From 09338f6b15091bc23d1f5935e6b4b599dc7366c5 Mon Sep 17 00:00:00 2001 From: Carl Schwan Date: Thu, 19 Feb 2026 14:23:53 +0100 Subject: [PATCH] refactor: Improve wopi mapper - More typing - Use non deprecated/removed executeQuery/excecuteStatement - Be a bit more verbose regarding the errors Signed-off-by: Carl Schwan --- lib/Db/DirectMapper.php | 2 +- lib/Db/WopiMapper.php | 9 +++------ lib/Middleware/WOPIMiddleware.php | 7 ++++++- 3 files changed, 10 insertions(+), 8 deletions(-) diff --git a/lib/Db/DirectMapper.php b/lib/Db/DirectMapper.php index 8d2ebcaa..22ffa702 100644 --- a/lib/Db/DirectMapper.php +++ b/lib/Db/DirectMapper.php @@ -61,7 +61,7 @@ public function getByToken($token) { ->from('officeonline_direct') ->where($qb->expr()->eq('token', $qb->createNamedParameter($token))); - $cursor = $qb->execute(); + $cursor = $qb->executeQuery(); $row = $cursor->fetch(); $cursor->closeCursor(); diff --git a/lib/Db/WopiMapper.php b/lib/Db/WopiMapper.php index c07abec1..8024de50 100755 --- a/lib/Db/WopiMapper.php +++ b/lib/Db/WopiMapper.php @@ -79,18 +79,15 @@ public function generateFileToken($fileId, $owner, $editor, $version, $updatable * Given a token, validates it and * constructs and validates the path. * Returns the path, if valid, else false. - * - * @param string $token - * @return Wopi */ - public function getWopiForToken($token) { + public function getWopiForToken(string $token): ?Wopi { $qb = $this->db->getQueryBuilder(); $qb->select('*') ->from('officeonline_wopi') ->where( $qb->expr()->eq('token', $qb->createNamedParameter($token)) ); - $result = $qb->execute(); + $result = $qb->executeQuery(); $row = $result->fetch(); $result->closeCursor(); @@ -108,7 +105,7 @@ public function getWopiForToken($token) { if ($wopi->getExpiry() < $this->timeFactory->getTime()) { $qb = $this->db->getQueryBuilder(); $qb->delete('officeonline_wopi')->where($qb->expr()->lt('expiry', - $qb->createNamedParameter($this->timeFactory->getTime(), IQueryBuilder::PARAM_INT)))->execute(); + $qb->createNamedParameter($this->timeFactory->getTime(), IQueryBuilder::PARAM_INT)))->executeStatement(); return null; } diff --git a/lib/Middleware/WOPIMiddleware.php b/lib/Middleware/WOPIMiddleware.php index 916d47e4..a98a331f 100644 --- a/lib/Middleware/WOPIMiddleware.php +++ b/lib/Middleware/WOPIMiddleware.php @@ -56,8 +56,13 @@ public function beforeController($controller, $methodName) { $accessToken = $this->request->getParam('access_token'); [$fileId, ,] = Helper::parseFileId($fileId); $wopi = $this->wopiMapper->getWopiForToken($accessToken); + + if ($wopi === null) { + throw new NotPermittedException('Unable to find a valid wopi for the given access token.'); + } + if ((int)$fileId !== $wopi->getFileid()) { - throw new NotPermittedException(); + throw new NotPermittedException("Wopi token doesn't match the expected file id"); } } catch (\Exception $e) { $this->logger->error('Failed to validate WOPI access', [ 'exception' => $e ]);