Skip to content

Commit

Permalink
Support signature authentication for public links
Browse files Browse the repository at this point in the history
Deprecated the changes from #113
and enhanced the api to support signature based authentication for
public links.
  • Loading branch information
David Christofas committed Mar 23, 2021
1 parent d770b95 commit 1769fe6
Show file tree
Hide file tree
Showing 3 changed files with 201 additions and 5 deletions.
20 changes: 16 additions & 4 deletions cs3/sharing/link/v1beta1/link_api.proto
Original file line number Diff line number Diff line change
Expand Up @@ -226,7 +226,7 @@ message GetPublicShareResponse {
PublicShare share = 3;
// OPTIONAL.
// The share password hash.
string password_hash = 4;
string password_hash = 4 [deprecated = true];
}

message GetPublicShareByTokenRequest {
Expand All @@ -236,9 +236,16 @@ message GetPublicShareByTokenRequest {
// REQUIRED.
// The unlisted token to identify the public share.
string token = 2;
// The field 'password' was replaced by 'authentication'.
// OPTIONAL.
// The public link can be password protected.
string password = 3;
// The public link can require authentication.
string password = 3 [deprecated = true];
// OPTIONAL.
// The public link can require authentication.
PublicShareAuthentication authentication = 4;
// OPTIONAL.
// If a signature should be included in the share.
bool sign = 5;
}

message GetPublicShareByTokenResponse {
Expand All @@ -253,5 +260,10 @@ message GetPublicShareByTokenResponse {
PublicShare share = 3;
// OPTIONAL.
// The share password hash.
string password_hash = 4;
string password_hash = 4 [deprecated = true];
// OPTIONAL.
// A time constrained token with which
// GetPublicSharebyToken requests can be
// authenticated.
ShareSignature signature = 5;
}
22 changes: 22 additions & 0 deletions cs3/sharing/link/v1beta1/resources.proto
Original file line number Diff line number Diff line change
Expand Up @@ -130,6 +130,28 @@ message PublicShareReference {
}
}

// The mechanism to authenticate a request to
// GetPublicShareByToken.
message PublicShareAuthentication {
oneof spec {
// The password of the share.
string password = 1;
// The signature issued by GetPublicShareByToken.
ShareSignature signature = 2;
}
}

// A time constrained token which can be used to
// authenticate link share requests.
message ShareSignature {
// REQUIRED.
// The signature value.
string signature = 1;
// REQUIRED.
// The time until the signature becomes invalid.
cs3.types.v1beta1.Timestamp signature_expiration = 2;
}

// Defines the restrictions for the public share.
message Grant {
// REQUIRED.
Expand Down
164 changes: 163 additions & 1 deletion docs/index.html
Original file line number Diff line number Diff line change
Expand Up @@ -1103,6 +1103,10 @@ <h2>Table of Contents</h2>
<a href="#cs3.sharing.link.v1beta1.PublicShare"><span class="badge">M</span>PublicShare</a>
</li>

<li>
<a href="#cs3.sharing.link.v1beta1.PublicShareAuthentication"><span class="badge">M</span>PublicShareAuthentication</a>
</li>

<li>
<a href="#cs3.sharing.link.v1beta1.PublicShareId"><span class="badge">M</span>PublicShareId</a>
</li>
Expand All @@ -1115,6 +1119,10 @@ <h2>Table of Contents</h2>
<a href="#cs3.sharing.link.v1beta1.PublicShareReference"><span class="badge">M</span>PublicShareReference</a>
</li>

<li>
<a href="#cs3.sharing.link.v1beta1.ShareSignature"><span class="badge">M</span>ShareSignature</a>
</li>




Expand Down Expand Up @@ -8474,14 +8482,52 @@ <h3 id="cs3.sharing.link.v1beta1.GetPublicShareByTokenRequest">GetPublicShareByT
<td>password</td>
<td><a href="#string">string</a></td>
<td></td>
<td><p>The field &#39;password&#39; was replaced by &#39;authentication&#39;.
OPTIONAL.
The public link can require authentication. </p></td>
</tr>

<tr>
<td>authentication</td>
<td><a href="#cs3.sharing.link.v1beta1.PublicShareAuthentication">PublicShareAuthentication</a></td>
<td></td>
<td><p>OPTIONAL.
The public link can be password protected. </p></td>
The public link can require authentication. </p></td>
</tr>

<tr>
<td>sign</td>
<td><a href="#bool">bool</a></td>
<td></td>
<td><p>OPTIONAL.
If a signature should be included in the share. </p></td>
</tr>

</tbody>
</table>




<h4>Fields with deprecated option</h4>
<table>
<thead>
<tr>
<td>Name</td>
<td>Option</td>
</tr>
</thead>
<tbody>

<tr>
<td>password</td>
<td><p>true</p></td>
</tr>

</tbody>
</table>





Expand Down Expand Up @@ -8527,10 +8573,41 @@ <h3 id="cs3.sharing.link.v1beta1.GetPublicShareByTokenResponse">GetPublicShareBy
The share password hash. </p></td>
</tr>

<tr>
<td>signature</td>
<td><a href="#cs3.sharing.link.v1beta1.ShareSignature">ShareSignature</a></td>
<td></td>
<td><p>OPTIONAL.
A time constrained token with which
GetPublicSharebyToken requests can be
authenticated. </p></td>
</tr>

</tbody>
</table>




<h4>Fields with deprecated option</h4>
<table>
<thead>
<tr>
<td>Name</td>
<td>Option</td>
</tr>
</thead>
<tbody>

<tr>
<td>password_hash</td>
<td><p>true</p></td>
</tr>

</tbody>
</table>





Expand Down Expand Up @@ -8613,6 +8690,27 @@ <h3 id="cs3.sharing.link.v1beta1.GetPublicShareResponse">GetPublicShareResponse<
</table>




<h4>Fields with deprecated option</h4>
<table>
<thead>
<tr>
<td>Name</td>
<td>Option</td>
</tr>
</thead>
<tbody>

<tr>
<td>password_hash</td>
<td><p>true</p></td>
</tr>

</tbody>
</table>





Expand Down Expand Up @@ -9239,6 +9337,37 @@ <h3 id="cs3.sharing.link.v1beta1.PublicShare">PublicShare</h3>



<h3 id="cs3.sharing.link.v1beta1.PublicShareAuthentication">PublicShareAuthentication</h3>
<p>The mechanism to authenticate a request to</p><p>GetPublicShareByToken.</p>


<table class="field-table">
<thead>
<tr><td>Field</td><td>Type</td><td>Label</td><td>Description</td></tr>
</thead>
<tbody>

<tr>
<td>password</td>
<td><a href="#string">string</a></td>
<td></td>
<td><p>The password of the share. </p></td>
</tr>

<tr>
<td>signature</td>
<td><a href="#cs3.sharing.link.v1beta1.ShareSignature">ShareSignature</a></td>
<td></td>
<td><p>The signature issued by GetPublicShareByToken. </p></td>
</tr>

</tbody>
</table>





<h3 id="cs3.sharing.link.v1beta1.PublicShareId">PublicShareId</h3>
<p>A share id identifies uniquely a // share in the share provider namespace.</p><p>A ShareId MUST be unique inside the share provider.</p>

Expand Down Expand Up @@ -9321,6 +9450,39 @@ <h3 id="cs3.sharing.link.v1beta1.PublicShareReference">PublicShareReference</h3>



<h3 id="cs3.sharing.link.v1beta1.ShareSignature">ShareSignature</h3>
<p>A time constrained token which can be used to</p><p>authenticate link share requests.</p>


<table class="field-table">
<thead>
<tr><td>Field</td><td>Type</td><td>Label</td><td>Description</td></tr>
</thead>
<tbody>

<tr>
<td>signature</td>
<td><a href="#string">string</a></td>
<td></td>
<td><p>REQUIRED.
The signature value. </p></td>
</tr>

<tr>
<td>signature_expiration</td>
<td><a href="#cs3.types.v1beta1.Timestamp">cs3.types.v1beta1.Timestamp</a></td>
<td></td>
<td><p>REQUIRED.
The time until the signature becomes invalid. </p></td>
</tr>

</tbody>
</table>








Expand Down

0 comments on commit 1769fe6

Please sign in to comment.