Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Split the path for accepting a sharing #4503

Merged
merged 1 commit into from
Jan 8, 2025
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions assets/locales/de.po
Original file line number Diff line number Diff line change
Expand Up @@ -826,6 +826,9 @@ msgstr "Die Cozy URL ist nicht deine E-Mail-Adresse"
msgid "Sharing Discovery Submit"
msgstr "In mein Cozy synchronisieren"

msgid "Sharing Discovery Shortcut Submit"
msgstr "In mein Cozy synchronisieren"

msgid "Sharing No Cozy"
msgstr "Hast du noch kein Cozy?"

Expand Down
3 changes: 3 additions & 0 deletions assets/locales/en.po
Original file line number Diff line number Diff line change
Expand Up @@ -1139,6 +1139,9 @@ msgstr "The Cozy URL is not your email address."
msgid "Sharing Discovery Submit"
msgstr "Synchronize into my Cozy"

msgid "Sharing Discovery Shortcut Submit"
msgstr "Add to my Cozy"

msgid "Sharing No Cozy"
msgstr "Don't have a Cozy yet?"

Expand Down
3 changes: 3 additions & 0 deletions assets/locales/es.po
Original file line number Diff line number Diff line change
Expand Up @@ -840,6 +840,9 @@ msgstr "La URL de su Cozy no es la dirección de su correo electrónico"
msgid "Sharing Discovery Submit"
msgstr "Sincronizar en mi Cozy"

msgid "Sharing Discovery Shortcut Submit"
msgstr "Sincronizar en mi Cozy"

msgid "Sharing No Cozy"
msgstr "¿Todavía no tiene una Cozy?"

Expand Down
3 changes: 3 additions & 0 deletions assets/locales/fr.po
Original file line number Diff line number Diff line change
Expand Up @@ -1244,6 +1244,9 @@ msgstr "L'URL de votre Cozy n'est pas votre adresse email."
msgid "Sharing Discovery Submit"
msgstr "Synchroniser dans mon Cozy"

msgid "Sharing Discovery Shortcut Submit"
msgstr "Ajouter à mon Cozy"

msgid "Sharing No Cozy"
msgstr "Pas encore de Cozy ?"

Expand Down
3 changes: 3 additions & 0 deletions assets/locales/ja.po
Original file line number Diff line number Diff line change
Expand Up @@ -648,6 +648,9 @@ msgstr "Cozy の URL はメールアドレスではありません。"
msgid "Sharing Discovery Submit"
msgstr "送信"

msgid "Sharing Discovery Shortcut Submit"
msgstr "送信"

msgid "Sharing No Cozy"
msgstr "まだ Cozy をお持ちではありませんか?"

Expand Down
3 changes: 3 additions & 0 deletions assets/locales/nl_NL.po
Original file line number Diff line number Diff line change
Expand Up @@ -1024,6 +1024,9 @@ msgstr "De Cozy-url is niet je e-mailadres."
msgid "Sharing Discovery Submit"
msgstr "Synchroniseren naar mijn Cozy"

msgid "Sharing Discovery Shortcut Submit"
msgstr "Synchroniseren naar mijn Cozy"

msgid "Sharing No Cozy"
msgstr "Heb je nog geen Cozy?"

Expand Down
10 changes: 0 additions & 10 deletions assets/templates/authorize_sharing.html
Original file line number Diff line number Diff line change
Expand Up @@ -46,16 +46,6 @@ <h1 class="h4 h2-md mb-4 text-center">{{t "Authorize Sharing Title Add"}}</h1>
</p>
</div>

{{if .HasShortcut}}
<input type="hidden" name="synchronize" value="true" />
{{else}}
<div class="form-check mb-2">
<input class="form-check-input" type="checkbox" id="synchronize" name="synchronize" checked />
<label class="form-check-label" for="synchronize">
{{t "Authorize Sharing Synchronize label"}}
</label>
</div>
{{end}}
<p class="{{if not .HasShortcut}}ps-4{{else}}text-center{{end}} caption text-muted mb-2">
{{t "Authorize Sharing Description start" .SharerName .TargetType}}
</p>
Expand Down
5 changes: 5 additions & 0 deletions assets/templates/sharing_discovery.html
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
<form method="POST" action="/sharings/{{.SharingID}}/discovery" class="d-contents">
<input type="hidden" name="state" value="{{.State}}" />
<input type="hidden" name="sharecode" value="{{.ShareCode}}" />
<input type="hidden" name="shortcut" value="{{.Shortcut}}" />
<main class="wrapper">
<header class="wrapper-top">
<a href="https://cozy.io/" class="btn p-2 d-sm-none">
Expand Down Expand Up @@ -55,7 +56,11 @@ <h1 class="h4 h2-md mb-2 text-center">{{t "Sharing Connect to Cozy"}}</h1>
</a>
</p>
<button id="login-submit" class="btn btn-primary btn-md-lg w-100 mb-3" type="submit">
{{if .Shortcut}}
{{t "Sharing Discovery Shortcut Submit"}}
{{else}}
{{t "Sharing Discovery Submit"}}
{{end}}
</button>
</footer>
</main>
Expand Down
22 changes: 12 additions & 10 deletions docs/sharing.md
Original file line number Diff line number Diff line change
Expand Up @@ -184,14 +184,15 @@ just have to click OK).

#### Query-String

| Parameter | Description |
| --------- | ---------------------------------- |
| state | a code that identify the recipient |
| Parameter | Description |
| --------- | ----------------------------------------------------------------------------------------- |
| state | a code that identify the recipient |
| shortcut | true means that accepting the sharing will just create a shortcut on the recipient's Cozy |

#### Example

```http
GET /sharings/ce8835a061d0ef68947afe69a0046722/discovery?state=eiJ3iepoaihohz1Y HTTP/1.1
GET /sharings/ce8835a061d0ef68947afe69a0046722/discovery?state=eiJ3iepoaihohz1Y&shortcut=true HTTP/1.1
Host: alice.example.net
```

Expand All @@ -206,10 +207,11 @@ This route exists in two versions, the version is selected by the HTTP header

#### Classical (`x-www-form-urlencoded`)

| Parameter | Description |
| --------- | ------------------------------------- |
| state | a code that identify the recipient |
| url | the URL of the Cozy for the recipient |
| Parameter | Description |
| --------- | ----------------------------------------------------------------------------------------- |
| state | a code that identify the recipient |
| url | the URL of the Cozy for the recipient |
| shortcut | true means that accepting the sharing will just create a shortcut on the recipient's Cozy |

##### Example

Expand Down Expand Up @@ -1207,8 +1209,8 @@ HTTP/1.1 204 No Content
### DELETE /sharings/:sharing-id/recipients/:index

This route can be only be called on the cozy instance of the sharer to revoke
only one recipient of the sharing. The parameter is the index of this recipient
in the `members` array of the sharing.
only one recipient of the sharing. The parameter is the index of this recipient
in the `members` array of the sharing.
The status for this member will be set to `revoked`, its cozy will be informed of the
revokation, and the credentials for this cozy will be deleted.

Expand Down
5 changes: 4 additions & 1 deletion model/sharing/member.go
Original file line number Diff line number Diff line change
Expand Up @@ -452,14 +452,17 @@ func (s *Sharing) AddDelegatedContact(inst *instance.Instance, m Member) (string
// DelegateDiscovery delegates the POST discovery when a recipient has invited
// another person to a sharing, and this person accepts the sharing on the
// recipient cozy. The calls is delegated to the owner cozy.
func (s *Sharing) DelegateDiscovery(inst *instance.Instance, state, cozyURL string) (string, error) {
func (s *Sharing) DelegateDiscovery(inst *instance.Instance, state, cozyURL, shortcut string) (string, error) {
u, err := url.Parse(s.Members[0].Instance)
if err != nil {
return "", err
}
v := url.Values{}
v.Add("state", state)
v.Add("url", cozyURL)
if shortcut != "" {
v.Add("shortcut", shortcut)
}
body := []byte(v.Encode())
if len(s.Credentials) == 0 {
return "", ErrInvalidSharing
Expand Down
5 changes: 4 additions & 1 deletion model/sharing/oauth.go
Original file line number Diff line number Diff line change
Expand Up @@ -250,7 +250,7 @@ func (s *Sharing) RegisterCozyURL(inst *instance.Instance, m *Member, cozyURL st

// GenerateOAuthURL takes care of creating a correct OAuth request for
// the given member of the sharing.
func (m *Member) GenerateOAuthURL(s *Sharing) (string, error) {
func (m *Member) GenerateOAuthURL(s *Sharing, shortcut string) (string, error) {
if !s.Owner || len(s.Members) != len(s.Credentials)+1 {
return "", ErrInvalidSharing
}
Expand All @@ -272,6 +272,9 @@ func (m *Member) GenerateOAuthURL(s *Sharing) (string, error) {
"sharing_id": {s.SID},
"state": {creds.State},
}
if shortcut != "" {
q.Add("shortcut", shortcut)
}
u.RawQuery = q.Encode()

return u.String(), nil
Expand Down
23 changes: 10 additions & 13 deletions web/auth/oauth.go
Original file line number Diff line number Diff line change
Expand Up @@ -541,7 +541,16 @@ func (a *AuthorizeHTTPHandler) authorizeSharingForm(c echo.Context) error {
return renderError(c, http.StatusUnauthorized, "Error Invalid sharing")
}

hasShortcut := s.ShortcutID != ""
if strings.ToLower(c.QueryParam("shortcut")) == "true" {
if err := s.AddShortcut(instance, params.state); err != nil {
return err
}
u := instance.SubDomain(consts.DriveSlug)
u.RawQuery = "sharing=" + s.SID
u.Fragment = "/folder/" + consts.SharedWithMeDirID
return c.Redirect(http.StatusSeeOther, u.String())
}

var sharerDomain, targetType string
sharerURL, err := url.Parse(s.Members[0].Instance)
if err != nil {
Expand All @@ -551,7 +560,6 @@ func (a *AuthorizeHTTPHandler) authorizeSharingForm(c echo.Context) error {
}
if s.Rules[0].DocType == consts.BitwardenOrganizations {
targetType = instance.Translate("Notification Sharing Type Organization")
hasShortcut = true
s.Rules[0].Mime = "organization"
if len(s.Rules) == 2 && s.Rules[1].DocType == consts.BitwardenCiphers {
s.Rules = s.Rules[:1]
Expand All @@ -575,7 +583,6 @@ func (a *AuthorizeHTTPHandler) authorizeSharingForm(c echo.Context) error {
"State": params.state,
"Sharing": s,
"CSRF": c.Get("csrf"),
"HasShortcut": hasShortcut,
"TargetType": targetType,
})
}
Expand Down Expand Up @@ -604,16 +611,6 @@ func (a *AuthorizeHTTPHandler) authorizeSharing(c echo.Context) error {
return sharing.ErrInvalidSharing
}

if c.FormValue("synchronize") == "" {
if err = s.AddShortcut(instance, params.state); err != nil {
return err
}
u := instance.SubDomain(consts.DriveSlug)
u.RawQuery = "sharing=" + s.SID
u.Fragment = "/folder/" + consts.SharedWithMeDirID
return c.Redirect(http.StatusSeeOther, u.String())
}

if !s.Active {
if err = s.SendAnswer(instance, params.state); err != nil {
return err
Expand Down
19 changes: 11 additions & 8 deletions web/sharings/sharings.go
Original file line number Diff line number Diff line change
Expand Up @@ -602,7 +602,7 @@ func renderAlreadyAccepted(c echo.Context, inst *instance.Instance, cozyURL stri
})
}

func renderDiscoveryForm(c echo.Context, inst *instance.Instance, code int, sharingID, state, sharecode string, m *sharing.Member) error {
func renderDiscoveryForm(c echo.Context, inst *instance.Instance, code int, sharingID, state, sharecode, shortcut string, m *sharing.Member) error {
publicName, _ := settings.PublicName(inst)
fqdn := strings.TrimPrefix(m.Instance, "https://")
slug, domain := "", consts.KnownFlatDomains[0]
Expand All @@ -628,6 +628,7 @@ func renderDiscoveryForm(c echo.Context, inst *instance.Instance, code int, shar
"SharingID": sharingID,
"State": state,
"ShareCode": sharecode,
"Shortcut": shortcut,
"URLError": code == http.StatusBadRequest,
"NotEmailError": code == http.StatusPreconditionFailed,
})
Expand All @@ -640,6 +641,7 @@ func GetDiscovery(c echo.Context) error {
sharingID := c.Param("sharing-id")
state := c.QueryParam("state")
sharecode := c.FormValue("sharecode")
shortcut := c.QueryParam("shortcut")

s, err := sharing.FindSharing(inst, sharingID)
if err != nil {
Expand Down Expand Up @@ -686,14 +688,14 @@ func GetDiscovery(c echo.Context) error {
err = s.RegisterCozyURL(inst, m, m.Instance)
}
if err == nil {
redirectURL, err := m.GenerateOAuthURL(s)
redirectURL, err := m.GenerateOAuthURL(s, shortcut)
if err == nil {
return c.Redirect(http.StatusFound, redirectURL)
}
}
}

return renderDiscoveryForm(c, inst, http.StatusOK, sharingID, state, sharecode, m)
return renderDiscoveryForm(c, inst, http.StatusOK, sharingID, state, sharecode, shortcut, m)
}

// PostDiscovery is called when the recipient has given its Cozy URL. Either an
Expand All @@ -705,6 +707,7 @@ func PostDiscovery(c echo.Context) error {
sharingID := c.Param("sharing-id")
state := c.FormValue("state")
sharecode := c.FormValue("sharecode")
shortcut := c.FormValue("shortcut")
cozyURL := c.FormValue("url")
if cozyURL == "" {
cozyURL = c.FormValue("slug")
Expand Down Expand Up @@ -742,7 +745,7 @@ func PostDiscovery(c echo.Context) error {
}
}
if strings.Contains(cozyURL, "@") {
return renderDiscoveryForm(c, inst, http.StatusPreconditionFailed, sharingID, state, sharecode, member)
return renderDiscoveryForm(c, inst, http.StatusPreconditionFailed, sharingID, state, sharecode, shortcut, member)
}
email = member.Email
if err = s.RegisterCozyURL(inst, member, cozyURL); err != nil {
Expand All @@ -752,21 +755,21 @@ func PostDiscovery(c echo.Context) error {
if errors.Is(err, sharing.ErrAlreadyAccepted) {
return renderAlreadyAccepted(c, inst, cozyURL)
}
return renderDiscoveryForm(c, inst, http.StatusBadRequest, sharingID, state, sharecode, member)
return renderDiscoveryForm(c, inst, http.StatusBadRequest, sharingID, state, sharecode, shortcut, member)
}
redirectURL, err = member.GenerateOAuthURL(s)
redirectURL, err = member.GenerateOAuthURL(s, shortcut)
if err != nil {
return wrapErrors(err)
}
sharing.PersistInstanceURL(inst, member.Email, member.Instance)
} else {
redirectURL, err = s.DelegateDiscovery(inst, state, cozyURL)
redirectURL, err = s.DelegateDiscovery(inst, state, cozyURL, shortcut)
if err != nil {
if errors.Is(err, sharing.ErrInvalidURL) {
if c.Request().Header.Get(echo.HeaderAccept) == echo.MIMEApplicationJSON {
return c.JSON(http.StatusBadRequest, echo.Map{"error": err.Error()})
}
return renderDiscoveryForm(c, inst, http.StatusBadRequest, sharingID, state, sharecode, &sharing.Member{})
return renderDiscoveryForm(c, inst, http.StatusBadRequest, sharingID, state, sharecode, shortcut, &sharing.Member{})
}
return wrapErrors(err)
}
Expand Down
Loading
Loading