mirrors/nextcloud-desktop
1
0
Fork 0
mirror of https://github.com/nextcloud/desktop.git synced 2024-10-25 05:45:42 +03:00
Code Issues Projects Releases Packages Wiki Activity

Verify token before checking disk or modifying state

Browse source 
Signed-off-by: Claudio Cambra <claudio.cambra@nextcloud.com>
This commit is contained in:
Claudio Cambra 2022-10-28 16:42:57 +02:00 committed by Claudio Cambra
parent 9a00aa6e66
commit 9438d3f1c7
3 changed files with 117 additions and 61 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
src/gui/application.cpp
View file

@ -777,12 +777,14 @@ void Application::handleEditLocally(const QUrl &url) const
// We need to make sure the handler sticks around until it is finished // We need to make sure the handler sticks around until it is finished
const auto editLocallyHandler = new EditLocallyHandler(userId, fileRemotePath, token); const auto editLocallyHandler = new EditLocallyHandler(userId, fileRemotePath, token);
if (editLocallyHandler->ready()) { const auto editLocallyHandlerDeleter = [editLocallyHandler]{ delete editLocallyHandler; };
connect(editLocallyHandler, &EditLocallyHandler::finished, this, [&editLocallyHandler] { delete editLocallyHandler; }); connect(editLocallyHandler, &EditLocallyHandler::error, this, editLocallyHandlerDeleter);
editLocallyHandler->startEditLocally(); connect(editLocallyHandler, &EditLocallyHandler::fileOpened, this, editLocallyHandlerDeleter);
} else {
delete editLocallyHandler; connect(editLocallyHandler, &EditLocallyHandler::setupFinished,
} editLocallyHandler, [editLocallyHandler]{ editLocallyHandler->startEditLocally(); });
editLocallyHandler->startSetup();
} }
QString substLang(const QString &lang) QString substLang(const QString &lang)

148
src/gui/editlocallyhandler.cpp
View file

@ -35,36 +35,101 @@ EditLocallyHandler::EditLocallyHandler(const QString &userId,
const QString &token, const QString &token,
QObject *parent) QObject *parent)
: QObject{parent} : QObject{parent}
, _userId(userId)
, _relPath(relPath) , _relPath(relPath)
, _token(token) , _token(token)
{ {
_accountState = AccountManager::instance()->accountFromUserId(userId); }
if (!_accountState) { void EditLocallyHandler::startSetup()
qCWarning(lcEditLocallyHandler) << "Could not find an account " << userId << " to edit file " << relPath << " locally."; {
showError(tr("Could not find an account for local editing"), userId); if (_token.isEmpty() || _relPath.isEmpty() || _userId.isEmpty()) {
qCWarning(lcEditLocallyHandler) << "Could not start setup."
<< "token:" << _token
<< "relPath:" << _relPath
<< "userId" << _userId;
return; return;
} }
if (!isTokenValid(token)) { // We check the input data locally first, without modifying any state or
qCWarning(lcEditLocallyHandler) << "Edit locally request is missing a valid token, will not open file. Token received was:" << token; // showing any potentially misleading data to the user
if (!isTokenValid(_token)) {
qCWarning(lcEditLocallyHandler) << "Edit locally request is missing a valid token, will not open file. "
<< "Token received was:" << _token;
showError(tr("Invalid token received."), tr("Please try again.")); showError(tr("Invalid token received."), tr("Please try again."));
return; return;
} }
if (!isRelPathValid(relPath)) { if (!isRelPathValid(_relPath)) {
qCWarning(lcEditLocallyHandler) << "Provided relPath was:" << relPath << "which is not canonical."; qCWarning(lcEditLocallyHandler) << "Provided relPath was:" << _relPath << "which is not canonical.";
showError(tr("Invalid file path was provided."), tr("Please try again.")); showError(tr("Invalid file path was provided."), tr("Please try again."));
return; return;
} }
const auto foundFiles = FolderMan::instance()->findFileInLocalFolders(relPath, _accountState->account()); _accountState = AccountManager::instance()->accountFromUserId(_userId);
if (!_accountState) {
qCWarning(lcEditLocallyHandler) << "Could not find an account " << _userId << " to edit file " << _relPath << " locally.";
showError(tr("Could not find an account for local editing."), _userId);
return;
}
// We now ask the server to verify the token, before we again modify any
// state or look at local files
startTokenRemoteCheck();
}
void EditLocallyHandler::startTokenRemoteCheck()
{
if (!_accountState || _relPath.isEmpty() || _token.isEmpty()) {
qCWarning(lcEditLocallyHandler) << "Could not start token check."
<< "accountState:" << _accountState
<< "relPath:" << _relPath
<< "token:" << _token;
return;
}
const auto encodedToken = QString::fromUtf8(QUrl::toPercentEncoding(_token)); // Sanitise the token
const auto encodedRelPath = QUrl::toPercentEncoding(_relPath); // Sanitise the relPath
const auto checkEditLocallyToken = new SimpleApiJob(_accountState->account(), QStringLiteral("/ocs/v2.php/apps/files/api/v1/openlocaleditor/%1").arg(encodedToken));
QUrlQuery params;
params.addQueryItem(QStringLiteral("path"), prefixSlashToPath(encodedRelPath));
checkEditLocallyToken->addQueryParams(params);
checkEditLocallyToken->setVerb(SimpleApiJob::Verb::Post);
connect(checkEditLocallyToken, &SimpleApiJob::resultReceived, this, &EditLocallyHandler::remoteTokenCheckResultReceived);
checkEditLocallyToken->start();
}
void EditLocallyHandler::remoteTokenCheckResultReceived(const int statusCode)
{
qCInfo(lcEditLocallyHandler) << "token check result" << statusCode;
constexpr auto HTTP_OK_CODE = 200;
_tokenVerified = statusCode == HTTP_OK_CODE;
if (!_tokenVerified) {
showError(tr("Could not validate the request to open a file from server."), _relPath);
}
proceedWithSetup();
}
void EditLocallyHandler::proceedWithSetup()
{
if (!_tokenVerified) {
qCWarning(lcEditLocallyHandler) << "Could not proceed with setup as token is not verified.";
return;
}
const auto foundFiles = FolderMan::instance()->findFileInLocalFolders(_relPath, _accountState->account());
if (foundFiles.isEmpty()) { if (foundFiles.isEmpty()) {
if (isRelPathExcluded(relPath)) { if (isRelPathExcluded(_relPath)) {
showError(tr("Could not find a file for local editing. Make sure it is not excluded via selective sync."), relPath); showError(tr("Could not find a file for local editing. Make sure it is not excluded via selective sync."), _relPath);
} else { } else {
showError(tr("Could not find a file for local editing. Make sure its path is valid and it is synced locally."), relPath); showError(tr("Could not find a file for local editing. Make sure its path is valid and it is synced locally."), _relPath);
} }
return; return;
} }
@ -73,24 +138,19 @@ EditLocallyHandler::EditLocallyHandler(const QString &userId,
_folderForFile = FolderMan::instance()->folderForPath(_localFilePath); _folderForFile = FolderMan::instance()->folderForPath(_localFilePath);
if (!_folderForFile) { if (!_folderForFile) {
showError(tr("Could not find a folder to sync."), relPath); showError(tr("Could not find a folder to sync."), _relPath);
return; return;
} }
const auto relPathSplit = relPath.split(QLatin1Char('/')); const auto relPathSplit = _relPath.split(QLatin1Char('/'));
if (relPathSplit.size() == 0) { if (relPathSplit.isEmpty()) {
showError(tr("Could not find a file for local editing. Make sure its path is valid and it is synced locally."), relPath); showError(tr("Could not find a file for local editing. Make sure its path is valid and it is synced locally."), _relPath);
return; return;
} }
_fileName = relPathSplit.last(); _fileName = relPathSplit.last();
_ready = true; Q_EMIT setupFinished();
}
bool EditLocallyHandler::ready() const
{
return _ready;
} }
QString EditLocallyHandler::prefixSlashToPath(const QString &path) QString EditLocallyHandler::prefixSlashToPath(const QString &path)
@ -165,11 +225,12 @@ bool EditLocallyHandler::isRelPathExcluded(const QString &relPath)
return true; return true;
} }
void EditLocallyHandler::showError(const QString &message, const QString &informativeText) const void EditLocallyHandler::showError(const QString &message, const QString &informativeText)
{ {
showErrorNotification(message, informativeText); showErrorNotification(message, informativeText);
// to make sure the error is not missed, show a message box in addition // to make sure the error is not missed, show a message box in addition
showErrorMessageBox(message, informativeText); showErrorMessageBox(message, informativeText);
Q_EMIT error(message, informativeText);
} }
void EditLocallyHandler::showErrorNotification(const QString &message, const QString &informativeText) const void EditLocallyHandler::showErrorNotification(const QString &message, const QString &informativeText) const
@ -203,36 +264,16 @@ void EditLocallyHandler::showErrorMessageBox(const QString &message, const QStri
void EditLocallyHandler::startEditLocally() void EditLocallyHandler::startEditLocally()
{ {
if (!_ready) { if (_fileName.isEmpty() || _localFilePath.isEmpty() || !_folderForFile) {
qCWarning(lcEditLocallyHandler) << "Could not start to edit locally."
<< "fileName:" << _fileName
<< "localFilePath:" << _localFilePath
<< "folderForFile:" << _folderForFile;
return; return;
} }
Systray::instance()->createEditFileLocallyLoadingDialog(_fileName); Systray::instance()->createEditFileLocallyLoadingDialog(_fileName);
const auto encodedToken = QString::fromUtf8(QUrl::toPercentEncoding(_token)); // Sanitise the token
const auto encodedRelPath = QUrl::toPercentEncoding(_relPath); // Sanitise the relPath
const auto checkEditLocallyToken = new SimpleApiJob(_accountState->account(), QStringLiteral("/ocs/v2.php/apps/files/api/v1/openlocaleditor/%1").arg(encodedToken));
QUrlQuery params;
params.addQueryItem(QStringLiteral("path"), prefixSlashToPath(_relPath));
checkEditLocallyToken->addQueryParams(params);
checkEditLocallyToken->setVerb(SimpleApiJob::Verb::Post);
connect(checkEditLocallyToken, &SimpleApiJob::resultReceived, this, &EditLocallyHandler::remoteTokenCheckFinished);
checkEditLocallyToken->start();
}
void EditLocallyHandler::remoteTokenCheckFinished(const int statusCode)
{
constexpr auto HTTP_OK_CODE = 200;
if (statusCode != HTTP_OK_CODE) {
Systray::instance()->destroyEditFileLocallyLoadingDialog();
showError(tr("Could not validate the request to open a file from server."), _relPath);
qCInfo(lcEditLocallyHandler) << "token check result" << statusCode;
return;
}
_folderForFile->startSync(); _folderForFile->startSync();
const auto syncFinishedConnection = connect(_folderForFile, &Folder::syncFinished, const auto syncFinishedConnection = connect(_folderForFile, &Folder::syncFinished,
this, &EditLocallyHandler::folderSyncFinished); this, &EditLocallyHandler::folderSyncFinished);
@ -248,6 +289,10 @@ void EditLocallyHandler::folderSyncFinished(const OCC::SyncResult &result)
void EditLocallyHandler::disconnectSyncFinished() const void EditLocallyHandler::disconnectSyncFinished() const
{ {
if(_localFilePath.isEmpty()) {
return;
}
if (const auto existingConnection = editLocallySyncFinishedConnections.value(_localFilePath)) { if (const auto existingConnection = editLocallySyncFinishedConnections.value(_localFilePath)) {
disconnect(existingConnection); disconnect(existingConnection);
editLocallySyncFinishedConnections.remove(_localFilePath); editLocallySyncFinishedConnections.remove(_localFilePath);
@ -256,6 +301,11 @@ void EditLocallyHandler::disconnectSyncFinished() const
void EditLocallyHandler::openFile() void EditLocallyHandler::openFile()
{ {
if(_localFilePath.isEmpty()) {
qCWarning(lcEditLocallyHandler) << "Could not edit locally. Invalid local file path.";
return;
}
const auto localFilePath = _localFilePath; const auto localFilePath = _localFilePath;
// In case the VFS mode is enabled and a file is not yet hydrated, we must call QDesktopServices::openUrl // In case the VFS mode is enabled and a file is not yet hydrated, we must call QDesktopServices::openUrl
// from a separate thread, or, there will be a freeze. To avoid searching for a specific folder and checking // from a separate thread, or, there will be a freeze. To avoid searching for a specific folder and checking
@ -265,7 +315,7 @@ void EditLocallyHandler::openFile()
Systray::instance()->destroyEditFileLocallyLoadingDialog(); Systray::instance()->destroyEditFileLocallyLoadingDialog();
}); });
Q_EMIT finished(); Q_EMIT fileOpened();
} }
} }

16
src/gui/editlocallyhandler.h
View file

@ -36,30 +36,34 @@ public:
[[nodiscard]] static bool isRelPathExcluded(const QString &relPath); [[nodiscard]] static bool isRelPathExcluded(const QString &relPath);
[[nodiscard]] static QString prefixSlashToPath(const QString &path); [[nodiscard]] static QString prefixSlashToPath(const QString &path);
[[nodiscard]] bool ready() const;
signals: signals:
void finished(); void setupFinished();
void error(const QString &message, const QString &informativeText);
void fileOpened();
public slots: public slots:
void startSetup();
void startEditLocally(); void startEditLocally();
void startTokenRemoteCheck(); void startTokenRemoteCheck();
private slots: private slots:
void showError(const QString &message, const QString &informativeText) const; void proceedWithSetup();
void showError(const QString &message, const QString &informativeText);
void showErrorNotification(const QString &message, const QString &informativeText) const; void showErrorNotification(const QString &message, const QString &informativeText) const;
void showErrorMessageBox(const QString &message, const QString &informativeText) const; void showErrorMessageBox(const QString &message, const QString &informativeText) const;
void remoteTokenCheckFinished(const int statusCode); void remoteTokenCheckResultReceived(const int statusCode);
void folderSyncFinished(const OCC::SyncResult &result); void folderSyncFinished(const OCC::SyncResult &result);
void disconnectSyncFinished() const; void disconnectSyncFinished() const;
void openFile(); void openFile();
private: private:
bool _ready = false; bool _tokenVerified = false;
AccountStatePtr _accountState; AccountStatePtr _accountState;
QString _userId;
QString _relPath; QString _relPath;
QString _token; QString _token;