fix: 🐛 Update pdf save to use correct dav path and credentials#1414
Conversation
|
@susnux Is this ok now? |
danxuliu
left a comment
danxuliu
left a comment
There was a problem hiding this comment.
Thanks for the fix! I still need to do a proper review, but a couple of points :-)
- When addressing a review and fixing an issue in the original commits please use a
fixupcommit instead and squash the commits once the review is approved. In some cases you might need to rebase and amend the original commit if there are conflicts with later commits or you need to adjust the commit description, but at least in this specific pull request afixupcommit would be fine. Of course you can always squash the commits even if they were not originally created as fixup commits. - Please do not merge the latest main branch into the pull request, but rebase the commits on the latest main branch instead.
Independently of that, once the reviews are approved and the commits squashed in the PDF viewer app you will still need to build the JavaScript files. You can do that by writing a comment in GitHub with /compile /, which will trigger the compile bot and automatically add the needed files in its own commit.
If you use /compile amend / it will amend the last commit instead, but it is better to use /compile / and add the changes in its own commit to ease backports (which can be done also with GitHub comments like /backport to stable32 or, if you want that our future bot overlords see that you were already polite to them back in the day, /backport to stable32 please).
Ah, cool, thanks for the pointers, I'll be sure to do that |
moodyjmz
force-pushed
the
fix/dav-save-issue
branch
from
925f169 to
889591d
Compare
|
@susnux would you be able to review this? |
danxuliu
left a comment
danxuliu
left a comment
There was a problem hiding this comment.
As far as I can see the actual fix is using the dav endpoint rather than the webdav one (which is the legacy endpoint). Do you mind if I split your commit in a fix replacing the endpoint and a refactor unifying getRootPath for future reference? :-)
| headers: { | ||
| 'Content-Type': 'application/pdf', | ||
| // Not needed for public pages, although there is no problem if it | ||
| // is set. |
There was a problem hiding this comment.
Is it actually needed for public pages now? At least in a quick test it seems to be working fine even if requesttoken is not passed 🤔
There was a problem hiding this comment.
Your domain knowledge is better here than mine, I would have to dive back into the code and refresh myself 😬
There was a problem hiding this comment.
Not really... I asked because I do not really know and I did not want to dive into the server code myself 😅
There was a problem hiding this comment.
I would need to test this again to see
There was a problem hiding this comment.
@susnux do you want the getRootPath change in this PR but with a separate commit? (I presume for CL)
There was a problem hiding this comment.
@susnux I made that change. I tested:
auth'd user needs the token
public not
previously it was sent for both, I changed it so it is only sent for auth'd users
There was a problem hiding this comment.
Sorry for the delay. I just restored the comment about requesttoken being unneeded and removed it in the last commit which is the one addressing it, and added an explicit commit for what susnux mentioned as it was the case before this pull request.
Other than that, all good, thanks a lot for addressing everything! :-)
sure |
moodyjmz
force-pushed
the
fix/dav-save-issue
branch
4 times, most recently
from
70d5d5f to
52555c4
Compare
|
with the recent changes, is that good now? |
Use /public.php/dav/files/SHARING_TOKEN instead of the legacy /public.php/webdav endpoint for public share uploads. Signed-off-by: James Manuel <moodyjmz@users.noreply.github.com>
This should not happen, but if it does, it should throw to avoid silently resolving to "/files/undefined" and hiding the error. Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de> Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Inline getUserRoot into getRootPath so both public and private paths are resolved in one place. Signed-off-by: James Manuel <moodyjmz@users.noreply.github.com>
requesttoken is for CSRF protection and is only meaningful when there is an authenticated session. Public share uploads authenticate via the token in the URL path, so the header is not needed there. Signed-off-by: James Manuel <moodyjmz@users.noreply.github.com>
danxuliu
force-pushed
the
fix/dav-save-issue
branch
from
52555c4 to
0506d9a
Compare
|
/compile / |
|
/backport to stable33 please |
|
/backport to stable32 please |
Signed-off-by: nextcloud-command <nextcloud-command@users.noreply.github.com>
5 participants
The dav path is legacy when saving a pdf. This becomes an issue with password protected public shares.
We need to provide the request token for public
for user shares, we supply the current user id - the auth etc happens server side via session
To test this change
Place a pdf into a folder. Make this folder public, but password protected and editable.
@icewind1991 was instrumental in pointing me in the right direction:)