From 4c09231e14663376de197f774f0d92123299cab9 Mon Sep 17 00:00:00 2001
From: Dani Palou <dani@moodle.com>
Date: Wed, 11 Dec 2019 15:24:41 +0100
Subject: [PATCH] MOBILE-3213 core: Don't use tokenpluginfile for customcert

---
 src/classes/site.ts        |  7 ++-----
 src/providers/utils/url.ts | 27 +++++++++++++++++++++------
 2 files changed, 23 insertions(+), 11 deletions(-)

diff --git a/src/classes/site.ts b/src/classes/site.ts
index 5d738185b..11312b0d1 100644
--- a/src/classes/site.ts
+++ b/src/classes/site.ts
@@ -1923,8 +1923,8 @@ export class CoreSite {
      * @return Promise resolved with boolean: whether it works or not.
      */
     checkTokenPluginFile(url: string): Promise<boolean> {
-        if (!this.infos || !this.infos.userprivateaccesskey) {
-            // No access key, cannot use tokenpluginfile.
+        if (!this.urlUtils.canUseTokenPluginFile(url, this.siteUrl, this.infos && this.infos.userprivateaccesskey)) {
+            // Cannot use tokenpluginfile.
             return Promise.resolve(false);
         } else if (typeof this.tokenPluginFileWorks != 'undefined') {
             // Already checked.
@@ -1935,9 +1935,6 @@ export class CoreSite {
         } else if (!this.appProvider.isOnline()) {
             // Not online, cannot check it. Assume it's working, but don't save the result.
             return Promise.resolve(true);
-        } else if (!this.urlUtils.isPluginFileUrl(url)) {
-            // Not a pluginfile URL, ignore it.
-            return Promise.resolve(false);
         }
 
         url = this.fixPluginfileURL(url);
diff --git a/src/providers/utils/url.ts b/src/providers/utils/url.ts
index c04240a6c..4cb7b8cce 100644
--- a/src/providers/utils/url.ts
+++ b/src/providers/utils/url.ts
@@ -89,6 +89,22 @@ export class CoreUrlUtilsProvider {
         return '<a href="' + url + '">' + text + '</a>';
     }
 
+    /**
+     * Check whether we can use tokenpluginfile.php endpoint for a certain URL.
+     *
+     * @param url URL to check.
+     * @param siteUrl The URL of the site the URL belongs to.
+     * @param accessKey User access key for tokenpluginfile.
+     * @return Whether tokenpluginfile.php can be used.
+     */
+    canUseTokenPluginFile(url: string, siteUrl: string, accessKey?: string): boolean {
+        // Do not use tokenpluginfile if site doesn't use slash params, the URL doesn't work.
+        // Also, only use it for "core" pluginfile endpoints. Some plugins can implement their own endpoint (like customcert).
+        return accessKey && !url.match(/[\&?]file=/) && (
+                url.indexOf(this.textUtils.concatenatePaths(siteUrl, 'pluginfile.php')) === 0 ||
+                url.indexOf(this.textUtils.concatenatePaths(siteUrl, 'webservice/pluginfile.php')) === 0);
+    }
+
     /**
      * Extracts the parameters from a URL and stores them in an object.
      *
@@ -151,8 +167,10 @@ export class CoreUrlUtilsProvider {
 
         url = url.replace(/&amp;/g, '&');
 
+        const canUseTokenPluginFile = accessKey && this.canUseTokenPluginFile(url, siteUrl, accessKey);
+
         // First check if we need to fix this url or is already fixed.
-        if (!accessKey && url.indexOf('token=') != -1) {
+        if (!canUseTokenPluginFile && url.indexOf('token=') != -1) {
             return url;
         }
 
@@ -161,11 +179,8 @@ export class CoreUrlUtilsProvider {
             return url;
         }
 
-        const hasSlashParams = !url.match(/[\&?]file=/);
-
-        if (accessKey && hasSlashParams) {
-            // We have the user access key, use tokenpluginfile.php.
-            // Do not use it without slash params, the URL doesn't work.
+        if (canUseTokenPluginFile) {
+            // Use tokenpluginfile.php.
             url = url.replace(/(\/webservice)?\/pluginfile\.php/, '/tokenpluginfile.php/' + accessKey);
 
             return url;