Merge pull request #303 from ONLYOFFICE/develop

Release/v1.3.0

CHANGELOG.md

@@ -0,0 +1,29 @@
+# Change Log
+
+## 1.3.0
+- update empty files
+- anonymous without chat
+- changed jwt implementation in csharp, csharp-mvc, php, ruby
+
+## 1.2.0
+- ruby v3.0
+- set filetype in setHistoryData
+- read filetype from input request
+- creating file on WOPI
+- upload on WOPI page
+- fix xss
+- set userInfoGroups
+- check JWT on downloading history
+- upload dialog on mobile
+- anonymous without id
+- renaming from editor
+- new skin languages
+- ignore certificate
+
+## 1.1.0
+- creating docxf
+- opening docxf, oform
+
+
+## 1.0.0
+- added java spring

web/documentserver-example/csharp-mvc/3rd-Party.license

@@ -24,11 +24,15 @@ jQuery.UI     - jQuery UI is an open source library of interface components —
 License:        MIT
 License File:   jQuery.UI.license
 
+JWT           - JWT (JSON Web Token) Implementation for .NET (Public Domain) (https://github.com/jwt-dotnet/jwt/)
+License:        MIT
+License File:   JWT.license
+
 Microsoft.Web.Infrastructure - This package contains the Microsoft.Web.Infrastructure assembly that lets you dynamically register HTTP modules at run time. (https://www.microsoft.com/web/webpi/eula/aspnetmvc3update-eula.htm)
 License:        MS-EULA License
 License File:   Microsoft.Web.Infrastructure.license
 
-Newtonsoft.Json - Json.NET is a popular high-performance JSON framework for .NET (https://licenses.nuget.org/MIT)
+Newtonsoft.Json - Json.NET is a popular high-performance JSON framework for .NET (https://github.com/JamesNK/Newtonsoft.Json)
 License:        MIT
 License File:   Newtonsoft.Json.license
 

web/documentserver-example/csharp-mvc/Helpers/DocManagerHelper.cs

@@ -242,7 +242,8 @@ public static string GetFileUri(string fileName, Boolean forDocumentServer)
         {
             var uri = new UriBuilder(GetServerUrl(forDocumentServer))
                 {
-                    Path = HttpRuntime.AppDomainAppVirtualPath + "/"
+                    Path = HttpRuntime.AppDomainAppVirtualPath
+                           + (HttpRuntime.AppDomainAppVirtualPath.EndsWith("/") ? "" : "/")
                            + CurUserHostAddress() + "/"
                            + fileName,
                     Query = ""
@@ -292,7 +293,7 @@ public static string GetCallback(string fileName)
                     + "webeditor.ashx",
                 Query = "type=track"
                         + "&fileName=" + HttpUtility.UrlEncode(fileName)
-                        + "&userAddress=" + HttpUtility.UrlEncode(HttpContext.Current.Request.UserHostAddress)
+                        + "&userAddress=" + HttpUtility.UrlEncode(CurUserHostAddress(HttpContext.Current.Request.UserHostAddress))
             };
             return callbackUrl.ToString();
         }
@@ -322,7 +323,7 @@ public static string GetHistoryDownloadUrl(string filename, string version, stri
                     + "webeditor.ashx",
                 Query = "type=downloadhistory"
                         + "&fileName=" + HttpUtility.UrlEncode(filename)
-                        + "&userAddress=" + HttpUtility.UrlEncode(HttpContext.Current.Request.UserHostAddress)
+                        + "&userAddress=" + HttpUtility.UrlEncode(CurUserHostAddress(HttpContext.Current.Request.UserHostAddress))
                         + "&ver=" + version
                         + "&file="+ file
             };
@@ -340,7 +341,7 @@ public static string GetDownloadUrl(string fileName)
                     + "webeditor.ashx",
                 Query = "type=download"
                         + "&fileName=" + HttpUtility.UrlEncode(fileName)
-                        + "&userAddress=" + HttpUtility.UrlEncode(HttpContext.Current.Request.UserHostAddress)
+                        + "&userAddress=" + HttpUtility.UrlEncode(CurUserHostAddress(HttpContext.Current.Request.UserHostAddress))
             };
             return downloadUrl.ToString();
         }

web/documentserver-example/csharp-mvc/Helpers/JwtManager.cs

@@ -16,12 +16,12 @@
  *
  */
 
-using System;
+using JWT;
+using JWT.Algorithms;
+using JWT.Builder;
+using JWT.Serializers;
 using System.Collections.Generic;
-using System.Security.Cryptography;
-using System.Text;
 using System.Web.Configuration;
-using System.Web.Script.Serialization;
 
 namespace OnlineEditorsExampleMVC.Helpers
 {
@@ -30,84 +30,31 @@ public static class JwtManager
         private static readonly string Secret;
         public static readonly bool Enabled;
 
-        private static readonly JavaScriptSerializer Serializer;
-
         static JwtManager()
         {
             Secret = WebConfigurationManager.AppSettings["files.docservice.secret"] ?? "";  // get token secret from the config parameters
             Enabled = !string.IsNullOrEmpty(Secret);  // check if the token is enabled
-            Serializer = new JavaScriptSerializer();  // define java script serializer
         }
 
         // encode a payload object into a token using a secret key
         public static string Encode(IDictionary<string, object> payload)
         {
-            // define the hashing algorithm and the token type
-            var header = new Dictionary<string, object>
-                {
-                    { "alg", "HS256" },
-                    { "typ", "JWT" }
-                };
-
-            // three parts of token
-            var encHeader = Base64UrlEncode(Serializer.Serialize(header));  // header
-            var encPayload = Base64UrlEncode(Serializer.Serialize(payload));  // payload
-            var hashSum = Base64UrlEncode(CalculateHash(encHeader, encPayload));  // signature
-
-            return string.Format("{0}.{1}.{2}", encHeader, encPayload, hashSum);
+            var encoder = new JwtEncoder(new HMACSHA256Algorithm(),
+                                         new JsonNetSerializer(),
+                                         new JwtBase64UrlEncoder());
+            return encoder.Encode(payload, Secret);
         }
 
         // decode a token into a payload object using a secret key
         public static string Decode(string token)
         {
             if (!Enabled || string.IsNullOrEmpty(token)) return "";
 
-            var split = token.Split('.');
-            if (split.Length != 3) return "";
-
-            var hashSum = Base64UrlEncode(CalculateHash(split[0], split[1]));  // get signature
-            if (hashSum != split[2]) return "";  // and check if it is equal to the signature from the token
-            return Base64UrlDecode(split[1]);  // decode payload
-        }
-
-        // generate a hash code based on a key using the HMAC method
-        private static byte[] CalculateHash(string encHeader, string encPayload)
-        {
-            using (var hasher = new HMACSHA256(Encoding.UTF8.GetBytes(Secret)))
-            {
-                var bytes = Encoding.UTF8.GetBytes(string.Format("{0}.{1}", encHeader, encPayload));
-                return hasher.ComputeHash(bytes);
-            }
-        }
-
-        // encode a string into the base64 value
-        private static string Base64UrlEncode(string str)
-        {
-            return Base64UrlEncode(Encoding.UTF8.GetBytes(str));
-        }
-
-        // encode bytes into the base64 value
-        private static string Base64UrlEncode(byte[] bytes)
-        {
-            return Convert.ToBase64String(bytes)
-                          .TrimEnd('=').Replace('+', '-').Replace('/', '_');
-        }
-
-        // decode a base64 value into the string
-        private static string Base64UrlDecode(string payload)
-        {
-            var b64 = payload.Replace('_', '/').Replace('-', '+');
-            switch (b64.Length%4)
-            {
-                case 2:
-                    b64 += "==";
-                    break;
-                case 3:
-                    b64 += "=";
-                    break;
-            }
-            var bytes = Convert.FromBase64String(b64);
-            return Encoding.UTF8.GetString(bytes);
+            return JwtBuilder.Create()
+                    .WithAlgorithm(new HMACSHA256Algorithm())
+                    .WithSecret(Secret)
+                    .MustVerifySignature()
+                    .Decode(token);
         }
     }
 }

web/documentserver-example/csharp-mvc/Helpers/Users.cs

@@ -67,7 +67,8 @@ public class Users
             "Can't mention others in comments",
             "Can't create new files from the editor",
             "Can’t see anyone’s information",
-            "Can't rename files from the editor"
+            "Can't rename files from the editor",
+            "Can't view chat",
         };
 
         private static List<User> users = new List<User>() {

web/documentserver-example/csharp-mvc/Models/FileModel.cs

@@ -148,6 +148,7 @@ public string GetDocConfig(HttpRequest request, UrlHelper url)
                                             { "modifyFilter", editorsMode != "filter" },
                                             { "modifyContentControl", editorsMode != "blockcontent" },
                                             { "review", canEdit && (editorsMode == "edit" || editorsMode == "review") },
+                                            { "chat", !user.id.Equals("uid-0") },
                                             { "reviewGroups", user.reviewGroups },
                                             { "commentGroups", user.commentGroups },
                                             { "userInfoGroups", user.userInfoGroups }
@@ -195,7 +196,7 @@ public string GetDocConfig(HttpRequest request, UrlHelper url)
                                             {
                                                 "goback", new Dictionary<string, object>  // settings for the Open file location menu button and upper right corner button
                                                     {
-                                                        { "url", url.Action("Index", "Home") }  // the absolute URL to the website address which will be opened when clicking the Open file location menu button
+                                                        { "url", DocManagerHelper.GetServerUrl(false) }  // the absolute URL to the website address which will be opened when clicking the Open file location menu button
                                                     }
                                             }
                                         }

web/documentserver-example/csharp-mvc/OnlineEditorsExampleMVC.csproj

@@ -43,6 +43,9 @@
     <WarningLevel>4</WarningLevel>
   </PropertyGroup>
   <ItemGroup>
+    <Reference Include="JWT, Version=9.0.0.0, Culture=neutral, PublicKeyToken=6f98bca0f40f2ecf, processorArchitecture=MSIL">
+      <HintPath>packages\JWT.9.0.3\lib\net46\JWT.dll</HintPath>
+    </Reference>
     <Reference Include="Microsoft.CSharp" />
     <Reference Include="System" />
     <Reference Include="System.ComponentModel.DataAnnotations" />

web/documentserver-example/csharp-mvc/Views/Home/Editor.aspx

@@ -166,6 +166,7 @@
             var data = {
                 newfilename: newfilename,
                 dockey: config.document.key,
+                ext: config.document.fileType
             };
 
             let xhr = new XMLHttpRequest();

web/documentserver-example/csharp-mvc/Views/Home/Index.aspx

@@ -163,7 +163,7 @@
                                                             var isFillFormDoc = DocManagerHelper.FillFormExts.Contains(ext);
                                                         %>
 
-                                                            <tr class="tableRow" title="<%= storedFile.Name %> [<%= DocManagerHelper.GetFileVersion(storedFile.Name, HttpContext.Current.Request.UserHostAddress) %>]">
+                                                            <tr class="tableRow" title="<%= storedFile.Name %> [<%= DocManagerHelper.GetFileVersion(storedFile.Name, HttpContext.Current.Request.UserHostAddress.Replace(':', '_')) %>]">
                                                                 <td class="contentCells">
                                                                     <a class="stored-edit <%= docType %>" href="<%= Url.Action("Editor", "Home", new { fileName = storedFile.Name }) %>" target="_blank">
                                                                         <span><%= storedFile.Name %></span>

web/documentserver-example/csharp-mvc/WebEditor.ashx.cs

@@ -575,7 +575,15 @@ private static void Rename(HttpContext context)
             var jss = new JavaScriptSerializer();
             var body = jss.Deserialize<Dictionary<string, object>>(fileData);
             var newFileName = (string) body["newfilename"];
-            var docKey = (string) body["dockey"]; 
+            var docKey = (string) body["dockey"];
+
+            var origExt = '.' + (string) body["ext"];
+            var curExt = Path.GetExtension(newFileName).ToLower();
+
+            if (string.Compare(origExt, curExt, true) != 0)
+            {
+                newFileName += origExt;
+            }
             var meta =  new Dictionary<string, object>() {
                 { "title", newFileName }
             };

web/documentserver-example/csharp-mvc/licenses/3rd-Party.license

@@ -24,11 +24,15 @@ jQuery.UI     - jQuery UI is an open source library of interface components —
 License:        MIT
 License File:   jQuery.UI.license
 
+JWT           - JWT (JSON Web Token) Implementation for .NET (Public Domain) (https://github.com/jwt-dotnet/jwt/)
+License:        MIT
+License File:   JWT.license
+
 Microsoft.Web.Infrastructure - This package contains the Microsoft.Web.Infrastructure assembly that lets you dynamically register HTTP modules at run time. (https://www.microsoft.com/web/webpi/eula/aspnetmvc3update-eula.htm)
 License:        MS-EULA License
 License File:   Microsoft.Web.Infrastructure.license
 
-Newtonsoft.Json - Json.NET is a popular high-performance JSON framework for .NET (https://licenses.nuget.org/MIT)
+Newtonsoft.Json - Json.NET is a popular high-performance JSON framework for .NET (https://github.com/JamesNK/Newtonsoft.Json)
 License:        MIT
 License File:   Newtonsoft.Json.license
 

web/documentserver-example/csharp-mvc/licenses/JWT.license

@@ -0,0 +1,21 @@
+# Public Domain
+
+Written by John Sheehan (http://john-sheehan.com)
+
+This work is public domain.
+
+The person who associated a work with this deed has dedicated the work to the public domain by waiving all of his or her rights to the work worldwide under copyright law, including all related and neighboring rights, to the extent allowed by law.
+
+For more information, please visit: http://creativecommons.org/publicdomain/zero/1.0/
+
+# MIT
+
+Copyright (c) 2019 Jwt.Net Maintainers and Contributors.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+For more information, please visit: https://opensource.org/licenses/MIT

web/documentserver-example/csharp-mvc/packages.config

@@ -2,6 +2,7 @@
 <packages>
   <package id="Antlr" version="3.5.0.2" targetFramework="net45" />
   <package id="EntityFramework" version="6.4.4" targetFramework="net45" />
+  <package id="JWT" version="9.0.3" targetFramework="net48" />
   <package id="Microsoft.AspNet.Mvc" version="5.2.7" targetFramework="net45" />
   <package id="Microsoft.AspNet.Razor" version="3.2.7" targetFramework="net45" />
   <package id="Microsoft.AspNet.Web.Optimization" version="1.1.3" targetFramework="net45" />
@@ -11,6 +12,6 @@
   <package id="Microsoft.AspNet.WebPages" version="3.2.7" targetFramework="net45" />
   <package id="Microsoft.CSharp" version="4.7.0" targetFramework="net45" />
   <package id="Microsoft.Web.Infrastructure" version="1.0.0.0" targetFramework="net45" />
-  <package id="Newtonsoft.Json" version="12.0.3" targetFramework="net45" />
+  <package id="Newtonsoft.Json" version="13.0.1" targetFramework="net45" />
   <package id="WebGrease" version="1.6.0" targetFramework="net45" />
 </packages>

web/documentserver-example/csharp-mvc/web.appsettings.config

@@ -1,7 +1,7 @@
 <?xml version="1.0"?>
 <appSettings>
   <clear />
-  <add key="version" value="1.2.0"/>
+  <add key="version" value="1.3.0"/>
 
   <add key="filesize-max" value="52428800"/>
   <add key="storage-path" value=""/>

web/documentserver-example/csharp/3rd-Party.license

@@ -19,3 +19,11 @@ License File:   jQuery.iframe-transport.license
 jQuery.UI     - jQuery UI is an open source library of interface components — interactions, full-featured widgets, and animation effects — based on the stellar jQuery javascript library . Each component is built according to jQuery's event-driven architecture (find something, manipulate it) and is themeable, making it easy for developers of any skill level to integrate and extend into their own code. (https://jquery.org/license/)
 License:        MIT
 License File:   jQuery.UI.license
+
+JWT           - JWT (JSON Web Token) Implementation for .NET (Public Domain) (https://github.com/jwt-dotnet/jwt/)
+License:        MIT
+License File:   JWT.license
+
+Newtonsoft.Json - Json.NET is a popular high-performance JSON framework for .NET (https://github.com/JamesNK/Newtonsoft.Json)
+License:        MIT
+License File:   Newtonsoft.Json.license

web/documentserver-example/csharp/Default.aspx

@@ -165,7 +165,7 @@
                                                         var isFillFormDoc = FillFormsExts.Contains(ext);
                                                         %>
 
-                                                        <tr class="tableRow" title="<%= storedFile.Name %> [<%= GetFileVersion(storedFile.Name, HttpContext.Current.Request.UserHostAddress) %>]">
+                                                        <tr class="tableRow" title="<%= storedFile.Name %> [<%= GetFileVersion(storedFile.Name, HttpContext.Current.Request.UserHostAddress.Replace(':','_')) %>]">
                                                             <td class="contentCells">
                                                                 <a class="stored-edit <%= docType %>" href="<%= editUrl %>" target="_blank">
                                                                     <span><%= storedFile.Name %></span>

web/documentserver-example/csharp/Default.aspx.cs

@@ -485,7 +485,7 @@ public static string DoConvert(HttpContext context)
                     + (HttpRuntime.AppDomainAppVirtualPath.EndsWith("/") ? "" : "/")
                     + "webeditor.ashx";
                 fileUrl.Query = "type=download&fileName=" + HttpUtility.UrlEncode(_fileName)
-                + "&userAddress=" + HttpUtility.UrlEncode(HttpContext.Current.Request.UserHostAddress);
+                + "&userAddress=" + HttpUtility.UrlEncode(CurUserHostAddress(HttpContext.Current.Request.UserHostAddress));
 
                 // get the url to the converted file
                 string newFileUri;

web/documentserver-example/csharp/DocEditor.aspx

@@ -178,6 +178,7 @@
             var data = {
                 newfilename: newfilename,
                 dockey: config.document.key,
+                ext: config.document.fileType
             };
 
             let xhr = new XMLHttpRequest();