diff --git a/changelog/unreleased/bump-reva.md b/changelog/unreleased/bump-reva.md index 0f991662c92..59227f696a7 100644 --- a/changelog/unreleased/bump-reva.md +++ b/changelog/unreleased/bump-reva.md @@ -2,3 +2,4 @@ Enhancement: Update Reva https://github.com/owncloud/ocis/pull/6305 +https://github.com/owncloud/ocis/pull/6322 diff --git a/go.mod b/go.mod index eb2cb34c053..460bc7afb50 100644 --- a/go.mod +++ b/go.mod @@ -321,3 +321,5 @@ require ( ) replace github.com/cs3org/go-cs3apis => github.com/c0rby/go-cs3apis v0.0.0-20230110100311-5b424f1baa35 + +replace github.com/cs3org/reva/v2 => github.com/kobergj/reva/v2 v2.0.0-20230516090505-4277a0b4e1c1 diff --git a/go.sum b/go.sum index b43781edf24..3d56f438ede 100644 --- a/go.sum +++ b/go.sum @@ -626,8 +626,6 @@ github.com/crewjam/httperr v0.2.0 h1:b2BfXR8U3AlIHwNeFFvZ+BV1LFvKLlzMjzaTnZMybNo github.com/crewjam/httperr v0.2.0/go.mod h1:Jlz+Sg/XqBQhyMjdDiC+GNNRzZTD7x39Gu3pglZ5oH4= github.com/crewjam/saml v0.4.13 h1:TYHggH/hwP7eArqiXSJUvtOPNzQDyQ7vwmwEqlFWhMc= github.com/crewjam/saml v0.4.13/go.mod h1:igEejV+fihTIlHXYP8zOec3V5A8y3lws5bQBFsTm4gA= -github.com/cs3org/reva/v2 v2.13.3-0.20230515105000-30125f104ba1 h1:M3+4wZvZolLs90wCjkJYslakQ3JAp/zs16mOwxvieJQ= -github.com/cs3org/reva/v2 v2.13.3-0.20230515105000-30125f104ba1/go.mod h1:MoymB39kU/myG7LFkaCwqtoXQHct+/8uoZAvJEmNi+I= github.com/cubewise-code/go-mime v0.0.0-20200519001935-8c5762b177d8 h1:Z9lwXumT5ACSmJ7WGnFl+OMLLjpz5uR2fyz7dC255FI= github.com/cubewise-code/go-mime v0.0.0-20200519001935-8c5762b177d8/go.mod h1:4abs/jPXcmJzYoYGF91JF9Uq9s/KL5n1jvFDix8KcqY= github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV+0YP4qX0UQ7r2MoYZ+AvYDp12OF5yg4q8rGnyNh4= @@ -1178,6 +1176,8 @@ github.com/klauspost/cpuid/v2 v2.0.1/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa02 github.com/klauspost/cpuid/v2 v2.0.4/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= github.com/klauspost/cpuid/v2 v2.1.0 h1:eyi1Ad2aNJMW95zcSbmGg7Cg6cq3ADwLpMAP96d8rF0= github.com/klauspost/cpuid/v2 v2.1.0/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY= +github.com/kobergj/reva/v2 v2.0.0-20230516090505-4277a0b4e1c1 h1:uOcWO86Z0R7WmEqpmEsAItleJRM9reuA3N1z7NrF260= +github.com/kobergj/reva/v2 v2.0.0-20230516090505-4277a0b4e1c1/go.mod h1:MoymB39kU/myG7LFkaCwqtoXQHct+/8uoZAvJEmNi+I= github.com/kolo/xmlrpc v0.0.0-20200310150728-e0350524596b/go.mod h1:o03bZfuBwAXHetKXuInt4S7omeXUu62/A845kiycsSQ= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= @@ -1267,8 +1267,6 @@ github.com/maxymania/go-system v0.0.0-20170110133659-647cc364bf0b h1:Q53idHrTuQD github.com/maxymania/go-system v0.0.0-20170110133659-647cc364bf0b/go.mod h1:KirJrATYGbTyUwVR26xIkaipRqRcMRXBf8N5dacvGus= github.com/mendsley/gojwk v0.0.0-20141217222730-4d5ec6e58103 h1:Z/i1e+gTZrmcGeZyWckaLfucYG6KYOXLWo4co8pZYNY= github.com/mendsley/gojwk v0.0.0-20141217222730-4d5ec6e58103/go.mod h1:o9YPB5aGP8ob35Vy6+vyq3P3bWe7NQWzf+JLiXCiMaE= -github.com/micbar/reva/v2 v2.0.0-20230513191305-7e887c838c63 h1:dyZ5M/M1x6NGkMiagInLclbWPWCBycJpc9COtzDTOyM= -github.com/micbar/reva/v2 v2.0.0-20230513191305-7e887c838c63/go.mod h1:MoymB39kU/myG7LFkaCwqtoXQHct+/8uoZAvJEmNi+I= github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= github.com/miekg/dns v1.1.26/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso= github.com/miekg/dns v1.1.40/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM= @@ -1376,8 +1374,6 @@ github.com/oracle/oci-go-sdk v24.3.0+incompatible/go.mod h1:VQb79nF8Z2cwLkLS35uk github.com/orcaman/concurrent-map v1.0.0 h1:I/2A2XPCb4IuQWcQhBhSwGfiuybl/J0ev9HDbW65HOY= github.com/orcaman/concurrent-map v1.0.0/go.mod h1:Lu3tH6HLW3feq74c2GC+jIMS/K2CFcDWnWD9XkenwhI= github.com/ovh/go-ovh v1.1.0/go.mod h1:AxitLZ5HBRPyUd+Zl60Ajaag+rNTdVXWIkzfrVuTXWA= -github.com/owncloud/libre-graph-api-go v1.0.2-0.20230330145712-ea267ccd404a h1:C7YCoyXn/8pkapUhw2KoIxEMdgIFUx3JjZQKtsXaaLc= -github.com/owncloud/libre-graph-api-go v1.0.2-0.20230330145712-ea267ccd404a/go.mod h1:iKdVH6nYpI8RBeK9sjeLfzrPByST6r9d+NG2IJHoJmU= github.com/owncloud/libre-graph-api-go v1.0.5-0.20230512172639-d458ad6b300b h1:65U1jcoFlywV2ZEfkynaw4v4DuS/UJdlyHQYCHB+fYA= github.com/owncloud/libre-graph-api-go v1.0.5-0.20230512172639-d458ad6b300b/go.mod h1:iKdVH6nYpI8RBeK9sjeLfzrPByST6r9d+NG2IJHoJmU= github.com/oxtoacart/bpool v0.0.0-20190530202638-03653db5a59c h1:rp5dCmg/yLR3mgFuSOe4oEnDDmGLROTvMragMUXpTQw= diff --git a/vendor/github.com/cs3org/reva/v2/internal/grpc/interceptors/auth/scope.go b/vendor/github.com/cs3org/reva/v2/internal/grpc/interceptors/auth/scope.go index 431d7da4d91..44c2e6d5b2c 100644 --- a/vendor/github.com/cs3org/reva/v2/internal/grpc/interceptors/auth/scope.go +++ b/vendor/github.com/cs3org/reva/v2/internal/grpc/interceptors/auth/scope.go @@ -247,43 +247,55 @@ func checkIfNestedResource(ctx context.Context, ref *provider.Reference, parent parentPath := statResponse.Info.Path childPath := ref.GetPath() - if childPath == "" || childPath == "." { - // We mint a token as the owner of the public share and try to stat the reference - // TODO(ishank011): We need to find a better alternative to this - - var user *userpb.User - if statResponse.GetInfo().GetOwner().GetType() == userpb.UserType_USER_TYPE_SPACE_OWNER { - // fake a space owner user - user = &userpb.User{ - Id: statResponse.GetInfo().GetOwner(), - } - } else { - userResp, err := client.GetUser(ctx, &userpb.GetUserRequest{UserId: statResponse.Info.Owner, SkipFetchingUserGroups: true}) - if err != nil || userResp.Status.Code != rpc.Code_CODE_OK { - return false, err - } - user = userResp.User - } + if childPath != "" && childPath != "." && strings.HasPrefix(childPath, parentPath) { + // if the request is relative from the root, we can return directly + return true, nil + } - scope, err := scope.AddOwnerScope(map[string]*authpb.Scope{}) - if err != nil { - return false, err + // The request is not relative to the root. We need to find out if the requested resource is child of the `parent` (coming from token scope) + // We mint a token as the owner of the public share and try to stat the reference + // TODO(ishank011): We need to find a better alternative to this + // NOTE: did somebody say service accounts? ... + + var user *userpb.User + if statResponse.GetInfo().GetOwner().GetType() == userpb.UserType_USER_TYPE_SPACE_OWNER { + // fake a space owner user + user = &userpb.User{ + Id: statResponse.GetInfo().GetOwner(), } - token, err := mgr.MintToken(ctx, user, scope) - if err != nil { + } else { + userResp, err := client.GetUser(ctx, &userpb.GetUserRequest{UserId: statResponse.Info.Owner, SkipFetchingUserGroups: true}) + if err != nil || userResp.Status.Code != rpc.Code_CODE_OK { return false, err } - ctx = metadata.AppendToOutgoingContext(context.Background(), ctxpkg.TokenHeader, token) + user = userResp.User + } - childStat, err := client.Stat(ctx, &provider.StatRequest{Ref: ref}) - if err != nil { - return false, err - } - if childStat.Status.Code != rpc.Code_CODE_OK { - return false, statuspkg.NewErrorFromCode(childStat.Status.Code, "auth interceptor") - } - childPath = statResponse.Info.Path + scope, err := scope.AddOwnerScope(map[string]*authpb.Scope{}) + if err != nil { + return false, err + } + token, err := mgr.MintToken(ctx, user, scope) + if err != nil { + return false, err + } + ctx = metadata.AppendToOutgoingContext(context.Background(), ctxpkg.TokenHeader, token) + + childStat, err := client.Stat(ctx, &provider.StatRequest{Ref: ref}) + if err != nil { + return false, err + } + if childStat.Status.Code != rpc.Code_CODE_OK { + return false, statuspkg.NewErrorFromCode(childStat.Status.Code, "auth interceptor") + } + pathResp, err := client.GetPath(ctx, &provider.GetPathRequest{ResourceId: childStat.GetInfo().GetId()}) + if err != nil { + return false, err + } + if pathResp.Status.Code != rpc.Code_CODE_OK { + return false, statuspkg.NewErrorFromCode(pathResp.Status.Code, "auth interceptor") } + childPath = pathResp.Path return strings.HasPrefix(childPath, parentPath), nil diff --git a/vendor/github.com/cs3org/reva/v2/pkg/storage/utils/decomposedfs/spaces.go b/vendor/github.com/cs3org/reva/v2/pkg/storage/utils/decomposedfs/spaces.go index 12f264aeb0b..00926d7d6f9 100644 --- a/vendor/github.com/cs3org/reva/v2/pkg/storage/utils/decomposedfs/spaces.go +++ b/vendor/github.com/cs3org/reva/v2/pkg/storage/utils/decomposedfs/spaces.go @@ -604,6 +604,7 @@ func (fs *Decomposedfs) UpdateStorageSpace(ctx context.Context, req *provider.Up }, nil } } + metadata[prefixes.TreeMTimeAttr] = []byte(time.Now().UTC().Format(time.RFC3339Nano)) err = spaceNode.SetXattrs(metadata, true) if err != nil { diff --git a/vendor/modules.txt b/vendor/modules.txt index 3b559d5df6d..d0c538b54af 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -349,7 +349,7 @@ github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1 github.com/cs3org/go-cs3apis/cs3/storage/registry/v1beta1 github.com/cs3org/go-cs3apis/cs3/tx/v1beta1 github.com/cs3org/go-cs3apis/cs3/types/v1beta1 -# github.com/cs3org/reva/v2 v2.13.3-0.20230515105000-30125f104ba1 +# github.com/cs3org/reva/v2 v2.13.3-0.20230515105000-30125f104ba1 => github.com/kobergj/reva/v2 v2.0.0-20230516090505-4277a0b4e1c1 ## explicit; go 1.19 github.com/cs3org/reva/v2/cmd/revad/internal/grace github.com/cs3org/reva/v2/cmd/revad/runtime @@ -2124,3 +2124,4 @@ stash.kopano.io/kgol/oidc-go ## explicit; go 1.13 stash.kopano.io/kgol/rndm # github.com/cs3org/go-cs3apis => github.com/c0rby/go-cs3apis v0.0.0-20230110100311-5b424f1baa35 +# github.com/cs3org/reva/v2 => github.com/kobergj/reva/v2 v2.0.0-20230516090505-4277a0b4e1c1