From 159a97e99f61456ff47d31a3fa1e083e5111ef5e Mon Sep 17 00:00:00 2001 From: Roman Perekhod <2403905@gmail.com> Date: Wed, 15 Oct 2025 09:35:06 +0200 Subject: [PATCH 1/4] fix: fixed the OCM WebDAV protocol entity mismatch --- changelog/unreleased/fix-ocm-weddav.md | 5 +++ .../ocmshareprovider/ocmshareprovider.go | 2 +- internal/http/services/ocmd/protocols.go | 34 +++++++++++++++- internal/http/services/ocmd/protocols_test.go | 40 ++++++++++++++++--- 4 files changed, 72 insertions(+), 9 deletions(-) create mode 100644 changelog/unreleased/fix-ocm-weddav.md diff --git a/changelog/unreleased/fix-ocm-weddav.md b/changelog/unreleased/fix-ocm-weddav.md new file mode 100644 index 00000000000..b4c311d92bc --- /dev/null +++ b/changelog/unreleased/fix-ocm-weddav.md @@ -0,0 +1,5 @@ +Bugfix: Fix the OCM WebDAV protocol entity mismatch + +Fixed the OCM WebDAV protocol entity mismatch + +https://github.com/owncloud/reva/pull/425 diff --git a/internal/grpc/services/ocmshareprovider/ocmshareprovider.go b/internal/grpc/services/ocmshareprovider/ocmshareprovider.go index ba1fdaaca38..3b2b89fa624 100644 --- a/internal/grpc/services/ocmshareprovider/ocmshareprovider.go +++ b/internal/grpc/services/ocmshareprovider/ocmshareprovider.go @@ -187,7 +187,7 @@ func (s *service) getWebdavProtocol(ctx context.Context, share *ocm.Share, m *oc return &ocmd.WebDAV{ Permissions: perms, - URL: s.webdavURL(ctx, share), + URI: s.webdavURL(ctx, share), SharedSecret: share.Token, } } diff --git a/internal/http/services/ocmd/protocols.go b/internal/http/services/ocmd/protocols.go index 00e2d51f117..c8e10834be6 100644 --- a/internal/http/services/ocmd/protocols.go +++ b/internal/http/services/ocmd/protocols.go @@ -47,7 +47,37 @@ type Protocol interface { type WebDAV struct { SharedSecret string `json:"sharedSecret" validate:"required"` Permissions []string `json:"permissions" validate:"required,dive,required,oneof=read write share"` - URL string `json:"url" validate:"required"` + URI string `json:"uri" validate:"required"` +} + +// UnmarshalJSON implements custom JSON unmarshaling for backward compatibility. +// It supports both "url" (legacy) and "uri" (new) field names. +func (w *WebDAV) UnmarshalJSON(data []byte) error { + // Define a temporary struct with both url and uri fields + type WebDAVAlias struct { + SharedSecret string `json:"sharedSecret"` + Permissions []string `json:"permissions"` + URL string `json:"url"` + URI string `json:"uri"` + } + + var alias WebDAVAlias + if err := json.Unmarshal(data, &alias); err != nil { + return err + } + + // Copy common fields + w.SharedSecret = alias.SharedSecret + w.Permissions = alias.Permissions + + // Use URI if present, otherwise fall back to URL for backward compatibility + if alias.URI != "" { + w.URI = alias.URI + } else { + w.URI = alias.URL + } + + return nil } // ToOCMProtocol convert the protocol to a ocm Protocol struct. @@ -73,7 +103,7 @@ func (w *WebDAV) ToOCMProtocol() *ocm.Protocol { } } - return ocmshare.NewWebDAVProtocol(w.URL, w.SharedSecret, perms) + return ocmshare.NewWebDAVProtocol(w.URI, w.SharedSecret, perms) } // Webapp contains the parameters for the Webapp protocol. diff --git a/internal/http/services/ocmd/protocols_test.go b/internal/http/services/ocmd/protocols_test.go index 35d857f062d..b844b946519 100644 --- a/internal/http/services/ocmd/protocols_test.go +++ b/internal/http/services/ocmd/protocols_test.go @@ -48,13 +48,23 @@ func TestUnmarshalProtocol(t *testing.T) { raw: `{"unsupported":{}}`, err: "protocol unsupported not recognised", }, + { + raw: `{"name":"multi","options":{},"webdav":{"sharedSecret":"secret","permissions":["read","write"],"uri":"http://example.org"}}`, + expected: []Protocol{ + &WebDAV{ + SharedSecret: "secret", + Permissions: []string{"read", "write"}, + URI: "http://example.org", + }, + }, + }, { raw: `{"name":"multi","options":{},"webdav":{"sharedSecret":"secret","permissions":["read","write"],"url":"http://example.org"}}`, expected: []Protocol{ &WebDAV{ SharedSecret: "secret", Permissions: []string{"read", "write"}, - URL: "http://example.org", + URI: "http://example.org", }, }, }, @@ -82,7 +92,25 @@ func TestUnmarshalProtocol(t *testing.T) { &WebDAV{ SharedSecret: "secret", Permissions: []string{"read", "write"}, - URL: "http://example.org", + URI: "http://example.org", + }, + &Webapp{ + URITemplate: "http://example.org/{test}", + }, + &Datatx{ + SharedSecret: "secret", + SourceURI: "http://example.org", + Size: 10, + }, + }, + }, + { + raw: `{"name":"multi","options":{},"webdav":{"sharedSecret":"secret","permissions":["read","write"],"uri":"http://example.org"},"webapp":{"uriTemplate":"http://example.org/{test}"},"datatx":{"sharedSecret":"secret","srcUri":"http://example.org","size":10}}`, + expected: []Protocol{ + &WebDAV{ + SharedSecret: "secret", + Permissions: []string{"read", "write"}, + URI: "http://example.org", }, &Webapp{ URITemplate: "http://example.org/{test}", @@ -145,7 +173,7 @@ func TestMarshalProtocol(t *testing.T) { &WebDAV{ SharedSecret: "secret", Permissions: []string{"read"}, - URL: "http://example.org", + URI: "http://example.org", }, }, expected: map[string]any{ @@ -154,7 +182,7 @@ func TestMarshalProtocol(t *testing.T) { "webdav": map[string]any{ "sharedSecret": "secret", "permissions": []any{"read"}, - "url": "http://example.org", + "uri": "http://example.org", }, }, }, @@ -197,7 +225,7 @@ func TestMarshalProtocol(t *testing.T) { &WebDAV{ SharedSecret: "secret", Permissions: []string{"read"}, - URL: "http://example.org", + URI: "http://example.org", }, &Webapp{ URITemplate: "http://example.org", @@ -215,7 +243,7 @@ func TestMarshalProtocol(t *testing.T) { "webdav": map[string]any{ "sharedSecret": "secret", "permissions": []any{"read"}, - "url": "http://example.org", + "uri": "http://example.org", }, "webapp": map[string]any{ "uriTemplate": "http://example.org", From 641d1047e5ca176d33e8b0a1688a3bd1bd3bba27 Mon Sep 17 00:00:00 2001 From: Roman Perekhod <2403905@gmail.com> Date: Fri, 17 Oct 2025 09:09:29 +0200 Subject: [PATCH 2/4] fix: fixed the OCM user id decoding --- internal/http/services/ocmd/shares.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/internal/http/services/ocmd/shares.go b/internal/http/services/ocmd/shares.go index cb7de98ae60..fdd916f2f26 100644 --- a/internal/http/services/ocmd/shares.go +++ b/internal/http/services/ocmd/shares.go @@ -19,6 +19,7 @@ package ocmd import ( + "encoding/base64" "encoding/json" "errors" "fmt" @@ -213,6 +214,10 @@ func getIDAndMeshProvider(user string) (string, string, error) { if len(split) < 2 { return "", "", errors.New("not in the form @") } + candidate := split[0] + if b, err := base64.StdEncoding.DecodeString(candidate); err == nil { + split = strings.Split(string(b), "@") + } return strings.Join(split[:len(split)-1], "@"), split[len(split)-1], nil } From 772f3b35b7c6c6b97c2cbdeffa6fd124d2d2d701 Mon Sep 17 00:00:00 2001 From: Roman Perekhod <2403905@gmail.com> Date: Fri, 17 Oct 2025 10:55:25 +0200 Subject: [PATCH 3/4] fix: always allow providers --- pkg/ocm/provider/authorizer/json/json.go | 6 ++++-- pkg/ocm/provider/authorizer/json/json_test.go | 6 ++++-- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/pkg/ocm/provider/authorizer/json/json.go b/pkg/ocm/provider/authorizer/json/json.go index 152140fdba4..5a8bf296a9b 100644 --- a/pkg/ocm/provider/authorizer/json/json.go +++ b/pkg/ocm/provider/authorizer/json/json.go @@ -173,10 +173,12 @@ func (a *authorizer) IsProviderAllowed(ctx context.Context, pi *ocmprovider.Prov } switch { - case !providerAuthorized: - return errtypes.NotFound(pi.GetDomain()) case !a.conf.VerifyRequestHostname: + log.Info().Msg("VerifyRequestHostname is disabled. any provider is allowed") return nil + case !providerAuthorized: + log.Info().Msg("providerAuthorized is false") + return errtypes.NotFound(pi.GetDomain()) case len(pi.Services) == 0: return ErrNoIP } diff --git a/pkg/ocm/provider/authorizer/json/json_test.go b/pkg/ocm/provider/authorizer/json/json_test.go index 52c525733b7..b6722f23d84 100644 --- a/pkg/ocm/provider/authorizer/json/json_test.go +++ b/pkg/ocm/provider/authorizer/json/json_test.go @@ -49,7 +49,8 @@ func TestAuthorizer_IsProviderAllowed(t *testing.T) { providerInfo: &ocmprovider.ProviderInfo{ Domain: "some.unknown.domain", }, - expectedError: errtypes.NotFound("some.unknown.domain"), + verifyRequestHostname: true, + expectedError: errtypes.NotFound("some.unknown.domain"), }, "authorized without host name verification": { providerInfo: &ocmprovider.ProviderInfo{ @@ -65,7 +66,8 @@ func TestAuthorizer_IsProviderAllowed(t *testing.T) { providerInfo: &ocmprovider.ProviderInfo{ Domain: "server-two", }, - expectedError: error(errtypes.NotFound("server-two")), + verifyRequestHostname: true, + expectedError: error(errtypes.NotFound("server-two")), }, } { t.Run(name, func(t *testing.T) { From 3bedbdbd7ead68f6f66885c267fbe41d3e45c955 Mon Sep 17 00:00:00 2001 From: Roman Perekhod <2403905@gmail.com> Date: Fri, 17 Oct 2025 14:45:14 +0200 Subject: [PATCH 4/4] fix: Decoding --- pkg/ocm/user/user.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/ocm/user/user.go b/pkg/ocm/user/user.go index 9be8add2b4d..955280373b1 100644 --- a/pkg/ocm/user/user.go +++ b/pkg/ocm/user/user.go @@ -12,7 +12,7 @@ import ( // 1. stripping the protocol from the domain and // 2. base64 encoding the opaque id with the domain to get a unique identifier that cannot collide with other users func FederatedID(id *userpb.UserId, domain string) *userpb.UserId { - opaqueId := base64.URLEncoding.EncodeToString([]byte(id.OpaqueId + "@" + id.Idp)) + opaqueId := base64.StdEncoding.EncodeToString([]byte(id.OpaqueId + "@" + id.Idp)) return &userpb.UserId{ Type: userpb.UserType_USER_TYPE_FEDERATED, Idp: domain, @@ -29,7 +29,7 @@ func RemoteID(id *userpb.UserId) *userpb.UserId { Idp: id.Idp, OpaqueId: id.OpaqueId, } - bytes, err := base64.URLEncoding.DecodeString(id.GetOpaqueId()) + bytes, err := base64.StdEncoding.DecodeString(id.GetOpaqueId()) if err != nil { return remoteId }