Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: public link download in authenticated context #10494

Merged
merged 2 commits into from
Feb 19, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions changelog/unreleased/bugfix-public-link-file-download
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
Bugfix: Public link file download

We've fixed a bug where the download of a file from a public link was not working when the user had logged in already. The download only worked if no user was logged in.

https://github.com/owncloud/web/issues/10473
https://github.com/owncloud/web/pull/10494
27 changes: 18 additions & 9 deletions packages/web-pkg/src/composables/download/useDownloadFile.ts
Original file line number Diff line number Diff line change
Expand Up @@ -24,18 +24,27 @@ export const useDownloadFile = (options?: DownloadFileOptions) => {
const { owncloudSdk: client } = clientService
const isUserContext = store.getters['runtime/auth/isUserContextReady']

// construct the url and headers
let url
if (unref(isPublicLinkContext)) {
url = file.downloadURL
} else {
if (version === null) {
url = `${client.helpers._davPath}${file.webDavPath}`
} else {
url = client.fileVersions.getFileVersionUrl(file.fileId, version)
// public links have a pre-signed download url
if (file.downloadURL) {
try {
triggerDownloadWithFilename(file.downloadURL, file.name)
} catch (e) {
console.error(e)
store.dispatch('showErrorMessage', {
title: $gettext('Download failed'),
desc: $gettext('File could not be located'),
errors: [e]
})
}
return
}

// construct the download url
const url =
version === null
? `${client.helpers._davPath}${file.webDavPath}`
: client.fileVersions.getFileVersionUrl(file.fileId, version)

// download with signing enabled
if (isUserContext && unref(isUrlSigningEnabled)) {
const httpClient = clientService.httpAuthenticated
Expand Down
37 changes: 36 additions & 1 deletion tests/e2e/cucumber/features/smoke/shares/link.feature
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,10 @@ Feature: link
| lorem.txt | lorem_new.txt |
| textfile.txt | textfile_new.txt |
| new-lorem.txt | test.txt |
# currently upload folder feature is not available in playwright
# And "Anonymous" uploads the following resources in public link page
# | resource |
# | filesForUpload/PARENT |
And "Alice" removes the public link named "myPublicLink" of resource "folderPublic"
And "Anonymous" should not be able to open the old link "myPublicLink"
And "Alice" logs out
Expand Down Expand Up @@ -69,6 +73,7 @@ Feature: link
Given "Admin" creates following user using API
| id |
| Brian |
| Carol |
And "Alice" logs in
And "Alice" creates the following resources
| resource | type |
Expand Down Expand Up @@ -97,9 +102,14 @@ Feature: link
And "Alice" creates a public link for the resource "testavatar.jpg" with password "%public%" using the sidebar panel
And "Alice" renames the most recently created public link of resource "testavatar.jpg" to "imageLink"
And "Alice" logs out

# authenticated user with access to resources. should be redirected to shares with me page
And "Brian" logs in
When "Brian" opens the public link "folderLink"
And "Brian" unlocks the public link with password "%public%"
And "Brian" downloads the following public link resources using the sidebar panel
| resource | type |
| shareToBrian.txt | file |
And "Brian" uploads the following resources
| resource |
| lorem.txt |
Expand All @@ -121,6 +131,32 @@ Feature: link
And "Brian" closes the file viewer
And "Brian" logs out

# authenticated user without access to resources. should be redirected to the public links page
And "Carol" logs in
When "Carol" opens the public link "folderLink"
And "Carol" unlocks the public link with password "%public%"
# https://github.com/owncloud/web/issues/10473
And "Carol" downloads the following public link resources using the sidebar panel
| resource | type |
| lorem.txt | file |
When "Carol" opens the public link "textLink"
And "Carol" unlocks the public link with password "%public%"
Then "Carol" is in a text-editor
And "Carol" closes the file viewer
When "Carol" opens the public link "markdownLink"
And "Carol" unlocks the public link with password "%public%"
Then "Carol" is in a text-editor
And "Carol" closes the file viewer
When "Carol" opens the public link "pdfLink"
And "Carol" unlocks the public link with password "%public%"
Then "Carol" is in a pdf-viewer
And "Carol" closes the file viewer
When "Carol" opens the public link "imageLink"
And "Carol" unlocks the public link with password "%public%"
Then "Carol" is in a image-viewer
And "Carol" closes the file viewer
And "Carol" logs out


Scenario: add banned password for public link
When "Alice" logs in
Expand Down Expand Up @@ -148,4 +184,3 @@ Feature: link
And "Anonymous" opens the public link "myPublicLink"
And "Anonymous" unlocks the public link with password "%copied_password%"
And "Alice" logs out