fix: public link download in authenticated context

changelog/unreleased/bugfix-public-link-file-download

@@ -0,0 +1,6 @@
+Bugfix: Public link file download
+
+We've fixed a bug where the download of a file from a public link was not working when the user had logged in already. The download only worked if no user was logged in.
+
+https://github.com/owncloud/web/issues/10473
+https://github.com/owncloud/web/pull/10494

packages/web-pkg/src/composables/download/useDownloadFile.ts

@@ -24,18 +24,27 @@ export const useDownloadFile = (options?: DownloadFileOptions) => {
     const { owncloudSdk: client } = clientService
     const isUserContext = store.getters['runtime/auth/isUserContextReady']
 
-    // construct the url and headers
-    let url
-    if (unref(isPublicLinkContext)) {
-      url = file.downloadURL
-    } else {
-      if (version === null) {
-        url = `${client.helpers._davPath}${file.webDavPath}`
-      } else {
-        url = client.fileVersions.getFileVersionUrl(file.fileId, version)
+    // public links have a pre-signed download url
+    if (file.downloadURL) {
+      try {
+        triggerDownloadWithFilename(file.downloadURL, file.name)
+      } catch (e) {
+        console.error(e)
+        store.dispatch('showErrorMessage', {
+          title: $gettext('Download failed'),
+          desc: $gettext('File could not be located'),
+          errors: [e]
+        })
       }
+      return
     }
 
+    // construct the download url
+    const url =
+      version === null
+        ? `${client.helpers._davPath}${file.webDavPath}`
+        : client.fileVersions.getFileVersionUrl(file.fileId, version)
+
     // download with signing enabled
     if (isUserContext && unref(isUrlSigningEnabled)) {
       const httpClient = clientService.httpAuthenticated

tests/e2e/cucumber/features/smoke/shares/link.feature

@@ -42,6 +42,10 @@ Feature: link
       | lorem.txt     | lorem_new.txt    |
       | textfile.txt  | textfile_new.txt |
       | new-lorem.txt | test.txt         |
+    #    currently upload folder feature is not available in playwright
+    #    And "Anonymous" uploads the following resources in public link page
+    #      | resource              |
+    #      | filesForUpload/PARENT |
     And "Alice" removes the public link named "myPublicLink" of resource "folderPublic"
     And "Anonymous" should not be able to open the old link "myPublicLink"
     And "Alice" logs out
@@ -69,6 +73,7 @@ Feature: link
     Given "Admin" creates following user using API
       | id    |
       | Brian |
+      | Carol |
     And "Alice" logs in
     And "Alice" creates the following resources
       | resource     | type   |
@@ -97,9 +102,14 @@ Feature: link
     And "Alice" creates a public link for the resource "testavatar.jpg" with password "%public%" using the sidebar panel
     And "Alice" renames the most recently created public link of resource "testavatar.jpg" to "imageLink"
     And "Alice" logs out
+
+    # authenticated user with access to resources. should be redirected to shares with me page
     And "Brian" logs in
     When "Brian" opens the public link "folderLink"
     And "Brian" unlocks the public link with password "%public%"
+    And "Brian" downloads the following public link resources using the sidebar panel
+      | resource         | type |
+      | shareToBrian.txt | file |
     And "Brian" uploads the following resources
       | resource  |
       | lorem.txt |
@@ -121,6 +131,32 @@ Feature: link
     And "Brian" closes the file viewer
     And "Brian" logs out
 
+    # authenticated user without access to resources. should be redirected to the public links page
+    And "Carol" logs in
+    When "Carol" opens the public link "folderLink"
+    And "Carol" unlocks the public link with password "%public%"
+    # https://github.com/owncloud/web/issues/10473
+    And "Carol" downloads the following public link resources using the sidebar panel
+      | resource  | type |
+      | lorem.txt | file |
+    When "Carol" opens the public link "textLink"
+    And "Carol" unlocks the public link with password "%public%"
+    Then "Carol" is in a text-editor
+    And "Carol" closes the file viewer
+    When "Carol" opens the public link "markdownLink"
+    And "Carol" unlocks the public link with password "%public%"
+    Then "Carol" is in a text-editor
+    And "Carol" closes the file viewer
+    When "Carol" opens the public link "pdfLink"
+    And "Carol" unlocks the public link with password "%public%"
+    Then "Carol" is in a pdf-viewer
+    And "Carol" closes the file viewer
+    When "Carol" opens the public link "imageLink"
+    And "Carol" unlocks the public link with password "%public%"
+    Then "Carol" is in a image-viewer
+    And "Carol" closes the file viewer
+    And "Carol" logs out
+
 
   Scenario: add banned password for public link
     When "Alice" logs in
@@ -148,4 +184,3 @@ Feature: link
     And "Anonymous" opens the public link "myPublicLink"
     And "Anonymous" unlocks the public link with password "%copied_password%"
     And "Alice" logs out
-