Skip to content

fix: do not fetch remote collabora url for own server #4714

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
elzody merged 1 commit into from
May 6, 2025
Merged

fix: do not fetch remote collabora url for own server #4714

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 12 additions & 0 deletions lib/Service/FederationService.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@
use OCP\ICacheFactory;
use OCP\IRequest;
use OCP\IURLGenerator;
use OCP\Security\ITrustedDomainHelper;
use OCP\Share\IShare;
use Psr\Container\ContainerExceptionInterface;
use Psr\Container\NotFoundExceptionInterface;
Expand All @@ -43,6 +44,7 @@ public function __construct(
private AppConfig $appConfig,
private IRequest $request,
private IURLGenerator $urlGenerator,
private ITrustedDomainHelper $trustedDomainHelper,
) {
$this->cache = $cacheFactory->createDistributed('richdocuments_remote/');
try {
Expand Down Expand Up @@ -73,6 +75,11 @@ public function getRemoteCollaboraURL($remote) {
if (!$this->isTrustedRemote($remote)) {
throw new \Exception('Unable to determine collabora URL of remote server ' . $remote . ' - Remote is not a trusted server');
}

if ($this->trustedDomainHelper->isTrustedUrl($remote)) {
return $this->appConfig->getCollaboraUrlInternal();
}

$remoteCollabora = $this->cache->get('richdocuments_remote/' . $remote);
if ($remoteCollabora !== null) {
return $remoteCollabora;
Expand Down Expand Up @@ -112,7 +119,12 @@ public function isTrustedRemote($domainWithPort) {
if (!is_string($trusted)) {
break;
}

// This regular expression ensures that wildcards for trusted domains
// are parsed properly in order to match subdomains:
// *.example.com => /^[-\.a-zA-Z0-9]*\.example\.com$/i
$regex = '/^' . implode('[-\.a-zA-Z0-9]*', array_map(fn ($v) => preg_quote($v, '/'), explode('*', $trusted))) . '$/i';
Comment thread
elzody marked this conversation as resolved.

if (preg_match($regex, $domain) || preg_match($regex, $domainWithPort)) {
return true;
}
Expand Down
84 changes: 84 additions & 0 deletions tests/lib/Service/FederationServiceTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,84 @@
<?php

declare(strict_types = 1);

/**
* SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors
* SPDX-License-Identifier: AGPL-3.0-or-later
*/

namespace Tests\Richdocuments;

use OCA\Federation\TrustedServers;
use OCA\Richdocuments\AppConfig;
use OCA\Richdocuments\Service\FederationService;
use OCA\Richdocuments\TokenManager;
use OCP\Http\Client\IClientService;
use OCP\ICacheFactory;
use OCP\IRequest;
use OCP\IURLGenerator;
use OCP\Security\ITrustedDomainHelper;
use PHPUnit\Framework\TestCase;
use Psr\Log\LoggerInterface;

class FederationServiceTest extends TestCase {
public const NEXTCLOUD_ADDRESS = 'https://nextcloud.local';
public const COLLABORA_ADDRESS = 'https://collabora.local';

public function setUp(): void {
parent::setUp();

$this->cacheFactory = $this->createMock(ICacheFactory::class);
$this->clientService = $this->createMock(IClientService::class);
$this->logger = $this->createMock(LoggerInterface::class);
$this->tokenManager = $this->createMock(TokenManager::class);
$this->appConfig = $this->createStub(AppConfig::class);
$this->request = $this->createMock(IRequest::class);
$this->urlGenerator = $this->createMock(IURLGenerator::class);
$this->trustedDomainHelper = $this->createStub(ITrustedDomainHelper::class);

$this->federationService = new FederationService(
$this->cacheFactory,
$this->clientService,
$this->logger,
$this->tokenManager,
$this->appConfig,
$this->request,
$this->urlGenerator,
$this->trustedDomainHelper
);
}

/**
* @test
* @testdox returns own instance's Collabora URL
*/
public function getRemoteCollaboraURLFromOwnInstance(): void {
// Ensure that trusted domains can be used for federated editing
$this->appConfig->method('isTrustedDomainAllowedForFederation')
->willReturn(true);
$this->appConfig->method('getCollaboraUrlInternal')
->willReturn(self::COLLABORA_ADDRESS);

$this->trustedDomainHelper->method('isTrustedUrl')
->with(self::NEXTCLOUD_ADDRESS)
->willReturn(true);

// Create a stub TrustedServers class which always tells us
// the server is trusted
$trustedServers = $this->createStub(TrustedServers::class);
$trustedServers->method('isTrustedServer')
->with('nextcloud.local')
->willReturn(true);

// Do some reflection property manipulation to set the TrustedServers object
// It would be nice if the TrustedServers were passed into FederationService
// instead of being set manually in the constructor to make testing easier
$reflection = new \ReflectionClass($this->federationService);
$reflectionProperty = $reflection->getProperty('trustedServers');
$reflectionProperty->setAccessible(true);
$reflectionProperty->setValue($this->federationService, $trustedServers);

$this->assertEquals(self::COLLABORA_ADDRESS, $this->federationService->getRemoteCollaboraURL(self::NEXTCLOUD_ADDRESS));
}
}
Loading