From 37b9914c30c242ffa8b2f583faec3b5456052263 Mon Sep 17 00:00:00 2001 From: Aymen Date: Fri, 26 Mar 2021 14:53:49 +0100 Subject: [PATCH 1/2] decode payload if onlyoffice have jwt token --- classes/converter.php | 2 +- classes/documentserver_client.php | 18 +++++++++++++++++- lang/en/fileconverter_onlyoffice.php | 3 ++- settings.php | 6 ++++++ 4 files changed, 26 insertions(+), 3 deletions(-) diff --git a/classes/converter.php b/classes/converter.php index bc014d5..512082e 100644 --- a/classes/converter.php +++ b/classes/converter.php @@ -100,7 +100,7 @@ public function create_client(): documentserver_client { // Only create client if it hasn't already been done. if ($this->client == null) { - $this->client = new documentserver_client($this->config->internaloodsurl); + $this->client = new documentserver_client($this->config->internaloodsurl, $this->config->documentserversecret); } return $this->client; diff --git a/classes/documentserver_client.php b/classes/documentserver_client.php index f628af0..afa0014 100644 --- a/classes/documentserver_client.php +++ b/classes/documentserver_client.php @@ -24,6 +24,7 @@ namespace fileconverter_onlyoffice; use coding_exception; +use Firebase\JWT\JWT; use curl; defined('MOODLE_INTERNAL') || die(); @@ -46,21 +47,36 @@ class documentserver_client { * @var string */ private $documentserverhost; + /** + * Private OnlyOfice document server Secret Token + * @var string + */ + private $documentserversecret; /** * Initialise the client. * @param string $documentserverhost Private OnlyOfice document server URL */ - public function __construct(string $documentserverhost) { + public function __construct(string $documentserverhost, string $documentserversecret = null) { $this->documentserverhost = rtrim($documentserverhost, '/'); + $this->documentserversecret = $documentserversecret; $this->curl = new \curl(); } public function request_conversion($params) { $endpoint = $this->documentserverhost . '/ConvertService.ashx'; + if ($this->documentserversecret ) { + $payload = ["payload" => $params]; + $headerToken = JWT::encode($payload, $this->documentserversecret); + $token = JWT::encode($params, $this->documentserversecret); + $params['token'] = $token; + } $callargs = json_encode($params); $this->curl->setHeader('Content-type: application/json'); $this->curl->setHeader('Accept: application/json'); + if ($this->documentserversecret ) { + $this->curl->setHeader('Authorization: ' . $headerToken); + } $response = $this->curl->post($endpoint, $callargs); if ($this->curl->errno != 0) { diff --git a/lang/en/fileconverter_onlyoffice.php b/lang/en/fileconverter_onlyoffice.php index 7cf0b91..2dd408a 100644 --- a/lang/en/fileconverter_onlyoffice.php +++ b/lang/en/fileconverter_onlyoffice.php @@ -33,4 +33,5 @@ $string['preparesubmissionsforannotation'] = 'Prepare submissions for annotation'; $string['privacy:metadata:filecontent'] = 'The content of the file.'; $string['privacy:metadata:externalpurpose'] = 'The file is send to a external ONLYOFFICE document server, which stores the file briefly in order to convert it into the desired file format.'; - +$string['documentserversecret'] = 'Document Server Secret'; +$string['documentserversecret_desc'] = 'The secret is used to generate the token (an encrypted signature) in the browser for the document editor opening and calling the methods and the requests to the document command service and document conversion service. The token prevents the substitution of important parameters in ONLYOFFICE Document Server requests.'; diff --git a/settings.php b/settings.php index 8dd78a1..413d691 100644 --- a/settings.php +++ b/settings.php @@ -34,6 +34,12 @@ get_string('settings:internaloodsurl', 'fileconverter_onlyoffice'), get_string('settings:internaloodsurl_help', 'fileconverter_onlyoffice'), '')); + + // Token Secret JWT + $settings->add(new admin_setting_configtext('fileconverter_onlyoffice/documentserversecret', + get_string('documentserversecret', 'fileconverter_onlyoffice'), + get_string('documentserversecret_desc', 'fileconverter_onlyoffice'), + '')); // Specify the URL at which the OO document server can reach the Moodle wwwroot. // Usually it is identical to the wwwroot, but it may vary in certain configurations (e. g., containerised setup with Docker). From a97c31154a4883104eb4e68b9122c04108feaf59 Mon Sep 17 00:00:00 2001 From: Aymen Date: Fri, 26 Mar 2021 15:14:43 +0100 Subject: [PATCH 2/2] fix codechecker --- classes/documentserver_client.php | 8 ++++---- settings.php | 1 - 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/classes/documentserver_client.php b/classes/documentserver_client.php index afa0014..cd85d14 100644 --- a/classes/documentserver_client.php +++ b/classes/documentserver_client.php @@ -67,16 +67,16 @@ public function request_conversion($params) { $endpoint = $this->documentserverhost . '/ConvertService.ashx'; if ($this->documentserversecret ) { $payload = ["payload" => $params]; - $headerToken = JWT::encode($payload, $this->documentserversecret); + $headertoken = JWT::encode($payload, $this->documentserversecret); $token = JWT::encode($params, $this->documentserversecret); $params['token'] = $token; } $callargs = json_encode($params); $this->curl->setHeader('Content-type: application/json'); $this->curl->setHeader('Accept: application/json'); - if ($this->documentserversecret ) { - $this->curl->setHeader('Authorization: ' . $headerToken); - } + if ($this->documentserversecret) { + $this->curl->setHeader('Authorization: ' . $headertoken); + } $response = $this->curl->post($endpoint, $callargs); if ($this->curl->errno != 0) { diff --git a/settings.php b/settings.php index 413d691..8982543 100644 --- a/settings.php +++ b/settings.php @@ -34,7 +34,6 @@ get_string('settings:internaloodsurl', 'fileconverter_onlyoffice'), get_string('settings:internaloodsurl_help', 'fileconverter_onlyoffice'), '')); - // Token Secret JWT $settings->add(new admin_setting_configtext('fileconverter_onlyoffice/documentserversecret', get_string('documentserversecret', 'fileconverter_onlyoffice'),