ownCloud sharing files with short term token or similar?

Question

I am sharing files from an ownCloud server which I then embed links within an external Drupal site (which requires the user to login before being able to access).

So far I use the the ownCloud REST "share api" to authenticate with the ownCloud server and return a link to a file, however this link is permanent and can be re-used without authentication in the future. So, if the user were to copy the URL link, they could maintain access to the files even if their credentials on the external site were revoked.

Because these links are embedded in an authenticated page I would like to avoid users logging in again into ownCloud to download the files, so I would like to secure them using a short-term token or something similar (I am imagining the sort of workflow: user logs into external Drupal site, site server authenticates with ownCloud server, receives tokens and appends Tokens to download links).

So far, I have searched the official forums, posted on experts exchange, read through the documentation, and googled extensively. It appears to me this functionality does not exist, however, it seems like it should. So if somebody knows, how it could be done? Alternative solutions that could provide a similar result are also welcome!

Answer 1

Starting with ownCloud 7.0, you can "update" a share to have an expiration date:

Update Share

Update a given share. Only one value can be updated per request.

• Syntax: /shares/
• Method: PUT
• Arguments: share_id - (int) share ID
• PUT Arguments: permissions - (int) update permissions (see “Create share” above)
• PUT Arguments: password - (string) updated password for public link Share
• PUT Arguments: publicUpload - (boolean) enable (true) /disable (false) public upload for public shares.
• PUT Arguments: expireDate - (string) set a expire date for public link shares. This argument expects a well formated date string, e.g. ‘YYYY-MM-DD’

Answer 2

If you check the OC Share API documentation you can see that there exists a parameter "password" to add a password to the link:

Create a new Share
Share a file/folder with a user/group or as public link.

• Syntax: /shares
• Method: POST
• POST Arguments: path - (string) path to the file/folder which should be shared
• POST Arguments: shareType - (int) ‘0’ = user; ‘1’ = group; ‘3’ = public link
• POST Arguments: shareWith - (string) user / group id with which the file should be shared
• POST Arguments: publicUpload - (boolean) allow public upload to a public shared folder (true/false)
• POST Arguments: password - (string) password to protect public link Share with
• POST Arguments: permissions - (int) 1 = read; 2 = update; 4 = create; 8 = delete; 16 = share; 31 = all (default: 31, for public shares: 1)
• Mandatory fields: shareType, path and shareWith for shareType 0 or 1.
• Result: XML containing the share ID (int) of the newly created share

Another solution is storage your share files and revoke them when you want:

Delete Share

Remove the given share.

• Syntax: /shares/
• Method: DELETE
• Arguments: share_id - (int) share ID

You can check more information at: http://doc.owncloud.org/server/6.0/developer_manual/core/ocs-share-api.html

Answer 3

In the web interface, shares can be created with an expiry date. Not sure why the share API doesn't provide access to this yet (at least according to the docs). But there is an issue for it in ownCloud's issue tracker already, which suggests this might be implemented in OC7 (which should be released soon).

Just a remark: Yours is actually more of a feature request than a question, and actually not really programming-related I would say. If you decide to go with ownCloud and you require anything more specific, you might be better of posting a feature request on the ownCloud issue tracker for it...