feat: [OCISDEV-617] use signature auth#13576
Conversation
There was a problem hiding this comment.
Pull request overview
This PR implements signature authentication for archiver downloads in password-protected public links from project spaces. When requesting resources from public links, the code now requests the oc:signature-auth WebDAV property and uses it to sign archiver download URLs, eliminating the need for the OCS signUrl API call in this scenario.
Changes:
- Added
SignatureAuthinterface and integrated signature authentication throughout the archiver download flow - Modified archiver service to use signature auth parameters directly in the URL instead of calling the OCS signUrl endpoint for public links
- Updated WebDAV properties to request and parse
oc:signature-authproperty for public link resources
Reviewed changes
Copilot reviewed 7 out of 7 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
| packages/web-client/src/helpers/resource/types.ts | Defines the SignatureAuth interface with signature string and expiration date |
| packages/web-client/src/webdav/constants/dav.ts | Adds SignatureAuth DAV property definition to PublicLink properties list |
| packages/web-client/src/helpers/resource/functions.ts | Extracts signature auth from DAV properties when building resource objects |
| packages/web-pkg/src/services/archiver.ts | Modifies URL building logic to use signature auth directly instead of calling signUrl for public links |
| packages/web-pkg/src/composables/actions/files/useFileActionsDownloadArchive.ts | Passes signatureAuth from first resource to archiver service for public links |
| packages/web-pkg/tests/unit/services/archiver.spec.ts | Updates test to verify signature auth is used instead of signUrl for password-protected public links |
| changelog/unreleased/enhancement-use-signature-auth.md | Documents the enhancement |
Comments suppressed due to low confidence (1)
packages/web-pkg/tests/unit/services/archiver.spec.ts:161
- There's a missing test case for when publicToken and publicLinkPassword are provided but signatureAuth is not. This scenario would occur with password-protected public links from older servers or non-project-space contexts. Add a test to verify the expected behavior in this case.
it('should not sign the download url if a public token is provided without a password', async () => {
const archiverService = getArchiverServiceInstance(capabilities)
const fileId = 'asdf'
await archiverService.triggerDownload({ fileIds: [fileId], publicToken: 'token' })
expect(archiverService.clientService.ocs.signUrl).not.toHaveBeenCalled()
})
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
packages/web-pkg/src/composables/actions/files/useFileActionsDownloadArchive.ts
Show resolved
Hide resolved
When requesting resources form public links, we now request also `oc:signature-auth` property. This property is then used to sign the archiver download URL within password protected public links.
LukasHirt
force-pushed
the
feat/signature-auth
branch
from
bf27780 to
53b57f2
Compare
|
@mzner could you please review this one more time? I pushed now a new commit that updates the code after the copilot review and also brings back the URL signing as a fallback in case the signature auth would be missing. |
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 7 out of 7 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
2 participants
Description
When requesting resources form public links, we now request also
oc:signature-authproperty. This property is then used to sign the archiver download URL within password protected public links.Related Issue
Motivation and Context
Signing the download URL does not work in public links from within project spaces.
How Has This Been Tested?
Types of changes