocis/v2/extensions/webdav/pkg/dav/requests"
 	"github.com/owncloud/ocis/v2/ocis-pkg/log"
 	"github.com/owncloud/ocis/v2/ocis-pkg/service/grpc"
-
-	"github.com/go-chi/chi/v5"
-	"github.com/owncloud/ocis/v2/extensions/webdav/pkg/config"
-	"github.com/owncloud/ocis/v2/extensions/webdav/pkg/dav/requests"
 	thumbnailsmsg "github.com/owncloud/ocis/v2/protogen/gen/ocis/messages/thumbnails/v0"
 	searchsvc "github.com/owncloud/ocis/v2/protogen/gen/ocis/services/search/v0"
 	thumbnailssvc "github.com/owncloud/ocis/v2/protogen/gen/ocis/services/thumbnails/v0"
@@ -73,10 +75,32 @@ func NewService(opts ...Option) (Service, error) {
 	}

 	m.Route(options.Config.HTTP.Root, func(r chi.Router) {
-		r.Get("/remote.php/dav/spaces/{id}/*", svc.SpacesThumbnail)
-		r.Get("/remote.php/dav/files/{id}/*", svc.Thumbnail)
-		r.Get("/remote.php/dav/public-files/{token}/*", svc.PublicThumbnail)
-		r.Head("/remote.php/dav/public-files/{token}/*", svc.PublicThumbnailHead)
+
+		r.Group(func(r chi.Router) {
+			r.Use(svc.DavUserContext())
+
+			r.Get("/remote.php/dav/spaces/{id}/*", svc.SpacesThumbnail)
+			r.Get("/dav/spaces/{id}/*", svc.SpacesThumbnail)
+
+			r.Get("/remote.php/dav/files/{id}/*", svc.Thumbnail)
+			r.Get("/dav/files/{id}/*", svc.Thumbnail)
+		})
+
+		r.Group(func(r chi.Router) {
+			r.Use(svc.DavPublicContext())
+
+			r.Head("/remote.php/dav/public-files/{token}/*", svc.PublicThumbnailHead)
+			r.Head("/dav/public-files/{token}/*", svc.PublicThumbnailHead)
+
+			r.Get("/remote.php/dav/public-files/{token}/*", svc.PublicThumbnail)
+			r.Get("/dav/public-files/{token}/*", svc.PublicThumbnail)
+		})
+
+		r.Group(func(r chi.Router) {
+			r.Use(svc.WebDAVContext())
+			r.Get("/remote.php/webdav/*", svc.Thumbnail)
+			r.Get("/webdav/*", svc.Thumbnail)
+		})

 		// r.MethodFunc("REPORT", "/remote.php/dav/files/{id}/*", svc.Search)

@@ -114,6 +138,67 @@ func (g Webdav) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	g.mux.ServeHTTP(w, r)
 }

+func (g Webdav) DavUserContext() func(next http.Handler) http.Handler {
+	return func(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			ctx := r.Context()
+			filePath := r.URL.Path
+
+			id := chi.URLParam(r, "id")
+			id, err := url.QueryUnescape(id)
+			if err == nil && id != "" {
+				ctx = context.WithValue(ctx, constants.ContextKeyID, id)
+			}
+
+			if id != "" {
+				filePath = strings.TrimPrefix(filePath, path.Join("/remote.php/dav/spaces", id)+"/")
+				filePath = strings.TrimPrefix(filePath, path.Join("/dav/spaces", id)+"/")
+
+				filePath = strings.TrimPrefix(filePath, path.Join("/remote.php/dav/files", id)+"/")
+				filePath = strings.TrimPrefix(filePath, path.Join("/dav/files", id)+"/")
+			}
+
+			ctx = context.WithValue(ctx, constants.ContextKeyPath, filePath)
+
+			next.ServeHTTP(w, r.WithContext(ctx))
+
+		})
+	}
+}
+
+func (g Webdav) DavPublicContext() func(next http.Handler) http.Handler {
+	return func(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			ctx := r.Context()
+			filePath := r.URL.Path
+
+			if token := chi.URLParam(r, "token"); token != "" {
+				filePath = strings.TrimPrefix(filePath, path.Join("/remote.php/dav/public-files", token)+"/")
+				filePath = strings.TrimPrefix(filePath, path.Join("/dav/public-files", token)+"/")
+			}
+			ctx = context.WithValue(ctx, constants.ContextKeyPath, filePath)
+
+			next.ServeHTTP(w, r.WithContext(ctx))
+
+		})
+	}
+}
+func (g Webdav) WebDAVContext() func(next http.Handler) http.Handler {
+	return func(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+
+			filePath := r.URL.Path
+			filePath = strings.TrimPrefix(filePath, "/remote.php")
+			filePath = strings.TrimPrefix(filePath, "/webdav/")
+
+			ctx := context.WithValue(r.Context(), constants.ContextKeyPath, filePath)
+
+			next.ServeHTTP(w, r.WithContext(ctx))
+
+		})
+	}
+}
+
 // SpacesThumbnail is the endpoint for retrieving thumbnails inside of spaces.
 func (g Webdav) SpacesThumbnail(w http.ResponseWriter, r *http.Request) {
 	tr, err := requests.ParseThumbnailRequest(r)
@@ -166,18 +251,36 @@ func (g Webdav) Thumbnail(w http.ResponseWriter, r *http.Request) {
 	}

 	t := r.Header.Get(TokenHeader)
-	ctx := metadata.AppendToOutgoingContext(r.Context(), TokenHeader, t)
-	userRes, err := g.revaClient.GetUserByClaim(ctx, &userv1beta1.GetUserByClaimRequest{
-		Claim: "username",
-		Value: tr.Identifier,
-	})
-	if err != nil || userRes.Status.Code != rpcv1beta1.Code_CODE_OK {
-		g.log.Error().Err(err).Msg("could not get user")
-		renderError(w, r, errInternalError("could not get user"))
-		return
+
+	var user *userv1beta1.User
+
+	if tr.Identifier == "" {
+		// look up user from token via WhoAmI
+		userRes, err := g.revaClient.WhoAmI(r.Context(), &gatewayv1beta1.WhoAmIRequest{
+			Token: t,
+		})
+		if err != nil || userRes.Status.Code != rpcv1beta1.Code_CODE_OK {
+			g.log.Error().Err(err).Msg("could not get user")
+			renderError(w, r, errInternalError("could not get user"))
+			return
+		}
+		user = userRes.GetUser()
+	} else {
+		// look up user from URL via GetUserByClaim
+		ctx := metadata.AppendToOutgoingContext(r.Context(), TokenHeader, t)
+		userRes, err := g.revaClient.GetUserByClaim(ctx, &userv1beta1.GetUserByClaimRequest{
+			Claim: "username",
+			Value: tr.Identifier,
+		})
+		if err != nil || userRes.Status.Code != rpcv1beta1.Code_CODE_OK {
+			g.log.Error().Err(err).Msg("could not get user")
+			renderError(w, r, errInternalError("could not get user"))
+			return
+		}
+		user = userRes.GetUser()
 	}

-	fullPath := filepath.Join(templates.WithUser(userRes.User, g.config.WebdavNamespace), tr.Filepath)
+	fullPath := filepath.Join(templates.WithUser(user, g.config.WebdavNamespace), tr.Filepath)
 	rsp, err := g.thumbnailsClient.GetThumbnail(r.Context(), &thumbnailssvc.GetThumbnailRequest{
 		Filepath:      strings.TrimLeft(tr.Filepath, "/"),
 		ThumbnailType: extensionToThumbnailType(strings.TrimLeft(tr.Extension, ".")),
--- a/tests/acceptance/expected-failures-webUI-on-OCIS-storage.md
+++ b/tests/acceptance/expected-failures-webUI-on-OCIS-storage.md
@@ -247,9 +247,6 @@ Other free text and markdown formatting can be used elsewhere in the document if
 - [webUIResharing2/reshareUsers.feature:72](https://github.com/owncloud/web/blob/master/tests/acceptance/features/webUIResharing2/reshareUsers.feature#L72)
 - [webUIResharing2/reshareUsers.feature:73](https://github.com/owncloud/web/blob/master/tests/acceptance/features/webUIResharing2/reshareUsers.feature#L73)

-### [Regression during ocis 2.0.0-beta](https://github.com/owncloud/ocis/issues/3627)
- [webUISharingInternalGroups/shareWithGroups.feature:19](https://github.com/owncloud/web/blob/master/tests/acceptance/features/webUISharingInternalGroups/shareWithGroups.feature#L19)
-
 ### [Different share permissions provides varying roles in oc10 and ocis](https://github.com/owncloud/ocis/issues/1277)
 - [webUISharingInternalGroups/shareWithGroups.feature:166](https://github.com/owncloud/web/blob/master/tests/acceptance/features/webUISharingInternalGroups/shareWithGroups.feature#L166)
 - [webUISharingInternalGroups/shareWithGroups.feature:180](https://github.com/owncloud/web/blob/master/tests/acceptance/features/webUISharingInternalGroups/shareWithGroups.feature#L180)
--- a/tests/config/drone/ocis-config.json
+++ b/tests/config/drone/ocis-config.json
@@ -10,7 +10,12 @@
    "scope": "openid profile email"
  },
  "options": {
-    "displayResourcesLazy": false
+    "displayResourcesLazy": false,
+    "sidebar": {
+      "shares": {
+        "showAllOnLoad": true
+      }
+    }
  },
  "apps": [
    "files",