Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add a new API to allow user to upload an existing certificate #669

Merged
merged 1 commit into from
Aug 13, 2024
Merged

add a new API to allow user to upload an existing certificate #669

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions appinfo/routes.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@
['name' => 'Key#setPrivateKey', 'url' => '/api/v{apiVersion}/private-key', 'verb' => 'POST', 'requirements' => ['apiVersion' => '[1-2]']],
['name' => 'Key#getPrivateKey', 'url' => '/api/v{apiVersion}/private-key', 'verb' => 'GET', 'requirements' => ['apiVersion' => '[1-2]']],
['name' => 'Key#deletePrivateKey', 'url' => '/api/v{apiVersion}/private-key', 'verb' => 'DELETE', 'requirements' => ['apiVersion' => '[1-2]']],
['name' => 'Key#setPublicKey', 'url' => '/api/v{apiVersion}/public-key', 'verb' => 'PUT', 'requirements' => ['apiVersion' => '[1-2]']],
['name' => 'Key#createPublicKey', 'url' => '/api/v{apiVersion}/public-key', 'verb' => 'POST', 'requirements' => ['apiVersion' => '[1-2]']],
['name' => 'Key#getPublicKeys', 'url' => '/api/v{apiVersion}/public-key', 'verb' => 'GET', 'requirements' => ['apiVersion' => '[1-2]']],
['name' => 'Key#deletePublicKey', 'url' => '/api/v{apiVersion}/public-key', 'verb' => 'DELETE', 'requirements' => ['apiVersion' => '[1-2]']],
Expand Down
20 changes: 20 additions & 0 deletions lib/Controller/KeyController.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -205,6 +205,26 @@ public function createPublicKey(string $csr): DataResponse {
return new DataResponse(['public-key' => $publicKey]);
}

/**
* Set public key
*
* @NoAdminRequired
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The requirements are really that a user should be able to set its own public key? And not that an admin should be able to set a user's public key?

Copy link
Contributor Author

@mgallien mgallien Jun 28, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

that should be done by users as there may be situations where the user's certificate is issued by a different component from the Nextcloud server app and the user should be able to upload their certificate to enable end-to-end encrypted share feature
I would guess that we want logged-in users to be able to do it as if they were uploading just a certificate signing request (this workflow works without administrator doing something)

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would guess that we want logged-in users to be able to do it as if they were uploading just a certificate signing request (this workflow works without administrator doing something)

Please make sure of it. If this is true, then it looks ok :).

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sorry if that is unclear
yes, normal users need to be able to upload their certificate to enable sharing
now that you ask for, I think we should ensure the user certificate is valid before storing it

* @E2ERestrictUserAgent
* @throws OCSBadRequestException
*/
public function setPublicKey(string $publicKey): DataResponse {
try {
$this->keyStorage->setPublicKey($publicKey, $this->userId);
} catch (KeyExistsException $e) {
return new DataResponse([], Http::STATUS_CONFLICT);
} catch (Exception $e) {
$this->logger->error("Fail to set user public key", ['exception' => $e, 'app' => $this->appName]);
throw new OCSBadRequestException($this->l10n->t('Internal error'));
}

return new DataResponse(['public-key' => $publicKey]);
}

/**
* Delete the users public key
*
Expand Down
Loading