From 1769fe6baa077e6305352ac6071211318b812114 Mon Sep 17 00:00:00 2001
From: David Christofas
Date: Tue, 23 Mar 2021 13:41:37 +0100
Subject: [PATCH] Support signature authentication for public links
Deprecated the changes from https://github.com/cs3org/cs3apis/pull/113
and enhanced the api to support signature based authentication for
public links.
---
cs3/sharing/link/v1beta1/link_api.proto | 20 ++-
cs3/sharing/link/v1beta1/resources.proto | 22 +++
docs/index.html | 164 ++++++++++++++++++++++-
3 files changed, 201 insertions(+), 5 deletions(-)
diff --git a/cs3/sharing/link/v1beta1/link_api.proto b/cs3/sharing/link/v1beta1/link_api.proto
index 81b469dc..0a953fd9 100644
--- a/cs3/sharing/link/v1beta1/link_api.proto
+++ b/cs3/sharing/link/v1beta1/link_api.proto
@@ -226,7 +226,7 @@ message GetPublicShareResponse {
PublicShare share = 3;
// OPTIONAL.
// The share password hash.
- string password_hash = 4;
+ string password_hash = 4 [deprecated = true];
}
message GetPublicShareByTokenRequest {
@@ -236,9 +236,16 @@ message GetPublicShareByTokenRequest {
// REQUIRED.
// The unlisted token to identify the public share.
string token = 2;
+ // The field 'password' was replaced by 'authentication'.
// OPTIONAL.
- // The public link can be password protected.
- string password = 3;
+ // The public link can require authentication.
+ string password = 3 [deprecated = true];
+ // OPTIONAL.
+ // The public link can require authentication.
+ PublicShareAuthentication authentication = 4;
+ // OPTIONAL.
+ // If a signature should be included in the share.
+ bool sign = 5;
}
message GetPublicShareByTokenResponse {
@@ -253,5 +260,10 @@ message GetPublicShareByTokenResponse {
PublicShare share = 3;
// OPTIONAL.
// The share password hash.
- string password_hash = 4;
+ string password_hash = 4 [deprecated = true];
+ // OPTIONAL.
+ // A time constrained token with which
+ // GetPublicSharebyToken requests can be
+ // authenticated.
+ ShareSignature signature = 5;
}
diff --git a/cs3/sharing/link/v1beta1/resources.proto b/cs3/sharing/link/v1beta1/resources.proto
index 8f2d9f7a..1f645bee 100644
--- a/cs3/sharing/link/v1beta1/resources.proto
+++ b/cs3/sharing/link/v1beta1/resources.proto
@@ -130,6 +130,28 @@ message PublicShareReference {
}
}
+// The mechanism to authenticate a request to
+// GetPublicShareByToken.
+message PublicShareAuthentication {
+ oneof spec {
+ // The password of the share.
+ string password = 1;
+ // The signature issued by GetPublicShareByToken.
+ ShareSignature signature = 2;
+ }
+}
+
+// A time constrained token which can be used to
+// authenticate link share requests.
+message ShareSignature {
+ // REQUIRED.
+ // The signature value.
+ string signature = 1;
+ // REQUIRED.
+ // The time until the signature becomes invalid.
+ cs3.types.v1beta1.Timestamp signature_expiration = 2;
+}
+
// Defines the restrictions for the public share.
message Grant {
// REQUIRED.
diff --git a/docs/index.html b/docs/index.html
index 47db8e25..cc26d20a 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -1103,6 +1103,10 @@ Table of Contents
MPublicShare
+
+ MPublicShareAuthentication
+
+
MPublicShareId
@@ -1115,6 +1119,10 @@ Table of Contents
MPublicShareReference
+
+ MShareSignature
+
+
@@ -8474,14 +8482,52 @@ GetPublicShareByT
password |
string |
|
+ The field 'password' was replaced by 'authentication'.
+OPTIONAL.
+The public link can require authentication. |
+
+
+
+ authentication |
+ PublicShareAuthentication |
+ |
OPTIONAL.
-The public link can be password protected. |
+The public link can require authentication.
+
+
+
+ sign |
+ bool |
+ |
+ OPTIONAL.
+If a signature should be included in the share. |
+
+
+ Fields with deprecated option
+
+
+
+ Name |
+ Option |
+
+
+
+
+
+ password |
+ true |
+
+
+
+
+
+
@@ -8527,10 +8573,41 @@ GetPublicShareBy
The share password hash.
+
+ signature |
+ ShareSignature |
+ |
+ OPTIONAL.
+A time constrained token with which
+GetPublicSharebyToken requests can be
+authenticated. |
+
+
+
+
+ Fields with deprecated option
+
+
+
+ Name |
+ Option |
+
+
+
+
+
+ password_hash |
+ true |
+
+
+
+
+
+
@@ -8613,6 +8690,27 @@ GetPublicShareResponse<
+
+
+ Fields with deprecated option
+
+
+
+ Name |
+ Option |
+
+
+
+
+
+ password_hash |
+ true |
+
+
+
+
+
+
@@ -9239,6 +9337,37 @@ PublicShare
+ PublicShareAuthentication
+ The mechanism to authenticate a request to
GetPublicShareByToken.
+
+
+
+
+ Field | Type | Label | Description |
+
+
+
+
+ password |
+ string |
+ |
+ The password of the share. |
+
+
+
+ signature |
+ ShareSignature |
+ |
+ The signature issued by GetPublicShareByToken. |
+
+
+
+
+
+
+
+
+
PublicShareId
A share id identifies uniquely a // share in the share provider namespace.
A ShareId MUST be unique inside the share provider.
@@ -9321,6 +9450,39 @@ PublicShareReference
+ ShareSignature
+ A time constrained token which can be used to
authenticate link share requests.
+
+
+
+
+ Field | Type | Label | Description |
+
+
+
+
+ signature |
+ string |
+ |
+ REQUIRED.
+The signature value. |
+
+
+
+ signature_expiration |
+ cs3.types.v1beta1.Timestamp |
+ |
+ REQUIRED.
+The time until the signature becomes invalid. |
+
+
+
+
+
+
+
+
+