mirror of
https://github.com/nextcloud/server.git
synced 2026-02-11 23:04:22 -05:00
4ce4d7b9b3
1) The checks for well-known urls should always run against the root domain and therefore the option to remove the webroot. 2) For trusted domains, the available protocol is unknown, and thus some guesswork would be needed to make that work. I've decided for now to not consider them anymore to reduce false-positives. Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
93 lines
3.1 KiB
PHP
93 lines
3.1 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
/**
|
|
* SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
|
|
* SPDX-License-Identifier: AGPL-3.0-or-later
|
|
*/
|
|
|
|
namespace OCA\Settings\SetupChecks;
|
|
|
|
use OCP\Http\Client\IClientService;
|
|
use OCP\IConfig;
|
|
use OCP\IL10N;
|
|
use OCP\IURLGenerator;
|
|
use OCP\SetupCheck\ISetupCheck;
|
|
use OCP\SetupCheck\SetupResult;
|
|
use Psr\Log\LoggerInterface;
|
|
|
|
class WellKnownUrls implements ISetupCheck {
|
|
|
|
use CheckServerResponseTrait;
|
|
|
|
public function __construct(
|
|
protected IL10N $l10n,
|
|
protected IConfig $config,
|
|
protected IURLGenerator $urlGenerator,
|
|
protected IClientService $clientService,
|
|
protected LoggerInterface $logger,
|
|
) {
|
|
}
|
|
|
|
public function getCategory(): string {
|
|
return 'network';
|
|
}
|
|
|
|
public function getName(): string {
|
|
return $this->l10n->t('.well-known URLs');
|
|
}
|
|
|
|
public function run(): SetupResult {
|
|
if (!$this->config->getSystemValueBool('check_for_working_wellknown_setup', true)) {
|
|
return SetupResult::info($this->l10n->t('`check_for_working_wellknown_setup` is set to false in your configuration, so this check was skipped.'));
|
|
}
|
|
|
|
$urls = [
|
|
['get', '/.well-known/webfinger', [200, 404], true],
|
|
['get', '/.well-known/nodeinfo', [200, 404], true],
|
|
['propfind', '/.well-known/caldav', [207], false],
|
|
['propfind', '/.well-known/carddav', [207], false],
|
|
];
|
|
|
|
foreach ($urls as [$verb,$url,$validStatuses,$checkCustomHeader]) {
|
|
$works = null;
|
|
foreach ($this->runRequest($verb, $url, ['httpErrors' => false, 'options' => ['allow_redirects' => ['track_redirects' => true]]], removeWebroot: true) as $response) {
|
|
// Check that the response status matches
|
|
$works = in_array($response->getStatusCode(), $validStatuses);
|
|
// and (if needed) the custom Nextcloud header is set
|
|
if ($checkCustomHeader) {
|
|
$works = $works && !empty($response->getHeader('X-NEXTCLOUD-WELL-KNOWN'));
|
|
} else {
|
|
// For default DAV endpoints we lack authorization, but we still can check that the redirect works as expected
|
|
if (!$works && $response->getStatusCode() === 401) {
|
|
$redirectHops = explode(',', $response->getHeader('X-Guzzle-Redirect-History'));
|
|
$effectiveUri = end($redirectHops);
|
|
$works = str_ends_with(rtrim($effectiveUri, '/'), '/remote.php/dav');
|
|
}
|
|
}
|
|
// Skip the other requests if one works
|
|
if ($works === true) {
|
|
break;
|
|
}
|
|
}
|
|
// If 'works' is null then we could not connect to the server
|
|
if ($works === null) {
|
|
return SetupResult::info(
|
|
$this->l10n->t('Could not check that your web server serves `.well-known` correctly. Please check manually.') . "\n" . $this->serverConfigHelp(),
|
|
$this->urlGenerator->linkToDocs('admin-setup-well-known-URL'),
|
|
);
|
|
}
|
|
// Otherwise if we fail we can abort here
|
|
if ($works === false) {
|
|
return SetupResult::warning(
|
|
$this->l10n->t("Your web server is not properly set up to resolve `.well-known` URLs, failed on:\n`%s`", [$url]),
|
|
$this->urlGenerator->linkToDocs('admin-setup-well-known-URL'),
|
|
);
|
|
}
|
|
}
|
|
return SetupResult::success(
|
|
$this->l10n->t('Your server is correctly configured to serve `.well-known` URLs.')
|
|
);
|
|
}
|
|
}
|