Merge pull request #18478 from nextcloud/fix/direct-editing-invalid-editor-id

Do not generate tokens for editor IDs that do not exist

apps/files/lib/Controller/DirectEditingController.php

@@ -89,7 +89,7 @@ class DirectEditingController extends OCSController {
 			]);
 		} catch (Exception $e) {
 			$this->logger->logException($e, ['message' => 'Exception when creating a new file through direct editing']);
-			return new DataResponse('Failed to create file', Http::STATUS_FORBIDDEN);
+			return new DataResponse('Failed to create file: ' . $e->getMessage(), Http::STATUS_FORBIDDEN);
 		}
 	}
 
@@ -106,7 +106,7 @@ class DirectEditingController extends OCSController {
 			]);
 		} catch (Exception $e) {
 			$this->logger->logException($e, ['message' => 'Exception when opening a file through direct editing']);
-			return new DataResponse('Failed to open file', Http::STATUS_FORBIDDEN);
+			return new DataResponse('Failed to open file: ' . $e->getMessage(), Http::STATUS_FORBIDDEN);
 		}
 	}
 
@@ -122,7 +122,7 @@ class DirectEditingController extends OCSController {
 			return new DataResponse($this->directEditingManager->getTemplates($editorId, $creatorId));
 		} catch (Exception $e) {
 			$this->logger->logException($e);
-			return new DataResponse('Failed to open file', Http::STATUS_INTERNAL_SERVER_ERROR);
+			return new DataResponse('Failed to obtain template list: ' . $e->getMessage(), Http::STATUS_INTERNAL_SERVER_ERROR);
 		}
 	}
 }

lib/private/DirectEditing/Manager.php

@@ -45,6 +45,8 @@ use OCP\IUserSession;
 use OCP\L10N\IFactory;
 use OCP\Security\ISecureRandom;
 use OCP\Share\IShare;
+use function array_key_exists;
+use function in_array;
 
 class Manager implements IManager {
 
@@ -140,6 +142,9 @@ class Manager implements IManager {
 		if ($editorId === null) {
 			$editorId = $this->findEditorForFile($file);
 		}
+		if (!array_key_exists($editorId, $this->editors)) {
+			throw new \RuntimeException("Editor $editorId is unknown");
+		}
 
 		return $this->createToken($editorId, $file, $filePath);
 	}