From 205442b406e225baa428d714d1cc002d68adad19 Mon Sep 17 00:00:00 2001 From: Hugo Gonzalez Labrador Date: Tue, 7 Sep 2021 14:03:56 +0200 Subject: [PATCH] wopi: fix discovery urls --- changelog/unreleased/fix-wopi-discovery.md | 8 +++++ .../packages/app/provider/wopi/_index.md | 36 +++++++++++++++---- pkg/app/provider/wopi/wopi.go | 26 +++++++++++--- 3 files changed, 60 insertions(+), 10 deletions(-) create mode 100644 changelog/unreleased/fix-wopi-discovery.md diff --git a/changelog/unreleased/fix-wopi-discovery.md b/changelog/unreleased/fix-wopi-discovery.md new file mode 100644 index 0000000000..93f912f4dc --- /dev/null +++ b/changelog/unreleased/fix-wopi-discovery.md @@ -0,0 +1,8 @@ +Bugfix: Remove malformed parameters from WOPI discovery URLs + +This change fixes the parsing of WOPI discovery URLs for +MSOffice /hosting/discovery endpoint. +This endpoint is known to contain malformed +query paramters and therefore this fix removes them. + +https://github.com/cs3org/reva/pull/2051 diff --git a/docs/content/en/docs/config/packages/app/provider/wopi/_index.md b/docs/content/en/docs/config/packages/app/provider/wopi/_index.md index d4f7cae38b..51b90d6825 100644 --- a/docs/content/en/docs/config/packages/app/provider/wopi/_index.md +++ b/docs/content/en/docs/config/packages/app/provider/wopi/_index.md @@ -9,7 +9,7 @@ description: > # _struct: config_ {{% dir name="iop_secret" type="string" default="" %}} -The IOP secret used to connect to the wopiserver. [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/app/provider/wopi/wopi.go#L52) +The IOP secret used to connect to the wopiserver. [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/app/provider/wopi/wopi.go#L58) {{< highlight toml >}} [app.provider.wopi] iop_secret = "" @@ -17,7 +17,7 @@ iop_secret = "" {{% /dir %}} {{% dir name="wopi_url" type="string" default="" %}} -The wopiserver's URL. [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/app/provider/wopi/wopi.go#L53) +The wopiserver's URL. [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/app/provider/wopi/wopi.go#L59) {{< highlight toml >}} [app.provider.wopi] wopi_url = "" @@ -25,15 +25,23 @@ wopi_url = "" {{% /dir %}} {{% dir name="app_name" type="string" default="" %}} -The App user-friendly name. [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/app/provider/wopi/wopi.go#L54) +The App user-friendly name. [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/app/provider/wopi/wopi.go#L60) {{< highlight toml >}} [app.provider.wopi] app_name = "" {{< /highlight >}} {{% /dir %}} +{{% dir name="app_icon_uri" type="string" default="" %}} +A URI to a static asset which represents the app icon. [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/app/provider/wopi/wopi.go#L61) +{{< highlight toml >}} +[app.provider.wopi] +app_icon_uri = "" +{{< /highlight >}} +{{% /dir %}} + {{% dir name="app_url" type="string" default="" %}} -The App URL. [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/app/provider/wopi/wopi.go#L55) +The App URL. [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/app/provider/wopi/wopi.go#L62) {{< highlight toml >}} [app.provider.wopi] app_url = "" @@ -41,7 +49,7 @@ app_url = "" {{% /dir %}} {{% dir name="app_int_url" type="string" default="" %}} -The internal app URL in case of dockerized deployments. Defaults to AppURL [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/app/provider/wopi/wopi.go#L56) +The internal app URL in case of dockerized deployments. Defaults to AppURL [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/app/provider/wopi/wopi.go#L63) {{< highlight toml >}} [app.provider.wopi] app_int_url = "" @@ -49,10 +57,26 @@ app_int_url = "" {{% /dir %}} {{% dir name="app_api_key" type="string" default="" %}} -The API key used by the app, if applicable. [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/app/provider/wopi/wopi.go#L57) +The API key used by the app, if applicable. [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/app/provider/wopi/wopi.go#L64) {{< highlight toml >}} [app.provider.wopi] app_api_key = "" {{< /highlight >}} {{% /dir %}} +{{% dir name="jwt_secret" type="string" default="" %}} +The JWT secret to be used to retrieve the token TTL. [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/app/provider/wopi/wopi.go#L65) +{{< highlight toml >}} +[app.provider.wopi] +jwt_secret = "" +{{< /highlight >}} +{{% /dir %}} + +{{% dir name="app_desktop_only" type="bool" default= %}} +Whether the app can be opened only on desktop. [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/app/provider/wopi/wopi.go#L66) +{{< highlight toml >}} +[app.provider.wopi] +app_desktop_only = +{{< /highlight >}} +{{% /dir %}} + diff --git a/pkg/app/provider/wopi/wopi.go b/pkg/app/provider/wopi/wopi.go index 1c7600c940..0cf3aa734e 100644 --- a/pkg/app/provider/wopi/wopi.go +++ b/pkg/app/provider/wopi/wopi.go @@ -63,7 +63,7 @@ type config struct { AppIntURL string `mapstructure:"app_int_url" docs:";The internal app URL in case of dockerized deployments. Defaults to AppURL"` AppAPIKey string `mapstructure:"app_api_key" docs:";The API key used by the app, if applicable."` JWTSecret string `mapstructure:"jwt_secret" docs:";The JWT secret to be used to retrieve the token TTL."` - AppDesktopOnly bool `mapstructure:"app_desktop_only" docs:";Whether the app can be opened only on desktop."` + AppDesktopOnly bool `mapstructure:"app_desktop_only" docs:";Specifies if the app can be opened only on desktop."` InsecureConnections bool `mapstructure:"insecure_connections"` } @@ -334,16 +334,34 @@ func parseWopiDiscovery(body io.Reader) (map[string]map[string]string, error) { access := action.SelectAttrValue("name", "") if access == "view" || access == "edit" { ext := action.SelectAttrValue("ext", "") - url := action.SelectAttrValue("urlsrc", "") + urlString := action.SelectAttrValue("urlsrc", "") - if ext == "" || url == "" { + if ext == "" || urlString == "" { continue } + u, err := url.Parse(urlString) + if err != nil { + // it sucks we cannot log here because this function is run + // on init without any context. + // TODO(labkode): add logging when we'll have static logging in boot phase. + continue + } + + // remove any malformed query parameter from discovery urls + q := u.Query() + for k := range q { + if strings.Contains(k, "<") || strings.Contains(k, ">") { + q.Del(k) + } + } + + u.RawQuery = q.Encode() + if _, ok := appURLs[access]; !ok { appURLs[access] = make(map[string]string) } - appURLs[access]["."+ext] = url + appURLs[access]["."+ext] = u.String() } } }