wsd/ProofKey.cpp | 22 ++++++++++++---------- wsd/ProofKey.hpp | 1 + wsd/Storage.cpp | 14 ++++++++------ 3 files changed, 21 insertions(+), 16 deletions(-)
New commits: commit 99f04804600f2153ce245b3937c9fcaddc3d9a9a Author: Mike Kaganski <mike.kagan...@collabora.com> AuthorDate: Fri Feb 14 21:01:06 2020 +0300 Commit: Mike Kaganski <mike.kagan...@collabora.com> CommitDate: Tue Feb 18 17:30:19 2020 +0100 Proof: URI must be absolute and converted to uppercase Also access token is already passes decoded to GetProofHeaders, so don't decode it second time. Change-Id: I7c4404462a9dd9f53e4e82684b1fcae1aeecee73 Reviewed-on: https://gerrit.libreoffice.org/c/online/+/88736 Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoff...@gmail.com> Reviewed-by: Mike Kaganski <mike.kagan...@collabora.com> diff --git a/wsd/ProofKey.cpp b/wsd/ProofKey.cpp index 649427f38..fa6dd6bd0 100644 --- a/wsd/ProofKey.cpp +++ b/wsd/ProofKey.cpp @@ -204,22 +204,24 @@ int64_t Proof::DotNetTicks(const std::chrono::system_clock::time_point& utc) std::vector<unsigned char> Proof::GetProof(const std::string& access_token, const std::string& uri, int64_t ticks) { - std::string decoded_access_token; - Poco::URI::decode(access_token, decoded_access_token); - assert(decoded_access_token.size() <= static_cast<size_t>(std::numeric_limits<int32_t>::max())); - assert(uri.size() <= static_cast<size_t>(std::numeric_limits<int32_t>::max())); - const auto access_token_size = ToNetworkOrderBytes<int32_t>(decoded_access_token.size()); - const auto uri_size = ToNetworkOrderBytes<int32_t>(uri.size()); + assert(access_token.size() <= static_cast<size_t>(std::numeric_limits<int32_t>::max())); + std::string uri_upper = uri; + for (auto& c : uri_upper) + if (c >= 'a' && c <= 'z') + c -= 'a' - 'A'; + assert(uri_upper.size() <= static_cast<size_t>(std::numeric_limits<int32_t>::max())); + const auto access_token_size = ToNetworkOrderBytes<int32_t>(access_token.size()); + const auto uri_size = ToNetworkOrderBytes<int32_t>(uri_upper.size()); const auto ticks_bytes = ToNetworkOrderBytes(ticks); const auto ticks_size = ToNetworkOrderBytes<int32_t>(ticks_bytes.size()); - const size_t size = access_token_size.size() + decoded_access_token.size() - + uri_size.size() + uri.size() + ticks_size.size() + const size_t size = access_token_size.size() + access_token.size() + + uri_size.size() + uri_upper.size() + ticks_size.size() + ticks_bytes.size(); std::vector<unsigned char> buf(size); auto pos = std::copy(access_token_size.begin(), access_token_size.end(), buf.begin()); - pos = std::copy(decoded_access_token.begin(), decoded_access_token.end(), pos); + pos = std::copy(access_token.begin(), access_token.end(), pos); pos = std::copy(uri_size.begin(), uri_size.end(), pos); - pos = std::copy(uri.begin(), uri.end(), pos); + pos = std::copy(uri_upper.begin(), uri_upper.end(), pos); pos = std::copy(ticks_size.begin(), ticks_size.end(), pos); std::copy(ticks_bytes.begin(), ticks_bytes.end(), pos); return buf; diff --git a/wsd/ProofKey.hpp b/wsd/ProofKey.hpp index e1d4b63a3..f02403db1 100644 --- a/wsd/ProofKey.hpp +++ b/wsd/ProofKey.hpp @@ -21,6 +21,7 @@ typedef std::vector<std::pair<std::string, std::string>> VecOfStringPairs; // The headers returned are X-WOPI-TimeStamp, X-WOPI-Proof // If no proof key, returns empty vector // Both parameters are utf-8-encoded strings +// access_token must not be URI-encoded VecOfStringPairs GetProofHeaders(const std::string& access_token, const std::string& uri); // Returns pairs <attribute, value> to set in proof-key element in discovery xml. diff --git a/wsd/Storage.cpp b/wsd/Storage.cpp index f465e0a01..b470ba433 100644 --- a/wsd/Storage.cpp +++ b/wsd/Storage.cpp @@ -451,9 +451,11 @@ static void addStorageReuseCookie(Poco::Net::HTTPRequest& request, const std::st } } -void addWopiProof(Poco::Net::HTTPRequest& request, const std::string& access_token) +// access_token must be decoded +void addWopiProof(Poco::Net::HTTPRequest& request, const std::string& uri, + const std::string& access_token) { - for (const auto& header : GetProofHeaders(access_token, request.getURI())) + for (const auto& header : GetProofHeaders(access_token, uri)) request.set(header.first, header.second); } @@ -525,7 +527,7 @@ std::unique_ptr<WopiStorage::WOPIFileInfo> WopiStorage::getWOPIFileInfo(const Au addStorageDebugCookie(request); if (_reuseCookies) addStorageReuseCookie(request, cookies); - addWopiProof(request, params["access_token"]); + addWopiProof(request, uriObject.toString(), params["access_token"]); const auto startTime = std::chrono::steady_clock::now(); std::unique_ptr<Poco::Net::HTTPClientSession> psession(getHTTPClientSession(uriObject)); @@ -756,7 +758,7 @@ bool WopiStorage::updateLockState(const Authorization& auth, const std::string& addStorageDebugCookie(request); if (_reuseCookies) addStorageReuseCookie(request, cookies); - addWopiProof(request, params["access_token"]); + addWopiProof(request, uriObject.toString(), params["access_token"]); psession->sendRequest(request); Poco::Net::HTTPResponse response; @@ -835,7 +837,7 @@ std::string WopiStorage::loadStorageFileToLocal(const Authorization& auth, addStorageDebugCookie(request); if (_reuseCookies) addStorageReuseCookie(request, cookies); - addWopiProof(request, params["access_token"]); + addWopiProof(request, uriObject.toString(), params["access_token"]); psession->sendRequest(request); Poco::Net::HTTPResponse response; @@ -994,7 +996,7 @@ WopiStorage::saveLocalFileToStorage(const Authorization& auth, const std::string addStorageDebugCookie(request); if (_reuseCookies) addStorageReuseCookie(request, cookies); - addWopiProof(request, params["access_token"]); + addWopiProof(request, uriObject.toString(), params["access_token"]); std::ostream& os = psession->sendRequest(request); std::ifstream ifs(filePath); _______________________________________________ Libreoffice-commits mailing list libreoffice-comm...@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits