mirror of
https://github.com/opencloud-eu/opencloud.git
synced 2026-02-06 12:21:21 -05:00
Compare commits
1 Commits
v4.0.3
...
v4.0.0-rc.
| Author | SHA1 | Date | |
|---|---|---|---|
|
03cc45af18 |
14
.make/go.mk
14
.make/go.mk
@@ -36,18 +36,8 @@ ifndef DATE
|
||||
DATE := $(shell date -u '+%Y%m%d')
|
||||
endif
|
||||
|
||||
LDFLAGS += -X google.golang.org/protobuf/reflect/protoregistry.conflictPolicy=warn -s -w \
|
||||
-X "$(OC_REPO)/pkg/version.Edition=$(EDITION)" \
|
||||
-X "$(OC_REPO)/pkg/version.String=$(STRING)" \
|
||||
-X "$(OC_REPO)/pkg/version.Tag=$(VERSION)" \
|
||||
-X "$(OC_REPO)/pkg/version.Date=$(DATE)"
|
||||
|
||||
DEBUG_LDFLAGS += -X google.golang.org/protobuf/reflect/protoregistry.conflictPolicy=warn \
|
||||
-X "$(OC_REPO)/pkg/version.Edition=$(EDITION)" \
|
||||
-X "$(OC_REPO)/pkg/version.String=$(STRING)" \
|
||||
-X "$(OC_REPO)/pkg/version.Tag=$(VERSION)" \
|
||||
-X "$(OC_REPO)/pkg/version.Date=$(DATE)"
|
||||
|
||||
LDFLAGS += -X google.golang.org/protobuf/reflect/protoregistry.conflictPolicy=warn -s -w -X "$(OC_REPO)/pkg/version.String=$(STRING)" -X "$(OC_REPO)/pkg/version.Tag=$(VERSION)" -X "$(OC_REPO)/pkg/version.Date=$(DATE)"
|
||||
DEBUG_LDFLAGS += -X google.golang.org/protobuf/reflect/protoregistry.conflictPolicy=warn -X "$(OC_REPO)/pkg/version.String=$(STRING)" -X "$(OC_REPO)/pkg/version.Tag=$(VERSION)" -X "$(OC_REPO)/pkg/version.Date=$(DATE)"
|
||||
DOCKER_LDFLAGS += -X "$(OC_REPO)/pkg/config/defaults.BaseDataPathType=path" -X "$(OC_REPO)/pkg/config/defaults.BaseDataPathValue=/var/lib/opencloud"
|
||||
DOCKER_LDFLAGS += -X "$(OC_REPO)/pkg/config/defaults.BaseConfigPathType=path" -X "$(OC_REPO)/pkg/config/defaults.BaseConfigPathValue=/etc/opencloud"
|
||||
|
||||
|
||||
@@ -18,7 +18,7 @@ OC_CI_ALPINE = "owncloudci/alpine:latest"
|
||||
OC_CI_BAZEL_BUILDIFIER = "owncloudci/bazel-buildifier:latest"
|
||||
OC_CI_CLAMAVD = "owncloudci/clamavd"
|
||||
OC_CI_DRONE_ANSIBLE = "owncloudci/drone-ansible:latest"
|
||||
OC_CI_GOLANG = "registry.heinlein.group/opencloud/golang-ci:1.25"
|
||||
OC_CI_GOLANG = "docker.io/golang:1.24"
|
||||
OC_CI_NODEJS = "owncloudci/nodejs:%s"
|
||||
OC_CI_PHP = "owncloudci/php:%s"
|
||||
OC_CI_WAIT_FOR = "owncloudci/wait-for:latest"
|
||||
@@ -41,6 +41,7 @@ DEFAULT_PHP_VERSION = "8.2"
|
||||
DEFAULT_NODEJS_VERSION = "20"
|
||||
|
||||
CACHE_S3_SERVER = "https://s3.ci.opencloud.eu"
|
||||
INSTALL_LIBVIPS_COMMAND = "apt-get update; apt-get install libvips42 -y"
|
||||
|
||||
dirs = {
|
||||
"base": "/woodpecker/src/github.com/opencloud-eu/opencloud",
|
||||
@@ -74,11 +75,11 @@ OC_FED_DOMAIN = "%s:10200" % FED_OC_SERVER_NAME
|
||||
event = {
|
||||
"base": {
|
||||
"event": ["push", "manual"],
|
||||
"branch": "stable-*",
|
||||
"branch": "main",
|
||||
},
|
||||
"cron": {
|
||||
"event": "cron",
|
||||
"branch": "stable-*",
|
||||
"branch": "main",
|
||||
},
|
||||
"pull_request": {
|
||||
"event": "pull_request",
|
||||
@@ -137,8 +138,7 @@ config = {
|
||||
"suites": [
|
||||
"apiGraph",
|
||||
"apiServiceAvailability",
|
||||
# skip tests for collaborativePosix. see https://github.com/opencloud-eu/opencloud/issues/2036
|
||||
#"collaborativePosix",
|
||||
"collaborativePosix",
|
||||
],
|
||||
"skip": False,
|
||||
"withRemotePhp": [True],
|
||||
@@ -480,10 +480,6 @@ def main(ctx):
|
||||
if ctx.build.event == "cron" and ctx.build.sender == "translation-sync":
|
||||
return translation_sync(ctx)
|
||||
|
||||
is_release_pr = (ctx.build.event == "pull_request" and ctx.build.sender == "openclouders" and "🎉 release" in ctx.build.title.lower())
|
||||
if is_release_pr:
|
||||
return [licenseCheck(ctx)]
|
||||
|
||||
build_release_helpers = \
|
||||
readyReleaseGo()
|
||||
|
||||
@@ -710,7 +706,7 @@ def restoreGoBinCache():
|
||||
"name": "extract-go-bin-cache",
|
||||
"image": OC_UBUNTU,
|
||||
"commands": [
|
||||
"tar -xvmf %s -C /" % dirs["gobinTarPath"],
|
||||
"tar -xmf %s -C /" % dirs["gobinTarPath"],
|
||||
],
|
||||
},
|
||||
]
|
||||
@@ -1657,7 +1653,6 @@ def dockerRelease(ctx, repo, build_type):
|
||||
build_args = {
|
||||
"REVISION": "%s" % ctx.build.commit,
|
||||
"VERSION": "%s" % (ctx.build.ref.replace("refs/tags/", "") if ctx.build.event == "tag" else "daily"),
|
||||
"EDITION": "stable" if build_type == "production" else "rolling",
|
||||
}
|
||||
|
||||
# if no additional tag is given, the build-plugin adds latest
|
||||
@@ -1821,7 +1816,6 @@ def binaryRelease(ctx, arch, depends_on = []):
|
||||
"image": OC_CI_GOLANG,
|
||||
"environment": {
|
||||
"VERSION": (ctx.build.ref.replace("refs/tags/", "") if ctx.build.event == "tag" else "daily"),
|
||||
"EDITION": "rolling",
|
||||
"HTTP_PROXY": {
|
||||
"from_secret": "ci_http_proxy",
|
||||
},
|
||||
@@ -1954,7 +1948,6 @@ def readyReleaseGo():
|
||||
"image": READY_RELEASE_GO,
|
||||
"settings": {
|
||||
"git_email": "devops@opencloud.eu",
|
||||
"release_branch": "stable-4.0",
|
||||
"forge_type": "github",
|
||||
"forge_token": {
|
||||
"from_secret": "github_token",
|
||||
@@ -2068,9 +2061,7 @@ def notifyMatrix(ctx):
|
||||
},
|
||||
"QA_REPO": "https://github.com/opencloud-eu/qa.git",
|
||||
"QA_REPO_BRANCH": "main",
|
||||
"CI_WOODPECKER_URL": {
|
||||
"from_secret": "oc_ci_url",
|
||||
},
|
||||
"CI_WOODPECKER_URL": "https://ci.opencloud.eu/",
|
||||
"CI_REPO_ID": "3",
|
||||
"CI_WOODPECKER_TOKEN": "no-auth-needed-on-this-repo",
|
||||
},
|
||||
@@ -2232,6 +2223,9 @@ def opencloudServer(storage = "decomposed", accounts_hash_difficulty = 4, depend
|
||||
},
|
||||
},
|
||||
"commands": [
|
||||
"apt-get update",
|
||||
"apt-get install -y inotify-tools xattr",
|
||||
INSTALL_LIBVIPS_COMMAND,
|
||||
"%s init --insecure true" % dirs["opencloudBin"],
|
||||
"cat $OC_CONFIG_DIR/opencloud.yaml",
|
||||
"cp tests/config/woodpecker/app-registry.yaml $OC_CONFIG_DIR/app-registry.yaml",
|
||||
@@ -2275,6 +2269,7 @@ def startOpenCloudService(service = None, name = None, environment = {}):
|
||||
"detach": True,
|
||||
"environment": environment,
|
||||
"commands": [
|
||||
INSTALL_LIBVIPS_COMMAND,
|
||||
"%s %s server" % (dirs["opencloudBin"], service),
|
||||
],
|
||||
},
|
||||
@@ -2300,6 +2295,7 @@ def build():
|
||||
"name": "build",
|
||||
"image": OC_CI_GOLANG,
|
||||
"commands": [
|
||||
"apt-get update; apt-get install libvips-dev -y",
|
||||
"for i in $(seq 3); do make -C opencloud build ENABLE_VIPS=1 && break || sleep 1; done",
|
||||
],
|
||||
"environment": CI_HTTP_PROXY_ENV,
|
||||
@@ -2348,12 +2344,11 @@ def translation_sync(ctx):
|
||||
"image": OC_CI_GOLANG,
|
||||
"commands": [
|
||||
"make l10n-read",
|
||||
"mkdir tx && cd tx",
|
||||
"curl -o- https://raw.githubusercontent.com/transifex/cli/master/install.sh | bash",
|
||||
"export PATH=$PATH:$(pwd) && cd ..",
|
||||
". ~/.profile",
|
||||
"make l10n-push",
|
||||
"make l10n-pull",
|
||||
"rm -rf tx",
|
||||
"rm tx",
|
||||
"make l10n-clean",
|
||||
],
|
||||
"environment": {
|
||||
|
||||
123
CHANGELOG.md
123
CHANGELOG.md
@@ -1,128 +1,5 @@
|
||||
# Changelog
|
||||
|
||||
## [4.0.3](https://github.com/opencloud-eu/opencloud/releases/tag/v4.0.3) - 2026-02-05
|
||||
|
||||
### ❤️ Thanks to all contributors! ❤️
|
||||
|
||||
@aduffeck
|
||||
|
||||
### 🐛 Bug Fixes
|
||||
|
||||
- Bump reva 2.40.3 [[#2275](https://github.com/opencloud-eu/opencloud/pull/2275)]
|
||||
|
||||
## [4.0.2](https://github.com/opencloud-eu/opencloud/releases/tag/v4.0.2) - 2026-02-05
|
||||
|
||||
### ❤️ Thanks to all contributors! ❤️
|
||||
|
||||
@ScharfViktor, @aduffeck, @fschade, @kulmann, @micbar, @prashant-gurung899, @saw-jan
|
||||
|
||||
### ✅ Tests
|
||||
|
||||
- [tests-only] port tests to stable #2087 #2039 [[#2185](https://github.com/opencloud-eu/opencloud/pull/2185)]
|
||||
- [full-ci][tests-only] port test fixes [[#2017](https://github.com/opencloud-eu/opencloud/pull/2017)]
|
||||
- [stable-4.0] Port #2011 [[#2018](https://github.com/opencloud-eu/opencloud/pull/2018)]
|
||||
|
||||
### 🐛 Bug Fixes
|
||||
|
||||
- [stable-4.0] fix: build time edition channels #2001 [[#2010](https://github.com/opencloud-eu/opencloud/pull/2010)]
|
||||
- [stable-4.0] fix: enforce trailing slash for server url [[#2002](https://github.com/opencloud-eu/opencloud/pull/2002)]
|
||||
- [stable-4.0] fix: enhance resource creation with detailed process information (#1978) [[#2000](https://github.com/opencloud-eu/opencloud/pull/2000)]
|
||||
|
||||
### 📦️ Dependencies
|
||||
|
||||
- Bump reva [[#2274](https://github.com/opencloud-eu/opencloud/pull/2274)]
|
||||
|
||||
## [4.0.1](https://github.com/opencloud-eu/opencloud/releases/tag/v4.0.1) - 2025-12-15
|
||||
|
||||
### ❤️ Thanks to all contributors! ❤️
|
||||
|
||||
@ScharfViktor, @fschade, @kulmann, @micbar, @prashant-gurung899
|
||||
|
||||
### ✅ Tests
|
||||
|
||||
- [stable-4.0] Port #2011 [[#2018](https://github.com/opencloud-eu/opencloud/pull/2018)]
|
||||
|
||||
### 🐛 Bug Fixes
|
||||
|
||||
- [stable-4.0] fix: build time edition channels #2001 [[#2010](https://github.com/opencloud-eu/opencloud/pull/2010)]
|
||||
- [stable-4.0] fix: enforce trailing slash for server url [[#2002](https://github.com/opencloud-eu/opencloud/pull/2002)]
|
||||
- [stable-4.0] fix: enhance resource creation with detailed process information (#1978) [[#2000](https://github.com/opencloud-eu/opencloud/pull/2000)]
|
||||
|
||||
## [4.0.0](https://github.com/opencloud-eu/opencloud/releases/tag/v4.0.0) - 2025-12-01
|
||||
|
||||
### ❤️ Thanks to all contributors! ❤️
|
||||
|
||||
@AlexAndBear, @MahdiBaghbani, @ScharfViktor, @butonic, @dragonchaser, @flimmy, @fschade, @individual-it, @jnweiger, @kulmann, @micbar, @mikelolasagasti, @pbleser-oc, @rhafer, @schweigisito
|
||||
|
||||
### 💥 Breaking changes
|
||||
|
||||
- collaboration: Enable `InsertRemoteImage` option [[#1692](https://github.com/opencloud-eu/opencloud/pull/1692)]
|
||||
|
||||
### 📚 Documentation
|
||||
|
||||
- Fix typos in antivirus README documentation [[#1940](https://github.com/opencloud-eu/opencloud/pull/1940)]
|
||||
- fix: add missing service README.md files with basic description [[#1859](https://github.com/opencloud-eu/opencloud/pull/1859)]
|
||||
- Fix README.md files which contain broken or missing links [[#1854](https://github.com/opencloud-eu/opencloud/pull/1854)]
|
||||
|
||||
### 🐛 Bug Fixes
|
||||
|
||||
- introduce OC_EVENTS_TLS_INSECURE [[#1936](https://github.com/opencloud-eu/opencloud/pull/1936)]
|
||||
- kill unused env vars [[#1888](https://github.com/opencloud-eu/opencloud/pull/1888)]
|
||||
- rc-handling was only active for the dryrun, not the real build-and-push [[#1919](https://github.com/opencloud-eu/opencloud/pull/1919)]
|
||||
- handle objectguid endianess [[#1901](https://github.com/opencloud-eu/opencloud/pull/1901)]
|
||||
- fix: add update server to default csp rules [[#1875](https://github.com/opencloud-eu/opencloud/pull/1875)]
|
||||
- fix: add missing capability flag support-radicale [[#1891](https://github.com/opencloud-eu/opencloud/pull/1891)]
|
||||
- fix opensearch client certificate [[#1890](https://github.com/opencloud-eu/opencloud/pull/1890)]
|
||||
- Bump reva [[#1882](https://github.com/opencloud-eu/opencloud/pull/1882)]
|
||||
- load two yaml configs [[#1617](https://github.com/opencloud-eu/opencloud/pull/1617)]
|
||||
- make user cache tenant aware [[#1732](https://github.com/opencloud-eu/opencloud/pull/1732)]
|
||||
- fix: sanitise markdow code to make docusaurus happy [[#1851](https://github.com/opencloud-eu/opencloud/pull/1851)]
|
||||
- update launch.json [[#1843](https://github.com/opencloud-eu/opencloud/pull/1843)]
|
||||
- docs: Fix auth-app examples in README [[#1844](https://github.com/opencloud-eu/opencloud/pull/1844)]
|
||||
- fix: fix typo in treesize logging [[#1826](https://github.com/opencloud-eu/opencloud/pull/1826)]
|
||||
- fix: set global signing secret fallback correctly [[#1781](https://github.com/opencloud-eu/opencloud/pull/1781)]
|
||||
|
||||
### 📈 Enhancement
|
||||
|
||||
- feat(ocm): add WAYF configuration for reva OCM service [[#1714](https://github.com/opencloud-eu/opencloud/pull/1714)]
|
||||
- log missing name or id attributes [[#1914](https://github.com/opencloud-eu/opencloud/pull/1914)]
|
||||
- collabora: Set IsAdminUser and IsAnonymousUser in CheckFileInfo [[#1745](https://github.com/opencloud-eu/opencloud/pull/1745)]
|
||||
|
||||
### ✅ Tests
|
||||
|
||||
- [full-ci] disable running ci with watch fs when full-ci [[#1902](https://github.com/opencloud-eu/opencloud/pull/1902)]
|
||||
- api-tests: delete spaces before users [[#1877](https://github.com/opencloud-eu/opencloud/pull/1877)]
|
||||
- update tika version [[#1872](https://github.com/opencloud-eu/opencloud/pull/1872)]
|
||||
- add share sync to collaborativePosix suite [[#1806](https://github.com/opencloud-eu/opencloud/pull/1806)]
|
||||
- removed test virus files from repo [[#1812](https://github.com/opencloud-eu/opencloud/pull/1812)]
|
||||
- increase timeouts waiting for notification & search [[#1802](https://github.com/opencloud-eu/opencloud/pull/1802)]
|
||||
- Sync share before action [[#1795](https://github.com/opencloud-eu/opencloud/pull/1795)]
|
||||
- correct STORAGE_USERS_POSIX_WATCH_FS env typo in CI [[#1746](https://github.com/opencloud-eu/opencloud/pull/1746)]
|
||||
|
||||
### 📦️ Dependencies
|
||||
|
||||
- [full-ci] revaBump-v2.40.1 [[#1927](https://github.com/opencloud-eu/opencloud/pull/1927)]
|
||||
- [full-ci] chore: bump web to v4.2.1 [[#1938](https://github.com/opencloud-eu/opencloud/pull/1938)]
|
||||
- build(deps): bump google.golang.org/grpc from 1.76.0 to 1.77.0 [[#1923](https://github.com/opencloud-eu/opencloud/pull/1923)]
|
||||
- build(deps): bump github.com/nats-io/nats-server/v2 from 2.12.1 to 2.12.2 [[#1922](https://github.com/opencloud-eu/opencloud/pull/1922)]
|
||||
- build(deps): bump github.com/kovidgoyal/imaging from 1.7.2 to 1.8.17 [[#1912](https://github.com/opencloud-eu/opencloud/pull/1912)]
|
||||
- build(deps): bump golang.org/x/crypto from 0.44.0 to 0.45.0 [[#1911](https://github.com/opencloud-eu/opencloud/pull/1911)]
|
||||
- [decomposed]Update version 4.0.0 rc.2 [[#1917](https://github.com/opencloud-eu/opencloud/pull/1917)]
|
||||
- chore: bump web to v4.2.1-rc.1 [[#1900](https://github.com/opencloud-eu/opencloud/pull/1900)]
|
||||
- revaBump-getting#428 [[#1887](https://github.com/opencloud-eu/opencloud/pull/1887)]
|
||||
- build(deps): bump github.com/blevesearch/bleve/v2 from 2.5.4 to 2.5.5 [[#1884](https://github.com/opencloud-eu/opencloud/pull/1884)]
|
||||
- build(deps): bump github.com/olekukonko/tablewriter from 1.1.0 to 1.1.1 [[#1869](https://github.com/opencloud-eu/opencloud/pull/1869)]
|
||||
- build(deps): bump golang.org/x/term from 0.36.0 to 0.37.0 [[#1845](https://github.com/opencloud-eu/opencloud/pull/1845)]
|
||||
- reva-bump-2.39.2. update opencloud 4.0.0-rc.1 [[#1849](https://github.com/opencloud-eu/opencloud/pull/1849)]
|
||||
- build(deps): bump golang.org/x/sync from 0.17.0 to 0.18.0 [[#1836](https://github.com/opencloud-eu/opencloud/pull/1836)]
|
||||
- build(deps): bump golang.org/x/oauth2 from 0.32.0 to 0.33.0 [[#1828](https://github.com/opencloud-eu/opencloud/pull/1828)]
|
||||
- build(deps): bump github.com/KimMachineGun/automemlimit from 0.7.4 to 0.7.5 [[#1787](https://github.com/opencloud-eu/opencloud/pull/1787)]
|
||||
- build(deps): bump github.com/open-policy-agent/opa from 1.9.0 to 1.10.1 [[#1788](https://github.com/opencloud-eu/opencloud/pull/1788)]
|
||||
- Bump reva [[#1786](https://github.com/opencloud-eu/opencloud/pull/1786)]
|
||||
- build(deps): bump github.com/gabriel-vasile/mimetype from 1.4.10 to 1.4.11 [[#1775](https://github.com/opencloud-eu/opencloud/pull/1775)]
|
||||
- build(deps): bump github.com/nats-io/nats-server/v2 from 2.12.0 to 2.12.1 [[#1706](https://github.com/opencloud-eu/opencloud/pull/1706)]
|
||||
- build(deps): bump github.com/onsi/ginkgo/v2 from 2.27.1 to 2.27.2 [[#1754](https://github.com/opencloud-eu/opencloud/pull/1754)]
|
||||
|
||||
## [3.7.0](https://github.com/opencloud-eu/opencloud/releases/tag/v3.7.0) - 2025-11-03
|
||||
|
||||
### ❤️ Thanks to all contributors! ❤️
|
||||
|
||||
2
go.mod
2
go.mod
@@ -64,7 +64,7 @@ require (
|
||||
github.com/open-policy-agent/opa v1.10.1
|
||||
github.com/opencloud-eu/icap-client v0.0.0-20250930132611-28a2afe62d89
|
||||
github.com/opencloud-eu/libre-graph-api-go v1.0.8-0.20250724122329-41ba6b191e76
|
||||
github.com/opencloud-eu/reva/v2 v2.40.3
|
||||
github.com/opencloud-eu/reva/v2 v2.40.1
|
||||
github.com/opensearch-project/opensearch-go/v4 v4.5.0
|
||||
github.com/orcaman/concurrent-map v1.0.0
|
||||
github.com/pkg/errors v0.9.1
|
||||
|
||||
4
go.sum
4
go.sum
@@ -963,8 +963,8 @@ github.com/opencloud-eu/inotifywaitgo v0.0.0-20251111171128-a390bae3c5e9 h1:dIft
|
||||
github.com/opencloud-eu/inotifywaitgo v0.0.0-20251111171128-a390bae3c5e9/go.mod h1:JWyDC6H+5oZRdUJUgKuaye+8Ph5hEs6HVzVoPKzWSGI=
|
||||
github.com/opencloud-eu/libre-graph-api-go v1.0.8-0.20250724122329-41ba6b191e76 h1:vD/EdfDUrv4omSFjrinT8Mvf+8D7f9g4vgQ2oiDrVUI=
|
||||
github.com/opencloud-eu/libre-graph-api-go v1.0.8-0.20250724122329-41ba6b191e76/go.mod h1:pzatilMEHZFT3qV7C/X3MqOa3NlRQuYhlRhZTL+hN6Q=
|
||||
github.com/opencloud-eu/reva/v2 v2.40.3 h1:gFiBzI/Mq10zekZXvAXOGWRPzTjzHVhBt5W1B5JJMnE=
|
||||
github.com/opencloud-eu/reva/v2 v2.40.3/go.mod h1:DGH08n2mvtsQLkt8o15FV6m51FwSJJGhjR8Ty+iIJww=
|
||||
github.com/opencloud-eu/reva/v2 v2.40.1 h1:QwMkbGMhwDSwfk2WxbnTpIig2BugPBaVFjWcy2DSU3U=
|
||||
github.com/opencloud-eu/reva/v2 v2.40.1/go.mod h1:DGH08n2mvtsQLkt8o15FV6m51FwSJJGhjR8Ty+iIJww=
|
||||
github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
|
||||
github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
|
||||
github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040=
|
||||
|
||||
@@ -3,7 +3,6 @@ ARG TARGETOS
|
||||
ARG TARGETARCH
|
||||
ARG VERSION
|
||||
ARG STRING
|
||||
ARG EDITION
|
||||
|
||||
RUN apk add bash make git curl gcc musl-dev libc-dev binutils-gold inotify-tools vips-dev
|
||||
|
||||
|
||||
@@ -105,19 +105,9 @@ func createResource(ctx context.Context, serviceName string) (*resource.Resource
|
||||
return resource.New(ctx,
|
||||
// Reads OTEL_RESOURCE_ATTRIBUTES and OTEL_SERVICE_NAME
|
||||
resource.WithFromEnv(),
|
||||
// Host Information
|
||||
// Host and process information
|
||||
resource.WithHost(),
|
||||
// Process Information
|
||||
// Resource WithProcessOwner is deliberately omitted because
|
||||
// inside containers where process might run as an arbitrary
|
||||
// uid without a username associated this would fail.
|
||||
resource.WithProcessPID(),
|
||||
resource.WithProcessCommandArgs(),
|
||||
resource.WithProcessExecutableName(),
|
||||
resource.WithProcessExecutablePath(),
|
||||
resource.WithProcessRuntimeDescription(),
|
||||
resource.WithProcessRuntimeName(),
|
||||
resource.WithProcessRuntimeVersion(),
|
||||
resource.WithProcess(),
|
||||
// Service attributes
|
||||
resource.WithAttributes(
|
||||
semconv.ServiceName(serviceName),
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
package version
|
||||
|
||||
// InitEdition exports the private edition initialization func for testing
|
||||
var InitEdition = initEdition
|
||||
@@ -1,27 +1,9 @@
|
||||
package version
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"slices"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/Masterminds/semver"
|
||||
"github.com/opencloud-eu/reva/v2/pkg/logger"
|
||||
)
|
||||
|
||||
const (
|
||||
|
||||
// Dev is used as a placeholder.
|
||||
Dev = "dev"
|
||||
// EditionDev indicates the development build channel was used to build the binary.
|
||||
EditionDev = Dev
|
||||
// EditionRolling indicates the rolling release build channel was used to build the binary.
|
||||
EditionRolling = "rolling"
|
||||
// EditionStable indicates the stable release build channel was used to build the binary.
|
||||
EditionStable = "stable"
|
||||
// EditionLTS indicates the lts release build channel was used to build the binary.
|
||||
EditionLTS = "lts"
|
||||
)
|
||||
|
||||
var (
|
||||
@@ -34,61 +16,22 @@ var (
|
||||
// LatestTag is the latest released version plus the dev meta version.
|
||||
// Will be overwritten by the release pipeline
|
||||
// Needs a manual change for every tagged release
|
||||
LatestTag = "4.0.3+dev"
|
||||
LatestTag = "4.0.0-rc.3+dev"
|
||||
|
||||
// Date indicates the build date.
|
||||
// This has been removed, it looks like you can only replace static strings with recent go versions
|
||||
//Date = time.Now().Format("20060102")
|
||||
Date = Dev
|
||||
Date = "dev"
|
||||
|
||||
// Legacy defines the old long 4 number OpenCloud version needed for some clients
|
||||
Legacy = "0.1.0.0"
|
||||
// LegacyString defines the old OpenCloud version needed for some clients
|
||||
LegacyString = "0.1.0"
|
||||
|
||||
// Edition describes the build channel (stable, rolling, nightly, daily, dev)
|
||||
Edition = Dev // default for self-compiled builds
|
||||
)
|
||||
|
||||
func init() { //nolint:gochecknoinits
|
||||
if err := initEdition(); err != nil {
|
||||
logger.New().Error().Err(err).Msg("falling back to dev")
|
||||
}
|
||||
}
|
||||
|
||||
func initEdition() error {
|
||||
regularEditions := []string{EditionDev, EditionRolling, EditionStable}
|
||||
versionedEditions := []string{EditionLTS}
|
||||
if !slices.ContainsFunc(slices.Concat(regularEditions, versionedEditions), func(s string) bool {
|
||||
isRegularEdition := slices.Contains(regularEditions, Edition)
|
||||
if isRegularEdition && s == Edition {
|
||||
return true
|
||||
}
|
||||
|
||||
// handle editions with a version
|
||||
editionParts := strings.Split(Edition, "-")
|
||||
if len(editionParts) != 2 { // a versioned edition channel must consist of exactly 2 parts.
|
||||
return false
|
||||
}
|
||||
|
||||
isVersionedEdition := slices.Contains(versionedEditions, editionParts[0])
|
||||
if !isVersionedEdition { // not all channels can contain version information
|
||||
return false
|
||||
}
|
||||
|
||||
_, err := semver.NewVersion(editionParts[1])
|
||||
return err == nil
|
||||
}) {
|
||||
Edition = Dev
|
||||
return fmt.Errorf(`unknown edition channel "%s"`, Edition)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// Compiled returns the compile time of this service.
|
||||
func Compiled() time.Time {
|
||||
if Date == Dev {
|
||||
if Date == "dev" {
|
||||
return time.Now()
|
||||
}
|
||||
t, _ := time.Parse("20060102", Date)
|
||||
|
||||
@@ -1,65 +0,0 @@
|
||||
package version_test
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"testing"
|
||||
|
||||
"github.com/opencloud-eu/opencloud/pkg/version"
|
||||
)
|
||||
|
||||
func TestChannel(t *testing.T) {
|
||||
tests := map[string]struct {
|
||||
got string
|
||||
valid bool
|
||||
}{
|
||||
"no channel, defaults to dev": {
|
||||
got: "",
|
||||
valid: false,
|
||||
},
|
||||
"dev channel": {
|
||||
got: version.EditionDev,
|
||||
valid: true,
|
||||
},
|
||||
"rolling channel": {
|
||||
got: version.EditionRolling,
|
||||
valid: true,
|
||||
},
|
||||
"stable channel": {
|
||||
got: version.EditionStable,
|
||||
valid: true,
|
||||
},
|
||||
"lts channel without version": {
|
||||
got: version.EditionLTS,
|
||||
valid: false,
|
||||
},
|
||||
"lts-1.0.0 channel": {
|
||||
got: fmt.Sprintf("%s-1", version.EditionLTS),
|
||||
valid: true,
|
||||
},
|
||||
"lts-one invalid version": {
|
||||
got: fmt.Sprintf("%s-one", version.EditionLTS),
|
||||
valid: false,
|
||||
},
|
||||
"known channel with version": {
|
||||
got: fmt.Sprintf("%s-1", version.EditionStable),
|
||||
valid: false,
|
||||
},
|
||||
"unknown channel": {
|
||||
got: "foo",
|
||||
valid: false,
|
||||
},
|
||||
}
|
||||
|
||||
for name, test := range tests {
|
||||
t.Run(name, func(t *testing.T) {
|
||||
version.Edition = test.got
|
||||
|
||||
switch err := version.InitEdition(); {
|
||||
case err != nil && !test.valid && version.Edition != version.Dev: // if a given edition is unknown, the value is always dev
|
||||
fallthrough
|
||||
case test.valid != (err == nil):
|
||||
t.Fatalf("invalid edition: %s", version.Edition)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
@@ -33,7 +33,7 @@ type Config struct {
|
||||
EnableFederatedSharingIncoming bool `yaml:"enable_federated_sharing_incoming" env:"OC_ENABLE_OCM;FRONTEND_ENABLE_FEDERATED_SHARING_INCOMING" desc:"Changing this value is NOT supported. Enables support for incoming federated sharing for clients. The backend behaviour is not changed." introductionVersion:"1.0.0"`
|
||||
EnableFederatedSharingOutgoing bool `yaml:"enable_federated_sharing_outgoing" env:"OC_ENABLE_OCM;FRONTEND_ENABLE_FEDERATED_SHARING_OUTGOING" desc:"Changing this value is NOT supported. Enables support for outgoing federated sharing for clients. The backend behaviour is not changed." introductionVersion:"1.0.0"`
|
||||
SearchMinLength int `yaml:"search_min_length" env:"FRONTEND_SEARCH_MIN_LENGTH" desc:"Minimum number of characters to enter before a client should start a search for Share receivers. This setting can be used to customize the user experience if e.g too many results are displayed." introductionVersion:"1.0.0"`
|
||||
Edition string `desc:"Edition of OpenCloud. Used for branding purposes." introductionVersion:"1.0.0"`
|
||||
Edition string `yaml:"edition" env:"OC_EDITION;FRONTEND_EDITION" desc:"Edition of OpenCloud. Used for branding purposes." introductionVersion:"1.0.0"`
|
||||
DisableSSE bool `yaml:"disable_sse" env:"OC_DISABLE_SSE;FRONTEND_DISABLE_SSE" desc:"When set to true, clients are informed that the Server-Sent Events endpoint is not accessible." introductionVersion:"1.0.0"`
|
||||
DisableRadicale bool `yaml:"disable_radicale" env:"FRONTEND_DISABLE_RADICALE" desc:"When set to true, clients are informed that the Radicale (CalDAV/CardDAV) is not accessible." introductionVersion:"4.0.0"`
|
||||
DefaultLinkPermissions int `yaml:"default_link_permissions" env:"FRONTEND_DEFAULT_LINK_PERMISSIONS" desc:"Defines the default permissions a link is being created with. Possible values are 0 (= internal link, for instance members only) and 1 (= public link with viewer permissions). Defaults to 1." introductionVersion:"1.0.0"`
|
||||
|
||||
@@ -5,7 +5,6 @@ import (
|
||||
|
||||
"github.com/opencloud-eu/opencloud/pkg/shared"
|
||||
"github.com/opencloud-eu/opencloud/pkg/structs"
|
||||
"github.com/opencloud-eu/opencloud/pkg/version"
|
||||
"github.com/opencloud-eu/opencloud/services/frontend/pkg/config"
|
||||
)
|
||||
|
||||
@@ -88,7 +87,7 @@ func DefaultConfig() *config.Config {
|
||||
DefaultUploadProtocol: "tus",
|
||||
DefaultLinkPermissions: 1,
|
||||
SearchMinLength: 3,
|
||||
Edition: version.Edition,
|
||||
Edition: "",
|
||||
CheckForUpdates: true,
|
||||
Checksums: config.Checksums{
|
||||
SupportedTypes: []string{"sha1", "md5", "adler32"},
|
||||
|
||||
@@ -346,7 +346,7 @@ func FrontendConfigFromStruct(cfg *config.Config, logger log.Logger) (map[string
|
||||
},
|
||||
"version": map[string]interface{}{
|
||||
"product": "OpenCloud",
|
||||
"edition": version.Edition,
|
||||
"edition": "",
|
||||
"major": version.ParsedLegacy().Major(),
|
||||
"minor": version.ParsedLegacy().Minor(),
|
||||
"micro": version.ParsedLegacy().Patch(),
|
||||
|
||||
@@ -80,5 +80,5 @@ type Status struct {
|
||||
Product string
|
||||
ProductName string
|
||||
ProductVersion string
|
||||
Edition string `desc:"Edition of OpenCloud. Used for branding purposes." introductionVersion:"1.0.0"`
|
||||
Edition string `yaml:"edition" env:"OC_EDITION;OCDAV_EDITION" desc:"Edition of OpenCloud. Used for branding purposes." introductionVersion:"1.0.0"`
|
||||
}
|
||||
|
||||
@@ -92,7 +92,7 @@ func DefaultConfig() *config.Config {
|
||||
ProductVersion: version.GetString(),
|
||||
Product: "OpenCloud",
|
||||
ProductName: "OpenCloud",
|
||||
Edition: version.Edition,
|
||||
Edition: "",
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
@@ -136,9 +136,6 @@ func (p Web) getPayload() (payload []byte, err error) {
|
||||
p.config.Web.Config.Apps = make([]string, 0)
|
||||
}
|
||||
|
||||
// ensure that the server url has a trailing slash
|
||||
p.config.Web.Config.Server = strings.TrimRight(p.config.Web.Config.Server, "/") + "/"
|
||||
|
||||
return json.Marshal(p.config.Web.Config)
|
||||
}
|
||||
|
||||
|
||||
@@ -33,7 +33,6 @@ use SimpleXMLElement;
|
||||
use Sabre\Xml\LibXMLException;
|
||||
use Sabre\Xml\Reader;
|
||||
use GuzzleHttp\Pool;
|
||||
use Symfony\Component\HttpFoundation\Response;
|
||||
|
||||
/**
|
||||
* Helper for HTTP requests
|
||||
@@ -75,6 +74,7 @@ class HttpRequestHelper {
|
||||
* than download it all up-front.
|
||||
* @param int|null $timeout
|
||||
* @param Client|null $client
|
||||
* @param string|null $bearerToken
|
||||
*
|
||||
* @return ResponseInterface
|
||||
* @throws GuzzleException
|
||||
@@ -92,42 +92,8 @@ class HttpRequestHelper {
|
||||
bool $stream = false,
|
||||
?int $timeout = 0,
|
||||
?Client $client = null,
|
||||
?string $bearerToken = null
|
||||
): ResponseInterface {
|
||||
$bearerToken = null;
|
||||
if (TokenHelper::useBearerToken() && $user && $user !== 'public') {
|
||||
$bearerToken = TokenHelper::getTokens($user, $password, $url)['access_token'];
|
||||
// check token is still valid
|
||||
$parsedUrl = parse_url($url);
|
||||
$baseUrl = $parsedUrl['scheme'] . '://' . $parsedUrl['host'];
|
||||
$baseUrl .= isset($parsedUrl['port']) ? ':' . $parsedUrl['port'] : '';
|
||||
$testUrl = $baseUrl . "/graph/v1.0/use/$user";
|
||||
if (OcHelper::isTestingOnReva()) {
|
||||
$url = $baseUrl . "/ocs/v2.php/cloud/users/$user";
|
||||
}
|
||||
// check token validity with a GET request
|
||||
$c = self::createClient(
|
||||
$user,
|
||||
$password,
|
||||
$config,
|
||||
$cookies,
|
||||
$stream,
|
||||
$timeout,
|
||||
$bearerToken
|
||||
);
|
||||
$testReq = self::createRequest($testUrl, $xRequestId, 'GET');
|
||||
try {
|
||||
$testRes = $c->send($testReq);
|
||||
} catch (RequestException $ex) {
|
||||
$testRes = $ex->getResponse();
|
||||
if ($testRes && $testRes->getStatusCode() === Response::HTTP_UNAUTHORIZED) {
|
||||
// token is invalid or expired, get a new one
|
||||
echo "[INFO] Bearer token expired or invalid, getting a new one...\n";
|
||||
TokenHelper::clearAllTokens();
|
||||
$bearerToken = TokenHelper::getTokens($user, $password, $url)['access_token'];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if ($client === null) {
|
||||
$client = self::createClient(
|
||||
$user,
|
||||
@@ -194,24 +160,6 @@ class HttpRequestHelper {
|
||||
}
|
||||
|
||||
HttpLogger::logResponse($response);
|
||||
|
||||
// wait for post-processing to finish if applicable
|
||||
if (WebdavHelper::isDAVRequest($url)
|
||||
&& \str_starts_with($url, OcHelper::getServerUrl())
|
||||
&& \in_array($method, ["PUT", "MOVE", "COPY"])
|
||||
&& \in_array($response->getStatusCode(), [Response::HTTP_CREATED, Response::HTTP_NO_CONTENT])
|
||||
&& OcConfigHelper::getPostProcessingDelay() === 0
|
||||
) {
|
||||
if (\in_array($method, ["MOVE", "COPY"])) {
|
||||
$url = $headers['Destination'];
|
||||
}
|
||||
WebDavHelper::waitForPostProcessingToFinish(
|
||||
$url,
|
||||
$user,
|
||||
$password,
|
||||
$headers,
|
||||
);
|
||||
}
|
||||
return $response;
|
||||
}
|
||||
|
||||
@@ -255,6 +203,13 @@ class HttpRequestHelper {
|
||||
} else {
|
||||
$debugResponses = false;
|
||||
}
|
||||
// use basic auth for 'public' user or no user
|
||||
if ($user === 'public' || $user === null || $user === '') {
|
||||
$bearerToken = null;
|
||||
} else {
|
||||
$useBearerToken = TokenHelper::useBearerToken();
|
||||
$bearerToken = $useBearerToken ? TokenHelper::getTokens($user, $password, $url)['access_token'] : null;
|
||||
}
|
||||
|
||||
$sendRetryLimit = self::numRetriesOnHttpTooEarly();
|
||||
$sendCount = 0;
|
||||
@@ -273,6 +228,7 @@ class HttpRequestHelper {
|
||||
$stream,
|
||||
$timeout,
|
||||
$client,
|
||||
$bearerToken,
|
||||
);
|
||||
|
||||
if ($response->getStatusCode() >= 400
|
||||
@@ -300,8 +256,7 @@ class HttpRequestHelper {
|
||||
// we need to repeat the send request, because we got HTTP_TOO_EARLY or HTTP_CONFLICT
|
||||
// wait 1 second before sending again, to give the server some time
|
||||
// to finish whatever post-processing it might be doing.
|
||||
echo "[INFO] Received '" . $response->getStatusCode() .
|
||||
"' status code, retrying request ($sendCount)...\n";
|
||||
self::debugResponse($response);
|
||||
\sleep(1);
|
||||
}
|
||||
} while ($loopAgain);
|
||||
|
||||
@@ -30,26 +30,6 @@ use Psr\Http\Message\ResponseInterface;
|
||||
* A helper class for configuring OpenCloud server
|
||||
*/
|
||||
class OcConfigHelper {
|
||||
public static $postProcessingDelay = 0;
|
||||
|
||||
/**
|
||||
* @return int
|
||||
*/
|
||||
public static function getPostProcessingDelay(): int {
|
||||
return self::$postProcessingDelay;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string $postProcessingDelay
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
public static function setPostProcessingDelay(string $postProcessingDelay): void {
|
||||
// extract number from string
|
||||
$delay = (int) filter_var($postProcessingDelay, FILTER_SANITIZE_NUMBER_INT);
|
||||
self::$postProcessingDelay = $delay;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string $url
|
||||
* @param string $method
|
||||
|
||||
@@ -84,9 +84,7 @@ class TokenHelper {
|
||||
$tokenData = [
|
||||
'access_token' => $refreshedToken['access_token'],
|
||||
'refresh_token' => $refreshedToken['refresh_token'],
|
||||
// set expiry to 240 (4 minutes) seconds to allow for some buffer
|
||||
// token actually expires in 300 seconds (5 minutes)
|
||||
'expires_at' => time() + 240
|
||||
'expires_at' => time() + 300 // 5 minutes
|
||||
];
|
||||
self::$tokenCache[$cacheKey] = $tokenData;
|
||||
return $tokenData;
|
||||
@@ -102,9 +100,7 @@ class TokenHelper {
|
||||
$tokenData = [
|
||||
'access_token' => $tokens['access_token'],
|
||||
'refresh_token' => $tokens['refresh_token'],
|
||||
// set expiry to 240 (4 minutes) seconds to allow for some buffer
|
||||
// token actually expires in 300 seconds (5 minutes)
|
||||
'expires_at' => time() + 240
|
||||
'expires_at' => time() + 290 // set expiry to 290 seconds to allow for some buffer
|
||||
];
|
||||
|
||||
// Save to cache
|
||||
|
||||
@@ -923,45 +923,4 @@ class WebDavHelper {
|
||||
$mtime = new DateTime($xmlPart[0]->__toString());
|
||||
return $mtime->format('U');
|
||||
}
|
||||
|
||||
/**
|
||||
* wait until the reqeust doesn't return 425 anymore
|
||||
*
|
||||
* @param string $url
|
||||
* @param ?string $user
|
||||
* @param ?string $password
|
||||
* @param ?array $headers
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
public static function waitForPostProcessingToFinish(
|
||||
string $url,
|
||||
?string $user = null,
|
||||
?string $password = null,
|
||||
?array $headers = [],
|
||||
): void {
|
||||
$retried = 0;
|
||||
do {
|
||||
$response = HttpRequestHelper::sendRequest(
|
||||
$url,
|
||||
'check-425-status',
|
||||
'GET',
|
||||
$user,
|
||||
$password,
|
||||
$headers,
|
||||
);
|
||||
$statusCode = $response->getStatusCode();
|
||||
if ($statusCode !== 425) {
|
||||
return;
|
||||
}
|
||||
$tryAgain = $retried < HttpRequestHelper::numRetriesOnHttpTooEarly();
|
||||
if ($tryAgain) {
|
||||
$retried += 1;
|
||||
echo "[INFO] Waiting for post processing to finish, attempt ($retried)...\n";
|
||||
// wait 1s and try again
|
||||
\sleep(1);
|
||||
}
|
||||
} while ($tryAgain);
|
||||
echo "[ERROR] 10 seconds timeout! Post processing did not finish in time.\n";
|
||||
}
|
||||
}
|
||||
|
||||
@@ -904,7 +904,7 @@ class CliContext implements Context {
|
||||
$userUuid = $this->featureContext->getAttributeOfCreatedUser($user, 'id');
|
||||
$storagePath = $this->getUsersStoragePath();
|
||||
$body = [
|
||||
"command" => "getfattr -n " . escapeshellarg($attribute) . " --only-values $storagePath/$userUuid/$file",
|
||||
"command" => "xattr -p -slz " . escapeshellarg($attribute) . " $storagePath/$userUuid/$file",
|
||||
"raw" => true
|
||||
];
|
||||
$this->featureContext->setResponse(CliHelper::runCommand($body));
|
||||
|
||||
@@ -2026,12 +2026,8 @@ class FeatureContext extends BehatVariablesContext {
|
||||
if ($response === null) {
|
||||
$response = $this->getResponse();
|
||||
}
|
||||
$body = (string)$response->getBody();
|
||||
if (!$body) {
|
||||
return [];
|
||||
}
|
||||
return \json_decode(
|
||||
$body,
|
||||
(string)$response->getBody(),
|
||||
true
|
||||
);
|
||||
}
|
||||
|
||||
@@ -377,7 +377,7 @@ class NotificationContext implements Context {
|
||||
}
|
||||
|
||||
/**
|
||||
* @Then /^user "([^"]*)" should get a notification with subject "([^"]*)" and message:$/
|
||||
* @Then /^user "([^"]*)" should (?:get|have) a notification with subject "([^"]*)" and message:$/
|
||||
*
|
||||
* @param string $user
|
||||
* @param string $subject
|
||||
@@ -411,10 +411,10 @@ class NotificationContext implements Context {
|
||||
throw new \Exception("Notification was not found even after retrying for 5 seconds.");
|
||||
}
|
||||
$expectedMessage = $table->getColumnsHash()[0]['message'];
|
||||
Assert::assertStringStartsWith(
|
||||
Assert::assertSame(
|
||||
$expectedMessage,
|
||||
$actualMessage,
|
||||
__METHOD__ . "expected message to start with '$expectedMessage' but found'$actualMessage'"
|
||||
__METHOD__ . "expected message to be '$expectedMessage' but found'$actualMessage'"
|
||||
);
|
||||
}
|
||||
|
||||
@@ -441,10 +441,10 @@ class NotificationContext implements Context {
|
||||
if (\count($notification) === 1) {
|
||||
$actualMessage = str_replace(["\r", "\r"], " ", $notification[0]->message);
|
||||
$expectedMessage = $table->getColumnsHash()[0]['message'];
|
||||
Assert::assertStringStartsWith(
|
||||
Assert::assertSame(
|
||||
$expectedMessage,
|
||||
$actualMessage,
|
||||
__METHOD__ . "expected message to start with '$expectedMessage' but found'$actualMessage'"
|
||||
__METHOD__ . "expected message to be '$expectedMessage' but found'$actualMessage'"
|
||||
);
|
||||
$response = $this->userDeletesNotification($user);
|
||||
$this->featureContext->theHTTPStatusCodeShouldBe(200, '', $response);
|
||||
@@ -462,7 +462,7 @@ class NotificationContext implements Context {
|
||||
}
|
||||
|
||||
/**
|
||||
* @Then user :user should not get a notification related to resource :resource with subject :subject
|
||||
* @Then user :user should not have a notification related to resource :resource with subject :subject
|
||||
*
|
||||
* @param string $user
|
||||
* @param string $resource
|
||||
|
||||
@@ -68,7 +68,6 @@ class OcConfigContext implements Context {
|
||||
$response->getStatusCode(),
|
||||
"Failed to set async upload with delayed post processing"
|
||||
);
|
||||
OcConfigHelper::setPostProcessingDelay($delayTime);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -91,9 +90,6 @@ class OcConfigContext implements Context {
|
||||
$response->getStatusCode(),
|
||||
"Failed to set config $configVariable=$configValue"
|
||||
);
|
||||
if ($configVariable === "POSTPROCESSING_DELAY") {
|
||||
OcConfigHelper::setPostProcessingDelay($configValue);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -188,9 +184,6 @@ class OcConfigContext implements Context {
|
||||
$envs = [];
|
||||
foreach ($table->getHash() as $row) {
|
||||
$envs[$row['config']] = $row['value'];
|
||||
if ($row['config'] === "POSTPROCESSING_DELAY") {
|
||||
OcConfigHelper::setPostProcessingDelay($row['value']);
|
||||
}
|
||||
}
|
||||
|
||||
$response = OcConfigHelper::reConfigureOc($envs);
|
||||
@@ -207,7 +200,6 @@ class OcConfigContext implements Context {
|
||||
* @return void
|
||||
*/
|
||||
public function rollbackOc(): void {
|
||||
OcConfigHelper::setPostProcessingDelay('0');
|
||||
$response = OcConfigHelper::rollbackOc();
|
||||
Assert::assertEquals(
|
||||
200,
|
||||
|
||||
@@ -607,7 +607,7 @@ trait Provisioning {
|
||||
Assert::assertEquals(
|
||||
201,
|
||||
$response->getStatusCode(),
|
||||
__METHOD__ . " cannot create user '$userName'.\nResponse:" .
|
||||
__METHOD__ . " cannot create user '$userName' using Graph API.\nResponse:" .
|
||||
json_encode($this->getJsonDecodedResponse($response))
|
||||
);
|
||||
|
||||
@@ -1083,7 +1083,7 @@ trait Provisioning {
|
||||
Assert::assertEquals(
|
||||
201,
|
||||
$response->getStatusCode(),
|
||||
__METHOD__ . " cannot create user '$user'.\nResponse:" .
|
||||
__METHOD__ . " cannot create user '$user' using Graph API.\nResponse:" .
|
||||
json_encode($this->getJsonDecodedResponse($response))
|
||||
);
|
||||
$userId = $this->getJsonDecodedResponse($response)['id'];
|
||||
|
||||
@@ -750,9 +750,6 @@ class SpacesContext implements Context {
|
||||
} else {
|
||||
$rawBody = $this->featureContext->getResponse()->getBody()->getContents();
|
||||
}
|
||||
if (!$rawBody) {
|
||||
throw new Exception(__METHOD__ . " - Response body is empty");
|
||||
}
|
||||
$drives = json_decode($rawBody, true, 512, JSON_THROW_ON_ERROR);
|
||||
if (isset($drives["value"])) {
|
||||
$drives = $drives["value"];
|
||||
|
||||
@@ -216,44 +216,6 @@ class TUSContext implements Context {
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* @When user :user sends a chunk to the last created TUS Location with offset :offset and data :data with retry on offset mismatch using the WebDAV API
|
||||
*
|
||||
* @param string $user
|
||||
* @param string $offset
|
||||
* @param string $data
|
||||
*
|
||||
* @return void
|
||||
*
|
||||
* @throws GuzzleException
|
||||
* @throws JsonException
|
||||
*/
|
||||
public function userSendsAChunkToTUSLocationWithOffsetAndDataWithRetryOnOffsetMismatch(
|
||||
string $user,
|
||||
string $offset,
|
||||
string $data,
|
||||
): void {
|
||||
$resourceLocation = $this->getLastTusResourceLocation();
|
||||
|
||||
$retried = 0;
|
||||
do {
|
||||
$tryAgain = false;
|
||||
$response = $this->uploadChunkToTUSLocation($user, $resourceLocation, $offset, $data);
|
||||
// retry on 409 Conflict (Offset mismatch during TUS upload)
|
||||
if ($response->getStatusCode() === 409) {
|
||||
$tryAgain = true;
|
||||
}
|
||||
$tryAgain = $tryAgain && $retried < HttpRequestHelper::numRetriesOnHttpTooEarly();
|
||||
if ($tryAgain) {
|
||||
$retried += 1;
|
||||
echo "Offset mismatch during TUS upload, retrying ($retried)...\n";
|
||||
// wait 1s and try again
|
||||
\sleep(1);
|
||||
}
|
||||
} while ($tryAgain);
|
||||
$this->featureContext->setResponse($response);
|
||||
}
|
||||
|
||||
/**
|
||||
* @When user :user sends a chunk to the last created TUS Location with offset :offset and data :data using the WebDAV API
|
||||
*
|
||||
|
||||
@@ -25,7 +25,6 @@ use GuzzleHttp\Exception\GuzzleException;
|
||||
use PHPUnit\Framework\Assert;
|
||||
use Psr\Http\Message\ResponseInterface;
|
||||
use GuzzleHttp\Stream\StreamInterface;
|
||||
use TestHelpers\OcConfigHelper;
|
||||
use TestHelpers\OcHelper;
|
||||
use TestHelpers\UploadHelper;
|
||||
use TestHelpers\WebDavHelper;
|
||||
@@ -744,7 +743,6 @@ trait WebDav {
|
||||
|
||||
/**
|
||||
* @When the user waits for :time seconds for postprocessing to finish
|
||||
* @When the user waits for :time seconds
|
||||
*
|
||||
* @param int $time
|
||||
*
|
||||
@@ -975,61 +973,6 @@ trait WebDav {
|
||||
$this->checkDownloadedContentMatches($content, '', $response);
|
||||
}
|
||||
|
||||
/**
|
||||
* check file content with retry
|
||||
*
|
||||
* @param string $user
|
||||
* @param string $fileName
|
||||
* @param string $content
|
||||
*
|
||||
* @return void
|
||||
* @throws Exception
|
||||
*/
|
||||
public function checkFileContentWithRetry(string $user, string $fileName, string $content): void {
|
||||
$retried = 0;
|
||||
do {
|
||||
$tryAgain = false;
|
||||
$response = $this->downloadFileAsUserUsingPassword($this->getActualUsername($user), $fileName);
|
||||
$status = $response->getStatusCode();
|
||||
$downloadedContent = $response->getBody()->getContents();
|
||||
if ($status !== 200) {
|
||||
$tryAgain = true;
|
||||
$message = "Expected '200' but got '$status'";
|
||||
} elseif ($downloadedContent !== $content) {
|
||||
$tryAgain = true;
|
||||
$message = "Expected content '$content' but got '$downloadedContent'";
|
||||
}
|
||||
$tryAgain = $tryAgain && $retried < HttpRequestHelper::numRetriesOnHttpTooEarly();
|
||||
if ($tryAgain) {
|
||||
$retried += 1;
|
||||
echo "[INFO] File content mismatch. $message, checking content again ($retried)...\n";
|
||||
|
||||
// break the loop if status is 425 as the request will already be retried
|
||||
if ($status === HttpRequestHelper::HTTP_TOO_EARLY) {
|
||||
break;
|
||||
}
|
||||
|
||||
// wait 1s and try again
|
||||
\sleep(1);
|
||||
}
|
||||
} while ($tryAgain);
|
||||
$this->theHTTPStatusCodeShouldBe(200, '', $response);
|
||||
$this->checkDownloadedContentMatches($content, '', $response);
|
||||
}
|
||||
|
||||
/**
|
||||
* @Then as :user the final content of file :fileName should be :content
|
||||
*
|
||||
* @param string $user
|
||||
* @param string $fileName
|
||||
* @param string $content
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
public function asUserFinalContentOfFileShouldBe(string $user, string $fileName, string $content): void {
|
||||
$this->checkFileContentWithRetry($user, $fileName, $content);
|
||||
}
|
||||
|
||||
/**
|
||||
* @Then /^the content of the following files for user "([^"]*)" should be "([^"]*)"$/
|
||||
*
|
||||
@@ -1321,18 +1264,20 @@ trait WebDav {
|
||||
$type
|
||||
);
|
||||
$statusCode = $response->getStatusCode();
|
||||
// when checking path with '..' it may return 405 Method Not Allowed
|
||||
if ($statusCode === 404 || $statusCode === 405) {
|
||||
return;
|
||||
}
|
||||
if ($statusCode === 207) {
|
||||
$responseXmlObject = HttpRequestHelper::getResponseXml(
|
||||
$response,
|
||||
__METHOD__
|
||||
);
|
||||
if ($statusCode < 400 || $statusCode > 499) {
|
||||
try {
|
||||
$responseXmlObject = HttpRequestHelper::getResponseXml(
|
||||
$response,
|
||||
__METHOD__
|
||||
);
|
||||
} catch (Exception $e) {
|
||||
Assert::fail(
|
||||
"$entry '$path' should not exist. But API returned $statusCode without XML in the body"
|
||||
);
|
||||
}
|
||||
Assert::assertTrue(
|
||||
$this->isEtagValid($this->getEtagFromResponseXmlObject($responseXmlObject)),
|
||||
"$entry '$path' should not exist but found with invalid etag."
|
||||
"$entry '$path' should not exist. But API returned $statusCode without an etag in the body"
|
||||
);
|
||||
$isCollection = $responseXmlObject->xpath("//d:prop/d:resourcetype/d:collection");
|
||||
if (\count($isCollection) === 0) {
|
||||
@@ -1346,11 +1291,7 @@ trait WebDav {
|
||||
"$entry '$path' should not exist. But it does."
|
||||
);
|
||||
}
|
||||
return;
|
||||
}
|
||||
Assert::fail(
|
||||
"$entry '$path' should not exist. But API returned $statusCode without XML in the body"
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -2329,11 +2270,6 @@ trait WebDav {
|
||||
"HTTP status code was not 201 or 204 while trying to upload file '$destination' for user '$user'",
|
||||
$response
|
||||
);
|
||||
|
||||
// check uploaded content only if post-processing delay is not configured
|
||||
if (OcConfigHelper::getPostProcessingDelay() === 0) {
|
||||
$this->checkFileContentWithRetry($user, $destination, $content);
|
||||
}
|
||||
return $response->getHeader('oc-fileid');
|
||||
}
|
||||
|
||||
|
||||
@@ -36,13 +36,13 @@ Feature: antivirus
|
||||
| <message> |
|
||||
And as "Alice" file "<new-file-name>" should not exist
|
||||
Examples:
|
||||
| dav-path-version | file-name | new-file-name | message |
|
||||
| old | eicar.com | virusFile1.txt | Virus found in virusFile1.txt. Upload not possible. Virus: |
|
||||
| old | eicar_com.zip | virusFile2.zip | Virus found in virusFile2.zip. Upload not possible. Virus: |
|
||||
| new | eicar.com | virusFile1.txt | Virus found in virusFile1.txt. Upload not possible. Virus: |
|
||||
| new | eicar_com.zip | virusFile2.zip | Virus found in virusFile2.zip. Upload not possible. Virus: |
|
||||
| spaces | eicar.com | virusFile1.txt | Virus found in virusFile1.txt. Upload not possible. Virus: |
|
||||
| spaces | eicar_com.zip | virusFile2.zip | Virus found in virusFile2.zip. Upload not possible. Virus: |
|
||||
| dav-path-version | file-name | new-file-name | message |
|
||||
| old | eicar.com | virusFile1.txt | Virus found in virusFile1.txt. Upload not possible. Virus: Win.Test.EICAR_HDB-1 |
|
||||
| old | eicar_com.zip | virusFile2.zip | Virus found in virusFile2.zip. Upload not possible. Virus: Win.Test.EICAR_HDB-1 |
|
||||
| new | eicar.com | virusFile1.txt | Virus found in virusFile1.txt. Upload not possible. Virus: Win.Test.EICAR_HDB-1 |
|
||||
| new | eicar_com.zip | virusFile2.zip | Virus found in virusFile2.zip. Upload not possible. Virus: Win.Test.EICAR_HDB-1 |
|
||||
| spaces | eicar.com | virusFile1.txt | Virus found in virusFile1.txt. Upload not possible. Virus: Win.Test.EICAR_HDB-1 |
|
||||
| spaces | eicar_com.zip | virusFile2.zip | Virus found in virusFile2.zip. Upload not possible. Virus: Win.Test.EICAR_HDB-1 |
|
||||
|
||||
|
||||
Scenario Outline: upload a file with virus and a file without virus
|
||||
@@ -64,13 +64,13 @@ Feature: antivirus
|
||||
Cheers.
|
||||
"""
|
||||
Examples:
|
||||
| dav-path-version | file-name | new-file-name | message |
|
||||
| old | eicar.com | virusFile1.txt | Virus found in virusFile1.txt. Upload not possible. Virus: |
|
||||
| old | eicar_com.zip | virusFile2.zip | Virus found in virusFile2.zip. Upload not possible. Virus: |
|
||||
| new | eicar.com | virusFile1.txt | Virus found in virusFile1.txt. Upload not possible. Virus: |
|
||||
| new | eicar_com.zip | virusFile2.zip | Virus found in virusFile2.zip. Upload not possible. Virus: |
|
||||
| spaces | eicar.com | virusFile1.txt | Virus found in virusFile1.txt. Upload not possible. Virus: |
|
||||
| spaces | eicar_com.zip | virusFile2.zip | Virus found in virusFile2.zip. Upload not possible. Virus: |
|
||||
| dav-path-version | file-name | new-file-name | message |
|
||||
| old | eicar.com | virusFile1.txt | Virus found in virusFile1.txt. Upload not possible. Virus: Win.Test.EICAR_HDB-1 |
|
||||
| old | eicar_com.zip | virusFile2.zip | Virus found in virusFile2.zip. Upload not possible. Virus: Win.Test.EICAR_HDB-1 |
|
||||
| new | eicar.com | virusFile1.txt | Virus found in virusFile1.txt. Upload not possible. Virus: Win.Test.EICAR_HDB-1 |
|
||||
| new | eicar_com.zip | virusFile2.zip | Virus found in virusFile2.zip. Upload not possible. Virus: Win.Test.EICAR_HDB-1 |
|
||||
| spaces | eicar.com | virusFile1.txt | Virus found in virusFile1.txt. Upload not possible. Virus: Win.Test.EICAR_HDB-1 |
|
||||
| spaces | eicar_com.zip | virusFile2.zip | Virus found in virusFile2.zip. Upload not possible. Virus: Win.Test.EICAR_HDB-1 |
|
||||
|
||||
|
||||
Scenario Outline: upload a file with virus in chunks
|
||||
@@ -83,8 +83,8 @@ Feature: antivirus
|
||||
# antivirus service can scan files during post-processing. on demand scanning is currently not available
|
||||
Then the HTTP status code should be "201"
|
||||
And user "Alice" should get a notification with subject "Virus found" and message:
|
||||
| message |
|
||||
| Virus found in myChunkedFile.txt. Upload not possible. Virus: |
|
||||
| message |
|
||||
| Virus found in myChunkedFile.txt. Upload not possible. Virus: Win.Test.EICAR_HDB-1 |
|
||||
And as "Alice" file "/myChunkedFile.txt" should not exist
|
||||
Examples:
|
||||
| dav-path-version |
|
||||
@@ -110,13 +110,13 @@ Feature: antivirus
|
||||
| <message> |
|
||||
And as "Alice" file "/uploadFolder/<new-file-name>" should not exist
|
||||
Examples:
|
||||
| dav-path-version | file-name | new-file-name | message |
|
||||
| old | eicar.com | virusFile1.txt | Virus found in virusFile1.txt. Upload not possible. Virus: |
|
||||
| old | eicar_com.zip | virusFile2.zip | Virus found in virusFile2.zip. Upload not possible. Virus: |
|
||||
| new | eicar.com | virusFile1.txt | Virus found in virusFile1.txt. Upload not possible. Virus: |
|
||||
| new | eicar_com.zip | virusFile2.zip | Virus found in virusFile2.zip. Upload not possible. Virus: |
|
||||
| spaces | eicar.com | virusFile1.txt | Virus found in virusFile1.txt. Upload not possible. Virus: |
|
||||
| spaces | eicar_com.zip | virusFile2.zip | Virus found in virusFile2.zip. Upload not possible. Virus: |
|
||||
| dav-path-version | file-name | new-file-name | message |
|
||||
| old | eicar.com | virusFile1.txt | Virus found in virusFile1.txt. Upload not possible. Virus: Win.Test.EICAR_HDB-1 |
|
||||
| old | eicar_com.zip | virusFile2.zip | Virus found in virusFile2.zip. Upload not possible. Virus: Win.Test.EICAR_HDB-1 |
|
||||
| new | eicar.com | virusFile1.txt | Virus found in virusFile1.txt. Upload not possible. Virus: Win.Test.EICAR_HDB-1 |
|
||||
| new | eicar_com.zip | virusFile2.zip | Virus found in virusFile2.zip. Upload not possible. Virus: Win.Test.EICAR_HDB-1 |
|
||||
| spaces | eicar.com | virusFile1.txt | Virus found in virusFile1.txt. Upload not possible. Virus: Win.Test.EICAR_HDB-1 |
|
||||
| spaces | eicar_com.zip | virusFile2.zip | Virus found in virusFile2.zip. Upload not possible. Virus: Win.Test.EICAR_HDB-1 |
|
||||
|
||||
@issue-10331
|
||||
Scenario Outline: public uploads a file with the virus to a password-protected public share
|
||||
@@ -136,13 +136,13 @@ Feature: antivirus
|
||||
| <message> |
|
||||
And as "Alice" file "/uploadFolder/<new-file-name>" should not exist
|
||||
Examples:
|
||||
| dav-path-version | file-name | new-file-name | message |
|
||||
| old | eicar.com | virusFile1.txt | Virus found in virusFile1.txt. Upload not possible. Virus: |
|
||||
| old | eicar_com.zip | virusFile2.zip | Virus found in virusFile2.zip. Upload not possible. Virus: |
|
||||
| new | eicar.com | virusFile1.txt | Virus found in virusFile1.txt. Upload not possible. Virus: |
|
||||
| new | eicar_com.zip | virusFile2.zip | Virus found in virusFile2.zip. Upload not possible. Virus: |
|
||||
| spaces | eicar.com | virusFile1.txt | Virus found in virusFile1.txt. Upload not possible. Virus: |
|
||||
| spaces | eicar_com.zip | virusFile2.zip | Virus found in virusFile2.zip. Upload not possible. Virus: |
|
||||
| dav-path-version | file-name | new-file-name | message |
|
||||
| old | eicar.com | virusFile1.txt | Virus found in virusFile1.txt. Upload not possible. Virus: Win.Test.EICAR_HDB-1 |
|
||||
| old | eicar_com.zip | virusFile2.zip | Virus found in virusFile2.zip. Upload not possible. Virus: Win.Test.EICAR_HDB-1 |
|
||||
| new | eicar.com | virusFile1.txt | Virus found in virusFile1.txt. Upload not possible. Virus: Win.Test.EICAR_HDB-1 |
|
||||
| new | eicar_com.zip | virusFile2.zip | Virus found in virusFile2.zip. Upload not possible. Virus: Win.Test.EICAR_HDB-1 |
|
||||
| spaces | eicar.com | virusFile1.txt | Virus found in virusFile1.txt. Upload not possible. Virus: Win.Test.EICAR_HDB-1 |
|
||||
| spaces | eicar_com.zip | virusFile2.zip | Virus found in virusFile2.zip. Upload not possible. Virus: Win.Test.EICAR_HDB-1 |
|
||||
|
||||
|
||||
Scenario Outline: upload a file with virus to a user share
|
||||
@@ -164,13 +164,13 @@ Feature: antivirus
|
||||
And as "Brian" file "/Shares/uploadFolder/<new-file-name>" should not exist
|
||||
And as "Alice" file "/uploadFolder/<new-file-name>" should not exist
|
||||
Examples:
|
||||
| dav-path-version | file-name | new-file-name | message |
|
||||
| old | eicar.com | virusFile1.txt | Virus found in virusFile1.txt. Upload not possible. Virus: |
|
||||
| old | eicar_com.zip | virusFile2.zip | Virus found in virusFile2.zip. Upload not possible. Virus: |
|
||||
| new | eicar.com | virusFile1.txt | Virus found in virusFile1.txt. Upload not possible. Virus: |
|
||||
| new | eicar_com.zip | virusFile2.zip | Virus found in virusFile2.zip. Upload not possible. Virus: |
|
||||
| spaces | eicar.com | virusFile1.txt | Virus found in virusFile1.txt. Upload not possible. Virus: |
|
||||
| spaces | eicar_com.zip | virusFile2.zip | Virus found in virusFile2.zip. Upload not possible. Virus: |
|
||||
| dav-path-version | file-name | new-file-name | message |
|
||||
| old | eicar.com | virusFile1.txt | Virus found in virusFile1.txt. Upload not possible. Virus: Win.Test.EICAR_HDB-1 |
|
||||
| old | eicar_com.zip | virusFile2.zip | Virus found in virusFile2.zip. Upload not possible. Virus: Win.Test.EICAR_HDB-1 |
|
||||
| new | eicar.com | virusFile1.txt | Virus found in virusFile1.txt. Upload not possible. Virus: Win.Test.EICAR_HDB-1 |
|
||||
| new | eicar_com.zip | virusFile2.zip | Virus found in virusFile2.zip. Upload not possible. Virus: Win.Test.EICAR_HDB-1 |
|
||||
| spaces | eicar.com | virusFile1.txt | Virus found in virusFile1.txt. Upload not possible. Virus: Win.Test.EICAR_HDB-1 |
|
||||
| spaces | eicar_com.zip | virusFile2.zip | Virus found in virusFile2.zip. Upload not possible. Virus: Win.Test.EICAR_HDB-1 |
|
||||
|
||||
|
||||
Scenario Outline: upload a file with virus to a group share
|
||||
@@ -194,13 +194,13 @@ Feature: antivirus
|
||||
And as "Brian" file "/Shares/uploadFolder/<new-file-name>" should not exist
|
||||
And as "Alice" file "/uploadFolder/<new-file-name>" should not exist
|
||||
Examples:
|
||||
| dav-path-version | file-name | new-file-name | message |
|
||||
| old | eicar.com | virusFile1.txt | Virus found in virusFile1.txt. Upload not possible. Virus: |
|
||||
| old | eicar_com.zip | virusFile2.zip | Virus found in virusFile2.zip. Upload not possible. Virus: |
|
||||
| new | eicar.com | virusFile1.txt | Virus found in virusFile1.txt. Upload not possible. Virus: |
|
||||
| new | eicar_com.zip | virusFile2.zip | Virus found in virusFile2.zip. Upload not possible. Virus: |
|
||||
| spaces | eicar.com | virusFile1.txt | Virus found in virusFile1.txt. Upload not possible. Virus: |
|
||||
| spaces | eicar_com.zip | virusFile2.zip | Virus found in virusFile2.zip. Upload not possible. Virus: |
|
||||
| dav-path-version | file-name | new-file-name | message |
|
||||
| old | eicar.com | virusFile1.txt | Virus found in virusFile1.txt. Upload not possible. Virus: Win.Test.EICAR_HDB-1 |
|
||||
| old | eicar_com.zip | virusFile2.zip | Virus found in virusFile2.zip. Upload not possible. Virus: Win.Test.EICAR_HDB-1 |
|
||||
| new | eicar.com | virusFile1.txt | Virus found in virusFile1.txt. Upload not possible. Virus: Win.Test.EICAR_HDB-1 |
|
||||
| new | eicar_com.zip | virusFile2.zip | Virus found in virusFile2.zip. Upload not possible. Virus: Win.Test.EICAR_HDB-1 |
|
||||
| spaces | eicar.com | virusFile1.txt | Virus found in virusFile1.txt. Upload not possible. Virus: Win.Test.EICAR_HDB-1 |
|
||||
| spaces | eicar_com.zip | virusFile2.zip | Virus found in virusFile2.zip. Upload not possible. Virus: Win.Test.EICAR_HDB-1 |
|
||||
|
||||
|
||||
Scenario Outline: upload a file with virus to a project space
|
||||
@@ -223,9 +223,9 @@ Feature: antivirus
|
||||
And for user "Alice" the space "new-space" should not contain these entries:
|
||||
| /<new-file-name> |
|
||||
Examples:
|
||||
| file-name | new-file-name | message |
|
||||
| eicar.com | virusFile1.txt | Virus found in virusFile1.txt. Upload not possible. Virus: |
|
||||
| eicar_com.zip | virusFile2.zip | Virus found in virusFile2.zip. Upload not possible. Virus: |
|
||||
| file-name | new-file-name | message |
|
||||
| eicar.com | virusFile1.txt | Virus found in virusFile1.txt. Upload not possible. Virus: Win.Test.EICAR_HDB-1 |
|
||||
| eicar_com.zip | virusFile2.zip | Virus found in virusFile2.zip. Upload not possible. Virus: Win.Test.EICAR_HDB-1 |
|
||||
|
||||
|
||||
Scenario Outline: upload a file with virus to a shared project space
|
||||
@@ -248,9 +248,9 @@ Feature: antivirus
|
||||
And for user "Alice" the space "new-space" should not contain these entries:
|
||||
| /<new-file-name> |
|
||||
Examples:
|
||||
| file-name | new-file-name | message |
|
||||
| eicar.com | virusFile1.txt | Virus found in virusFile1.txt. Upload not possible. Virus: |
|
||||
| eicar_com.zip | virusFile2.zip | Virus found in virusFile2.zip. Upload not possible. Virus: |
|
||||
| file-name | new-file-name | message |
|
||||
| eicar.com | virusFile1.txt | Virus found in virusFile1.txt. Upload not possible. Virus: Win.Test.EICAR_HDB-1 |
|
||||
| eicar_com.zip | virusFile2.zip | Virus found in virusFile2.zip. Upload not possible. Virus: Win.Test.EICAR_HDB-1 |
|
||||
|
||||
@env-config @issue-6494
|
||||
Scenario Outline: upload a file with virus by setting antivirus infected file handling config to continue
|
||||
@@ -272,8 +272,8 @@ Feature: antivirus
|
||||
When user "Alice" uploads file "filesForUpload/filesWithVirus/eicar.com" to "/aFileWithVirus.txt" using the WebDAV API
|
||||
Then the HTTP status code should be "201"
|
||||
And user "Alice" should get a notification with subject "Virus found" and message:
|
||||
| message |
|
||||
| Virus found in aFileWithVirus.txt. Upload not possible. Virus: |
|
||||
| message |
|
||||
| Virus found in aFileWithVirus.txt. Upload not possible. Virus: Win.Test.EICAR_HDB-1 |
|
||||
And as "Alice" file "/aFileWithVirus.txt" should not exist
|
||||
Examples:
|
||||
| dav-path-version |
|
||||
@@ -306,12 +306,12 @@ Feature: antivirus
|
||||
And as "Alice" file "/aFileWithVirus.txt" should not exist
|
||||
Examples:
|
||||
| dav-path-version | language | subject | message |
|
||||
| old | es | Virus encontrado | Virus encontrado en aFileWithVirus.txt. La subida no ha sido posible. Virus: |
|
||||
| new | es | Virus encontrado | Virus encontrado en aFileWithVirus.txt. La subida no ha sido posible. Virus: |
|
||||
| spaces | es | Virus encontrado | Virus encontrado en aFileWithVirus.txt. La subida no ha sido posible. Virus: |
|
||||
| old | de | Virus gefunden | In aFileWithVirus.txt wurde potenziell schädlicher Code gefunden. Das Hochladen wurde abgebrochen. Grund: |
|
||||
| new | de | Virus gefunden | In aFileWithVirus.txt wurde potenziell schädlicher Code gefunden. Das Hochladen wurde abgebrochen. Grund: |
|
||||
| spaces | de | Virus gefunden | In aFileWithVirus.txt wurde potenziell schädlicher Code gefunden. Das Hochladen wurde abgebrochen. Grund: |
|
||||
| old | es | Virus encontrado | Virus encontrado en aFileWithVirus.txt. La subida no ha sido posible. Virus: Win.Test.EICAR_HDB-1 |
|
||||
| new | es | Virus encontrado | Virus encontrado en aFileWithVirus.txt. La subida no ha sido posible. Virus: Win.Test.EICAR_HDB-1 |
|
||||
| spaces | es | Virus encontrado | Virus encontrado en aFileWithVirus.txt. La subida no ha sido posible. Virus: Win.Test.EICAR_HDB-1 |
|
||||
| old | de | Virus gefunden | In aFileWithVirus.txt wurde potenziell schädlicher Code gefunden. Das Hochladen wurde abgebrochen. Grund: Win.Test.EICAR_HDB-1 |
|
||||
| new | de | Virus gefunden | In aFileWithVirus.txt wurde potenziell schädlicher Code gefunden. Das Hochladen wurde abgebrochen. Grund: Win.Test.EICAR_HDB-1 |
|
||||
| spaces | de | Virus gefunden | In aFileWithVirus.txt wurde potenziell schädlicher Code gefunden. Das Hochladen wurde abgebrochen. Grund: Win.Test.EICAR_HDB-1 |
|
||||
|
||||
@issue-enterprise-5709
|
||||
Scenario Outline: try to create a version of file by uploading virus content
|
||||
@@ -321,8 +321,8 @@ Feature: antivirus
|
||||
When user "Alice" uploads file with content "X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*" to "test.txt" using the WebDAV API
|
||||
Then the HTTP status code should be "204"
|
||||
And user "Alice" should get a notification with subject "Virus found" and message:
|
||||
| message |
|
||||
| Virus found in test.txt. Upload not possible. Virus: |
|
||||
| message |
|
||||
| Virus found in test.txt. Upload not possible. Virus: Win.Test.EICAR_HDB-1 |
|
||||
And as "Alice" file "/test.txt" should exist
|
||||
And the version folder of file "/test.txt" for user "Alice" should contain "1" element
|
||||
And the content of file "/test.txt" for user "Alice" should be "hello nepal"
|
||||
@@ -348,8 +348,8 @@ Feature: antivirus
|
||||
When the public overwrites file "test.txt" with content "X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*" using the public WebDAV API
|
||||
Then the HTTP status code should be "204"
|
||||
And user "Alice" should get a notification with subject "Virus found" and message:
|
||||
| message |
|
||||
| Virus found in test.txt. Upload not possible. Virus: |
|
||||
| message |
|
||||
| Virus found in test.txt. Upload not possible. Virus: Win.Test.EICAR_HDB-1 |
|
||||
And the content of file "/test.txt" for user "Alice" should be "hello"
|
||||
Examples:
|
||||
| dav-path-version |
|
||||
@@ -375,8 +375,8 @@ Feature: antivirus
|
||||
When user "Brian" uploads file with content "X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*" to "Shares/test.txt" using the WebDAV API
|
||||
Then the HTTP status code should be "204"
|
||||
And user "Brian" should get a notification with subject "Virus found" and message:
|
||||
| message |
|
||||
| Virus found in test.txt. Upload not possible. Virus: |
|
||||
| message |
|
||||
| Virus found in test.txt. Upload not possible. Virus: Win.Test.EICAR_HDB-1 |
|
||||
And the content of file "/test.txt" for user "Alice" should be "hello"
|
||||
And the content of file "Shares/test.txt" for user "Brian" should be "hello"
|
||||
Examples:
|
||||
@@ -409,15 +409,15 @@ Feature: antivirus
|
||||
When user "Brian" uploads file with content "X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*" to "Shares/uploadFolder/test.txt" using the WebDAV API
|
||||
Then the HTTP status code should be "204"
|
||||
And user "Brian" should get a notification for resource "test.txt" with subject "Virus found" and message:
|
||||
| message |
|
||||
| Virus found in test.txt. Upload not possible. Virus: |
|
||||
| message |
|
||||
| Virus found in test.txt. Upload not possible. Virus: Win.Test.EICAR_HDB-1 |
|
||||
And the content of file "Shares/uploadFolder/test.txt" for user "Brian" should be "this is a test file."
|
||||
And the content of file "uploadFolder/test.txt" for user "Alice" should be "this is a test file."
|
||||
When user "Brian" uploads file with content "X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*" to "Shares/test.txt" using the WebDAV API
|
||||
Then the HTTP status code should be "204"
|
||||
And user "Brian" should get a notification for resource "test.txt" with subject "Virus found" and message:
|
||||
| message |
|
||||
| Virus found in test.txt. Upload not possible. Virus: |
|
||||
| message |
|
||||
| Virus found in test.txt. Upload not possible. Virus: Win.Test.EICAR_HDB-1 |
|
||||
And the content of file "Shares/test.txt" for user "Brian" should be "this is a test file."
|
||||
And the content of file "/test.txt" for user "Alice" should be "this is a test file."
|
||||
Examples:
|
||||
@@ -436,8 +436,8 @@ Feature: antivirus
|
||||
When user "Alice" uploads a file inside space "new-space" with content "X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*" to ".space/readme.md" using the WebDAV API
|
||||
Then the HTTP status code should be "204"
|
||||
And user "Alice" should get a notification with subject "Virus found" and message:
|
||||
| message |
|
||||
| Virus found in readme.md. Upload not possible. Virus: |
|
||||
| message |
|
||||
| Virus found in readme.md. Upload not possible. Virus: Win.Test.EICAR_HDB-1 |
|
||||
And for user "Alice" the content of the file ".space/readme.md" of the space "new-space" should be "Here you can add a description for this Space."
|
||||
|
||||
|
||||
@@ -457,8 +457,8 @@ Feature: antivirus
|
||||
When user "Brian" uploads a file inside space "new-space" with content "X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*" to ".space/readme.md" using the WebDAV API
|
||||
Then the HTTP status code should be "204"
|
||||
And user "Brian" should get a notification with subject "Virus found" and message:
|
||||
| message |
|
||||
| Virus found in readme.md. Upload not possible. Virus: |
|
||||
| message |
|
||||
| Virus found in readme.md. Upload not possible. Virus: Win.Test.EICAR_HDB-1 |
|
||||
And for user "Brian" the content of the file ".space/readme.md" of the space "new-space" should be "Here you can add a description for this Space."
|
||||
And for user "Alice" the content of the file ".space/readme.md" of the space "new-space" should be "Here you can add a description for this Space."
|
||||
|
||||
@@ -477,7 +477,7 @@ Feature: antivirus
|
||||
When user "Brian" uploads a file "filesForUpload/filesWithVirus/eicar.com" to "text.txt" in space "new-space" using the WebDAV API
|
||||
Then the HTTP status code should be "204"
|
||||
And user "Brian" should get a notification with subject "Virus found" and message:
|
||||
| message |
|
||||
| Virus found in text.txt. Upload not possible. Virus: |
|
||||
| message |
|
||||
| Virus found in text.txt. Upload not possible. Virus: Win.Test.EICAR_HDB-1 |
|
||||
And for user "Brian" the content of the file "/text.txt" of the space "new-space" should be "hello world"
|
||||
And for user "Alice" the content of the file "/text.txt" of the space "new-space" should be "hello world"
|
||||
|
||||
@@ -27,10 +27,10 @@ Feature: Delete notification
|
||||
Scenario: delete a notification
|
||||
When user "Brian" deletes a notification related to resource "my_data" with subject "Resource shared"
|
||||
Then the HTTP status code should be "200"
|
||||
And user "Brian" should get a notification with subject "Resource shared" and message:
|
||||
And user "Brian" should have a notification with subject "Resource shared" and message:
|
||||
| message |
|
||||
| Alice Hansen shared textfile1.txt with you |
|
||||
But user "Brian" should not get a notification related to resource "my_data" with subject "Resource shared"
|
||||
But user "Brian" should not have a notification related to resource "my_data" with subject "Resource shared"
|
||||
|
||||
|
||||
Scenario: delete all notifications
|
||||
|
||||
@@ -29,7 +29,7 @@ Feature: create a resources using collaborative posixfs
|
||||
Scenario: create file
|
||||
When the administrator creates the file "test.txt" with content "content" for user "Alice" on the POSIX filesystem
|
||||
Then the command should be successful
|
||||
And as "Alice" the final content of file "test.txt" should be "content"
|
||||
And the content of file "/test.txt" for user "Alice" should be "content"
|
||||
|
||||
|
||||
Scenario: create large file
|
||||
@@ -41,22 +41,21 @@ Feature: create a resources using collaborative posixfs
|
||||
Scenario: creates files sequentially in a folder
|
||||
When the administrator creates 50 files sequentially in the directory "firstFolder" for user "Alice" on the POSIX filesystem
|
||||
Then the command should be successful
|
||||
And as "Alice" the final content of file "/firstFolder/file_1.txt" should be "file 1 content"
|
||||
And as "Alice" the final content of file "/firstFolder/file_50.txt" should be "file 50 content"
|
||||
And the content of file "/firstFolder/file_1.txt" for user "Alice" should be "file 1 content"
|
||||
And the content of file "/firstFolder/file_50.txt" for user "Alice" should be "file 50 content"
|
||||
|
||||
|
||||
Scenario: creates files in parallel in a folder
|
||||
When the administrator creates 100 files in parallel in the directory "firstFolder" for user "Alice" on the POSIX filesystem
|
||||
Then the command should be successful
|
||||
And as "Alice" the final content of file "/firstFolder/parallel_1.txt" should be "parallel file 1 content"
|
||||
And as "Alice" the final content of file "/firstFolder/parallel_100.txt" should be "parallel file 100 content"
|
||||
And the content of file "/firstFolder/parallel_1.txt" for user "Alice" should be "parallel file 1 content"
|
||||
And the content of file "/firstFolder/parallel_100.txt" for user "Alice" should be "parallel file 100 content"
|
||||
|
||||
|
||||
Scenario: edit file
|
||||
Given user "Alice" has uploaded file with content "content" to "test.txt"
|
||||
When the administrator puts the content "new" into the file "test.txt" in the POSIX storage folder of user "Alice"
|
||||
Then the command should be successful
|
||||
And as "Alice" the final content of file "test.txt" should be "contentnew"
|
||||
Then the content of file "/test.txt" for user "Alice" should be "contentnew"
|
||||
|
||||
|
||||
Scenario: read file content
|
||||
@@ -69,28 +68,28 @@ Feature: create a resources using collaborative posixfs
|
||||
Given user "Alice" has uploaded file with content "content" to "test.txt"
|
||||
When the administrator copies the file "test.txt" to the folder "firstFolder" for user "Alice" on the POSIX filesystem
|
||||
Then the command should be successful
|
||||
And as "Alice" the final content of file "/firstFolder/test.txt" should be "content"
|
||||
And the content of file "/firstFolder/test.txt" for user "Alice" should be "content"
|
||||
|
||||
|
||||
Scenario: rename file
|
||||
Given user "Alice" has uploaded file with content "content" to "test.txt"
|
||||
When the administrator renames the file "test.txt" to "new-name.txt" for user "Alice" on the POSIX filesystem
|
||||
Then the command should be successful
|
||||
And as "Alice" the final content of file "/new-name.txt" should be "content"
|
||||
And the content of file "/new-name.txt" for user "Alice" should be "content"
|
||||
|
||||
|
||||
Scenario: rename a created file
|
||||
Given the administrator has created the file "test.txt" with content "content" for user "Alice" on the POSIX filesystem
|
||||
When the administrator renames the file "test.txt" to "test.md" for user "Alice" on the POSIX filesystem
|
||||
Then the command should be successful
|
||||
And as "Alice" the final content of file "/test.md" should be "content"
|
||||
And the content of file "/test.md" for user "Alice" should be "content"
|
||||
|
||||
|
||||
Scenario: move file to folder
|
||||
Given user "Alice" has uploaded file with content "content" to "test.txt"
|
||||
When the administrator moves the file "test.txt" to the folder "firstFolder" for user "Alice" on the POSIX filesystem
|
||||
Then the command should be successful
|
||||
And as "Alice" the final content of file "/firstFolder/test.txt" should be "content"
|
||||
And the content of file "/firstFolder/test.txt" for user "Alice" should be "content"
|
||||
And as "Alice" file "/test.txt" should not exist
|
||||
|
||||
|
||||
@@ -188,4 +187,4 @@ Feature: create a resources using collaborative posixfs
|
||||
And the administrator renames the file "test.txt" to "renamed.txt" for user "Alice" on the POSIX filesystem
|
||||
And the administrator checks the attribute "user.oc.name" of file "renamed.txt" for user "Alice" on the POSIX filesystem
|
||||
Then the command output should contain "renamed.txt"
|
||||
And as "Alice" the final content of file "/renamed.txt" should be "content"
|
||||
And the content of file "/renamed.txt" for user "Alice" should be "content"
|
||||
|
||||
@@ -50,7 +50,8 @@ Feature: low level tests for upload of chunks
|
||||
| Upload-Metadata | filename ZmlsZS50eHQ= |
|
||||
When user "Alice" sends a chunk to the last created TUS Location with offset "0" and data "123" using the WebDAV API
|
||||
And user "Alice" sends a chunk to the last created TUS Location with offset "3" and data "4567890" using the WebDAV API
|
||||
And user "Alice" sends a chunk to the last created TUS Location with offset "3" and data "0000000" with retry on offset mismatch using the WebDAV API
|
||||
And the user waits for "2" seconds for postprocessing to finish
|
||||
And user "Alice" sends a chunk to the last created TUS Location with offset "3" and data "0000000" using the WebDAV API
|
||||
Then the HTTP status code should be "404"
|
||||
And the content of file "/file.txt" for user "Alice" should be "1234567890"
|
||||
Examples:
|
||||
@@ -60,22 +61,6 @@ Feature: low level tests for upload of chunks
|
||||
| spaces |
|
||||
|
||||
|
||||
Scenario Outline: send last chunk with mismatch offset
|
||||
Given using <dav-path-version> DAV path
|
||||
And user "Alice" has created a new TUS resource on the WebDAV API with these headers:
|
||||
| Upload-Length | 10 |
|
||||
# ZmlsZS50eHQ= is the base64 encode of file.txt
|
||||
| Upload-Metadata | filename ZmlsZS50eHQ= |
|
||||
When user "Alice" sends a chunk to the last created TUS Location with offset "0" and data "123" using the WebDAV API
|
||||
And user "Alice" sends a chunk to the last created TUS Location with offset "2" and data "34567890" using the WebDAV API
|
||||
Then the HTTP status code should be "409"
|
||||
Examples:
|
||||
| dav-path-version |
|
||||
| old |
|
||||
| new |
|
||||
| spaces |
|
||||
|
||||
|
||||
Scenario Outline: start with uploading not at the beginning of the file
|
||||
Given using <dav-path-version> DAV path
|
||||
And user "Alice" has created a new TUS resource on the WebDAV API with these headers:
|
||||
|
||||
140
vendor/github.com/opencloud-eu/reva/v2/internal/grpc/interceptors/auth/scope.go
generated
vendored
140
vendor/github.com/opencloud-eu/reva/v2/internal/grpc/interceptors/auth/scope.go
generated
vendored
@@ -21,7 +21,6 @@ package auth
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
@@ -131,13 +130,8 @@ func expandAndVerifyScope(ctx context.Context, req interface{}, tokenScope map[s
|
||||
}
|
||||
|
||||
func resolveLightweightScope(ctx context.Context, ref *provider.Reference, scope *authpb.Scope, user *userpb.User, client gateway.GatewayAPIClient, mgr token.Manager) error {
|
||||
refString, err := storagespace.FormatReference(ref)
|
||||
if err != nil {
|
||||
// cannot format reference, so cannot be valid
|
||||
return errtypes.PermissionDenied("invalid reference")
|
||||
}
|
||||
// Check if this ref is cached
|
||||
key := "lw:" + user.Id.OpaqueId + scopeDelimiter + refString
|
||||
key := "lw:" + user.Id.OpaqueId + scopeDelimiter + getRefKey(ref)
|
||||
if _, err := scopeExpansionCache.Get(key); err == nil {
|
||||
return nil
|
||||
}
|
||||
@@ -170,7 +164,13 @@ func resolvePublicShare(ctx context.Context, ref *provider.Reference, scope *aut
|
||||
return err
|
||||
}
|
||||
|
||||
return checkCacheForNestedResource(ctx, ref, share.ResourceId, client, mgr)
|
||||
if err := checkCacheForNestedResource(ctx, ref, share.ResourceId, client, mgr); err == nil {
|
||||
return nil
|
||||
}
|
||||
|
||||
// Some services like wopi don't access the shared resource relative to the
|
||||
// share root but instead relative to the shared resources parent.
|
||||
return checkRelativeReference(ctx, ref, share.ResourceId, client)
|
||||
}
|
||||
|
||||
func resolveOCMShare(ctx context.Context, ref *provider.Reference, scope *authpb.Scope, client gateway.GatewayAPIClient, mgr token.Manager) error {
|
||||
@@ -184,7 +184,54 @@ func resolveOCMShare(ctx context.Context, ref *provider.Reference, scope *authpb
|
||||
ref.ResourceId = share.GetResourceId()
|
||||
}
|
||||
|
||||
return checkCacheForNestedResource(ctx, ref, share.ResourceId, client, mgr)
|
||||
if err := checkCacheForNestedResource(ctx, ref, share.ResourceId, client, mgr); err == nil {
|
||||
return nil
|
||||
}
|
||||
|
||||
// Some services like wopi don't access the shared resource relative to the
|
||||
// share root but instead relative to the shared resources parent.
|
||||
return checkRelativeReference(ctx, ref, share.ResourceId, client)
|
||||
}
|
||||
|
||||
// checkRelativeReference checks if the shared resource is being accessed via a relative reference
|
||||
// e.g.:
|
||||
// storage: abcd, space: efgh
|
||||
// /root (id: efgh)
|
||||
// - New file.txt (id: ijkl) <- shared resource
|
||||
//
|
||||
// If the requested reference looks like this:
|
||||
// Reference{ResourceId: {StorageId: "abcd", SpaceId: "efgh"}, Path: "./New file.txt"}
|
||||
// then the request is considered relative and this function would return true.
|
||||
// Only references which are relative to the immediate parent of a resource are considered valid.
|
||||
func checkRelativeReference(ctx context.Context, requested *provider.Reference, sharedResourceID *provider.ResourceId, client gateway.GatewayAPIClient) error {
|
||||
sRes, err := client.Stat(ctx, &provider.StatRequest{Ref: &provider.Reference{ResourceId: sharedResourceID}})
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if sRes.Status.Code != rpc.Code_CODE_OK {
|
||||
return statuspkg.NewErrorFromCode(sRes.Status.Code, "auth interceptor")
|
||||
}
|
||||
|
||||
sharedResource := sRes.Info
|
||||
|
||||
// Is this a shared space
|
||||
if sharedResource.ParentId == nil {
|
||||
// Is the requested resource part of the shared space?
|
||||
if requested.ResourceId.StorageId != sharedResource.Id.StorageId || requested.ResourceId.SpaceId != sharedResource.Id.SpaceId {
|
||||
return errtypes.PermissionDenied("space access forbidden via public link")
|
||||
}
|
||||
} else {
|
||||
parentID := sharedResource.ParentId
|
||||
parentID.StorageId = sharedResource.Id.StorageId
|
||||
|
||||
if !utils.ResourceIDEqual(parentID, requested.ResourceId) && utils.MakeRelativePath(sharedResource.Path) != requested.Path {
|
||||
return errtypes.PermissionDenied("access forbidden via public link")
|
||||
}
|
||||
}
|
||||
|
||||
key := storagespace.FormatResourceID(sharedResourceID) + scopeDelimiter + getRefKey(requested)
|
||||
_ = scopeExpansionCache.SetWithExpire(key, nil, scopeCacheExpiration*time.Second)
|
||||
return nil
|
||||
}
|
||||
|
||||
func resolveUserShare(ctx context.Context, ref *provider.Reference, scope *authpb.Scope, client gateway.GatewayAPIClient, mgr token.Manager) error {
|
||||
@@ -198,14 +245,8 @@ func resolveUserShare(ctx context.Context, ref *provider.Reference, scope *authp
|
||||
}
|
||||
|
||||
func checkCacheForNestedResource(ctx context.Context, ref *provider.Reference, resource *provider.ResourceId, client gateway.GatewayAPIClient, mgr token.Manager) error {
|
||||
refString, err := storagespace.FormatReference(ref)
|
||||
if err != nil {
|
||||
// cannot format reference, so cannot be valid
|
||||
return errtypes.PermissionDenied("invalid reference")
|
||||
}
|
||||
|
||||
// Check if this ref is cached
|
||||
key := storagespace.FormatResourceID(resource) + scopeDelimiter + refString
|
||||
key := storagespace.FormatResourceID(resource) + scopeDelimiter + getRefKey(ref)
|
||||
if _, err := scopeExpansionCache.Get(key); err == nil {
|
||||
return nil
|
||||
}
|
||||
@@ -229,25 +270,40 @@ func checkIfNestedResource(ctx context.Context, ref *provider.Reference, parent
|
||||
return false, statuspkg.NewErrorFromCode(statResponse.Status.Code, "auth interceptor")
|
||||
}
|
||||
|
||||
parentInfo := statResponse.GetInfo()
|
||||
pathResp, err := client.GetPath(ctx, &provider.GetPathRequest{ResourceId: statResponse.GetInfo().GetId()})
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
if pathResp.Status.Code != rpc.Code_CODE_OK {
|
||||
return false, statuspkg.NewErrorFromCode(pathResp.Status.Code, "auth interceptor")
|
||||
}
|
||||
parentPath := pathResp.Path
|
||||
|
||||
// We need to find out if the requested resource is child of the `parent` (coming from token scope)
|
||||
childPath := ref.GetPath()
|
||||
if childPath != "" && childPath != "." && strings.HasPrefix(childPath, parentPath) {
|
||||
// if the request is relative from the root, we can return directly
|
||||
return true, nil
|
||||
}
|
||||
|
||||
// The request is not relative to the root. We need to find out if the requested resource is child of the `parent` (coming from token scope)
|
||||
// We mint a token as the owner of the public share and try to stat the reference
|
||||
// TODO(ishank011): We need to find a better alternative to this
|
||||
// NOTE: did somebody say service accounts? ...
|
||||
|
||||
var user *userpb.User
|
||||
if parentInfo.GetOwner().GetType() == userpb.UserType_USER_TYPE_SPACE_OWNER {
|
||||
if statResponse.GetInfo().GetOwner().GetType() == userpb.UserType_USER_TYPE_SPACE_OWNER {
|
||||
// fake a space owner user
|
||||
user = &userpb.User{
|
||||
Id: parentInfo.GetOwner(),
|
||||
Id: statResponse.GetInfo().GetOwner(),
|
||||
}
|
||||
} else {
|
||||
userResp, err := client.GetUser(ctx, &userpb.GetUserRequest{UserId: parentInfo.GetOwner(), SkipFetchingUserGroups: true})
|
||||
userResp, err := client.GetUser(ctx, &userpb.GetUserRequest{UserId: statResponse.Info.Owner, SkipFetchingUserGroups: true})
|
||||
if err != nil || userResp.Status.Code != rpc.Code_CODE_OK {
|
||||
return false, err
|
||||
}
|
||||
user = userResp.User
|
||||
}
|
||||
|
||||
scope, err := scope.AddOwnerScope(map[string]*authpb.Scope{})
|
||||
if err != nil {
|
||||
return false, err
|
||||
@@ -273,24 +329,6 @@ func checkIfNestedResource(ctx context.Context, ref *provider.Reference, parent
|
||||
if childStat.GetStatus().GetCode() != rpc.Code_CODE_OK {
|
||||
return false, statuspkg.NewErrorFromCode(childStat.Status.Code, "auth interceptor")
|
||||
}
|
||||
childInfo := childStat.GetInfo()
|
||||
|
||||
// child can only be a nested resource if it is within the same space as parent
|
||||
if childInfo.GetId().GetStorageId() != parentInfo.GetId().GetStorageId() ||
|
||||
childInfo.GetId().GetSpaceId() != parentInfo.GetId().GetSpaceId() {
|
||||
return false, nil
|
||||
}
|
||||
|
||||
// Both resources are in the same space, now check paths
|
||||
pathResp, err := client.GetPath(ctx, &provider.GetPathRequest{ResourceId: statResponse.GetInfo().GetId()})
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
if pathResp.Status.Code != rpc.Code_CODE_OK {
|
||||
return false, statuspkg.NewErrorFromCode(pathResp.Status.Code, "auth interceptor")
|
||||
}
|
||||
parentPath := pathResp.Path
|
||||
|
||||
pathResp, err = client.GetPath(ctx, &provider.GetPathRequest{ResourceId: childStat.GetInfo().GetId()})
|
||||
if err != nil {
|
||||
return false, err
|
||||
@@ -298,12 +336,10 @@ func checkIfNestedResource(ctx context.Context, ref *provider.Reference, parent
|
||||
if pathResp.GetStatus().GetCode() != rpc.Code_CODE_OK {
|
||||
return false, statuspkg.NewErrorFromCode(pathResp.Status.Code, "auth interceptor")
|
||||
}
|
||||
childPath := pathResp.Path
|
||||
rel, err := filepath.Rel(parentPath, childPath)
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
return !strings.HasPrefix(rel, ".."), nil
|
||||
childPath = pathResp.Path
|
||||
|
||||
return strings.HasPrefix(childPath, parentPath), nil
|
||||
|
||||
}
|
||||
|
||||
func extractRefFromListProvidersReq(v *registry.ListStorageProvidersRequest) (*provider.Reference, bool) {
|
||||
@@ -477,3 +513,17 @@ func extractShareRef(req interface{}) (*collaboration.ShareReference, bool) {
|
||||
}
|
||||
return nil, false
|
||||
}
|
||||
|
||||
func getRefKey(ref *provider.Reference) string {
|
||||
if ref.GetPath() != "" {
|
||||
return ref.Path
|
||||
}
|
||||
|
||||
if ref.GetResourceId() != nil {
|
||||
return storagespace.FormatResourceID(ref.ResourceId)
|
||||
}
|
||||
|
||||
// on malicious request both path and rid could be empty
|
||||
// we still should not panic
|
||||
return ""
|
||||
}
|
||||
|
||||
11
vendor/github.com/opencloud-eu/reva/v2/pkg/storage/pkg/decomposedfs/node/node.go
generated
vendored
11
vendor/github.com/opencloud-eu/reva/v2/pkg/storage/pkg/decomposedfs/node/node.go
generated
vendored
@@ -591,17 +591,6 @@ func (n *Node) readOwner(ctx context.Context) (*userpb.UserId, error) {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// lookup Tenant in extended attributes
|
||||
attr, err = n.SpaceRoot.XattrString(ctx, prefixes.SpaceTenantIDAttr)
|
||||
switch {
|
||||
case err == nil:
|
||||
owner.TenantId = attr
|
||||
case metadata.IsAttrUnset(err):
|
||||
// ignore
|
||||
default:
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// lookup type in extended attributes
|
||||
attr, err = n.SpaceRoot.XattrString(ctx, prefixes.OwnerTypeAttr)
|
||||
switch {
|
||||
|
||||
2
vendor/modules.txt
vendored
2
vendor/modules.txt
vendored
@@ -1370,7 +1370,7 @@ github.com/opencloud-eu/icap-client
|
||||
# github.com/opencloud-eu/libre-graph-api-go v1.0.8-0.20250724122329-41ba6b191e76
|
||||
## explicit; go 1.18
|
||||
github.com/opencloud-eu/libre-graph-api-go
|
||||
# github.com/opencloud-eu/reva/v2 v2.40.3
|
||||
# github.com/opencloud-eu/reva/v2 v2.40.1
|
||||
## explicit; go 1.24.1
|
||||
github.com/opencloud-eu/reva/v2/cmd/revad/internal/grace
|
||||
github.com/opencloud-eu/reva/v2/cmd/revad/runtime
|
||||
|
||||
Reference in New Issue
Block a user