diff --git a/changelog/unreleased/fix-graph-internal-link.md b/changelog/unreleased/fix-graph-internal-link.md new file mode 100644 index 00000000000..ba9a72c9da4 --- /dev/null +++ b/changelog/unreleased/fix-graph-internal-link.md @@ -0,0 +1,6 @@ +Bugfix: Internal links shouldn't have a password + +Internal links shouldn't have a password when create/update + +https://github.com/owncloud/ocis/pull/8668 +https://github.com/owncloud/ocis/issues/8619 diff --git a/services/graph/pkg/service/v0/driveitems_test.go b/services/graph/pkg/service/v0/driveitems_test.go index 69cacd7e90a..f09fa576621 100644 --- a/services/graph/pkg/service/v0/driveitems_test.go +++ b/services/graph/pkg/service/v0/driveitems_test.go @@ -813,6 +813,75 @@ var _ = Describe("Driveitems", func() { linkType := res.Link.GetType() Expect(string(linkType)).To(Equal("edit")) }) + It("updates the public share to internal link", func() { + getShareMockResponse.Share = nil + getShareMockResponse.Status = status.NewNotFound(ctx, "not found") + + getPublicShareMock := gatewayClient.On("GetPublicShare", + mock.Anything, + mock.MatchedBy(func(req *link.GetPublicShareRequest) bool { + return req.GetRef().GetId().GetOpaqueId() == "permissionid" + }), + ) + getPublicShareMockResponse = &link.GetPublicShareResponse{ + Status: status.NewOK(ctx), + Share: &link.PublicShare{ + Id: &link.PublicShareId{ + OpaqueId: "permissionid", + }, + ResourceId: &provider.ResourceId{ + StorageId: "1", + SpaceId: "2", + OpaqueId: "3", + }, + PasswordProtected: true, + Permissions: &link.PublicSharePermissions{ + Permissions: linktype.NewFileEditLinkPermissionSet().GetPermissions(), + }, + Token: "token", + }, + } + getPublicShareMock.Return(getPublicShareMockResponse, nil) + + newLink := libregraph.NewSharingLink() + newLinkType, err := libregraph.NewSharingLinkTypeFromValue("internal") + Expect(err).ToNot(HaveOccurred()) + newLink.SetType(*newLinkType) + + updatePublicShareMock := gatewayClient.On("UpdatePublicShare", + mock.Anything, + mock.MatchedBy(func(req *link.UpdatePublicShareRequest) bool { + return req.GetRef().GetId().GetOpaqueId() == "permissionid" + }), + ) + + updatePublicShareMockResponse.Share.Permissions = &link.PublicSharePermissions{ + Permissions: linktype.NewInternalLinkPermissionSet().Permissions, + } + updatePublicShareMock.Return(updatePublicShareMockResponse, nil) + + driveItemPermission.SetLink(*newLink) + body, err := driveItemPermission.MarshalJSON() + Expect(err).To(BeNil()) + svc.UpdatePermission( + rr, + httptest.NewRequest(http.MethodPatch, "/", strings.NewReader(string(body))). + WithContext(ctx), + ) + Expect(rr.Code).To(Equal(http.StatusOK)) + data, err := io.ReadAll(rr.Body) + Expect(err).ToNot(HaveOccurred()) + + res := libregraph.Permission{} + + err = json.Unmarshal(data, &res) + Expect(err).ToNot(HaveOccurred()) + linkType := res.Link.GetType() + Expect(string(linkType)).To(Equal("internal")) + pp, hasPP := res.GetHasPasswordOk() + Expect(hasPP).To(Equal(true)) + Expect(*pp).To(Equal(false)) + }) It("updates the password on a public share", func() { getShareMockResponse.Share = nil getShareMockResponse.Status = status.NewNotFound(ctx, "not found") diff --git a/services/graph/pkg/service/v0/links.go b/services/graph/pkg/service/v0/links.go index 0a71dc4fef1..8c8dbc3022e 100644 --- a/services/graph/pkg/service/v0/links.go +++ b/services/graph/pkg/service/v0/links.go @@ -133,6 +133,9 @@ func (g Graph) createLink(ctx context.Context, driveItemID *providerv1beta1.Reso g.logger.Debug().Interface("createLink", createLink).Msg(err.Error()) return nil, errorcode.New(errorcode.InvalidRequest, "invalid link type") } + if createLink.GetType() == libregraph.INTERNAL && len(createLink.GetPassword()) > 0 { + return nil, errorcode.New(errorcode.InvalidRequest, "password is redundant for the internal link") + } req := link.CreatePublicShareRequest{ ResourceInfo: statResp.GetInfo(), Grant: &link.Grant{ @@ -312,6 +315,13 @@ func (g Graph) updatePublicLinkPermission(ctx context.Context, permissionID stri if err != nil { return nil, err } + // reset the password for the internal link + if changedLink == libregraph.INTERNAL { + perm, err = g.updatePublicLinkPassword(ctx, permissionID, "") + if err != nil { + return nil, err + } + } } return perm, err