Commit graph

12 commits

Author SHA1 Message Date
Ashod Nakashian
cb4beaca34 wsd: avoid the using keyword and use C++ size_t
size_t in C and in C++ are not necessarily the same
type. The C++ size_t is in the std namespace. Since
we do include many C headers, and indeed some C++
runtime headers do define size_t for backwards
compatibility, it's easy to mix and match the two
types.

Also, 'using std::size_t;' isn't a great practice,
so removed.

This is not exhaustive, just some low-hanging cases.

Change-Id: I85a36b6fd1acd204274b1869de9bcb94c8b3cf13
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
2020-11-15 15:41:41 -05:00
Ashod Nakashian
eb122ec0a0 wsd: allow URIs without access_header or access_token
URIs may or may not have authorization data specified
via access_header or access_token query parameters.

In the event that the host doesn't have such needs
(for example authrorization could be performed by
some other means), we should accept the request
and still go ahead and make the WOPI request
all the same.

This patch effectively reverts the changes from
a019c93d90 which threw
an exception when the authorization method was
undefined. Since there was an assertion to warn
programmers that something is amis, now we simply
log the fact in trace mode and move on.

A new unit-test is added and another one that
expected the now-removed exception has been modified.

Change-Id: I26cc2514d7465b344037a6e32b777c0fe0ba9a2c
2020-10-07 08:13:29 -04:00
Andras Timar
0002fdfd6c fix license headers
Change-Id: I8623770b32d278a45357dc7f757fabfadd2b4af7
2020-10-01 11:56:43 +02:00
Gülşah Köse
845554a6a3 Revert "wsd: parse headers with Poco::MessageHeader"
This reverts commit dbc562d9ab.

tst-05694-05694 2020-08-26 12:59:14.343136 [ unittest ]
ERR Invalid HTTP header [def]: Malformed message:
Field name too long/no colon found| ../common/Util.cpp:980

Following part of the code tests a request with corrupted http header:
    Authorization auth2(Authorization::Type::Header, "def");
    Poco::Net::HTTPRequest req2;
    auth2.authorizeRequest(req2);
    LOK_ASSERT(!req2.has("Authorization"));

Poco library throws exception.

Change-Id: Ic31a80c0e1e325de27c23059e2bcb3f00d39ad16
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/101887
Tested-by: Jenkins
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Gülşah Köse <gulsah.kose@collabora.com>
2020-09-01 23:17:03 +02:00
Ashod Nakashian
dbc562d9ab wsd: parse headers with Poco::MessageHeader
Our header parses was overly simplistic and
didn't support a number of corner cases that
rfc2616 specifies (folding, for example). The
new approach is to simply normalize the headers by
removing invalid line-breaks and then let the
MessageHeader parser take care of parsing the
headers individually, which we then set on the request.

The new utility setHttpHeaders should be used
whenever we need to set a header in an request
to make sure it are sanitized and valid.

Change-Id: Ifa16fa9364f42183316749276c5d0a4c556cb740
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/96371
Tested-by: Jenkins
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Ashod Nakashian <ash@collabora.com>
2020-08-11 20:04:20 +02:00
Ashod Nakashian
fa96934861 wsd: Authorization parsing and creation improvements
Authorization class now handles the parsing and creation
of its instances, which makes it centralized.

We also avoid repeatedly constructing Authorization objects
in ClientSession and instead do it once at construction
and cache it.

A bunch of new unit-tests added.

Change-Id: I9b5939be51a5957214d07ed8f1096efd179686c6
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/96825
Tested-by: Jenkins
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
2020-07-01 07:33:57 +02:00
Jan Holesovsky
2c246eed85 Sanitize the access_header.
The access_header can contain a lot of nonsense, like whitespace around
or additional \n's or \r's.  We used to sanitize that, but then
regressed in e95413d151 where the
"tokenize by any of \n\r" was by mistake replaced with "tokenize by
string '\n\r'".

Unfortunately the unit test didn't uncover that, and the further
refactorings of the related code have hidden that even more.

Change-Id: Ie2bf950d0426292770b599e40ee2401101162ff2
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/96638
Tested-by: Jenkins
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Andras Timar <andras.timar@collabora.com>
2020-06-19 11:48:44 +02:00
Ashod Nakashian
d2d0492245 wsd: move LOOLProtocol::tokenize to Util::tokenize
The tokenizer(s) are more generic than the protocol
logic, and are used from contexts that don't involve
the protocol as such.

Change-Id: Ie8c256bf11a91e466bff794021f41603c9596a7f
2020-06-02 18:03:36 +01:00
Pranam Lashkari
8aa9b37b86 removed tokenize method with regex
Added new tokenize method with const char* delimiter

Change-Id: Id1c4e89e5418d66aaf348ff4d8c3855f80fb4656
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/83574
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
2020-05-04 15:11:26 +02:00
Pranam Lashkari
a019c93d90 Resolved: Server crash when link opened in new tab
When trying to open a link normally from help->Online help
nothing happens but the popup is closed.

When trying to open a like forcefully in new tab
from help->online help it crashes the server.

Change-Id: I7e0944ebe521002625a84e155e379ed7e25d2309
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/85466
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
2020-01-22 23:23:51 +01:00
Pranam Lashkari
e95413d151 killpoco: removed StringTokenizer from common directory
removed use of Poco::StringTokenizer from the common directory
used LOOLProtocol::tokenize and std::vecor<std::string>

regex is used in Authorization.cpp due to limitation of toeknize mathod
regular expression helps to keep the original intention of the code

Change-Id: Ic87597d8b30cb385000f983389a57dc5d2533d98
Reviewed-on: https://gerrit.libreoffice.org/82575
Reviewed-by: Jan Holesovsky <kendy@collabora.com>
Tested-by: Jan Holesovsky <kendy@collabora.com>
2019-11-15 14:54:29 +01:00
Tomaž Vajngerl
73c8fa9d09 Extract Authorization out of Auth and put it into common
This is needed so we can use this inside ChildSession.

Change-Id: I88f2cc767412fd52dbb242938f0f9897d4277639
Reviewed-on: https://gerrit.libreoffice.org/63836
Reviewed-by: Tomaž Vajngerl <quikee@gmail.com>
Tested-by: Tomaž Vajngerl <quikee@gmail.com>
2018-11-29 21:47:13 +01:00