feat(cloud_federation_api): adapt to new format for share creation

Signed-off-by: Enrique Pérez Arnaud <[email protected]>

Author: enriquepablo

apps/cloud_federation_api/lib/Controller/RequestHandlerController.php

@@ -94,7 +94,7 @@ public function __construct(
 	 * @param string|null $ownerDisplayName Display name of the user who shared the item
 	 * @param string|null $sharedBy Provider specific UID of the user who shared the resource
 	 * @param string|null $sharedByDisplayName Display name of the user who shared the resource
-	 * @param array{name: list<string>, options: array<string, mixed>} $protocol e,.g. ['name' => 'webdav', 'options' => ['username' => 'john', 'permissions' => 31]]
+	 * @param array{name: string, options?: array<string, mixed>, webdav?: array<string, mixed>} $protocol Old format: ['name' => 'webdav', 'options' => ['sharedSecret' => '...', 'permissions' => '...']] or New format: ['name' => 'webdav', 'webdav' => ['uri' => '...', 'sharedSecret' => '...', 'permissions' => [...]]]
 	 * @param string $shareType 'group' or 'user' share
 	 * @param string $resourceType 'file', 'calendar',...
 	 *
@@ -129,9 +129,6 @@ public function addShare($shareWith, $name, $description, $providerId, $owner, $
 			|| $shareType === null
 			|| !is_array($protocol)
 			|| !isset($protocol['name'])
-			|| !isset($protocol['options'])
-			|| !is_array($protocol['options'])
-			|| !isset($protocol['options']['sharedSecret'])
 		) {
 			return new JSONResponse(
 				[
@@ -142,6 +139,20 @@ public function addShare($shareWith, $name, $description, $providerId, $owner, $
 			);
 		}
 
+		$protocolName = $protocol['name'];
+		$hasOldFormat = isset($protocol['options']) && is_array($protocol['options']) && isset($protocol['options']['sharedSecret']);
+		$hasNewFormat = isset($protocol[$protocolName]) && is_array($protocol[$protocolName]) && isset($protocol[$protocolName]['sharedSecret']);
+
+		if (!$hasOldFormat && !$hasNewFormat) {
+			return new JSONResponse(
+				[
+					'message' => 'Missing sharedSecret in protocol',
+					'validationErrors' => [],
+				],
+				Http::STATUS_BAD_REQUEST
+			);
+		}
+
 		$supportedShareTypes = $this->config->getSupportedShareTypes($resourceType);
 		if (!in_array($shareType, $supportedShareTypes)) {
 			return new JSONResponse(

lib/private/Federation/CloudFederationFactory.php

@@ -9,8 +9,18 @@
 use OCP\Federation\ICloudFederationFactory;
 use OCP\Federation\ICloudFederationNotification;
 use OCP\Federation\ICloudFederationShare;
+use OCP\Federation\ICloudIdManager;
+use OCP\OCM\IOCMDiscoveryService;
+use OCP\OCM\Exceptions\OCMProviderException;
+use Psr\Log\LoggerInterface;
 
 class CloudFederationFactory implements ICloudFederationFactory {
+	public function __construct(
+		private IOCMDiscoveryService $ocmDiscoveryService,
+		private ICloudIdManager $cloudIdManager,
+		private LoggerInterface $logger,
+	) {
+	}
 	/**
 	 * get a CloudFederationShare Object to prepare a share you want to send
 	 *
@@ -30,7 +40,52 @@ class CloudFederationFactory implements ICloudFederationFactory {
 	 * @since 14.0.0
 	 */
 	public function getCloudFederationShare($shareWith, $name, $description, $providerId, $owner, $ownerDisplayName, $sharedBy, $sharedByDisplayName, $sharedSecret, $shareType, $resourceType) {
-		return new CloudFederationShare($shareWith, $name, $description, $providerId, $owner, $ownerDisplayName, $sharedBy, $sharedByDisplayName, $shareType, $resourceType, $sharedSecret);
+		$useExchangeToken = false;
+		$remoteDomain = null;
+
+		try {
+			$cloudId = $this->cloudIdManager->resolveCloudId($shareWith);
+			$remoteDomain = $cloudId->getRemote();
+
+			try {
+				$remoteProvider = $this->ocmDiscoveryService->discover($remoteDomain);
+				$capabilities = $remoteProvider->getCapabilities();
+
+				$useExchangeToken = in_array('exchange-token', $capabilities, true);
+
+				$this->logger->debug('OCM provider capabilities discovered', [
+					'remote' => $remoteDomain,
+					'capabilities' => $capabilities,
+					'useExchangeToken' => $useExchangeToken,
+				]);
+			} catch (OCMProviderException $e) {
+				$this->logger->warning('Failed to discover OCM provider, using legacy share method', [
+					'remote' => $remoteDomain,
+					'exception' => $e->getMessage(),
+				]);
+			}
+		} catch (\InvalidArgumentException $e) {
+			$this->logger->warning('Invalid cloud ID format, using legacy share method', [
+				'shareWith' => $shareWith,
+				'exception' => $e->getMessage(),
+			]);
+		}
+
+		return new CloudFederationShare(
+			$shareWith,
+			$name,
+			$description,
+			$providerId,
+			$owner,
+			$ownerDisplayName,
+			$sharedBy,
+			$sharedByDisplayName,
+			$shareType,
+			$resourceType,
+			$sharedSecret,
+			$useExchangeToken,
+			$remoteDomain
+		);
 	}
 
 	/**

lib/private/Federation/CloudFederationShare.php

@@ -40,6 +40,8 @@ class CloudFederationShare implements ICloudFederationShare {
 	 * @param string $shareType ('group' or 'user' share)
 	 * @param string $resourceType ('file', 'calendar',...)
 	 * @param string $sharedSecret
+	 * @param bool $useExchangeToken whether to use exchange-token protocol (new way) or sharedSecret (old way)
+	 * @param string|null $remoteDomain remote domain for constructing webdav URI
 	 */
 	public function __construct($shareWith = '',
 		$name = '',
@@ -52,6 +54,8 @@ public function __construct($shareWith = '',
 		$shareType = '',
 		$resourceType = '',
 		$sharedSecret = '',
+		$useExchangeToken = false,
+		$remoteDomain = null,
 	) {
 		$this->setShareWith($shareWith);
 		$this->setResourceName($name);
@@ -61,13 +65,27 @@ public function __construct($shareWith = '',
 		$this->setOwnerDisplayName($ownerDisplayName);
 		$this->setSharedBy($sharedBy);
 		$this->setSharedByDisplayName($sharedByDisplayName);
-		$this->setProtocol([
-			'name' => 'webdav',
-			'options' => [
-				'sharedSecret' => $sharedSecret,
-				'permissions' => '{http://open-cloud-mesh.org/ns}share-permissions'
-			]
-		]);
+
+		if ($useExchangeToken) {
+			$webdavUri = $remoteDomain ? 'https://' . $remoteDomain . '/public.php/webdav/' : '';
+			$this->setProtocol([
+				'name' => 'webdav',
+				'webdav' => [
+					'uri' => $webdavUri,
+					'sharedSecret' => $sharedSecret,
+					'permissions' => ['{http://open-cloud-mesh.org/ns}share-permissions']
+				]
+			]);
+		} else {
+			$this->setProtocol([
+				'name' => 'webdav',
+				'options' => [
+					'sharedSecret' => $sharedSecret,
+					'permissions' => '{http://open-cloud-mesh.org/ns}share-permissions'
+				]
+			]);
+		}
+
 		$this->setShareType($shareType);
 		$this->setResourceType($resourceType);
 	}
@@ -328,7 +346,19 @@ public function getShareType() {
 	 * @since 14.0.0
 	 */
 	public function getShareSecret() {
-		return $this->share['protocol']['options']['sharedSecret'];
+		$protocol = $this->share['protocol'];
+		if (isset($protocol['options']['sharedSecret'])) {
+			return $protocol['options']['sharedSecret'];
+		}
+
+		if (isset($protocol['name'])) {
+			$protocolName = $protocol['name'];
+			if (isset($protocol[$protocolName]['sharedSecret'])) {
+				return $protocol[$protocolName]['sharedSecret'];
+			}
+		}
+
+		return '';
 	}
 
 	/**

lib/private/Server.php

@@ -1167,7 +1167,11 @@ public function __construct($webRoot, \OC\Config $config) {
 		$this->registerAlias(\OCP\GlobalScale\IConfig::class, \OC\GlobalScale\Config::class);
 		$this->registerAlias(ICloudFederationProviderManager::class, CloudFederationProviderManager::class);
 		$this->registerService(ICloudFederationFactory::class, function (Server $c) {
-			return new CloudFederationFactory();
+			return new CloudFederationFactory(
+				$c->get(\OCP\OCM\IOCMDiscoveryService::class),
+				$c->get(\OCP\Federation\ICloudIdManager::class),
+				$c->get(\Psr\Log\LoggerInterface::class)
+			);
 		});
 
 		$this->registerAlias(\OCP\AppFramework\Utility\IControllerMethodReflector::class, \OC\AppFramework\Utility\ControllerMethodReflector::class);