mirror of
https://github.com/nextcloud/server.git
synced 2026-04-01 15:18:09 -04:00
Merge pull request #59050 from nextcloud/backport/58724/stable33
[stable33] fix(files_sharing): respect config to skip certificate verification
This commit is contained in:
Andy Scherzinger
GitHub
commit
1a72a5219e
5 changed files with 24 additions and 4 deletions
|
|
@ -49,6 +49,7 @@ use OCP\Files\Events\Node\BeforeNodeReadEvent;
|
|||
use OCP\Group\Events\GroupChangedEvent;
|
||||
use OCP\Group\Events\GroupDeletedEvent;
|
||||
use OCP\Group\Events\UserAddedEvent;
|
||||
use OCP\IConfig;
|
||||
use OCP\IDBConnection;
|
||||
use OCP\IGroup;
|
||||
use OCP\Share\Events\ShareCreatedEvent;
|
||||
|
|
@ -72,7 +73,8 @@ class Application extends App implements IBootstrap {
|
|||
function () use ($c) {
|
||||
return $c->get(Manager::class);
|
||||
},
|
||||
$c->get(ICloudIdManager::class)
|
||||
$c->get(ICloudIdManager::class),
|
||||
$c->get(IConfig::class),
|
||||
);
|
||||
});
|
||||
|
||||
|
|
|
|||
3
apps/files_sharing/lib/External/Manager.php
vendored
3
apps/files_sharing/lib/External/Manager.php
vendored
|
|
@ -26,6 +26,7 @@ use OCP\Files\NotPermittedException;
|
|||
use OCP\Files\Storage\IStorageFactory;
|
||||
use OCP\Http\Client\IClientService;
|
||||
use OCP\ICertificateManager;
|
||||
use OCP\IConfig;
|
||||
use OCP\IDBConnection;
|
||||
use OCP\IGroup;
|
||||
use OCP\IGroupManager;
|
||||
|
|
@ -56,6 +57,7 @@ class Manager {
|
|||
private SetupManager $setupManager,
|
||||
private ICertificateManager $certificateManager,
|
||||
private ExternalShareMapper $externalShareMapper,
|
||||
private IConfig $config,
|
||||
) {
|
||||
$this->user = $userSession->getUser();
|
||||
}
|
||||
|
|
@ -113,6 +115,7 @@ class Manager {
|
|||
'password' => $externalShare->getPassword(),
|
||||
'mountpoint' => $externalShare->getMountpoint(),
|
||||
'owner' => $externalShare->getOwner(),
|
||||
'verify' => !$this->config->getSystemValueBool('sharing.federation.allowSelfSignedCertificates'),
|
||||
];
|
||||
return $this->mountShare($options, $user);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -17,6 +17,7 @@ use OCP\Files\Config\IPartialMountProvider;
|
|||
use OCP\Files\Storage\IStorageFactory;
|
||||
use OCP\Http\Client\IClientService;
|
||||
use OCP\ICertificateManager;
|
||||
use OCP\IConfig;
|
||||
use OCP\IDBConnection;
|
||||
use OCP\IUser;
|
||||
use OCP\Server;
|
||||
|
|
@ -37,6 +38,7 @@ class MountProvider implements IMountProvider, IPartialMountProvider {
|
|||
private readonly IDBConnection $connection,
|
||||
callable $managerProvider,
|
||||
private readonly ICloudIdManager $cloudIdManager,
|
||||
private IConfig $config,
|
||||
) {
|
||||
$this->managerProvider = $managerProvider;
|
||||
}
|
||||
|
|
@ -50,6 +52,7 @@ class MountProvider implements IMountProvider, IPartialMountProvider {
|
|||
$data['cloudId'] = $this->cloudIdManager->getCloudId($data['owner'], $data['remote']);
|
||||
$data['certificateManager'] = Server::get(ICertificateManager::class);
|
||||
$data['HttpClientService'] = Server::get(IClientService::class);
|
||||
$data['verify'] = !$this->config->getSystemValueBool('sharing.federation.allowSelfSignedCertificates');
|
||||
|
||||
return new Mount(self::STORAGE, $mountPoint, $data, $manager, $storageFactory);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -30,6 +30,7 @@ use OCP\Http\Client\IClientService;
|
|||
use OCP\Http\Client\IResponse;
|
||||
use OCP\ICacheFactory;
|
||||
use OCP\ICertificateManager;
|
||||
use OCP\IConfig;
|
||||
use OCP\IDBConnection;
|
||||
use OCP\IGroup;
|
||||
use OCP\IGroupManager;
|
||||
|
|
@ -71,6 +72,7 @@ class ManagerTest extends TestCase {
|
|||
protected SetupManager&MockObject $setupManager;
|
||||
protected ICertificateManager&MockObject $certificateManager;
|
||||
private ExternalShareMapper $externalShareMapper;
|
||||
private IConfig $config;
|
||||
|
||||
protected function setUp(): void {
|
||||
parent::setUp();
|
||||
|
|
@ -81,6 +83,7 @@ class ManagerTest extends TestCase {
|
|||
->disableOriginalConstructor()->getMock();
|
||||
$this->cloudFederationProviderManager = $this->createMock(ICloudFederationProviderManager::class);
|
||||
$this->cloudFederationFactory = $this->createMock(ICloudFederationFactory::class);
|
||||
$this->config = $this->createMock(IConfig::class);
|
||||
$this->groupManager = $this->createMock(IGroupManager::class);
|
||||
$this->userManager = $this->createMock(IUserManager::class);
|
||||
$this->eventDispatcher = $this->createMock(IEventDispatcher::class);
|
||||
|
|
@ -119,7 +122,7 @@ class ManagerTest extends TestCase {
|
|||
$this->contactsManager,
|
||||
$this->createMock(IURLGenerator::class),
|
||||
$this->userManager,
|
||||
));
|
||||
), $this->config);
|
||||
|
||||
$this->group1 = $this->createMock(IGroup::class);
|
||||
$this->group1->expects($this->any())->method('getGID')->willReturn('group1');
|
||||
|
|
@ -169,6 +172,7 @@ class ManagerTest extends TestCase {
|
|||
$this->setupManager,
|
||||
$this->certificateManager,
|
||||
$this->externalShareMapper,
|
||||
$this->config,
|
||||
]
|
||||
)->onlyMethods(['tryOCMEndPoint'])->getMock();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -52,6 +52,7 @@ class DAV extends Common {
|
|||
protected $host;
|
||||
/** @var bool */
|
||||
protected $secure;
|
||||
protected bool $verify;
|
||||
/** @var string */
|
||||
protected $root;
|
||||
/** @var string */
|
||||
|
|
@ -106,12 +107,14 @@ class DAV extends Common {
|
|||
$this->authType = $parameters['authType'];
|
||||
}
|
||||
if (isset($parameters['secure'])) {
|
||||
$this->verify = $parameters['verify'] ?? true;
|
||||
if (is_string($parameters['secure'])) {
|
||||
$this->secure = ($parameters['secure'] === 'true');
|
||||
} else {
|
||||
$this->secure = (bool)$parameters['secure'];
|
||||
}
|
||||
} else {
|
||||
$this->verify = false;
|
||||
$this->secure = false;
|
||||
}
|
||||
if ($this->secure === true) {
|
||||
|
|
@ -155,6 +158,9 @@ class DAV extends Common {
|
|||
$this->client->setThrowExceptions(true);
|
||||
|
||||
if ($this->secure === true) {
|
||||
if ($this->verify === false) {
|
||||
$this->client->addCurlSetting(CURLOPT_SSL_VERIFYPEER, false);
|
||||
}
|
||||
$certPath = $this->certManager->getAbsoluteBundlePath();
|
||||
if (file_exists($certPath)) {
|
||||
$this->certPath = $certPath;
|
||||
|
|
@ -361,7 +367,8 @@ class DAV extends Common {
|
|||
'auth' => [$this->user, $this->password],
|
||||
'stream' => true,
|
||||
// set download timeout for users with slow connections or large files
|
||||
'timeout' => $this->timeout
|
||||
'timeout' => $this->timeout,
|
||||
'verify' => $this->verify,
|
||||
]);
|
||||
} catch (\GuzzleHttp\Exception\ClientException $e) {
|
||||
if ($e->getResponse() instanceof ResponseInterface
|
||||
|
|
@ -511,7 +518,8 @@ class DAV extends Common {
|
|||
'body' => $source,
|
||||
'auth' => [$this->user, $this->password],
|
||||
// set upload timeout for users with slow connections or large files
|
||||
'timeout' => $this->timeout
|
||||
'timeout' => $this->timeout,
|
||||
'verify' => $this->verify,
|
||||
]);
|
||||
|
||||
$this->removeCachedFile($target);
|
||||
|
|
|
|||
Loading…
Reference in a new issue