Merge pull request #77 from ONLYOFFICE/develop

Release/1.0.2

CHANGELOG.md

@@ -1,5 +1,18 @@
 # Change Log
 
+## 1.0.5
+### Added
+- default name for new file
+- getting default value from server config
+- checking the encryption module
+
+### Changed
+- included editing for csv format
+- fix track activities and versions
+
+### Security
+- jwt signature for inbox request from Document Server
+
 ## 1.0.4
 ### Added
 - advanced server settings for specifying internal addresses

README.md

@@ -1,14 +1,14 @@
 # ![](screenshots/icon.png) ownCloud/Nextcloud ONLYOFFICE integration app
 
-This app enables users to edit office documents from [ownCloud](https://owncloud.com)/[Nextcloud](https://nextcloud.com) using ONLYOFFICE Document Server. Currently the following document formats can be edited with this app: DOCX, XLSX, PPTX, TXT. The above mentioned formats are also available for viewing together with PDF and CSV. The edited files of the corresponding type can be converted into the Office Open XML formats: ODT, ODS, ODP, DOC, XLS, PPT, PPS, EPUB, RTF, HTML, HTM.
+This app enables users to edit office documents from [ownCloud](https://owncloud.com)/[Nextcloud](https://nextcloud.com) using ONLYOFFICE Document Server. Currently the following document formats can be edited with this app: DOCX, XLSX, PPTX, TXT, CSV. The above mentioned formats are also available for viewing together with PDF. The edited files of the corresponding type can be converted into the Office Open XML formats: ODT, ODS, ODP, DOC, XLS, PPT, PPS, EPUB, RTF, HTML, HTM.
 
 The app will create an item in the `new` (+) menu to create **Document**, **Spreadsheet**, **Presentation**. It will also create a new **Open in ONLYOFFICE** menu option within the document library for Office documents. This allows multiple users to collaborate in real time and to save back those changes to ownCloud/Nextcloud.
 
-
+You can also use our **[Docker installation](https://github.com/ONLYOFFICE/docker-onlyoffice-owncloud)** to get installed and configured Document Server and ownCloud installation with a couple of commands.
 
 ## Installing ONLYOFFICE Document Server
 
-You will need an instance of ONLYOFFICE Document Server that is resolvable and connectable both from ownCloud/Nextcloud and any end clients (version 4.2 and later are supported for use with the app). If that is not the case, use the official ONLYOFFICE Document Server documetnations page: [Document Server for Linux](http://helpcenter.onlyoffice.com/server/linux/document/linux-installation.aspx). ONLYOFFICE Document Server must also be able to POST to ownCloud/Nextcloud directly.
+You will need an instance of ONLYOFFICE Document Server that is resolvable and connectable both from ownCloud/Nextcloud and any end clients (version 4.2.7 and later are supported for use with the app). If that is not the case, use the official ONLYOFFICE Document Server documetnations page: [Document Server for Linux](http://helpcenter.onlyoffice.com/server/linux/document/linux-installation.aspx). ONLYOFFICE Document Server must also be able to POST to ownCloud/Nextcloud directly.
 
 The easiest way to start an instance of ONLYOFFICE Document Server is to use [Docker](https://github.com/ONLYOFFICE/Docker-DocumentServer).
 
@@ -18,13 +18,18 @@ The easiest way to start an instance of ONLYOFFICE Document Server is to use [Do
 
 To start using ONLYOFFICE Document Server with ownCloud/Nextcloud, the following steps must be performed:
 
-1. Place ownCloud/Nextcloud ONLYOFFICE integration app to your ownCloud/Nextcloud server into the _/apps_ (or some other) directory, [used](https://doc.owncloud.org/server/9.0/admin_manual/installation/apps_management_installation.html#using-custom-app-directories) to connect applications:
+1. Place ownCloud/Nextcloud ONLYOFFICE integration app to your ownCloud/Nextcloud server into the _apps/_ (or some other) directory, [used](https://doc.owncloud.org/server/9.0/admin_manual/installation/apps_management_installation.html#using-custom-app-directories) to connect applications:
 ```
 cd apps/
 git clone https://github.com/ONLYOFFICE/onlyoffice-owncloud.git onlyoffice
 ```
 
-2. In ownCloud/Nextcloud open the `~/index.php/settings/apps?category=disabled` page with _Not enabled_ apps by administrator and click _Enable_ for the **ONLYOFFICE** application.
+2. Change the owner to update the application right from ownCloud/Nextcloud web interface:
+```
+chown -R www-data:www-data onlyoffice
+```
+
+3. In ownCloud/Nextcloud open the `~/index.php/settings/apps?category=disabled` page with _Not enabled_ apps by administrator and click _Enable_ for the **ONLYOFFICE** application.
 
 
 
@@ -33,7 +38,7 @@ git clone https://github.com/ONLYOFFICE/onlyoffice-owncloud.git onlyoffice
 In ownCloud/Nextcloud open the `~/index.php/settings/admin#onlyoffice` page with administrative settings for **ONLYOFFICE** section. Enter the following address to connect ONLYOFFICE Document Server:
 
 ```
-https://<documentserver>
+https://<documentserver>/
 ```
 
 Where the **documentserver** is the name of the server with the ONLYOFFICE Document Server installed. The address must be accessible for the user browser and from the ownCloud/Nextcloud server. The ownCloud/Nextcloud server address must also be accessible from ONLYOFFICE Document Server for correct work.

appinfo/application.php

@@ -60,19 +60,18 @@ public function __construct(array $urlParams = []) {
         $this->crypt = new Crypt($this->appConfig);
 
         // Default script and style if configured
-        if (!empty($this->appConfig->GetDocumentServerUrl())
-            && array_key_exists("REQUEST_URI", \OC::$server->getRequest()->server))
-        {
-            $url = \OC::$server->getRequest()->server["REQUEST_URI"];
-
-            if (isset($url)) {
-                if (preg_match("%/apps/files(/.*)?%", $url)) {
-                    Util::addScript($appName, "main");
-                    Util::addStyle($appName, "main");
+        $eventDispatcher = \OC::$server->getEventDispatcher();
+        $eventDispatcher->addListener("OCA\Files::loadAdditionalScripts",
+            function() {
+                if (!empty($this->appConfig->GetDocumentServerUrl())) {
+                    Util::addScript("onlyoffice", "main");
+                    Util::addStyle("onlyoffice", "main");
                 }
-            }
-        }
+            });
 
+        require_once __DIR__ . "/../3rdparty/jwt/BeforeValidException.php";
+        require_once __DIR__ . "/../3rdparty/jwt/ExpiredException.php";
+        require_once __DIR__ . "/../3rdparty/jwt/SignatureInvalidException.php";
         require_once __DIR__ . "/../3rdparty/jwt/JWT.php";
 
         $container = $this->getContainer();

appinfo/info.xml

@@ -7,7 +7,7 @@
     <description>ONLYOFFICE integration app enables users to edit Office documents within ONLYOFFICE from OwnCloud. This will create a new Open in ONLYOFFICE action within the document library for Office documents. This allows multiple users to collaborate in real time and to save back those changes to OwnCloud.</description>
     <licence>AGPL</licence>
     <author>Ascensio System SIA</author>
-    <version>1.0.4</version>
+    <version>1.0.5</version>
     <namespace>Onlyoffice</namespace>
     <types>
         <filesystem/>

controller/callbackcontroller.php

@@ -168,6 +168,23 @@ public function download($doc) {
             return new JSONResponse(["message" => $this->trans->t("Invalid request")], Http::STATUS_BAD_REQUEST);
         }
 
+        if (!empty($this->config->GetDocumentServerSecret())) {
+            $header = \OC::$server->getRequest()->getHeader("Authorization");
+            if (empty($header)) {
+                $this->logger->info("Download without jwt", array("app" => $this->appName));
+                return new JSONResponse(["message" => $this->trans->t("Access deny")], Http::STATUS_FORBIDDEN);
+            }
+
+            $header = substr($header, strlen("Bearer "));
+
+            try {
+                $decodedHeader = \Firebase\JWT\JWT::decode($header, $this->config->GetDocumentServerSecret(), array("HS256"));
+            } catch (\UnexpectedValueException $e) {
+                $this->logger->info("Download with invalid jwt: " . $e->getMessage(), array("app" => $this->appName));
+                return new JSONResponse(["message" => $this->trans->t("Access deny")], Http::STATUS_FORBIDDEN);
+            }
+        }
+
         $fileId = $hashData->fileId;
         $ownerId = $hashData->ownerId;
 
@@ -185,7 +202,7 @@ public function download($doc) {
 
         try {
             return new DataDownloadResponse($file->getContent(), $file->getName(), $file->getMimeType());
-        } catch(\OCP\Files\NotPermittedException  $e) {
+        } catch (\OCP\Files\NotPermittedException  $e) {
             $this->logger->info("Download Not permitted: " . $fileId . " " . $e->getMessage(), array("app" => $this->appName));
             return new JSONResponse(["message" => $this->trans->t("Not permitted")], Http::STATUS_FORBIDDEN);
         }
@@ -216,6 +233,23 @@ public function emptyfile($doc) {
             return new JSONResponse(["message" => $this->trans->t("Invalid request")], Http::STATUS_BAD_REQUEST);
         }
 
+        if (!empty($this->config->GetDocumentServerSecret())) {
+            $header = \OC::$server->getRequest()->getHeader("Authorization");
+            if (empty($header)) {
+                $this->logger->info("Download empty without jwt", array("app" => $this->appName));
+                return new JSONResponse(["message" => $this->trans->t("Access deny")], Http::STATUS_FORBIDDEN);
+            }
+
+            $header = substr($header, strlen("Bearer "));
+
+            try {
+                $decodedHeader = \Firebase\JWT\JWT::decode($header, $this->config->GetDocumentServerSecret(), array("HS256"));
+            } catch (\UnexpectedValueException $e) {
+                $this->logger->info("Download empty with invalid jwt: " . $e->getMessage(), array("app" => $this->appName));
+                return new JSONResponse(["message" => $this->trans->t("Access deny")], Http::STATUS_FORBIDDEN);
+            }
+        }
+
         $templatePath = dirname(__DIR__) . DIRECTORY_SEPARATOR . "assets" . DIRECTORY_SEPARATOR . "en" . DIRECTORY_SEPARATOR . "new.docx";
 
         $template = file_get_contents($templatePath);
@@ -226,7 +260,7 @@ public function emptyfile($doc) {
 
         try {
             return new DataDownloadResponse($template, "new.docx", "application/vnd.openxmlformats-officedocument.wordprocessingml.document");
-        } catch(\OCP\Files\NotPermittedException  $e) {
+        } catch (\OCP\Files\NotPermittedException  $e) {
             $this->logger->info("Download Not permitted: " . $fileId . " " . $e->getMessage(), array("app" => $this->appName));
             return new JSONResponse(["message" => $this->trans->t("Not permitted")], Http::STATUS_FORBIDDEN);
         }
@@ -260,6 +294,30 @@ public function track($doc, $users, $key, $status, $url) {
             return new JSONResponse(["message" => $this->trans->t("Invalid request")], Http::STATUS_BAD_REQUEST);
         }
 
+        if (!empty($this->config->GetDocumentServerSecret())) {
+            $header = \OC::$server->getRequest()->getHeader("Authorization");
+            if (empty($header)) {
+                $this->logger->info("Track without jwt", array("app" => $this->appName));
+                return new JSONResponse(["message" => $this->trans->t("Access deny")], Http::STATUS_FORBIDDEN);
+            }
+
+            $header = substr($header, strlen("Bearer "));
+
+            try {
+                $decodedHeader = \Firebase\JWT\JWT::decode($header, $this->config->GetDocumentServerSecret(), array("HS256"));
+                $this->logger->debug("Track HEADER : " . json_encode($decodedHeader), array("app" => $this->appName));
+
+                $payload = $decodedHeader->payload;
+                $users = isset($payload->users) ? $payload->users : NULL;
+                $key = $payload->key;
+                $status = $payload->status;
+                $url = isset($payload->url) ? $payload->url : NULL;
+            } catch (\UnexpectedValueException $e) {
+                $this->logger->info("Track with invalid jwt: " . $e->getMessage(), array("app" => $this->appName));
+                return new JSONResponse(["message" => $this->trans->t("Access deny")], Http::STATUS_FORBIDDEN);
+            }
+        }
+
         $trackerStatus = $this->_trackerStatus[$status];
 
         $error = 1;
@@ -270,6 +328,9 @@ public function track($doc, $users, $key, $status, $url) {
                 $fileId = $hashData->fileId;
                 $ownerId = $hashData->ownerId;
 
+                \OC_Util::tearDownFS();
+                \OC_Util::setupFS($ownerId);
+
                 $files = $this->root->getUserFolder($ownerId)->getById($fileId);
                 if (empty($files)) {
                     $this->logger->info("Files for track not found: " . $fileId, array("app" => $this->appName));
@@ -308,7 +369,7 @@ public function track($doc, $users, $key, $status, $url) {
                         $from = $parsedUrl["scheme"] . "://" . $parsedUrl["host"] . (array_key_exists("port", $parsedUrl) ? (":" . $parsedUrl["port"]) : "") . "/";
                     }
 
-                    $this->logger->debug("Replace in track from " . $from . " to " . $this->config->GetDocumentServerInternalUrl(true));
+                    $this->logger->debug("Replace in track from " . $from . " to " . $this->config->GetDocumentServerInternalUrl(true), array("app" => $this->appName));
                     $url = str_replace($from, $this->config->GetDocumentServerInternalUrl(true), $url);
                 }
 

controller/editorcontroller.php

@@ -290,7 +290,7 @@ public function convert($fileId) {
      * Print editor section
      *
      * @param integer $fileId - file identifier
-     * 
+     *
      * @return TemplateResponse
      *
      * @NoAdminRequired

controller/settingscontroller.php

@@ -26,6 +26,7 @@
 
 namespace OCA\Onlyoffice\Controller;
 
+use OCP\App;
 use OCP\AppFramework\Controller;
 use OCP\AppFramework\Http\TemplateResponse;
 use OCP\IL10N;
@@ -124,7 +125,8 @@ public function index() {
             "secret" => $this->config->GetDocumentServerSecret(),
             "currentServer" => $this->urlGenerator->getAbsoluteURL("/"),
             "defFormats" => $defFormats,
-            "sameTab" => $this->config->GetSameTab()
+            "sameTab" => $this->config->GetSameTab(),
+            "encryption" => $this->checkEncryptionModule()
         ];
         return new TemplateResponse($this->appName, "settings", $data, "blank");
     }
@@ -162,6 +164,10 @@ public function SaveSettings($documentserver,
         $this->config->SetDefaultFormats($defFormats);
         $this->config->SetSameTab($sameTab);
 
+        if ($this->checkEncryptionModule()) {
+            $this->logger->info("SaveSettings when encryption is enabled", array("app" => $this->appName));
+        }
+
         return [
             "documentserver" => $this->config->GetDocumentServerUrl(),
             "documentserverInternal" => $this->config->GetDocumentServerInternalUrl(true),
@@ -251,4 +257,24 @@ private function checkDocServiceUrl() {
 
         return "";
     }
+
+    /**
+     * Checking encryption enabled
+    */
+    private function checkEncryptionModule() {
+        if (!App::isEnabled("encryption")) {
+            return false;
+        }
+        if (!\OC::$server->getEncryptionManager()->isEnabled()) {
+            return false;
+        }
+
+        $crypt = new \OCA\Encryption\Crypto\Crypt(\OC::$server->getLogger(), \OC::$server->getUserSession(), \OC::$server->getConfig(), \OC::$server->getL10N('encryption'));
+        $util = new \OCA\Encryption\Util(new \OC\Files\View(), $crypt, \OC::$server->getLogger(), \OC::$server->getUserSession(), \OC::$server->getConfig(), \OC::$server->getUserManager());
+        if ($util->isMasterKeyEnabled()) {
+            return false;
+        }
+
+        return true;
+    }
 }

css/settings.css

@@ -43,3 +43,6 @@
     cursor: pointer;
     text-decoration: none;
 }
+.onlyoffice-error {
+    color: red;
+}

js/main.js

@@ -174,6 +174,7 @@
             menu.addMenuEntry({
                 id: "onlyofficeDocx",
                 displayName: t(OCA.Onlyoffice.AppName, "Document"),
+                templateName: t(OCA.Onlyoffice.AppName, "Document"),
                 iconClass: "icon-onlyoffice-new-docx",
                 fileType: "docx",
                 actionHandler: function (name) {
@@ -184,6 +185,7 @@
             menu.addMenuEntry({
                 id: "onlyofficeXlsx",
                 displayName: t(OCA.Onlyoffice.AppName, "Spreadsheet"),
+                templateName: t(OCA.Onlyoffice.AppName, "Spreadsheet"),
                 iconClass: "icon-onlyoffice-new-xlsx",
                 fileType: "xlsx",
                 actionHandler: function (name) {
@@ -194,6 +196,7 @@
             menu.addMenuEntry({
                 id: "onlyofficePpts",
                 displayName: t(OCA.Onlyoffice.AppName, "Presentation"),
+                templateName: t(OCA.Onlyoffice.AppName, "Presentation"),
                 iconClass: "icon-onlyoffice-new-pptx",
                 fileType: "pptx",
                 actionHandler: function (name) {

lib/adminsettings.php

@@ -29,6 +29,7 @@
 use OCP\Settings\ISettings;
 
 use OCA\Onlyoffice\AppInfo\Application;
+use OCA\Onlyoffice\Controller\SettingsController;
 
 /**
  * Settings controller for the administration page
@@ -64,7 +65,7 @@ public function getSectionID() {
     public function getForm() {
         $app = new Application();
         $container = $app->getContainer();
-        $response = $container->query("\OCA\Onlyoffice\Controller\SettingsController")->index();
+        $response = $container->query(SettingsController::class)->index();
         return $response;
     }