sascha
/
nextcloud-server
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix(federation): comply to `sharing.federation.allowSelfSignedCertificates` 

Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
pull/49973/head
skjnldsv 2024-12-20 12:41:24 +07:00
parent d3ec3deab4
commit f753d2f773
8 changed files with 46 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
apps/federatedfilesharing/tests/Settings/AdminTest.php
Unescape Escape View File

@ -91,10 +91,14 @@ class AdminTest extends TestCase {
->expects($this->once()) ->expects($this->once())
->method('isIncomingServer2serverGroupShareEnabled') ->method('isIncomingServer2serverGroupShareEnabled')
->willReturn($state); ->willReturn($state);
$this->federatedShareProvider
->expects($this->once())
->method('isFederatedTrustedShareAutoAccept')
->willReturn($state);
$this->gsConfig->expects($this->once())->method('onlyInternalFederation') $this->gsConfig->expects($this->once())->method('onlyInternalFederation')
->willReturn($state); ->willReturn($state);
$this->initialState->expects($this->exactly(9)) $this->initialState->expects($this->exactly(10))
->method('provideInitialState') ->method('provideInitialState')
->withConsecutive( ->withConsecutive(
['internalOnly', $state], ['internalOnly', $state],
@ -106,6 +110,7 @@ class AdminTest extends TestCase {
['incomingServer2serverGroupShareEnabled', $state], ['incomingServer2serverGroupShareEnabled', $state],
['lookupServerEnabled', $state], ['lookupServerEnabled', $state],
['lookupServerUploadEnabled', $state], ['lookupServerUploadEnabled', $state],
['federatedTrustedShareAutoAccept', $state]
); );
$expected = new TemplateResponse('federatedfilesharing', 'settings-admin', [], ''); $expected = new TemplateResponse('federatedfilesharing', 'settings-admin', [], '');

3
apps/federation/lib/BackgroundJob/GetSharedSecret.php
Unescape Escape View File

@ -17,6 +17,7 @@ use OCP\BackgroundJob\Job;
use OCP\Http\Client\IClient; use OCP\Http\Client\IClient;
use OCP\Http\Client\IClientService; use OCP\Http\Client\IClientService;
use OCP\Http\Client\IResponse; use OCP\Http\Client\IResponse;
use OCP\IConfig;
use OCP\IURLGenerator; use OCP\IURLGenerator;
use OCP\OCS\IDiscoveryService; use OCP\OCS\IDiscoveryService;
use Psr\Log\LoggerInterface; use Psr\Log\LoggerInterface;
@ -43,6 +44,7 @@ class GetSharedSecret extends Job {
private LoggerInterface $logger, private LoggerInterface $logger,
private IDiscoveryService $ocsDiscoveryService, private IDiscoveryService $ocsDiscoveryService,
ITimeFactory $timeFactory, ITimeFactory $timeFactory,
private IConfig $config
) { ) {
parent::__construct($timeFactory); parent::__construct($timeFactory);
$this->httpClient = $httpClientService->newClient(); $this->httpClient = $httpClientService->newClient();
@ -105,6 +107,7 @@ class GetSharedSecret extends Job {
], ],
'timeout' => 3, 'timeout' => 3,
'connect_timeout' => 3, 'connect_timeout' => 3,
'verify' => !$this->config->getSystemValue('sharing.federation.allowSelfSignedCertificates', false),
] ]
); );

3
apps/federation/lib/BackgroundJob/RequestSharedSecret.php
Unescape Escape View File

@ -18,6 +18,7 @@ use OCP\BackgroundJob\IJobList;
use OCP\BackgroundJob\Job; use OCP\BackgroundJob\Job;
use OCP\Http\Client\IClient; use OCP\Http\Client\IClient;
use OCP\Http\Client\IClientService; use OCP\Http\Client\IClientService;
use OCP\IConfig;
use OCP\IURLGenerator; use OCP\IURLGenerator;
use OCP\OCS\IDiscoveryService; use OCP\OCS\IDiscoveryService;
use Psr\Log\LoggerInterface; use Psr\Log\LoggerInterface;
@ -47,6 +48,7 @@ class RequestSharedSecret extends Job {
private IDiscoveryService $ocsDiscoveryService, private IDiscoveryService $ocsDiscoveryService,
private LoggerInterface $logger, private LoggerInterface $logger,
ITimeFactory $timeFactory, ITimeFactory $timeFactory,
private IConfig $config
) { ) {
parent::__construct($timeFactory); parent::__construct($timeFactory);
$this->httpClient = $httpClientService->newClient(); $this->httpClient = $httpClientService->newClient();
@ -116,6 +118,7 @@ class RequestSharedSecret extends Job {
], ],
'timeout' => 3, 'timeout' => 3,
'connect_timeout' => 3, 'connect_timeout' => 3,
'verify' => !$this->config->getSystemValue('sharing.federation.allowSelfSignedCertificates', false),
] ]
); );

4
apps/federation/lib/Controller/SettingsController.php
Unescape Escape View File

@ -34,8 +34,8 @@ class SettingsController extends Controller {
*/ */
#[AuthorizedAdminSetting(settings: Admin::class)] #[AuthorizedAdminSetting(settings: Admin::class)]
public function addServer(string $url): DataResponse { public function addServer(string $url): DataResponse {
$this->checkServer($url); $this->checkServer(trim($url));
$id = $this->trustedServers->addServer($url); $id = $this->trustedServers->addServer(trim($url));
return new DataResponse([ return new DataResponse([
'url' => $url, 'url' => $url,

1
apps/federation/lib/TrustedServers.php
Unescape Escape View File

@ -138,6 +138,7 @@ class TrustedServers {
[ [
'timeout' => 3, 'timeout' => 3,
'connect_timeout' => 3, 'connect_timeout' => 3,
'verify' => !$this->config->getSystemValue('sharing.federation.allowSelfSignedCertificates', false),
] ]
); );
if ($result->getStatusCode() === Http::STATUS_OK) { if ($result->getStatusCode() === Http::STATUS_OK) {

13
apps/federation/tests/BackgroundJob/GetSharedSecretTest.php
Unescape Escape View File

@ -17,6 +17,7 @@ use OCP\BackgroundJob\IJobList;
use OCP\Http\Client\IClient; use OCP\Http\Client\IClient;
use OCP\Http\Client\IClientService; use OCP\Http\Client\IClientService;
use OCP\Http\Client\IResponse; use OCP\Http\Client\IResponse;
use OCP\IConfig;
use OCP\IURLGenerator; use OCP\IURLGenerator;
use OCP\OCS\IDiscoveryService; use OCP\OCS\IDiscoveryService;
use Psr\Log\LoggerInterface; use Psr\Log\LoggerInterface;
@ -57,6 +58,9 @@ class GetSharedSecretTest extends TestCase {
/** @var \PHPUnit\Framework\MockObject\MockObject|ITimeFactory */ /** @var \PHPUnit\Framework\MockObject\MockObject|ITimeFactory */
private $timeFactory; private $timeFactory;
/** @var \PHPUnit\Framework\MockObject\MockObject|IConfig */
private $config;
private GetSharedSecret $getSharedSecret; private GetSharedSecret $getSharedSecret;
protected function setUp(): void { protected function setUp(): void {
@ -72,6 +76,7 @@ class GetSharedSecretTest extends TestCase {
$this->response = $this->getMockBuilder(IResponse::class)->getMock(); $this->response = $this->getMockBuilder(IResponse::class)->getMock();
$this->discoverService = $this->getMockBuilder(IDiscoveryService::class)->getMock(); $this->discoverService = $this->getMockBuilder(IDiscoveryService::class)->getMock();
$this->timeFactory = $this->createMock(ITimeFactory::class); $this->timeFactory = $this->createMock(ITimeFactory::class);
$this->config = $this->createMock(IConfig::class);
$this->discoverService->expects($this->any())->method('discover')->willReturn([]); $this->discoverService->expects($this->any())->method('discover')->willReturn([]);
$this->httpClientService->expects($this->any())->method('newClient')->willReturn($this->httpClient); $this->httpClientService->expects($this->any())->method('newClient')->willReturn($this->httpClient);
@ -83,7 +88,8 @@ class GetSharedSecretTest extends TestCase {
$this->trustedServers, $this->trustedServers,
$this->logger, $this->logger,
$this->discoverService, $this->discoverService,
$this->timeFactory $this->timeFactory,
$this->config
); );
} }
@ -104,7 +110,8 @@ class GetSharedSecretTest extends TestCase {
$this->trustedServers, $this->trustedServers,
$this->logger, $this->logger,
$this->discoverService, $this->discoverService,
$this->timeFactory $this->timeFactory,
$this->config,
] ]
)->setMethods(['parentStart'])->getMock(); )->setMethods(['parentStart'])->getMock();
$this->invokePrivate($getSharedSecret, 'argument', [['url' => 'url', 'token' => 'token']]); $this->invokePrivate($getSharedSecret, 'argument', [['url' => 'url', 'token' => 'token']]);
@ -176,6 +183,7 @@ class GetSharedSecretTest extends TestCase {
], ],
'timeout' => 3, 'timeout' => 3,
'connect_timeout' => 3, 'connect_timeout' => 3,
'verify' => true,
] ]
)->willReturn($this->response); )->willReturn($this->response);
@ -267,6 +275,7 @@ class GetSharedSecretTest extends TestCase {
], ],
'timeout' => 3, 'timeout' => 3,
'connect_timeout' => 3, 'connect_timeout' => 3,
'verify' => true,
] ]
)->willThrowException($this->createMock(ConnectException::class)); )->willThrowException($this->createMock(ConnectException::class));

13
apps/federation/tests/BackgroundJob/RequestSharedSecretTest.php
Unescape Escape View File

@ -16,6 +16,7 @@ use OCP\BackgroundJob\IJobList;
use OCP\Http\Client\IClient; use OCP\Http\Client\IClient;
use OCP\Http\Client\IClientService; use OCP\Http\Client\IClientService;
use OCP\Http\Client\IResponse; use OCP\Http\Client\IResponse;
use OCP\IConfig;
use OCP\IURLGenerator; use OCP\IURLGenerator;
use OCP\OCS\IDiscoveryService; use OCP\OCS\IDiscoveryService;
use PHPUnit\Framework\MockObject\MockObject; use PHPUnit\Framework\MockObject\MockObject;
@ -50,6 +51,9 @@ class RequestSharedSecretTest extends TestCase {
/** @var MockObject|ITimeFactory */ /** @var MockObject|ITimeFactory */
private $timeFactory; private $timeFactory;
/** @var MockObject|IConfig */
private $config;
/** @var RequestSharedSecret */ /** @var RequestSharedSecret */
private $requestSharedSecret; private $requestSharedSecret;
@ -66,6 +70,7 @@ class RequestSharedSecretTest extends TestCase {
$this->discoveryService = $this->getMockBuilder(IDiscoveryService::class)->getMock(); $this->discoveryService = $this->getMockBuilder(IDiscoveryService::class)->getMock();
$this->logger = $this->createMock(LoggerInterface::class); $this->logger = $this->createMock(LoggerInterface::class);
$this->timeFactory = $this->createMock(ITimeFactory::class); $this->timeFactory = $this->createMock(ITimeFactory::class);
$this->config = $this->createMock(IConfig::class);
$this->discoveryService->expects($this->any())->method('discover')->willReturn([]); $this->discoveryService->expects($this->any())->method('discover')->willReturn([]);
$this->httpClientService->expects($this->any())->method('newClient')->willReturn($this->httpClient); $this->httpClientService->expects($this->any())->method('newClient')->willReturn($this->httpClient);
@ -77,7 +82,8 @@ class RequestSharedSecretTest extends TestCase {
$this->trustedServers, $this->trustedServers,
$this->discoveryService, $this->discoveryService,
$this->logger, $this->logger,
$this->timeFactory $this->timeFactory,
$this->config,
); );
} }
@ -98,7 +104,8 @@ class RequestSharedSecretTest extends TestCase {
$this->trustedServers, $this->trustedServers,
$this->discoveryService, $this->discoveryService,
$this->logger, $this->logger,
$this->timeFactory $this->timeFactory,
$this->config,
] ]
)->setMethods(['parentStart'])->getMock(); )->setMethods(['parentStart'])->getMock();
$this->invokePrivate($requestSharedSecret, 'argument', [['url' => 'url', 'token' => 'token']]); $this->invokePrivate($requestSharedSecret, 'argument', [['url' => 'url', 'token' => 'token']]);
@ -170,6 +177,7 @@ class RequestSharedSecretTest extends TestCase {
], ],
'timeout' => 3, 'timeout' => 3,
'connect_timeout' => 3, 'connect_timeout' => 3,
'verify' => true,
] ]
)->willReturn($this->response); )->willReturn($this->response);
@ -255,6 +263,7 @@ class RequestSharedSecretTest extends TestCase {
], ],
'timeout' => 3, 'timeout' => 3,
'connect_timeout' => 3, 'connect_timeout' => 3,
'verify' => true,
] ]
)->willThrowException($this->createMock(ConnectException::class)); )->willThrowException($this->createMock(ConnectException::class));

9
config/config.sample.php
Unescape Escape View File

@ -1880,6 +1880,15 @@ $CONFIG = [
*/ */
'transferIncomingShares' => false, 'transferIncomingShares' => false,
/**
* Federated Cloud Sharing
*/
/**
* Allow self-signed certificates for federated shares
*/
'sharing.federation.allowSelfSignedCertificates' => false,
/** /**
* Hashing * Hashing
*/ */