fix(federation): Use sharing.federation.allowSelfSignedCertificates…

… config for all OCM requests Signed-off-by: Joas Schilling <[email protected]>
nextcloud · Oct 11, 2023 · 91ebbe8 · 91ebbe8
1 parent 04db454
commit 91ebbe8
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 18 deletions.
diff --git a/apps/files_sharing/lib/Controller/ExternalSharesController.php b/apps/files_sharing/lib/Controller/ExternalSharesController.php
@@ -29,6 +29,7 @@
 use OCP\AppFramework\Http\DataResponse;
 use OCP\AppFramework\Http\JSONResponse;
 use OCP\Http\Client\IClientService;
+use OCP\IConfig;
 use OCP\IRequest;
 
 /**
@@ -37,25 +38,14 @@
  * @package OCA\Files_Sharing\Controller
  */
 class ExternalSharesController extends Controller {
-
-	/** @var \OCA\Files_Sharing\External\Manager */
-	private $externalManager;
-	/** @var IClientService */
-	private $clientService;
-
-	/**
-	 * @param string $appName
-	 * @param IRequest $request
-	 * @param \OCA\Files_Sharing\External\Manager $externalManager
-	 * @param IClientService $clientService
-	 */
-	public function __construct($appName,
-								IRequest $request,
-								\OCA\Files_Sharing\External\Manager $externalManager,
-								IClientService $clientService) {
+	public function __construct(
+		string $appName,
+		IRequest $request,
+		private \OCA\Files_Sharing\External\Manager $externalManager,
+		private IClientService $clientService,
+		private IConfig $config,
+	) {
 		parent::__construct($appName, $request);
-		$this->externalManager = $externalManager;
-		$this->clientService = $clientService;
 	}
 
 	/**
@@ -107,6 +97,7 @@ protected function testUrl($remote, $checkVersion = false) {
 				[
 					'timeout' => 3,
 					'connect_timeout' => 3,
+					'verify' => !$this->config->getSystemValueBool('sharing.federation.allowSelfSignedCertificates', false),
 				]
 			)->getBody());
 

diff --git a/apps/files_sharing/lib/External/Storage.php b/apps/files_sharing/lib/External/Storage.php
@@ -53,6 +53,7 @@
 use OCP\Http\Client\IClientService;
 use OCP\Http\Client\LocalServerException;
 use OCP\ICacheFactory;
+use OCP\IConfig;
 use OCP\OCM\Exceptions\OCMArgumentException;
 use OCP\OCM\Exceptions\OCMProviderException;
 use OCP\OCM\IOCMDiscoveryService;
@@ -67,6 +68,7 @@ class Storage extends DAV implements ISharedStorage, IDisableEncryptionStorage,
 	private IClientService $httpClient;
 	private bool $updateChecked = false;
 	private ExternalShareManager $manager;
+	private IConfig $config;
 
 	/**
 	 * @param array{HttpClientService: IClientService, manager: ExternalShareManager, cloudId: ICloudId, mountpoint: string, token: string, password: ?string}|array $options
@@ -78,6 +80,7 @@ public function __construct($options) {
 		$this->cloudId = $options['cloudId'];
 		$this->logger = Server::get(LoggerInterface::class);
 		$discoveryService = Server::get(IOCMDiscoveryService::class);
+		$this->config = Server::get(IConfig::class);
 
 		// use default path to webdav if not found on discovery
 		try {
@@ -290,6 +293,7 @@ private function testRemoteUrl(string $url): bool {
 			$result = $client->get($url, [
 				'timeout' => 10,
 				'connect_timeout' => 10,
+				'verify' => !$this->config->getSystemValueBool('sharing.federation.allowSelfSignedCertificates', false),
 			])->getBody();
 			$data = json_decode($result);
 			$returnValue = (is_object($data) && !empty($data->version));