Merge pull request #10590 from owncloud/collaboration_public_key_fix

fix: properly return an error and use cache for public keys if possible

changelog/unreleased/collaboration-public-keys.md

@@ -0,0 +1,11 @@
+Bugfix: Return an error if we can't get the keys and ensure they're cached
+
+Previously, there was an issue where we could get an error while getting the
+public keys from the /hosting/discovery endpoint but we're returning a wrong
+success value instead. This is fixed now and we're returning the error.
+
+In addition, the public keys weren't being cached, so we hit the
+/hosting/discovery endpoint every time we need to use the public keys. The keys
+are now cached so we don't need to hit the endpoint more than what we need.
+
+https://github.com/owncloud/ocis/pull/10590

services/collaboration/pkg/proofkeys/handler.go

@@ -104,6 +104,7 @@ func (vh *VerifyHandler) Verify(accessToken, url, timestamp, sig64, oldSig64 str
 			return err
 		}
 		pubkeys = newpubkeys
+		vh.cachedKeys = newpubkeys
 	}
 
 	// build and hash the expected proof
@@ -195,6 +196,8 @@ func (vh *VerifyHandler) generateProof(accessToken, url, timestamp string) []byt
 // The PubKeys returned might be either nil (with the non-nil error), or might
 // contain only a PubKeys.Key field (the PubKeys.OldKey might be nil)
 func (vh *VerifyHandler) fetchPublicKeys(logger *zerolog.Logger) (*PubKeys, error) {
+	logger.Debug().Str("WopiAppUrl", vh.discoveryURL).Msg("WopiDiscovery: requesting new public keys")
+
 	httpClient := http.Client{
 		Transport: &http.Transport{
 			TLSClientConfig: &tls.Config{
@@ -220,7 +223,7 @@ func (vh *VerifyHandler) fetchPublicKeys(logger *zerolog.Logger) (*PubKeys, erro
 			Str("WopiAppUrl", vh.discoveryURL).
 			Int("HttpCode", httpResp.StatusCode).
 			Msg("WopiDiscovery: wopi app url failed with unexpected code")
-		return nil, err
+		return nil, errors.New("wopi app url failed with unexpected code")
 	}
 
 	doc := etree.NewDocument()