Shares using the OCM multi-protocol envelope (name multi, with the secret carried in a sibling protocol entry such as webdav) were rejected with Missing sharedSecret in protocol. Scan every protocol entry for the shared secret during validation, resolve the secret from the matching entry, and let the files provider serve the webdav entry of a multi envelope. Covers the file and folder resource types.
Signed-off-by: Micke Nordin <kano@sunet.se>
Accept both the legacy options.sharedSecret envelope and the new
protocol[name].sharedSecret form. Preserve the original cloud ID so the
factory can discover capabilities, then reset shareWith to the local
username for user lookup.
Delegate per-protocol validation to providers via the new
IValidationAwareCloudFederationProvider interface, with split exception
handling: BadRequestException -> 400, ProviderCouldNotAddShareException
-> the exception's own HTTP status (501 fallback).
In the notification handler, fall back to looking up the refresh token
via OcmTokenMapMapper when the access token cannot identify the federation.
Co-authored-by: Micke Nordin <kano@sunet.se>
Signed-off-by: Micke Nordin <kano@sunet.se>
Signed-off-by: Enrique Pérez Arnaud <enrique@cazalla.net>
OCM is standardizing and expanding the use of notifications and having
an event for acting on in apps will be very useful.
Signed-off-by: Micke Nordin <kano@sunet.se>
The diff can be checked using: git diff --ignore-all-space --ignore-blank-lines
To see only the changes not related to blank lines.
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
Apps implementing OCM endpoints via OCMEndpointRequestEvent (e.g.
SUNET/nextcloud-ocm_request_share for request-share, nextcloud/contacts
for invite-accepted) need to apply the same identity check that the
built-in addShare and receiveNotification handlers apply, so it makes
sense to make it publicly accessible.
It also allows us to refactor RequestHandlerController::confirmSignedOrigin
to use the new public method and drop the confirmNotificationIdentity helper.
Signed-off-by: Micke Nordin <kano@sunet.se>
This removes all the read after write and we don't need to queries all
the time the same share in the same request anymore.
Signed-off-by: Carl Schwan <carl.schwan@nextcloud.com>
- Rename method parameter from `userId` to `userID`.
- Update log message and `setRecipientUserId` call to use new variable.
- Without this change, we can not accept invites.
Signed-off-by: Micke Nordin <kano@sunet.se>
The app id might be misleading, the federation app is for syncing addressbooks
with trusted servers. It is not always enabled and show not have to be.
Signed-off-by: Joas Schilling <coding@schilljs.com>
The capabilities can be quite expensive (e.g. on ARM board it takes 1s
per request only for the capabilities).
Also they are not used by the webui so they should not be included in
initial state.
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
When the public key feature is disabled null is returned for
`publicKey`. So in this case we need to adjust the capabilities
and return type of `jsonSerialize()`.
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
