Proper message shown when private links accessed #28172
Conversation
sharidas
changed the title
|
Logged out errors should use https://github.com/owncloud/core/blob/master/core/templates/error.php to be consistent and themeable |
sharidas
force-pushed
the
private-link-access-task
branch
from
02e7286 to
3410403
Compare
|
@tomneedham Thanks for the review. I have changed logged out errors to error.php as suggested. |
|
Updating the screenshot : |
|
@sharidas hmm weird, I seem to remember that this used to work. But now I tried with v9.1.0 when the feature was introduced and I'm also getting internal server error for non-existing files. Maybe back then I forgot to test this case and only tested inaccessible files. But throwing |
|
Yes my opinion was that you should just be catching some ForbiddenException and NotFoundExceptions properly here, not adding these new if conditions that look quite fragile. |
sharidas
force-pushed
the
private-link-access-task
branch
from
3410403 to
993f454
Compare
|
Updated the PR again. |
sharidas
changed the title
core/Controller/LoginController.php
Outdated
| */ | ||
|
|
||
| if (( $redirect_url !== null) and ($remember_login === null)) { | ||
| $param["error"] = "Sorry, your request could not be handled properly, please check your actions and try again."; |
There was a problem hiding this comment.
I don't understand why this is needed.
If a user tries to open a link to a file and requires being logged in, the they simply see the login page and the link itself is in the redirect URL. Once they are logged in, the login controller must redirect to that URL and then the ViewController takes over.
There was a problem hiding this comment.
True, If the user is not logged in then automatically the redirect goes to login page.
There was a problem hiding this comment.
can you remove this then ? why do we need it then ?
| @@ -299,6 +302,12 @@ public function showFile($fileId) { | |||
| } | |||
| return new RedirectResponse($this->urlGenerator->linkToRoute('files.view.index', $params)); | |||
| } | |||
|
|
|||
| if ( $this->userSession->isLoggedIn() and empty($files)) { | |||
| $param["error"] = "You don't have permissions to access this file/folder - Please contact the owner to share it with you."; | |||
There was a problem hiding this comment.
Added translation to both ViewController and LoginController.
sharidas
force-pushed
the
private-link-access-task
branch
from
993f454 to
e95a2e6
Compare
|
@sharidas which state is this pr now? 2 or 3 - cannot be both ;-) |
|
@DeepDiver1975 I have removed 2. Once I get any feedback I will add 2 ( if required ) and remove 3. Now made as 3. |
|
@sharidas yes, if not logged in a redirect to login page makes sense, of course. Maybe you could add a hint as in e.g. owncloud/oauth2#43 (comment) saying "You are trying to access a private link. Please log in first." |
sharidas
force-pushed
the
private-link-access-task
branch
from
e95a2e6 to
688645f
Compare
sharidas
force-pushed
the
private-link-access-task
branch
from
688645f to
38b0c95
Compare
|
Attaching screenshot of latest login screen message : |
core/Controller/LoginController.php
Outdated
| * user is trying to access files for which he needs to login. | ||
| */ | ||
| if (( $redirect_url !== null) and ($remember_login === null)) { | ||
| $parameters['accessLink'] = true; |
There was a problem hiding this comment.
call it "reason" or something ? that would make that parameter reusable to be able to display message in other cases. I'm pretty sure there are a few more we could cover.
sharidas
force-pushed
the
private-link-access-task
branch
from
38b0c95 to
d77aee2
Compare
core/Controller/LoginController.php
Outdated
| if (( $redirect_url !== null) and ($remember_login === null) and | ||
| ($this->userSession->isLoggedIn() === false) and | ||
| ($this->userSession->getLoginName() === null) and | ||
| strpos(urldecode($redirect_url), $fpath) !== false) { |
There was a problem hiding this comment.
I tried with private link ( in my machine ), lets say with http://localhost/testing/index.php/f/17 and the result was appropriate. Screenshot as below:
For testing if I changed the URL to lets say http://localhost/testing/index.php/foobar or http://localhost/testing/index.php/f/1/c it directly takes me to the login page.
Lot of if's doesn't look nice, though. Any suggestions regarding this?
There was a problem hiding this comment.
No idea, sorry. Might need digging into the auth / routing code.
sharidas
force-pushed
the
private-link-access-task
branch
from
d77aee2 to
0a199f4
Compare
sharidas
force-pushed
the
private-link-access-task
branch
4 times, most recently
from
f668d38 to
47ad419
Compare
felixboehm
added
the
p1-urgent
sharidas
force-pushed
the
private-link-access-task
branch
from
47ad419 to
ad4231f
Compare
core/Controller/LoginController.php
Outdated
| if (!empty($redirect_url)) { | ||
| $urlArray = explode('%2F', $redirect_url); | ||
| $fileId = array_pop($urlArray); | ||
| $link = $this->urlGenerator->linkToRouteAbsolute('files.viewcontroller.showFile', ['fileId' => $fileId]); |
There was a problem hiding this comment.
hmm, why not just reuse the redirect url directly instead of regenerating the link this way ?
There was a problem hiding this comment.
For example in my machine while testing, the redirect url has value: %2Ftesting%2Findex.php%2Ff%2F17. I was trying to access : http://localhost/testing/index.php/f/17. So if I pass the fileid 17 to linkToRouteAbsolute, the url matches with the http://localhost/testing/index.php/f/17. Inorder to extract the fileid I did the steps in the PR.
So my intention was to check if redirect url a substring of newly created link.
There was a problem hiding this comment.
@sharidas I still don't understand why you don't directly use the value of "redirect_url". The purpose of this variable is to contain the actual target page to open, else this value is completely useless.
sharidas
force-pushed
the
private-link-access-task
branch
from
ad4231f to
a6ff748
Compare
core/Controller/LoginController.php
Outdated
|
|
||
| if ((!empty($redirect_url)) and ($remember_login === null) and | ||
| ($this->userSession->isLoggedIn() === false) and | ||
| strpos(urldecode($this->urlGenerator->getAbsoluteURL(urldecode($redirect_url))), |
There was a problem hiding this comment.
Modified the code . A check is done if getAbsoluteURL($redirect_url) contains string getAbsoluteURL('index/f/').
sharidas
force-pushed
the
private-link-access-task
branch
from
a6ff748 to
3b7aef8
Compare
core/Controller/LoginController.php
Outdated
|
|
||
| if ((!empty($redirect_url)) and ($remember_login === null) and | ||
| ($this->userSession->isLoggedIn() === false) and | ||
| (strpos(urldecode($this->urlGenerator->getAbsoluteURL(urldecode($redirect_url))), |
There was a problem hiding this comment.
This is one way to reuse redirect_url and check if url urldecode($this->urlGenerator->getAbsoluteURL('/index.php/f/') in it.
sharidas
force-pushed
the
private-link-access-task
branch
from
3b7aef8 to
5d1054a
Compare
|
@DeepDiver1975 another case of "ran for 7 hours and still running" |
| @@ -299,6 +302,13 @@ public function showFile($fileId) { | |||
| } | |||
| return new RedirectResponse($this->urlGenerator->linkToRoute('files.view.index', $params)); | |||
| } | |||
|
|
|||
| if ( $this->userSession->isLoggedIn() and empty($files)) { | |||
| $l = \OC::$server->getL10N("core"); | |||
core/Controller/LoginController.php
Outdated
|
|
||
| if ((!empty($redirect_url)) and ($remember_login === null) and | ||
| ($this->userSession->isLoggedIn() === false) and | ||
| (strpos(urldecode($this->urlGenerator->getAbsoluteURL(urldecode($redirect_url))), |
core/Controller/LoginController.php
Outdated
| if ((!empty($redirect_url)) and ($remember_login === null) and | ||
| ($this->userSession->isLoggedIn() === false) and | ||
| (strpos(urldecode($this->urlGenerator->getAbsoluteURL(urldecode($redirect_url))), | ||
| urldecode($this->urlGenerator->getAbsoluteURL('/index.php/f/'))) !== false)) { |
There was a problem hiding this comment.
why decode here? the result of getAbsoluteURL is already decoded
sharidas
force-pushed
the
private-link-access-task
branch
2 times, most recently
from
52c0daa to
05bc43f
Compare
When user tries to access private links which are not accessible, then proper message is delivered instead of Internal server error message. So is the case when user is logged in and tries to access private links not accessible. Signed-off-by: Sujith H <[email protected]>
sharidas
force-pushed
the
private-link-access-task
branch
from
05bc43f to
2709e27
Compare
|
@sharidas please backport to stable10 |
|
@sharidas missing backport |
|
#28600 is the PR backported. Sorry for missing this link here. |
|
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
When user tries to access private links which are
not accessible, then proper message is delivered
instead of Internal server error message. So is the
case when user is logged in and tries to access
private links not accessible.
Signed-off-by: Sujith H [email protected]
Description
This change addresses 2 causes:
Related Issue
Motivation and Context
This change tries to polish up the message to be shown when non accessible private links are accessed by user under: logged in and non logged in state respectively.
How Has This Been Tested?
Created folder private which is accessed by another user under logged in and non logged in states. The messages are displayed on the browser.
Screenshots (if appropriate):
Types of changes
Checklist: