[Libreoffice-commits] online.git: Branch 'distro/collabora/collabora-online-cd-3-2' - kit/Kit.cpp wsd/DocumentBroker.cpp wsd/LOOLWSD.cpp wsd/LOOLWSD.hpp wsd/Storage.cpp wsd/Storage.hpp

Ashod Nakashian ashod.nakashian at collabora.co.uk
Thu Jul 12 15:19:31 UTC 2018


 kit/Kit.cpp            |    9 ++++++---
 wsd/DocumentBroker.cpp |   17 ++++++++++-------
 wsd/LOOLWSD.cpp        |    7 +++++--
 wsd/LOOLWSD.hpp        |    9 +++++++--
 wsd/Storage.cpp        |   10 ++++++++--
 wsd/Storage.hpp        |   16 ++++++++++------
 6 files changed, 46 insertions(+), 22 deletions(-)

New commits:
commit a5e3878767c84cf179d9af3a53f988d828747677
Author: Ashod Nakashian <ashod.nakashian at collabora.co.uk>
Date:   Sun Jul 8 22:50:09 2018 -0400

    wsd: use obfascated user id when provided by WOPI
    
    Change-Id: I69a17dff0e5e6b27e4538d9fe9019e4d1eebb16f
    Reviewed-on: https://gerrit.libreoffice.org/57171
    Reviewed-by: Jan Holesovsky <kendy at collabora.com>
    Tested-by: Jan Holesovsky <kendy at collabora.com>

diff --git a/kit/Kit.cpp b/kit/Kit.cpp
index 24be99808..9b5ef8f48 100644
--- a/kit/Kit.cpp
+++ b/kit/Kit.cpp
@@ -109,6 +109,7 @@ static LokHookFunction2* initFunction = nullptr;
 #ifndef BUILDING_TESTS
 static bool AnonymizeFilenames = false;
 static bool AnonymizeUsernames = false;
+static std::string ObfuscatedUserId;
 #endif
 
 #if ENABLE_DEBUG
@@ -2239,6 +2240,8 @@ void lokit_main(const std::string& childRoot,
                         const std::string& sessionId = tokens[1];
                         const std::string& docKey = tokens[2];
                         const std::string& docId = tokens[3];
+                        if (tokens.size() > 4)
+                            ObfuscatedUserId = tokens[4];
 
                         std::string url;
                         URI::decode(docKey, url);
@@ -2425,10 +2428,10 @@ std::string anonymizeUrl(const std::string& url)
 std::string anonymizeUsername(const std::string& username)
 {
 #ifndef BUILDING_TESTS
-    return AnonymizeUsernames ? Util::anonymize(username) : username;
-#else
-    return username;
+    if (AnonymizeUsernames)
+        return !ObfuscatedUserId.empty() ? ObfuscatedUserId : Util::anonymize(username);
 #endif
+    return username;
 }
 
 #if !defined(BUILDING_TESTS) && !defined(KIT_IN_PROCESS)
diff --git a/wsd/DocumentBroker.cpp b/wsd/DocumentBroker.cpp
index 60e480294..6ad82d6b3 100644
--- a/wsd/DocumentBroker.cpp
+++ b/wsd/DocumentBroker.cpp
@@ -457,7 +457,7 @@ bool DocumentBroker::load(const std::shared_ptr<ClientSession>& session, const s
     assert(_storage != nullptr);
 
     // Call the storage specific fileinfo functions
-    std::string userid, username;
+    std::string userId, username;
     std::string userExtraInfo;
     std::string watermarkText;
     std::chrono::duration<double> getInfoCallDuration(0);
@@ -465,7 +465,8 @@ bool DocumentBroker::load(const std::shared_ptr<ClientSession>& session, const s
     if (wopiStorage != nullptr)
     {
         std::unique_ptr<WopiStorage::WOPIFileInfo> wopifileinfo = wopiStorage->getWOPIFileInfo(session->getAuthorization());
-        userid = wopifileinfo->_userid;
+        userId = wopifileinfo->_userId;
+        LOOLWSD::ObfuscatedUserId = wopifileinfo->_obfuscatedUserId;
         username = wopifileinfo->_username;
         userExtraInfo = wopifileinfo->_userExtraInfo;
         watermarkText = wopifileinfo->_watermarkText;
@@ -516,7 +517,7 @@ bool DocumentBroker::load(const std::shared_ptr<ClientSession>& session, const s
         session->sendMessage("wopi: " + ossWopiInfo.str());
 
         // Mark the session as 'Document owner' if WOPI hosts supports it
-        if (userid == _storage->getFileInfo()._ownerId)
+        if (userId == _storage->getFileInfo()._ownerId)
         {
             LOG_DBG("Session [" << sessionId << "] is the document owner");
             session->setDocumentOwner(true);
@@ -533,7 +534,7 @@ bool DocumentBroker::load(const std::shared_ptr<ClientSession>& session, const s
         if (localStorage != nullptr)
         {
             std::unique_ptr<LocalStorage::LocalFileInfo> localfileinfo = localStorage->getLocalFileInfo();
-            userid = localfileinfo->_userid;
+            userId = localfileinfo->_userId;
             username = localfileinfo->_username;
 
             if (LOOLWSD::IsViewFileExtension(localStorage->getFileExtension()))
@@ -544,14 +545,16 @@ bool DocumentBroker::load(const std::shared_ptr<ClientSession>& session, const s
         }
     }
 
+
 #if ENABLE_SUPPORT_KEY
     if (!LOOLWSD::OverrideWatermark.empty())
         watermarkText = LOOLWSD::OverrideWatermark;
 #endif
 
     LOG_DBG("Setting username [" << LOOLWSD::anonymizeUsername(username) << "] and userId [" <<
-            LOOLWSD::anonymizeUsername(userid) << "] for session [" << sessionId << "]");
-    session->setUserId(userid);
+            LOOLWSD::anonymizeUsername(userId) << "] for session [" << sessionId << "]");
+
+    session->setUserId(userId);
     session->setUserName(username);
     session->setUserExtraInfo(userExtraInfo);
     session->setWatermarkText(watermarkText);
@@ -1047,7 +1050,7 @@ size_t DocumentBroker::addSessionInternal(const std::shared_ptr<ClientSession>&
     const auto id = session->getId();
 
     // Request a new session from the child kit.
-    const std::string aMessage = "session " + id + ' ' + _docKey + ' ' + _docId;
+    const std::string aMessage = "session " + id + ' ' + _docKey + ' ' + _docId + ' ' + LOOLWSD::ObfuscatedUserId;
     _childProcess->sendTextFrame(aMessage);
 
     // Tell the admin console about this new doc
diff --git a/wsd/LOOLWSD.cpp b/wsd/LOOLWSD.cpp
index 6bfaa9305..e05134068 100644
--- a/wsd/LOOLWSD.cpp
+++ b/wsd/LOOLWSD.cpp
@@ -589,6 +589,7 @@ std::string LOOLWSD::ConfigDir = LOOLWSD_CONFIGDIR "/conf.d";
 std::string LOOLWSD::LogLevel = "trace";
 bool LOOLWSD::AnonymizeFilenames = false;
 bool LOOLWSD::AnonymizeUsernames = false;
+std::string LOOLWSD::ObfuscatedUserId;
 Util::RuntimeConstant<bool> LOOLWSD::SSLEnabled;
 Util::RuntimeConstant<bool> LOOLWSD::SSLTermination;
 std::set<std::string> LOOLWSD::EditFileExtensions;
@@ -767,14 +768,16 @@ void LOOLWSD::initialize(Application& self)
 #else
     AnonymizeUsernames = getConfigValue<bool>(conf, "logging.anonymize.usernames", false);
 #endif
-    setenv("LOOL_ANONYMIZE_USERNAMES", AnonymizeUsernames ? "1" : "0", true);
+    if (AnonymizeUsernames)
+        setenv("LOOL_ANONYMIZE_USERNAMES", AnonymizeUsernames ? "1" : "0", true);
 
 #if LOOLWSD_ANONYMIZE_FILENAMES
     AnonymizeFilenames = true;
 #else
     AnonymizeFilenames = getConfigValue<bool>(conf, "logging.anonymize.filenames", false);
 #endif
-    setenv("LOOL_ANONYMIZE_FILENAMES", AnonymizeFilenames ? "1" : "0", true);
+    if (AnonymizeFilenames)
+        setenv("LOOL_ANONYMIZE_FILENAMES", AnonymizeFilenames ? "1" : "0", true);
 
     if (AnonymizeFilenames || AnonymizeUsernames)
     {
diff --git a/wsd/LOOLWSD.hpp b/wsd/LOOLWSD.hpp
index 85dd87a10..d3c026375 100644
--- a/wsd/LOOLWSD.hpp
+++ b/wsd/LOOLWSD.hpp
@@ -61,6 +61,7 @@ public:
     static std::string LogLevel;
     static bool AnonymizeFilenames;
     static bool AnonymizeUsernames;
+    static std::string ObfuscatedUserId;
     static std::atomic<unsigned> NumConnections;
     static bool TileCachePersistent;
     static std::unique_ptr<TraceFileWriter> TraceDumper;
@@ -150,10 +151,14 @@ public:
         return AnonymizeFilenames ? Util::anonymizeUrl(url) : url;
     }
 
-    /// Anonymize usernames.
+    /// Anonymize user names and IDs.
+    /// Will use the Obfuscated User ID if one is provied via WOPI.
     static std::string anonymizeUsername(const std::string& username)
     {
-        return AnonymizeUsernames ? Util::anonymize(username) : username;
+        if (AnonymizeUsernames)
+            return !ObfuscatedUserId.empty() ? ObfuscatedUserId : Util::anonymize(username);
+
+        return username;
     }
 
 protected:
diff --git a/wsd/Storage.cpp b/wsd/Storage.cpp
index b07c0d910..1b8c2fa7b 100644
--- a/wsd/Storage.cpp
+++ b/wsd/Storage.cpp
@@ -443,6 +443,7 @@ std::unique_ptr<WopiStorage::WOPIFileInfo> WopiStorage::getWOPIFileInfo(const Au
     std::string ownerId;
     std::string userId;
     std::string userName;
+    std::string obfuscatedUserId;
     std::string userExtraInfo;
     std::string watermarkText;
     bool canWrite = false;
@@ -469,12 +470,15 @@ std::unique_ptr<WopiStorage::WOPIFileInfo> WopiStorage::getWOPIFileInfo(const Au
         // Anonymize key values.
         if (LOOLWSD::AnonymizeFilenames || LOOLWSD::AnonymizeUsernames)
         {
+            JsonUtil::findJSONValue(object, "ObfuscatedUserId", obfuscatedUserId, false);
+
             // Set anonymized version of the above fields before logging.
             // Note: anonymization caches the result, so we don't need to store here.
             if (LOOLWSD::AnonymizeFilenames)
                 object->set("BaseFileName", LOOLWSD::anonymizeUrl(filename));
 
-            if (LOOLWSD::AnonymizeUsernames)
+            // If obfuscatedUserId is provided, then don't log the originals and use it.
+            if (LOOLWSD::AnonymizeUsernames && obfuscatedUserId.empty())
             {
                 object->set("OwnerId", LOOLWSD::anonymizeUsername(ownerId));
                 object->set("UserId", LOOLWSD::anonymizeUsername(userId));
@@ -486,6 +490,8 @@ std::unique_ptr<WopiStorage::WOPIFileInfo> WopiStorage::getWOPIFileInfo(const Au
             wopiResponse = oss.str();
 
             // Remove them for performance reasons; they aren't needed anymore.
+            object->remove("ObfuscatedUserId");
+
             if (LOOLWSD::AnonymizeFilenames)
                 object->remove("BaseFileName");
 
@@ -529,7 +535,7 @@ std::unique_ptr<WopiStorage::WOPIFileInfo> WopiStorage::getWOPIFileInfo(const Au
     const Poco::Timestamp modifiedTime = iso8601ToTimestamp(lastModifiedTime, "LastModifiedTime");
     _fileInfo = FileInfo({filename, ownerId, modifiedTime, size});
 
-    return std::unique_ptr<WopiStorage::WOPIFileInfo>(new WOPIFileInfo({userId, userName, userExtraInfo, watermarkText, canWrite, postMessageOrigin, hidePrintOption, hideSaveOption, hideExportOption, enableOwnerTermination, disablePrint, disableExport, disableCopy, disableInactiveMessages, userCanNotWriteRelative, callDuration}));
+    return std::unique_ptr<WopiStorage::WOPIFileInfo>(new WOPIFileInfo({userId, obfuscatedUserId, userName, userExtraInfo, watermarkText, canWrite, postMessageOrigin, hidePrintOption, hideSaveOption, hideExportOption, enableOwnerTermination, disablePrint, disableExport, disableCopy, disableInactiveMessages, userCanNotWriteRelative, callDuration}));
 }
 
 /// uri format: http://server/<...>/wopi*/files/<id>/content
diff --git a/wsd/Storage.hpp b/wsd/Storage.hpp
index e939478cf..e2d830015 100644
--- a/wsd/Storage.hpp
+++ b/wsd/Storage.hpp
@@ -218,14 +218,14 @@ public:
     class LocalFileInfo
     {
     public:
-        LocalFileInfo(const std::string& userid,
+        LocalFileInfo(const std::string& userId,
                       const std::string& username)
-            : _userid(userid),
+            : _userId(userId),
               _username(username)
         {
         }
 
-        std::string _userid;
+        std::string _userId;
         std::string _username;
     };
 
@@ -261,7 +261,8 @@ public:
     class WOPIFileInfo
     {
     public:
-        WOPIFileInfo(const std::string& userid,
+        WOPIFileInfo(const std::string& userId,
+                     const std::string& obfuscatedUserId,
                      const std::string& username,
                      const std::string& userExtraInfo,
                      const std::string& watermarkText,
@@ -277,7 +278,8 @@ public:
                      const bool disableInactiveMessages,
                      const bool userCanNotWriteRelative,
                      const std::chrono::duration<double> callDuration)
-            : _userid(userid),
+            : _userId(userId),
+              _obfuscatedUserId(obfuscatedUserId),
               _username(username),
               _watermarkText(watermarkText),
               _userCanWrite(userCanWrite),
@@ -297,7 +299,9 @@ public:
             }
 
         /// User id of the user accessing the file
-        std::string _userid;
+        std::string _userId;
+        /// Obfuscated User id used for logging the UserId.
+        std::string _obfuscatedUserId;
         /// Display Name of user accessing the file
         std::string _username;
         /// Extra info per user, typically mail and other links, as json.


More information about the Libreoffice-commits mailing list