Skip to content

Commit

Permalink
Split the path for accepting a sharing (#4503)
Browse files Browse the repository at this point in the history
When a user has received an email for a sharing, they can go to the
preview page. From here, there are two possibilities for accepting the
sharing: just creating a shortcut, or the full synchronization.

Before this commit, the user was first asked their Cozy URL, and on the
OAuth authorize page, they have a checkbox for the synchronize option.
Now, the choice is made on the preview page (Drive will add a
`shortcut=true` parameter in the query string on the `GET
/sharings/:id/discovery` endpoint if needed). And if it is just a
shortcut, we will skip the OAuth authorize page.
  • Loading branch information
nono authored Jan 8, 2025
2 parents 678a744 + c92e559 commit d84d87c
Show file tree
Hide file tree
Showing 14 changed files with 1,032 additions and 1,013 deletions.
3 changes: 3 additions & 0 deletions assets/locales/de.po
Original file line number Diff line number Diff line change
Expand Up @@ -826,6 +826,9 @@ msgstr "Die Cozy URL ist nicht deine E-Mail-Adresse"
msgid "Sharing Discovery Submit"
msgstr "In mein Cozy synchronisieren"

msgid "Sharing Discovery Shortcut Submit"
msgstr "In mein Cozy synchronisieren"

msgid "Sharing No Cozy"
msgstr "Hast du noch kein Cozy?"

Expand Down
3 changes: 3 additions & 0 deletions assets/locales/en.po
Original file line number Diff line number Diff line change
Expand Up @@ -1139,6 +1139,9 @@ msgstr "The Cozy URL is not your email address."
msgid "Sharing Discovery Submit"
msgstr "Synchronize into my Cozy"

msgid "Sharing Discovery Shortcut Submit"
msgstr "Add to my Cozy"

msgid "Sharing No Cozy"
msgstr "Don't have a Cozy yet?"

Expand Down
3 changes: 3 additions & 0 deletions assets/locales/es.po
Original file line number Diff line number Diff line change
Expand Up @@ -840,6 +840,9 @@ msgstr "La URL de su Cozy no es la dirección de su correo electrónico"
msgid "Sharing Discovery Submit"
msgstr "Sincronizar en mi Cozy"

msgid "Sharing Discovery Shortcut Submit"
msgstr "Sincronizar en mi Cozy"

msgid "Sharing No Cozy"
msgstr "¿Todavía no tiene una Cozy?"

Expand Down
3 changes: 3 additions & 0 deletions assets/locales/fr.po
Original file line number Diff line number Diff line change
Expand Up @@ -1244,6 +1244,9 @@ msgstr "L'URL de votre Cozy n'est pas votre adresse email."
msgid "Sharing Discovery Submit"
msgstr "Synchroniser dans mon Cozy"

msgid "Sharing Discovery Shortcut Submit"
msgstr "Ajouter à mon Cozy"

msgid "Sharing No Cozy"
msgstr "Pas encore de Cozy ?"

Expand Down
3 changes: 3 additions & 0 deletions assets/locales/ja.po
Original file line number Diff line number Diff line change
Expand Up @@ -648,6 +648,9 @@ msgstr "Cozy の URL はメールアドレスではありません。"
msgid "Sharing Discovery Submit"
msgstr "送信"

msgid "Sharing Discovery Shortcut Submit"
msgstr "送信"

msgid "Sharing No Cozy"
msgstr "まだ Cozy をお持ちではありませんか?"

Expand Down
3 changes: 3 additions & 0 deletions assets/locales/nl_NL.po
Original file line number Diff line number Diff line change
Expand Up @@ -1024,6 +1024,9 @@ msgstr "De Cozy-url is niet je e-mailadres."
msgid "Sharing Discovery Submit"
msgstr "Synchroniseren naar mijn Cozy"

msgid "Sharing Discovery Shortcut Submit"
msgstr "Synchroniseren naar mijn Cozy"

msgid "Sharing No Cozy"
msgstr "Heb je nog geen Cozy?"

Expand Down
10 changes: 0 additions & 10 deletions assets/templates/authorize_sharing.html
Original file line number Diff line number Diff line change
Expand Up @@ -46,16 +46,6 @@ <h1 class="h4 h2-md mb-4 text-center">{{t "Authorize Sharing Title Add"}}</h1>
</p>
</div>

{{if .HasShortcut}}
<input type="hidden" name="synchronize" value="true" />
{{else}}
<div class="form-check mb-2">
<input class="form-check-input" type="checkbox" id="synchronize" name="synchronize" checked />
<label class="form-check-label" for="synchronize">
{{t "Authorize Sharing Synchronize label"}}
</label>
</div>
{{end}}
<p class="{{if not .HasShortcut}}ps-4{{else}}text-center{{end}} caption text-muted mb-2">
{{t "Authorize Sharing Description start" .SharerName .TargetType}}
</p>
Expand Down
5 changes: 5 additions & 0 deletions assets/templates/sharing_discovery.html
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
<form method="POST" action="/sharings/{{.SharingID}}/discovery" class="d-contents">
<input type="hidden" name="state" value="{{.State}}" />
<input type="hidden" name="sharecode" value="{{.ShareCode}}" />
<input type="hidden" name="shortcut" value="{{.Shortcut}}" />
<main class="wrapper">
<header class="wrapper-top">
<a href="https://cozy.io/" class="btn p-2 d-sm-none">
Expand Down Expand Up @@ -55,7 +56,11 @@ <h1 class="h4 h2-md mb-2 text-center">{{t "Sharing Connect to Cozy"}}</h1>
</a>
</p>
<button id="login-submit" class="btn btn-primary btn-md-lg w-100 mb-3" type="submit">
{{if .Shortcut}}
{{t "Sharing Discovery Shortcut Submit"}}
{{else}}
{{t "Sharing Discovery Submit"}}
{{end}}
</button>
</footer>
</main>
Expand Down
22 changes: 12 additions & 10 deletions docs/sharing.md
Original file line number Diff line number Diff line change
Expand Up @@ -184,14 +184,15 @@ just have to click OK).

#### Query-String

| Parameter | Description |
| --------- | ---------------------------------- |
| state | a code that identify the recipient |
| Parameter | Description |
| --------- | ----------------------------------------------------------------------------------------- |
| state | a code that identify the recipient |
| shortcut | true means that accepting the sharing will just create a shortcut on the recipient's Cozy |

#### Example

```http
GET /sharings/ce8835a061d0ef68947afe69a0046722/discovery?state=eiJ3iepoaihohz1Y HTTP/1.1
GET /sharings/ce8835a061d0ef68947afe69a0046722/discovery?state=eiJ3iepoaihohz1Y&shortcut=true HTTP/1.1
Host: alice.example.net
```

Expand All @@ -206,10 +207,11 @@ This route exists in two versions, the version is selected by the HTTP header

#### Classical (`x-www-form-urlencoded`)

| Parameter | Description |
| --------- | ------------------------------------- |
| state | a code that identify the recipient |
| url | the URL of the Cozy for the recipient |
| Parameter | Description |
| --------- | ----------------------------------------------------------------------------------------- |
| state | a code that identify the recipient |
| url | the URL of the Cozy for the recipient |
| shortcut | true means that accepting the sharing will just create a shortcut on the recipient's Cozy |

##### Example

Expand Down Expand Up @@ -1207,8 +1209,8 @@ HTTP/1.1 204 No Content
### DELETE /sharings/:sharing-id/recipients/:index

This route can be only be called on the cozy instance of the sharer to revoke
only one recipient of the sharing. The parameter is the index of this recipient
in the `members` array of the sharing.
only one recipient of the sharing. The parameter is the index of this recipient
in the `members` array of the sharing.
The status for this member will be set to `revoked`, its cozy will be informed of the
revokation, and the credentials for this cozy will be deleted.

Expand Down
5 changes: 4 additions & 1 deletion model/sharing/member.go
Original file line number Diff line number Diff line change
Expand Up @@ -452,14 +452,17 @@ func (s *Sharing) AddDelegatedContact(inst *instance.Instance, m Member) (string
// DelegateDiscovery delegates the POST discovery when a recipient has invited
// another person to a sharing, and this person accepts the sharing on the
// recipient cozy. The calls is delegated to the owner cozy.
func (s *Sharing) DelegateDiscovery(inst *instance.Instance, state, cozyURL string) (string, error) {
func (s *Sharing) DelegateDiscovery(inst *instance.Instance, state, cozyURL, shortcut string) (string, error) {
u, err := url.Parse(s.Members[0].Instance)
if err != nil {
return "", err
}
v := url.Values{}
v.Add("state", state)
v.Add("url", cozyURL)
if shortcut != "" {
v.Add("shortcut", shortcut)
}
body := []byte(v.Encode())
if len(s.Credentials) == 0 {
return "", ErrInvalidSharing
Expand Down
5 changes: 4 additions & 1 deletion model/sharing/oauth.go
Original file line number Diff line number Diff line change
Expand Up @@ -250,7 +250,7 @@ func (s *Sharing) RegisterCozyURL(inst *instance.Instance, m *Member, cozyURL st

// GenerateOAuthURL takes care of creating a correct OAuth request for
// the given member of the sharing.
func (m *Member) GenerateOAuthURL(s *Sharing) (string, error) {
func (m *Member) GenerateOAuthURL(s *Sharing, shortcut string) (string, error) {
if !s.Owner || len(s.Members) != len(s.Credentials)+1 {
return "", ErrInvalidSharing
}
Expand All @@ -272,6 +272,9 @@ func (m *Member) GenerateOAuthURL(s *Sharing) (string, error) {
"sharing_id": {s.SID},
"state": {creds.State},
}
if shortcut != "" {
q.Add("shortcut", shortcut)
}
u.RawQuery = q.Encode()

return u.String(), nil
Expand Down
23 changes: 10 additions & 13 deletions web/auth/oauth.go
Original file line number Diff line number Diff line change
Expand Up @@ -541,7 +541,16 @@ func (a *AuthorizeHTTPHandler) authorizeSharingForm(c echo.Context) error {
return renderError(c, http.StatusUnauthorized, "Error Invalid sharing")
}

hasShortcut := s.ShortcutID != ""
if strings.ToLower(c.QueryParam("shortcut")) == "true" {
if err := s.AddShortcut(instance, params.state); err != nil {
return err
}
u := instance.SubDomain(consts.DriveSlug)
u.RawQuery = "sharing=" + s.SID
u.Fragment = "/folder/" + consts.SharedWithMeDirID
return c.Redirect(http.StatusSeeOther, u.String())
}

var sharerDomain, targetType string
sharerURL, err := url.Parse(s.Members[0].Instance)
if err != nil {
Expand All @@ -551,7 +560,6 @@ func (a *AuthorizeHTTPHandler) authorizeSharingForm(c echo.Context) error {
}
if s.Rules[0].DocType == consts.BitwardenOrganizations {
targetType = instance.Translate("Notification Sharing Type Organization")
hasShortcut = true
s.Rules[0].Mime = "organization"
if len(s.Rules) == 2 && s.Rules[1].DocType == consts.BitwardenCiphers {
s.Rules = s.Rules[:1]
Expand All @@ -575,7 +583,6 @@ func (a *AuthorizeHTTPHandler) authorizeSharingForm(c echo.Context) error {
"State": params.state,
"Sharing": s,
"CSRF": c.Get("csrf"),
"HasShortcut": hasShortcut,
"TargetType": targetType,
})
}
Expand Down Expand Up @@ -604,16 +611,6 @@ func (a *AuthorizeHTTPHandler) authorizeSharing(c echo.Context) error {
return sharing.ErrInvalidSharing
}

if c.FormValue("synchronize") == "" {
if err = s.AddShortcut(instance, params.state); err != nil {
return err
}
u := instance.SubDomain(consts.DriveSlug)
u.RawQuery = "sharing=" + s.SID
u.Fragment = "/folder/" + consts.SharedWithMeDirID
return c.Redirect(http.StatusSeeOther, u.String())
}

if !s.Active {
if err = s.SendAnswer(instance, params.state); err != nil {
return err
Expand Down
19 changes: 11 additions & 8 deletions web/sharings/sharings.go
Original file line number Diff line number Diff line change
Expand Up @@ -602,7 +602,7 @@ func renderAlreadyAccepted(c echo.Context, inst *instance.Instance, cozyURL stri
})
}

func renderDiscoveryForm(c echo.Context, inst *instance.Instance, code int, sharingID, state, sharecode string, m *sharing.Member) error {
func renderDiscoveryForm(c echo.Context, inst *instance.Instance, code int, sharingID, state, sharecode, shortcut string, m *sharing.Member) error {
publicName, _ := settings.PublicName(inst)
fqdn := strings.TrimPrefix(m.Instance, "https://")
slug, domain := "", consts.KnownFlatDomains[0]
Expand All @@ -628,6 +628,7 @@ func renderDiscoveryForm(c echo.Context, inst *instance.Instance, code int, shar
"SharingID": sharingID,
"State": state,
"ShareCode": sharecode,
"Shortcut": shortcut,
"URLError": code == http.StatusBadRequest,
"NotEmailError": code == http.StatusPreconditionFailed,
})
Expand All @@ -640,6 +641,7 @@ func GetDiscovery(c echo.Context) error {
sharingID := c.Param("sharing-id")
state := c.QueryParam("state")
sharecode := c.FormValue("sharecode")
shortcut := c.QueryParam("shortcut")

s, err := sharing.FindSharing(inst, sharingID)
if err != nil {
Expand Down Expand Up @@ -686,14 +688,14 @@ func GetDiscovery(c echo.Context) error {
err = s.RegisterCozyURL(inst, m, m.Instance)
}
if err == nil {
redirectURL, err := m.GenerateOAuthURL(s)
redirectURL, err := m.GenerateOAuthURL(s, shortcut)
if err == nil {
return c.Redirect(http.StatusFound, redirectURL)
}
}
}

return renderDiscoveryForm(c, inst, http.StatusOK, sharingID, state, sharecode, m)
return renderDiscoveryForm(c, inst, http.StatusOK, sharingID, state, sharecode, shortcut, m)
}

// PostDiscovery is called when the recipient has given its Cozy URL. Either an
Expand All @@ -705,6 +707,7 @@ func PostDiscovery(c echo.Context) error {
sharingID := c.Param("sharing-id")
state := c.FormValue("state")
sharecode := c.FormValue("sharecode")
shortcut := c.FormValue("shortcut")
cozyURL := c.FormValue("url")
if cozyURL == "" {
cozyURL = c.FormValue("slug")
Expand Down Expand Up @@ -742,7 +745,7 @@ func PostDiscovery(c echo.Context) error {
}
}
if strings.Contains(cozyURL, "@") {
return renderDiscoveryForm(c, inst, http.StatusPreconditionFailed, sharingID, state, sharecode, member)
return renderDiscoveryForm(c, inst, http.StatusPreconditionFailed, sharingID, state, sharecode, shortcut, member)
}
email = member.Email
if err = s.RegisterCozyURL(inst, member, cozyURL); err != nil {
Expand All @@ -752,21 +755,21 @@ func PostDiscovery(c echo.Context) error {
if errors.Is(err, sharing.ErrAlreadyAccepted) {
return renderAlreadyAccepted(c, inst, cozyURL)
}
return renderDiscoveryForm(c, inst, http.StatusBadRequest, sharingID, state, sharecode, member)
return renderDiscoveryForm(c, inst, http.StatusBadRequest, sharingID, state, sharecode, shortcut, member)
}
redirectURL, err = member.GenerateOAuthURL(s)
redirectURL, err = member.GenerateOAuthURL(s, shortcut)
if err != nil {
return wrapErrors(err)
}
sharing.PersistInstanceURL(inst, member.Email, member.Instance)
} else {
redirectURL, err = s.DelegateDiscovery(inst, state, cozyURL)
redirectURL, err = s.DelegateDiscovery(inst, state, cozyURL, shortcut)
if err != nil {
if errors.Is(err, sharing.ErrInvalidURL) {
if c.Request().Header.Get(echo.HeaderAccept) == echo.MIMEApplicationJSON {
return c.JSON(http.StatusBadRequest, echo.Map{"error": err.Error()})
}
return renderDiscoveryForm(c, inst, http.StatusBadRequest, sharingID, state, sharecode, &sharing.Member{})
return renderDiscoveryForm(c, inst, http.StatusBadRequest, sharingID, state, sharecode, shortcut, &sharing.Member{})
}
return wrapErrors(err)
}
Expand Down
Loading

0 comments on commit d84d87c

Please sign in to comment.