sascha
/
nextcloud-server
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix(federation): comply to `sharing.federation.allowSelfSignedCertificates` 

Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
pull/49973/head
skjnldsv 2024-12-20 12:41:24 +07:00
parent d3ec3deab4
commit f753d2f773
8 changed files with 46 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
apps/federatedfilesharing/tests/Settings/AdminTest.php
Unescape Escape View File

@ -91,10 +91,14 @@ class AdminTest extends TestCase {
->expects($this->once())
->method('isIncomingServer2serverGroupShareEnabled')
->willReturn($state);
$this->federatedShareProvider
->expects($this->once())
->method('isFederatedTrustedShareAutoAccept')
->willReturn($state);
$this->gsConfig->expects($this->once())->method('onlyInternalFederation')
->willReturn($state);
$this->initialState->expects($this->exactly(9))
$this->initialState->expects($this->exactly(10))
->method('provideInitialState')
->withConsecutive(
['internalOnly', $state],
@ -106,6 +110,7 @@ class AdminTest extends TestCase {
['incomingServer2serverGroupShareEnabled', $state],
['lookupServerEnabled', $state],
['lookupServerUploadEnabled', $state],
['federatedTrustedShareAutoAccept', $state]
);
$expected = new TemplateResponse('federatedfilesharing', 'settings-admin', [], '');

3
apps/federation/lib/BackgroundJob/GetSharedSecret.php
Unescape Escape View File

@ -17,6 +17,7 @@ use OCP\BackgroundJob\Job;
use OCP\Http\Client\IClient;
use OCP\Http\Client\IClientService;
use OCP\Http\Client\IResponse;
use OCP\IConfig;
use OCP\IURLGenerator;
use OCP\OCS\IDiscoveryService;
use Psr\Log\LoggerInterface;
@ -43,6 +44,7 @@ class GetSharedSecret extends Job {
private LoggerInterface $logger,
private IDiscoveryService $ocsDiscoveryService,
ITimeFactory $timeFactory,
private IConfig $config
) {
parent::__construct($timeFactory);
$this->httpClient = $httpClientService->newClient();
@ -105,6 +107,7 @@ class GetSharedSecret extends Job {
],
'timeout' => 3,
'connect_timeout' => 3,
'verify' => !$this->config->getSystemValue('sharing.federation.allowSelfSignedCertificates', false),
]
);

3
apps/federation/lib/BackgroundJob/RequestSharedSecret.php
Unescape Escape View File

@ -18,6 +18,7 @@ use OCP\BackgroundJob\IJobList;
use OCP\BackgroundJob\Job;
use OCP\Http\Client\IClient;
use OCP\Http\Client\IClientService;
use OCP\IConfig;
use OCP\IURLGenerator;
use OCP\OCS\IDiscoveryService;
use Psr\Log\LoggerInterface;
@ -47,6 +48,7 @@ class RequestSharedSecret extends Job {
private IDiscoveryService $ocsDiscoveryService,
private LoggerInterface $logger,
ITimeFactory $timeFactory,
private IConfig $config
) {
parent::__construct($timeFactory);
$this->httpClient = $httpClientService->newClient();
@ -116,6 +118,7 @@ class RequestSharedSecret extends Job {
],
'timeout' => 3,
'connect_timeout' => 3,
'verify' => !$this->config->getSystemValue('sharing.federation.allowSelfSignedCertificates', false),
]
);

4
apps/federation/lib/Controller/SettingsController.php
Unescape Escape View File

@ -34,8 +34,8 @@ class SettingsController extends Controller {
*/
#[AuthorizedAdminSetting(settings: Admin::class)]
public function addServer(string $url): DataResponse {
$this->checkServer($url);
$id = $this->trustedServers->addServer($url);
$this->checkServer(trim($url));
$id = $this->trustedServers->addServer(trim($url));
return new DataResponse([
'url' => $url,

1
apps/federation/lib/TrustedServers.php
Unescape Escape View File

@ -138,6 +138,7 @@ class TrustedServers {
[
'timeout' => 3,
'connect_timeout' => 3,
'verify' => !$this->config->getSystemValue('sharing.federation.allowSelfSignedCertificates', false),
]
);
if ($result->getStatusCode() === Http::STATUS_OK) {

13
apps/federation/tests/BackgroundJob/GetSharedSecretTest.php
Unescape Escape View File

@ -17,6 +17,7 @@ use OCP\BackgroundJob\IJobList;
use OCP\Http\Client\IClient;
use OCP\Http\Client\IClientService;
use OCP\Http\Client\IResponse;
use OCP\IConfig;
use OCP\IURLGenerator;
use OCP\OCS\IDiscoveryService;
use Psr\Log\LoggerInterface;
@ -57,6 +58,9 @@ class GetSharedSecretTest extends TestCase {
/** @var \PHPUnit\Framework\MockObject\MockObject|ITimeFactory */
private $timeFactory;
/** @var \PHPUnit\Framework\MockObject\MockObject|IConfig */
private $config;
private GetSharedSecret $getSharedSecret;
protected function setUp(): void {
@ -72,6 +76,7 @@ class GetSharedSecretTest extends TestCase {
$this->response = $this->getMockBuilder(IResponse::class)->getMock();
$this->discoverService = $this->getMockBuilder(IDiscoveryService::class)->getMock();
$this->timeFactory = $this->createMock(ITimeFactory::class);
$this->config = $this->createMock(IConfig::class);
$this->discoverService->expects($this->any())->method('discover')->willReturn([]);
$this->httpClientService->expects($this->any())->method('newClient')->willReturn($this->httpClient);
@ -83,7 +88,8 @@ class GetSharedSecretTest extends TestCase {
$this->trustedServers,
$this->logger,
$this->discoverService,
$this->timeFactory
$this->timeFactory,
$this->config
);
}
@ -104,7 +110,8 @@ class GetSharedSecretTest extends TestCase {
$this->trustedServers,
$this->logger,
$this->discoverService,
$this->timeFactory
$this->timeFactory,
$this->config,
]
)->setMethods(['parentStart'])->getMock();
$this->invokePrivate($getSharedSecret, 'argument', [['url' => 'url', 'token' => 'token']]);
@ -176,6 +183,7 @@ class GetSharedSecretTest extends TestCase {
],
'timeout' => 3,
'connect_timeout' => 3,
'verify' => true,
]
)->willReturn($this->response);
@ -267,6 +275,7 @@ class GetSharedSecretTest extends TestCase {
],
'timeout' => 3,
'connect_timeout' => 3,
'verify' => true,
]
)->willThrowException($this->createMock(ConnectException::class));

13
apps/federation/tests/BackgroundJob/RequestSharedSecretTest.php
Unescape Escape View File

@ -16,6 +16,7 @@ use OCP\BackgroundJob\IJobList;
use OCP\Http\Client\IClient;
use OCP\Http\Client\IClientService;
use OCP\Http\Client\IResponse;
use OCP\IConfig;
use OCP\IURLGenerator;
use OCP\OCS\IDiscoveryService;
use PHPUnit\Framework\MockObject\MockObject;
@ -50,6 +51,9 @@ class RequestSharedSecretTest extends TestCase {
/** @var MockObject|ITimeFactory */
private $timeFactory;
/** @var MockObject|IConfig */
private $config;
/** @var RequestSharedSecret */
private $requestSharedSecret;
@ -66,6 +70,7 @@ class RequestSharedSecretTest extends TestCase {
$this->discoveryService = $this->getMockBuilder(IDiscoveryService::class)->getMock();
$this->logger = $this->createMock(LoggerInterface::class);
$this->timeFactory = $this->createMock(ITimeFactory::class);
$this->config = $this->createMock(IConfig::class);
$this->discoveryService->expects($this->any())->method('discover')->willReturn([]);
$this->httpClientService->expects($this->any())->method('newClient')->willReturn($this->httpClient);
@ -77,7 +82,8 @@ class RequestSharedSecretTest extends TestCase {
$this->trustedServers,
$this->discoveryService,
$this->logger,
$this->timeFactory
$this->timeFactory,
$this->config,
);
}
@ -98,7 +104,8 @@ class RequestSharedSecretTest extends TestCase {
$this->trustedServers,
$this->discoveryService,
$this->logger,
$this->timeFactory
$this->timeFactory,
$this->config,
]
)->setMethods(['parentStart'])->getMock();
$this->invokePrivate($requestSharedSecret, 'argument', [['url' => 'url', 'token' => 'token']]);
@ -170,6 +177,7 @@ class RequestSharedSecretTest extends TestCase {
],
'timeout' => 3,
'connect_timeout' => 3,
'verify' => true,
]
)->willReturn($this->response);
@ -255,6 +263,7 @@ class RequestSharedSecretTest extends TestCase {
],
'timeout' => 3,
'connect_timeout' => 3,
'verify' => true,
]
)->willThrowException($this->createMock(ConnectException::class));

9
config/config.sample.php
Unescape Escape View File

@ -1880,6 +1880,15 @@ $CONFIG = [
*/
'transferIncomingShares' => false,
/**
* Federated Cloud Sharing
*/
/**
* Allow self-signed certificates for federated shares
*/
'sharing.federation.allowSelfSignedCertificates' => false,
/**
* Hashing
*/