Skip to content

fix: wopi context token check #11276

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 7, 2025
Merged

fix: wopi context token check #11276

merged 1 commit into from
May 7, 2025

Conversation

mklos-kw
Copy link
Member

@mklos-kw mklos-kw commented Apr 28, 2025
edited
Loading

Description

Related Issue

  • Fixes <issue_link>

Motivation and Context

How Has This Been Tested?

  • test environment:
  • test case 1:
  • test case 2:
  • ...

Screenshots (if appropriate):

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Technical debt
  • Tests only (no source changes)

Checklist:

  • Code changes
  • Unit tests added
  • Acceptance tests added
  • Documentation ticket raised:

@update-docs Update Docs
Copy link

update-docs bot commented Apr 28, 2025

Thanks for opening this pull request! The maintainers of this repository would appreciate it if you would create a changelog item based on your changes.

@mklos-kw mklos-kw force-pushed the chore/cs-5 branch 4 times, most recently from bf5e3cf to 6737379 Compare April 30, 2025 21:14
@mklos-kw mklos-kw force-pushed the chore/cs-5 branch 2 times, most recently from 4182c57 to 90998f8 Compare May 5, 2025 12:55
@mklos-kw
Copy link
Member Author

mklos-kw commented May 5, 2025

Quality Gate Failed Quality Gate failed

Failed conditions 5 New Bugs (required ≤ 0)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE

Ad. non-canonical header, the headers were not changed and are the same as in MS 365 doc:
https://learn.microsoft.com/en-us/microsoft-365/cloud-storage-partner-program/rest/common-headers

@mklos-kw mklos-kw requested a review from jvillafanez May 6, 2025 07:39
jvillafanez
jvillafanez approved these changes May 6, 2025
View reviewed changes
services/collaboration/pkg/middleware/wopicontext.go Outdated
_, _, err = cs3JWTparser.ParseUnverified(wopiContext.AccessToken, cs3Claims)
_, err = jwt.ParseWithClaims(wopiContext.AccessToken, cs3Claims, func(token *jwt.Token) (interface{}, error) {

if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Taking into account that we're using SigningMethodHS256 everywhere, I'm not sure if we want to be more strict with the check or we're fine with just a comment to specify that we expect HS256 (while allowing other sizes).

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point! Updated the code to expect specifically HS256.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems you've forgotten to update this code block 😄

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Indeed, thanks!

@mklos-kw mklos-kw force-pushed the chore/cs-5 branch 2 times, most recently from cf6dfaa to f2b406e Compare May 7, 2025 08:45
@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented May 7, 2025

Quality Gate Passed Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
54.5% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@mklos-kw mklos-kw merged commit e13fa5e into master May 7, 2025
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jvillafanez jvillafanez jvillafanez approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mklos-kw @jvillafanez