MOBILE-3213 core: Don't use tokenpluginfile for customcert

2019-12-11 15:24:41 +01:00 · 2019-12-11 15:24:41 +01:00 · 4c09231e14
commit 4c09231e14
parent cb4c666cb7
2 changed files with 23 additions and 11 deletions
--- a/src/classes/site.ts
+++ b/src/classes/site.ts
@ -1923,8 +1923,8 @@ export class CoreSite {
     * @return Promise resolved with boolean: whether it works or not.
     */
    checkTokenPluginFile(url: string): Promise<boolean> {
-        if (!this.infos || !this.infos.userprivateaccesskey) {
-            // No access key, cannot use tokenpluginfile.
+        if (!this.urlUtils.canUseTokenPluginFile(url, this.siteUrl, this.infos && this.infos.userprivateaccesskey)) {
+            // Cannot use tokenpluginfile.
            return Promise.resolve(false);
        } else if (typeof this.tokenPluginFileWorks != 'undefined') {
            // Already checked.
@ -1935,9 +1935,6 @@ export class CoreSite {
        } else if (!this.appProvider.isOnline()) {
            // Not online, cannot check it. Assume it's working, but don't save the result.
            return Promise.resolve(true);
-        } else if (!this.urlUtils.isPluginFileUrl(url)) {
-            // Not a pluginfile URL, ignore it.
-            return Promise.resolve(false);
        }

        url = this.fixPluginfileURL(url);
--- a/src/providers/utils/url.ts
+++ b/src/providers/utils/url.ts
@ -89,6 +89,22 @@ export class CoreUrlUtilsProvider {
        return '<a href="' + url + '">' + text + '</a>';
    }

+    /**
+     * Check whether we can use tokenpluginfile.php endpoint for a certain URL.
+     *
+     * @param url URL to check.
+     * @param siteUrl The URL of the site the URL belongs to.
+     * @param accessKey User access key for tokenpluginfile.
+     * @return Whether tokenpluginfile.php can be used.
+     */
+    canUseTokenPluginFile(url: string, siteUrl: string, accessKey?: string): boolean {
+        // Do not use tokenpluginfile if site doesn't use slash params, the URL doesn't work.
+        // Also, only use it for "core" pluginfile endpoints. Some plugins can implement their own endpoint (like customcert).
+        return accessKey && !url.match(/[\&?]file=/) && (
+                url.indexOf(this.textUtils.concatenatePaths(siteUrl, 'pluginfile.php')) === 0 ||
+                url.indexOf(this.textUtils.concatenatePaths(siteUrl, 'webservice/pluginfile.php')) === 0);
+    }
+
    /**
     * Extracts the parameters from a URL and stores them in an object.
     *
@ -151,8 +167,10 @@ export class CoreUrlUtilsProvider {

        url = url.replace(/&amp;/g, '&');

+        const canUseTokenPluginFile = accessKey && this.canUseTokenPluginFile(url, siteUrl, accessKey);
+
        // First check if we need to fix this url or is already fixed.
-        if (!accessKey && url.indexOf('token=') != -1) {
+        if (!canUseTokenPluginFile && url.indexOf('token=') != -1) {
            return url;
        }

@ -161,11 +179,8 @@ export class CoreUrlUtilsProvider {
            return url;
        }

-        const hasSlashParams = !url.match(/[\&?]file=/);
-
-        if (accessKey && hasSlashParams) {
-            // We have the user access key, use tokenpluginfile.php.
-            // Do not use it without slash params, the URL doesn't work.
+        if (canUseTokenPluginFile) {
+            // Use tokenpluginfile.php.
            url = url.replace(/(\/webservice)?\/pluginfile\.php/, '/tokenpluginfile.php/' + accessKey);

            return url;