fix(onlyoffice): allow onlyoffice wopi requests

Follow up on #765 - also allow the onlyoffice app.

Signed-off-by: Max <[email protected]>

lib/Checker.php

@@ -144,20 +144,25 @@ public function currentUserHasSigned(): bool {
 	}
 
 	protected function isValidWOPIRequest(): bool {
-		if (!$this->isWOPIRemoteAddress()) {
-			return false;
-		}
+		return $this->isWOPIRemoteAddress()
+			&& $this->isAllowedAppPath()
+			&& $this->isAllowedScriptName();
+	}
 
+	protected function isAllowedAppPath(): bool {
 		return strpos($this->request->getPathInfo(), '/apps/richdocuments/wopi/') === 0
-			&& substr($this->request->getScriptName(), 0 - strlen('/index.php')) === '/index.php';
+			|| strpos($this->request->getPathInfo(), '/apps/officeonline/wopi/') === 0;
+	}
+
+	protected function isAllowedScriptName(): bool {
+		return substr($this->request->getScriptName(), 0 - strlen('/index.php')) === '/index.php';
 	}
 
 	protected function isWOPIRemoteAddress(): bool {
-		$allowedRanges = $this->config->getAppValue('richdocuments', 'wopi_allowlist');
-		if ($allowedRanges === '') {
-			return true;
-		}
-		$allowedRanges = explode(',', $allowedRanges);
+		$allowedRanges = array_merge(
+			$this->allowedRangeForApp('richdocuments'),
+			$this->allowedRangeForApp('officeonline')
+		);
 
 		$userIp = $this->request->getRemoteAddress();
 		foreach ($allowedRanges as $range) {
@@ -176,6 +181,14 @@ protected function isWOPIRemoteAddress(): bool {
 		return false;
 	}
 
+	private function allowedRangeForApp(string $appId): array {
+		$allowedRangesString = $this->config->getAppValue($appId, 'wopi_allowlist');
+		if ($allowedRangesString === '') {
+			return [];
+		}
+		return explode(',', $allowedRangesString);
+	}
+
 	/**
 	 * @copyright https://stackoverflow.com/questions/594112/matching-an-ip-to-a-cidr-mask-in-php-5/594134#594134
 	 * @copyright (IPv4) https://stackoverflow.com/questions/594112/matching-an-ip-to-a-cidr-mask-in-php-5/594134#594134