diff --git a/appinfo/application.php b/appinfo/application.php index 25487b85..dc129bde 100644 --- a/appinfo/application.php +++ b/appinfo/application.php @@ -102,6 +102,8 @@ public function register(IRegistrationContext $context): void { if (!class_exists('\\Firebase\\JWT\\JWT')) { require_once __DIR__ . "/../3rdparty/jwt/JWT.php"; } + // Set the leeway for the JWT library in case the system clock is a second off + \Firebase\JWT\JWT::$leeway = $this->appConfig->GetJwtLeeway(); $context->registerService("L10N", function (ContainerInterface $c) { return $c->get("ServerContainer")->getL10N($c->get("AppName")); diff --git a/controller/settingscontroller.php b/controller/settingscontroller.php index aa8ffe45..2f73a796 100644 --- a/controller/settingscontroller.php +++ b/controller/settingscontroller.php @@ -130,7 +130,8 @@ public function index() { "tagsEnabled" => \OC::$server->getAppManager()->isEnabledForUser("systemtags"), "reviewDisplay" => $this->config->GetCustomizationReviewDisplay(), "theme" => $this->config->GetCustomizationTheme(), - "templates" => $this->GetGlobalTemplates() + "templates" => $this->GetGlobalTemplates(), + "jwtLeeway" => $this->config->GetJwtLeeway() ]; return new TemplateResponse($this->appName, "settings", $data, "blank"); } @@ -152,7 +153,8 @@ public function SaveAddress($documentserver, $storageUrl, $verifyPeerOff, $secret, - $demo + $demo, + $jwtLeeway ) { $error = null; if (!$this->config->SelectDemo($demo === true)) { @@ -163,6 +165,7 @@ public function SaveAddress($documentserver, $this->config->SetVerifyPeerOff($verifyPeerOff); $this->config->SetDocumentServerInternalUrl($documentserverInternal); $this->config->SetDocumentServerSecret($secret); + $this->config->SetJwtLeeway($jwtLeeway); } $this->config->SetStorageUrl($storageUrl); @@ -182,6 +185,7 @@ public function SaveAddress($documentserver, "documentserverInternal" => $this->config->GetDocumentServerInternalUrl(true), "storageUrl" => $this->config->GetStorageUrl(), "secret" => $this->config->GetDocumentServerSecret(true), + "jwtLeeway" => $this->config->GetJwtLeeway(), "error" => $error, "version" => $version, ]; diff --git a/js/settings.js b/js/settings.js index 87adadcb..ae7ead62 100644 --- a/js/settings.js +++ b/js/settings.js @@ -141,6 +141,7 @@ var onlyofficeStorageUrl = ($("#onlyofficeStorageUrl:visible").val() || "").trim(); var onlyofficeVerifyPeerOff = $("#onlyofficeVerifyPeerOff").prop("checked"); var onlyofficeSecret = ($("#onlyofficeSecret:visible").val() || "").trim(); + var onlyofficeJwtLeeway = ($("#onlyofficeJwtLeeway").val() || "0").trim(); var demo = $("#onlyofficeDemo").prop("checked"); $.ajax({ @@ -152,6 +153,7 @@ storageUrl: onlyofficeStorageUrl, verifyPeerOff: onlyofficeVerifyPeerOff, secret: onlyofficeSecret, + jwtLeeway: onlyofficeJwtLeeway, demo: demo }, success: function onSuccess(response) { @@ -161,6 +163,7 @@ $("#onlyofficeInternalUrl").val(response.documentserverInternal); $("#onlyofficeStorageUrl").val(response.storageUrl); $("#onlyofficeSecret").val(response.secret); + $("#onlyofficeJwtLeeway").val(response.jwtLeeway); $(".section-onlyoffice-common, .section-onlyoffice-templates, .section-onlyoffice-watermark").toggleClass("onlyoffice-hide", (!response.documentserver.length && !demo) || !!response.error.length); diff --git a/lib/appconfig.php b/lib/appconfig.php index 47b20b6b..561bfe94 100644 --- a/lib/appconfig.php +++ b/lib/appconfig.php @@ -88,6 +88,13 @@ class AppConfig { */ private $_cryptSecret = "secret"; + /** + * The config key for the allowable leeway in Jwt checks + * + * @var string + */ + private $_jwtLeeway = "JwtLeeway"; + /** * The config key for the default formats * @@ -571,6 +578,27 @@ public function GetDocumentServerSecret($origin = false) { return $secret; } + /** + * Save the Jwt Leeway to the application configuration + * + * @param string $jwtLeeway - number of seconds the docs/nextcloud clock can be off + */ + public function SetJwtLeeway($jwtLeeway) { + $this->logger->debug("Setting JwtLeeway to: " . json_encode($jwtLeeway), ["app" => $this->appName]); + $this->config->setAppValue($this->appName, $this->_jwtLeeway, $jwtLeeway); + } + + /** + * Get the Jwt Leeway + * + * @return string + */ + public function GetJwtLeeway() { + $jwtLeeway = $this->config->getAppValue($this->appName, $this->_jwtLeeway, "0"); + $this->logger->debug("JwtLeeqy: " . json_encode($jwtLeeway), ["app" => $this->appName]); + return $jwtLeeway; + } + /** * Get the secret key from the application configuration * diff --git a/templates/settings.php b/templates/settings.php index fd9d0d88..7140be98 100644 --- a/templates/settings.php +++ b/templates/settings.php @@ -67,6 +67,9 @@

t("Server address for internal requests from ONLYOFFICE Docs")) ?>

" placeholder="" type="text">

+ +

t("Amount of leeway in system clocks between nextcloud and ONLYOFFICE Docs (in seconds)")) ?>

+

" placeholder="0" type="text">