Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

allow requesting capabilities from password protected links #3229

Merged
merged 1 commit into from
Feb 24, 2022
Merged

allow requesting capabilities from password protected links #3229

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions changelog/unreleased/fix-capabilities-for-public-links.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
Bugfix: Capabilities for password protected public links

Allow password protected public links to request capabilities.

https://github.com/owncloud/ocis/pull/3229
https://github.com/owncloud/web/pull/6471
https://github.com/owncloud/web/issues/5863
22 changes: 19 additions & 3 deletions proxy/pkg/middleware/basic_auth.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,6 @@ import (
"github.com/owncloud/ocis/proxy/pkg/webdav"
)

const publicFilesEndpoint = "/remote.php/dav/public-files/"

// BasicAuth provides a middleware to check if BasicAuth is provided
func BasicAuth(optionSetters ...Option) func(next http.Handler) http.Handler {
options := newOptions(optionSetters...)
Expand Down Expand Up @@ -111,7 +109,25 @@ type basicAuth struct {

func (m basicAuth) isPublicLink(req *http.Request) bool {
login, _, ok := req.BasicAuth()
return ok && login == "public" && strings.HasPrefix(req.URL.Path, publicFilesEndpoint)

if !ok || login != "public" {
return false
}

publicPaths := []string{
"/remote.php/dav/public-files/",
"/ocs/v1.php/cloud/capabilities",
}
isPublic := false

for _, p := range publicPaths {
if strings.HasPrefix(req.URL.Path, p) {
isPublic = true
break
}
}

return isPublic
}

// The token auth endpoint uses basic auth for clients, see https://openid.net/specs/openid-connect-basic-1_0.html#TokenRequest
Expand Down
37 changes: 37 additions & 0 deletions proxy/pkg/middleware/basic_auth_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,40 @@
package middleware

import (
"net/http/httptest"
"testing"
)

/**/

func TestBasicAuth__isPublicLink(t *testing.T) {
tests := []struct {
url string
username string
expected bool
}{
{url: "/remote.php/dav/public-files/", username: "", expected: false},
{url: "/remote.php/dav/public-files/", username: "abc", expected: false},
{url: "/remote.php/dav/public-files/", username: "private", expected: false},
{url: "/remote.php/dav/public-files/", username: "public", expected: true},
{url: "/ocs/v1.php/cloud/capabilities", username: "", expected: false},
{url: "/ocs/v1.php/cloud/capabilities", username: "abc", expected: false},
{url: "/ocs/v1.php/cloud/capabilities", username: "private", expected: false},
{url: "/ocs/v1.php/cloud/capabilities", username: "public", expected: true},
{url: "/ocs/v1.php/cloud/users/admin", username: "public", expected: false},
}
ba := basicAuth{}

for _, tt := range tests {
req := httptest.NewRequest("", tt.url, nil)

if tt.username != "" {
req.SetBasicAuth(tt.username, "")
}

result := ba.isPublicLink(req)
if result != tt.expected {
t.Errorf("with %s expected %t got %t", tt.url, tt.expected, result)
}
}
}