Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/nextcloud/richdocuments.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorJulius Härtl <jus@bitgrid.net>2022-04-25 18:13:17 +0300
committerGitHub <noreply@github.com>2022-04-25 18:13:17 +0300
commit10235f21d84e69159b6b3e8d9317177465304594 (patch)
tree4ecb9d35edfac8e9e8b7bc7e60145561b5242252 /lib
parent628e2612ec96d912ca9ec9f9495e668adb5b289f (diff)
parent88435dea0ae2eb48abe8e76864be66b0c9c282ee (diff)
Merge pull request #2161 from nextcloud/enh/trusted-host-toggle
Add app config to enable trusted domain list usage
Diffstat (limited to 'lib')
-rw-r--r--lib/AppConfig.php18
-rw-r--r--lib/Service/FederationService.php16
2 files changed, 25 insertions, 9 deletions
diff --git a/lib/AppConfig.php b/lib/AppConfig.php
index bcb2ef9d..9a9bec66 100644
--- a/lib/AppConfig.php
+++ b/lib/AppConfig.php
@@ -16,6 +16,10 @@ use \OCP\IConfig;
class AppConfig {
+ public const FEDERATION_USE_TRUSTED_DOMAINS = 'federation_use_trusted_domains';
+
+ public const SYSTEM_GS_TRUSTED_HOSTS = 'gs.trustedHosts';
+
private $defaults = [
'wopi_url' => '',
'timeout' => 15,
@@ -107,4 +111,18 @@ class AppConfig {
return $result;
}
+ /**
+ * Returns a list of trusted domains from the gs.trustedHosts config
+ */
+ public function getTrustedDomains(): array {
+ return $this->config->getSystemValue(self::SYSTEM_GS_TRUSTED_HOSTS, []);
+ }
+
+ /**
+ * Returns if federation trusted domains should be always allowed for federated editing
+ */
+ public function isTrustedDomainAllowedForFederation(): bool {
+ return $this->config->getAppValue(Application::APPNAME, self::FEDERATION_USE_TRUSTED_DOMAINS, 'no') === 'yes';
+ }
+
}
diff --git a/lib/Service/FederationService.php b/lib/Service/FederationService.php
index f8d3e5f7..ac541f54 100644
--- a/lib/Service/FederationService.php
+++ b/lib/Service/FederationService.php
@@ -26,11 +26,10 @@ namespace OCA\Richdocuments\Service;
use OCA\Federation\TrustedServers;
use OCA\Files_Sharing\External\Storage as SharingExternalStorage;
+use OCA\Richdocuments\AppConfig;
use OCA\Richdocuments\Db\Direct;
use OCA\Richdocuments\Db\Wopi;
-use OCA\Richdocuments\Db\WopiMapper;
use OCA\Richdocuments\TokenManager;
-use OCP\AppFramework\Http\RedirectResponse;
use OCP\AppFramework\QueryException;
use OCP\Files\File;
use OCP\Files\InvalidPathException;
@@ -38,7 +37,6 @@ use OCP\Files\NotFoundException;
use OCP\Http\Client\IClientService;
use OCP\ICache;
use OCP\ICacheFactory;
-use OCP\IConfig;
use OCP\ILogger;
use OCP\IRequest;
use OCP\IURLGenerator;
@@ -54,8 +52,8 @@ class FederationService {
private $logger;
/** @var TrustedServers */
private $trustedServers;
- /** @var IConfig */
- private $config;
+ /** @var AppConfig */
+ private $appConfig;
/** @var TokenManager */
private $tokenManager;
/** @var IRequest */
@@ -63,12 +61,12 @@ class FederationService {
/** @var IURLGenerator */
private $urlGenerator;
- public function __construct(ICacheFactory $cacheFactory, IClientService $clientService, ILogger $logger, TokenManager $tokenManager, IConfig $config, IRequest $request, IURLGenerator $urlGenerator) {
+ public function __construct(ICacheFactory $cacheFactory, IClientService $clientService, ILogger $logger, TokenManager $tokenManager, AppConfig $appConfig, IRequest $request, IURLGenerator $urlGenerator) {
$this->cache = $cacheFactory->createDistributed('richdocuments_remote/');
$this->clientService = $clientService;
$this->logger = $logger;
$this->tokenManager = $tokenManager;
- $this->config = $config;
+ $this->appConfig = $appConfig;
$this->request = $request;
$this->urlGenerator = $urlGenerator;
try {
@@ -114,13 +112,13 @@ class FederationService {
$domainWithPort = parse_url($domainWithPort, PHP_URL_HOST) . ($port ? ':' . $port : '');
}
- if ($this->trustedServers !== null && $this->trustedServers->isTrustedServer($domainWithPort)) {
+ if ($this->appConfig->isTrustedDomainAllowedForFederation() && $this->trustedServers !== null && $this->trustedServers->isTrustedServer($domainWithPort)) {
return true;
}
$domain = $this->getDomainWithoutPort($domainWithPort);
- $trustedList = array_merge($this->config->getSystemValue('gs.trustedHosts', []), [$this->request->getServerHost()]);
+ $trustedList = array_merge($this->appConfig->getTrustedDomains(), [$this->request->getServerHost()]);
if (!is_array($trustedList)) {
return false;
}