Comments (4)
@schiessle is on holidays right now but I already talked to him about this and I can share some more insights on this.
So basically the encryption in Nextcloud works the way that every user has a private and a public key. The private key is stored encrypted by a derivative of the users' password and only stored unencrypted in memory when the user accesses Nextcloud logged-in. So we cannot access the users' file and modify it.
To work with publicly shared files we basically have a system public and private key which is accessible to the system obviously. What we should do here is have a possibility to generate such a key on-demand for single files and destroy it once used. So the workflow would be like:
- User presses "open file in Collabora"
DocumentController::index
gets called and would create a public sharing key for the file- When Collabora accesses the file via WOPI the public sharing key is used
- When Collabora is closed the public sharing key is deleted
@schiessle Did I recap that correctly? If you would find some time to look into item 2 and 4 basically by just showing us a snippet creating and deleting the keys we could probably go a long way here. :)
from richdocuments.
from richdocuments.
Interesting; so - given that the users are pleading for this feature =) what information can we transfer from the user-context outside the iframe, to add to the WOPI credentials we pass to make this fly ? I guess this is further complicated by multi-factor authentication (?) anyhow - worth talking through. Ultimately, if we have the right WOPI token, and the user is still logged into OC the server has all the information we need - if only it would share it with us (?)
from richdocuments.
Spent some time reading code around it. There doesn't seem to be any provision of adding extra system public/private key pair that can be used in this case as you described above. The default encryption module and internal encryption library handles publicShareKey, recovery keys, master keys and user keys. It might be possible to create a random $uid everytime and then add it in key storage so it is used as a user key instead of a system key (?)
Thoughts ?
from richdocuments.
Related Issues (20)
- Missing changelog for 8.3.4 HOT 1
- error when opening a document without error message in collabora. HOT 1
- refactor to use office.vue component
- Federated editing is broken after vue migration
- Documents do not load after latest update HOT 2
- No Edit in Nextcloud Office option for PDF files HOT 1
- NC 29 : Cron job execution fails because OC\BackgroundJob\TimedJob was not found
- Guest name modal LoadChunkError
- The Smart Picker doesn't load after clicking on the Smart Picker button in the "Insert" tab of Collabora while editing an ODT or ODG file on Firefox 125.0.2 or Google Chrome 124.0.6367.91 HOT 1
- Allow use of local time isntead of UTC in spreadsheets HOT 1
- Avoid updating storage stats on open locally
- Browsing folders is broken in 28.0.5 if restrict usage is active HOT 3
- Nextcloud Office disabled and removed automatically at each restart HOT 1
- Editing anonymous shared files fails HOT 1
- PDF export includes reviewed state HOT 5
- http_response_code(): Cannot set response code - headers already sent HOT 1
- Since version 8.2.4 dark mode is broken and renders calc unusable
- Print Dialog in Spreadsheet View does Nothing HOT 2
- [Bug]: Unable to use Collabora since upgrading to v29 - document downloads in browser and does not open in Collabora HOT 12
- FileID field too short HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from richdocuments.