From ab9849e72f9a4ea78dcdd7ce4a87a5353aebd478 Mon Sep 17 00:00:00 2001 From: Vincent Petry Date: Mon, 14 Dec 2015 17:42:13 +0100 Subject: [PATCH 1/3] Use Authorization headers for public webdav instead of URL Instead of prepending the token as username in the URL, use the Authorization header instead. This is because IE9 considers this a cross-domain call and refuses to do it in the first place. --- apps/files_sharing/tests/js/publicAppSpec.js | 3 ++- core/js/files/client.js | 22 +++++++++----------- 2 files changed, 12 insertions(+), 13 deletions(-) diff --git a/apps/files_sharing/tests/js/publicAppSpec.js b/apps/files_sharing/tests/js/publicAppSpec.js index 74f008025e..2aaf758f3e 100644 --- a/apps/files_sharing/tests/js/publicAppSpec.js +++ b/apps/files_sharing/tests/js/publicAppSpec.js @@ -89,7 +89,8 @@ describe('OCA.Sharing.PublicApp tests', function() { it('Uses public webdav endpoint', function() { expect(fakeServer.requests.length).toEqual(1); expect(fakeServer.requests[0].method).toEqual('PROPFIND'); - expect(fakeServer.requests[0].url).toEqual('https://sh4tok@example.com/owncloud/public.php/webdav/subdir'); + expect(fakeServer.requests[0].url).toEqual('https://example.com/owncloud/public.php/webdav/subdir'); + expect(fakeServer.requests[0].requestHeaders.Authorization).toEqual('Basic c2g0dG9rOm51bGw='); }); describe('Download Url', function() { diff --git a/core/js/files/client.js b/core/js/files/client.js index 608c2702fb..70dac7d669 100644 --- a/core/js/files/client.js +++ b/core/js/files/client.js @@ -35,27 +35,25 @@ if (options.useHTTPS) { url = 'https://'; } - var credentials = ''; - if (options.userName) { - credentials += encodeURIComponent(options.userName); - } - if (options.password) { - credentials += ':' + encodeURIComponent(options.password); - } - if (credentials.length > 0) { - url += credentials + '@'; - } url += options.host + this._root; this._defaultHeaders = options.defaultHeaders || {'X-Requested-With': 'XMLHttpRequest'}; this._baseUrl = url; - this._client = new dav.Client({ + + var clientOptions = { baseUrl: this._baseUrl, xmlNamespaces: { 'DAV:': 'd', 'http://owncloud.org/ns': 'oc' } - }); + }; + if (options.userName) { + clientOptions.userName = options.userName; + } + if (options.password) { + clientOptions.password = options.password; + } + this._client = new dav.Client(clientOptions); this._client.xhrProvider = _.bind(this._xhrProvider, this); }; From 595fd9de6ed6114b57a40b28393dbd1cd706667c Mon Sep 17 00:00:00 2001 From: Vincent Petry Date: Mon, 14 Dec 2015 17:48:30 +0100 Subject: [PATCH 2/3] Add davidchambers/base64 JS library --- bower.json | 3 +- core/vendor/.gitignore | 2 ++ core/vendor/base64/.bower.json | 29 ++++++++++++++++ core/vendor/base64/LICENSE | 14 ++++++++ core/vendor/base64/base64.js | 61 ++++++++++++++++++++++++++++++++++ 5 files changed, 108 insertions(+), 1 deletion(-) create mode 100644 core/vendor/base64/.bower.json create mode 100644 core/vendor/base64/LICENSE create mode 100644 core/vendor/base64/base64.js diff --git a/bower.json b/bower.json index eb8d1ce0b7..ae9575249c 100644 --- a/bower.json +++ b/bower.json @@ -29,6 +29,7 @@ "bootstrap": "~3.3.6", "backbone": "~1.2.3", "davclient.js": "https://github.com/evert/davclient.js.git", - "es6-promise": "https://github.com/jakearchibald/es6-promise.git#~2.3.0" + "es6-promise": "https://github.com/jakearchibald/es6-promise.git#~2.3.0", + "base64": "~0.3.0" } } diff --git a/core/vendor/.gitignore b/core/vendor/.gitignore index 09b6a47c72..3560e8c866 100644 --- a/core/vendor/.gitignore +++ b/core/vendor/.gitignore @@ -133,3 +133,5 @@ es6-promise/** !es6-promise/LICENSE !es6-promise/dist/es6-promise.js +# base64 +base64/*min.js diff --git a/core/vendor/base64/.bower.json b/core/vendor/base64/.bower.json new file mode 100644 index 0000000000..43a7299706 --- /dev/null +++ b/core/vendor/base64/.bower.json @@ -0,0 +1,29 @@ +{ + "name": "base64", + "version": "0.3.0", + "description": "Base64 encoding and decoding", + "main": "./base64.js", + "license": "WTFPL", + "repository": { + "type": "git", + "url": "git://github.com/davidchambers/Base64.js.git" + }, + "ignore": [ + "**/.*", + "Makefile", + "coverage/", + "scripts/", + "test/" + ], + "homepage": "https://github.com/davidchambers/Base64.js", + "_release": "0.3.0", + "_resolution": { + "type": "version", + "tag": "0.3.0", + "commit": "772df096a5ffe983f40202684ad45eed1e0e2d59" + }, + "_source": "git://github.com/davidchambers/Base64.js.git", + "_target": "~0.3.0", + "_originalSource": "base64", + "_direct": true +} \ No newline at end of file diff --git a/core/vendor/base64/LICENSE b/core/vendor/base64/LICENSE new file mode 100644 index 0000000000..483276716d --- /dev/null +++ b/core/vendor/base64/LICENSE @@ -0,0 +1,14 @@ + + DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE + Version 2, December 2004 + + Copyright (c) 2011..2012 David Chambers + + Everyone is permitted to copy and distribute verbatim or modified + copies of this license document, and changing it is allowed as long + as the name is changed. + + DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. You just DO WHAT THE FUCK YOU WANT TO. diff --git a/core/vendor/base64/base64.js b/core/vendor/base64/base64.js new file mode 100644 index 0000000000..b82dded62c --- /dev/null +++ b/core/vendor/base64/base64.js @@ -0,0 +1,61 @@ +;(function () { + + var object = typeof exports != 'undefined' ? exports : this; // #8: web workers + var chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/='; + + function InvalidCharacterError(message) { + this.message = message; + } + InvalidCharacterError.prototype = new Error; + InvalidCharacterError.prototype.name = 'InvalidCharacterError'; + + // encoder + // [https://gist.github.com/999166] by [https://github.com/nignag] + object.btoa || ( + object.btoa = function (input) { + var str = String(input); + for ( + // initialize result and counter + var block, charCode, idx = 0, map = chars, output = ''; + // if the next str index does not exist: + // change the mapping table to "=" + // check if d has no fractional digits + str.charAt(idx | 0) || (map = '=', idx % 1); + // "8 - idx % 1 * 8" generates the sequence 2, 4, 6, 8 + output += map.charAt(63 & block >> 8 - idx % 1 * 8) + ) { + charCode = str.charCodeAt(idx += 3/4); + if (charCode > 0xFF) { + throw new InvalidCharacterError("'btoa' failed: The string to be encoded contains characters outside of the Latin1 range."); + } + block = block << 8 | charCode; + } + return output; + }); + + // decoder + // [https://gist.github.com/1020396] by [https://github.com/atk] + object.atob || ( + object.atob = function (input) { + var str = String(input).replace(/=+$/, ''); + if (str.length % 4 == 1) { + throw new InvalidCharacterError("'atob' failed: The string to be decoded is not correctly encoded."); + } + for ( + // initialize result and counters + var bc = 0, bs, buffer, idx = 0, output = ''; + // get next character + buffer = str.charAt(idx++); + // character found in table? initialize bit storage and add its ascii value; + ~buffer && (bs = bc % 4 ? bs * 64 + buffer : buffer, + // and if not first of each 4 characters, + // convert the first 8 bits to one ascii character + bc++ % 4) ? output += String.fromCharCode(255 & bs >> (-2 * bc & 6)) : 0 + ) { + // try to find character in table (0-63, not found => -1) + buffer = chars.indexOf(buffer); + } + return output; + }); + +}()); From 064dcc079d8dba1754cf80fff66941f31d439002 Mon Sep 17 00:00:00 2001 From: Vincent Petry Date: Mon, 14 Dec 2015 17:50:33 +0100 Subject: [PATCH 3/3] Load base64 polyfill in IE and friends --- lib/private/template.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/private/template.php b/lib/private/template.php index d794dacac2..04d6a90688 100644 --- a/lib/private/template.php +++ b/lib/private/template.php @@ -162,6 +162,8 @@ class OC_Template extends \OC\Template\Base { } if (\OC::$server->getRequest()->isUserAgent([\OC\AppFramework\Http\Request::USER_AGENT_IE])) { + // polyfill for btoa/atob for IE friends + OC_Util::addVendorScript('base64/base64'); // shim for the davclient.js library \OCP\Util::addScript('files/iedavclient'); }