[tests-only] merge master into edge (#2417)

* format .drone.star

* Squashed commit of the following:

commit fa1d1fc
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Wed Jan 5 10:59:55 2022 +0100

    [Build-deps]: Bump github.com/rs/zerolog from 1.26.0 to 1.26.1 (#2388)

commit 0f9142a
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Wed Jan 5 10:59:29 2022 +0100

    [Build-deps]: Bump github.com/aws/aws-sdk-go from 1.42.19 to 1.42.27 (#2414)

commit f953398
Author: Ishank Arora <[email protected]>
Date:   Wed Jan 5 10:11:44 2022 +0100

    Fixes for apps in public shares, project spaces for EOS driver (#2371)

commit 2f21d4d
Author: Willy Kloucek <[email protected]>
Date:   Wed Jan 5 10:11:13 2022 +0100

    update tus/tusd to version 1.8.0 (#2393)

commit b804b9b
Author: Willy Kloucek <[email protected]>
Date:   Wed Jan 5 10:07:47 2022 +0100

    [tests-only] format .drone.star (#2411)

commit 0e9cb7d
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Wed Jan 5 10:02:57 2022 +0100

    [Build-deps]: Bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc (#2359)

commit 0fd4b06
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Wed Jan 5 10:02:38 2022 +0100

    [Build-deps]: Bump github.com/ReneKroon/ttlcache/v2 (#2387)

commit cd9aa62
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Wed Jan 5 10:02:11 2022 +0100

    [Build-deps]: Bump github.com/rs/cors from 1.8.0 to 1.8.2 (#2399)

commit 66369ba
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Wed Jan 5 10:01:49 2022 +0100

    [Build-deps]: Bump github.com/minio/minio-go/v7 from 7.0.18 to 7.0.20 (#2408)

commit f2f4d9d
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Wed Jan 5 10:01:32 2022 +0100

    [Build-deps]: Bump github.com/mattn/go-sqlite3 from 1.14.9 to 1.14.10 (#2409)

changelog/unreleased/enhancement-update-tusd.md

@@ -0,0 +1,6 @@
+Enhancement: update tus/tusd to version 1.8.0
+
+We've update tus/tusd to version 1.8.0.
+
+https://github.com/cs3org/reva/issues/2393
+https://github.com/cs3org/reva/pull/2224

changelog/unreleased/eos-fixes.md

@@ -0,0 +1,3 @@
+Bugfix: Fixes for apps in public shares, project spaces for EOS driver
+
+https://github.com/cs3org/reva/pull/2370

go.mod

@@ -7,9 +7,9 @@ require (
 	github.com/Masterminds/goutils v1.1.1 // indirect
 	github.com/Masterminds/semver v1.5.0 // indirect
 	github.com/Masterminds/sprig v2.22.0+incompatible
-	github.com/ReneKroon/ttlcache/v2 v2.10.0
+	github.com/ReneKroon/ttlcache/v2 v2.11.0
 	github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect
-	github.com/aws/aws-sdk-go v1.42.19
+	github.com/aws/aws-sdk-go v1.42.27
 	github.com/beevik/etree v1.1.0
 	github.com/bluele/gcache v0.0.2
 	github.com/c-bata/go-prompt v0.2.5
@@ -39,9 +39,9 @@ require (
 	github.com/imdario/mergo v0.3.12 // indirect
 	github.com/jedib0t/go-pretty v4.3.0+incompatible
 	github.com/juliangruber/go-intersect v1.1.0
-	github.com/mattn/go-sqlite3 v1.14.9
+	github.com/mattn/go-sqlite3 v1.14.10
 	github.com/mileusna/useragent v1.0.2
-	github.com/minio/minio-go/v7 v7.0.18
+	github.com/minio/minio-go/v7 v7.0.20
 	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/go-testing-interface v1.14.1 // indirect
 	github.com/mitchellh/mapstructure v1.4.3
@@ -51,29 +51,29 @@ require (
 	github.com/pkg/xattr v0.4.4
 	github.com/pquerna/cachecontrol v0.1.0 // indirect
 	github.com/prometheus/alertmanager v0.23.0
-	github.com/rs/cors v1.8.0
-	github.com/rs/zerolog v1.26.0
+	github.com/rs/cors v1.8.2
+	github.com/rs/zerolog v1.26.1
 	github.com/sciencemesh/meshdirectory-web v1.0.4
 	github.com/sethvargo/go-password v0.2.0
 	github.com/stretchr/objx v0.3.0 // indirect
 	github.com/stretchr/testify v1.7.0
 	github.com/studio-b12/gowebdav v0.0.0-20210917133250-a3a86976a1df
 	github.com/thanhpk/randstr v1.0.4
 	github.com/tidwall/pretty v1.2.0 // indirect
-	github.com/tus/tusd v1.6.0
+	github.com/tus/tusd v1.8.0
 	github.com/wk8/go-ordered-map v0.2.0
 	go.mongodb.org/mongo-driver v1.7.2 // indirect
 	go.opencensus.io v0.23.0
-	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.27.0
+	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.28.0
 	go.opentelemetry.io/otel v1.3.0
 	go.opentelemetry.io/otel/exporters/jaeger v1.3.0
 	go.opentelemetry.io/otel/sdk v1.3.0
 	go.opentelemetry.io/otel/trace v1.3.0
-	golang.org/x/crypto v0.0.0-20210921155107-089bfa567519
-	golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f
-	golang.org/x/sys v0.0.0-20210921065528-437939a70204
+	golang.org/x/crypto v0.0.0-20211215165025-cf75a172585e
+	golang.org/x/oauth2 v0.0.0-20211005180243-6b3c2da341f1
+	golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359
 	golang.org/x/term v0.0.0-20210916214954-140adaaadfaf
-	google.golang.org/genproto v0.0.0-20200825200019-8632dd797987
+	google.golang.org/genproto v0.0.0-20211021150943-2b146023228c
 	google.golang.org/grpc v1.42.0
 	google.golang.org/protobuf v1.27.1
 	gopkg.in/square/go-jose.v2 v2.6.0 // indirect

internal/http/interceptors/auth/auth.go

@@ -21,6 +21,7 @@ package auth
 import (
 	"fmt"
 	"net/http"
+	"strings"
 	"time"
 
 	"github.com/bluele/gcache"
@@ -297,14 +298,16 @@ func getCredsForUserAgent(ua string, uam map[string]string, creds []string) []st
 		return creds
 	}
 
-	cred, ok := uam[ua]
-	if ok {
-		for _, v := range creds {
-			if v == cred {
-				return []string{cred}
+	for u, cred := range uam {
+		if strings.Contains(ua, u) {
+			for _, v := range creds {
+				if v == cred {
+					return []string{cred}
+				}
 			}
+			return creds
+
 		}
-		return creds
 	}
 
 	return creds

pkg/app/provider/wopi/wopi.go

@@ -136,10 +136,20 @@ func (p *wopiProvider) GetAppURL(ctx context.Context, resource *provider.Resourc
 	q.Add("fileid", resource.GetId().OpaqueId)
 	q.Add("endpoint", resource.GetId().StorageId)
 	q.Add("viewmode", viewMode.String())
+
 	u, ok := ctxpkg.ContextGetUser(ctx)
 	if ok { // else defaults to "Guest xyz"
-		q.Add("username", u.Username)
-		q.Add("userid", u.Id.OpaqueId+"@"+u.Id.Idp)
+		var isPublicShare bool
+		if u.Opaque != nil {
+			if _, ok := u.Opaque.Map["public-share-role"]; ok {
+				isPublicShare = true
+			}
+		}
+
+		if !isPublicShare {
+			q.Add("username", u.Username)
+			q.Add("userid", u.Id.OpaqueId+"@"+u.Id.Idp)
+		}
 	}
 
 	q.Add("appname", p.conf.AppName)

pkg/auth/manager/publicshares/publicshares.go

@@ -136,15 +136,27 @@ func (m *manager) Authenticate(ctx context.Context, token, secret string) (*user
 
 	share := publicShareResponse.GetShare()
 	role := authpb.Role_ROLE_VIEWER
+	roleStr := "viewer"
 	if share.Permissions.Permissions.InitiateFileUpload {
 		role = authpb.Role_ROLE_EDITOR
+		roleStr = "editor"
 	}
 	scope, err := scope.AddPublicShareScope(share, role, nil)
 	if err != nil {
 		return nil, nil, err
 	}
 
-	return getUserResponse.GetUser(), scope, nil
+	u := getUserResponse.GetUser()
+	u.Opaque = &types.Opaque{
+		Map: map[string]*types.OpaqueEntry{
+			"public-share-role": {
+				Decoder: "plain",
+				Value:   []byte(roleStr),
+			},
+		},
+	}
+
+	return u, scope, nil
 }
 
 // ErrPasswordNotProvided is returned when the public share is password protected, but there was no password on the request

pkg/auth/scope/publicshare.go

@@ -22,8 +22,10 @@ import (
 	"context"
 	"strings"
 
+	appprovider "github.com/cs3org/go-cs3apis/cs3/app/provider/v1beta1"
 	appregistry "github.com/cs3org/go-cs3apis/cs3/app/registry/v1beta1"
 	authpb "github.com/cs3org/go-cs3apis/cs3/auth/provider/v1beta1"
+	gateway "github.com/cs3org/go-cs3apis/cs3/gateway/v1beta1"
 	userv1beta1 "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1"
 	link "github.com/cs3org/go-cs3apis/cs3/sharing/link/v1beta1"
 	provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
@@ -75,9 +77,13 @@ func publicshareScope(ctx context.Context, scope *authpb.Scope, resource interfa
 		return checkStorageRef(ctx, &share, v.GetRef()), nil
 	case *provider.InitiateFileDownloadRequest:
 		return checkStorageRef(ctx, &share, v.GetRef()), nil
+	case *appprovider.OpenInAppRequest:
+		return checkStorageRef(ctx, &share, &provider.Reference{ResourceId: v.ResourceInfo.Id}), nil
+	case *gateway.OpenInAppRequest:
+		return checkStorageRef(ctx, &share, v.GetRef()), nil
 
-		// Editor role
-		// need to return appropriate status codes in the ocs/ocdav layers.
+	// Editor role
+	// need to return appropriate status codes in the ocs/ocdav layers.
 	case *provider.CreateContainerRequest:
 		return hasRoleEditor(*scope) && checkStorageRef(ctx, &share, v.GetRef()), nil
 	case *provider.TouchFileRequest:

pkg/auth/scope/resourceinfo.go

@@ -23,7 +23,9 @@ import (
 	"fmt"
 	"strings"
 
+	appprovider "github.com/cs3org/go-cs3apis/cs3/app/provider/v1beta1"
 	authpb "github.com/cs3org/go-cs3apis/cs3/auth/provider/v1beta1"
+	gateway "github.com/cs3org/go-cs3apis/cs3/gateway/v1beta1"
 	provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
 	registry "github.com/cs3org/go-cs3apis/cs3/storage/registry/v1beta1"
 	"github.com/rs/zerolog"
@@ -73,9 +75,13 @@ func resourceinfoScope(_ context.Context, scope *authpb.Scope, resource interfac
 		return checkResourceInfo(&r, v.GetRef()), nil
 	case *provider.InitiateFileDownloadRequest:
 		return checkResourceInfo(&r, v.GetRef()), nil
+	case *appprovider.OpenInAppRequest:
+		return checkResourceInfo(&r, &provider.Reference{ResourceId: v.ResourceInfo.Id}), nil
+	case *gateway.OpenInAppRequest:
+		return checkResourceInfo(&r, v.GetRef()), nil
 
-		// Editor role
-		// need to return appropriate status codes in the ocs/ocdav layers.
+	// Editor role
+	// need to return appropriate status codes in the ocs/ocdav layers.
 	case *provider.CreateContainerRequest:
 		return hasRoleEditor(*scope) && checkResourceInfo(&r, v.GetRef()), nil
 	case *provider.TouchFileRequest:

pkg/cbox/favorite/sql/sql.go

@@ -97,7 +97,7 @@ func (m *mgr) SetFavorite(ctx context.Context, userID *user.UserId, resourceInfo
 	// The primary key is just the ID in the table, it should ideally be (uid, fileid_prefix, fileid, tag_key)
 	// For the time being, just check if the favorite already exists. If it does, return early
 	var id int
-	query := `"SELECT id FROM cbox_metadata WHERE uid=? AND fileid_prefix=? AND fileid=? AND tag_key="fav"`
+	query := `SELECT id FROM cbox_metadata WHERE uid=? AND fileid_prefix=? AND fileid=? AND tag_key="fav"`
 	if err := m.db.QueryRow(query, user.Id.OpaqueId, resourceInfo.Id.StorageId, resourceInfo.Id.OpaqueId).Scan(&id); err == nil {
 		// Favorite is already set, return
 		return nil

pkg/cbox/storage/eoswrapper/eoswrapper.go

@@ -166,6 +166,7 @@ func (w *wrapper) setProjectSharingPermissions(ctx context.Context, r *provider.
 				r.PermissionSet.RemoveGrant = true
 				r.PermissionSet.UpdateGrant = true
 				r.PermissionSet.ListGrants = true
+				r.PermissionSet.GetQuota = true
 				return nil
 			}
 		}

pkg/cbox/utils/conversions.go

@@ -113,9 +113,12 @@ func ResourceTypeToItemInt(r provider.ResourceType) int {
 // SharePermToInt maps read/write permissions to an integer
 func SharePermToInt(p *provider.ResourcePermissions) int {
 	var perm int
-	if p.CreateContainer || p.InitiateFileUpload {
+	switch {
+	case p.InitiateFileUpload && !p.InitiateFileDownload:
+		perm = 4
+	case p.InitiateFileUpload:
 		perm = 15
-	} else if p.ListContainer || p.InitiateFileDownload {
+	case p.InitiateFileDownload:
 		perm = 1
 	}
 	// TODO map denials and resharing; currently, denials are mapped to 0
@@ -158,6 +161,14 @@ func IntTosharePerm(p int, itemType string) *provider.ResourcePermissions {
 			perm.PurgeRecycle = true
 		}
 		return perm
+	case 4:
+		return &provider.ResourcePermissions{
+			Stat:               true,
+			ListContainer:      true,
+			GetPath:            true,
+			CreateContainer:    true,
+			InitiateFileUpload: true,
+		}
 	default:
 		// TODO we may have other options, for now this is a denial
 		return &provider.ResourcePermissions{}

pkg/eosclient/eosbinary/eosbinary.go

@@ -535,12 +535,16 @@ func (c *Client) SetAttr(ctx context.Context, auth eosclient.Authorization, attr
 }
 
 // UnsetAttr unsets an extended attribute on a path.
-func (c *Client) UnsetAttr(ctx context.Context, auth eosclient.Authorization, attr *eosclient.Attribute, path string) error {
+func (c *Client) UnsetAttr(ctx context.Context, auth eosclient.Authorization, attr *eosclient.Attribute, recursive bool, path string) error {
 	if !isValidAttribute(attr) {
 		return errors.New("eos: attr is invalid: " + serializeAttribute(attr))
 	}
-
-	args := []string{"attr", "-r", "rm", fmt.Sprintf("%d.%s", attr.Type, attr.Key), path}
+	var args []string
+	if recursive {
+		args = []string{"attr", "-r", "rm", fmt.Sprintf("%s.%s", attrTypeToString(attr.Type), attr.Key), path}
+	} else {
+		args = []string{"attr", "rm", fmt.Sprintf("%s.%s", attrTypeToString(attr.Type), attr.Key), path}
+	}
 	_, _, err := c.executeEOS(ctx, args, auth)
 	if err != nil {
 		return err
@@ -911,7 +915,7 @@ func (c *Client) parseFind(ctx context.Context, auth eosclient.Authorization, di
 	for _, fi := range finfos {
 		// For files, inherit ACLs from the parent
 		// And set the inode to that of their version folder
-		if !fi.IsDir {
+		if !fi.IsDir && !isVersionFolder(dirPath) {
 			if parent != nil {
 				fi.SysACL.Entries = append(fi.SysACL.Entries, parent.SysACL.Entries...)
 			}

pkg/eosclient/eosclient.go

@@ -36,7 +36,7 @@ type EOSClient interface {
 	GetFileInfoByFXID(ctx context.Context, auth Authorization, fxid string) (*FileInfo, error)
 	GetFileInfoByPath(ctx context.Context, auth Authorization, path string) (*FileInfo, error)
 	SetAttr(ctx context.Context, auth Authorization, attr *Attribute, recursive bool, path string) error
-	UnsetAttr(ctx context.Context, auth Authorization, attr *Attribute, path string) error
+	UnsetAttr(ctx context.Context, auth Authorization, attr *Attribute, recursive bool, path string) error
 	GetAttr(ctx context.Context, auth Authorization, key, path string) (*Attribute, error)
 	GetQuota(ctx context.Context, username string, rootAuth Authorization, path string) (*QuotaInfo, error)
 	SetQuota(ctx context.Context, rooAuth Authorization, info *SetQuotaInfo) error

pkg/eosclient/eosgrpc/eosgrpc.go

@@ -572,7 +572,7 @@ func (c *Client) SetAttr(ctx context.Context, auth eosclient.Authorization, attr
 }
 
 // UnsetAttr unsets an extended attribute on a path.
-func (c *Client) UnsetAttr(ctx context.Context, auth eosclient.Authorization, attr *eosclient.Attribute, path string) error {
+func (c *Client) UnsetAttr(ctx context.Context, auth eosclient.Authorization, attr *eosclient.Attribute, recursive bool, path string) error {
 	log := appctx.GetLogger(ctx)
 	log.Info().Str("func", "UnsetAttr").Str("uid,gid", auth.Role.UID+","+auth.Role.GID).Str("path", path).Msg("")
 
@@ -586,6 +586,7 @@ func (c *Client) UnsetAttr(ctx context.Context, auth eosclient.Authorization, at
 
 	var ktd = []string{attr.Key}
 	msg.Keystodelete = ktd
+	msg.Recursive = recursive
 
 	msg.Id = new(erpc.MDId)
 	msg.Id.Path = []byte(path)

pkg/storage/fs/owncloudsql/upload.go

@@ -251,6 +251,10 @@ func (fs *owncloudsqlfs) GetUpload(ctx context.Context, id string) (tusd.Upload,
 	info := tusd.FileInfo{}
 	data, err := ioutil.ReadFile(infoPath)
 	if err != nil {
+		if os.IsNotExist(err) {
+			// Interpret os.ErrNotExist as 404 Not Found
+			err = tusd.ErrNotFound
+		}
 		return nil, err
 	}
 	if err := json.Unmarshal(data, &info); err != nil {

pkg/storage/utils/decomposedfs/upload.go

@@ -309,6 +309,10 @@ func (fs *Decomposedfs) GetUpload(ctx context.Context, id string) (tusd.Upload,
 	info := tusd.FileInfo{}
 	data, err := ioutil.ReadFile(infoPath)
 	if err != nil {
+		if os.IsNotExist(err) {
+			// Interpret os.ErrNotExist as 404 Not Found
+			err = tusd.ErrNotFound
+		}
 		return nil, err
 	}
 	if err := json.Unmarshal(data, &info); err != nil {