Skip to content

Fix image serving in direct editing #2059

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
julien-nc merged 1 commit into from
Jan 10, 2022
Merged

Fix image serving in direct editing #2059

julien-nc merged 1 commit into from
Jan 10, 2022

Conversation

@julien-nc
Copy link
Member

@julien-nc julien-nc commented Jan 7, 2022
edited
Loading

This fixes 2 mistakes:

  • Avoid passing empty shareToken when not logged in
  • In the controller, use the edition session to get the user ID instead of relying on NC authentication

Image serving then works in our mobile clients (tested NC Android app).

refs #1900

@julien-nc julien-nc added bug Something isn't working 3. to review labels Jan 7, 2022
@julien-nc julien-nc added this to the Nextcloud 24 milestone Jan 7, 2022
@julien-nc julien-nc requested review from juliusknorr and mejo- January 7, 2022 09:51
mejo-
mejo- requested changes Jan 9, 2022
View reviewed changes
lib/Controller/ImageController.php
$imageFile = $this->imageService->getImage($documentId, $imageFileName, $this->userId);
$session = $this->sessionService->getSession($documentId, $sessionId, $sessionToken);
$userId = $session->getUserId();
$imageFile = $this->imageService->getImage($documentId, $imageFileName, $userId);
Copy link
Member

@mejo- mejo- Jan 9, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Mh, $userId seems to be needed in each public function of the controller. It gets injected into the constructor by DI, but in all functions but this one (getImage()), it's fetched again using $session->getUiserId(). So does this mean that $userId as injected by DI is not reliable? Then probably $this->userId should be removed from the class altogether?

Maybe a function like the following could work?

private function getUserId(int $documentId, int $sessionId, string $sessionToken): string {
        if ($this->userId === null) {
                $this->userId = $this->sessionService->getSession($documentId, $sessionId, $sessionToken)->getUserId();
        }

        return $this->userId;
}

Copy link
Member Author

@julien-nc julien-nc Jan 9, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's the same in all methods of ImageController. Whether the user is authenticated or not, we always choose to rely on the edition session rather than the "classic" authentication. This way it works with the mobile clients which are making unauthenticated requests but our UI passes the edition session ID and token.

This was suggested by @juliushaertl in #1900 (comment)

The unused $userId attribute has been removed.

Copy link
Member

@mejo- mejo- Jan 10, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me now 😊 You could still move the logic to get $userId into a dedicated private function to lower code-duplication, but that's really just nitpicking 😉

@julien-nc julien-nc force-pushed the fix/direct-editing-serving-image branch from 51c3365 to 99c58ed Compare January 9, 2022 22:30
@julien-nc julien-nc requested a review from mejo- January 9, 2022 22:31
mejo-
mejo- approved these changes Jan 10, 2022
View reviewed changes
lib/Controller/ImageController.php
$imageFile = $this->imageService->getImage($documentId, $imageFileName, $this->userId);
$session = $this->sessionService->getSession($documentId, $sessionId, $sessionToken);
$userId = $session->getUserId();
$imageFile = $this->imageService->getImage($documentId, $imageFileName, $userId);
Copy link
Member

@mejo- mejo- Jan 10, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me now 😊 You could still move the logic to get $userId into a dedicated private function to lower code-duplication, but that's really just nitpicking 😉

refs #1900 fix image serving in direct editing, avoid passing empty s…
466a6b5 
…hareToken, use the edition session to get the user ID

Signed-off-by: Julien Veyssier <[email protected]>
@julien-nc julien-nc force-pushed the fix/direct-editing-serving-image branch from 99c58ed to 466a6b5 Compare January 10, 2022 17:18
@julien-nc julien-nc requested a review from mejo- January 10, 2022 17:18
@julien-nc
Copy link
Member Author

julien-nc commented Jan 10, 2022
edited
Loading

@mejo- I completely agree. Factorization done.

Rebased on master
Removed an unused var.

@julien-nc
Copy link
Member Author

julien-nc commented Jan 10, 2022

Cypress failure is unrelated. It's the "share" test.

@julien-nc julien-nc merged commit 8772b71 into master Jan 10, 2022
@delete-merged-branch delete-merged-branch bot deleted the fix/direct-editing-serving-image branch January 10, 2022 19:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mejo- mejo- mejo- approved these changes

@juliusknorr juliusknorr Awaiting requested review from juliusknorr

Assignees

No one assigned

Labels

3. to review bug Something isn't working

Projects

None yet

Milestone

Nextcloud 24

Development

Successfully merging this pull request may close these issues.

3 participants

@julien-nc @mejo-