From 91ebbe80037d13890d680e697593fbe7eed777cb Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Wed, 11 Oct 2023 11:52:10 +0200 Subject: [PATCH] fix(federation): Use `sharing.federation.allowSelfSignedCertificates` config for all OCM requests Signed-off-by: Joas Schilling --- .../Controller/ExternalSharesController.php | 27 +++++++------------ apps/files_sharing/lib/External/Storage.php | 4 +++ 2 files changed, 13 insertions(+), 18 deletions(-) diff --git a/apps/files_sharing/lib/Controller/ExternalSharesController.php b/apps/files_sharing/lib/Controller/ExternalSharesController.php index ed58cb4635254..726e99345fafa 100644 --- a/apps/files_sharing/lib/Controller/ExternalSharesController.php +++ b/apps/files_sharing/lib/Controller/ExternalSharesController.php @@ -29,6 +29,7 @@ use OCP\AppFramework\Http\DataResponse; use OCP\AppFramework\Http\JSONResponse; use OCP\Http\Client\IClientService; +use OCP\IConfig; use OCP\IRequest; /** @@ -37,25 +38,14 @@ * @package OCA\Files_Sharing\Controller */ class ExternalSharesController extends Controller { - - /** @var \OCA\Files_Sharing\External\Manager */ - private $externalManager; - /** @var IClientService */ - private $clientService; - - /** - * @param string $appName - * @param IRequest $request - * @param \OCA\Files_Sharing\External\Manager $externalManager - * @param IClientService $clientService - */ - public function __construct($appName, - IRequest $request, - \OCA\Files_Sharing\External\Manager $externalManager, - IClientService $clientService) { + public function __construct( + string $appName, + IRequest $request, + private \OCA\Files_Sharing\External\Manager $externalManager, + private IClientService $clientService, + private IConfig $config, + ) { parent::__construct($appName, $request); - $this->externalManager = $externalManager; - $this->clientService = $clientService; } /** @@ -107,6 +97,7 @@ protected function testUrl($remote, $checkVersion = false) { [ 'timeout' => 3, 'connect_timeout' => 3, + 'verify' => !$this->config->getSystemValueBool('sharing.federation.allowSelfSignedCertificates', false), ] )->getBody()); diff --git a/apps/files_sharing/lib/External/Storage.php b/apps/files_sharing/lib/External/Storage.php index e3fe9c7f51ec2..7b64690d53e17 100644 --- a/apps/files_sharing/lib/External/Storage.php +++ b/apps/files_sharing/lib/External/Storage.php @@ -53,6 +53,7 @@ use OCP\Http\Client\IClientService; use OCP\Http\Client\LocalServerException; use OCP\ICacheFactory; +use OCP\IConfig; use OCP\OCM\Exceptions\OCMArgumentException; use OCP\OCM\Exceptions\OCMProviderException; use OCP\OCM\IOCMDiscoveryService; @@ -67,6 +68,7 @@ class Storage extends DAV implements ISharedStorage, IDisableEncryptionStorage, private IClientService $httpClient; private bool $updateChecked = false; private ExternalShareManager $manager; + private IConfig $config; /** * @param array{HttpClientService: IClientService, manager: ExternalShareManager, cloudId: ICloudId, mountpoint: string, token: string, password: ?string}|array $options @@ -78,6 +80,7 @@ public function __construct($options) { $this->cloudId = $options['cloudId']; $this->logger = Server::get(LoggerInterface::class); $discoveryService = Server::get(IOCMDiscoveryService::class); + $this->config = Server::get(IConfig::class); // use default path to webdav if not found on discovery try { @@ -290,6 +293,7 @@ private function testRemoteUrl(string $url): bool { $result = $client->get($url, [ 'timeout' => 10, 'connect_timeout' => 10, + 'verify' => !$this->config->getSystemValueBool('sharing.federation.allowSelfSignedCertificates', false), ])->getBody(); $data = json_decode($result); $returnValue = (is_object($data) && !empty($data->version));