Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

stable

Clone or download

Read-only

Expose a way for the ONLYOFFICE document server to retrieve the document

Download Browse

This contribution exposes a new endpoint that will be used by the ONLYOFFICE document server to retrieve the document it needs to display: `https://<domain_name>/onlyoffice/document_download?token=<token>`. The token is dedicated to this usage and will have a short lifetime. It allows to fetch a specific document as a specific user. The token can only be used once in order to limit misusages and leaks (it is passed as a GET parameter so it is likely to end up in diverse log files). In order to test since there is nothing yet generating the token you can use the following snippet to generate one manually: ```php $verification_string = \Tuleap\Authentication\SplitToken\SplitTokenVerificationString::generateNewSplitTokenVerificationString(); $dao = new \Tuleap\OnlyOffice\Download\OnlyOfficeDownloadDocumentTokenDAO(); $id = $dao->create( 102, 31, (new \Tuleap\Authentication\SplitToken\SplitTokenVerificationStringHasher())->computeHash($verification_string), (new DateTimeImmutable('+2 minutes'))->getTimestamp() ); $split_token = new \Tuleap\Authentication\SplitToken\SplitToken($id, $verification_string); $serializer = new \Tuleap\Authentication\SplitToken\PrefixedSplitTokenSerializer(new \Tuleap\OnlyOffice\Download\PrefixOnlyOfficeDocumentDownload()); echo $serializer->getIdentifier($split_token); ``` Part of story #27555: display Office documents stored in the Document plugin Change-Id: I3c81629f9bc65c71548bbb475a4a29109d9d60ac

+704 −1
Thomas Gerbet (tgerbet) 2022-08-09 11:42
Thomas Gerbet (tgerbet) 2022-08-09 16:16
432c894e7650780759b8aa073369bfc8e20aedd6
ab060186010dc138a7015d03440d233813050609
git #tuleap/stable/432c894e7650780759b8aa073369bfc8e20aedd6

Modified Files

Side by side diff
Inline diff
Name
A plugins/onlyoffice/db/install.sql +26 −0 Go to diff View file
A plugins/onlyoffice/db/mysql/2022/202208081550_create_download_document_token_table.php +44 −0 Go to diff View file
A plugins/onlyoffice/db/uninstall.sql +20 −0 Go to diff View file
A plugins/onlyoffice/include/Download/DownloadDocumentTokenData.php +33 −0 Go to diff View file
A plugins/onlyoffice/include/Download/DownloadDocumentWithTokenMiddleware.php +77 −0 Go to diff View file
A plugins/onlyoffice/include/Download/OnlyOfficeDownloadDocumentTokenDAO.php +65 −0 Go to diff View file
A plugins/onlyoffice/include/Download/OnlyOfficeDownloadDocumentTokenVerifier.php +61 −0 Go to diff View file
A plugins/onlyoffice/include/Download/PrefixOnlyOfficeDocumentDownload.php +36 −0 Go to diff View file
M plugins/onlyoffice/include/onlyofficePlugin.php +59 −0 Go to diff View file
A plugins/onlyoffice/tests/integration/Download/OnlyOfficeDownloadDocumentTokenDAOTest.php +67 −0 Go to diff View file
A plugins/onlyoffice/tests/unit/Download/DownloadDocumentWithTokenMiddlewareTest.php +125 −0 Go to diff View file
A plugins/onlyoffice/tests/unit/Download/OnlyOfficeDownloadDocumentTokenVerifierTest.php +86 −0 Go to diff View file
M src/common/Authentication/SplitToken/SplitToken.php +3 −0 Go to diff View file
M tests/integration/bin/setup.sh +2 −1 Go to diff View file