Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix image serving in direct editing #2059

Merged
merged 1 commit into from
Jan 10, 2022
Merged

Fix image serving in direct editing #2059

merged 1 commit into from
Jan 10, 2022

Conversation

julien-nc
Copy link
Member

@julien-nc julien-nc commented Jan 7, 2022
edited
Loading

This fixes 2 mistakes:

  • Avoid passing empty shareToken when not logged in
  • In the controller, use the edition session to get the user ID instead of relying on NC authentication

Image serving then works in our mobile clients (tested NC Android app).

refs #1900

@julien-nc julien-nc added bug Something isn't working 3. to review labels Jan 7, 2022
@julien-nc julien-nc added this to the Nextcloud 24 milestone Jan 7, 2022
mejo-
mejo- requested changes Jan 9, 2022
View reviewed changes
lib/Controller/ImageController.php
$imageFile = $this->imageService->getImage($documentId, $imageFileName, $this->userId);
$session = $this->sessionService->getSession($documentId, $sessionId, $sessionToken);
$userId = $session->getUserId();
$imageFile = $this->imageService->getImage($documentId, $imageFileName, $userId);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Mh, $userId seems to be needed in each public function of the controller. It gets injected into the constructor by DI, but in all functions but this one (getImage()), it's fetched again using $session->getUiserId(). So does this mean that $userId as injected by DI is not reliable? Then probably $this->userId should be removed from the class altogether?

Maybe a function like the following could work?

private function getUserId(int $documentId, int $sessionId, string $sessionToken): string {
        if ($this->userId === null) {
                $this->userId = $this->sessionService->getSession($documentId, $sessionId, $sessionToken)->getUserId();
        }

        return $this->userId;
}

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's the same in all methods of ImageController. Whether the user is authenticated or not, we always choose to rely on the edition session rather than the "classic" authentication. This way it works with the mobile clients which are making unauthenticated requests but our UI passes the edition session ID and token.

This was suggested by @juliushaertl in #1900 (comment)

The unused $userId attribute has been removed.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me now 😊 You could still move the logic to get $userId into a dedicated private function to lower code-duplication, but that's really just nitpicking 😉

@julien-nc julien-nc force-pushed the fix/direct-editing-serving-image branch from 51c3365 to 99c58ed Compare January 9, 2022 22:30
@julien-nc julien-nc requested a review from mejo- January 9, 2022 22:31
mejo-
mejo- approved these changes Jan 10, 2022
View reviewed changes
lib/Controller/ImageController.php
$imageFile = $this->imageService->getImage($documentId, $imageFileName, $this->userId);
$session = $this->sessionService->getSession($documentId, $sessionId, $sessionToken);
$userId = $session->getUserId();
$imageFile = $this->imageService->getImage($documentId, $imageFileName, $userId);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me now 😊 You could still move the logic to get $userId into a dedicated private function to lower code-duplication, but that's really just nitpicking 😉

refs #1900 fix image serving in direct editing, avoid passing empty s…
466a6b5 
…hareToken, use the edition session to get the user ID

Signed-off-by: Julien Veyssier <eneiluj@posteo.net>
@julien-nc julien-nc force-pushed the fix/direct-editing-serving-image branch from 99c58ed to 466a6b5 Compare January 10, 2022 17:18
@julien-nc julien-nc requested a review from mejo- January 10, 2022 17:18
@julien-nc
Copy link
Member Author

julien-nc commented Jan 10, 2022
edited
Loading

@mejo- I completely agree. Factorization done.

Rebased on master
Removed an unused var.

@julien-nc
Copy link
Member Author

Cypress failure is unrelated. It's the "share" test.

@julien-nc julien-nc merged commit 8772b71 into master Jan 10, 2022
@delete-merged-branch delete-merged-branch bot deleted the fix/direct-editing-serving-image branch January 10, 2022 19:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mejo- mejo- mejo- approved these changes

@juliushaertl juliushaertl Awaiting requested review from juliushaertl

Assignees
No one assigned
Labels
3. to review bug Something isn't working
Projects
None yet
Milestone
Nextcloud 24
Development

Successfully merging this pull request may close these issues.
2 participants
@julien-nc @mejo-