Merge branch 'master' into cernbox

.drone.env

@@ -1,4 +1,4 @@
 # The test runner source for API tests
-APITESTS_COMMITID=7094891f4de381102b05c6503751dc85d82c0782
+APITESTS_COMMITID=cbe945af4a97b1bafbc903ab5ac2905258f19a62
 APITESTS_BRANCH=master
 APITESTS_REPO_GIT_URL=https://github.com/owncloud/ocis.git

.drone.star

@@ -119,7 +119,7 @@ def ocisIntegrationTest():
                     "REVA_LDAP_HOSTNAME": "ldap",
                     "TEST_REVA": "true",
                     "SEND_SCENARIO_LINE_REFERENCES": "true",
-                    "BEHAT_FILTER_TAGS": "~@provisioning_api-app-required&&~@preview-extension-required&&~@skipOnOcis-OCIS-Storage&&~@personalSpace&&~@skipOnGraph&&~@carddav&&~@skipOnReva&&~@skipOnRevaMaster",
+                    "BEHAT_FILTER_TAGS": "~@provisioning_api-app-required&&~@skipOnOcis-OCIS-Storage&&~@personalSpace&&~@skipOnGraph&&~@carddav&&~@skipOnReva&&~@skipOnRevaMaster",
                     "DIVIDE_INTO_NUM_PARTS": 6,
                     "RUN_PART": 2,
                     "EXPECTED_FAILURES_FILE": "/drone/src/tests/acceptance/expected-failures-on-OCIS-storage.md",
@@ -190,7 +190,7 @@ def s3ngIntegrationTests():
                             "REVA_LDAP_HOSTNAME": "ldap",
                             "TEST_REVA": "true",
                             "SEND_SCENARIO_LINE_REFERENCES": "true",
-                            "BEHAT_FILTER_TAGS": "~@provisioning_api-app-required&&~@preview-extension-required&&~@skipOnOcis-OCIS-Storage&&~@personalSpace&&~@skipOnGraph&&~@carddav&&~@skipOnReva&&~@skipOnRevaMaster",
+                            "BEHAT_FILTER_TAGS": "~@provisioning_api-app-required&&~@skipOnOcis-OCIS-Storage&&~@personalSpace&&~@skipOnGraph&&~@carddav&&~@skipOnReva&&~@skipOnRevaMaster",
                             "DIVIDE_INTO_NUM_PARTS": parallelRuns,
                             "RUN_PART": runPart,
                             "EXPECTED_FAILURES_FILE": "/drone/src/tests/acceptance/expected-failures-on-S3NG-storage.md",

.gitmodules

@@ -1,6 +1,3 @@
-[submodule "tests/ocis"]
-	path = tests/ocis
-	url = https://github.com/owncloud/ocis.git
 [submodule "tests/testing"]
 	path = tests/testing
 	url = https://github.com/owncloud/testing.git

Makefile

@@ -39,11 +39,11 @@ BUILD_FLAGS	= "`[[ -z "$(STATIC)" ]] && echo "" || echo "-extldflags=-static"` -
 
 .PHONY: revad
 revad:
-	go build -ldflags $(BUILD_FLAGS) -o ./cmd/revad/revad ./cmd/revad
+	go build -ldflags $(BUILD_FLAGS) -o ./cmd/revad/revad ./cmd/revad/main
 
 .PHONY: revad-ceph
 revad-ceph:
-	go build -ldflags $(BUILD_FLAGS) -tags ceph -o ./cmd/revad/revad ./cmd/revad
+	go build -ldflags $(BUILD_FLAGS) -tags ceph -o ./cmd/revad/revad ./cmd/revad/main
 
 .PHONY: reva
 reva:

README.md

@@ -156,7 +156,7 @@ This will require some PHP-related tools to run, for instance on Ubuntu you will
     TEST_WITH_LDAP='true' \
     REVA_LDAP_HOSTNAME='localhost' \
     TEST_REVA='true' \
-    BEHAT_FILTER_TAGS='~systemtags-app-required&&~@provisioning_api-app-required&&~@preview-extension-required&&~@skipOnOcis-OCIS-Storage&&~@skipOnOcis' \
+    BEHAT_FILTER_TAGS='~systemtags-app-required&&~@provisioning_api-app-required&&~@skipOnOcis-OCIS-Storage&&~@skipOnOcis' \
     EXPECTED_FAILURES_FILE=../reva/tests/acceptance/expected-failures-on-OCIS-storage.md \
     make test-acceptance-from-core-api
     ```

changelog/unreleased/def-invite-link.md

@@ -0,0 +1,8 @@
+Enhancement: Remove redundant config for invite_link_template
+
+This is to drop invite_link_template from the OCM-related config.
+Now the provider_domain and mesh_directory_url config options
+are both mandatory in the sciencemesh http service, and the link
+is directly built out of the context.
+
+https://github.com/cs3org/reva/pull/3905

changelog/unreleased/dump-config.md

@@ -0,0 +1,7 @@
+Enhancement: Dump reva config on SIGUSR1
+
+Add an option to the runtime to dump the configuration on a file
+(default to `/tmp/reva-dump.toml` and configurable) when the process
+receives a SIGUSR1 signal. Eventual errors are logged in the log.
+
+https://github.com/cs3org/reva/pull/4031

changelog/unreleased/exclude-ceph-iscsi.md

@@ -0,0 +1,7 @@
+Bugfix: Temporarily exclude ceph-iscsi when building revad-ceph image
+
+Due to `Package ceph-iscsi-3.6-1.el8.noarch.rpm is not signed` error when
+building the revad-ceph docker image, the package `ceph-iscsi` has been excluded from the dnf update.
+It will be included again once the pkg will be signed again.
+
+https://github.com/cs3org/reva/pull/4032

changelog/unreleased/extend-eos-meta.md

@@ -0,0 +1,6 @@
+Enhancement: Extend EOS metadata
+
+This PR extend the EOS metadata with atime and ctime fields.
+This change is backwards compatible.
+
+https://github.com/cs3org/reva/pull/3954

changelog/unreleased/find-accepted-users-response.md

@@ -0,0 +1,4 @@
+Enhancement: Make `/sciencemesh/find-accepted-users` response
+consistent with delete user parameters
+
+https://github.com/cs3org/reva/pull/3958

changelog/unreleased/fix-ocm-share-filter-by-path.md

@@ -0,0 +1,5 @@
+Bugfix: Filter OCM shares by path
+
+Fixes the bug of duplicated OCM shares returned in the share with others response.
+
+https://github.com/cs3org/reva/pull/3946

changelog/unreleased/fix-panic-nats-close.md

@@ -0,0 +1,6 @@
+Bugfix: Fix panic when closing notification service
+
+If the connection to the nats server was not yet estabished,
+the service on close was panicking. This has been now fixed.
+
+https://github.com/cs3org/reva/pull/4016

changelog/unreleased/forcelock-cleanup.md

@@ -0,0 +1,5 @@
+Enhancement: Removed support for forcelock
+
+This workaround is not needed any longer, see also the wopiserver.
+
+https://github.com/cs3org/reva/pull/3908

changelog/unreleased/httplog.md

@@ -0,0 +1,6 @@
+Enhancement: improve logging of HTTP requests
+
+Added request and response headers and removed redundant
+URL from the "http" messages
+
+https://github.com/cs3org/reva/pull/4011

changelog/unreleased/init-log.md

@@ -0,0 +1,3 @@
+Enhancement: Add init time logging to all services
+
+https://github.com/cs3org/reva/pull/3407

changelog/unreleased/multiple-token-strategies.md

@@ -0,0 +1,11 @@
+Enhancement: Support multiple token strategies in auth middleware
+
+Different HTTP services can in general support different
+token strategies for validating the reva token.
+In this context, without updating every single client 
+a mono process deployment will never work.
+Now the HTTP auth middleware accepts in its configuration a
+token strategy chain, allowing to provide the reva
+token in multiple places (bearer auth, header).
+
+https://github.com/cs3org/reva/pull/4030

changelog/unreleased/new-config.md

@@ -0,0 +1,11 @@
+Enhancement: New configuration
+
+Allow multiple driverts of the same service to be in the
+same toml config. Add a `vars` section to contain common
+parameters addressable using templates in the configuration
+of the different drivers. Support templating to reference
+values of other parameters in the configuration.
+Assign random ports to services where the address is not
+specified.
+
+https://github.com/cs3org/reva/pull/4015

changelog/unreleased/notif-fixes.md

@@ -0,0 +1,5 @@
+Bugfix: Fixes on notifications
+
+This is to align the code to the latest schema for notifications
+
+https://github.com/cs3org/reva/pull/4061

changelog/unreleased/notifications-changes.md

@@ -0,0 +1,3 @@
+Change: Clean up notifications error checking code, fix sql creation script
+
+https://github.com/cs3org/reva/pull/4041

changelog/unreleased/notifications-skip-init.md

@@ -0,0 +1,6 @@
+Enhancement: Conditional notifications initialization
+
+Notification helpers in services will not try to initalize if
+there is no specific configuration.
+
+https://github.com/cs3org/reva/pull/3969

changelog/unreleased/ocm-compat.md

@@ -0,0 +1,7 @@
+Bugfix: OCM-related compatibility fixes
+
+Following analysis of OC and NC code to access a remote share,
+we must expose paths and not full URIs on the /ocm-provider endpoint.
+Also we fix a lookup issue with apps over OCM and update examples.
+
+https://github.com/cs3org/reva/pull/3962

changelog/unreleased/openappintab.md

@@ -0,0 +1,10 @@
+Enhancement: Handle target in OpenInApp response
+
+This PR adds the OpenInApp.target and AppProviderInfo.action properties
+to the respective responses (/app/open and /app/list), to support
+different app integrations.
+In addition, the archiver was extended to use the name of the file/folder
+as opposed to "download", and to include a query parameter to
+override the archive type, as it will be used in an upcoming app.
+
+https://github.com/cs3org/reva/pull/4077

changelog/unreleased/patch-3971.md

@@ -0,0 +1,5 @@
+Bugfix: Fix for #3971
+
+Fixed panic described in #3971
+
+https://github.com/cs3org/reva/pull/3972

changelog/unreleased/plugins.md

@@ -0,0 +1,7 @@
+Enhancement: Plugins
+
+Adds a plugin system for allowing the creation of external
+plugins for different plugable components in reva,
+for example grpc drivers, http services and middlewares.
+
+https://github.com/cs3org/reva/pull/4073

changelog/unreleased/remove-meshdirectory.md

@@ -0,0 +1,8 @@
+Change: Remove meshdirectory http service
+
+As of meshdirectory-web version 2.0.0, it is now
+implemented and deployed as a completely separate app,
+independent from Reva. We removed any deprecated
+meshdirectory-related code from Reva.
+
+https://github.com/cs3org/reva/pull/3581

changelog/unreleased/update_remove_ocm_share.md

@@ -0,0 +1,10 @@
+Enhancement: Manage OCM shares
+
+Implements the following item regarding OCM:
+  - update of OCM shares in both grpc and ocs layer,
+    allowing an user to update permissions and expiration of the share
+  - deletion of OCM shares in both grpc and ocs layer
+  - accept/reject of received OCM shares
+  - remove accepted remote users
+
+https://github.com/cs3org/reva/pull/3937

changelog/unreleased/validate-config.md

@@ -0,0 +1,7 @@
+Enhancement: Enforce/validate configuration of services
+
+Every driver can now specify some validation rules on the
+configuration. If the validation rules are not respected,
+reva will bail out on startup with a clear error.
+
+https://github.com/cs3org/reva/pull/4035

cmd/reva/main.go

@@ -56,6 +56,7 @@ var (
 		moveCommand(),
 		mkdirCommand(),
 		ocmFindAcceptedUsersCommand(),
+		ocmRemoveAcceptedUser(),
 		ocmInviteGenerateCommand(),
 		ocmInviteForwardCommand(),
 		ocmShareCreateCommand(),

cmd/reva/ocm-remove-accepted-user.go

@@ -0,0 +1,77 @@
+// Copyright 2018-2023 CERN
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// In applying this license, CERN does not waive the privileges and immunities
+// granted to it by virtue of its status as an Intergovernmental Organization
+// or submit itself to any jurisdiction.
+
+package main
+
+import (
+	"errors"
+	"fmt"
+	"io"
+
+	userv1beta1 "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1"
+	invitepb "github.com/cs3org/go-cs3apis/cs3/ocm/invite/v1beta1"
+	rpcv1beta1 "github.com/cs3org/go-cs3apis/cs3/rpc/v1beta1"
+)
+
+func ocmRemoveAcceptedUser() *command {
+	cmd := newCommand("ocm-remove-accepted-user")
+	cmd.Description = func() string { return "remove a remote user from the personal user list" }
+	cmd.Usage = func() string { return "Usage: ocm-remove-accepted-user [-flags]" }
+
+	user := cmd.String("user", "", "the user id")
+	idp := cmd.String("idp", "", "the idp of the user")
+
+	cmd.ResetFlags = func() {
+		*user, *idp = "", ""
+	}
+
+	cmd.Action = func(w ...io.Writer) error {
+		// validate flags
+		if *user == "" {
+			return errors.New("User cannot be empty: user -user flag\n" + cmd.Usage())
+		}
+
+		if *idp == "" {
+			return errors.New("IdP cannot be empty: use -idp flag\n" + cmd.Usage())
+		}
+
+		ctx := getAuthContext()
+		client, err := getClient()
+		if err != nil {
+			return err
+		}
+
+		res, err := client.DeleteAcceptedUser(ctx, &invitepb.DeleteAcceptedUserRequest{
+			RemoteUserId: &userv1beta1.UserId{
+				Type:     userv1beta1.UserType_USER_TYPE_FEDERATED,
+				Idp:      *idp,
+				OpaqueId: *user,
+			},
+		})
+		if err != nil {
+			return err
+		}
+		if res.Status.Code != rpcv1beta1.Code_CODE_OK {
+			return formatError(res.Status)
+		}
+
+		fmt.Println("OK")
+		return nil
+	}
+	return cmd
+}

cmd/reva/ocm-share-update.go

@@ -31,30 +31,26 @@ func ocmShareUpdateCommand() *command {
 	cmd := newCommand("ocm-share-update")
 	cmd.Description = func() string { return "update an OCM share" }
 	cmd.Usage = func() string { return "Usage: ocm-share-update [-flags] <share_id>" }
-	rol := cmd.String("rol", "viewer", "the permission for the share (viewer or editor)")
+
+	webdavRol := cmd.String("webdav-rol", "viewer", "the permission for the WebDAV access method (viewer or editor)")
+	webappViewMode := cmd.String("webapp-mode", "view", "the view mode for the Webapp access method (read or write)")
 
 	cmd.ResetFlags = func() {
-		*rol = "viewer"
+		*webdavRol, *webappViewMode = "viewer", "read"
 	}
 	cmd.Action = func(w ...io.Writer) error {
 		if cmd.NArg() < 1 {
 			return errors.New("Invalid arguments: " + cmd.Usage())
 		}
 
-		// validate flags
-		if *rol != viewerPermission && *rol != editorPermission {
-			return errors.New("Invalid rol: rol must be viewer or editor\n" + cmd.Usage())
-		}
-
 		id := cmd.Args()[0]
 
-		ctx := getAuthContext()
-		shareClient, err := getClient()
-		if err != nil {
-			return err
+		if *webdavRol == "" && *webappViewMode == "" {
+			return errors.New("use at least one of -webdav-rol or -webapp-mode flag")
 		}
 
-		perm, err := getOCMSharePerm(*rol)
+		ctx := getAuthContext()
+		shareClient, err := getClient()
 		if err != nil {
 			return err
 		}
@@ -67,13 +63,42 @@ func ocmShareUpdateCommand() *command {
 					},
 				},
 			},
-			Field: &ocm.UpdateOCMShareRequest_UpdateField{
-				Field: &ocm.UpdateOCMShareRequest_UpdateField_Permissions{
-					Permissions: &ocm.SharePermissions{
-						Permissions: perm,
+		}
+
+		if *webdavRol != "" {
+			perm, err := getOCMSharePerm(*webdavRol)
+			if err != nil {
+				return err
+			}
+			shareRequest.Field = append(shareRequest.Field, &ocm.UpdateOCMShareRequest_UpdateField{
+				Field: &ocm.UpdateOCMShareRequest_UpdateField_AccessMethods{
+					AccessMethods: &ocm.AccessMethod{
+						Term: &ocm.AccessMethod_WebdavOptions{
+							WebdavOptions: &ocm.WebDAVAccessMethod{
+								Permissions: perm,
+							},
+						},
 					},
 				},
-			},
+			})
+		}
+
+		if *webappViewMode != "" {
+			mode, err := getOCMViewMode(*webappViewMode)
+			if err != nil {
+				return err
+			}
+			shareRequest.Field = append(shareRequest.Field, &ocm.UpdateOCMShareRequest_UpdateField{
+				Field: &ocm.UpdateOCMShareRequest_UpdateField_AccessMethods{
+					AccessMethods: &ocm.AccessMethod{
+						Term: &ocm.AccessMethod_WebappOptions{
+							WebappOptions: &ocm.WebappAccessMethod{
+								ViewMode: mode,
+							},
+						},
+					},
+				},
+			})
 		}
 
 		shareRes, err := shareClient.UpdateOCMShare(ctx, shareRequest)