diff --git a/changelog/unreleased/bump-reva.md b/changelog/unreleased/bump-reva.md new file mode 100644 index 00000000000..4efd8bf6018 --- /dev/null +++ b/changelog/unreleased/bump-reva.md @@ -0,0 +1,5 @@ +Enhancement: Bump Reva + +bumps reva version + +https://github.com/owncloud/ocis/pull/8606 diff --git a/go.mod b/go.mod index 538478cbfdc..86cffe64d61 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/cenkalti/backoff v2.2.1+incompatible github.com/coreos/go-oidc/v3 v3.9.0 github.com/cs3org/go-cs3apis v0.0.0-20231023073225-7748710e0781 - github.com/cs3org/reva/v2 v2.19.2-0.20240308081122-3b519e2f9a15 + github.com/cs3org/reva/v2 v2.19.2-0.20240308123626-fc2867f59d92 github.com/dhowden/tag v0.0.0-20230630033851-978a0926ee25 github.com/disintegration/imaging v1.6.2 github.com/dutchcoders/go-clamd v0.0.0-20170520113014-b970184f4d9e diff --git a/go.sum b/go.sum index 6bc04034eea..6c203390c9d 100644 --- a/go.sum +++ b/go.sum @@ -1019,8 +1019,8 @@ github.com/crewjam/saml v0.4.14 h1:g9FBNx62osKusnFzs3QTN5L9CVA/Egfgm+stJShzw/c= github.com/crewjam/saml v0.4.14/go.mod h1:UVSZCf18jJkk6GpWNVqcyQJMD5HsRugBPf4I1nl2mME= github.com/cs3org/go-cs3apis v0.0.0-20231023073225-7748710e0781 h1:BUdwkIlf8IS2FasrrPg8gGPHQPOrQ18MS1Oew2tmGtY= github.com/cs3org/go-cs3apis v0.0.0-20231023073225-7748710e0781/go.mod h1:UXha4TguuB52H14EMoSsCqDj7k8a/t7g4gVP+bgY5LY= -github.com/cs3org/reva/v2 v2.19.2-0.20240308081122-3b519e2f9a15 h1:++sksh5HfGlP5FMXww2UWFkSQ+8Y+GJuCdLbDQ09c1k= -github.com/cs3org/reva/v2 v2.19.2-0.20240308081122-3b519e2f9a15/go.mod h1:GRUrOp5HbFVwZTgR9bVrMZ/MvVy+Jhxw1PdMmhhKP9E= +github.com/cs3org/reva/v2 v2.19.2-0.20240308123626-fc2867f59d92 h1:+dM3XWjA+P6/jfKkjCIrLGhfvg64KL0UZ7bTR7wYAEk= +github.com/cs3org/reva/v2 v2.19.2-0.20240308123626-fc2867f59d92/go.mod h1:GRUrOp5HbFVwZTgR9bVrMZ/MvVy+Jhxw1PdMmhhKP9E= github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV+0YP4qX0UQ7r2MoYZ+AvYDp12OF5yg4q8rGnyNh4= github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg= github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= diff --git a/services/thumbnails/pkg/service/grpc/v0/service.go b/services/thumbnails/pkg/service/grpc/v0/service.go index fd97bfd897e..156b46e0ef0 100644 --- a/services/thumbnails/pkg/service/grpc/v0/service.go +++ b/services/thumbnails/pkg/service/grpc/v0/service.go @@ -220,7 +220,14 @@ func (g Thumbnail) handleWebdavSource(ctx context.Context, req *thumbnailssvc.Ge if src.WebdavAuthorization != "" { ctx = imgsource.ContextSetAuthorization(ctx, src.WebdavAuthorization) } - imgURL.RawQuery = "" + + // add signature and expiration to webdav url + signature, expiration := imgURL.Query().Get("signature"), imgURL.Query().Get("expiration") + params := url.Values{} + params.Add("signature", signature) + params.Add("expiration", expiration) + imgURL.RawQuery = params.Encode() + r, err := g.webdavSource.Get(ctx, imgURL.String()) if err != nil { return "", merrors.InternalServerError(g.serviceID, "could not get image from source: %s", err.Error()) diff --git a/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav/dav.go b/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav/dav.go index db26d729bd9..ec3fc85a3fe 100644 --- a/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav/dav.go +++ b/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav/dav.go @@ -255,7 +255,7 @@ func (h *DavHandler) Handler(s *svc) http.Handler { sig := q.Get("signature") expiration := q.Get("expiration") // We restrict the pre-signed urls to downloads. - if sig != "" && expiration != "" && r.Method != http.MethodGet { + if sig != "" && expiration != "" && !(r.Method == http.MethodGet || r.Method == http.MethodHead) { w.WriteHeader(http.StatusUnauthorized) return } diff --git a/vendor/modules.txt b/vendor/modules.txt index d588c637610..cfae524bd25 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -359,7 +359,7 @@ github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1 github.com/cs3org/go-cs3apis/cs3/storage/registry/v1beta1 github.com/cs3org/go-cs3apis/cs3/tx/v1beta1 github.com/cs3org/go-cs3apis/cs3/types/v1beta1 -# github.com/cs3org/reva/v2 v2.19.2-0.20240308081122-3b519e2f9a15 +# github.com/cs3org/reva/v2 v2.19.2-0.20240308123626-fc2867f59d92 ## explicit; go 1.21 github.com/cs3org/reva/v2/cmd/revad/internal/grace github.com/cs3org/reva/v2/cmd/revad/runtime