Merge pull request #606 from nextcloud/fix/wopi-session-user

juliusknorr · web-flow · commit f13040bf411d · 2024-12-19T16:45:08.000+01:00
chore: Switch to new API to set volatile user to prevent persisting it in any case
diff --git a/lib/Controller/WopiController.php b/lib/Controller/WopiController.php
@@ -295,8 +295,7 @@ public function getFile($fileId,
 
 		try {
 			/** @var File $file */
-			$userFolder = $this->rootFolder->getUserFolder($wopi->getOwnerUid());
-			$file = $userFolder->getById($fileId)[0];
+			$file = $this->getFileForWopiToken($wopi);
 			\OC_User::setIncognitoMode(true);
 			if ($version !== '0') {
 				$view = new View('/' . $wopi->getOwnerUid() . '/files');
diff --git a/lib/Service/UserScopeService.php b/lib/Service/UserScopeService.php
@@ -31,7 +31,12 @@ public function setUserScope(?string $uid = null) {
 		if ($user === null) {
 			throw new \InvalidArgumentException('No user found for the uid ' . $uid);
 		}
-		$this->userSession->setUser($user);
+
+		if (method_exists($this->userSession, 'setVolatileActiveUser')) {
+			$this->userSession->setVolatileActiveUser($user);
+		} else {
+			$this->userSession->setUser($user);
+		}
 	}
 
 	/**

Original file line number	Diff line number	Diff line change
`@@ -31,7 +31,12 @@ public function setUserScope(?string $uid = null) {`
`31`	`31`	`if ($user === null) {`
`32`	`32`	`throw new \InvalidArgumentException('No user found for the uid ' . $uid);`
`33`	`33`	`}`
`34`		`- $this->userSession->setUser($user);`
	`34`	`+`
	`35`	`+ if (method_exists($this->userSession, 'setVolatileActiveUser')) {`
	`36`	`+ $this->userSession->setVolatileActiveUser($user);`
	`37`	`+ } else {`
	`38`	`+ $this->userSession->setUser($user);`
	`39`	`+ }`
`35`	`40`	`}`
`36`	`41`
`37`	`42`	`/**`