From d68806aa948706516464192ddb9d49f6c99d439c Mon Sep 17 00:00:00 2001 From: Salvatore Martire <4652631+salmart-dev@users.noreply.github.com> Date: Wed, 4 Mar 2026 17:22:20 +0100 Subject: [PATCH 1/2] fix(files_sharing): respect config to skip certificate verification This is important especially for local development, as certificate are self-signed. Signed-off-by: Salvatore Martire <4652631+salmart-dev@users.noreply.github.com> [skip ci] --- apps/files_sharing/lib/AppInfo/Application.php | 4 +++- apps/files_sharing/lib/External/Manager.php | 11 +++++++++-- apps/files_sharing/lib/External/MountProvider.php | 10 +++++++++- apps/files_sharing/tests/External/ManagerTest.php | 6 +++++- lib/private/Files/Storage/DAV.php | 12 ++++++++++-- 5 files changed, 36 insertions(+), 7 deletions(-) diff --git a/apps/files_sharing/lib/AppInfo/Application.php b/apps/files_sharing/lib/AppInfo/Application.php index fc305e58dbe45..c74fb54573944 100644 --- a/apps/files_sharing/lib/AppInfo/Application.php +++ b/apps/files_sharing/lib/AppInfo/Application.php @@ -66,6 +66,7 @@ use OCP\Group\Events\GroupChangedEvent; use OCP\Group\Events\GroupDeletedEvent; use OCP\Group\Events\UserAddedEvent; +use OCP\IConfig; use OCP\IDBConnection; use OCP\IGroup; use OCP\IUserSession; @@ -90,7 +91,8 @@ public function register(IRegistrationContext $context): void { function () use ($c) { return $c->get(Manager::class); }, - $c->get(ICloudIdManager::class) + $c->get(ICloudIdManager::class), + $c->get(IConfig::class), ); }); diff --git a/apps/files_sharing/lib/External/Manager.php b/apps/files_sharing/lib/External/Manager.php index f18d8346dc44d..126884365e637 100644 --- a/apps/files_sharing/lib/External/Manager.php +++ b/apps/files_sharing/lib/External/Manager.php @@ -46,6 +46,7 @@ use OCP\Files\NotFoundException; use OCP\Files\Storage\IStorageFactory; use OCP\Http\Client\IClientService; +use OCP\IConfig; use OCP\IDBConnection; use OCP\IGroupManager; use OCP\IUserManager; @@ -98,6 +99,9 @@ class Manager { /** @var LoggerInterface */ private $logger; + /** @var IConfig */ + private $config; + public function __construct( IDBConnection $connection, \OC\Files\Mount\Manager $mountManager, @@ -111,7 +115,8 @@ public function __construct( IUserManager $userManager, IUserSession $userSession, IEventDispatcher $eventDispatcher, - LoggerInterface $logger + LoggerInterface $logger, + IConfig $config, ) { $user = $userSession->getUser(); $this->connection = $connection; @@ -127,6 +132,7 @@ public function __construct( $this->userManager = $userManager; $this->eventDispatcher = $eventDispatcher; $this->logger = $logger; + $this->config = $config; } /** @@ -193,7 +199,8 @@ public function addShare($remote, $token, $password, $name, $owner, $shareType, 'token' => $token, 'password' => $password, 'mountpoint' => $mountPoint, - 'owner' => $owner + 'owner' => $owner, + 'verify' => !$this->config->getSystemValueBool('sharing.federation.allowSelfSignedCertificates'), ]; return $this->mountShare($options); } diff --git a/apps/files_sharing/lib/External/MountProvider.php b/apps/files_sharing/lib/External/MountProvider.php index 169bf6ed3d74a..a43efabe9ea0f 100644 --- a/apps/files_sharing/lib/External/MountProvider.php +++ b/apps/files_sharing/lib/External/MountProvider.php @@ -28,6 +28,7 @@ use OCP\Federation\ICloudIdManager; use OCP\Files\Config\IMountProvider; use OCP\Files\Storage\IStorageFactory; +use OCP\IConfig; use OCP\IDBConnection; use OCP\IUser; @@ -49,15 +50,21 @@ class MountProvider implements IMountProvider { */ private $cloudIdManager; + /** + * @var IConfig + */ + private $config; + /** * @param \OCP\IDBConnection $connection * @param callable $managerProvider due to setup order we need a callable that return the manager instead of the manager itself * @param ICloudIdManager $cloudIdManager */ - public function __construct(IDBConnection $connection, callable $managerProvider, ICloudIdManager $cloudIdManager) { + public function __construct(IDBConnection $connection, callable $managerProvider, ICloudIdManager $cloudIdManager, IConfig $config) { $this->connection = $connection; $this->managerProvider = $managerProvider; $this->cloudIdManager = $cloudIdManager; + $this->config = $config; } public function getMount(IUser $user, $data, IStorageFactory $storageFactory) { @@ -69,6 +76,7 @@ public function getMount(IUser $user, $data, IStorageFactory $storageFactory) { $data['cloudId'] = $this->cloudIdManager->getCloudId($data['owner'], $data['remote']); $data['certificateManager'] = \OC::$server->getCertificateManager(); $data['HttpClientService'] = \OC::$server->getHTTPClientService(); + $data['verify'] = !$this->config->getSystemValueBool('sharing.federation.allowSelfSignedCertificates'); return new Mount(self::STORAGE, $mountPoint, $data, $manager, $storageFactory); } diff --git a/apps/files_sharing/tests/External/ManagerTest.php b/apps/files_sharing/tests/External/ManagerTest.php index 0e80479eafed5..4459a01b94430 100644 --- a/apps/files_sharing/tests/External/ManagerTest.php +++ b/apps/files_sharing/tests/External/ManagerTest.php @@ -46,6 +46,7 @@ use OCP\Http\Client\IClientService; use OCP\Http\Client\IResponse; use OCP\ICacheFactory; +use OCP\IConfig; use OCP\IGroup; use OCP\IGroupManager; use OCP\IURLGenerator; @@ -102,6 +103,7 @@ class ManagerTest extends TestCase { private $testMountProvider; /** @var IEventDispatcher|\PHPUnit\Framework\MockObject\MockObject */ private $eventDispatcher; + private IConfig $config; protected function setUp(): void { parent::setUp(); @@ -113,6 +115,7 @@ protected function setUp(): void { ->disableOriginalConstructor()->getMock(); $this->cloudFederationProviderManager = $this->createMock(ICloudFederationProviderManager::class); $this->cloudFederationFactory = $this->createMock(ICloudFederationFactory::class); + $this->config = $this->createMock(IConfig::class); $this->groupManager = $this->createMock(IGroupManager::class); $this->userManager = $this->createMock(IUserManager::class); $this->eventDispatcher = $this->createMock(IEventDispatcher::class); @@ -136,7 +139,7 @@ protected function setUp(): void { $this->userManager, $this->createMock(ICacheFactory::class), $this->createMock(IEventDispatcher::class) - )); + ), $this->config); $group1 = $this->createMock(IGroup::class); $group1->expects($this->any())->method('getGID')->willReturn('group1'); @@ -188,6 +191,7 @@ private function createManagerForUser($userId) { $userSession, $this->eventDispatcher, $this->logger, + $this->config, ] )->setMethods(['tryOCMEndPoint'])->getMock(); } diff --git a/lib/private/Files/Storage/DAV.php b/lib/private/Files/Storage/DAV.php index 4dea220fc23a1..b2b5ae1a394d9 100644 --- a/lib/private/Files/Storage/DAV.php +++ b/lib/private/Files/Storage/DAV.php @@ -78,6 +78,7 @@ class DAV extends Common { protected $host; /** @var bool */ protected $secure; + protected bool $verify; /** @var string */ protected $root; /** @var string */ @@ -132,12 +133,14 @@ public function __construct($params) { $this->authType = $params['authType']; } if (isset($params['secure'])) { + $this->verify = $params['verify'] ?? true; if (is_string($params['secure'])) { $this->secure = ($params['secure'] === 'true'); } else { $this->secure = (bool)$params['secure']; } } else { + $this->verify = false; $this->secure = false; } if ($this->secure === true) { @@ -181,6 +184,9 @@ protected function init() { $this->client->setThrowExceptions(true); if ($this->secure === true) { + if ($this->verify === false) { + $this->client->addCurlSetting(CURLOPT_SSL_VERIFYPEER, false); + } $certPath = $this->certManager->getAbsoluteBundlePath(); if (file_exists($certPath)) { $this->certPath = $certPath; @@ -368,7 +374,8 @@ public function fopen($path, $mode) { 'auth' => [$this->user, $this->password], 'stream' => true, // set download timeout for users with slow connections or large files - 'timeout' => $this->timeout + 'timeout' => $this->timeout, + 'verify' => $this->verify, ]); } catch (\GuzzleHttp\Exception\ClientException $e) { if ($e->getResponse() instanceof ResponseInterface @@ -527,7 +534,8 @@ protected function uploadFile($path, $target) { 'body' => $source, 'auth' => [$this->user, $this->password], // set upload timeout for users with slow connections or large files - 'timeout' => $this->timeout + 'timeout' => $this->timeout, + 'verify' => $this->verify, ]); $this->removeCachedFile($target); From e07a7ec057c7f9d9b2df8685b4b3a199346769ae Mon Sep 17 00:00:00 2001 From: Salvatore Martire <4652631+salmart-dev@users.noreply.github.com> Date: Thu, 19 Mar 2026 12:37:31 +0100 Subject: [PATCH 2/2] chore: apply cs-fixer Signed-off-by: Salvatore Martire <4652631+salmart-dev@users.noreply.github.com> --- .../files_sharing/lib/AppInfo/Application.php | 3 +- apps/files_sharing/lib/External/Manager.php | 39 ++++++++++--------- .../lib/External/MountProvider.php | 1 + .../tests/External/ManagerTest.php | 5 ++- lib/private/Files/Storage/DAV.php | 27 ++++++------- 5 files changed, 40 insertions(+), 35 deletions(-) diff --git a/apps/files_sharing/lib/AppInfo/Application.php b/apps/files_sharing/lib/AppInfo/Application.php index c74fb54573944..007afb9e60cca 100644 --- a/apps/files_sharing/lib/AppInfo/Application.php +++ b/apps/files_sharing/lib/AppInfo/Application.php @@ -1,4 +1,5 @@ addListener( diff --git a/apps/files_sharing/lib/External/Manager.php b/apps/files_sharing/lib/External/Manager.php index 126884365e637..b8b3ece6c66dc 100644 --- a/apps/files_sharing/lib/External/Manager.php +++ b/apps/files_sharing/lib/External/Manager.php @@ -1,4 +1,5 @@ getUser(); $this->connection = $connection; @@ -740,12 +741,12 @@ public function removeGroupShares($gid): bool { $qb = $this->connection->getQueryBuilder(); // delete group share entry and matching sub-entries $qb->delete('share_external') - ->where( - $qb->expr()->orX( - $qb->expr()->eq('id', $qb->createParameter('share_id')), - $qb->expr()->eq('parent', $qb->createParameter('share_parent_id')) - ) - ); + ->where( + $qb->expr()->orX( + $qb->expr()->eq('id', $qb->createParameter('share_id')), + $qb->expr()->eq('parent', $qb->createParameter('share_parent_id')) + ) + ); foreach ($shares as $share) { $qb->setParameter('share_id', $share['id']); diff --git a/apps/files_sharing/lib/External/MountProvider.php b/apps/files_sharing/lib/External/MountProvider.php index a43efabe9ea0f..82f19e78c5dc8 100644 --- a/apps/files_sharing/lib/External/MountProvider.php +++ b/apps/files_sharing/lib/External/MountProvider.php @@ -1,4 +1,5 @@ assertEquals($expected['token'], $actual['share_token'], 'Asserting token of a share #' . $share); $this->assertEquals($expected['name'], $actual['name'], 'Asserting name of a share #' . $share); $this->assertEquals($expected['owner'], $actual['owner'], 'Asserting owner of a share #' . $share); - $this->assertEquals($expected['accepted'], (int) $actual['accepted'], 'Asserting accept of a share #' . $share); + $this->assertEquals($expected['accepted'], (int)$actual['accepted'], 'Asserting accept of a share #' . $share); $this->assertEquals($targetEntity, $actual['user'], 'Asserting user of a share #' . $share); $this->assertEquals($mountPoint, $actual['mountpoint'], 'Asserting mountpoint of a share #' . $share); } diff --git a/lib/private/Files/Storage/DAV.php b/lib/private/Files/Storage/DAV.php index b2b5ae1a394d9..4e6bf517b1074 100644 --- a/lib/private/Files/Storage/DAV.php +++ b/lib/private/Files/Storage/DAV.php @@ -1,4 +1,5 @@ host = $host; @@ -198,13 +199,13 @@ protected function init() { $lastRequestStart = 0; $this->client->on('beforeRequest', function (RequestInterface $request) use (&$lastRequestStart) { - $this->logger->debug("sending dav " . $request->getMethod() . " request to external storage: " . $request->getAbsoluteUrl(), ['app' => 'dav']); + $this->logger->debug('sending dav ' . $request->getMethod() . ' request to external storage: ' . $request->getAbsoluteUrl(), ['app' => 'dav']); $lastRequestStart = microtime(true); - $this->eventLogger->start('fs:storage:dav:request', "Sending dav request to external storage"); + $this->eventLogger->start('fs:storage:dav:request', 'Sending dav request to external storage'); }); $this->client->on('afterRequest', function (RequestInterface $request) use (&$lastRequestStart) { $elapsed = microtime(true) - $lastRequestStart; - $this->logger->debug("dav " . $request->getMethod() . " request to external storage: " . $request->getAbsoluteUrl() . " took " . round($elapsed * 1000, 1) . "ms", ['app' => 'dav']); + $this->logger->debug('dav ' . $request->getMethod() . ' request to external storage: ' . $request->getAbsoluteUrl() . ' took ' . round($elapsed * 1000, 1) . 'ms', ['app' => 'dav']); $this->eventLogger->end('fs:storage:dav:request'); }); } @@ -320,11 +321,11 @@ public function filetype($path) { return false; } $responseType = []; - if (isset($response["{DAV:}resourcetype"])) { + if (isset($response['{DAV:}resourcetype'])) { /** @var ResourceType[] $response */ - $responseType = $response["{DAV:}resourcetype"]->getValue(); + $responseType = $response['{DAV:}resourcetype']->getValue(); } - return (count($responseType) > 0 and $responseType[0] == "{DAV:}collection") ? 'dir' : 'file'; + return (count($responseType) > 0 and $responseType[0] == '{DAV:}collection') ? 'dir' : 'file'; } catch (\Exception $e) { $this->convertException($e, $path); } @@ -624,11 +625,11 @@ private function getMetaFromPropfind(string $path, array $response): array { } $responseType = []; - if (isset($response["{DAV:}resourcetype"])) { + if (isset($response['{DAV:}resourcetype'])) { /** @var ResourceType[] $response */ - $responseType = $response["{DAV:}resourcetype"]->getValue(); + $responseType = $response['{DAV:}resourcetype']->getValue(); } - $type = (count($responseType) > 0 and $responseType[0] == "{DAV:}collection") ? 'dir' : 'file'; + $type = (count($responseType) > 0 and $responseType[0] == '{DAV:}collection') ? 'dir' : 'file'; if ($type === 'dir') { $mimeType = 'httpd/unix-directory'; } elseif (isset($response['{DAV:}getcontenttype'])) { @@ -874,9 +875,9 @@ public function hasUpdated($path, $time) { * @param string $path optional path from the operation * * @throws StorageInvalidException if the storage is invalid, for example - * when the authentication expired or is invalid + * when the authentication expired or is invalid * @throws StorageNotAvailableException if the storage is not available, - * which might be temporary + * which might be temporary * @throws ForbiddenException if the action is not allowed */ protected function convertException(Exception $e, $path = '') {