Skip to content

Commit 32d0845

Browse files
committed
refactor: token generation for iframe
Signed-off-by: codewithvk <[email protected]>
1 parent a4621fe commit 32d0845

File tree

7 files changed

+42
-49
lines changed

7 files changed

+42
-49
lines changed

appinfo/routes.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -46,6 +46,7 @@
4646
'name' => '.+',
4747
],
4848
],
49+
['name' => 'settings#generateIframeToken', 'url' => 'settings/generateToken/{type}', 'verb' => 'GET'],
4950

5051
// Direct Editing: Webview
5152
['name' => 'directView#show', 'url' => '/direct/{token}', 'verb' => 'GET'],

lib/Controller/DocumentController.php

Lines changed: 0 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -385,24 +385,6 @@ public function editOnlineTarget(int $fileId, ?string $target = null): RedirectR
385385
#[PublicPage]
386386
public function token(int $fileId, ?string $shareToken = null, ?string $path = null, ?string $guestName = null): DataResponse {
387387
try {
388-
if ($fileId === -1 && $path !== null && str_starts_with($path, 'adminIntegratorSettings/')) {
389-
$parts = explode('/', $path);
390-
$adminUserId = $parts[1] ?? $this->userId; // fallback if needed
391-
392-
$docKey = $fileId . '_' . $this->config->getSystemValue('instanceid');
393-
394-
$wopi = $this->tokenManager->generateWopiToken($fileId, null, $adminUserId);
395-
396-
$coolBaseUrl = $this->appConfig->getCollaboraUrlPublic();
397-
$adminSettingsWopiSrc = $coolBaseUrl . '/browser/adminIntegratorSettings.html?';
398-
399-
return new DataResponse([
400-
'urlSrc' => $adminSettingsWopiSrc,
401-
'token' => $wopi->getToken(),
402-
'token_ttl' => $wopi->getExpiry(),
403-
]);
404-
}
405-
406388
// Normal file handling (unchanged)
407389
$share = $shareToken ? $this->shareManager->getShareByToken($shareToken) : null;
408390
$file = $shareToken ? $this->getFileForShare($share, $fileId, $path) : $this->getFileForUser($fileId, $path);

lib/Controller/SettingsController.php

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,9 @@
1414
use OCA\Richdocuments\Service\DiscoveryService;
1515
use OCA\Richdocuments\Service\FontService;
1616
use OCA\Richdocuments\UploadException;
17+
use OCA\Richdocuments\Db\WopiMapper;
1718
use OCP\App\IAppManager;
19+
use OCP\IGroupManager;
1820
use OCP\AppFramework\Controller;
1921
use OCP\AppFramework\Http;
2022
use OCP\AppFramework\Http\Attribute\NoAdminRequired;
@@ -58,6 +60,9 @@ public function __construct(
5860
private FontService $fontService,
5961
private SettingsService $settingsService,
6062
private LoggerInterface $logger,
63+
private IGroupManager $groupManager,
64+
private IURLGenerator $urlGenerator,
65+
private WopiMapper $wopiMapper,
6166
private ?string $userId,
6267
) {
6368
parent::__construct($appName, $request);
@@ -411,6 +416,32 @@ public function getFontFileOverview(string $name): DataDisplayResponse {
411416
}
412417
}
413418

419+
/**
420+
* @NoAdminRequired
421+
* @PublicPage
422+
* @NoCSRFRequired
423+
*
424+
* @param string $type - Type is 'admin' or 'user'
425+
* @return DataDisplayResponse
426+
*/
427+
public function generateIframeToken(string $type) : DataResponse {
428+
$userId = $this->userId;
429+
if ($type === 'admin' && !$this->groupManager->isAdmin($userId)) {
430+
return new DataResponse([
431+
'message' => 'Permission denied'
432+
], Http::STATUS_FORBIDDEN);
433+
}
434+
$serverHost = $this->urlGenerator->getAbsoluteURL('/');
435+
$version = $this->capabilitiesService->getProductVersion();
436+
437+
$wopi = $this->wopiMapper->generateUserSettingsToken(-1, $userId, $version, $serverHost);
438+
439+
return new DataResponse([
440+
'token' => $wopi->getToken(),
441+
'token_ttl' => $wopi->getExpiry(),
442+
]);
443+
}
444+
414445
/**
415446
* @param string $name
416447
* @return DataResponse

lib/Controller/WopiController.php

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -104,7 +104,7 @@ public function checkFileInfo(string $fileId, string $access_token): JSONRespons
104104
try {
105105
$wopi = $this->wopiMapper->getWopiForToken($access_token);
106106

107-
// TODO: condition for $wopi not found?
107+
// TODO: condition for $wopi not found? -auth???
108108
109109
$userSettingsUri = $this->generateUserSettingsUri($wopi);
110110

@@ -413,7 +413,7 @@ public function getSettings(string $type, string $access_token): JSONResponse {
413413
return new JSONResponse(['error' => 'Invalid token type'], Http::STATUS_FORBIDDEN);
414414
}
415415

416-
$user = $this->userManager->get($wopi->getEditorUid());
416+
$user = $this->userManager->get($wopi->getOwnerUid());
417417
if (!$user || !$this->groupManager->isAdmin($user->getUID())) {
418418
return new JSONResponse(['error' => 'Access denied'], Http::STATUS_FORBIDDEN);
419419
}
@@ -441,6 +441,8 @@ public function uploadSettingsFile(string $fileId, string $access_token): JSONRe
441441
return new JSONResponse(['error' => 'Invalid token type'], Http::STATUS_FORBIDDEN);
442442
}
443443

444+
// auth - for admin??
445+
444446
$content = fopen('php://input', 'rb');
445447
if (!$content) {
446448
throw new \Exception("Failed to read input stream.");

lib/Db/WopiMapper.php

Lines changed: 5 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -66,26 +66,19 @@ public function generateFileToken($fileId, $owner, $editor, $version, $updatable
6666
return $wopi;
6767
}
6868

69-
public function generateUserSettingsToken($fileId, $owner, $editor, $version, $updatable, $serverHost, ?string $guestDisplayname = null, $hideDownload = false, $direct = false, $templateId = 0, $share = null) {
69+
public function generateUserSettingsToken($fileId, $userId, $version, $serverHost) {
7070
$token = $this->random->generate(32, ISecureRandom::CHAR_LOWER . ISecureRandom::CHAR_UPPER . ISecureRandom::CHAR_DIGITS);
7171

7272
$wopi = Wopi::fromParams([
7373
'fileid' => $fileId,
74-
'ownerUid' => $owner,
75-
'editorUid' => $editor,
74+
'ownerUid' => $userId,
7675
'version' => $version,
77-
'canwrite' => $updatable,
76+
'canwrite' => true,
7877
'serverHost' => $serverHost,
7978
'token' => $token,
8079
'expiry' => $this->calculateNewTokenExpiry(),
81-
'guestDisplayname' => $guestDisplayname,
82-
'hideDownload' => $hideDownload,
83-
'direct' => $direct,
84-
'templateId' => $templateId,
85-
'remoteServer' => '',
86-
'remoteServerToken' => '',
87-
'share' => $share,
88-
'tokenType' => Wopi::TOKEN_TYPE_SETTING_AUTH
80+
'templateId' => "0",
81+
'tokenType' => Wopi::TOKEN_TYPE_SETTING_AUTH,
8982
]);
9083

9184
/** @var Wopi $wopi */

lib/TokenManager.php

Lines changed: 0 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -53,13 +53,6 @@ public function generateWopiToken(string $fileId, ?string $shareToken = null, ?s
5353
$hideDownload = false;
5454
$rootFolder = $this->rootFolder;
5555

56-
if ($fileId == "-1")
57-
{
58-
$editoruid = $this->userId;
59-
$serverHost = $this->urlGenerator->getAbsoluteURL('/');
60-
return $this->wopiMapper->generateUserSettingsToken($fileId, $owneruid, $editoruid, 0, true, $serverHost, "", $hideDownload, $direct, 0, $shareToken);
61-
}
62-
6356
[$fileId, , $version] = Helper::parseFileId($fileId);
6457

6558
// if the user is not logged-in do use the sharers storage

src/components/AdminSettings.vue

Lines changed: 1 addition & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -641,16 +641,7 @@ export default {
641641
},
642642
methods: {
643643
async generateAccessToken() {
644-
const fileId = -1
645-
const path = `adminIntegratorSettings/${this.userId}`
646-
const guestName = this.userId
647-
648-
const { data } = await axios.post(generateUrl('/apps/richdocuments/token'), {
649-
fileId,
650-
path,
651-
guestName,
652-
})
653-
644+
const { data } = await axios.get(generateUrl('/apps/richdocuments/settings/generateToken/admin'))
654645
if (data.token) {
655646
this.accessToken = data.token
656647
this.accessTokenTTL = data.token_ttl

0 commit comments

Comments
 (0)