Skip to content

Commit 0c4e9cf

Browse files
committed
fix(wopi): stable guest UserId and correct IsAnonymousUser for named guests
Two issues prevented cursor presence from working for named public link guests: 1. Guest UserId was randomly generated on every CheckFileInfo call. The WOPI spec requires UserId to be stable per user session. Use a deterministic hash of the WOPI token instead so the same guest retains the same identity for the duration of the session. 2. IsAnonymousUser was unconditionally set to true for all public link users, even when the guest had explicitly entered a display name. Collabora treats IsAnonymousUser=true as a privacy signal and hides the cursor from other editors. Only set the flag when the guest has no display name (truly anonymous), so named guests have visible cursors in collaborative sessions.
1 parent 3222278 commit 0c4e9cf

1 file changed

Lines changed: 3 additions & 3 deletions

File tree

lib/Controller/WopiController.php

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -161,7 +161,7 @@ public function checkFileInfo(
161161
return new JSONResponse([], Http::STATUS_FORBIDDEN);
162162
}
163163

164-
$guestUserId = 'Guest-' . \OCP\Server::get(\OCP\Security\ISecureRandom::class)->generate(8);
164+
$guestUserId = 'Guest-' . substr(hash('sha256', $wopi->getToken()), 0, 16);
165165
$user = $this->userManager->get($wopi->getEditorUid());
166166
$userDisplayName = $user !== null && !$isPublic ? $user->getDisplayName() : $wopi->getGuestDisplayname();
167167
$isSmartPickerEnabled = (bool)$wopi->getCanwrite() && !$isPublic && !$wopi->getDirect();
@@ -293,7 +293,7 @@ public function checkFileInfo(
293293

294294
if ($isPublic) {
295295
$response['UserExtraInfo']['is_guest'] = true; // DEPRECATED
296-
$response['IsAnonymousUser'] = true;
296+
$response['IsAnonymousUser'] = empty($wopi->getGuestDisplayname());
297297
} else {
298298
$response['IsAnonymousUser'] = false;
299299
}
@@ -485,7 +485,7 @@ public function getSettings(
485485
}
486486

487487
$isPublic = empty($wopi->getEditorUid());
488-
$guestUserId = 'Guest-' . \OCP\Server::get(\OCP\Security\ISecureRandom::class)->generate(8);
488+
$guestUserId = 'Guest-' . substr(hash('sha256', $wopi->getToken()), 0, 8);
489489
$userId = !$isPublic ? $wopi->getEditorUid() : $guestUserId;
490490

491491
$userConfig = $this->settingsService->generateSettingsConfig($type, $userId);

0 commit comments

Comments
 (0)