When saving while editing a cell, the
document is saved with the new cell contents
(as the cell editing is interrupted and applied),
but the modified status is not published to the
client (loleaflet).
This has the unfortunate side-effect that the
EverModified flag is not set in this scenario.
To avoid this, this patch sets the EverModified
upon successful saving. This is easier than
forcing LO Core to emit ModifiedStatus=true
in the scenario above. Though it suffers from
the false-positive result when the user forces
a save. Although this is probably defensible,
since technically the document changes upon
saving (though not the content if there was
nothing new to save). On the other hand,
it's less harmful to signal modification
due to save than to ignore genuine
modification to the document.
Change-Id: I7ccba62731f534b69819f7924eeb9231d874c111
Reviewed-on: https://gerrit.libreoffice.org/38398
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
This is required to tell the clients if the command they issued was
successfull or not. In this case 'savetostorage' is the command that we
are interested in knowing the success status of.
With this, now if the user commands to overwrite the document, dialog
boxes of all other users are automatically closed.
Can easily more commands in future for this kind of thing. Its similar
to unocommandresult, except its not a uno command, but our internal
command.
Change-Id: I2e7e1fd5edbd55c13ee4bf9bce24284483d6507f
There is one known problem still - after any user decides to overwrite
the file to storage, other users are not informed, so their dialog keeps
hanging on the screen until they press the cancel or reload button.
Change-Id: I6dad1585e4c53eeed79cd38316892a7f239d44ef
If we are rude, then we don't tell the reason behind closing the
document to our clients.
This method earlier was used to do 'ownertermination', but without this
patch, ownertermination is not going to work. We regressed somewhere in
the past.
Change-Id: I7a2513e567f72b1adf00d5a74b118e116d6d99d3
Introduce a new header X-LOOL-WOPI-Timestamp
This is a WOPI header extension to detect any external document change. For
example, when the file that is already opened by LOOL is changed
in storage.
The WOPI host sends LastModifiedTime field (in WOPI specs) as part
of the CheckFileInfo response. It also expects wsd to send the
same timestamp in X-LOOL-WOPI-Timestamp header during WOPI::PutFile. If
this header is present, then WOPI host checks, before saving the
document, if the timestamp in the header is equal to the timestamp of
the file in its storage. Only upon meeting this condition, it saves the
file back to storage, otherwise it informs us about some change
to the document.
We are supposed to inform the user accordingly. If user is okay
with over-writing the document, then we can omit sending
X-LOOL-WOPI-Timestamp header, in which case, no check as mentioned above
would be performed while saving the file and document will be
overwritten.
Also, use a separate list of LOOL status codes to denote such a change.
It would be wrong to use HTTP_CONFLICT status code for denoting doc
changed in storage scenario. WOPI specs reserves that for WOPI locks
which are not yet implemented. Better to use a separate LOOL specific
status codes synced across WOPI hosts and us to denote scenario that we
expect and are not covered in WOPI specs.
Change-Id: I61539dfae672bc104b8008f030f96e90f9ff48a5
One can add the timetamp information in the PutFile call itself. This
way we can avoid making an extra CheckFileInfo call here.
Change-Id: Iae180262e648c36b9cfeb6d5fabdf5d243b93afb
userextrainfo is a json array that contains
extra user-specific links.
Currently 'avatar' is assumed to hold the
image url for the user's avatar.
'mail' and other links can also be added.
Change-Id: I37c4c68bfa0b7ee659e017b4867dcb8cf5c2ca2f
Reviewed-on: https://gerrit.libreoffice.org/38120
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
The request was meant the other way around; let's just not present "About" in
the menu when there is no element with "about-dialog" id.
This reverts commit b9305d17ce.
Earlier, DisableCopy was a misnomer disabling both copy and paste. Now
it only disables copy from the document but allows pasting into the
document.
Change-Id: I8ddfdd493918331276f0656468d3b94c4283fa4d
The new password hash property is called secure_password in the config
file. `loolconfig` tool should be used to set the password hash in
appropriate format with desired salt length, password length, number of
iterations in PBKDF2.
To be backward compatible, plain-text password for admin-console in
config file is still accepted in case secure_password property is
missing from the config file.
Change-Id: If229999dac62856e368555c0242c4aa6f8061fba
This reverts commit e8ff268992.
To have support for both multitenancy - several WOPI hosts using same wsd -
and WOPI host aliases, using a ID unique across a WOPI host instance as
part of the WOPI URL is a better approach that handles both of above
mentioned issues cleanly.
When a client connects with expired/invalid
access_token, the document should remain
active for other/existing clients, if any.
However, if no clients exists (i.e. the
first client has invalid access_token),
then the document should be unloaded and
cleaned up.
Change-Id: Iaad95a4286325cc6ee130b37e3ad635993a71c72
Reviewed-on: https://gerrit.libreoffice.org/37916
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
Fixes the case when the client reconnects on idle
disconnection (because it never got the 'close: idle'
message).
Also, show informative message to users in this case
instead of grey screen.
Change-Id: Ia2e1f2ffefe6d35dd1552e7cc44e490aab86c600
Reviewed-on: https://gerrit.libreoffice.org/37891
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
When WOPI's CheckFileInfo or GetFile responds with status code other
than HTTP 200, show a message to the user indicating some problem in the
storage.
Currently, we open an empty document if storage doesn't return a
document which surely is not correct.
Mention the storage server address when asking user to contact the
server administrator to be more friendly.
Change-Id: I15f0489f36db8689b43d42f6b691fdd21815e4fa
Turns out this introduces two calls to the CheckFileInfo which is not really
what we should be doing; instead, let's do a kind of cannonicalization in the
WOPI host directly.
This reverts commit ec2fd0844f.
Change-Id: I311bf8a45b706ed9a4d8cd00db0a990ac6d461b4
Otherwise, WOPI implementations that use non-standard ports get CSP
voilation errors in the browsers because Poco's URI::getHost() method
strips the port number from the host.
No harm in mentioning the port number always even if its a standard one,
so always use Poco::URI::getPort() to append the port to the frame
ancestor.
Change-Id: I9e7a7021b38f717e14af3d389e30f24ecaf6d122
Otherwise the presesntation mode downloads them instead of showing.
Change-Id: If2c9785aa5ef6bbb65e911b834c77ea83da281e7
Reviewed-on: https://gerrit.libreoffice.org/37716
Reviewed-by: Jan Holesovsky <kendy@collabora.com>
Tested-by: Jan Holesovsky <kendy@collabora.com>
The docKey creation moved to Storage where we first
invoke WOPI (if/when it's a WOPI-hosted doc and WOPI enabled)
and see if the user has access to the document at all.
If they do, we expect the server to give us a
unique ID to use for identifying the host regardless
of hostname aliases.
If a unique ID is not returned (i.e. empty or missing)
we use the hostname and port in its place as fallback.
This will break hostname aliases, but it will still work.
Change-Id: I407b0087395f9df6ad9cc6e037570487999be4a4
Reviewed-on: https://gerrit.libreoffice.org/37697
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
Document broker needs to know when the save request is sent and when the
save finished. It uses these parameters to avoid shutting down document,
in the document broker main polling loop, if save is already going on.
But direct .uno:Save commands issued from
loleaflet precludes document broker to keep track of it - in this case a
.uno:Save command issued from loleaflet followed by closing the
session will prevent saving the document to storage, if document is huge
enough and LO core takes a bit of time to save it. A save wrapper
command, 'save', ensures that document broker is aware of all such save
requests (_saveRequestTime member variable) and doesn't close the
document until we completely save it (to storage and other cleanups).
Change-Id: I5ec73d45adff23b2e7543e93dfd0624a5e5af46d
Show the user that authorization failed.
Change-Id: Iad63c11ac2033eee80062ecd43dff76f776924c3
Reviewed-on: https://gerrit.libreoffice.org/37610
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
Thread-affinity checks must be inhibited
not just on Socket, but on the SocketPoll as well,
before destroying DocumentBroker instances.
Also, properly initialize the inhibit statics.
Change-Id: I2ced1554d477f0c3faf09bda74034cbae99e4ce1
Reviewed-on: https://gerrit.libreoffice.org/37608
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
...but in combination with the appropriate session's access_token to always
authenticate against the same instance of the WOPI host.
Change-Id: Ic94dfa8fcb226a2d134272b22edc1f8f76c24e34
Timeouts to dimming the doc in the browser
are now configurable from WSD and is relayed
to loleflet as expected.
Out of focus timeout is now 60 seconds.
Change-Id: I8452e30976f6a81b0c3bb3ba5774daa244c1640c
Reviewed-on: https://gerrit.libreoffice.org/37489
Reviewed-by: pranavk <pranavk@collabora.co.uk>
Tested-by: pranavk <pranavk@collabora.co.uk>
... to avoid different WOPI hosts using same loolwsd instance sharing a
file because the path of the file (file id etc.) is same in both of
WOPI hosts.
Though, having hosts + port in doc key engenders the possibility of
opening the same file as two if the WOPI host is accessed using
different aliases but that is much less of a concern than security bug
mentioned in previous paragraph.
Change-Id: Iaa2f880edce952925a85e56ed8eba99514e19751
Reviewed-on: https://gerrit.libreoffice.org/37400
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
Tested-by: Jan Holesovsky <kendy@collabora.com>
This is required in those setup where the document is not served from
the same host user is currently connected to. Use the Referer[sic]
header to set the frame ancestors and if they are absent, fallback to
WOPISrc value provided by the WOPI host.
Change-Id: Ia63a213d10aca2df56a2884e07322c1cd8056ff8
When a document is idle (no activity from
any views) for this timeout duration, the
document is saved and unloaded to minimize
resource consumption.
Change-Id: If6f09136ae40c7e84180fc8c8adbf6db8396d292
Reviewed-on: https://gerrit.libreoffice.org/37374
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
Jail paths are now generate from a PRNG
instead of using the PID of the kit process.
The PRN is converted to base-64 and used
as the directory name where a given
kit is jailed.
Change-Id: I8e4bc35d9ccdfdae0e542ab707c417cd29ad52f3
Reviewed-on: https://gerrit.libreoffice.org/37372
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
Dung out overlapping return enumerations. Move more work into 'move'
callbacks at a safer time, etc.
Change-Id: I62ba5a35f12073b7b9c8de4674be9dae519a8aca
Use what we read at startup as the complete set of files to serve.
Trace log filenames as we read them.
Simplify and accelerate path related checks via the hash.
Kill leak with get_current_dir_name and use the correct path.
Poco::DateTime is enough to create an object representing the current
date time, no need to create a timestamp first.
Change-Id: Ib95b43c1f7ae4993a6d9f7ec6da1234ac2bf59aa
POST requests require the full request to be
left in the socket buffer to be parsed in full.
But GET requests, especially WS upgrade, must
have the request cleared from the socket, as
there is more data expected to be read after
the upgrade, which happens by the DocBroker
thread, so clearing the buffer must be done
before the upgrade.
This patch accomodates these two conflicting
cases and refactors the code slightly to
make it more structured and readable.
Change-Id: Ia7357a745a3900f986099ba14af2a0946023018b
Reviewed-on: https://gerrit.libreoffice.org/36873
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
Because POST requests need to consume the complete
request message, we shouldn't clear the buffer
before handling the POST request.
Change-Id: I53f7b664378dd6614afc6983fdd10d0102b38acf
Reviewed-on: https://gerrit.libreoffice.org/36763
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
We should only remove sessions that had already been
disconnected, which caused the saving.
Change-Id: I22fc54356af50df7a7bd2107fa17f6951d40812f
Reviewed-on: https://gerrit.libreoffice.org/36762
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
Not to confuse with the DocumentBroker isLoaded,
this is view-specific. Except for the first view,
which is identical to the document being loaded,
subsequent view loadings are independent from,
though follow, document loading.
Change-Id: I0f21016fa84bf507ca4bc0e7a6c7d0d76b033c60
Reviewed-on: https://gerrit.libreoffice.org/36761
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
When a session is disconnecting and we use it to save
(because the other sessions are not viable for saving),
then we need to correctly detect if by the time
saving is done there are no other sessions left.
Otherwise, we end up thinking there are other sessions
when the others had been disconnected during saving.
Change-Id: I55687376f5237a495ae163b53f51ee1d2414d770
Reviewed-on: https://gerrit.libreoffice.org/36711
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
If a session is not loaded, it might never
do so. We should skip them when deciding
whether to save using a disconnecting
session or rely on another.
This is to avoid failing to save when
the remaining sessions never really load
the document at all, and are therefore useless.
Change-Id: I4e7127e12960a31e9f66e835bb63fb2347390711
Reviewed-on: https://gerrit.libreoffice.org/36710
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
The server correctly saves all documents
and waits to upload them before exiting.
Change-Id: I04dc9ce588bc0fa39a9deb298d0a5efa61a03f1a
Reviewed-on: https://gerrit.libreoffice.org/36654
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
A Document has its own snapshots set.
A snapshot is a string representation of a JSON object.
AdminModel keeps also the expired document objects.
Query each document object in order to get their own history.
Admin accepts an "history" command then returns a json object.
An administrator checks the history by dashboard.
Change-Id: I73c87eff334cdb5a4a58043b2b66f18a56240b3a
Reviewed-on: https://gerrit.libreoffice.org/35926
Reviewed-by: pranavk <pranavk@collabora.co.uk>
Tested-by: pranavk <pranavk@collabora.co.uk>
When calling the cleanup from DocumentBroker::destroyIfLastEditor(), it might
be (theoretically) too early; so let's do it safer - as the last thing when
shutting down the DocumentBroker::pollThread().
Change-Id: Idc5e34b36d524c8f87a3a0fc99c87244e9784abf
When switching parts (either by the keyboard or mouse)
LoKit sends a notification of the current part and
invalidates tiles. As a reaction to that the client
cancels its tiles and requests new tiles for the
new part.
Since the response to setpart is a large number
of tile cancellation and new requests, the
cost of setpart is significant (esp. with large
number of clients). To avoid that, we de-duplicate
setpart entries from the client queues so there
would be only at most one setpart (the last)
queued to be sent to the client. This minimizes
the unnecessary noise when the part changes
faster than the server and/or network can
keep up.
Change-Id: I87578004203acc63d43e6d398ca04e37f766d9ba
Reviewed-on: https://gerrit.libreoffice.org/36597
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
Without an explicit WS message, the client
does not get this message and the handler
is not invoked at all.
Change-Id: I71e210a9958965cff35dd4d0f1d99985429b82f4
Reviewed-on: https://gerrit.libreoffice.org/36593
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
There is a race between creating and adding
a DocBroker into the DocBrokers container
and cleanupDocBrokers is invoked (on timer)
before it had a chance to start its poll
thread. This is exceedingly rare, but it
has happened.
We check that_stop==false flag when deciding
isAlive such that cleanDocBrokers will
not remove it before its thread had
a chance to run (which would happen
after adding it and creating the
ClientSession).
Also, no point in checking isAlive from
the polling thread itself (of course it is
alive).
Change-Id: If54fe2b5fce0697ee0e2f38f1662c71105e29347
Reviewed-on: https://gerrit.libreoffice.org/36500
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
Some older browsers don't have meta tag support for CSP. Lets put all of
the CSP in response headers to be compatible with oldies.
Change-Id: I7f0d7c294e492b3c69ebea6fbd820d6558b9c3b3
When we are just interested in equality. compare() is more meant for
sorting functions where negative/zero/positive return value is useful.
Change-Id: I11138a14dc08e23d33f3848aeb734d9f56f3e9f7