fix: don't fetch own remote collabora url

Signed-off-by: Elizabeth Danzberger <lizzy7128@tutanota.de>

Author: elzody

lib/Service/FederationService.php

@@ -24,6 +24,7 @@
 use OCP\ICacheFactory;
 use OCP\IRequest;
 use OCP\IURLGenerator;
+use OCP\Security\ITrustedDomainHelper;
 use OCP\Share\IShare;
 use Psr\Container\ContainerExceptionInterface;
 use Psr\Container\NotFoundExceptionInterface;
@@ -46,15 +47,18 @@ class FederationService {
 	private $request;
 	/** @var IURLGenerator */
 	private $urlGenerator;
+	/** @var ITrustedDomainHelper */
+	private $trustedDomainHelper;
 
-	public function __construct(ICacheFactory $cacheFactory, IClientService $clientService, LoggerInterface $logger, TokenManager $tokenManager, AppConfig $appConfig, IRequest $request, IURLGenerator $urlGenerator) {
+	public function __construct(ICacheFactory $cacheFactory, IClientService $clientService, LoggerInterface $logger, TokenManager $tokenManager, AppConfig $appConfig, IRequest $request, IURLGenerator $urlGenerator, ITrustedDomainHelper $trustedDomainHelper) {
 		$this->cache = $cacheFactory->createDistributed('richdocuments_remote/');
 		$this->clientService = $clientService;
 		$this->logger = $logger;
 		$this->tokenManager = $tokenManager;
 		$this->appConfig = $appConfig;
 		$this->request = $request;
 		$this->urlGenerator = $urlGenerator;
+		$this->trustedDomainHelper = $trustedDomainHelper;
 		try {
 			$this->trustedServers = \OC::$server->get(\OCA\Federation\TrustedServers::class);
 		} catch (NotFoundExceptionInterface $e) {
@@ -87,6 +91,11 @@ public function getRemoteCollaboraURL($remote) {
 		if (!$this->isTrustedRemote($remote)) {
 			throw new \Exception('Unable to determine collabora URL of remote server ' . $remote . ' - Remote is not a trusted server');
 		}
+
+		if ($this->trustedDomainHelper->isTrustedUrl($remote)) {
+			return $this->appConfig->getCollaboraUrlInternal();
+		}
+
 		$remoteCollabora = $this->cache->get('richdocuments_remote/' . $remote);
 		if ($remoteCollabora !== null) {
 			return $remoteCollabora;
@@ -127,6 +136,10 @@ public function isTrustedRemote($domainWithPort) {
 			if (!is_string($trusted)) {
 				break;
 			}
+
+			// This regular expression ensures that wildcards for trusted domains
+			// are parsed properly in order to match subdomains:
+			// *.example.com => /^[-\.a-zA-Z0-9]*\.example\.com$/i
 			$regex = '/^' . implode('[-\.a-zA-Z0-9]*', array_map(function ($v) {
 				return preg_quote($v, '/');
 			}, explode('*', $trusted))) . '$/i';

tests/lib/Service/FederationServiceTest.php

@@ -0,0 +1,84 @@
+<?php
+
+declare(strict_types = 1);
+
+/**
+ * SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+
+namespace Tests\Richdocuments;
+
+use OCA\Federation\TrustedServers;
+use OCA\Richdocuments\AppConfig;
+use OCA\Richdocuments\Service\FederationService;
+use OCA\Richdocuments\TokenManager;
+use OCP\Http\Client\IClientService;
+use OCP\ICacheFactory;
+use OCP\IRequest;
+use OCP\IURLGenerator;
+use OCP\Security\ITrustedDomainHelper;
+use PHPUnit\Framework\TestCase;
+use Psr\Log\LoggerInterface;
+
+class FederationServiceTest extends TestCase {
+	public const NEXTCLOUD_ADDRESS = 'https://nextcloud.local';
+	public const COLLABORA_ADDRESS = 'https://collabora.local';
+
+	public function setUp(): void {
+		parent::setUp();
+
+		$this->cacheFactory = $this->createMock(ICacheFactory::class);
+		$this->clientService = $this->createMock(IClientService::class);
+		$this->logger = $this->createMock(LoggerInterface::class);
+		$this->tokenManager = $this->createMock(TokenManager::class);
+		$this->appConfig = $this->createStub(AppConfig::class);
+		$this->request = $this->createMock(IRequest::class);
+		$this->urlGenerator = $this->createMock(IURLGenerator::class);
+		$this->trustedDomainHelper = $this->createStub(ITrustedDomainHelper::class);
+
+		$this->federationService = new FederationService(
+			$this->cacheFactory,
+			$this->clientService,
+			$this->logger,
+			$this->tokenManager,
+			$this->appConfig,
+			$this->request,
+			$this->urlGenerator,
+			$this->trustedDomainHelper
+		);
+	}
+
+	/**
+	 * @test
+	 * @testdox returns own instance's Collabora URL
+	 */
+	public function getRemoteCollaboraURLFromOwnInstance(): void {
+		// Ensure that trusted domains can be used for federated editing
+		$this->appConfig->method('isTrustedDomainAllowedForFederation')
+			->willReturn(true);
+		$this->appConfig->method('getCollaboraUrlInternal')
+			->willReturn(self::COLLABORA_ADDRESS);
+
+		$this->trustedDomainHelper->method('isTrustedUrl')
+			->with(self::NEXTCLOUD_ADDRESS)
+			->willReturn(true);
+
+		// Create a stub TrustedServers class which always tells us
+		// the server is trusted
+		$trustedServers = $this->createStub(TrustedServers::class);
+		$trustedServers->method('isTrustedServer')
+			->with('nextcloud.local')
+			->willReturn(true);
+
+		// Do some reflection property manipulation to set the TrustedServers object
+		// It would be nice if the TrustedServers were passed into FederationService
+		// instead of being set manually in the constructor to make testing easier
+		$reflection = new \ReflectionClass($this->federationService);
+		$reflectionProperty = $reflection->getProperty('trustedServers');
+		$reflectionProperty->setAccessible(true);
+		$reflectionProperty->setValue($this->federationService, $trustedServers);
+
+		$this->assertEquals(self::COLLABORA_ADDRESS, $this->federationService->getRemoteCollaboraURL(self::NEXTCLOUD_ADDRESS));
+	}
+}