Prevent tokeninfo request

[tbsbdr]

Issue for: 7d70c67

"Our Reva backend doesn't implement it yet"

[tbsbdr]

@micbar we where wondering what the tokeninfo endpoint does - could you please tell what it does / is good for?

[tbsbdr]

@d7oc asked why don't override the method so that cern would not need to implement it backendwise - would that be a possible solution @pascalwengerter @dschmidt ?

[JammingBen]

@micbar we where wondering what the tokeninfo endpoint does - could you please tell what it does / is good for?

The endpoint gives information which is necessary for resolving a public link in certain cases:

• It provides file ids which are necessary for [full-ci] feat: resolve public link to actual location if possible #9299
• It provides info if the public link is an alias_link which is needed for resolving internal links
• It provides info if the link is password protected

[tbsbdr]

hm okay, thx @JammingBen
@dschmidt could you please outline what the endpoint should basically do / return in the case of cernbox? (return an empty object if none of the 3 functionalities above are used or alike? ) cc @labkode

[dschmidt]

In doubt {} is good for starters, I'm leaving the details of a more meaningful response to a backend person

[micbar]

Product Specification

Infinite Scale Links have now 2 different scopes

• public, with permissions, password optional
• internal, only people who have access to the file (via a space or a share) can resolve the link

Examples

Usage:

curling the unprotected endpoint returns standard information

curl -L 'https://localhost:9200/ocs/v1.php/apps/files_sharing/api/v1/tokeninfo/unprotected/LwrXbngGjuBmyrB'

<?xml version="1.0" encoding="UTF-8"?>
<ocs>
    <meta>
        <status>ok</status>
        <statuscode>100</statuscode>
        <message>OK</message>
    </meta>
    <data>
        <token>LwrXbngGjuBmyrB</token>
        <link_url>/s/LwrXbngGjuBmyrB</link_url>
        <password_protected>false</password_protected>
        <alias_link>false</alias_link>
        <id>storage-users-1$f2b65657-e440-4843-b3e4-40fbc0e4056b!362bcef5-679d-46ec-872f-4e35766c481b</id>
        <storage_id>storage-users-1</storage_id>
        <space_id>f2b65657-e440-4843-b3e4-40fbc0e4056b</space_id>
        <opaque_id>362bcef5-679d-46ec-872f-4e35766c481b</opaque_id>
        <path></path>
        <space_path></space_path>
        <space_alias></space_alias>
        <space_url></space_url>
        <space_type></space_type>
    </data>
</ocs>

curling a password protected link only returns minimal information

curl -L 'https://localhost:9200/ocs/v1.php/apps/files_sharing/api/v1/tokeninfo/unprotected/LwrXbngGjuBmyrB'

<?xml version="1.0" encoding="UTF-8"?>
<ocs>
    <meta>
        <status>ok</status>
        <statuscode>100</statuscode>
        <message>OK</message>
    </meta>
    <data>
        <token>LwrXbngGjuBmyrB</token>
        <link_url>/s/LwrXbngGjuBmyrB</link_url>
        <password_protected>true</password_protected>
        <alias_link>false</alias_link>
        <id></id>
        <storage_id></storage_id>
        <space_id></space_id>
        <opaque_id></opaque_id>
        <path></path>
        <space_path></space_path>
        <space_alias></space_alias>
        <space_url></space_url>
        <space_type></space_type>
    </data>
</ocs>

curling the protected endpoint returns full information if user has native access

curl -L 'https://localhost:9200/ocs/v1.php/apps/files_sharing/api/v1/tokeninfo/protected/LwrXbngGjuBmyrB' \
-H 'Authorization: Basic YWRtaW46YWRtaW4=' 

<?xml version="1.0" encoding="UTF-8"?>
<ocs>
    <meta>
        <status>ok</status>
        <statuscode>100</statuscode>
        <message>OK</message>
    </meta>
    <data>
        <token>LwrXbngGjuBmyrB</token>
        <link_url>/s/LwrXbngGjuBmyrB</link_url>
        <password_protected>false</password_protected>
        <alias_link>true</alias_link>
        <id>storage-users-1$f2b65657-e440-4843-b3e4-40fbc0e4056b!362bcef5-679d-46ec-872f-4e35766c481b</id>
        <storage_id>storage-users-1</storage_id>
        <space_id>f2b65657-e440-4843-b3e4-40fbc0e4056b</space_id>
        <opaque_id>362bcef5-679d-46ec-872f-4e35766c481b</opaque_id>
        <path></path>
        <space_path>/projects/Geschichte</space_path>
        <space_alias>project/geschichte</space_alias>
        <space_url>project/geschichte/362bcef5-679d-46ec-872f-4e35766c481b</space_url>
        <space_type>project</space_type>
    </data>
</ocs>

curling the protected endpoint returns same information as unprotected endpoint if user does not have native access

curl -L 'https://localhost:9200/ocs/v1.php/apps/files_sharing/api/v1/tokeninfo/protected/LwrXbngGjuBmyrB' \
-H 'Authorization: Basic ZWluc3RlaW46cmVsYXRpdml0eQ=='

<?xml version="1.0" encoding="UTF-8"?>
<ocs>
    <meta>
        <status>ok</status>
        <statuscode>100</statuscode>
        <message>OK</message>
    </meta>
    <data>
        <token>LwrXbngGjuBmyrB</token>
        <link_url>/s/LwrXbngGjuBmyrB</link_url>
        <password_protected>false</password_protected>
        <alias_link>true</alias_link>
        <id>storage-users-1$f2b65657-e440-4843-b3e4-40fbc0e4056b!362bcef5-679d-46ec-872f-4e35766c481b</id>
        <storage_id>storage-users-1</storage_id>
        <space_id>f2b65657-e440-4843-b3e4-40fbc0e4056b</space_id>
        <opaque_id>362bcef5-679d-46ec-872f-4e35766c481b</opaque_id>
        <path></path>
        <space_path></space_path>
        <space_alias></space_alias>
        <space_url></space_url>
        <space_type></space_type>
    </data>
</ocs>

curling the protected endpoint without authentication returns 401 Unauthorized

curl --insecure -X GET https://localhost:9200/ocs/v1.php/apps/files_sharing/api/v1/tokeninfo/protected/LwrXbngGjuBmyrB

HTTP/1.1 401 Unauthorized

[micbar]

@dschmidt @tbsbdr @diocas I clarified the backend behavior.