Direct download endpoint does not work with server side encryption & user key

nextcloud / server

☁️ Nextcloud server, a safe home for all your data

https://nextcloud.com

GNU Affero General Public License v3.0

27.13k stars 4.03k forks source link

Direct download endpoint does not work with server side encryption & user key #17497

Open tobiasKaminsky opened 5 years ago

tobiasKaminsky commented 5 years ago

Ref: https://github.com/nextcloud/android/issues/3061#issuecomment-540115288

direct endpoint
server side encryption with user key
try to create a direct download

@rullzer

rullzer commented 5 years ago

If somebody want to dive into it.

check if server side encryption is enabled
if it is check if the user key is set
if that is the case encrypt with the system key so it works without the users password

Or alternatively

disable direct download when server side encryption with user key is enabled

tobiasKaminsky commented 5 years ago

On alternative, we then need a capability to inform clients that they cannot offer streaming here.

DPTJKKVH commented 4 years ago

Is it fine if I put a bounty on this and post it on Bountysource or do you prohibit such things?

tobiasKaminsky commented 4 years ago

@DPTJKKVH this is totally fine, thanks. However we cannot guarantee which idea we favor. It is possible that we for a first start disable direct downloading /streaming if SSE with user key is enabled.

DPTJKKVH commented 4 years ago

@tobiasKaminsky hmm. So you say even if someone provided functional code that could be merged you still might decide to temporarily disable this feature? Or do you say that you might already have it disabled before someone handed in their finished code?

If I post a bounty I obviously want this feature to be implemented and would make this a condition for payout.

I don't want to waste my money or someone else's time so a short clarification would be much appreciated. Thanks!

tobiasKaminsky commented 4 years ago

@tobiasKaminsky hmm. So you say even if someone provided functional code that could be merged you still might decide to temporarily disable this feature? Or do you say that you might already have it disabled before someone handed in their finished code

I meant that we maybe disable it for now, until someone develop a correct working direct download endpoint for SSE with user keys. As the current situation is broken in this special case.

If I post a bounty I obviously want this feature to be implemented and would make this a condition for payout.

Of course this will be a requirement to pay out the bounty.

I don't want to waste my money or someone else's time so a short clarification would be much appreciated. Thanks!

If there is a valid enhancement/fix it will be merged and then the bounty can be paid.

So if you put a bounty to this issue, everything is fine as it clearly says that direct download endpoint does not work with SSE & user key.

Sorry for the confusion…

szaimen commented 1 year ago

Hi, please update to 24.0.8 or better 25.0.2 and report back if it fixes the issue. Thank you!

tobiasKaminsky commented 1 year ago

Still happens.