From 13a813730429e46eb76b95b19f1946ada5f4dca3 Mon Sep 17 00:00:00 2001 From: Salvatore Martire <4652631+salmart-dev@users.noreply.github.com> Date: Wed, 4 Mar 2026 17:22:20 +0100 Subject: [PATCH] fix(files_sharing): respect config to skip certificate verification This is important especially for local development, as certificate are self-signed. Signed-off-by: Salvatore Martire <4652631+salmart-dev@users.noreply.github.com> --- apps/files_sharing/lib/AppInfo/Application.php | 4 +++- apps/files_sharing/lib/External/Manager.php | 5 ++++- apps/files_sharing/lib/External/MountProvider.php | 3 +++ apps/files_sharing/tests/External/ManagerTest.php | 6 +++++- lib/private/Files/Storage/DAV.php | 12 ++++++++++-- 5 files changed, 25 insertions(+), 5 deletions(-) diff --git a/apps/files_sharing/lib/AppInfo/Application.php b/apps/files_sharing/lib/AppInfo/Application.php index 8ddb3afaf33aa..084c33b5fed42 100644 --- a/apps/files_sharing/lib/AppInfo/Application.php +++ b/apps/files_sharing/lib/AppInfo/Application.php @@ -49,6 +49,7 @@ use OCP\Group\Events\GroupChangedEvent; use OCP\Group\Events\GroupDeletedEvent; use OCP\Group\Events\UserAddedEvent; +use OCP\IConfig; use OCP\IDBConnection; use OCP\IGroup; use OCP\Share\Events\ShareCreatedEvent; @@ -72,7 +73,8 @@ public function register(IRegistrationContext $context): void { function () use ($c) { return $c->get(Manager::class); }, - $c->get(ICloudIdManager::class) + $c->get(ICloudIdManager::class), + $c->get(IConfig::class), ); }); diff --git a/apps/files_sharing/lib/External/Manager.php b/apps/files_sharing/lib/External/Manager.php index ff7f2dd3c48fa..db74a2164b871 100644 --- a/apps/files_sharing/lib/External/Manager.php +++ b/apps/files_sharing/lib/External/Manager.php @@ -21,6 +21,7 @@ use OCP\Files\NotFoundException; use OCP\Files\Storage\IStorageFactory; use OCP\Http\Client\IClientService; +use OCP\IConfig; use OCP\IDBConnection; use OCP\IGroupManager; use OCP\IUserManager; @@ -57,6 +58,7 @@ public function __construct( IUserSession $userSession, private IEventDispatcher $eventDispatcher, private LoggerInterface $logger, + private IConfig $config, ) { $user = $userSession->getUser(); $this->mountManager = $mountManager; @@ -127,7 +129,8 @@ public function addShare($remote, $token, $password, $name, $owner, $shareType, 'token' => $token, 'password' => $password, 'mountpoint' => $mountPoint, - 'owner' => $owner + 'owner' => $owner, + 'verify' => !$this->config->getSystemValueBool('sharing.federation.allowSelfSignedCertificates'), ]; return $this->mountShare($options, $user); } diff --git a/apps/files_sharing/lib/External/MountProvider.php b/apps/files_sharing/lib/External/MountProvider.php index a29fdd2d54498..d6080873eda20 100644 --- a/apps/files_sharing/lib/External/MountProvider.php +++ b/apps/files_sharing/lib/External/MountProvider.php @@ -10,6 +10,7 @@ use OCP\Federation\ICloudIdManager; use OCP\Files\Config\IMountProvider; use OCP\Files\Storage\IStorageFactory; +use OCP\IConfig; use OCP\IDBConnection; use OCP\IUser; @@ -30,6 +31,7 @@ public function __construct( private IDBConnection $connection, callable $managerProvider, private ICloudIdManager $cloudIdManager, + private IConfig $config, ) { $this->managerProvider = $managerProvider; } @@ -43,6 +45,7 @@ public function getMount(IUser $user, $data, IStorageFactory $storageFactory) { $data['cloudId'] = $this->cloudIdManager->getCloudId($data['owner'], $data['remote']); $data['certificateManager'] = \OC::$server->getCertificateManager(); $data['HttpClientService'] = \OC::$server->getHTTPClientService(); + $data['verify'] = !$this->config->getSystemValueBool('sharing.federation.allowSelfSignedCertificates'); return new Mount(self::STORAGE, $mountPoint, $data, $manager, $storageFactory); } diff --git a/apps/files_sharing/tests/External/ManagerTest.php b/apps/files_sharing/tests/External/ManagerTest.php index 29a873a72eb79..3f5dd2841c346 100644 --- a/apps/files_sharing/tests/External/ManagerTest.php +++ b/apps/files_sharing/tests/External/ManagerTest.php @@ -22,6 +22,7 @@ use OCP\Http\Client\IClientService; use OCP\Http\Client\IResponse; use OCP\ICacheFactory; +use OCP\IConfig; use OCP\IGroup; use OCP\IGroupManager; use OCP\IURLGenerator; @@ -79,6 +80,7 @@ class ManagerTest extends TestCase { private $testMountProvider; /** @var IEventDispatcher|\PHPUnit\Framework\MockObject\MockObject */ private $eventDispatcher; + private IConfig $config; protected function setUp(): void { parent::setUp(); @@ -90,6 +92,7 @@ protected function setUp(): void { ->disableOriginalConstructor()->getMock(); $this->cloudFederationProviderManager = $this->createMock(ICloudFederationProviderManager::class); $this->cloudFederationFactory = $this->createMock(ICloudFederationFactory::class); + $this->config = $this->createMock(IConfig::class); $this->groupManager = $this->createMock(IGroupManager::class); $this->userManager = $this->createMock(IUserManager::class); $this->eventDispatcher = $this->createMock(IEventDispatcher::class); @@ -113,7 +116,7 @@ protected function setUp(): void { $this->userManager, $this->createMock(ICacheFactory::class), $this->createMock(IEventDispatcher::class) - )); + ), $this->config); $group1 = $this->createMock(IGroup::class); $group1->expects($this->any())->method('getGID')->willReturn('group1'); @@ -165,6 +168,7 @@ private function createManagerForUser($userId) { $userSession, $this->eventDispatcher, $this->logger, + $this->config, ] )->setMethods(['tryOCMEndPoint'])->getMock(); } diff --git a/lib/private/Files/Storage/DAV.php b/lib/private/Files/Storage/DAV.php index 10670d6331a0e..b9fb500bbed28 100644 --- a/lib/private/Files/Storage/DAV.php +++ b/lib/private/Files/Storage/DAV.php @@ -50,6 +50,7 @@ class DAV extends Common { protected $host; /** @var bool */ protected $secure; + protected bool $verify; /** @var string */ protected $root; /** @var string */ @@ -104,12 +105,14 @@ public function __construct(array $parameters) { $this->authType = $parameters['authType']; } if (isset($parameters['secure'])) { + $this->verify = $parameters['verify'] ?? true; if (is_string($parameters['secure'])) { $this->secure = ($parameters['secure'] === 'true'); } else { $this->secure = (bool)$parameters['secure']; } } else { + $this->verify = false; $this->secure = false; } if ($this->secure === true) { @@ -153,6 +156,9 @@ protected function init(): void { $this->client->setThrowExceptions(true); if ($this->secure === true) { + if ($this->verify === false) { + $this->client->addCurlSetting(CURLOPT_SSL_VERIFYPEER, false); + } $certPath = $this->certManager->getAbsoluteBundlePath(); if (file_exists($certPath)) { $this->certPath = $certPath; @@ -331,7 +337,8 @@ public function fopen(string $path, string $mode) { 'auth' => [$this->user, $this->password], 'stream' => true, // set download timeout for users with slow connections or large files - 'timeout' => $this->timeout + 'timeout' => $this->timeout, + 'verify' => $this->verify, ]); } catch (\GuzzleHttp\Exception\ClientException $e) { if ($e->getResponse() instanceof ResponseInterface @@ -473,7 +480,8 @@ protected function uploadFile(string $path, string $target): void { 'body' => $source, 'auth' => [$this->user, $this->password], // set upload timeout for users with slow connections or large files - 'timeout' => $this->timeout + 'timeout' => $this->timeout, + 'verify' => $this->verify, ]); $this->removeCachedFile($target);