From 1769fe6baa077e6305352ac6071211318b812114 Mon Sep 17 00:00:00 2001 From: David Christofas Date: Tue, 23 Mar 2021 13:41:37 +0100 Subject: [PATCH] Support signature authentication for public links Deprecated the changes from https://github.com/cs3org/cs3apis/pull/113 and enhanced the api to support signature based authentication for public links. --- cs3/sharing/link/v1beta1/link_api.proto | 20 ++- cs3/sharing/link/v1beta1/resources.proto | 22 +++ docs/index.html | 164 ++++++++++++++++++++++- 3 files changed, 201 insertions(+), 5 deletions(-) diff --git a/cs3/sharing/link/v1beta1/link_api.proto b/cs3/sharing/link/v1beta1/link_api.proto index 81b469dc..0a953fd9 100644 --- a/cs3/sharing/link/v1beta1/link_api.proto +++ b/cs3/sharing/link/v1beta1/link_api.proto @@ -226,7 +226,7 @@ message GetPublicShareResponse { PublicShare share = 3; // OPTIONAL. // The share password hash. - string password_hash = 4; + string password_hash = 4 [deprecated = true]; } message GetPublicShareByTokenRequest { @@ -236,9 +236,16 @@ message GetPublicShareByTokenRequest { // REQUIRED. // The unlisted token to identify the public share. string token = 2; + // The field 'password' was replaced by 'authentication'. // OPTIONAL. - // The public link can be password protected. - string password = 3; + // The public link can require authentication. + string password = 3 [deprecated = true]; + // OPTIONAL. + // The public link can require authentication. + PublicShareAuthentication authentication = 4; + // OPTIONAL. + // If a signature should be included in the share. + bool sign = 5; } message GetPublicShareByTokenResponse { @@ -253,5 +260,10 @@ message GetPublicShareByTokenResponse { PublicShare share = 3; // OPTIONAL. // The share password hash. - string password_hash = 4; + string password_hash = 4 [deprecated = true]; + // OPTIONAL. + // A time constrained token with which + // GetPublicSharebyToken requests can be + // authenticated. + ShareSignature signature = 5; } diff --git a/cs3/sharing/link/v1beta1/resources.proto b/cs3/sharing/link/v1beta1/resources.proto index 8f2d9f7a..1f645bee 100644 --- a/cs3/sharing/link/v1beta1/resources.proto +++ b/cs3/sharing/link/v1beta1/resources.proto @@ -130,6 +130,28 @@ message PublicShareReference { } } +// The mechanism to authenticate a request to +// GetPublicShareByToken. +message PublicShareAuthentication { + oneof spec { + // The password of the share. + string password = 1; + // The signature issued by GetPublicShareByToken. + ShareSignature signature = 2; + } +} + +// A time constrained token which can be used to +// authenticate link share requests. +message ShareSignature { + // REQUIRED. + // The signature value. + string signature = 1; + // REQUIRED. + // The time until the signature becomes invalid. + cs3.types.v1beta1.Timestamp signature_expiration = 2; +} + // Defines the restrictions for the public share. message Grant { // REQUIRED. diff --git a/docs/index.html b/docs/index.html index 47db8e25..cc26d20a 100644 --- a/docs/index.html +++ b/docs/index.html @@ -1103,6 +1103,10 @@

Table of Contents

MPublicShare +
  • + MPublicShareAuthentication +
  • +
  • MPublicShareId
  • @@ -1115,6 +1119,10 @@

    Table of Contents

    MPublicShareReference +
  • + MShareSignature +
  • + @@ -8474,14 +8482,52 @@

    GetPublicShareByT password string +

    The field 'password' was replaced by 'authentication'. +OPTIONAL. +The public link can require authentication.

    + + + + authentication + PublicShareAuthentication +

    OPTIONAL. -The public link can be password protected.

    +The public link can require authentication.

    + + + + sign + bool + +

    OPTIONAL. +If a signature should be included in the share.

    + + +

    Fields with deprecated option

    + + + + + + + + + + + + + + + +
    NameOption
    password

    true

    + + @@ -8527,10 +8573,41 @@

    GetPublicShareBy The share password hash.

    + + signature + ShareSignature + +

    OPTIONAL. +A time constrained token with which +GetPublicSharebyToken requests can be +authenticated.

    + + + + +

    Fields with deprecated option

    + + + + + + + + + + + + + + + +
    NameOption
    password_hash

    true

    + + @@ -8613,6 +8690,27 @@

    GetPublicShareResponse< + + +

    Fields with deprecated option

    + + + + + + + + + + + + + + + +
    NameOption
    password_hash

    true

    + + @@ -9239,6 +9337,37 @@

    PublicShare

    +

    PublicShareAuthentication

    +

    The mechanism to authenticate a request to

    GetPublicShareByToken.

    + + + + + + + + + + + + + + + + + + + + + + + +
    FieldTypeLabelDescription
    passwordstring

    The password of the share.

    signatureShareSignature

    The signature issued by GetPublicShareByToken.

    + + + + +

    PublicShareId

    A share id identifies uniquely a // share in the share provider namespace.

    A ShareId MUST be unique inside the share provider.

    @@ -9321,6 +9450,39 @@

    PublicShareReference

    +

    ShareSignature

    +

    A time constrained token which can be used to

    authenticate link share requests.

    + + + + + + + + + + + + + + + + + + + + + + + +
    FieldTypeLabelDescription
    signaturestring

    REQUIRED. +The signature value.

    signature_expirationcs3.types.v1beta1.Timestamp

    REQUIRED. +The time until the signature becomes invalid.

    + + + + +