micbar
commented
1 month ago This is expected behavior.
@tbsbdr we need to define that.
Open ScharfViktor opened 1 month ago
micbar
commented
1 month ago This is expected behavior.
@tbsbdr we need to define that.
AlexAndBear
commented
1 month ago I don't want to be that guy but....
Secure View is an exclusive feature in the Web Office Suite Collabora. When you share your documents in ownCloud with the “Secure View” permission, they can only be viewed within the Collabora application
If we can't guarantee that, updating the article should be mandatory
micbar
commented
1 month ago You are not supposed to have another Web Office suite installed.
ScharfViktor
commented
1 month ago maybe we can somehow disable secure view feature? if:
kulmann
commented
1 month ago This is expected behavior.
@tbsbdr we need to define that.
How is this expected behaviour?
tbsbdr
commented
1 month ago in https://github.com/owncloud/web/issues/10765 we said:
files can only be opend with collabora; there is no other option to open files eg. with the pdf preview or md editor etc.
so I'd consider it a bug if it can be opened with onlyoffice.
micbar
commented
1 month ago No, full disagreement.
micbar
commented
1 month ago Works as designed. Any Wopi app can download.
phil-davis
commented
1 month ago I guess that the data flow for the normal Collabora case is that Collabora reads the actual file content (using a Wopi API endpoint), and then Collabora controls the security. Collabora internally makes "image/s" of the file, with a watermark in the image/s, and then renders just the image/s to the Collabora UI. So the end-user client system only gets watermarked images.
I wonder if there is some way that the Wopi app endpoint can have some "extra security" added that requires Collabora to provide some "token" to "authenticate" itself as a "trusted secure view app". Then an installation can generate that "token", set the value in both ocis and Collabora, and ocis can require the token to be in requests to download for Secure View. That would prevent an ordinary user from doing a curl command to download the actual file.
micbar
commented
1 month ago We have that. Combination of the wopi token together with the wopi proof keys.
AlexAndBear
commented
1 month ago For wopi in general, I think @phil-davis asks for an app specific auth token that signs secure view compatibility
kulmann
commented
1 month ago Works as designed. Any Wopi app can download.
Full disagreement from my side as well :D We even (collaboratively!) introduced a flag for app provider apps so that they can announce themselves as secure view compatible. Why on earth would we do that if any app provider app can be used in secure view shares?
micbar
commented
1 month ago I am just pushing back on the classification as bug.
we were discussing this broadly during the implementation phase.
feels like a waste of energy to discuss that again.
micbar
commented
1 month ago Why on earth would we do that if any app provider app can be used in secure view shares?
it cannot. The flag works fine for the UI.
@ScharfViktor does a handcrafted URL because he has installed onlyoffice together with collabora.
this is why @hodyroff said to @tbsbdr to clarify which setup is the only one for secure view.
kulmann
commented
1 month ago We don't need the flag for what you describe. If secure view is only maintained via configuration of app provider apps, then an ocis deployment without Collabora must not offer the secure view role (= flag is irrelevant).
AlexAndBear
commented
1 month ago We don't need the flag for what you describe. If secure view is only maintained via configuration of app provider apps, then an ocis deployment without Collabora must not offer the secure view role (= flag is irrelevant).
It's more over: only collabora as the one wopi and onliest intergration on a deployed instance. As soon as you have another additional wopi app, it's getting insecure
micbar
commented
1 month ago I think we are aware of the different implications of that.
@tbsbdr please decide if that needs more effort.
At least we need to document that proofkeys need to be enabled.
phil-davis
commented
1 month ago At least we need to document that proofkeys need to be enabled.
Agree - if that is the way for Collabora to "prove" that it is the "known good/secure" client that is allowed to request the content of secure-view-only files.
related https://github.com/owncloud/ocis/issues/9608#issuecomment-2228884225 and https://github.com/owncloud/ocis/issues/9608#issuecomment-2228884252
Steps:
adminshares.odtfile with secure vieweinsteinopens file in collaboraeinsteinmanualy change url fromhttps://host.docker.internal:9200/external-collabora/share/1.odt?shareId=tohttps://host.docker.internal:9200/external-onlyoffice/share/1.odt?shareId=Expected: secure view file opens only in Collabora. fobridden- if user tries to open file in different editor example: openning secure file in the text-editor
https://github.com/user-attachments/assets/81154697-c483-46c3-8156-656e6ad97f29
Actual:
https://github.com/user-attachments/assets/ba2193a8-aa8c-4f77-a666-3c0807b297dc
secure view file also can be open using: desktop client endpoint:
https://host.docker.internal:9200/external/open-with-web/?appName=OnlyOffice&fileId=fileUUIDbut cannot open for mobile:
POST https://host.docker.internal:9200/app/open-with-web/?fileId=ca03e420-8166-48a1-88c2-5043904246d1%24859ef8cd-4a21-42a4-a3c7-70970d4f1e5e%21dfd09209-8fc5-4aa2-bcb8-f1cb94975a64&appName=OnlyOfficePOST https://host.docker.internal:9200/app/open-with-web/?fileId=fileUUID&appName=Collaboraget same result400 "message": "invalid view mode"