Merge pull request #60547 from nextcloud/fed-share-secret-lower-dont-tell

kesselb · web-flow · commit 9a00604b29c4 · 2026-05-20T09:47:59.000+02:00
fix: don't tell the remote their token is lower
diff --git a/apps/federation/lib/Controller/OCSAuthAPIController.php b/apps/federation/lib/Controller/OCSAuthAPIController.php
@@ -109,7 +109,7 @@ public function requestSharedSecret(string $url, string $token): DataResponse {
 			$this->logger->info(
 				'remote server (' . $url . ') presented lower token. We will initiate the exchange of the shared secret.'
 			);
-			throw new OCSForbiddenException();
+			return new DataResponse();
 		}
 
 		$this->jobList->add(
diff --git a/apps/federation/tests/Controller/OCSAuthAPIControllerTest.php b/apps/federation/tests/Controller/OCSAuthAPIControllerTest.php
@@ -90,9 +90,9 @@ public function testRequestSharedSecret(string $token, string $localToken, bool
 
 		try {
 			$this->ocsAuthApi->requestSharedSecret($url, $token);
-			$this->assertTrue($ok);
+			$this->assertTrue($isTrustedServer);
 		} catch (OCSForbiddenException $e) {
-			$this->assertFalse($ok);
+			$this->assertFalse($isTrustedServer);
 		}
 	}
 
@@ -144,7 +144,6 @@ public function testGetSharedSecret(bool $isTrustedServer, bool $isValidToken, b
 
 		try {
 			$result = $ocsAuthApi->getSharedSecret($url, $token);
-			$this->assertTrue($ok);
 			$data = $result->getData();
 			$this->assertSame('secret', $data['sharedSecret']);
 		} catch (OCSForbiddenException $e) {

Original file line number	Diff line number	Diff line change
`@@ -109,7 +109,7 @@ public function requestSharedSecret(string $url, string $token): DataResponse {`
`109`	`109`	`$this->logger->info(`
`110`	`110`	`'remote server (' . $url . ') presented lower token. We will initiate the exchange of the shared secret.'`
`111`	`111`	`);`
`112`		`- throw new OCSForbiddenException();`
	`112`	`+ return new DataResponse();`
`113`	`113`	`}`
`114`	`114`
`115`	`115`	`$this->jobList->add(`